Hacking the Look
by Rev. Karn (ZenLogic/Freebooter)
This is not an article about hacking the mainframe or some network out there, but something much closer to home. Your everyday Windows box. These visual hacks will work on most flavors of Windows. Have fun and read the caution below.
Caution: First off, doing these hacks can mess up your system. Remember to back up all important files, and that includes the registry. Make a copy of all the files that you res-hack, copy the DLLCACHE to another directory just in case, and rename. Then empty out the old DLLCACHE. Make a new up-to-date Emergency Repair Disk (ERD) and be careful. Let me say this again: be careful. The program I used the most was Res-Hacker (Resource Hacker 3.40, by Angus Johnson), a great little file for hacking system files and retrieving resources. (Google it). Use the program a bit beforehand. You will find that it is self-explanatory.
Background
I have been obsessed with computers for a long time now. In fact, my first computer was a Timex/Sinclair 1000. After that came the Tandy, then various Commodores, an old Osborne, an AT&T PC 6300, then over the years a bunch of 386's, 486's, and Pentiums. Now my systems consist of mostly (eight) homebrew computers, a variety of CPUs from the low-end of a 300 MHz over-clocked Pentium 2, to the high-end of my brand spanking new Sony laptop, 1.5 GHz mobile Pentium 4. The rest are mostly AMD 700 and 850 MHz systems. All running a Mulligan's stew of OSes from Windows 3.1 to Linux (FreeBSD and Mandrake - I have one old 286 laptop running Minux), and one Apple Performa running OS 7. A D-link DSL 4-port router and a SMC 8-port hub connects it all together. One box is a file server for the storage of overflow files. I have eight kids. Do you know how many Pokémon JPEGs are out there? Yes, they have saved them all.
My first hack was setting the 6300 up with 1200 baud modem, a packet driver, and an early Trumpet-like program, then social engineering my way into a universities modem room phone number and getting on the ARPANET back in 1983 when it changed over from NCP to TCP/IP, so I could use USENET.
This article is about my laptop and the OS hacks I had to do to make it truly my own. Let me explain. The laptop, named mAlice (mobile-Alice, at least one of my computers are always named Alice, don't know why) is the work computer. The one I drag along to the job site with me. I am retired and administer several small business networks in the surrounding towns for extra income. Anyhow, mAlice boots into LILO, from there you can choose Win2k or Mandrake. Default is Win2k. Also on the Windows side, I emulate Mac OS 7 using Basilisk (for compatibility with the kid's school files... boot to Mac, convert the files, drop them onto the NTFS partition, there you go. The kids can now work on the files at home).
The Hack
As you know, Win2k looks horrible, so when I'd pull out the laptop and boot to Windows, it looked like all the other computers out there. Real embarrassing. I the great ZenLogic with a plain Jane machine... (way too much time on my hands now that I am retired!) so I tried to do something about it. Out came Res-Hacker, I started looking at the system files in the OS and looking for the Start button and other resources. I wanted it to look like a Linux box, so I starting hacking away at things. (Yes, I know there are programs out there to do this but I didn't think it would be that hard. How wrong I was and, yes, I have tried Black Box and KDE, on top of Cygwin. However, I wanted to keep that part of Windows the same because I install and uninstall programs all the time and neither Black Box or KDE for Windows really works right in that regard.)
First, we need to turn off Windows file protection (an almost impossible thing to do). Microsoft's way of protecting us from ourselves and there answer to DLL Hell. I knew that there was a registry hack to disable it:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value: SFCDisable Type: REG_DWORD (DWORD Value) Value: 0 = enabled (default), ffffff9d = disabled |
Thank you whoever you are at the "microsoft.public.windowsxp.general" newsgroup. However, I quickly found out that this only works on Win2k pre-SP3. Now, what do I do? I went back to the newsgroups. I found an obscure article on the OverClockersClub.com website: "How to Disable the System File Checker in Windows XP" dated March 4, 2002. I tried it on Win2k and, low and behold, it worked. Here are the main points:
Windows XP - No Service Pack
Backup the SFC_OS.DLL (SFC.DLL in Windows 2000) in the \WINDOWS\SYSTEM32 directory (\WINNT\SYSTEM32 in Windows 2000).
Make another copy of SFC_OS.DLL (or SFC.DLL), call it SFC_OS1.DLL (or SFC1.DLL) and open with a hex editor.
Go to offset 0000E2B8 (0E2B8h).
You should see the values 8B and C6.
Windows XP - Service Pack 1
At offset 0000E3BB (0E3BBh) you should find the values 8B and C6.
Don't do anything if you can't find these values. (When I looked in the SFC.DLL file in Win2k the "8B C6" values were there).
Change "8B C6" to read "90 90" and save.
Now, on my computer, I just rebooted into Linux and copied files, which solved the problem of replacing files in use. but the article on overclockers.com said this:
Run these commands to update the system files: COPY C:\WINDOWS\SYSTEM32\SFC_OS1.DLL C:\WINDOWS\SYSTEM32\SFC_OS.DLL /Y COPY C:\WINDOWS\SYSTEM32\SFC_OS1.DLL C:\WINDOWS\SYSTEM32\DLLCACHE\SFC_OS.DLL /Y |
I take this to mean, boot with a boot disk or F8 to a Command prompt and run the commands from there. O.K., if all goes well, we just have a couple things left. If you are asked for a CD, ignore it. Remember to reboot and fix the registry like I did with the SFCDisable registry hack. You must do both in Win2k to turn off file protection. Reboot and you're good to go. Check if it worked by going into the event viewer and looking for an entry like this:
Event Type: Information Event Source: Windows File Protection Event Category: None Event ID: 64032 Date: 4/16/2003 Time: 3:48:14 AM User: N/A Computer: MALICE Description: Windows File Protection is not active on this system. |
Okay, now we can really start changing things. Remember, this is Windows, so things aren't where you would think they would be. Let's start with the boot screen background bitmap. Use Resource Hacker to open NTOSKRNL.EXE, look for "Bitmap #1." Replace the bitmap with one of your own choosing. It must be a bitmap file that is 640x480 with 16 colors. Or find one on the net, by searching for boot logos, or modify the one already there. Save, reboot and admire your new boot logo.
Next, I wanted to change the Start button. But where did Microsoft keep the string table for it? Yep, EXPLORER.EXE. So I opened it up with Res-Hacker and there it was. String Table -37 -1033. On the right, you should see the words "Start". You can change this to anything you want, as long as you don't go over five characters. Now hit the Compile Script button. Go to String Table -38 -1033. Again, on the right you should see "Start". Change this to the same as the previous one. Hit the Compile Script button again. Now there is the little problem of the Microsoft icon on the Start button. That can be changed too. Res-Hack back to EXPLORER.EXE and look for "Bitmap - 143 -1033". You can use a pre-made image or make your own. It must be a bitmap file 25x20 by 16 million colors. Save and reboot. But a problem cropped up after I hacked everything. I just couldn't save it. I left it in frustration for awhile, watched some dbz with the kids, and then it hit me. Duh, can't save because it was in use. So I used Task Manger to close Explorer and then Alt-Tabbed out of it to Res-Hacker. Saved, then rebooted. Cool, it worked! Now we are getting some place. New boot logo, a Start button that has lost all traces of Microsoft. Good to go.
Next was the Microsoft bitmaps and logos appearing on the "Starting" and "Login" box while logging in, also when hitting Ctrl-Alt-Del. Where were these resources? I looked and looked and couldn't find anything. Then I remember I had a problem booting not to long ago and the log file from the event mentioned MYGINA.DLL.
So I opened it up and there they where. I pulled these resources to find out what size bitmaps they needed to be. They had to be a width and height of 413x72, and 16-bit bitmap. I converted the bitmaps I had picked out to the size needed and replaced the old bitmaps. Saved and rebooted.
Cool, but things were still Microsoft blue, back to Res-Hack. Saved out the bitmaps and such, changed colors and replaced them, saved and rebooted. Good to go. Now mAlice looked good. Except for one thing, the logon applet. Still the Microsoft blue and no graphics or such. I was stumped! How the Hell do I change that? I could change the color of the Start Screen with a reg hack. Black of course.
HKEY_USERS\.DEFAULT\ControlPanel\Colors\\\Background (change to FFFFFF) |
But the logon stayed the same, well Hell. Took a few days to think about it, meanwhile searching on Google. Not much help, but ran across a freeware program called "Crash Course Logon Interface" at crashcoursesoftware.com. Turned out to be just the thing I needed. Check it out.
That taken care of, there were all kinds of icons and bitmaps in the various DLL and executable files in Windows and to change them all would take forever. So here is where I cheated again and used a program. One day on Google, I ran across a Japanese software site. I found what looked like a program for changing the icons in Windows. I downloaded it, and sure enough it was. It is a very nice program by this guy:
Masami Ikawa Madonote ver6.01 for Windows Filename: WHAND601.EXE www.asahi-net.or.jp/~vr4m-ikw/Global/download.html |
A nice program for sure. It made my quest a lot easier. Try it. I changed almost all the icons in my system. The ones Madonote didn't do I Res-Hacked. Now we have a pretty visually different desktop. There are other things I didn't like about Windows. The plain menu bars, etc. Using Res-Hacker I opened EXPLORER.EXE and other such files and DLLs, did some changing here and there. Had all kinds of fun, messed up a few times, put it all back, and started over. "So it goes." Now I have Win2k looking just right for me. A friend dropped by one day, saw the desktop, and thought I was in Linux with a new theme. It was great.
It sounds easy now writing this, but at the time it really sucked. I even screwed the registry up a few times and lost Windows. Thank god for back ups. All in all, it took me several days of work, thinking, and searching the newsgroup archives to redo the look of mAlice. Finally, after much frustration and a few episodes of dbz (from fat bu to kid bu), in the end it all worked, and mAlice looks great.
That is why I decided to write this, to put this information in one place. Now when the rubes look at my box top, they are always asking what OS I use and the women, well, that's another story. Now if I can just make the LILO boot-splash look different...
Thanks to all the people who have posted replies to the newsgroups and varies forums in the past (newsgroups are a great resource for any kind of information). I tried to find the old posts, quote them and give credit. However, most are gone now or I could not remember where they were or find them again. Sorry if I missed somebody. You know who you are. Thanks.
By the way, howdy Joe (Joeschmoe).
Thanks, later.