Bootkit/Replacing the Bootloader on Windows 10

[null_endian]

Does anyone know of a way to edit the bootloader on a Win10 machine to force it to execute arbitrary code when Windows starts up? I'm not sure if this is possible on a new WIn10 box because I know that there are much stricter checks at bootup now. I don't care if it is a one-off as I'm trying to do a specific experiment on MY machine, it doesn't need to apply to all machines. Thanks.

 

PS: Actually, I don't necessarily need to replace the bootloader - this code accomplishes something similar to what I need (I just need code execution control prior to everything else on the system when the OS loads) but it doesn't work for Win10. Looking for something similar.

Edited April 19, 2018 by null_endian

[ViL]

depends on if you are booting from mbr or uefi

if mbr you should write your own boot code in the mbr sector (it's the first 512kb on the hdd) over the windows 10 one, here's some examples http://olivier.poudade.free.fr/ (see Assembly sourcecode section) optionally this denoscene's intro collection has some bootable mbr intros with source code if you are into that http://hardcode.untergrund.net/ (see the 00512/bootable folder)

if uefi, you should assemble/compile your own efi file, and (make a backup first!) overwrite the efi file that boots windows 10, you can from a linux live usb too

edit: you can later recover the windows 10 mbr by booting the windows 10's installation, going to command prompt from the Repair you PC option and typing both commands:

bootrec /fixboot

bootrec /fixmbr

hope it helps!

Edited June 19, 2018 by ViLXDRYAD