Does the Windows XP bootloader (NTLDR) heed kernel import declarations?
-
21-08-2019 - |
Question
I wonder whether the Windows XP bootloader (ntldr
) actually makes use of the Windows kernel (ntoskrnl.exe
) import declarations?
ntoskrnl.exe
has following imported modules: BOOTVID.dll
, HAL.dll
and KDCOM.dll
. So these three modules are the first ones to be loaded. Imagine that the kernel has another module declared as imported. Will that cause ntldr
to also load it? Or does ntldr
merely know that it should load these four modules and there is no way to change that?
Solution 2
Happens, I found answer myself. And had it confirmed at ntdev mailing list.
ntldr
indeed loads only four files mentioned in the question and doesn't use any import declarations.
You can actually check this by creating a stub kernel (that imports something from the actual kernel) and using following boot.ini
options (you will get list of loaded modules in the %SystemRoot%\ntbtlog.txt
file):
/bootlog /kernel=stubkrnl.exe
OTHER TIPS
I suggest to ask this question in ntdev mailing list. To be answered you better explain why you need this information and what are you trying to do. I can assure that on this list you will find people capable to answer on this, can't assure however that you will be answered. They are a bit touchy about "hack smelling".