Friday, January 27, 2006

Slipstreaming Windows CD under Linux


required tools: mkisofs, cdrecord, dd, mount, lcab, text editor
optionally: hex viewer, hex->dec converter

1. Create an image of Windows CD.

# dd if=/dev/dvd of=win_xp.iso bs=2048 conv=noerror,notrunc

2. Extract files from the image.

# sudo mount -o loop win_xp.iso /mnt
# cp -a /mnt win_xp_slipstream
# chmod -R +w win_xp_slipstream
# sudo umount /mnt

3. Extract the CD boot image and add it to the root of Windows directory. The value of the 'skip' parameter needs to be found. More info below.

# dd if=win_xp.iso of=boot.img bs=2048 count=1 skip=375
# mv boot.img win_xp_slipstream/

4. Add your RAID driver files in $OEM$/$1/drivers/

# mkdir -p 'win_xp_slipstream/$OEM$/$1/drivers/sii680r'
# unzip -j sii680r.zip -d 'win_xp_slipstream/$OEM$/$1/drivers/sii680r'

5. Create a .cab archive of the RAID driver's .sys file in the i386 directory.

# cp 'win_xp_slipstream/$OEM$/$1/drivers/sii680r/pnp680r.sys' win_xp_slipstream/i386/
# lcab win_xp_slipstream/i386/pnp680r.sys win_xp_slipstream/i386/pnp680r.sy_
# rm win_xp_slipstream/i386/pnp680r.sys

6. Get the RAID driver ID info.

# cat 'win_xp_slipstream/$OEM$/$1/drivers/sii680r/txtsetup.oem' | grep 'PCI\\VEN'

---8<---
id = "PCI\VEN_1095&DEV_0680&SUBSYS_36801095", "PnP680r"

--->8---

7. Add the RAID driver info to the bottom of txtsetup.sif before the last EOF. You'll need the .sys file name, "PCI\VEN" string, device ID and name.

# vi win_xp_slipstream/i386/txtsetup.sif

---8<---
[SourceDisksFiles]
pnp680r.sys = 1,,,,,,3_,4,1

[HardwareIdsDatabase]
PCI\VEN_1095&DEV_0680&SUBSYS_36801095 = "PnP680r"

[SCSI.load]
PnP680r = pnp680r.sys,4

[SCSI]
PnP680r = "Silicon Image Ultra-133 Medley ATA RAID Controller"

--->8---

8. Create a winnt.sif file and add the info below with the right driver path.

# vi win_xp_slipstream/i386/winnt.sif

---8<---
[Data]
UnattendedInstall=Yes
MSDosInitiated=No
AutoPartition=0

[Unattended]
OemPnPDriversPath="Drivers\sii680r"

--->8---

9. Re-create the CD image, now with the included driver.

# mkisofs -v -volid "XP_RAID" -d -D -l -N -relaxed-filenames -no-iso-translate -no-emul-boot -boot-load-size 4 -b boot.img -c boot.cat -hide boot.img -hide boot.cat -J -hide-joliet boot.img -hide-joliet boot.cat -o win_xp_slipstream.iso win_xp_slipstream

10. Finally, write the image to a CD.

# sudo cdrecord -v -sao win_xp_slipstream.iso


***

Finding the CD boot image


I. The quick and easy way.

1a. Dump ISO info from CD.

# isoinfo -d

---8<---
Eltorito defaultboot header:
Bootid 88 (bootable)
Boot media 0 (No Emulation Boot)
Load segment 0
Sys type 0
Nsect 4
Bootoff 177 375

--->8---

1b. Alternatively, dump ISO info from the image file.

# isoinfo -d -i win_xp.iso

2a. Extract the boot image from CD. Use the second value from the "Bootoff" line in the 'skip' parameter.

# dd if=/dev/dvd of=boot.img bs=2048 count=1 skip=375

2b. Same as above but from an ISO image.

# dd if=win_xp.iso of=boot.img bs=2048 count=1 skip=375


II. The real hacker's way ;)

1a. Dump a chunk of the CD to a file. Increase 'count=' to 2000 or more if the boot image is not found at first.

# dd if=/dev/dvd of=dump.img bs=2048 count=500

1b. Alternatively, dump data from an ISO image.

# dd if=os_image.iso of=dump.img bs=2048 count=500

2a. Look for the boot image string. Note the starting address in hex. If there are multiple matches, start with the first and complete all steps. If the CD doesn't boot, try the second matching address, and so on.

# xxd dump.img | grep '007c fb8c'

2b. Alternate method using 'hexdump' and visual examination. Look for a string "fa33 c08e d0bc 007c fb8c".

# hexdump -C dump.img | less

---8<--- 00bb800: fa33 c08e d0bc 007c fb8c c88e d852 e800 .3.....|.....R..
00bb810: 005e 81ee 1100 7412 81fe 007c 7575 8cc8 .^....t....|uu..
00bb820: 3d00 0075 7fea 3700 c007 c606 ae01 3390 =..u..7.......3.
00bb830: 8cc8 3dc0 0775 7e8c c88e d8c6 06ae 0134 ..=..u~........4
00bb840: 9080 fa80 726f c606 ae01 3590 bbfe 078b ....ro....5.....
00bb850: 073d 55aa 755f 5a88 1699 0468 8a04 6a0b .=U.u_Z....h..j.
00bb860: 6800 20e8 7603 0f82 0f00 601e 068a 1699 h. .v.....`.....
00bb870: 049a 0000 0020 071f 6168 7e04 6a0c 6800 ..... ..ah~.j.h.

--->8---

3. Convert the address from hex to decimal.

# echo $((16#bb800))

4a. Finally, extract the boot image from CD. Note the 'skip' parameter!

# dd if=/dev/dvd of=boot.img bs=1 count=2048 skip=768000

4b. Same as above but from an ISO image.

# dd if=os_image.iso of=boot.img bs=1 count=2048 skip=768000

4c. Alternatively, calculate and use LBA to make things look pretty. 0xbb800 = 768,000 -> 768,000 / 2,048 = 375 (R/LBA)

# dd if=os_image.iso of=boot.img bs=2048 count=1 skip=375

Another example: Windows 2000 CD.

---8<--- 000a000: fa33 c08e d0bc 007c fb8c c88e d852 e800 .3.....|.....R..
--->8---

0xa000 = 40,960 -> 40,960 / 2,048 = 20 (R/LBA)

# dd if=/dev/dvd of=boot.img bs=2k count=1 skip=20

12 comments:

Anonymous said...

Cool. Thank you very much! I'm making a Windows XP setup CD with slipstreamed SP3.

Anonymous said...

This tutorial was a lifesaver!
Thanks, now I can finally slipstream my own "usbwindows" ;)

Obi Bok said...

Wow, somebody actually found my notes and thought they were useful... I'm flattered!

Glad I could help. It was an interesting project at the time.

Joshua said...

Was getting an NTLDR error after using your instructions, so I tried them again and now I get random characters and no response using qemu to test. I'll check my genisoimage params to see if I missed anything, but I've been at this all day.

Joshua said...

Tried it again last night with cut-and-paste genisoimage params, and it worked perfectly, so I must have copied the boot image file wrong first, then tried coming up with my own (simplified) params second. It worked perfectly, and now my fiancee's Dell is freshly installed with XP SP3!

Obi Bok said...

I'm very pleased to see another success story. Enjoy.

Helge said...

Thanks a lot for writing this info. Just slip-streamed SP2 and it works perfectly :)

Anonymous said...
This comment has been removed by a blog administrator.
Chris Huebsch said...

Thank you for your article.

Your mkisofs command line was exactly that what I was searching for. No other article was able to provide that.

Anonymous said...

Thanks for this post! I was finally able to install win xp in my HP pavillion laptop with a SATA disk.

Anonymous said...

This really help me a lot! Kudos!

Andrew said...

Everything has worked great until I got to the part about unzipping RAID driver files.

unzip: cannot find or open sii680r.zip, sii680r.zip.zip or sii680r.zip.ZIP.