Inside Vista Loader

Comparison of Vista Loader 3.0.0.1 and 2.1.3  / Post from 2007

I have the latest Vista Loader 2.1.3 (AKA Windows Vista Activator 2008) in my lab. It is supposed to be invulnerable to Windows Vista Service Pack 1 and KB940510. Besides, it makes no boot string flash. I suspect it is exactly the same core element as the VistaLoader v3.0.0.1 by Dasumo. Let’s hack the hack and see what is inside this program, and what makes it invisible.

Inside information

Vista Loader is based on GRUB for DOS bootloader. “GRUB for DOS is an universal boot loader based on GNU GRUB. It can boot off DOS/LINUX, or via Windows boot manager/syslinux/lilo, or from MBR/CD. It also has builtin BIOS disk emulation, ATAPI CDROM driver, etc.” This is the answer to why it is undetected by Microsoft malware cleaners or patchers: because it does NOT modify ANY proprietary Windows system files AND it operates OUTSIDE Windows environment. Besides, it cannot be identified as a virus by itself (I mean grldr file), because it is a common program without initial evil purpose.

Vista Loader consists of few elements that usually are combined into one executable. The essentials components are: Grub loader itself with emulated BIOS containing OEM SLIC information (in previous versions it would be a separate OEM.bin file), OEM.xrm-ms file with OEM digital certificate, and install.cmd script that puts everything in motion, i.e. installs grub, inserts certificate, and inserts a corresponding royalty OEM product key via “%windir%system32slmgr.vbs -ipk”. In addition there could be some other files like hstart (Hidden Start – run apps in the background), bootinst.exe and bootrest.exe—standard Microsoft programs to set boot manager, and the cosmetic part with OEM logos.

Comparison

VistaLoader 3.0.0.1 by Dasumo and VistaLoader 2.1.3 by w00tageman (see www.mydigitallife.info forums) were compiled by different people. It is obvious when you compare cmd scripts. VistaLoader 3.0.0.1 is more advanced because there are customized oem emulators (i.e. grldr is fixed for each OEM accordingly), and VistaLoader 2.1.3 is using only one grub emulator for ASUS actually:

GRLDR Comparison

I would say VistaLoader 2.1.3 is just a spartan version of luxury 3.0.0.1.

Why Microsoft did not disable royalty OEM product keys

I think the reason why Microsoft did not tackle these keys is simple: there are too many computers with those legitimate keys installed and to change them all—it is not something to happen overnight. Besides nobody expected such a twist from hackers.

The hack itself is not difficult, but the idea is very original one (I think from China). I wonder if Microsoft will eventually strike back, if ever. As I said before, piracy is only a fuel to keep the enormous flame of Windows popularity.

Declaimer

All mentioned above in this article is for the information purpose only. Please do not try the crack tools mentioned as it may be illegal and you can be prosecuted by the law.

If you like Windows Vista, buy it (OEM version is cheap). Or try Mac—it may turn out to be even better!

Leave a Reply