-5

I was having a discussion with a colleague about whether or not the following is possible:

  1. Install an MFC application from a USB drive in Windows XP (this installation would be initiated manually by a user with sufficient privileges to install software).
  2. After rebooting, this application should start instead of the default Windows XP shell (explorer.exe).

Does anyone know how I might accomplish this?

mirabilos
  • 5,123
  • 2
  • 46
  • 72
Sujay Ghosh
  • 2,828
  • 8
  • 30
  • 47
  • 2
    I don't understand one thing,how are you going to run a MFC application without an operating platform running? DLL injection - you must inject a dll into a process,which process if there is no OS loaded? – Ivan Prodanov Jul 16 '09 at 19:28
  • This would make a lot more sense if you add "shell" to the end of the "2)" bullet. The TSR reference is confused and irrelevant. – darron Jul 16 '09 at 19:35
  • @Josn has a point,I admire the author's explanation of running the MFC application(first point in requirements). – Ivan Prodanov Jul 16 '09 at 19:36
  • 1
    A completely valid question and the answer is actually how you can build terminals that run on top of the Windows platform but do not grant access to the Windows shell. For XP you can change the registry setting HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon to point to a custom program. – cfeduke Jul 16 '09 at 19:42
  • 1
    This question was bizarre... I do not think the author intended to ask what he really did ask (i base this on his own suggestions, neither of which have anything to do with running code prior to boot). I've attempted to extract the relevant question... – Shog9 Jul 16 '09 at 20:10
  • @Shog9: Also the TSR suggestion didn't really apply to what he was asking, however it indicated to me that he *had* thought about it, and also that he didn't have any ideas where to begin, so he needed help from the community. I mean, that's what we're here for right? =D – DevinB Jul 16 '09 at 20:18
  • Maybe you should check out [Windows Embedded family](http://www.microsoft.com/windowsembedded/en-us/default.mspx). – Eugene Yokota Jul 18 '09 at 17:08
  • This sounds like my similar question http://stackoverflow.com/questions/8572667/run-software-as-exclusive-shell-application – Ian Sep 10 '13 at 13:19

2 Answers2

7

You won't be able to run an MFC application before windows starts up because by definition MFC runs off of windows DLLs that are not loaded until windows itself is. Not to mention that Windows is what is responsible for loading a PE in the first place, so you won't even be able to load a compiled EXE or DLL without a custom bootstrapper.

In order to do what you want to do you have a few options. There are (easy) ways for windows to be set to load an application on startup. If that is what you want, then this is entirely possible.

However, if you wish to execute code before and while windows is starting up, then you must first overwrite the bootstrapper (with something like GRUB), execute your code (again, you will not have access to any standard library - you will have to operate directly on the buffers made available to you by the CPU if you wish to do any sort of I/O), then start up windows by launching its bootstrapper. I have no idea how to do this; but that is the general overview of what must happen.

You mentioned DLL injection, which is another possibility. I am not familiar with what DLLs, and in what order, are loaded during windows startup. That will be an exercise for you. What you will have to take into consideration, is that the higher level you want to exist in (i.e. what libraries are available for you to do File/Console I/O) the higher up you need to execute your code in the windows startup process.

My suggestion to you is simply write a program that executes as a service that is started up during windows initialization. Its easy to do, and you will have the entire HAL loaded and ready to actually perform tasks - rather then you having to write device-specific drivers in order to manipulate hardware before window's loads the HAL.

  • I think if we inject rundll ; it should work well. There is Reflective DLL injection which I shall also look at . But can we do this :- lets Windows start, finish loading all its stuff , then instead of showing the windows screen, I show my application screen. Or do I need to modify the GINA dll also. – Sujay Ghosh Jul 17 '09 at 11:25
  • Kon-Boot is an example of the hard way: it takes the place of the bootloader and modifies Windows on its way up. – ephemient Jul 17 '09 at 16:25
5

Modify HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit registry value with full path to your application. This key specifies what program should be launched right after a user logs into Windows. The default program for this key is C:\windows\system32\userinit.exe. Userinit.exe is a program that restores your profile, fonts, colors, etc for your username. It is possible to add further programs that will launch from this key by separating the programs with a comma

CsTamas
  • 4,103
  • 5
  • 31
  • 34