PE Tool for creating patches

[WildBill]

Add it to the to-do pile, LOL.

A little update, since I've been silent for quite a while. For the past few months I've been working just about every day on getting SxS support into 2k, which would let us have all of the kernel32 .....ActCtx API routines. I *think* I'm nearing completion, but there have been so many layers to this onion I'm reluctant to say for sure. So far I had to expand the PEB and TEB structures in the kernel, expand internal timer and wait structures, upgrade how the kernel handles work items, add a ton of routines to ntdll, add a bunch to kernel32 (and upgrade even more), upgrade basesrv, add sxs.dll from the latest XP hotfix, and I'm still not done yet. At present I'm eyeball-deep in kernel32's CreateProcessInternalW, which needs to be upgraded before I can complete the internal connections in basesrv. And then, we'll see if the onion has more layers to unwrap.

So far, nothing seems to be broken per se, and 2k nicely creates and populates the WINNT\winsxs folder automatically, but Adobe Reader 9 barfs with an MSVC error. This is because it's detecting the new ActCtx routines and (now thinking it's on an XP machine) trying to create an activation context using CSRSS, which is why I have to upgrade basesrv. But I can't complete that until I upgrade CreateProcessInternalW to give basesrv the extra information it needs to do that. I have all of the extra code I need into basesrv at the moment, but the new stuff isn't connected and can't be until this kernel32 change is done.

All I can say is, thank God for ReactOS. Their source has been invaluable in figuring out some of the structures involved.

Edited February 10, 2012 by WildBill

[blackwingcat]

If you force install VirtualBox 3.x and 4.x , they would not work on Windows 2000.

Because it seems to depend on Shadow Image Copy Service it does not supported on Windows 2000.

So I always use VMWare Player 3.1 or Virtual PC 2005 on Windows 2000.

I didn't notice it before but VirtualBox needs two more APIs to install properly:

SETUPAPI.DLL -> SetupSetNonInteractiveMode

SETUPAPI.DLL -> SetupUninstallOEMInfW

As I said before, no rush on getting these in but it would be nice to have the ability to run VirtualBox 4.x on Windows 2000.

Again, keep up the great work!

Did you try BlackWingCat's setupapi.dll? I don't know if it supports those two functions, but it is probably worth a try.

http://blog.livedoor.jp/blackwingcat/archives/873798.html

BWC's SETUPAPI.DLL doesn't support SetupSetNonInteractiveMode, therefore I cannot install VirtualBox 4 even with a modified MSI to allow installation on Win2k. It does have SetupUninstallOEMInfW though.

[tomasz86]

Wouldn't it be possible to (try to) transplant Shadow Image Copy Service to Windows 2000? Has anyone tried?

I still use Innotek VirtualBox 1.5.6

Edited February 16, 2012 by tomasz86

[blackwingcat]

Perhaps It requires some Kernel functions

I gave up before.

I used Virtualbox till 1.6.x

Wouldn't it be possible to (try to) transplant Shadow Image Copy Service to Windows 2000? Has anyone tried?

I still use Innotek VirtualBox 1.5.6

[piotrhn]

When I use hotfix: kb2393802-v8 and set c:\boot.ini /PAE option, Windows doesn't start properly. Only STOP error:

0x0000001E (0xC0000005, 0x8046473E, 0x00000000, 0x0000000C)

KMODE_EXCEPTION_NOT_HANDLED

*** Address 8046473E base at 80400000, DateStamp 4ed3fc2c - ntoskrnl.exe

[tomasz86]

When I use hotfix: kb2393802-v8 and set c:\boot.ini /PAE option, Windows doesn't start properly. Only STOP error:

Is your CPU single- or dual-core?

[piotrhn]

AMD Athlon 64 x2 5600+

I'm tested this on Vmware Workstation 8

Edited February 16, 2012 by piotrhn

[tomasz86]

Strange because PAE works here (Athlon II X2 255). What's your Windows 2000 edition?

[piotrhn]

Windows 2000 Professional PL

[tomasz86]

Windows 2000 Professional PL

PAE won't work in 2K Pro anyway... but still you shouldn't see any BSOD on boot because of it. Can you try in different VM (VirtualBox or MS Virtual PC)?

[piotrhn]

I'll try on Virtualbox.

Without hotfix kb2393802, Windows boot properly.

[piotrhn]

This problem exists on Virtualbox: 4.1.8 r.75467

[WildBill]

When I use hotfix: kb2393802-v8 and set c:\boot.ini /PAE option, Windows doesn't start properly. Only STOP error:

0x0000001E (0xC0000005, 0x8046473E, 0x00000000, 0x0000000C)

KMODE_EXCEPTION_NOT_HANDLED

*** Address 8046473E base at 80400000, DateStamp 4ed3fc2c - ntoskrnl.exe

Does Windows create a minidump file? The error is occurring in strstr(), but if I can identify how it got there it might not be hard to fix. I'll remember to investigate it before posting v9.

[tomasz86]

I managed to find the official M$ version of 2347290 (the so called custom update).

It has spoolsv.exe 5.0.2195.7425.

I'll upload it later on after testing it.

[WildBill]

When I use hotfix: kb2393802-v8 and set c:\boot.ini /PAE option, Windows doesn't start properly. Only STOP error:

0x0000001E (0xC0000005, 0x8046473E, 0x00000000, 0x0000000C)

KMODE_EXCEPTION_NOT_HANDLED

*** Address 8046473E base at 80400000, DateStamp 4ed3fc2c - ntoskrnl.exe

Does Windows create a minidump file? The error is occurring in strstr(), but if I can identify how it got there it might not be hard to fix. I'll remember to investigate it before posting v9.

I think I found the problem, though I can't really test it here. I guess we'll see what happens when I post v9...