• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
WildBill

PE Tool for creating patches

695 posts in this topic

Here's another set of suggestions for functions to add:

With one additional function, we should be able to use Windows XP's MSVCRT.DLL, which would allow even more software to function under Win2k (i.e. getting us closer to being able to run .NET Framework 3.x and 4.0 and VS2008, as well as fixing some more drivers and newer DirectX Runtimes):

NTDLL.DLL -> RtlGetNtVersionNumbers

Some more functions and what they would fix:

KERNEL32.DLL -> GetSystemTimes (Grand Theft Auto IV)

KERNEL32.DLL -> RtlCaptureContext (QuickTime, iTunes)

KERNEL32.DLL -> GetGeoInfoA (iTunes, Games for Windows Live)

KERNEL32.DLL -> GetUserGeoID (iTunes, Games for Windows Live)

KERNEL32.DLL -> SetThreadUILanguage (Games for Windows Live)

KERNEL32.DLL -> WTSGetActiveConsoleSessionId (Games for Windows Live)

SHELL32.DLL -> SHGetFolderPathAndSubDirW (QuickTime,iTunes)

SHELL32.DLL -> SHParseDisplayName (QuickTime)

WTSAPI32.DLL -> WTSQueryUserToken (iTunes, nVidia Drivers)

WTSAPI32.DLL -> WTSUnRegisterSessionNotification (WinUAE)

WTSAPI32.DLL -> WTSRegisterSessionNotification (WinUAE)

USER32.DLL -> GetRawInputData (Media Player Classic Home Cinema, WinUAE)

USER32.DLL -> GetRawInputDeviceInfoW (Media Player Classic Home Cinema, WinUAE)

USER32.DLL -> GetRawInputDeviceList (Media Player Classic Home Cinema, WinUAE)

USER32.DLL -> RegisterRawInputDevices (Media Player Classic Home Cinema, WinUAE)

USER32.DLL -> DefRawInputProc (WinUAE)

RPCRT4.DLL -> RpcServerInqCallAttributesW (Games for Windows Live)

IPHLPAPI.DLL -> IcmpCreateFile (VirtualBox 4)

IPHLPAPI.DLL -> IcmpSendEcho2 (VirtualBox 4)

I probably suggested a couple of these functions in past posts, but these are mostly new ones. Again, no rush and keep up the great work! :)

Another note on VS2008: I am still going through the files and will post another list when I am done. A version lie (reporting the OS as Windows XP SP2 or SP3) would also be required to start the setup program.

Note on Games For Windows Live: I believe this also needs .NET Framework 3.0 or 4.0 as well.

EDIT: Crossed out functions added in MS11-011 v5

EDIT: Crossed out functions added in MS11-020 v5

Edited by MacLover
0

Share this post


Link to post
Share on other sites

MacLover,

.NET Framework 3.0 & 3.5 (except for XPS and WIC?) already run in Win2k without any kernel patches and newest DX9.0c works well with BlackWingCat's kernel v5. In case of .NET 3.x it's only the installer that doesn't support Win2k.

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

tomasz86 -

there seemed to be a few functions missing for WPF as well. And getting XPS and WIC working would be nice.

Some of the XAudio files and such seem to be missing two functions in MSVCRT.DLL.

Edited by MacLover
0

Share this post


Link to post
Share on other sites

tomasz86 -

there seemed to be a few functions missing for WPF as well. And getting XPS and WIC working would be nice.

Some of the XAudio files and such seem to be missing two functions in MSVCRT.DLL.

You're right about WPF. In case of XPS and WIC, it seems that BlackWingCat has got it work with his wrapper. I guess you've already tried BlackWingCat's .NET Framework 3.5 SP1.

EDIT

Only one function is needed for Java 7:

shell32.dll -> SHGetFolderPathEx

It still works without it but there's an error in Event Viewer:

The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll" has taken longer than the established wait time to complete. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted.

I'm not sure how it is related to Java but still after doing a test I can say for sure that it's directly caused by the new version of Java.

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

WildBill,

I have bad news. It's the same issue as before. With /SOS enabled it goes up to acpitabl.dat and then screen goes off. Without /SOS boot screen doesn't even show up.

0

Share this post


Link to post
Share on other sites

I just finished going through all of the files for VS2008 and found that the following APIs are needed to run it:

for .NET Framework 3.0:


RPCRT4.DLL -> I_RpcBindingInqLocalClientPID (InfoCard component)
RPCRT4.DLL -> RpcServerInqCallAttributesW (WPF)
RPCRT4.DLL -> RpcServerUnregisterIfEx (WPF)

[s]ADVAPI32.DLL -> SystemFunction036 (InfoCard component)[/s]

MSVCRT.DLL -> _vscwprintf (WIC)
MSVCRT.DLL -> _wtof (WIC, WPF)
MSVCRT.DLL -> _aligned_free (WIC)
MSVCRT.DLL -> _aligned_malloc (WIC)
MSVCRT.DLL -> ___lc_codepage_func (WPF, XPS)
MSVCRT.DLL -> ___lc_handle_func (WPF, XPS)
MSVCRT.DLL -> __uncaught_exception (WPF, XPS)
MSVCRT.DLL -> _resetstkoflw (WPF)
MSVCRT.DLL -> __crtGetStringTypeW (XPS)
MSVCRT.DLL -> __crtLCMapStringW (XPS)
MSVCRT.DLL -> ___mb_cur_max_func (XPS)
MSVCRT.DLL -> __pctype_func (XPS)
MSVCRT.DLL -> _strtoi64 (XPS)
MSVCRT.DLL -> _strtoui64 (XPS)

[s]KERNEL32.DLL -> RtlCaptureStackBackTrace (WIC, WPF, XPS)[/s]

[s]NTDLL.DLL -> DbgPrintEx (WIC, WPF)[/s]

USER32.DLL -> RegisterRawInputDevices (WPF)
USER32.DLL -> IsWinEventHookInstalled (WPF)

WINSPOOL.DRV -> IsValidDevmodeW (XPS)

for Web Designer Core (from WCU):


[s]KERNEL32.DLL -> CreateMemoryResourceNotification[/s]
[s]KERNEL32.DLL -> QueryMemoryResourceNotification[/s]

for Windows SDK tools:


DBGHELP.DLL -> SymLoadModuleEx
DBGHELP.DLL -> SymEnumTypes
DBGHELP.DLL -> SymGetTypeInfo

CRYPT32.DLL -> CryptStringToBinaryA
CRYPT32.DLL -> CryptStringToBinaryW

[s]KERNEL32.DLL -> SetThreadUILanguage[/s]

for VS2008 itself:


[s]KERNEL32.DLL -> AddVectoredExceptionHandler[/s]
KERNEL32.DLL -> DebugActiveProcessStop
KERNEL32.DLL -> DebugSetProcessKillOnExit

SHELL32.DLL -> SHCreateShellItem
SHELL32.DLL -> SHOpenFolderAndSelectItems
SHELL32.DLL -> SHParseDisplayName

OLEAUT32.DLL -> 442 (Ordinal number for RegisterTypeLibForUser)

URLMON.DLL -> CoInternetSetFeatureEnabled

[s]IPHLPAPI.DLL -> IcmpCloseHandle[/s]
[s]IPHLPAPI.DLL -> IcmpSendEcho[/s]
[s]IPHLPAPI.DLL -> IcmpCreateFile[/s]

EDIT: I forgot that a few files required UXTHEME.DLL but BlackWingCat's UXTHEME.DLL wrapper in system32 seems to take care of that issue. (At least as far as Dependency Walker is concerned :whistle: )

EDIT: Strange, Ordinal 345 is missing from COMCTL32.DLL even on Windows XP... (I think this is yet another Vista/7 API or some undocumented function...)

EDIT: Crossed out functions added in MS11-011 v5

EDIT: Crossed out functions added in MS11-020 v5

Edited by MacLover
0

Share this post


Link to post
Share on other sites

WildBill,

I have bad news. It's the same issue as before. With /SOS enabled it goes up to acpitabl.dat and then screen goes off. Without /SOS boot screen doesn't even show up.

(sigh)

Here's another that switches one routine off. There's so much ruled out now that there can't be much left to cause it.

Windows2000-KB2393802-v1-early-c5f-x86-ENU.exe

0

Share this post


Link to post
Share on other sites

Still the same issue.

0

Share this post


Link to post
Share on other sites

The problem remains :(

I also have one question about update.ver files.

What exactly does this value stand for?

msi.dll=D41E5FFFFFD2E47C638B63C5DDB41248,000400051772575A,4446720,850295E5

The rest is like this:

msi.dll=MD5,file version+?,file size,CRC32

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

The problem remains :(

I also have one question about update.ver files.

What exactly does this value stand for?

msi.dll=D41E5FFFFFD2E47C638B63C5DDB41248,000400051772575A,4446720,850295E5

The rest is like this:

msi.dll=MD5,file version+?,file size,CRC32

There are 4 numbers in a version number in this file (The version number is also in hex.)

i.e. 5.1.2600.5512 = 000500010A281588

0

Share this post


Link to post
Share on other sites

Thank you, MacLover :)

I think I found something -- a variable that I wasn't initializing if custom bootskins were turned off. Maybe this will help:

Windows2000-KB2393802-v1-early-c5h-x86-ENU.exe

It still doesn't work but the situation is different now. I can see a GUI part of /SOS boot and the progress bar goes up to around 80% and then monitor goes off.

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

What do you get without /SOS? Does the monitor go off at about the same point? (80%)

0

Share this post


Link to post
Share on other sites

First of all, without /SOS there's no normal boot screen. It's just a dark blue progress bar on a black background so I can't really say if it's 80% or 100% but still monitors goes off at the similar moment.

0

Share this post


Link to post
Share on other sites

The normal boot screen is back but the 80% problem persists. Interestingly, when /SOS is enabled the progress bar goes up to 100% but after that monitor goes off as usually.

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

Almost there :) Here's another one that changes how it tries to load the bootskin image from disk to use a lot less stack space. Even if you have bootskins off it was still allocating a lot of stack space and maybe that was a problem.

Windows2000-KB2393802-v1-early-c5j-x86-ENU.exe

Edited by WildBill
0

Share this post


Link to post
Share on other sites

A cursory look at 2286198 as superseding 967715 leaves me wondering whether it really does (the latter dealing with autorun/autoplay functionality and the former not obviously having anything to do with that - nor apparently claiming to supersede any of the previous patches in that area).

Rather than spend more time trying to analyze this, I'm willing to risk implying what may be a stupid question here (because you presumably can answer it off the top of your head). Please forgive me if I should have posed it somewhere else

Thanks,

- bill

0

Share this post


Link to post
Share on other sites

Billtodd -

It fixes the MS10-046 security vulnerability relating to LNK files.

0

Share this post


Link to post
Share on other sites

Billtodd -

It fixes the MS10-046 security vulnerability relating to LNK files.

Thanks for the speedy response. I understand what 2286198 does, it's just not clear to me that this also addresses what 967715 fixes (i.e., that the assertion that the former supersedes the latter is correct: that assertion appears in bristols' Win2K SP4 update list, so - as I said - forgive me if this is not the right place to ask about it).

- bill

0

Share this post


Link to post
Share on other sites

Almost there :) Here's another one that changes how it tries to load the bootskin image from disk to use a lot less stack space. Even if you have bootskins off it was still allocating a lot of stack space and maybe that was a problem.

Windows2000-KB2393802-v1-early-c5j-x86-ENU.exe

Unfortunately there's no difference with c5i :(

billtodd,

2286198 does supersede 967715. If you look at the file version of Shell32.dll, you'll see that the one from 967715 is 5.0.3900.7155 and the one from 2286198 is 5.0.3900.7158. Basically newer versions are based on older ones so the changes done to Shell32.dll by 967715 are also present in 2286198. Now, file version is not everything. There are also changes done to the registry. If you check update.inf files of both of these updates it'll be clear that they both add the same things to the registry.

However, you do have the point here because indeed there are two mistakes on bristols' page.

1. 967715 is superseded by 2286198. <- Correct.

2286198 is said to be superseded by 2479628 so 2479628 should supersede both 967715 & 2286198. <- False

Actually the current version of 2479628 does not supersede 2286198. The shell32.dll file is newer but the registry changes added in both 967715 & 2286198 are not present in 2479628! I prepared a corrected version of it.

Windows2000-UU-KBz2479628-v9-x86-ENU.exe

Now it really supersedes 967715 & 2286198.

2. 2079403 is said to supersede 955069. In reality it does not. The problem is the same as above - the registry changes done by 955069 are not present in 2079403.

Here is a fixed version:

Windows2000-UU-KBz2079403-v2-x86-Global.exe

I prepared also an another additional update:

MS10-005: Vulnerability in Microsoft Paint could allow remote code execution

Windows2000-UU-KB978706-v2-x86-ENU.exe

Windows2000-UU-KB978706-v2-x86-PLK.exe

This is MS Paint from Windows XP. It has an advantage over the one from Windows 2000 that you can save files as jpg, png, etc. while in the original one only bmp is available.


  • mspaint.exe 5.1.2600.5918

I have decided to add -UU- for "Unofficial Updates" and "-HBR-" for hotfixes (by request) to filenames from now on so it should be much easier to know what kind of an update it is.

I hope everything is clear now :)

EDIT

I've changed the filename of KB978706 to KB978706-v2 in order to distinguish it from the original KB978706. You must not use both official KB978706 and unofficial KB978706-v2 when slipstreaming in HFSLIP because the newer paint.exe won't be copied in such a case.

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

Thanks for such a clear and complete explanation. The main reason I questioned whether 2286198 actually superseded 967715 was because the Microsoft 'replaces' information for the former did not appear to recognize that it superseded the latter (nor did the descriptions of the problems addressed appear similar). I would have taken a closer look at what was going on had I not assumed that the question could be answered off the top of someone's head, so apologies (and further appreciation) if you had to do more than that.

It surprised me that 2286198 was itself superseded without any mention in its own slot - perhaps because it (and similarly 2296011 and two other unofficial updates that apparently didn't supersede earlier official updates) was superseded only by an IE-specific update rather than by a system update. Just tracking what replaces what must be non-trivial, and since it shouldn't do any harm to apply earlier updates unnecessarily I guess the only real reason to try to avoid that may be the size limitations of a CD (though perhaps not even that, given how the CD is likely created).

Edit: I've wondered whether the HFSLIP command file keyed off alphabetical order to make sure that newer files in SOURCESS weren't overwritten by older ones, but I guess your new naming conventions make it clear that it doesn't.

Edited by billtodd
0

Share this post


Link to post
Share on other sites

KB2479628 isn't an IE-specific update per se. It was just that initially there were problems when it was installed in an IE5 system. That's why separate versions were created and bristols still keeps them on his page. Starting from 2479628-v8 there are no problems regardless whether you use IE5 or IE6. Only if you happen to use IE6+FDV fileset, you must use HFSLIP 1.7.10 beta J v5 or newer to get this update slipstreamed correctly.

Actually it may cause problems (in some cases) if you have both newer and superseded updates in HF folder. As for newer files, there are no problems because HFSLIP always slipstreams only the newest ones (=newest by their date, not version) but it may be problematic when both updates change the same registry entries. In such a case the newer one must be processed after the older. That's why I add the "z" after KB in KB2* to ensure that they are listed after the older ones starting with KB8* or KB9*.

I used to keep both superseded official updates and newer unofficial ones in my HF folder but recently I've removed all the superseded ones to prevent any potential errors from happening. Actually I have two separate HFSLIP folders now - one with official updates only and the other one with unofficial ones included (and superseded official updates removed). Thanks to that I can easily check and compare them anytime I want.

Edited by tomasz86
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.