Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

PE Tool for creating patches

- - - - -

  • Please log in to reply
672 replies to this topic

#51
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
I've finished analyzing MS10-098, and I don't think it actually fixes any problems with MS10-073, unless by coincidence. There doesn't seem to be anything in common between the two, but since the problem with 073 involves uninitialized stack variables I can see how changing the code could happen to change what's on the stack at the time. I still think the XP patches are broken. As for the 2k patch, I'm initializing the default value to 0 so this isn't an issue.

I'm satisfied that I can release my 073 and 084 patches for 2k and work on the 098 patch afterward, so I'll post what I have shortly.


How to remove advertisement from MSFN

#52
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
Patches for MS10-073 and MS10-084 are up...notes below:

;==========================================================================
; MS10-073 patches ported to Windows 2000 SP4
;==========================================================================

;==========================================================================
; win32k.sys
;==========================================================================

; -------------------------------------------------------------------------
; xxxSwitchWndProc
; -------------------------------------------------------------------------

$A008489D: E9360A1000          jmp     $A01852D8
           90                  nop
$A01852D8: 0F8553F6EFFF        jnz     $A0084931
           39BE98000000        cmp     [esi+$98], edi      ; Offset is $A4 in XP
           0F85F7F5EFFF        jnz     $A00848E1
           E9B4F5EFFF          jmp     $A00848A3

; -------------------------------------------------------------------------
; xxxMenuWindowProc
; -------------------------------------------------------------------------

$A0030CA6: E945461500          jmp     $A01852F0
           90909090            nop (4)
$A01852F0: 817D0C81000000      cmp     [ebp+$C], $81       ; message
           0F85B2B9EAFF        jnz     $A0030CAF
           33D2                xor     edx, edx
           399798000000        cmp     [edi+$98], edx      ; Offset is $A4 in XP
           0F84B2B9EAFF        jz      $A0030CBD
           33C0                xor     eax, eax
           E959BAEAFF          jmp     $A0030D6B

; -------------------------------------------------------------------------
; xxxKENLSProcs
; -------------------------------------------------------------------------

$A00951CD:                     jmp     $A0185314
           909090              nop (3)
$A0185314: 38907CFFFFFF        cmp     [eax-$84], dl
           0F85B5FEF0FF        jnz     $A00951D5
           80B87DFFFFFF03      cmp     byte ptr [eax-$83], 3
           0F83A8FEF0FF        jnb     $A00951D5
           E9B5FEF0FF          jmp     $A00951E7

; -------------------------------------------------------------------------
; GenerateNlsVkKey
;
; Range validation patch.
;
; Put a complete replacement at $A001F098, which was freed up when BltIcon
; was moved. There are three calls to the original that will be pointed to
; the new one. Then will NOP out the original one at $A0095089.
; -------------------------------------------------------------------------

$A0095103: E8909FF8FF          call    $A001F098           ; GenerateNlsVkKey_new
$A0095161: E8329FF8FF          call    $A001F098           ; GenerateNlsVkKey_new
$A0095195: E8FE9EF8FF          call    $A001F098           ; GenerateNlsVkKey_new

; -------------------------------------------------------------------------
; GenerateNlsVkAltKey
;
; Range validation patch.
;
; Put a complete replacement at $A001F0D8, which was freed up when BltIcon
; was moved. There are two calls to the original that will be pointed to
; the new one. Then will NOP out the original one at $A00950AD.
; -------------------------------------------------------------------------

$A009515A: E8799FF8FF          call    $A001F0D8           ; GenerateNlsVkAltKey_new
$A0095187: E84C9FF8FF          call    $A001F0D8           ; GenerateNlsVkAltKey_new

; -------------------------------------------------------------------------
; xxxDesktopThread
;
; I don't think this applies to 2k. It seems to deal with the menu window
; for the desktop and the 2k code doesn't seem to create such a window.
; -------------------------------------------------------------------------

; -------------------------------------------------------------------------
; xxxCreateDesktop
;
; I don't think this applies to 2k. It seems to deal with the menu window
; for the desktop and the 2k code doesn't seem to create such a window.
; -------------------------------------------------------------------------

; -------------------------------------------------------------------------
; xxxSetWindowLong
; -------------------------------------------------------------------------

$A001D572: 742D                jz      $A001D5A1
$A001D584: 741B                jz      $A001D5A1
$A001D58A: 7515                jnz     $A001D5A1

$A001D8EB: E8101E0000          call    $A001F700           ; xxxSetWindowLongExtraVerify

$A001F700: ; Placed a copy of the 2k xxxSetWindowLong here but modified
           ; it to include the extra verification in the XP patch.  This
           ; way we can avoid having to modify every call to it to pass
           ; an extra parameter.


; -------------------------------------------------------------------------
; SetupClassAtoms
; -------------------------------------------------------------------------

; Need to make room for some writable data. Found a pair of tables that EngDitherColor
; reads from but never writes to. Moving them to the .patch section to make room.

$A0185334:  ; Put dither tables here
$A00C116C: 0FB688335318A0      movzx   ecx, [eax+$A0185333] ; Index is 1-based, so back up the address by 1 (original code is the same way)
$A00C1173: 0FB6B0735318A0      movzx   esi, [eax+$A0185373] ; Index is 1-based, so back up the address by 1 (original code is the same way)
$A0171D30:  ; Put the initialized data we need for SetupClassAtoms here
$A007D4AE: E90B7F1000          jmp     $A01853BE
           9090                nop (2)
$A01853BE: 66890D38C517A0      mov     [$A017C538], cx     ; _gatomLastPinned
           8B0D88C417A0        mov     ecx, [$A017C488]    ; _gpsi
           668B91C0010000      mov     dx, [ecx+$1C0]
           668915301D17A0      mov     [$A0171D30], dx
           668B91C6010000      mov     dx, [ecx+$1C6]
           668915381D17A0      mov     [$A0171D38], dx
           668B91C4010000      mov     dx, [ecx+$1C4]
           668915401D17A0      mov     [$A0171D40], dx
           668B91A8010000      mov     dx, [ecx+$1A8]
           668915481D17A0      mov     [$A0171D48], dx
           668B91CA010000      mov     dx, [ecx+$1CA]
           668915501D17A0      mov     [$A0171D50], dx
           668B91B0010000      mov     dx, [ecx+$1B0]
           668915581D17A0      mov     [$A0171D58], dx
           E99180EFFF          jmp     $A007D4B5

; -------------------------------------------------------------------------
; SetWindowWord
; -------------------------------------------------------------------------

$A004A077: E9ACB31300          jmp     $A0185428
           9090                nop(2)
$A0185428: 8B5660              mov     edx, [esi+$60]      ; WND.pcls (at $64 in XP)
           F6421302            test    byte ptr [edx+$13], 2 ; CLS.flags.hi (at $17 in XP)
           7437                jz      $A0185468
           33C9                xor     ecx, ecx            ; index starts at 0
           668B5204            mov     dx, [edx+4]         ; atomClassName
$A0185437: 663B14CD301D17A0    cmp     dx, [ecx*8+$A0171D30] ; _gSafeBufferClasses.atom
           740A                jz      $A018544B           ; Found a match?
           41                  inc     ecx
           83F906              cmp     ecx, 6              ; 6 atoms to check
           7CF0                jl      $A0185437
           33D2                xor     edx, edx            ; No match -- default size = 0 -- NOT INITIALIZED IN XP CODE!!!
           EB07                jmp     $A0185452
$A018544B: 8B14CD341D17A0      mov     edx, [ecx*8+$A0171D34] ; _gSafeBufferClasses.limit
$A0185452: 39D0                cmp     eax, edx            ; Compare index with limit
           7D12                jge     $A0185468
           83F904              cmp     ecx, 4              ; Only get in here if we found an atom match
           0F85034BECFF        jnz     $A0049F62           ; Error -- invalid value
           83F81E              cmp     eax, $1E
           0F87FA4AECFF        ja      $A0049F62           ; Error -- invalid value
$A0185468: 8D8C3098000000      lea     ecx, [eax+esi+98h]  ; hProcess
           E90A4CECFF          jmp     $A004A07E           ; Continue setting the value

; -------------------------------------------------------------------------
; NtUserRegisterClassExWOW
; -------------------------------------------------------------------------

$A007A2D0:                     jmp     $A0185478
           9090                nop (2)
$A0185478: 8B45D4              mov     eax, [ebp-$2C]      ; wcx.lpszClassName
           F7C00000FFFF        test    eax, $FFFF0000      ; Is it an atom?
           7406                jz      $A0185489
           50                  push    eax
           E8808FE9FF          call    $A001E409           ; UserFindAtom
$A0185489: 33D2                xor     edx, edx            ; No match -- default size = 0
           6685C0              test    ax, ax
           7428                jz      $A01854B8
           33C9                xor     ecx, ecx            ; index starts at 0
$A0185492: 663B04CD301D17A0    cmp     ax, [ecx*8+$A0171D30] ; _gSafeBufferClasses.atom
           740A                jz      $A01854A6           ; Found a match?
           41                  inc     ecx
           83F906              cmp     ecx, 6              ; 6 atoms to check
           7CF0                jl      $A0185492
           33D2                xor     edx, edx            ; No match -- default size = 0
           EB12                jmp     $A01854B8
$A01854A6: 0FB714CD321D17A0    movzx   edx, word ptr [ecx*8+$A0171D32] ; _gSafeBufferClasses.flags
           095518              or      [ebp+$18], edx      ; Flags
           8B14CD341D17A0      mov     edx, [ecx*8+$A0171D34] ; _gSafeBufferClasses.limit
$A01854B8: F6451904            test    byte ptr [ebp+$19], 4 ; Flags.hi
           740C                jz      $A01854CA
           3955BC              cmp     [ebp-$44], edx      ; wcx.cbWndExtra
           7D07                jge     $A01854CA
           6A05                push    5
           E9204EEFFF          jmp     $A007A2EA           ; Error
$A01854CA: 57                  push    edi
           FF7518              push    [ebp+$18]           ; Flags
           FF7514              push    [ebp+$14]           ; fnID
           E9014EEFFF          jmp     $A007A2D7

; -------------------------------------------------------------------------
; LW_RegisterWindows
; -------------------------------------------------------------------------

$A01854E0: ; New, larger register table put here (an extra flags field in each record)
$A01855E8: ; New version of LW_RegisterWindows goes here (original will be erased)

$A007E5F9: E82B701000          call    $A0185629           ; LW_RegisterWindows_new
$A007E679: E8AB6F1000          call    $A0185629           ; LW_RegisterWindows_new

; -------------------------------------------------------------------------
; xxxSetClassData
; -------------------------------------------------------------------------

$A00971F5: E9D6E40E00          jmp     $A01856D0
$A01856D0: 83FAF8              cmp     edx, $FFFFFFF8
           0F848E1BF1FF        jz      $A0097267
           F6461304            test    byte ptr [esi+$13], 4 ; CLS.flags.hi (at $17 in XP)
           7438                jz      $A0185717
           83FAEE              cmp     edx, $FFFFFFEE
           7533                jnz     $A0185717
           33C0                xor     eax, eax
           668B4E04            mov     cx, [esi+4]         ; CLS.atom
$A01856EA: 663B0CC5301D17A0    cmp     cx, [eax*8+$A0171D30] ; _gSafeBufferClasses.atom
           740A                jz      $A01856FE
           40                  inc     eax
           83F806              cmp     eax, 6
           7CF0                jl      $A01856EA
           33C0                xor     eax, eax
           EB07                jmp     $A0185705
$A01856FE: 8B04C5341D17A0      mov     eax, [eax*8+$A0171D34] ; _gSafeBufferClasses.limit
$A0185705: 8B7D10              mov     edi, [ebp+$10]      ; dwNewLong
           3BF8                cmp     edi, eax
           0F8DEA1AF1FF        jge     $A00971FA
           6A05                push    5
           E9141CF1FF          jmp     $A009732B
$A0185717: 8B7D10              mov     edi, [ebp+$10]      ; dwNewLong
           E9DB1AF1FF          jmp     $A00971FA

; -------------------------------------------------------------------------
; xxxMNOpenHierarchy
;
; I don't think this applies to 2k. It seems to do with alternate menu window
; creation logic that 2k doesn't have. Looked for similar code in the 2k
; routine and it properly checks for null pointers.
; -------------------------------------------------------------------------

;==========================================================================
; MS10-084 patches ported to Windows 2000 SP4
;==========================================================================

;==========================================================================
; rpcrt4.dll
;==========================================================================

; -------------------------------------------------------------------------
; LRPC_SASSOCIATION__BindBack
; -------------------------------------------------------------------------

$77D5A301: 81ECF0000000        sub     esp, $F0
$77D5A3BF: E9284E0300          jmp     $77D8F1EC
           909090              nop (3)
$77D8F1EC: 8D8514FFFFFF        lea     eax, [ebp-$EC]
           50                  push    eax
           83A510FFFFFF00      and     [ebp-$F0], 0
           8D8510FFFFFF        lea     eax, [ebp-$F0]
           50                  push    eax
           E9C1B1FCFF          jmp     $77D5A3C7
; -------------------------------------------------------------------------
$77D5A400: E9014E0300          jmp     $77D8F206
$77D8F206: 81BD10FFFFFF00010000 cmp    [ebp-$F0], $100
           59                  pop     ecx
           0F87EEB1FCFF        ja      $77D5A405
           3BFE                cmp     edi, esi
           0F8CE6B1FCFF        jl      $77D5A405
           E9E6B1FCFF          jmp     $77D5A40A


#53
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
A Win2k patch for MS10-096 is up :) This one was really easy -- I analyzed the files and you can use the XP one as-is, so I only had to rebuild the installer. I'm currently testing a patch for MS10-098, and I've partially analyzed MS10-099.

Merry Christmas, everyone :hello:

#54
Dagwood

Dagwood

    Newbie

  • Member
  • 11 posts
So if I want to build, say, a Dutch W2000 patch for MS10-096 all I would have to do is download the Dutch XP patch, then extract the contents and repack? And are the packing tools readily available, and which do I need?

#55
blackwingcat

blackwingcat

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 748 posts
  • OS:Windows 2000 Professional
  • Country: Country Flag
Hi, WildBill.

I already have released MS10-099 for Windows 2000.
(MS10-096 is Japanese only)

* I renewaled MS10-099-v2 on 24th Jan.

Sincerely.

A Win2k patch for MS10-096 is up :) This one was really easy -- I analyzed the files and you can use the XP one as-is, so I only had to rebuild the installer. I'm currently testing a patch for MS10-098, and I've partially analyzed MS10-099.

Merry Christmas, everyone :hello:


Edited by blackwingcat, 25 January 2011 - 12:09 AM.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BlackWingCat =^^=
http://blog.livedoor.jp/blackwingcat/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

#56
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag

So if I want to build, say, a Dutch W2000 patch for MS10-096 all I would have to do is download the Dutch XP patch, then extract the contents and repack? And are the packing tools readily available, and which do I need?


It should work, though repacking isn't a one-step process. Look at this thread for moe info on repacking. Basically it boils down to these steps:

1. Remove the .cat files because you won't be able to sign the update.
2. Copy one of the .inf file (e.g. update_SP3GDR.inf) to update.inf).
3. Delete the XP-specific .inf files: update_SP3GDR.inf, update_SP3QFE.inf, updatebr.inf, and branches.inf.
4. Patch update.inf to remove all references to the .cat files you deleted.
5. Change all references to "XP" in update.inf to "2000". I usually also put "Unofficial" before the title but that isn't necessary.
6. Delete the SP3GDR and SP3QFE folders and put your patch file in the folder above the update folder.
7. Remove all references to the SP3GDR or SP3QFE folders in update.inf, since your source files aren't in one of those subdirectories.
8. In update.inf, make the following changes:

[Version]
NtBuildToUpdate=2195
NtMajorVersionToUpdate=5
NtMinorVersionToUpdate=0
MaxNtBuildToUpdate=2195
MaxNtMajorVersionToUpdate=5
MaxNtMinorVersionToUpdate=0
MinNtServicePackVersion=1024
MaxNtServicePackVersion=1024
ThisServicePackVersion=1280

[Strings]
SERVICE_PACK_NUMBER = 5

9. Normally you'd have to patch update.ver with a new MD5 sum and file size, but since the file isn't changing in this case you don't have to do that.
10. Patch update.ver to remove the references to the SP3GDR and SP3QFE subdirectories and make sure that there is only one entry (the one that you're using --so if it came from the SP3GDR folder then keep that entry, otherwise keep the other one).
11. Replace update\update.exe with one from any of the releases I uploaded -- mine will let you install an unsigned update, the one from MS won't.
12. Compress your files:

cabarc -m LZX:21 -p -r N ..\outfile.cab *.*

13. Patch the created .cab file so that it knows to execute update.exe. You'll need a hex editor for this (e.g. xvi32). Look for the update\update.exe entry toward the beginning of the file. Before it there should be a 20h byte. Change that to 60h which will flag it as an auto-execute file.
14. Prepend the MSCF.sfx file before the .cab file to make an installer:

copy /b MSCF.sfx + outfile.cab outfile.exe

15. Rename outfile.exe to something appropriate to the patch and language:

ren outfile.exe Windows2000-KB######-x86-XXX.exe

It's a pain, but once you do it a few times it becomes second nature. You can unpack any of my patches with the /x option to see an example. One caveat, though: patching win32k.sys on 2000 requires a very different .inf file than patching it on XP does.

Edited by WildBill, 27 December 2010 - 06:55 PM.


#57
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
I've tested my MS10-098 patch for a few days and I haven't run into any problems, so I've posted it (look in the usual place for it). I'm currently analyzing the IE patch in MS10-090, which is never an easy proposition....

Edited by WildBill, 27 December 2010 - 07:01 PM.


#58
Prozactive

Prozactive

    Member

  • Member
  • PipPip
  • 209 posts
  • OS:98SE
  • Country: Country Flag
Just checking... doesn't KB2436673 (MS10-098) supersede KB981957 (MS10-073)?

Thank you so much for all the hard work, effort, and time obviously required to develop these updates!

#59
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag

Just checking... doesn't KB2436673 (MS10-098) supersede KB981957 (MS10-073)?

Thank you so much for all the hard work, effort, and time obviously required to develop these updates!


Yes, though the update.inf isn't cumulative, so skipping MS10-073 could wind up leaving out some important registry settings.

Thanks for the kudos. This is consuming 100% of my free time, so I'd really appreciate it if some kind person could also make some patches.

In other news, I'm presently testing a patch for MS10-090.

#60
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
Happy New Year, everyone! :thumbup

I've found a bug in my MS10-083 patch and uploaded a V2 version. The download link above has been updated as well as the file name. I've also included my patches.asm file in the archive, which you can extract with the /x option.

My MS10-090 patch is ready, except for one problem -- I can't seem to get Automatic Updates to leave the registry changes alone. It keeps wanting to reinstall KB982381 -- MS10-090 changes a few registry values that were set in KB982381, and this seems to be making Automatic Updates unhappy. I'm not crazy about the idea of disabling Automatic Updates, but I also need a way to stop it from the endless nagging. Does anyone have any info on how to make it happy? I've already tried increasing the installed IE version registry setting from 6,0,2800,2006 to 6,0,2800,2007, but that didn't help.

If and when MS10-090 is posted, it should be truly cumulative -- I've merged in all the INF changes from KB982381, MS10-053, and MS10-071, and it contains all files from the last pre-EOL update as well as anything changed post-EOL. It also contains the registry changes in KB2467659 and has some extra XP API's in shlwapi.dll.

Edited by WildBill, 31 December 2010 - 07:02 PM.


#61
Dagwood

Dagwood

    Newbie

  • Member
  • 11 posts
First, Happy New Year everybody!

I wouldn't worry too much about leaving Automatic Updates switched off- it's hardly likely that Microsoft will ever release another update for W2000, security or otherwise. Once W2000 is fully updated with all the official Microsoft stuff currently available, Automatic Updates can be permanently disabled im my opinion. Just a thought.

#62
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
I know how to disable automatic updates through the registry (and I tested it), but that's sort of like killing an ant with a thermonuclear device :rolleyes: Killing automatic updates entirely also stops updates for Office, etc. Another option would be to let people tell the Automatic Updates service to hide notifications for the older ones that it wants to reinstall. Basically, if you have it set to "notify but do not download", you can open the dialog, go to the details window to show what it wants to install, and uncheck the ones that you want it to hide. It will ask you if you want them to remain hidden, where you would say yes (you can always unhide them from the Automatic Updates control panel applet). To me that's a really kludgy way to do it, but it works.

Ideally there would be a way to tell Automatic Updates through the registry that it should not offer those updates. I've spent the last few hours crawling through the assembly code for Automatic Updates and I've done some before-and-after registry comparisons and for the life of me I can't find where that information gets stored. For all I know the per-update hide settings get stored at an MS server somewhere.

Anyhow, the patch for MS10-090 is up, and I decided to choose a middle ground...it will set your Automatic Updates to "notify only", which will give you a chance to tell it to not offer the older IE updates. When the icon+balloon appear telling you that an update is available, open it up and do the following:

- Select Custom Install (IMPORTANT)
- Click Next
- Uncheck the IE patch that it offers (e.g. KB982381)
- Click Close
- When the Hide updates confirmation box pops up, check "Don't notify me about these updates again."
- Click Ok.

You might get nagged more than once. A minute or so after after I disabled KB982381, it nagged me about an even older update (KB978207). If that happens, turn off notification for that one the same way. After that, Automatic Updates should leave you alone.

Edited by WildBill, 02 January 2011 - 01:22 AM.


#63
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
I've posted version 0.0.3 of my PE Tool, which should help anyone working on patches. See the top post for an updated link...

#64
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
I'm not really sure where to put this, so I'll just post it here. Apparently the XP MS10-098 and MS10-073 patches were causing BSOD's for some users, and one forum member asked me to make a fix that initializes the variables that I was concerned about (see page 3 for more info). Since applying my revised MS10-098 patch the BSOD's have stopped, so we decided to release it this week if no more problems cropped up.

So here is a link to my revised MS10-098 patch for XP. Let's hope that MS fixes it soon...

WindowsXP-KB2436673-FIX-x86-ENU.exe

Included in the archive is a text file called patches.asm that shows the changes I made. You can get it by extracting everything with the /x option.

Edited by WildBill, 04 January 2011 - 08:22 PM.


#65
blackwingcat

blackwingcat

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 748 posts
  • OS:Windows 2000 Professional
  • Country: Country Flag
Hi, WildBill

Happy new year.

0.0.3 also broken an export table as same as 0.0.2
and I want a function "Save As..."

I've posted version 0.0.3 of my PE Tool, which should help anyone working on patches. See the top post for an updated link...


Edited by blackwingcat, 06 January 2011 - 06:36 PM.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BlackWingCat =^^=
http://blog.livedoor.jp/blackwingcat/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

#66
dencorso

dencorso

    Adiuvat plus qui nihil obstat

  • Super Moderator
  • 5,782 posts
  • OS:98SE
  • Country: Country Flag

Donator

Happy new year for both of you, blackwingcat and WildBill! And for Dagwood, too!
I'll add a minor request: controlling the font of the disassembly would be very helpful, too.
It's always too big in my 1024x768 screen. But my tired eyes forbid me of going to any higher resolution, in my 19" screen.

#67
Prozactive

Prozactive

    Member

  • Member
  • PipPip
  • 209 posts
  • OS:98SE
  • Country: Country Flag

Thanks for the kudos. This is consuming 100% of my free time, so I'd really appreciate it if some kind person could also make some patches.


I can imagine. :} Unfortunately while I've done a fair amount of coding, I'm not a programmer and I certainly don't have the technical capability to do what you're doing. I'm very grateful for your work and hopefully you'll receive support from other technically competent members.

Edited by Prozactive, 06 January 2011 - 11:32 AM.


#68
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,510 posts
  • OS:XP Pro x86
  • Country: Country Flag
Hello WildBill,

By using your guide I managed to make hotfixes for the Polish version of Windows 2000. Thank you very much!

I'll keep my list at a Polish forum here: http://forum.windows...wki-t11936.html

WARNING

Actually it's much more complicated to do it than how it's explained on the 3rd page of this thread. If you leave the original files from the XP installation of the hotfix (ex. shell32.dll) it works but you'll get an error after restarting the system as there are strings in this file referring to some XP related files (msgina.dll etc.). On the other hand, when using the modified version from the English version provided by WildBill you get no errors but parts of your system will change into English after the installation.

So what's the solution? I think you have to edit the files already modified by WildBill and change strings inside them from English into your language. Basically you need to copy them from the original system files. It takes time but should work without any problem.

Edited by tomasz86, 09 January 2011 - 02:29 AM.

post-47483-1123010975.png
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#69
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,510 posts
  • OS:XP Pro x86
  • Country: Country Flag
WildBill,

You said that it's necessary to change

[Strings]
SERVICE_PACK_NUMBER = 4

from 4 to 5 but in MS10-054 you didn't change it. Was it left unchanged for purpose? Or maybe it doesn't matter at all?

Also sometimes you delete

[ArchiveCatalogFilesOnly]
%SP_SHORT_TITLE%.cat

and sometimes you leave it... does it make any change?

Edited by tomasz86, 09 January 2011 - 02:00 PM.

post-47483-1123010975.png
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#70
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag

WildBill,

You said that it's necessary to change


[Strings]
SERVICE_PACK_NUMBER = 4

from 4 to 5 but in MS10-054 you didn't change it. Was it left unchanged for purpose? Or maybe it doesn't matter at all?

Also sometimes you delete

[ArchiveCatalogFilesOnly]
%SP_SHORT_TITLE%.cat

and sometimes you leave it... does it make any change?


Those were oversights on my part. SERVICE_PACK_NUMBER should always be set to 5. I delete all .cat references to keep the patch program from demanding that the update be signed. I guess leaving it in that patch didn't cause any problems.

#71
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,510 posts
  • OS:XP Pro x86
  • Country: Country Flag
OK, I understand :yes:

After I've finished modifying and translating your updates I'm going to try to slipstream them using HFSLIP. I'll post here and write whether it works or not.
post-47483-1123010975.png
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#72
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
Just a little update...

I'm presently working on MS-091, the critical font patch. There are an enormous amount of changes, though I'm making steady progress. I tried using the XP driver as-is, but that wouldn't work, so I'm having to upgrade the 2k version. I'll definitely get there, but it's a long slog. I have made a lot of progress on it so far, though, enough that I'm confident that I'll eventually get it done.

I also have on my box upgraded versions of win32k.sys and user32.dll. They add support for EngBugCheck, which I had to add when I was trying the XP font driver. They also add support for GetLayeredWindowAttributes, which let me finally run the HP Update program that came with my laptop ;) I'm currently holding off on releasing them until the next time MS patches those files, which if history is any guide, won't be long.

Edited by WildBill, 18 January 2011 - 11:11 AM.


#73
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
Hmm. I've got most of the changes in for MS-091, and I might have found why all the PS fonts show up as invalid when I try the XP driver as-is. I haven't tried patching it yet, but there's a section of code where they do this:

and [ebp+###], 0 (local variable)
ja ######## (if it takes the jump it means something is invalid)

The problem with this is that JA jumps if CF=0 and ZF=0. However, AND **always** sets CF=0 and also sets ZF=0 in this case because the result is 0. The end result: the condition is always true and it always makes the jump. I haven't tried to see what happens if I change the code but as it stands it isn't correct (and I checked the Intel docs to make sure).

Edited by WildBill, 24 January 2011 - 05:36 AM.


#74
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
I've finally added patches for MS10-091 and MS10-097 to the patch list. The number of changes in MS10-091 is enormous, so for anyone who wants to port it to other languages I strongly recommend translating the ENU version rather than porting all the changes to a different one. There's a reason why it took me a month to finish it. :(

On the flip side, MS10-097 was really easy and it only took a few hours to make. Next up will be either MS10-099 or MS11-002...I haven't yet decided which. I've taken a look at both, and while MS11-002 is critical I'm not sure yet how to attack it.

Each patch file has my notes bundled inside: you can get them by running them with the /x option to extract the contents.

Edited by WildBill, 29 January 2011 - 09:22 PM.


#75
WildBill

WildBill

    Senior Member

  • Developer
  • 695 posts
  • OS:none specified
  • Country: Country Flag
GAH. I forgot to put in relocs for the MS10-097 patch. I've uploaded a V2 version and updated the link above, and the file version will bump up one more so you can tell it apart. If you installed V1 of MS10-097, just install the V2 version over it. Sorry for the mix-up :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN