[Dagwood]

First, Happy New Year everybody!

I wouldn't worry too much about leaving Automatic Updates switched off- it's hardly likely that Microsoft will ever release another update for W2000, security or otherwise. Once W2000 is fully updated with all the official Microsoft stuff currently available, Automatic Updates can be permanently disabled im my opinion. Just a thought.

[WildBill]

I know how to disable automatic updates through the registry (and I tested it), but that's sort of like killing an ant with a thermonuclear device Killing automatic updates entirely also stops updates for Office, etc. Another option would be to let people tell the Automatic Updates service to hide notifications for the older ones that it wants to reinstall. Basically, if you have it set to "notify but do not download", you can open the dialog, go to the details window to show what it wants to install, and uncheck the ones that you want it to hide. It will ask you if you want them to remain hidden, where you would say yes (you can always unhide them from the Automatic Updates control panel applet). To me that's a really kludgy way to do it, but it works.

Ideally there would be a way to tell Automatic Updates through the registry that it should not offer those updates. I've spent the last few hours crawling through the assembly code for Automatic Updates and I've done some before-and-after registry comparisons and for the life of me I can't find where that information gets stored. For all I know the per-update hide settings get stored at an MS server somewhere.

Anyhow, the patch for MS10-090 is up, and I decided to choose a middle ground...it will set your Automatic Updates to "notify only", which will give you a chance to tell it to not offer the older IE updates. When the icon+balloon appear telling you that an update is available, open it up and do the following:

- Select Custom Install (IMPORTANT)
- Click Next
- Uncheck the IE patch that it offers (e.g. KB982381)
- Click Close
- When the Hide updates confirmation box pops up, check "Don't notify me about these updates again."
- Click Ok.

You might get nagged more than once. A minute or so after after I disabled KB982381, it nagged me about an even older update (KB978207). If that happens, turn off notification for that one the same way. After that, Automatic Updates should leave you alone.

This post has been edited by WildBill: 02 January 2011 - 01:22 AM

[WildBill]

I've posted version 0.0.3 of my PE Tool, which should help anyone working on patches. See the top post for an updated link...

[WildBill]

I'm not really sure where to put this, so I'll just post it here. Apparently the XP MS10-098 and MS10-073 patches were causing BSOD's for some users, and one forum member asked me to make a fix that initializes the variables that I was concerned about (see page 3 for more info). Since applying my revised MS10-098 patch the BSOD's have stopped, so we decided to release it this week if no more problems cropped up.

So here is a link to my revised MS10-098 patch for XP. Let's hope that MS fixes it soon...

WindowsXP-KB2436673-FIX-x86-ENU.exe

Included in the archive is a text file called patches.asm that shows the changes I made. You can get it by extracting everything with the /x option.

This post has been edited by WildBill: 04 January 2011 - 08:22 PM

[blackwingcat]

Hi, WildBill

Happy new year.

0.0.3 also broken an export table as same as 0.0.2
and I want a function "Save As..."

WildBill, on 02 January 2011 - 09:58 PM, said:

I've posted version 0.0.3 of my PE Tool, which should help anyone working on patches. See the top post for an updated link...

This post has been edited by blackwingcat: 06 January 2011 - 06:36 PM

[dencorso]

Happy new year for both of you, blackwingcat and WildBill! And for Dagwood, too!
I'll add a minor request: controlling the font of the disassembly would be very helpful, too.
It's always too big in my 1024x768 screen. But my tired eyes forbid me of going to any higher resolution, in my 19" screen.

[Prozactive]

WildBill, on 30 December 2010 - 02:14 PM, said:

Thanks for the kudos. This is consuming 100% of my free time, so I'd really appreciate it if some kind person could also make some patches.

I can imagine. Unfortunately while I've done a fair amount of coding, I'm not a programmer and I certainly don't have the technical capability to do what you're doing. I'm very grateful for your work and hopefully you'll receive support from other technically competent members.

This post has been edited by Prozactive: 06 January 2011 - 11:32 AM

[tomasz86]

Hello WildBill,

By using your guide I managed to make hotfixes for the Polish version of Windows 2000. Thank you very much!

I'll keep my list at a Polish forum here: http://forum.windows...wki-t11936.html

WARNING

Actually it's much more complicated to do it than how it's explained on the 3rd page of this thread. If you leave the original files from the XP installation of the hotfix (ex. shell32.dll) it works but you'll get an error after restarting the system as there are strings in this file referring to some XP related files (msgina.dll etc.). On the other hand, when using the modified version from the English version provided by WildBill you get no errors but parts of your system will change into English after the installation.

So what's the solution? I think you have to edit the files already modified by WildBill and change strings inside them from English into your language. Basically you need to copy them from the original system files. It takes time but should work without any problem.

This post has been edited by tomasz86: 09 January 2011 - 02:29 AM

[tomasz86]

WildBill,

You said that it's necessary to change

Quote

[Strings]
SERVICE_PACK_NUMBER = 4

from 4 to 5 but in MS10-054 you didn't change it. Was it left unchanged for purpose? Or maybe it doesn't matter at all?

Also sometimes you delete

Quote

[ArchiveCatalogFilesOnly]
%SP_SHORT_TITLE%.cat

and sometimes you leave it... does it make any change?

This post has been edited by tomasz86: 09 January 2011 - 02:00 PM

[WildBill]

tomasz86, on 09 January 2011 - 01:31 PM, said:

WildBill,

You said that it's necessary to change

Quote

[Strings]
SERVICE_PACK_NUMBER = 4

from 4 to 5 but in MS10-054 you didn't change it. Was it left unchanged for purpose? Or maybe it doesn't matter at all?

Also sometimes you delete

Quote

[ArchiveCatalogFilesOnly]
%SP_SHORT_TITLE%.cat

and sometimes you leave it... does it make any change?

Those were oversights on my part. SERVICE_PACK_NUMBER should always be set to 5. I delete all .cat references to keep the patch program from demanding that the update be signed. I guess leaving it in that patch didn't cause any problems.

[tomasz86]

OK, I understand

After I've finished modifying and translating your updates I'm going to try to slipstream them using HFSLIP. I'll post here and write whether it works or not.

[WildBill]

Just a little update...

I'm presently working on MS-091, the critical font patch. There are an enormous amount of changes, though I'm making steady progress. I tried using the XP driver as-is, but that wouldn't work, so I'm having to upgrade the 2k version. I'll definitely get there, but it's a long slog. I have made a lot of progress on it so far, though, enough that I'm confident that I'll eventually get it done.

I also have on my box upgraded versions of win32k.sys and user32.dll. They add support for EngBugCheck, which I had to add when I was trying the XP font driver. They also add support for GetLayeredWindowAttributes, which let me finally run the HP Update program that came with my laptop I'm currently holding off on releasing them until the next time MS patches those files, which if history is any guide, won't be long.

This post has been edited by WildBill: 18 January 2011 - 11:11 AM

[WildBill]

Hmm. I've got most of the changes in for MS-091, and I might have found why all the PS fonts show up as invalid when I try the XP driver as-is. I haven't tried patching it yet, but there's a section of code where they do this:

and [ebp+###], 0 (local variable)
ja ######## (if it takes the jump it means something is invalid)

The problem with this is that JA jumps if CF=0 and ZF=0. However, AND **always** sets CF=0 and also sets ZF=0 in this case because the result is 0. The end result: the condition is always true and it always makes the jump. I haven't tried to see what happens if I change the code but as it stands it isn't correct (and I checked the Intel docs to make sure).

This post has been edited by WildBill: 24 January 2011 - 05:36 AM

[WildBill]

I've finally added patches for MS10-091 and MS10-097 to the patch list. The number of changes in MS10-091 is enormous, so for anyone who wants to port it to other languages I strongly recommend translating the ENU version rather than porting all the changes to a different one. There's a reason why it took me a month to finish it.

On the flip side, MS10-097 was really easy and it only took a few hours to make. Next up will be either MS10-099 or MS11-002...I haven't yet decided which. I've taken a look at both, and while MS11-002 is critical I'm not sure yet how to attack it.

Each patch file has my notes bundled inside: you can get them by running them with the /x option to extract the contents.

This post has been edited by WildBill: 29 January 2011 - 09:22 PM

[WildBill]

GAH. I forgot to put in relocs for the MS10-097 patch. I've uploaded a V2 version and updated the link above, and the file version will bump up one more so you can tell it apart. If you installed V1 of MS10-097, just install the V2 version over it. Sorry for the mix-up

[WildBill]

My patch for MS10-099 is up

It basically adds bunch of overflow checking and wasn't that hard to do. For any MS lurkers, however, please extract my notes (with /x) and look at my comments for PxAfTapiTranslateTapiCallParams because I don't think the patch gets the logic right. I think I corrected it in my 2k patch, but you might want to take a second look at the XP one.

[bristols]

WildBill, on 31 January 2011 - 04:05 PM, said:

My patch for MS10-099 is up

It basically adds bunch of overflow checking and wasn't that hard to do. For any MS lurkers, however, please extract my notes (with /x) and look at my comments for PxAfTapiTranslateTapiCallParams because I don't think the patch gets the logic right. I think I corrected it in my 2k patch, but you might want to take a second look at the XP one.

Thanks very much WidlBill.

You know I guess that BlackWingCat also produced a patch for MS10-099:

http://blog.livedoor...es/1371229.html

It's a pity you guys couldn't work in tandem and share the load. Perhaps you do in some way(s) - if so, pardon me.

[WildBill]

I had read the blog entry, but according to the Google translation it looks like there are problems with it (I can read a little Katakana when it's just spelling out English loanwords and I know maybe a dozen Kanji characters, but that isn't enough to read what's really important). With that in mind I decided to start from scratch.

One of the reasons why I always include or post my notes is that I'm hoping it will help him make a JPN version (or anyone else).

This post has been edited by WildBill: 31 January 2011 - 09:14 PM

[blackwingcat]

Hi, WildBill.

I try to use PETool 0.0.3

1. The application crashed when opened file twice.

2. I want to know how to move section.
I try to do following way.

* I selected .rdata
* Menu:Sections>Move
* I Input value 0x400
* I selected .text.
* Menu:Sections>Consume Slack.
* Menu:File>Save.

Then binary table was broken.

How I should do right way ?

[WildBill]

Sorry, this is my fault. I should have explained this.

The tool can only safely move certain sections, like resources or relocs. If you move anything else the file won't work because all the relative offsets will be broken. The only thing that moving a section is really useful for is moving the resources and relocs out of the way so you can grow a section that sits before them.

When I need to make room for more code, what I do depends on whether the file has room for more section entries. If it does, I usually select the resources section and do "Insert section before..." to add another code section before it. If there isn't room for another section entry I usually look for two adjacent sections that I can safely combine. For instance, if the code and read-only data sections are next to each other then I combine them to free up a section entry, then I add a code section (usually inserting it before the resources section).

I just posted version 0.0.4 which should fix some bugs and adds one extra feature. It also has some more .map files from the patches I've added.

This post has been edited by WildBill: 03 February 2011 - 10:20 PM