[dencorso]

Sometimes communication does go awry no matter what we do, doesn't it?

That said, let me re-pose you two a question: the final Win Explorer for 98SE is v. 4.72.3612.1710... is that the one you're both using?
I do remember having seen optical drive phantoms but I never investigated it further, since I use optical media mainly for backups, so that I don't insert and remove CDs/DVDs much too often. But I think it was more common with previous versions of explorer than with the final one...

[LoneCrusader]

Prozactive, on 09 December 2011 - 11:07 AM, said:

I was hoping the updated IO.SYS would solve the annoying bug in Windows Explorer of having multiple entries for discs mounted in my CD/DVD drives but that's not the case, as those multiple entries still occur. And yes, the original Win98SE IO.SYS has a file size of 222,390 bytes while the updated IO.SYS installed by the 311561USA8.EXE update is 222,670 bytes.

Prozactive, on 15 December 2011 - 10:57 PM, said:

Thanks for the reply jds, but i guess I wasn't clear. I meant CD and DVD drives, not a combo drive. Any disc (CD or DVD) tends to show up twice in Windows Explorer for some reason.

I have seen this before. However, it is an intermittent problem that I cannot reproduce consistently.
It only happens when a CD/DVD is loaded, and sometimes ejecting a disc that's already loaded and reloading it will cause this to occur, sometimes not.

---------------------------------------------------------------------------------------------------------------------------------

dencorso, on 17 December 2011 - 11:00 PM, said:

Sometimes communication does go awry no matter what we do, doesn't it?

That said, let me re-pose you two a question: the final Win Explorer for 98SE is v. 4.72.3612.1710... is that the one you're both using?
I do remember having seen optical drive phantoms but I never investigated it further, since I use optical media mainly for backups, so that I don't insert and remove CDs/DVDs much too often. But I think it was more common with previous versions of explorer than with the final one...

Yes. That version gets installed by NUSB, which has become "standard equipment" for all of my machines.

Actually I think the last "official" version was 4.72.3612.1700 but the 1710 version includes the 256 Color Tray Icons fix...
I think there was some discussion of this elsewhere...



EDITED 12-22-11 - Reason For Edit:
Attempt to correct continuity of split threads.

This post has been edited by LoneCrusader: 22 December 2011 - 02:17 AM

[dencorso]

Well, 1710 is a later build of 1700. They differ in the PE Timestamp, among other things. And erpdude8, who first found it, also added the 256 colors Tray Icons fix to it.
OK, so you have it, and have NUSB installed. Do you also have this update installed? It's the only one I think might make a difference.

[bristols]

dencorso, on 18 December 2011 - 05:40 PM, said:

Well, 1710 is a later build of 1700. They differ in the PE Timestamp, among other things. And erpdude8, who first found it, also added the 256 colors Tray Icons fix to it.

Apologies for going off topic a bit, but I remember that at the time, erpdude8 mentioned that he'd modified that build of explorer.exe in other ways, which he refused to disclose. I also remember that one or two members voiced their displeasure at that - perhaps even Gape, when he released one of the betas for version 3 of his Service Pack without erpdude8's explorer (if I remember rightly - please correct me if you remember better). Did anyone ever find out what those additional modifications were?

[dencorso]

dencorso, on 21 December 2007 - 11:53 PM, said:

Arminius, on Dec 20 2007, 09:42 PM, said:

Thanks for the thoughtful feedback. Tried out MiTeK EXE Explorer to see if I could reveal the PE timestamps but got Kernel32 page fault errors when I tried to start the program.

That's a pity. Never had any problem with it. Then your only easy option is to get Matt Pietrek's PEDUMP.EXE
I explained where to get the latest version here. You'll download PE.EXE, and this is a SFX installer, so you can simply open it with WinRAR, 7-zip or your favorite extractor program and get PEDUMP.EXE from inside it whithou any need to run the installer. After you get it try runing, from a DOS box <pedump <path/nameoffile.ext> | find /i "TimeDateStamp" | find /v "00000000">, where <nameoffile.ext> is the name of the PE executable which date you are interested in, and .ext can be .exe, .dll, .ils, .sys, .mpd or a lot of other file extensions. It only works on PE executables, but if you provide it with a file which isn't a PE executable it'll duly complain and exit.

Arminius, on Dec 20 2007, 09:42 PM, said:

On another subject:

I was trying to find an unmodded copy of EXPLORER.EXE 4.72.3612.1710 which is said to have come from the IE4SHL95.CAB that shipped with IE4.01 SP2. I have two copies of the official Win 98 SP1 on different magazine discs and and the IE4SHL95.CAB with that release of IE4.01 SP2 contains EXPLORER.EXE 4.72.3612.1700. I have also found IE4.01 SP2 on a few servers on the net and their IE4SHL95 cabs also contain 4.72.3612.1700. If anyone knows where I can find the intact IE4SHL95.CAB file with 4.72.3612.1710 please point me to it.

I have myself puzzled over this question for a long time too, and here I give you the result of my musings.

If you go to MDGx site, the last two lines of this page state the following:

Quote

Original (BUGgy) EXPLORER.EXE 4.72.3612.1710 installs as part of older MS
Internet Explorer 4.01 SP2 = inside IE4SHL95.CAB .

Then, by using PEDUMP as described above, getver and dir I compiled this table for the patched versions 1700 and 1710:

explorer.exe v. 4.72.3612.1710 size 171.280 PE Timestamp Mon Feb 08 1999 21:04:25
explorer.exe v. 4.72.3612.1700 size 171.280 PE Timestamp Sat Jan 30 1999 00:00:13

Now, you can get IE4SHL95.CAB from three different sources, AFAIK: IE55SP2, IE55SP1 and IE401SP2.
From each you can extract a version of explorer.exe, but you'll find that those from IE55SP2 and IE55SP1 are identical, according to fc /b. So this leaves us with just two different versions, which analysis is the following:

explorer.exe v. 4.72.3612.1700 size 171.280 PE Timestamp Mon Feb 08 1999 21:04:25 from IE401SP2
explorer.exe v. 4.72.3612.1700 size 171.280 PE Timestamp Sat Jan 30 1999 00:00:13 from IE55SP1/2

So far, these are the hard facts. Below is the explanation I concocted that, IMHO, satisfies all known facts.

I believe that explorer.exe from IE401SP2, originally versioned as 4.72.3612.1700 *IS* the unmodded original from which modded explorer.exe v. 4.72.3612.1710 was created, by adding the 256 colors patch and updating some of the icons. Its version was changed to reflect the fact that its compilation date is *newer* than that of the explorer.exe found in IE55SP1/2. A quick and dirty comparison of the relevant files using first eXeScope and then WinHex seems to support my conclusions.

So, AFAIK, you already have the file you are looking for. But this is just my opinion...

My forensics, at the time, were more thorough than what I implied in the above quote. By now I'm positive the above is the right interpretation of the facts. v 1710 and v. 1700 from IE401SP2 differ in 39% of their bytes, which is consistent with a file patched and resource edited. Visual inspection with Beyond Compare shows all diferences are in the resource section, but for the 256 color patch.

[LoneCrusader]

dencorso, on 18 December 2011 - 05:40 PM, said:

Well, 1710 is a later build of 1700. They differ in the PE Timestamp, among other things. And erpdude8, who first found it, also added the 256 colors Tray Icons fix to it.
OK, so you have it, and have NUSB installed. Do you also have this update installed? It's the only one I think might make a difference.

No. I don't have that one installed on any of my machines. I've considered adding some of those files to my slipstream, but haven't had time to make any progress on that for a while now.

bristols, on 18 December 2011 - 05:54 PM, said:

Apologies for going off topic a bit, but I remember that at the time, erpdude8 mentioned that he'd modified that build of explorer.exe in other ways, which he refused to disclose. I also remember that one or two members voiced their displeasure at that - perhaps even Gape, when he released one of the betas for version 3 of his Service Pack without erpdude8's explorer (if I remember rightly - please correct me if you remember better). Did anyone ever find out what those additional modifications were?

Yes, I remember reading that. And I also would like to know what was changed, because I wouldn't use it unless I knew.
And I, for one, do not want my Icons updated.

dencorso, on 18 December 2011 - 06:18 PM, said:

dencorso, on 21 December 2007 - 11:53 PM, said:

I have myself puzzled over this question for a long time too, and here I give you the result of my musings.

If you go to MDGx site, the last two lines of this page state the following:

Quote

Original (BUGgy) EXPLORER.EXE 4.72.3612.1710 installs as part of older MS
Internet Explorer 4.01 SP2 = inside IE4SHL95.CAB .

Then, by using PEDUMP as described above, getver and dir I compiled this table for the patched versions 1700 and 1710:

explorer.exe v. 4.72.3612.1710 size 171.280 PE Timestamp Mon Feb 08 1999 21:04:25
explorer.exe v. 4.72.3612.1700 size 171.280 PE Timestamp Sat Jan 30 1999 00:00:13

Now, you can get IE4SHL95.CAB from three different sources, AFAIK: IE55SP2, IE55SP1 and IE401SP2.
From each you can extract a version of explorer.exe, but you'll find that those from IE55SP2 and IE55SP1 are identical, according to fc /b. So this leaves us with just two different versions, which analysis is the following:

explorer.exe v. 4.72.3612.1700 size 171.280 PE Timestamp Mon Feb 08 1999 21:04:25 from IE401SP2
explorer.exe v. 4.72.3612.1700 size 171.280 PE Timestamp Sat Jan 30 1999 00:00:13 from IE55SP1/2

So far, these are the hard facts. Below is the explanation I concocted that, IMHO, satisfies all known facts.

I believe that explorer.exe from IE401SP2, originally versioned as 4.72.3612.1700 *IS* the unmodded original from which modded explorer.exe v. 4.72.3612.1710 was created, by adding the 256 colors patch and updating some of the icons. Its version was changed to reflect the fact that its compilation date is *newer* than that of the explorer.exe found in IE55SP1/2. A quick and dirty comparison of the relevant files using first eXeScope and then WinHex seems to support my conclusions.

So, AFAIK, you already have the file you are looking for. But this is just my opinion...

My forensics, at the time, were more thorough than what I implied in the above quote. By now I'm positive the above is the right interpretation of the facts.

While this is getting off-topic, I'm glad this came up. A few months ago when I was working on my slipstreaming projects I did some digging around for information on this. My reason was that I had discovered the later-timestamped EXPLORER.EXE inside IE4SHL95.CAB from IE 4.01 SP2. I remember doing an FC ... /B comparison of it versus the earlier-timestamped version. There were many, many differences.

I believe MOST of the unofficial updates running around, including NUSB, are still using the earlier-timestamped version. I'll have to do some checking over my notes and see what I found then.

[Prozactive]

Sorry I've been extremely busy and sidetracked by lots of other issues. Thanks for all of the replies and info. Yes, I have Windows Explorer 4.72.3612.1710 with 256 colors system tray icons that was installed by MDGx's Explor98.exe. It replaced Windows Explorer 4.72.3612.1700 that was installed by NUSB33, which in turn replaced the original Windows 98 SE Windows Explorer 4.72.3110.1. And yes, I've also installed MDGx's Iosys98.exe update.

[dencorso]

@Prozactive: Well, then you have all the relevant updates present and the bug remains. Please try to document in details how to reproduce it, so that we may attempt to swat it.

@LoneCrusader: Please find below the required patch pattern. I know you know how to use it, but for the benefit of those who don't, here's how:
In order to use the enclosed patch pattern you need to grab the original EXPLORER.EXE v. 4.72.3612.1700 from IE401SP2, size 171.280 bytes, PE Timestamp Mon Feb 08 1999 21:04:25, MD5=2E52FD906097ACB2ADAE3E7E9380F921 CRC32=69912E1E, from inside Ie4shl95.cab, and rename it, say, EXPLORER.IE4. Then download the freeware command-line utils.zip, from KanastaCorp, grab inside it just PATCH.EXE and drop it into the %windir%\command\ folder. Then download the attached file containing explorer401sp2.pat. Now create a temporary folder, say, C:\TEMP\PATCH and put EXPLORER.IE4 and explorer401sp2.pat in it. Then open a DOS box, go to C:\TEMP\PATCH and, from there run the following command:

PATCH -p EXPLORER.IE4 explorer401sp2.pat EXPLORER.EXE

A new EXPLORER.EXE will be created, and it will be v. 4.72.3612.1705. This file is the EXPLORER.EXE from IE401SP2 patched for the 256 colors icons in system tray. You may use Dr. Hoiby's test to check whether it operates correctly.
No icon or bitmap has been modified in this patched version, as per your requirement.

Attached File(s)

•  explorer401sp2.7z (191bytes)
  Number of downloads: 19

[LoneCrusader]

LoneCrusader, on 18 December 2011 - 06:43 PM, said:

I believe MOST of the unofficial updates running around, including NUSB, are still using the earlier-timestamped version. I'll have to do some checking over my notes and see what I found then.

Checked back, and:

Prozactive, on 19 December 2011 - 04:05 PM, said:

...Windows Explorer 4.72.3612.1700 that was installed by NUSB33...

The version of EXPLORER.EXE that is installed by NUSB is the EARLIER (January) timestamped 4.72.3612.1700 with ONE BYTE changed for the 256 Color Tray patch. The version number is not updated.

dencorso, on 19 December 2011 - 06:04 PM, said:

@LoneCrusader: Please find below the required patch pattern....
A new EXPLORER.EXE will be created, and it will be v. 4.72.3612.1705. This file is the EXPLORER.EXE from IE401SP2 patched for the 256 colors icons in system tray. You may use Dr. Hoiby's test to check whether it operates correctly.
No icon or bitmap has been modified in this patched version, as per your requirement.

Thanks
But I thought only one byte needed to be changed for the 256 Color Patch? I had previously experimented some with this when I was digging into the NUSB business, but I didn't attempt to patch the later EXPLORER version at that time.

[dencorso]

Yes. Dr. Hoiby's patch is 0x01 --> 0x11 at offset 0x38DD. But the header checksum must be corrected, and that adds 3 more changed bytes. This would be the minimum required for a clean patch.
Now, since I've changed the version number, there are some more bytes changed: 0 --> 5 in hexa, 0 --> 5 in ASCII, NT --> 9x in ASCII (yes, I hadn't mentioned this one...) makes four, the VS_VERSION_INFO and StringFileInfo checksums at the Version resource (both catered for by eXeScope, taking care to disallow filesize change) add two more bytes.
So this makes it a 10 bytes change, in total.
While the Version resource changes are not required, I think it nice to have an easy way to ascertain which file it is, just by looking at the Properties Tab.

[bristols]

dencorso, on 19 December 2011 - 06:04 PM, said:

@LoneCrusader: Please find below the required patch pattern.

(...)

A new EXPLORER.EXE will be created, and it will be v. 4.72.3612.1705.

Thanks, dencorso!

[PROBLEMCHYLD]

Now you guys can choose the modded version since NO ONE is using the original
Maybe someone can combine all the modded version to the original. This could be one reason many of us have problems with our system. Too many modded versions.
I'm positive we are all not using the same version.

==================================================
Filename          : EXPLORER.EXE Original
MD5               : 2e52fd906097acb2adae3e7e9380f921
SHA1              : 3100b44587982f15b4e0163748c1a301fbddf79b
CRC32             : 69912e1e
SHA-256           : cf26998a095e547052af5dd47858d312cb44e1e3dea92c859a4f7a485a1c87fd
SHA-512           : 53c6eac94a2dba5e6890e32c4b6823f37bbaf58dc1141ef4f50e54fea3b1bd77f7473e022ed92de4c7a14a2392759ac557961d4a9c18769e011eb152ed2b89d7
Full Path         : C:\TEMP\EXPLORER.EXE 
Modified Time     : 3/16/1999 11:43:06 AM
Created Time      : 12/20/2011 7:30:39 PM
File Size         : 171,280
File Version      : 4.72.3612.1700
Product Version   : 4.72.3612.1700
Identical         : 
Extension         : exe
File Attributes   : A
==================================================

==================================================
Filename          : EXPLORER.EXE modded by dencorso
MD5               : 7592a203dbe52197be9731dd14ba19ce
SHA1              : ba7f975ef1d5d40792a92c965d166207104fcad5
CRC32             : f7197660
SHA-256           : 9bba0cc0aa6975821fbe249bedd41ea26645fea9e85f7fdc2927ed8b90632112
SHA-512           : 3d2814cac4948951ee89fd1ff12caba724ae5f7cd646b055bf1b70b9a5898aa5ded113f5bd1420d63bb43cb4dc035d116546760eda674b8ddf46048f86dfaa3e
Full Path         : C:\TEMP\EXPLORER.EXE
Modified Time     : 12/20/2011 7:29:56 PM
Created Time      : 12/20/2011 7:29:56 PM
File Size         : 171,280
File Version      : 4.72.3612.1705
Product Version   : 4.72.3612.1700
Identical         : 
Extension         : EXE
File Attributes   : A
==================================================

==================================================
Filename          : EXPLORER.EXE modded by erpdude8
MD5               : 6c7f9111965a6ccc06819248579c6702
SHA1              : a561b510cdf45abca34afc49a2047f1de8e0506e
CRC32             : 9501e425
SHA-256           : 2451ddd4b8d5a73149ec0591dc5f6b1a135f6487d65c925c3e03af007a8b1dfd
SHA-512           : 695617bf6e3c2f506ed06aa586e1bf63d344c4a3584ca174d0fd3935f7a435fe3d125b12150a7865e602bf18eea12d9ee9df5d37887614a72912d213c4f3dc58
Full Path         : C:\TEMP\EXPLORER.EXE
Modified Time     : 7/11/2007 6:25:00 AM
Created Time      : 12/20/2011 7:58:25 PM
File Size         : 171,280
File Version      : 4.72.3612.1710
Product Version   : 4.72.3612.1710
Identical         : 
Extension         : EXE
File Attributes   : A
==================================================

==================================================
Filename          : EXPLORER.EXE modded by Gape
MD5               : 9d8796311c1cabb9630e0b07b1996d0d
SHA1              : 5f83c9787eb8bd1a9d8c4f58f790578fdf22b1a4
CRC32             : de2c1837
SHA-256           : 3ef36354fd6a57c14a01798fd5ea455865e57bb4d16f95f152f05625c2e1097f
SHA-512           : 42199c5d1be7ca91298627eed7ff76082a669140e23b868a631c8c0bde8f83f62a473ad23205f2efa86533d158e85e5ee3e210be59cae87c9e76e6e953208df1
Full Path         : C:\TEMP\EXPLORER.EXE
Modified Time     : 7/11/2007 6:25:00 AM
Created Time      : 12/20/2011 8:17:23 PM
File Size         : 171,280
File Version      : 4.72.3612.1710
Product Version   : 4.72.3612.1710
Identical         : 
Extension         : exe
File Attributes   : A
==================================================

This post has been edited by PROBLEMCHYLD: 20 December 2011 - 08:33 PM

[LoneCrusader]

PROBLEMCHYLD, on 20 December 2011 - 08:10 PM, said:

I'm positive we are all not using the same version.

Yes and along with the ones listed I already had my own modded version as well.

If we're going to "standardize" this there should be two versions - one with "functionality" fixes only and one with "functionality + eye candy" for those who want it.

[Prozactive]

Wow. Has this thread ever gone WAYYY off-topic. Sorry for mentioning my problems with Windows Explorer, dencorso. Feel like doing some more thread surgery?

[dencorso]

@Prozactive and @submix8c:
Please do revise the newly split threads, taking care to check all links are working.
Comments and corrections are also quite welcome.
This post and the previous (if Prozactive is OK with it) one will be deleted as soon as we all agree the thread surgery has worked.

[LoneCrusader]

dencorso, on 21 December 2011 - 06:37 PM, said:

@Prozactive and @submix8c:
Please do revise the newly split threads, taking care to check all links are working.
Comments and corrections are also quite welcome.
This post and the previous (if Prozactive is OK with it) one will be deleted as soon as we all agree the thread surgery has worked.

@dencorso

I split my last post in the other thread and moved the content that was relevant to this thread to my first post here.

It has Prozactive's original related post quoted, but we don't have the original post.

This can be removed once everything is arranged.

This post has been edited by LoneCrusader: 22 December 2011 - 02:24 AM

[dencorso]

Thanks, LoneCrusader!
You gave a great solution to the problem, because that Prozactive post belongs to both threads, and in providing the quote you provided that missing part of context.
One thing I cannot do is to duplicate a post, which would be of great help for thread surgery. But you've just made me realize we can even add non pre-existing quotes for context, where warranted. I hadn't thought of that, but it may be handy in the future, although I do hope I'll not need to do so many major thread surgeries next year.

[Prozactive]

Thanks dencorso! Of course you can remove my previous post.. actually I was kinda kidding after your massive thread surgery on the new Opera/KernelEx thread.

And thanks as well, LoneCrusader. I think I understand what you said but I need to go back and reread the previous discussions in the IO.SYS thread as my first impression was that perhaps a few additional posts should be moved here. I think this new EXPLORER.EXE thread is great, as it consolidates a good detailed separate technical discussion of a new topic.

This post has been edited by Prozactive: 22 December 2011 - 10:05 AM

[Arminius]

The time stamp aside is there any evidence that the IE401SP2 version of EXPLORER.EXE v. 4.72.3612.1700 is better than the slightly older one that later shipped with IE55SP1/2 ?

The thing is I think EXPLORER.EXE that came with IE401SP2 and the copy of SHELL32.DLL that accompanied it were meant for use with Win95. I no longer remember whether EXPLORER.EXE got upgraded on Win98FE by SP1, and IE401SP2 wasn't meant for 98SE in any case.

It has to be said that EXPLORER.EXE and SHELL32.DLL for NT 4.0 in IE4SHLNT.CAB underwent a similar "downgrade" to an older January release in IE55SP1/2. It makes me wonder whether the inclusion of the older versions was an oversight or by design.

[dencorso]

Arminius, on 22 December 2011 - 10:28 AM, said:

The time stamp aside is there any evidence that the IE401SP2 version of EXPLORER.EXE v. 4.72.3612.1700 is better than the slightly older one that later shipped with IE55SP1/2 ?

No. Same version number means equivalent files, but small corrections to the source might not warrant a version change, so it may be better (or worse, or equivalent).

Arminius, on 22 December 2011 - 10:28 AM, said:

The thing is I think EXPLORER.EXE that came with IE401SP2 and the copy of SHELL32.DLL that accompanied it were meant for use with Win95. I no longer remember whether EXPLORER.EXE got upgraded on Win98FE by SP1, and IE401SP2 wasn't meant for 98SE in any case.

No. They're meant to all of 9x (not ME). And anyone that actually had installed the one from IE401SP2 wouldn't have it replaced latter when applying IE55SP1/2, because both versions are the same version and MS usually doesn't "update" files to same version ones, unless there is a reason for it.

Arminius, on 22 December 2011 - 10:28 AM, said:

It has to be said that EXPLORER.EXE and SHELL32.DLL for NT 4.0 in IE4SHLNT.CAB underwent a similar "downgrade" to an older January release in IE55SP1/2. It makes me wonder whether the inclusion of the older versions was an oversight or by design.

Probably just an oversight, IMO. But we'll probably never know for sure.