Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

POSReady 2009 updates ported to Windows XP SP3 ENU

- - - - -

  • Please log in to reply
345 replies to this topic

#326
roytam1

roytam1

    Newbie

  • Member
  • 35 posts
  • Joined 16-April 07

 

 

If I got it right, I could also directly patch my german win32k.sys v 5.1.2600.6712 (which I got after installing KB3013455) by the following steps:



Adjust PE checksum
http://www.coderforl...ies/#PEChecksum

A XP at a virtual machine does boot still.


Edited: Ignore this.


Try you patch. A different approach, the same patch:

search for 8b cb 8b d7 e8 expect address about 55D1F
find e.g. E8 22 7E FF FF at 55D1F

search for 8b d7 8b cb e8 expect address about 55D2A
find e.g. E8 EC 04 00 00 at 55D2A

Patch 55D1F : E8 EC 04 00 00
Patch 55D2A : E8 22 7E FF FF

 

Yeah, that was exactly the result I got by doing it my way, but I didn't adjust PE checksum - after using the tool you suggested, I didn't get a BSOD anymore when booting, but the font corruption wasn't cured. So, as Dave-H said that he had to re-do the ClearType tuning, I tried this, too, by installing Microsofts Cleartype Tuner Powertoy. But then I got BSOD after BSOD, so in the end, I had to recover my imaged file :-(

 

Has anyone an idea what did go wrong?

 

not only copying bytes but also need offset value adjustment as http://www.msfn.org/...13#entry1095037posted.




How to remove advertisement from MSFN

#327
cdob

cdob

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,020 posts
  • Joined 29-September 05

2. Go to Offset 55D1F and note its and the following 4 bytes values.
3. Go to Offset 55D2A and note its and the following 4 bytes values.
4. Replace the values at Offset 55D1F with the ones I noted under step 3.
5. Replace the values at Offset 55D2A with the ones I noted under step 2.

It's the same offset at all languages.


A batch
dd.exe if=win32k.sys of=55D1F.bin skip=351519 bs=1 count=5
dd.exe if=win32k.sys of=55D2A.bin skip=351530 bs=1 count=5

dd.exe if=55D1F.bin of=win32k.sys seek=351530 bs=1 count=5
dd.exe if=55D2A.bin of=win32k.sys seek=351519 bs=1 count=5

PEChecksum.exe win32k.sys
http://www.chrysocome.net/dd
http://www.coderforl...ies/#PEChecksum

#328
Atari800XL

Atari800XL

    Member

  • Member
  • PipPip
  • 235 posts
  • Joined 10-March 12
  • OS:none specified
  • Country: Country Flag

Thanks cdob!! A very nice and clean script, dd might come in handy for other tasks as well, nice new addition to my toolkit.

 

So do you think I could use WinNTSetup to replace win32k.sys after "apply" of the XP files to HD, just prior to start of XP setup? I'm not an expert in other setup (inf) files, so I don't know if there are other checkums to edit?

 

Thanks again!



#329
heinoganda

heinoganda
  • Member
  • 7 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

@ cdob

I have tested your batch on virt. Machine, very good Idea, but with the patched win32k.sys all my fonts brocken!

 

your code: brocken all fonts

 

Patch 55D1F : E8 EC 04 00 00

Patch 55D2A : E8 22 7E FF FF

 

harkaz code: all fonts ok

 

Patch 55D1F : E8 F7 04 00 00

Patch 55D2A : E8 17 7E FF FF

 

:(


Edited by heinoganda, 25 February 2015 - 03:04 PM.

  • Mister Floppy likes this

#330
cdob

cdob

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,020 posts
  • Joined 29-September 05

I have tested your batch on virt. Machine, very good Idea, but with the patched win32k.sys all my fonts brocken!

Thanks for report. Did I misunderstood the instruction?

Patch harkaz code as fixed code for all languages?
Patch 55D1F : E8 F7 04 00 00
Patch 55D2A : E8 17 7E FF FF

#331
roytam1

roytam1

    Newbie

  • Member
  • 35 posts
  • Joined 16-April 07

 

I have tested your batch on virt. Machine, very good Idea, but with the patched win32k.sys all my fonts brocken!

Thanks for report. Did I misunderstood the instruction?

Patch harkaz code as fixed code for all languages?
Patch 55D1F : E8 F7 04 00 00
Patch 55D2A : E8 17 7E FF FF

 

seems so.


  • heinoganda likes this

#332
heinoganda

heinoganda
  • Member
  • 7 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

cdob

 

Yes, the harkaz code is the correctly code to fix all languages!

 
Have yourself first your code tries on the German version of win32k.sys, where in all the font smoothing have been disabled. With harkaz code has then for font smoothing is working again! In harkaz patched win32k.sys, I looked at myself in the HEX editor and compared with the original Microsoft my enlightenment came the 2 codes (F7 and 17) there is a difference.
 
You can see http://www.msfn.org/...-enu/?p=1095037 the Code on my Post.
 
Sorry for my bad english.  :)

Edited by heinoganda, 25 February 2015 - 05:05 PM.

  • Mister Floppy likes this

#333
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,180 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag
@cdob
@all
Once there will be agreement on the patch, maybe better suited than dd would be hexalter:
kuwanger.net/misc/hexalter.shtml
possibly even using an ips file.

jaclaz

#334
heinoganda

heinoganda
  • Member
  • 7 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

@ jaclaz

 

Here a batch for hexalter and PEChecksum:

hexalter.exe win32k.sys 0x55D20=0xF7 0x55D21=0x04 0x55D22=0x00 0x55D23=0x00 0x55D2B=0x17 0x55D2C=0x7E 0x55D2D=0xFF 0x55D2E=0xFF

PEChecksum.exe win32k.sys

  • Mister Floppy likes this

#335
eGo®Z

eGo®Z

    Junior

  • Member
  • Pip
  • 73 posts
  • Joined 26-October 04

jaclaz, heinoganda, cdob, roytam1

don't forget - a file version number patching is also required for the better result



#336
heinoganda

heinoganda
  • Member
  • 7 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

eGo®Z

 

Microsoft wants Subsequent addition of March patch day a new update for KB3013455 and KB3037639, for operating systems have had problems with the font smoothing. I had heard so on a Microsoft blog, where many angry users writing down their frustrations. Whether then a new version number is relevant? See this only as a last resort.


  • Mister Floppy likes this

#337
cdob

cdob

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,020 posts
  • Joined 29-September 05

March patch day a new update for KB3013455 and KB3037639
Whether then a new version number is relevant?

No, not relevant until then.
Contrary nice, helps to avoid confusion in the meantime.

There is a unicode string ".6712"
gsar -b "-s:x2E:x00:x36:x00:x37:x00:x31:x00:x32:x00"
String at different offset per language, gsar can change this string too. Report later.

#338
eGo®Z

eGo®Z

    Junior

  • Member
  • Pip
  • 73 posts
  • Joined 26-October 04

Microsoft wants Subsequent addition of March patch day a new update for KB3013455 and KB3037639, for operating systems have had problems with the font smoothing. I had heard so on a Microsoft blog, where many angry users writing down their frustrations. Whether then a new version number is relevant? See this only as a last resort.

Changing version number with the highest one will protect you from an occasional reinstalling of the original KB3013455 in a future. So if Microsoft will release in march a new KB with the same file version number, you will need just uninstall your patched KB.

 

By the way about last digital group in update.ver file. On the ryanvm.net forum i've found the message from harkaz where he wrout that it is CRC-32 hash sum. But how it can be caculated? Anyways it is not CRC-32 (ISO) or CRC-32B with Normal hash sum generator type - that's for sure.



#339
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,180 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

 

@ jaclaz

 

Here a batch for hexalter and PEChecksum: 

 

Yep. :)

 

JFYI, this would do as well:

hexalter.exe win32k.sys 0x55D20=0xF7,0x04,0x00,0x00 0x55D2B=0x17,0x7E,0xFF,0xFF

 

(everything should be as simple as possible, but not simpler ;))

 

jaclaz



#340
cdob

cdob

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,020 posts
  • Joined 29-September 05
To patch KB3013455 win32k.sys, set version string .6713 and adjust PE checksum.
hexalter.exe win32k.sys 0x55D20=0xF7,0x04,0x00,0x00 0x55D2B=0x17,0x7E,0xFF,0xFF

gsar.exe -o -s":x2E:x00:x36:x00:x37:x00:x31:x00:x32:x00" -r":x2E:x00:x36:x00:x37:x00:x31:x00:x33:x00" win32k.sys
gsar.exe -o -s":x01:x00:x05:x00:x38:x1A:x28:x0A" -r":x01:x00:x05:x00:x39:x1A:x28:x0A" win32k.sys

PEChecksum.exe win32k.sys


#341
heinoganda

heinoganda
  • Member
  • 7 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

cdob

 

Have your batch tested and works perfectly! What a birth!

 

:thumbup



#342
redwolfe_98

redwolfe_98
  • Member
  • 9 posts
  • Joined 24-November 14
  • OS:XP Home
  • Country: Country Flag

UPDATE [22/5/2014]: Sebijk reported that a simple registry tweak is enough for WU to show the latest POSReady updates on Windows XP. This method has been tested and works on any XP build.

 

Add the following registry keys (INF Format):

 

HKLM,"System\CurrentControlSet\Control\WindowsEmbedded\ProductVersion","FeaturePackVersion",0x00000000,"SP3"

HKLM,"SYSTEM\WPA\WEPOS","Installed",0x10001,0

HKLM,"SYSTEM\WPA\WES","Installed",0x10001,0

HKLM,"SYSTEM\WPA\POSReady","Installed",0x10001,1

 

and restart the computer. Then run WU to get the latest updates.

 

here is another way of doing it.. create a reg-file with the data, below, and "merge" it into your registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001


reference:

 

http://news.softpedi...rt-443631.shtml

 

using the reg-file, as described above, has worked for me..

 

p.s. when creating a reg-file, i always leave a blank line at the end of the code.. when using "regedit" to export a regkey, it always leaves a blank line at the end of the code, so that is the way that i do it too..


Edited by redwolfe_98, Yesterday, 04:02 AM.

win xpsp3, "windows firewall", avira 14, SSM, RegDefend


#343
redwolfe_98

redwolfe_98
  • Member
  • 9 posts
  • Joined 24-November 14
  • OS:XP Home
  • Country: Country Flag

I think I have found a difference:

 

The order of command execution is reversed.

 

2uig1ol.jpg

harkaz, i appreciate the work that you have done.. i installed your "FIX" for the MS15-010/3013455 update, which, incidentally, took a leap of faith, since it is a modified "windows" file and it also requires installing a "certificate" for it..

 

with all of the talk about komodia's installing certificates etc, and with "privdog", and everything else associated with that, when you talk about installing a certificate (not to mention installing a modified windows file), it is concerning:

 

http://arstechnica.c...ps-connections/

 

http://www.pcworld.c...s-security.html

 

i would like to know how to remove your certificate that i installed, in case i ever want to.. does it have a name? to remove the certificate, would you simply delete the "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\F2C90A445A5E0F0F79AEDEB694D50B9656B24A71" regkey, or would deleting that regkey cause problems with other certificates?

 

i just wanted to mention something.. looking at the screenshot that you posted, you say that "the order of command execution is reversed", but there seems to be more to it..

 

in your screenshot, in the code in the window on the left, it has a "@sc1_InitializeTwilightcontours@12" while the code in the window on the right doesn't, at least that is the way that it looks to me.. maybe you already noticed that, or maybe i am confused and that actually was the point that you were making.. :)

 

regarding the MS15-010/3013455 update, from what you have posted, it seems that the "win32k.sys" file that was installed by the 3013455 update was flawed, and that the 3037639 update, which was meant to fix the font problem, simply tweaks windows in order to allow it to use the flawed win32k.sys file, but without the font-problems.. tweaking windows to where it can use a flawed win32k.sys file (but without the font problems) doesn't sound good to me..

 

from reading some of the other posts here, it seems that some people opted to tweak the win32k.sys file themselves.. i suppose that they also had to use their own certificates in order for windows to allow the modified win32k.sys file to be installed and to run..

 

for the record, i don't know anything about "coding" software.. i am not an "expert".. i am just a regular home-computer-user..


Edited by redwolfe_98, Yesterday, 06:03 AM.

win xpsp3, "windows firewall", avira 14, SSM, RegDefend


#344
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,180 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

 

here is another way of doing it.. create a reg-file with the data, below, and "merge" it into your registry:

 

Sure :), that is actually the "original" way, exactly as posted by Sebijk

https://www.sebijk.c...weiterbeziehen/

In the very early days of this thing, the entries for all the four "still supported products" were added, while soon after it was found out how only the PosReady was needed and enough.

See also:

http://www.msfn.org/...-3#entry1078506

 

jaclaz



#345
roytam1

roytam1

    Newbie

  • Member
  • 35 posts
  • Joined 16-April 07

 

I think I have found a difference:

 

The order of command execution is reversed.

 

2uig1ol.jpg

harkaz, i appreciate the work that you have done.. i installed your "FIX" for the MS15-010/3013455 update, which, incidentally, took a leap of faith, since it is a modified "windows" file and it also requires installing a "certificate" for it..

 

with all of the talk about komodia's installing certificates etc, and with "privdog", and everything else associated with that, when you talk about installing a certificate (not to mention installing a modified windows file), it is concerning:

 

http://arstechnica.c...ps-connections/

 

http://www.pcworld.c...s-security.html

 

i would like to know how to remove your certificate that i installed, in case i ever want to.. does it have a name? to remove the certificate, would you simply delete the "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\F2C90A445A5E0F0F79AEDEB694D50B9656B24A71" regkey, or would deleting that regkey cause problems with other certificates?

 

i just wanted to mention something.. looking at the screenshot that you posted, you say that "the order of command execution is reversed", but there seems to be more to it..

 

in your screenshot, in the code in the window on the left, it has a "@sc1_InitializeTwilightcontours@12" while the code in the window on the right doesn't, at least that is the way that it looks to me.. maybe you already noticed that, or maybe i am confused and that actually was the point that you were making.. :)

 

regarding the MS15-010/3013455 update, from what you have posted, it seems that the "win32k.sys" file that was installed by the 3013455 update was flawed, and that the 3037639 update, which was meant to fix the font problem, simply tweaks windows in order to allow it to use the flawed win32k.sys file, but without the font-problems.. tweaking windows to where it can use a flawed win32k.sys file (but without the font problems) doesn't sound good to me..

 

from reading some of the other posts here, it seems that some people opted to tweak the win32k.sys file themselves.. i suppose that they also had to use their own certificates in order for windows to allow the modified win32k.sys file to be installed and to run..

 

for the record, i don't know anything about "coding" software.. i am not an "expert".. i am just a regular home-computer-user..

 

nope, I just modified win32.sys and replace them(in both dllcache and system32) on-the-fly right after installing original KB3013455 patch.

So no cert. are needed.



#346
heinoganda

heinoganda
  • Member
  • 7 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag
For the security of Windows XP after the last condition no official patches more for blocking div. Roots certificates and certificate update available.
Since you can help too! "rvkroots.exe" Microsoft download (http://www.microsoft...s.aspx?id=41542), unzip to a folder (eg with WinRAR), in "rvkroots.inf" entry in the string VERSION should "5,0,2195,0" loud and in VER "005". The next step is download the "http://www.download....allowedcert.sst" and paste the unzipped folder and replace older file. Then with e.g. (Create Self-Extracting Archive) WinRAR all files in the folder to an archive option SFX with the following comment:
TempMode
Silent=1
Overwrite=1
Setup=Rundll32.exe advpack.dll,LaunchINFSection rvkroots.inf,DefaultInstall

pack and you have a current update for blocking unsafe Certificates!

 
For Root Certificate Update "rootsupd.exe" Microsoft download (http://www.microsoft...s.aspx?id=41084), unzip to a folder (eg with WinRAR), in "rootsupd.inf" entry in the string VERSION should "40,0,2195,0" loud and in VER "040" , In the next step,
"http://www.download....en/updroots.sst" download and paste the unzipped folder and replace older files. Then with e.g. (Create Self-Extracting Archive) WinRAR all files in the folder to an archive option SFX with the following comment:
TempMode
Silent=1
Overwrite=1
Setup=Rundll32.exe advpack.dll,LaunchINFSection rootsupd.inf,DefaultInstall

pack and you have a current root certificate update!

 

For all languages!

 

:)


Edited by heinoganda, Today, 01:57 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users