[Tihiy]

Yes... That stupid bug that wasn't actually critical for 9x/ME is closed now. By me. Without lockups or something like.

It was already fixed in 98 Revolutions Pack, but i've separated fix from it and proud to release it here. Spread it worldwide.

Download
(do not link directly please!!!)

Gape: notice that it's 98 user32.dll 4.10.0.2231 version hacked; it's version changed to 4.10.0.2232 to supress errors after installation.
USER.EXE remains unchanged; it's included only for user32.dll compatibility.

If you will include it to Service Pack (hope so), note that Windows won't work propertly without Ti891711.DLL.

Revolutions Pack users: you don't need that update.

[Acheron]

Nice one. Gonna test it for use with Dutch SP

[Tihiy]

Silently updated it to add qfecheck entries for compatibility with original hotfix.

[erpdude8]

Tihiy, on Apr 11 2005, 04:03 AM, said:

Silently updated it to add qfecheck entries for compatibility with original hotfix.
<{POST_SNAPBACK}>

Too bad it's for W98SE only since you modified the user32.dll file to v4.10.2232.
I will use this ONLY under a Win98se system.

As for the W98fe and WME machines that I have, I'll just wait for revised KB891711 patches to be posted by Microsoft. The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows.

[Tihiy]

Quote

The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows.

Have you tested?

[jasinwa]

erpdude8, on Apr 11 2005, 12:47 PM, said:

As for the W98fe and ...

without risking sounding too dumb... what is 98fe (hay, gotta learn somewhere)?

[Sonict]

FE : First Edition

[Gape]

Good job, Tihiy.

But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK?

[Tihiy]

Gape, on Apr 12 2005, 04:12 AM, said:

Good job, Tihiy.

But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK?
<{POST_SNAPBACK}>

Of course. How can I do not care about RP users?!
That version will simply have no effect if installed on Revolutions Pack.

[Gape]

Tihiy, on Apr 12 2005, 12:26 PM, said:

Of course. How can I do not care about RP users?!
That version will simply have no effect if installed on Revolutions Pack.
<{POST_SNAPBACK}>

You're right.

[mr_bumbles]

Hi Tihiy,
It looks like there is a fix from Windows Update for this. It came out today. I downloaded it a few minutes ago and rebooted. It looks like it is no longer running as a service. It still shows up in Add/Remove Programs, but not in the Task Manager as it did before.

bUMBLES

[Tihiy]

Yeah, looks like they released new version.
But seems it still present as [hidden] task! (Maybe check msconfig?)

Somebody tested? [i'm still thinking my version is better]

[Acheron]

Tihiy. How do you know your patch is working? Simply copy-past hexcode will not do the trick I guess

Did you test it?

BTW, if Microsoft's new patch solves the issue I'll stick with that one for Dutch SP.

[Tihiy]

Simple. I've just read technical CAN buletin mentioned in article.

It says integer overflow occurs in LoadImage() function when dwResSize value (4-bit) exceeds maximal word (2-bit) value. If dwResSize will be ~FFFFFFFF (-1) then malicious code can be executed.

So, hacked version of user32.dll has patched import table which LoadImage() points to loader written in "unused" space. It loads Ti......DLL and gives it control.

Check function in Ti......DLL opens icon file and checks if dwResSize>maximal word value. If it is, function fails (so virus won't be executed). If it does not, it transfers control to User32.dll original LoadImage() pointer hardcoded.

[If i had Windows sources i believe it's just 1 line of code to add
But, because Win9x developer team is killed, ( ) stupid NT developers trying to write a 16-bit memory hook which do the same, but:
- It will consume 16-bit handles, bad
- It won't protect machine until loaded
- When unloaded, will crush everything]

So... if ^^ that was you wanted ? As I as said before, this update isn't critical.
AND MY UPDATE SHOULD BE TESTED WELL IF WILL BE INCLUDED SOMEWHERE.

[mr_bumbles]

Quote

Yeah, looks like they released new version.
But seems it still present as [hidden]task! (Maybe check msconfig?)

Somebody tested? [i'm still thinking my version is better]

It does show up in MSConfig as KB891711 in C:\windows\system\KB891711\KB891711.exe

It seems to be running fine on the 3 machines here at work that I updated a couple of hours ago. Although to be honest, we never really had problems with the original update.

Tihy,
When I get home for work, I will post about my experience with your update.

BumBlEs

[erpdude8]

I NOW recommend AGAINST using any unofficial patch like Tihiy's as MDGx recently gave me the links to download the newly revised KB891711 updates from Microsoft.

Link to get Windows 98 KB891711 Update V2:
http://download.windowsupdate.com/msdownlo...443b0208e0e.EXE

Link to get Windows ME KB891711 Update V2:
http://download.windowsupdate.com/msdownlo...9a9d05d2eed.EXE

Use these updates instead as the kb891711.exe and q891711.dll files are now version 4.10.2223 instead of 4.10.2222.

[Acheron]

erpdude8, don't p*** of Tihiy. Let's see what his patch does, see what Microsoft patch does and I will choose for one or other.
However Windows 98 isn't my daily base system so I'll have to test it yet.

[erpdude8]

The only problem I have with Tihiy's UNofficial 891711 patch is that it has user32.dll file version 4.10.2232. This is for Win98 SE ONLY. darn it! Using
this one on Win98 FE is a BIG MISTAKE and can corrupt Win98 FE systems. Tihiy's patch should have TWO versions of user32.dll files. One specifically for Win98 FE [Gold] and one for Win98 SE. back to the drawing board!

HEY! The Q291362 patch for Win98 has TWO versions of user.exe & user32.dll files. Read MS support article 291362:
http://support.microsoft.com/kb/291362

Q291362 has v4.10.2001 of user.exe & user32.dll files for Win98 FE Gold and v4.10.2231 of user.exe & user32.dll files for Win98 SE. Tihiy should modify the Win98 FE version of user32.dll from Q291362 so that it'll be v4.10.2002 when implementing KB891711.

AVOID Tihiy's patch if using WinME [unless he can make a specific ME version]. The user.exe/user32.dll files in WinME are 4.90.300x.

[erpdude8]

hp38guser, on Apr 13 2005, 12:00 PM, said:

erpdude8, don't p*** of Tihiy. Let's see what his patch does, see what Microsoft patch does and I will choose for one or other.
However Windows 98 isn't my daily base system so I'll have to test it yet.
<{POST_SNAPBACK}>

UH, what was it you're trying to say to me??? you're pathetic, hp38guser!

...and Tihiy's 891711 patch is missing an uninstall feature while Microsoft has the uninstall feature of their KB891711 patches for W98/WME & they DO show up in the Add/Remove programs control panel app.

dont give up Tihiy! your 891711 patch needs improvement. it took Microsoft to get things right the second time around with KB891711 for W98/WME.

[cybpsych]

erpdude8, on Apr 13 2005, 11:14 PM, said:

I NOW recommend AGAINST using any unofficial patch like Tihiy's as MDGx recently gave me the links to download the newly revised KB891711 updates from Microsoft.

Link to get Windows 98 KB891711 Update V2:
http://download.windowsupdate.com/msdownlo...443b0208e0e.EXE

Link to get Windows ME KB891711 Update V2:
http://download.windowsupdate.com/msdownlo...9a9d05d2eed.EXE

Use these updates instead as the kb891711.exe and q891711.dll files are now version 4.10.2223 instead of 4.10.2222.
<{POST_SNAPBACK}>

*EDITED* ok, found out the differences in version:

Old, V1 Update:

Quote

kb891711.exe - v4.10.2222
q891711.dll - v4.10.2222

New, V2 Update:

Quote

kb891711.exe - v4.10.2223
q891711.dll - v4.10.2222