MDGx

Q891711 + U891711 = Unofficial MS07-017 + MS05-002 .ANI fix

129 posts in this topic

Can anyone tell if KB891711.exe shows up in the Task list after pressing CTRL-ALT-DEL, using this patch?

Nope, it doesn't show up in the Windows Task List window. :)

and it never does show up in the Close Program dialog box when pressing [Ctrl]+[Alt]+[Del].

you will need a utility like EndItAll (mentioned by the author of U891711) to safely shut down KB891711.exe (by selecting the Close option in EndItAll, not the Kill option)

using Coolkill, WinKill or Process Explorer to "kill" KB891711.exe will result in a BSOD.

0

Share this post


Link to post
Share on other sites

More details from the author of U891711:

I noticed the discussion on TI891711.EXE the other day. There are more issues with Tihiy's patch than the one I pointed out originally.

I examined TI891711.DLL and the hex-patched USER32.DLL very closely before I came to the conclusion that TI891711.EXE was neat piece of work, but most definitely not a solution. Modifying KB891711.EXE (and Q891711.DLL) was the only way forward.

(1) It is possible to add another code segment to USER.EXE and move essential code from KB891711.EXE to this segment to avoid the very small performance penalty from KB891711.EXE running all the time. However, it would have to be done indvidually for all versions (1998, 2000, 2001, 2222-2231, 3000, 3001 - did I miss one?) and also all languages. I certainly lack the time for that.

(2) Tihiy's hex-patched USER32.DLL is for Win98SE only and has at least two bugs. One of the bugs is very serious - the relocation table is faulty, for example, b/c of missing entries for

BFC04DF4: 68 AC D5 C0 BF push BFC0D5AC

and so forth.

(3) To determine whether a file is malformed or not, just integer values have to be checked. TI891711.DLL uses a large number of (much slower) floating-point instructions almost exclusively. I was unable to figure out why.

(4) No protection from TI891711.DLL for 16-bit applications.

(5) A 32-bit application could call 'LoadImage' in USER.EXE directly through a procedure called thunking and so bypass TI891711.DLL, but this is an extremely unlikely scenario.

(6) No protection from TI891711.DLL, for example, when a 32-bit program uses 'LoadCursorFromFileA' in USER32.DLL.

(7) Functionality has been removed from the patched USER32.DLL 4.10.2231. IMO, this should not be done w/o a README.TXT file that explains it.

0

Share this post


Link to post
Share on other sites
Edited by MDGx
0

Share this post


Link to post
Share on other sites
U891711 Patch updated 1-5-2006:
KB891711.EXE 4.10.2224 appeared to be causing some performance degradation on

an older PC using Windows 98 SE.

Therefore KB891711.EXE was updated to use fixed GlobalMemory instead of movable GlobalMemory. This appears to improve things.

Please see top of this topic to download and install updated patch:

http://www.msfn.org/board/?showtopic=58780

It is bad that there are two different KB891711.EXE 4.10.2224 files with the same size and date.

Petr

0

Share this post


Link to post
Share on other sites
U891711 Patch updated 1-5-2006:
KB891711.EXE 4.10.2224 appeared to be causing some performance degradation on

an older PC using Windows 98 SE.

Therefore KB891711.EXE was updated to use fixed GlobalMemory instead of movable GlobalMemory. This appears to improve things.

Please see top of this topic to download and install updated patch:

http://www.msfn.org/board/?showtopic=58780

It is bad that there are two different KB891711.EXE 4.10.2224 files with the same size and date.

Petr

I thought of that too, but I tested the updated patch with the newer file and installed it over the older one, and installed ok under Win98 SE + ME.

Hope this helps.

0

Share this post


Link to post
Share on other sites

I'll try out the newly released U891711 patch as soon as I can get it. I'll let you know how well it did on the computers that I've tested.

0

Share this post


Link to post
Share on other sites

U891711 Patch updated 2-14-2006:

When KB891711.EXE starts it registers itself as a Service Process and patches
USER.EXE. When a user logs off it stays on as a service process, but unpatches
USER.EXE and does not patch USER.EXE again when the same or another user logs
on. This means KB891711.EXE no longer provides protection.
Therefore KB891711.EXE was updated to build 4.10.2225 to fix this.
DrWatson can be used to reproduce this issue and verify that the fix works. It
lists USER.EXE as patched if there is protection from KB891711.EXE.

Please see top of this topic to download and install updated patch:

http://www.msfn.org/board/?showtopic=58780

Edited by MDGx
0

Share this post


Link to post
Share on other sites

new U891711 patch has KB891711.exe 4.10.2225 but dated 10/4/2005 with time 10:25pm

THAT AINT GOOD ENOUGH! Microsoft can do a much better job modding system files by

changing BOTH the date and time (and version number). At least MS want to make it

easier for Windows users to distinguish between older and newer system files by changing

the version number, the date and time. the anonymous author of U891711 should make attempts of doing what MS does with modding system files.

I've just submitted changes to the KB891711.exe file to MDGx; corrected date to 2/11/2006

but still with 10:25pm as the time.

See here (my post from an older topic about kb891711):

Microsoft kb891711 for Windows 98/ME [version 1] had

Kb891711.exe ver. 4.10.2222 dated 2/22/2005, 6:07pm

Q891711.dll ver. 4.10.2222 dated 2/18/2005, 9:53am

<this one was known to cause problems on some W98/ME machines>

Microsoft kb891711 for Windows 98/ME [version 2] had

Kb891711.exe ver. 4.10.2223 dated 3/23/2005, 2:54pm

Q891711.dll ver. 4.10.2222 dated 3/18/2005, 4:54pm

<this one resolved many of the problems caused by the previous release>

see how Microsoft dates the files. Many times MS does a brilliant job giving newer dates/times of

newer builds of system files.

Edited by erpdude8
0

Share this post


Link to post
Share on other sites

the author of U891711 needs to use more "common sense" when dating and versioning files.

when giving kb891711.exe 4.10.2224 a date of 10/4/2005, and you revise it as 4.10.2225

you absolutely do NOT date it 10/4/2005. that can cause major confusion to Windows users

because they can not tell if the file was modified or not.

If Microsoft were to do such a thing in not changing the date of when a file was modified and the file was given a different version number,

I would be critical of them too.

Edited by erpdude8
0

Share this post


Link to post
Share on other sites

ok. I've done enough complaining about version 4.10.2225 of the KB891711.exe file having the same exact date as version 4.10.2224 of the KB891711.exe file [both builds 2224 and 2225 of KB891711.exe file were dated 10/4/2005 which is an abomination]. I've changed the date of build 2225 of the KB891711.exe file so it should now be dated 2/11/2006 with 10:25pm as the time. I've sent the revised U891711 fix to MDGx (the KB891711.exe file should be dated 2/11/2006 instead of 10/4/2005) but has not posted it up yet. Seems that the author of the U891711 fix forgot to change the date of the KB891711.exe file after he changed the build number from 2224 to 2225. It's barely inexcusable for newer builds of the U891711 files to have the same exact date as older builds.

0

Share this post


Link to post
Share on other sites
Edited by MDGx
0

Share this post


Link to post
Share on other sites

Windows KB891711 component has altered Windows system files.

Module Name: KB891711.EXE

Description: Windows KB891711 component

Version: 4.10.2225

Product: Microsoft® Windows® Operating System

Manufacturer: Microsoft Corporation

this is my Dr Watson report

0

Share this post


Link to post
Share on other sites
Windows KB891711 component has altered Windows system files.

Module Name: KB891711.EXE

Description: Windows KB891711 component

Version: 4.10.2225

Product: Microsoft® Windows® Operating System

Manufacturer: Microsoft Corporation

this is my Dr Watson report

Don't worry, it's supposed to do that. The official Ms patch works the same way.

0

Share this post


Link to post
Share on other sites
Edited by MDGx
0

Share this post


Link to post
Share on other sites

Windows KB891711 component has altered Windows system files.

Module Name: KB891711.EXE

Description: Windows KB891711 component

Version: 4.10.2225

Product: Microsoft® Windows® Operating System

Manufacturer: Microsoft Corporation

this is my Dr Watson report

Don't worry, it's supposed to do that. The official Ms patch works the same way.

in other words, it's normal for Dr Watson to report KB891711 "altering system files"

that dont bother me. win98se/winme will work just fine

ditto for official MS KB918547 patch

Edited by erpdude8
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.