• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
MDGx

Q891711 + U891711 = Unofficial MS07-017 + MS05-002 .ANI fix

129 posts in this topic

BenoitRen:

Anonymous author answered your questions:

BenoitRen wrote Apr 30 2007, 8:44 AM:

> Awesome! Congratulations to the author. :) I hope he'll be able

> to provide a fix for Windows 95's files as well (both

> version 4.00.950, unless those got updates somewhere?).

As unlikely as a Win98FE patch I am afraid - it is just too

time-consuming.

> I have a question, though. It's my understanding that the parsing

> happens in user.exe, and that the way to fix the vulnerabilities is to

> check the size of what user32.dll returns. So why does user32.dll need

> patching? I don't mean to criticise, I just want to learn.

USER.EXE and USER32.DLL are interdependent. So they need to be of the same

version and be updated at the same time. USER32.DLL was patched basically

to make sure this happens under all circumstances.

I hope this helps.

HTH
0

Share this post


Link to post
Share on other sites
What I don't know is that, ignoring above, whether there are any inherent advantages to using USER*.* 4.90.3001?
Please read this post...
Does this means you are removing USER*.* 4.90.3001 from 98SE2ME?
No, because 4.90.3001 don't have the .ANI fix, but 4.10.2233 don't have the mouse cursor erratic movement fix.

So it's a trade-off.

98SE2ME installs WinME files, which otherwise can't be installed in "normal" conditions.

Example: USER*.* 4.90.3001 hotfix [ME280800.EXE] cannot be installed on Win98SE, one has to 1st extract the files and then manually copy them over to %windir%\system from native MS-DOS and finally reboot.

But 98SE2ME installs them in 1 step, without any intervention from the user, as part of options 1 + 2.

I'm actually considering removing USER*.* 4.90.3001 altogether from 98SE2ME sometime in the future, but I'm still waiting a while, in the hope that anonymous author might one day wish to patch them to something like 4.90.3002 to include the .ANI fix.

If that happens, those files would have *both* fixes, and will be worth keeping as part of 98SE2ME options 1 + 2.

FYI:

Anoynymous author has also sent me USER 4.10.2234 for Win98SE [fixed also mouse cursor erratic movement (same as USER*.* 4.90.3001) besides the .ANI fix], but those files were buggy, in the sense that the mouse cursor disappeared completely from the desktop on my computer, no matter which mouse drivers I was using. ;-(

So he had to revert back to USER*.* 4.10.2233 , which fixed only the .ANI bug, but *not* the mouse cursor erratic movement bug.

That's why we are all using now USER*.* 4.10.2233, which do not have the mouse cursor erratic movement fix that is fixed by USER*.* 4.90.3001 .

HTH

0

Share this post


Link to post
Share on other sites

Once more, thanks to the anonymous author of the patch and to you MDGx ! :thumbup:

Made a french translation. You can download it here: win9x4ever.online.fr

Edited by glocK_94
0

Share this post


Link to post
Share on other sites
Once more, thanks to the anonymous author of the patch and to you MDGx ! :thumbup:

Made a french translation. You can download it here: win9x4ever.online.fr

What have you used to translate LCID / codepage of USER.EXE?

An Hex Editor?

If yes, where are the strings to edit?

Small OT, and to compress a file in UPX?

0

Share this post


Link to post
Share on other sites
What have you used to translate LCID / codepage of USER.EXE?

An Hex Editor?

If yes, where are the strings to edit?

Using an hexeditor, look for the offsets O904E404 (english -> 1033 I think) and change them to match your LCID (compare to an original file if you don't know what it is). ;)
Small OT, and to compress a file in UPX?
...UPX maybe?

EDIT: Think I didn't get your question. Actually, if that was what you asked, you can unpack AND pack files using the command line tool "UPX", which can be found here: http://upx.sourceforge.net/

Edited by glocK_94
0

Share this post


Link to post
Share on other sites
Awesome! Congratulations to the author. :)

I hope he'll be able to provide a fix for Windows 95's files as well (both version 4.00.950, unless those got updates somewhere?).

highly unlikely to patch win95 user32 files. most of the win95 DLL files like gdi32.dll, kernel32.dll & user32.dll are missing too many functions that are featured in win98/me's core DLL files

besides, the anonymous author hasn't patched the Win98fe and WinME user32 files yet.

Edited by erpdude8
0

Share this post


Link to post
Share on other sites
No, because 4.90.3001 don't have the .ANI fix, but 4.10.2233 don't have the mouse cursor erratic movement fix.

So it's a trade-off.

98SE2ME installs WinME files, which otherwise can't be installed in "normal" conditions.

Example: USER*.* 4.90.3001 hotfix [ME280800.EXE] cannot be installed on Win98SE, one has to 1st extract the files and then manually copy them over to %windir%\system from native MS-DOS and finally reboot.

But 98SE2ME installs them in 1 step, without any intervention from the user, as part of options 1 + 2.

I'm actually considering removing USER*.* 4.90.3001 altogether from 98SE2ME sometime in the future, but I'm still waiting a while, in the hope that anonymous author might one day wish to patch them to something like 4.90.3002 to include the .ANI fix.

If that happens, those files would have *both* fixes, and will be worth keeping as part of 98SE2ME options 1 + 2.

FYI:

Anoynymous author has also sent me USER 4.10.2234 for Win98SE [fixed also mouse cursor erratic movement (same as USER*.* 4.90.3001) besides the .ANI fix], but those files were buggy, in the sense that the mouse cursor disappeared completely from the desktop on my computer, no matter which mouse drivers I was using. ;-(

So he had to revert back to USER*.* 4.10.2233 , which fixed only the .ANI bug, but *not* the mouse cursor erratic movement bug.

That's why we are all using now USER*.* 4.10.2233, which do not have the mouse cursor erratic movement fix that is fixed by USER*.* 4.90.3001 .

HTH

It would be nice if the anonymous author would patch the user files for WinME (maybe release it as 4.90.3003). Let's give him a lot of time for him to work on it.

0

Share this post


Link to post
Share on other sites
highly unlikely to patch win95 user32 files. most of the win95 DLL files like gdi32.dll, kernel32.dll & user32.dll are missing too many functions that are featured in win98/me's core DLL files

So? That would mean that it would actually be easier to find the spot that needs a check for the return value of USER32.DLL!

0

Share this post


Link to post
Share on other sites

The patch works very good so far! (Adapted it for a German Win98 SE)

The question is:

After installing the "unofficial Q891711.exe" (with the modified user*.* files),

how can I trick Windows Update not to install their "windows98-kb891711-v2-deu.exe" file with the obsolete workaround files (KB891711.EXE and Q891711.DLL)?

Is there a registry entry that will prevent WU from installing their version?

Otherwise, would KB891711.EXE and Q891711.DLL interfere with the modified user32.dll/user.exe files?

Edited by swgreed
0

Share this post


Link to post
Share on other sites
highly unlikely to patch win95 user32 files. most of the win95 DLL files like gdi32.dll, kernel32.dll & user32.dll are missing too many functions that are featured in win98/me's core DLL files

So? That would mean that it would actually be easier to find the spot that needs a check for the return value of USER32.DLL!

as the anonymous author said:

As unlikely as a Win98FE patch I am afraid - it is just too

time-consuming.

See! It is not as simple as that, Benoitren. I assume the anonymous author who made the new 891711 patch for Win98se uses a Win98 SE system and has no time to look at the Win95 code of user32.dll

<hey, we wont force the author to check the user32 code for Win95; he's probably busy right now with more important things>

Plus there are other versions of USER32.DLL for Win95! There's a version 4.01.971 of user32.dll bundled inside the MS Active Accessibility 1.3 addon for Win95 which adds MSAA support to Win95. MSAA support is somewhat essential to Win95 users who have vision problems.

but then again, can YOU, BenoitRen, try to patch the user32.dll files yourself, if you have the necessary skills and tools to do so (if the anonymous author is unable to patch the user32 files for win95)?

Edited by erpdude8
0

Share this post


Link to post
Share on other sites
The patch works very good so far! (Adapted it for a German Win98 SE)

The question is:

After installing the "unofficial Q891711.exe" (with the modified user*.* files),

how can I trick Windows Update not to install their "windows98-kb891711-v2-deu.exe" file with the obsolete workaround files (KB891711.EXE and Q891711.DLL)?

Is there a registry entry that will prevent WU from installing their version?

Otherwise, would KB891711.EXE and Q891711.DLL interfere with the modified user32.dll/user.exe files?

There are reg entries to do this, swgreed. it's something like this:

HKLM,"Software\Microsoft\Active Setup\Installed Components\{32b1db33-27b9-43b7-8904-d5352decc292}",,,"Windows 98 KB891711 Update"

HKLM,"Software\Microsoft\Active Setup\Installed Components\{32b1db33-27b9-43b7-8904-d5352decc292}","IsInstalled",0x10001,01,00,00,00

HKLM,"Software\Microsoft\Active Setup\Installed Components\{32b1db33-27b9-43b7-8904-d5352decc292}","Locale",,"DE"

HKLM,"Software\Microsoft\Active Setup\Installed Components\{32b1db33-27b9-43b7-8904-d5352decc292}","Version",,"4.10.0.2222"

Ask MDGx on how to add the registry entries for 891711. get the reg entries from the 891711.INF file of the windows98-kb891711-v2-deu.exe patch.

0

Share this post


Link to post
Share on other sites

Tried that already, but it didn't help...

But the solution is quite simple:

WindowsUpdate checks, if the files "Kb891711.exe" & "Q891711.dll" are physically available in the path "C:\windows\system\Kb891711".

The registry entries are completely meaningless here.

0

Share this post


Link to post
Share on other sites
but then again, can YOU, BenoitRen, try to patch the user32.dll files yourself, if you have the necessary skills and tools to do so (if the anonymous author is unable to patch the user32 files for win95)?

Yes, I could, if anyone actually bothered to tell me what skills I need, and how I should start.

0

Share this post


Link to post
Share on other sites
Yes, I could, if anyone actually bothered to tell me what skills I need, and how I should start.

you just need tools like "reshack" or "exescope" to edit the apropriate files ;)

0

Share this post


Link to post
Share on other sites

MDGx: :hello:

I'm stuck on what to do ... i've read all the recent posts and it seems that its better to have the ANI fixed USER.EXE & USER32.DLL (4.10.0.2223) files as opposed to the 4.90.3001 ones ... so should i use those files inside my Core of Win98 to Me update? This is because the Core of Win98 to ME comes after the Q891711 update, and so the ANI fixed files get overwritten if the user chooses to install both. I could simply swap the order around if that is the bes fix. Or is it possible to still use U891711 and thus keep the usual 4.90.3001 files inside my core Win98 to ME thingy? It seems my options are:

1) for the Core Win98 to ME update, replace the 4.90.3001 USER* files with the files inside Q891711

2) swap the order so the Core Win98 to ME update is installed before Q891711 (not preferable)

3) Use the 4.90.3001 USER* files inside the Core Win98 to ME update as normal, and use U891711 (easiest option for me)

I'm testing out the options above but any info much appreciated...

Edited by soporific
0

Share this post


Link to post
Share on other sites
MDGx: :hello:

I'm stuck on what to do ... i've read all the recent posts and it seems that its better to have the ANI fixed USER.EXE & USER32.DLL (4.10.0.2223) files as opposed to the 4.90.3001 ones ... so should i use those files inside my Core of Win98 to Me update? This is because the Core of Win98 to ME comes after the Q891711 update, and so the ANI fixed files get overwritten if the user chooses to install both. I could simply swap the order around if that is the bes fix. Or is it possible to still use U891711 and thus keep the usual 4.90.3001 files inside my core Win98 to ME thingy? It seems my options are:

1) for the Core Win98 to ME update, replace the 4.90.3001 USER* files with the files inside Q891711

2) swap the order so the Core Win98 to ME update is installed before Q891711 (not preferable)

3) Use the 4.90.3001 USER* files inside the Core Win98 to ME update as normal, and use U891711 (easiest option for me)

I'm testing out the options above but any info much appreciated...

I would keep the 4.10.2233 USER*.* files [Q891711] because they fix the .ANI exploit.

HTH

0

Share this post


Link to post
Share on other sites

MDGX:

thanks for that info.

i've been doing some testing and it appears that if the user attempts to install the Q891711 update twice and doesn't uninstall in between then their system is stuffed when they reboot. User.exe and User32.dll are missing and the only ones on the system are the backed up ones (ie USER.O98 and USER32.O98) ... is this a known issue?

And there's another issue --- what if a user has Windows 98-2-ME installed? Like the full super duper version with the v5.50 files? Will the user's system function normally? I could test myself but maybe you already know ...

0

Share this post


Link to post
Share on other sites
MDGX:

thanks for that info.

i've been doing some testing and it appears that if the user attempts to install the Q891711 update twice and doesn't uninstall in between then their system is stuffed when they reboot. User.exe and User32.dll are missing and the only ones on the system are the backed up ones (ie USER.O98 and USER32.O98) ... is this a known issue?

And there's another issue --- what if a user has Windows 98-2-ME installed? Like the full super duper version with the v5.50 files? Will the user's system function normally? I could test myself but maybe you already know ...

1. Q891711 double-install issue:

Why would one wish to install it twice?

Every time one runs Q891711.EXE, it installs the same files over and over.

Because of the backup feature, this does happen, because the current USER*.* files are renamed to *.O98, and only after reboot the new USER*.* files are actually installed, because the USER*.* files are in use, and cannot be replaced while Windows is running, this replacement has to be done from native MS-DOS [by means of wininit.ini], before Windows GUI loads.

I guess I could prevent this from happening by adding "TargetFileVersion=@FileSectionList" and "[FileSectionList]" in the SED file to abort the install if USER*.* or USER*.O98 4.10.2233 detected in %windir%\system .

I'll have to experiment, to see if this actually works.

2. If one has any newer versions of the USER*.* files [like the WinME ones installed by 98SE2ME options 1 + 2], the Q891711.EXE installer will prompt the user if he/she wants to replace the new ones [already there] with the older ones from the Q891711 installer.

If the user says yes, the newer version files will be renamed [backed up] as *.O98 files, and then the older ones will be copied to %windir%\system as USER.EXE + USER32.DLL after reboot.

I see where the problem is:

If the user says no, the newer ones will be backed up [renamed] as *.O98 after reboot, but the older ones won't be copied to %windir%\system anymore, so there will be no USER32.DLL + USER.EXE files in %windir%\system after reboot. Ouch! :(

I don't see any solution to this problem, except for deleting the backup feature, until I come up with another/better solution.

I could use a DOS batch file instead of the INF to do this, but unfortunately it won't be the M$ hotfix way.

Or I could just add ,,,4 after the file names under the copy section, to always overwrite [without asking any questions] the ones in %windir%\system with the ones from Q891711.

BTW:

As far as I'm aware, WinME USER*.* [4.90.300x] files are not needed for WinME EXPLORER.EXE + SHELL32.DLL [5.50.xxxx] to work with Win98 SE OS.

But I'll do more testing with different USER*.* versions to make sure.

HTH

0

Share this post


Link to post
Share on other sites
Why would one wish to install it twice?
I know i know, but you know how users can be, they like playing around and sometimes will try installing something twice because they didn't think it worked the first time, etc. So i just try to avoid the user being able to make this mistake. If we can't avoid it then thems the breaks.
I could use a DOS batch file instead of the INF to do this, but unfortunately it won't be the M$ hotfix way.
I'm not too fussed about the method we use, if we need to use a DOS batch file, thats what we use.
Or I could just add ,,,4 after the file names under the copy section, to always overwrite [without asking any questions] the ones in %windir%\system with the ones from Q891711.

That's the way i've gone with ... i've already re-done the hotfix to overwrite without asking questions, and i've made the hotfix optional inside AP with an explanation that tells all about what's going to happen. Great minds think alike! If you make another installer for Q891711 i will use yours instead.

Thanks for all your help as usual.

0

Share this post


Link to post
Share on other sites
That's the way i've gone with ... i've already re-done the hotfix to overwrite without asking questions, and i've made the hotfix optional inside AP with an explanation that tells all about what's going to happen. Great minds think alike! If you make another installer for Q891711 i will use yours instead.

Thanks for all your help as usual.

I've also revised Q891711.EXE [418 KB]:

http://www.mdgx.com/files/Q891711.EXE

Q891711 ReadMe:

http://www.mdgx.com/files/Q891711.TXT

SED and INF to install automatically, no matter which versions are installed.

Same with EXPLOR98.EXE + KB918547.EXE .

Besides that, the text file that pops up right before install now has this:

EXTREMELY IMPORTANT:

You MUST REBOOT at END of INSTALL for this Fix to complete properly!

Do NOT install this Fix MORE THAN ONCE WITHOUT REBOOTING AFTER FIRST

INSTALL!

IF you ALREADY installed this Fix ONCE, BUT have NOT YET REBOOTED [which

would complete the install properly], you MUST UNINSTALL it [see the

"UNINSTALL" chapter below] BEFORE trying to REinstall it again, otherwise

Windows will LOCK UP!

And at the end of install, you'll always see this popup:
You MUST REBOOT NOW for install to complete properly!
I've done the same with EXPLOR98.EXE [171 KB]:

http://www.mdgx.com/files/EXPLOR98.EXE

EXPLOR98 ReadMe:

http://www.mdgx.com/files/EXPLOR98.TXT

Actually, EXPLOR98 pops up this right before install:

EXTREMELY IMPORTANT:

1. You MUST REBOOT at END of INSTALL for this Fix to complete properly!

Do NOT install this Fix MORE THAN ONCE WITHOUT REBOOTING AFTER FIRST INSTALL!

IF you ALREADY installed this Fix ONCE, BUT have NOT YET REBOOTED [which would

complete the install properly], you MUST UNINSTALL it [see the "UNINSTALL"

chapter below] BEFORE trying to REinstall it again, otherwise Windows will

LOCK UP!

2. IF using Windows ME EXPLORER.EXE 5.50.4134.100 (or similar) with your

Windows 98 SE Operating System (OS), do NOT install this Fix, otherwise

Windows will LOCK UP!

Windows ME EXPLORER.EXE 5.50.4134.100 installs as part of 98SE2ME option 3:

http://www.mdgx.com/98-5.htm#KRM9S

also here:

http://www.msfn.org/board/?showtopic=46349

Complete details in 98SE2ME READ1ST.TXT "98SE2ME.PIF COMPLETE GUIDE" chapter

under "* Option 3:":

http://www.mdgx.com/9s2m/READ1ST.TXT

IF you have ALREADY installed 98SE2ME option 3, you MUST FIRST RESTORE Windows

98 SE system files from the *.98A BACKUPS [as explained in READ1ST.TXT above],

and ONLY AFTER that install this EXPLORER.EXE 4.72.3612.1700 Fix!

and KB918547.EXE [373 KB]:

http://www.mdgx.com/files/KB918547.EXE

HTH

0

Share this post


Link to post
Share on other sites
Tried that already, but it didn't help...

But the solution is quite simple:

WindowsUpdate checks, if the files "Kb891711.exe" & "Q891711.dll" are physically available in the path "C:\windows\system\Kb891711".

The registry entries are completely meaningless here.

Why not just use the INf file from the official update to install the unoffical files?

0

Share this post


Link to post
Share on other sites
MDGx: :hello:

I'm stuck on what to do ... i've read all the recent posts and it seems that its better to have the ANI fixed USER.EXE & USER32.DLL (4.10.0.2223) files as opposed to the 4.90.3001 ones ... so should i use those files inside my Core of Win98 to Me update? This is because the Core of Win98 to ME comes after the Q891711 update, and so the ANI fixed files get overwritten if the user chooses to install both. I could simply swap the order around if that is the bes fix. Or is it possible to still use U891711 and thus keep the usual 4.90.3001 files inside my core Win98 to ME thingy? It seems my options are:

1) for the Core Win98 to ME update, replace the 4.90.3001 USER* files with the files inside Q891711

2) swap the order so the Core Win98 to ME update is installed before Q891711 (not preferable)

3) Use the 4.90.3001 USER* files inside the Core Win98 to ME update as normal, and use U891711 (easiest option for me)

I'm testing out the options above but any info much appreciated...

I would keep the 4.10.2233 USER*.* files [Q891711] because they fix the .ANI exploit.

HTH

MDGx, I may try to test the user*.* v4.10.2233 files under Win98 FE and will let you know if they work correctly. I may be dumping the "temporary" kb891711 files and use the "permanent" user*.* files.

It's a shame that the anonymous person hasn't made "permanent" 891711 fixes for Win95 sr2/WinME and I'm pretty sure BenoitRen is disappointed there is no "permanent" user*.* fix made for Win95 SR2

0

Share this post


Link to post
Share on other sites

The Anonymous author has answered some of your questions/requests:

I am way too busy to make WinME USER.EXE + USER32.DLL 4.90.3003.

I doubt this is going to change anytime soon.

I also cannot test such a patch under Win98SE without messing up my OS

installation.

AFAICT, GDI.EXE + GDI32.DLL have no code that interferes with

Power Management. Most definitely, the sections of code I modified and

added to make 4.10.2227 and 4.90.3003 have nothing to do with

Power Management. The problems PROBLEMCHYLD reported about a year ago must

be a mere coincidence.

USER.EXE does call APM BIOS functions. The differences between USER.EXE

4.10.22xx and 4.90.300y are indeed responsible for how 'Restart in MS-DOS

mode' is handled. Some of the differences result from the underlying major

differences between Win98SE and Winme in (WIN.COM), KRNL386.EXE and, most

importantly, VMM.VXD.

BenoitRen wrote Apr 30 2007, 8:44 AM:

> Awesome! Congratulations to the author. :) I hope he'll be able

> to provide a fix for Windows 95's files as well (both

> version 4.00.950, unless those got updates somewhere?).

As unlikely as a Win98FE patch I am afraid - it is just too time-consuming.

> I have a question, though. It's my understanding that the parsing

> happens in user.exe, and that the way to fix the vulnerabilities is to

> check the size of what user32.dll returns. So why does user32.dll need

> patching? I don't mean to criticise, I just want to learn.

USER.EXE and USER32.DLL are interdependent. So they need to be of the same

version and be updated at the same time. USER32.DLL was patched basically

to make sure this happens under all circumstances.

HTH
0

Share this post


Link to post
Share on other sites

¿MDGx if installed Windows 98SE Spanish or Irish, language affects the user or windows version USER.DLL USER.EXE and 2233 in English?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.