Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


  • Content Count

  • Donations

  • Joined

  • Last visited

Everything posted by fdv

  1. fdv

    Slipstreaming NT4 SP6a

    How to create a fully slipstreamed Windows NT 4 Service Pack Everything After 6 / Unofficial 7 March 6, I am pretty much done. Bearwindows did a LOT of work already -- but all of this comes before doing his process. Thanks to Nateklomp for his links, which I grabbed from his post -- much appreciated. 1. We’re going to assume the use of NT Server. 2. Get the Service Pack and hotfixes: [url="http://download.microsoft.com/download/winntsp/SP/6.0a-128/NT4/EN-US/sp6i386.exe"]Service Pack 6a[/url] [url="http://download.microsoft.com/download/winntsp/patch/q299444/nt4/en-us/q299444i.exe"]q299444, the Post SP6a Rollup[/url] [url="http://download.microsoft.com/download/winntsrv40/Patch/Spooler-fix/NT4/EN-US/Q243649.exe"]q243649.exe[/url] [url="http://download.microsoft.com/download/winntsp/Patch/Q304158/NT4/EN-US/Q304158i.exe"]q304158i.exe[/url] [url="http://download.microsoft.com/download/winntsp/Patch/Q314147/NT4/EN-US/Q314147i.exe"]Q314147i.exe[/url] [url="http://download.microsoft.com/download/winntsp/PatchSH/Q318138/NT4/EN-US/Q318138i.exe"]Q318138i.exe[/url] [url="http://download.microsoft.com/download/winntsp/Patch/Q320206/NT4/EN-US/Q320206i.exe"]Q320206i.exe[/url] [url="http://download.microsoft.com/download/winntsp/Patch/Q326830/NT4/EN-US/Q326830i.exe"]Q326830i.exe[/url] [url="http://download.microsoft.com/download/winntterminal/Patch/Q329115/NT4/EN-US/Q329115i.EXE"]q329115i.exe[/url] [url="http://download.microsoft.com/download/3/6/d/36d7bf6a-56b3-4e56-b332-e4bd4ced994e/Q810833i.EXE"]Q810833i.EXE[/url] [url="http://download.microsoft.com/download/9/3/f/93f82d57-0f2f-40ab-9873-f41d0384e5ee/Q815021i.EXE"]Q815021i.EXE[/url] [url="http://download.microsoft.com/download/0/a/9/0a95e33a-2bb7-4e0a-b389-8eaac99ef364/Q817606i.EXE"]Q817606i.EXE[/url] [url="http://download.microsoft.com/download/b/2/c/b2cef22e-f8a7-4029-af63-87011a64586c/Q819696i.EXE"]q819696i.exe[/url] [url="http://download.microsoft.com/download/0/c/3/0c33cde6-931b-437d-985e-a9351111691f/WindowsNT4Server-KB823182-x86-ENU.EXE"]WindowsNT4Server-kb823182-x86-enu.exe[/url] [url="http://download.microsoft.com/download/0/c/4/0c43ffdb-58fc-4231-83c6-4bfa69f70680/WindowsNT4Server-KB823803-x86-ENU.EXE"]WindowsNT4Server-KB823803-x86-ENU.EXE[/url] [url="http://download.microsoft.com/download/e/b/0/eb0efc08-a68b-4635-9287-7894b33276eb/WindowsNT4Server-KB824105-x86-ENU.EXE"]WindowsNT4Server-KB824105-x86-ENU.EXE[/url] [url="http://download.microsoft.com/download/1/6/4/164a5dcf-f241-4bc0-8ed1-31d39fe88d9b/WindowsNT4Server-KB824141-x86-ENU.EXE"]WindowsNT4Server-kb824141-x86-enu.exe[/url] [url="http://download.microsoft.com/download/6/2/1/6216d162-1283-4e05-a505-3dc67b70155c/WindowsNT4Server-KB824146-x86-ENU.EXE"]WindowsNT4Server-kb824146-x86-enu.exe[/url] [url="http://download.microsoft.com/download/f/0/1/f01c0522-76bd-4889-a620-fd10992489b6/WindowsNT4Server-KB825119-x86-ENU.EXE"]WindowsNT4Server-kb825119-x86-enu.exe[/url] [url="http://download.microsoft.com/download/9/f/1/9f14b3d5-9d44-47e2-8ba6-e562512ff7e2/WindowsNT4Server-KB828035-x86-ENU.EXE"]WindowsNT4Server-KB828035-x86-ENU.EXE[/url] [url="http://download.microsoft.com/download/1/0/8/1088f645-20b8-44ee-aafa-47b2fab94b7d/WindowsNT4Server-KB828741-x86-ENU.EXE"]WindowsNT4Server-KB828741-x86-ENU.EXE[/url] [url="http://download.microsoft.com/download/6/d/7/6d7fcda4-1d50-49e7-b4dd-501fa54909c6/WindowsNT4Server-KB835732-x86-ENU.EXE"]WindowsNT4Server-KB835732-x86-ENU.EXE[/url] [url="http://download.microsoft.com/download/a/b/3/ab36f6c2-67b8-4711-8d9a-0cf06b4153e1/WindowsNT4Server-KB839645-x86-ENU.exe"]WindowsNT4Server-KB839645-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/4/4/e/44ec3f6b-3033-481f-a746-af19f8a2e850/WindowsNT4Server-KB841533-x86-ENU.exe"]WindowsNT4Server-KB841533-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/d/e/1/de1dd54f-a6b9-4206-8496-418a1709ae95/WindowsNT4Server-KB841872-x86-ENU.exe"]WindowsNT4Server-KB841872-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/f/e/c/fec9efe8-b73d-4731-aedf-461f90d5a77f/WindowsNT4Server-KB870763-x86-ENU.exe"]WindowsNT4Server-KB870763-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/9/0/1/9013c8d2-1586-4913-ae2f-8fa4a27224ea/WindowsNT4Server-KB873339-x86-ENU.exe"]WindowsNT4Server-KB873339-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/1/6/1/16145263-1a0d-4421-a6ac-112e200cf804/WindowsNT4Server-KB873350-x86-ENU.exe"]WindowsNT4Server-KB873350-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/6/9/8/6982ee0f-933a-4e90-9fb9-376c89ad3475/windowsnt4server-kb885249-x86-enu.exe"]windowsnt4server-kb885249-x86-enu.exe[/url] [url="http://download.microsoft.com/download/a/5/7/a57ea457-fac7-42fa-bb7f-dc1782a03d4e/WindowsNT4Server-KB885834-x86-ENU.exe"]WindowsNT4Server-KB885834-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/8/3/f/83f2502c-6196-41a7-b2a4-11199a50a5e6/WindowsNT4Server-KB885835-x86-ENU.exe"]WindowsNT4Server-KB885835-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/2/c/b/2cb94fd1-9180-4338-a353-ab17004ae347/WindowsNT4Server-KB885836-x86-ENU.exe"]WindowsNT4Server-KB885836-x86-ENU.exe[/url] [url="http://download.microsoft.com/download/2/e/4/2e4d50d5-854c-48c3-a928-80c5ddc958e4/WindowsNT4Server-KB891711-x86-ENU.exe"]WindowsNT4Server-KB891711-x86-ENU.exe[/url] q243649 is supposedly contained in q299444, the Rollup, but you need one file from it. Random note, because you might need to know this: The last publicly available versions of NTKRNLMP.EXE and NTOSKRNL.EXE are both version 4.0.1381.7268 from 11-Oct-2004 and are found in hotfix 885835, which is listed above. I am not aware of a more recent version, including nonpublic fixes. 3. Get some Microsoft libraries and add-ons: [url="http://www.download.com/Microsoft-Windows-Installer-Windows-NT-2000-/3000-2216_4-10049516.html"]Windows Installer 2.0 Redistributable[/url] [url="http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx"]OLE Automation[/url] (we will use OLEAUT32.DLL) [url="http://support.microsoft.com/?id=932590"]MSVCRT.EXE[/url] [url="http://support.microsoft.com/?id=259403"]MFC and OLE DLLs[/url] Get the [url="http://www.microsoft.com/downloads/details.aspx?FamilyID=4B6140F9-2D36-4977-8FA1-6F8A0F5DCA8F&displaylang=en"]InstMsiW package[/url] for Windows NT (requires validation! LOL!). It won't actually install in NT thanks to Microsoft being clever, but it doesn't matter, we're integrating it. Use something like WinRAR to extract the contents. Rename sdbapiU.dll to sdbapi.dll (delete the 'U'). Get the [url="http://download.microsoft.com/download/platformsdk/cab/2.0/w98nt42kmexp/en-us/cabsdk.exe"]CAB SDK [/url]. Extract the files into a folder called CABSDK. [url="http://support.microsoft.com/kb/259403"]C++ runtimes.[/url] Rename atlu.dll to atl.dll and set it aside, eventually it will go directly into the SP6a folder. We will NOT be slipstreaming the "Patched EXPLORER.EXE for 256 color display." Why? Because it locks the system up on install! Also, TAPI 2.1 is included as of SP4, but download it, extract tcmapp.exe, MAKECAB it, and put it aside. It won't replace anything. You don't need any other files from the TAPI 2.1 since they were all made obsolete by hotfixes. 4. Get the following files from Windows 2000: cabarc.exe cabbench.exe cabinet.dll cabview.dll joystick.dll joystick.sys makecab.exe ntdetect.com ntldr setupp.ini Drag and drop cabarc.exe, cabbench.exe, cabinet.dll, cabview.dll and makecab.exe into CABSDK and replace whatever is there. The only file that should still say 1997 will be extract.exe. 5. Get the necessary third party add-ons: [url="http://download.sysinternals.com/Files/PsTools.zip"]PsTools v2.44[/url] [url="http://download.sysinternals.com/Files/Regmon.zip"]RegMon for Windows v7.04[/url] [url="http://download.sysinternals.com/Files/Filemon.zip"]FileMon for Windows v7.04[/url] [url="http://download.sysinternals.com/Files/ProcessExplorer.zip"]Process Explorer v11.04[/url][b][/b] 6. Dead links? You can also get the hotfixes at http://www.mdgx.com/wnt4.htm 7. FAT32 support. Do you really need it? Probably not. If you do, you have two choices: 7a. Winternals had a read/write driver for FAT32. When Microsoft bought them, they apparently paid those guys to kill it. If you can get it, and it is floating around, then download it. It's 4 files: chkfat32.exe, fat32.hlp, fat32.sys, and scnfat32.exe plus some reg keys. 7b. Ashedel makes two files that replace the NT4 versions that give FAT32 support. I have tried using one, then the other, then both at the same time to try to install NT on a FAT32 drive (not just boot, but install on). It won't work. You have to install to FAT16 and convert that to FAT32 and then it will boot, but it cannot install to FAT32. 8. Extract SP6a into a folder, we’ll call it “sp6a” using the /x switch 9. Extract the post SP6a rollup files from q299444i.exe into a separate folder. Call that folder “q299444i” and use the /X switch again. Rename the BROWSER.DLL in this folder to BROWR.DLL, then rename BROWSER2.DLL to BROWSER.DLL (delete the 2). 10. Extract ALL of the REMAINING hotfixes into SEPARATE folders. Yes, I know! It's a pain in the butt! But see, here's the thing: some of the hotfixes have the same files, and if you extract into the same common folder, they will silently overwrite each other. So you would end up replacing newer files with older ones. 11. Extract ALL of the top-secret nonpublic Hotfixes you happen to have (and if you don’t have any, don’t worry about it) into SEPARATE folders. If you have nonpublic hotfix file KB872952, extract it and rename UNTFS2.DLL to UNTFS.DLL Some of these passworded ZIP files will not be KBxxxxxx .EXE files. If they just extract the files right into the directory, that's okay. 12. Move ALL of these hotfix files, one by one, the files from your many hotfix folders into the q299444i directory (not into SP6a yet!!). Replace anything old with the new one according to filedate. There will be files that don’t replace anything in q299444i. That’s fine, move them over anyway. Delete all of the leftover files that were older (in other words, if a file was older than the destination, we don’t need it). If you set any files aside, like atl.dll and tcmapp.exe, add them now. Here is where we are: all of the hotfix files should be in q299444i. Some will replace what's there because they are newer, some will not replace any because q299444 didn't have them, and some files we got rid of. 13. Now it’s time to manually merge all of the q299444i files into the sp6a folder. Just drag and drop files from q299444i into sp6a, and replace older files with newer ones again using the file’s date as your guideline. Here below are most of the files you will be left over with (in other words, don't bother dragging and dropping them into the SP6a folder, just leave them alone for now): atalk.dll* bone.dll* browser.dll* (Important! This file is NOT the Browser service!!) browser2.dll (will be renamed to BROWSER and go into SYSTEM32) crlupd.exe floppy.sys fp4autl.dll ipx.dll* lmrepl.exe mprdim.dll ncp.dll* netbios.dll* netdtect.sys nmapi.dll parport.sys ppp.dll* regacl40.exe riched20.dll riched32.dll rmiisupd.cmd schannel.dll schmupd.exe smb.dll* snmp.dll* tcpip.dll* trail.dll* vines.dll* winhstb.exe There will probably be a few more too. Don’t worry about it for now. All of the hotfix files are now merged with the leftovers in q299444i. Oh No, you say! What about Registry edits? Relax, I’ve got you covered. 14. *These marked files will be going into a totally new directory in Windows NT called WINNT\system32\netmon\parsers. You need to make edits to TXTSETUP and LAYOUT, like this: [sourceDisksNames.x86] 1 ... 26 27 = system32\netmon\parsers ; new directory for post SP6a NT Server files The files above will be listed like this: atalk.dll = 1,,,,,,,27,0,0 See the END NOTES for more detail on this. Here is where we are: we have merged ALL of the hotifx files into the Service Pack6a. We have a bunch of leftover files from q299444i which are left alone in that directory. 15. Download the Unofficial Direct X 5 Distribution for NT 4. I have no idea, Google for it. Maybe try here. Once you have it, expand it to a folder such as “dx5” and don’t worry about the REG file that is distributed with Unofficial DX5, I have that covered, so delete the REG file. Drag and drop (some of) the files in the DX5 folder into the sp6a folder EXCEPT for these, which you can move to the q299444i folder (remember, q299444i is holding leftovers right now): D3DPMESH.DLL D3DRG24X.DLL D3DRG32X.DLL D3DRG55X.DLL D3DRG56X.DLL D3DRG8X.DLL D3DRGBXF.DLL DIRECTX.CPL 16. Some of those leftover files from hotfixes don't replace files in SP6a, but they do replace files in Windows NT i386. Because of the way the Bearwindows slipstreaming program works (it replaces anything in i386 with the same name from sp6a, whether the file was actually from sp6a or not), we can add the following files from the leftovers to sp6a: certmgr.msc clusapi.dll comcat.dll csvroot.exe dplaysvr.exe dssbase.dll enhsig.dll lmrepl.exe mf3216.dll mfc42.dll mfc42u.dll msvcrt.dll netdtect.sys oleaccrc.dll psxss.exe riched20.dll riched32.dll winhstb.exe wldap32.dll 17. Get http://browsers.evolt.org/download.php?/ie...SP2/ie55sp2.exe Get http://browsers.evolt.org/download.php?/ie.../ie55sp2_nt.zip Extract the following files and put them aside: browseui.dll dispex.dll dxtmsft.dll dxtrans.dll hh.exe hhctrl.ocx hlink.dll iexplore.exe inetcpl.cpl inetcplc.dll itircl.dll itss.dll jscript.dll mshtml.dll mshtml.tlb mshtmled.dll mshtmler.dll shdoclc.dll shdocvw.dll shlwapi.dll url.dll urlmon.dll wininet.dll ZOMG Internet Explorer?!? I know, I know. But we're going to put it as an optional component during setup so that you can have better program compatibility with programs that think they need to see IE. It won't even be a functional browser. We're just dumping IE DLLs optionally. 18. Now is the time to add whatever else will go into Windows NT such as an ASPI driver or some libraries or small freeware apps, etc. Open my TXTSETUP file and search for the word “newfiles” and you will see what I added. If you don’t want to add something or don’t have it, comment it out with a semicolon. Then open LAYOUT and do the same thing. See the end note. 19. Copy the i386 folder from your CD to your hard drive. Name it “i386bak” You will also copy i386 again to the C: drive at the next step also. It’s just good to have a backup, trust me. 20. No go here and follow this process: http://www.bearwindows.boot-land.net/winnt4.htm 21. When you’re done, move the new i386 directory to whatever drive you were working on. You’ll also need the CDROM_S.40 file. 22. You'll have leftover stuff that you'll wonder about. Files like crlupd.exe for example. You won't know where it came from or how you got it or if it's important... but if I don't make mention of it or tell you to replace a file in i386 with it, then it can be deleted. The astute reader will notice that I have been updating this every few days. March 6 Registering DLLs on bootup will be tough; not only is IERNONCE.DLL required, but new versions of EXPLORER and SHELL32.DLL that IE installs are required, too. Microsoft issued post SP6a hotfixes for EXPLORER.EXE and SHELL32.DLL but the shell32 causes problems with some software, and that defeats the purpose of running an OS in the first place. Because I have a nonpublic beta of NT5 that predated Win2000, I might try running that version of explorer and shell32 to see if it even works. The IE Desktop Update is NOT just available with IE 4. It's available with IE 5, 5.5, and 6, but Microsoft hides it from you. You have to start the install and edit the IESETUP.CIF file in the TEMP directory to make the Desktop Update option visible. The "Update" replaces EXPLORER and SHELL32 with HTML-aware files that are older than the versions from hotfixes. No thanks. END NOTES Here are the extra files I added to TXTSETUP and LAYOUT. This list is good for BOTH files. ; ; newfiles ; intelata.sys = 1,,,,,,,4,0,0 ; [url="http://www.bearwindows.boot-land.net/winnt4.htm"]http://www.bearwindows.boot-land.net/winnt4.htm[/url] pnp680.sys = 1,,,,,,,4,0,0 ; [url="http://www.bearwindows.boot-land.net/winnt4.htm"]http://www.bearwindows.boot-land.net/winnt4.htm[/url] ultra.sys = 1,,,,,,,4,0,0 ; [url="http://www.bearwindows.boot-land.net/winnt4.htm"]http://www.bearwindows.boot-land.net/winnt4.htm[/url] viadsk.sys = 1,,,,,,,4,0,0 ; [url="http://www.bearwindows.boot-land.net/winnt4.htm"]http://www.bearwindows.boot-land.net/winnt4.htm[/url] vmx_mode.dll = 1,,,,,,,2,1 ; VMWare video driver vmx_fb.dll = 1,,,,,,,2,1 ; VMWare video driver vmx_svga.sys = 1,,,,,,,4,1 ; VMWare video driver anf1024.bmp = 1,,,,,,,1,1,0 ; Wallpaper 1024x768 anf800.bmp = 1,,,,,,,1,1,0 ; Wallpaper 800x600 chkfat32.exe = 1,,,,,,,2,1,0 ; winternals FAT32 driver fat32.hlp = 1,,,,,,,21,1,0 ; winternals FAT32 driver fat32.sys = 1,,,,,,,4,1,0 ; winternals FAT32 driver scnfat32.exe = 1,,,,,,,2,1,0 ; winternals FAT32 driver TTFExtNT.dll = 1,,,,,,,2,1,0 ; ttfext.exe Type 2 Hotfix ;IErnonce.dll = 1,,,,,,,2,1,0 ; Only from IE with Desktop Update, avail at [url="http://public.planetmirror.com/pub/browsers/ie/32bit"]http://public.planetmirror.com/pub/browsers/ie/32bit[/url] D3DPMESH.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file D3DRG24X.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file D3DRG32X.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file D3DRG55X.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file D3DRG56X.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file D3DRG8X.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file D3DRGBXF.DLL = 1,,,,,,,2,1,0 ; New DirectX 5 file DIRECTX.CPL = 1,,,,,,,2,1,0 ; New DirectX 5 file joystick.dll = 1,,,,,,,2,1,0 ;win2k add-on joystick.sys = 1,,,,,,,4,1,0 ;win2k add-on CTL3D.DLL = 1,,,,,,,2,1,0 ;microsoft 3D controls add-on CTL3D32.DLL = 1,,,,,,,2,1,0 ;microsoft 3D controls add-on qchain.exe = 1,,,,,,,2,1,0 ; Microsoft extra file wnaspi32.dll = 1,,,,,,,2,1,0 ; Adaptec extra file PFE32.EXE = 1,,,,,,,2,1,0 ; extra file from Programmer's File Editor omnifs32.exe = 1,,,,,,,2,1,0 ; extra file from Norton Ghost 8 deskmenu.exe = 1,,,,,,,2,1,0 ; extra file inuse.exe = 1,,,,,,,2,1,0 ; extra file tcpconfg.exe = 1,,,,,,,2,1,0 ; extra file reboot.exe = 1,,,,,,,2,1,0 ; extra file shwshars.exe = 1,,,,,,,2,1,0,showshares.exe ; extra file CPL.CFG = 1,,,,,,,2,1,0 ; licensing data tweakui.cnt = 1,,,,,,,2,1,0 ; Powertools tweakui.cpl = 1,,,,,,,2,1,0 ; Powertools tweakui.hlp = 1,,,,,,,2,1,0 ; Powertools atalk.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 bone.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 ipx.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 ncp.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 netbios.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 ppp.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 smb.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 SNMP.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 tcpip.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 Trail.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 VINES.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 nmapi.dll = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 parser.ini = 1,,,,,,,27,0,0 ; system32\netmon\parsers from q299444 browr.dll = 1,,,,,,,27,0,0,browser.dll ; system32\netmon\parsers from q299444 msasn1.dll = 1,,,,,,,2,1,0 ; hotfix file itircl.dll = 1,,,,,,,2,1,0 ; hotfix file lmmon.dll = 1,,,,,,,2,1,0 ; hotfix file mprdim.dll = 1,,,,,,,2,1,0 ; hotfix file TIMEZONE.EXE = 1,,,,,,,2,1,0 ; hotfix file quartz.dll = 1,,,,,,,2,1,0 ; hotfix file regacl40.exe = 1,,,,,,,2,1,0 ; hotfix file prebind.exe = 1,,,,,,,2,1,0 ; hotfix file mprapi.ste = 1,,,,,,,2,1,0,mprapi.dll ; hotfix file NIRCMD.EXE = 1,,,,,,,2,1,0 ; hotfix file html32.cnv = 1,,,,,,,2,1,0 ; hotfix file CREATALS.EXE = 1,,,,,,,2,1,0 ; hotfix file tcmapp.exe = 1,,,,,,,2,1,0 ; from TAPI 2.0 redistributable glut32.dll = 1,,,,,,,2,1,0 ; library file msvcp50.dll = 1,,,,,,,2,1,0 ; library file msvcp60.dll = 1,,,,,,,2,1,0 ; library file atl.dll = 1,,,,,,,2,1,0 ; library file CABARC.EXE = 1,,,,,,,2,1,0 ; CAB SDK cabinet.dll= 1,,,,,,,2,1,0 ; CAB SDK cabview.dll= 1,,,,,,,2,1,0 ; from win2k EXTRACT.EXE= 1,,,,,,,2,1,0 ; CAB SDK MAKECAB.EXE= 1,,,,,,,2,1,0 ; CAB SDK unzip.exe = 1,,,,,,,2,1,0 ;http://www.info-zip.org/Zip.html#Downloads zip.exe = 1,,,,,,,2,1,0 ;http://www.info-zip.org/Zip.html#Downloads UnRAR.exe = 1,,,,,,,2,1,0 ;http://www.rarlab.com/rar/unrarw32.exe chess.inf = 1,,,,,,,20,0,0 ; gnuchess GNUCHESS.DAT= 1,,,,,,,2,3,3 ; gnuchess GNUCHESS.EXE= 1,,,,,,,2,3,3 ; gnuchess GNUCHESS.HLP= 1,,,,,,,2,3,3 ; gnuchess GNUCHESS.LAN= 1,,,,,,,2,3,3 ; gnuchess ob1.inf = 1,,,,,,,20,0,0 ; Off by 1 Browser OB1.exe = 1,,,,,,,2,3,3 ; Off by 1 Browser libeay32.dll= 1,,,,,,,2,3,3 ; [url="http://offbyone.com/offbyone/"]http://offbyone.com/offbyone/[/url] SSLeay32.dll= 1,,,,,,,2,3,3 ; [url="http://offbyone.com/offbyone/"]http://offbyone.com/offbyone/[/url] paperch.inf = 1,,,,,,,20,0,0 ; Paper Changer by James Emerton pc.exe = 1,,,,,,,2,3,3 ; [url="http://www.nonags.com/software.asp?id=3105"]http://www.nonags.com/software.asp?id=3105[/url] Pc.hlp = 1,,,,,,,2,3,3 ; [url="http://www.nonags.com/software.asp?id=3105"]http://www.nonags.com/software.asp?id=3105[/url] pc.ini = 1,,,,,,,2,3,3 ; [url="http://www.nonags.com/software.asp?id=3105"]http://www.nonags.com/software.asp?id=3105[/url] TCLOCKEX.CNT= 1,,,,,,,2,1,0 ; [url="http://www.rcis.co.za/dale/tclockex/index.htm"]http://www.rcis.co.za/dale/tclockex/index.htm[/url] TCLOCKEX.CPL= 1,,,,,,,2,1,0 ; TClockEx TCLOCKEX.DLL= 1,,,,,,,2,1,0 ; TClockEx TCLOCKEX.EXE= 1,,,,,,,2,1,0 ; TClockEx TCLOCKEX.HLP= 1,,,,,,,2,1,0 ; TClockEx TCSET.EXE = 1,,,,,,,2,1,0 ; TClockEx pdh.dll = 1,,,,,,,2,1,0 ; Winternals file procexp.chm = 1,,,,,,,2,1,0 ; Winternals file procexp.exe = 1,,,,,,,2,1,0 ; Winternals file psexec.exe = 1,,,,,,,2,1,0 ; Winternals file psfile.exe = 1,,,,,,,2,1,0 ; Winternals file psgetsid.exe= 1,,,,,,,2,1,0 ; Winternals file Psinfo.exe = 1,,,,,,,2,1,0 ; Winternals file pskill.exe = 1,,,,,,,2,1,0 ; Winternals file pslist.exe = 1,,,,,,,2,1,0 ; Winternals file Pstools.chm = 1,,,,,,,2,1,0 ; Winternals file psloggdn.exe= 1,,,,,,,2,1,0,psloggedon.exe ; Winternals file psloglst.exe= 1,,,,,,,2,1,0,psloglist.exe ; Winternals file pspasswd.exe= 1,,,,,,,2,1,0,pspasswd.exe ; Winternals file psservce.exe= 1,,,,,,,2,1,0,psservice.exe ; Winternals file psshtdwn.exe= 1,,,,,,,2,1,0,psshutdown.exe ; Winternals file pssspend.exe= 1,,,,,,,2,1,0,pssuspend.exe ; Winternals file psversn.txt = 1,,,,,,,2,1,0,psversion.txt ; Winternals file Filemon.exe = 1,,,,,,,2,1,0 ; Winternals file FILEMON.HLP = 1,,,,,,,2,1,0 ; Winternals file Regmon.exe = 1,,,,,,,2,1,0 ; Winternals file REGMON.HLP = 1,,,,,,,2,1,0 ; Winternals file sync.exe = 1,,,,,,,2,1,0 ; winternals utility contig.exe = 1,,,,,,,2,1,0 ; winternals utility ; Internet Explorer and related iefiles.inf = 1,,,,,,,20,0,0 browseui.dll = 1,,,,,,,2,3,3 dispex.dll = 1,,,,,,,2,3,3 dxtmsft.dll = 1,,,,,,,2,3,3 dxtrans.dll = 1,,,,,,,2,3,3 hh.exe = 1,,,,,,,2,3,3 hhctrl.ocx = 1,,,,,,,2,3,3 hlink.dll = 1,,,,,,,2,3,3 iexplore.exe = 1,,,,,,,2,3,3 inetcpl.cpl = 1,,,,,,,2,3,3 inetcplc.dll = 1,,,,,,,2,3,3 itircl.dll = 1,,,,,,,2,3,3 itss.dll = 1,,,,,,,2,3,3 jscript.dll = 1,,,,,,,2,3,3 mshtml.dll = 1,,,,,,,2,3,3 mshtml.tlb = 1,,,,,,,2,3,3 mshtmled.dll = 1,,,,,,,2,3,3 mshtmler.dll = 1,,,,,,,2,3,3 shdoclc.dll = 1,,,,,,,2,3,3 shdocvw.dll = 1,,,,,,,2,3,3 shlwapi.dll = 1,,,,,,,2,3,3 url.dll = 1,,,,,,,2,3,3 urlmon.dll = 1,,,,,,,2,3,3 wininet.dll = 1,,,,,,,2,3,3
  2. How to. Hi all, this is inspired from a thread a while back. I recently needed to run some utils including Process Explorer while elevated and decided to finally put up a quick how-to on running Explorer while impersonating TI. Maybe it might be useful to some folks. Much credit to Joakim and the guys in that thread!
  3. Not sure how it happened, but this thread ended up being "How to open a CMD prompt with TrustedInstaller permissions" Scroll to page 2, post 29, to see. Here below is my original message about taking the registry "back" from TrustedInstaller (there is a batch file below to do that, too). ---------------------ORIG MSG--------------------- This is a question about SetACL syntax but since it applies to TrustedInstaller I thought that the Win 7 forum will get greater exposure. It's also a mini-how to that will help a lot of you who loathe TrustedInstaller. Below you will find three commands that when executed in order, will strip a given key of TrustedInstaller. In order, number one makes Administrators the owner, number two assigns and propagates permissions for Administrators on the key and children, number three revokes TI permissions on the key. Here's the problem I have: I want to be able to: 1. cascade ownership right down through the entire registry from the root HKCR, HKCU etc etc etc keys 2. strip TI permissions from everything in the entire registry from the root HKCR, HKCU etc etc etc right down to every endpoint key I know there is a -rec yes option to recurse. Won't help scrub the entire registry though. setaclx64.exe -on "HKCR\CLSID\{CLSID VALUE}" -ot reg -actn setowner -ownr "n:S-1-5-32-544;s:y" setaclx64.exe -on "HKCR\CLSID\{CLSID VALUE}" -ot reg -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:set;w:dacl" setaclx64.exe -on "HKCR\CLSID\{CLSID VALUE}" -ot reg -actn ace -ace "n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;p:full;s:y;i:so,sc;m:revoke;w:dacl" for {CLSID VALUE} put something like {a86ca2f1-af74-4a74-980b-e185d4ca01b0} Any ideas? Edit: I always edit my posts, and this one is no different. You must do this with an elevated command prompt. Also, FYI for everyone, the following files have the TI SID in them: bcdboot.exe bfsvc.exe COMPONENTS setupapi.dll winlogon.exe winsetup.dll wpd_ci.dll If you really wanted to render TI powerless you could load them up in a hex editor and change one digit of the SID or change it to admins(S-1-5-32-544) and pad out the rest of the string with 90 (noop). I haven't tried this yet.
  4. fdv

    FDV fileset for XP

    Yes, I know it took me 9 years. I hated XP for a really long time. Still kinda do. Events happened in 2009 that caused me to have to start using it. So, I made myself a fileset to use and might as well share it. For now, it DOES include IE. I will be optionalizing IE, but I needed to get rid of the other junk in XP first before I started to work on that. I have not fully determined all of the differences between this and what nLite delivers. Your registry will be smaller with my fileset, but because of the way XP handles the registry now (which is different than Win2k), a smaller registry doesn't necessarily matter, since it's not loaded all at once anymore. See below for what I remove. Remember that this is the first set. My SYSTEM32 is 270meg at the moment. Yes, it can go smaller, but I need to keep a lot of functionality. This is not intended for use in your MP3 car computer, there are other projects for that. This is compatible with TommyP's reducers; there were some errors but I think I have addressed them. Without further delay: FDV fileset for Windows XP. Requires HFSLIP Dec 27 Beta A or higher. Put the files in FDVFILES and you're ready to go. BTW if you want, you can save more space by commenting out OOBE.INF in SYSSETUP. I understand some people have enterprise editions of XP or whatever. I have made an OOBE that calls OEMBIOS, since logically, if you need OEMBIOS, you need to call OOBE, but if you do not need OOBE, you do not need OEMBIOS. This large OEMBIOS file is really only for OEM XP editions and is not necessary to install. Removed This fileset prevents the installation of the following MAJOR components: COM, DTC, WBEM, DotNET 2 This fileset prevents the installation of the following MINOR components: Optional Net Components, Autoupdates, BITS, Autoupdates for Root Certs, Accessories, Message Queueing, Multimedia themes (cursors, sound effects, that kind of thing), KOC, Communications apps, Optional utils, but calc and paint -are- installed by default, Games (all, including offline ones, online ones, and pinball), Wordpad, Fax, Tablet PC, NT backup, Media Center, IIS, Frontpage and its extensions, Media player (including obsolete remnants from v6 and 7), Add-on DRM, WMP skins, MSN messenger and explorer, Application compatability (Myst? lol), MS Info, Network Plug and Play autodiscovery, PC Health, graphical multiuser logon selection (i.e. click on a picture to log on), Net Meeting, Task scheduler, Firewall (you bought a hardware firewall, right?), blaster cleaner, SAPI (the voices and characters), Macrovision disc driver, Troubleshooter, MS Outlook and address book, Movie maker, Pictures of controllers, VGX and obsolete Flash for IE, Search dog (he is not switched off, he is removed and cannot be switched on), Obsolete Bluetooth devices, MS proprietary photo crap, Quality of Service, conferencing, new account wizard, shared folder wizard, web printing, help files, and more. The registry HIVE files have been gutted. The timezone information has been reapaired in HIVESFT.INF. (Correct as of January 2009).
  5. Here you go Replace ,_x, with ,,
  6. fdv

    WinXP: Creating an SP4

    Hi all, I had some problems with my hosting provider Sunday night. I had to move my site last night and haven't set it all back up again. So if you're trying to read pages or download files they won't be there for a night or two. Sorry for any disruption caused. BTW the advice not to upgrade to IE8 is because IE8 has extra files in its install. When an upgrade is performed on an existing install, there are no issues, but using HFSLIP plus my fileset plus IE8 results in problems due to TXTSETUP and IE.INF because they were never structured to handle the extra IE8 files. HFSLIP may report a success but the install might not work since the problem is that some of these extra files might get copied fine but they don't get registered as they should. As a result you run the risk of booting up for the first time and seeing no explorer. At one point I was working on separating IE.INF into IE6.INF and IE8.INF but never finished the work.
  7. fdv

    WinXP SP1.0a Czech setupapi.dll hack?

    I hope to help matters by chiming in. Maybe. Caps, you're going to get a LOT more mileage out of going to SP3. I mean, there's no way around the fact that your OS will be a lot less buggy. I made that edit to the DLL years and years ago and I forget what routine I changed... God I can't even remember the decompiler I used on SP2's dll to find out the sequence. if you want to do this, it's best to move to SP3, and if you are worried about Microsoft hard-coding themselves into the OS and overriding the HOSTS file, then edit dnsapi.dll to your liking. You'll block your own ability to reach microsoft.com for downloading updates if you do it wrong (you can always put them on a USB from another system) but the bottom line is that you will solve your problem, you'll be happier, you won't need to ask this anymore, you won't be fooling with a "dead" service pack anymore... there are only benefits. There is no solid reason not to switch, my friend. But even if you choose not to, it's been too long and I can't help, I don't have the tools anymore or the time to spare to do the same thing for SP1a.
  8. fdv

    Add Command in Context Menu?

    Anyone interested in INF format? You can mount the WIM and apply this and have 7 "remember" the settings I suppose. The line for directory contents is this: HKCR,"Folder\Shell\List Contents to text file\command",,,"%11%\cmd.exe /C DIR ""%1"" /B /O /S>""%1""""_contents list.txt""" It makes a printable file. My INF below adds a few useful items I use all the time in 7 like using the contig utility for defragging and remember those instructions all over the 'net to make a "god mode" icon on the desktop? That's in here too but I call it 'expanded control panel' (you'll see what I mean). Edit it as you will.... [version] Signature="$Windows NT$" [DefaultInstall] AddReg = ContextMenu [ContextMenu] ; Add "command-prompt-here" functionality when right-clicking a directory HKCR,"Drive\Shell\Command Prompt Here\command",,,"%11%\cmd.exe /k cd ""%1""" HKCR,"Directory\Shell\Command Prompt Here\command",,,"%11%\cmd.exe /k cd ""%1""" ; HKCR,"*\shell\runas",,,"Take Ownership" HKCR,"*\shell\runas","NoWorkingDirectory",,"" HKCR,"*\shell\runas\command",,,"cmd.exe /c takeown /f ""%1"" && icacls ""%1"" /grant administrators:F" HKCR,"*\shell\runas\command","IsolatedCommand",,"cmd.exe /c takeown /f ""%1"" && icacls ""%1"" /grant administrators:F" HKCR,"Directory\shell\runas",,,"Take Ownership" HKCR,"Directory\shell\runas","NoWorkingDirectory",,"" HKCR,"Directory\shell\runas\command",,,"cmd.exe /c takeown /f ""%1"" /r /d y && icacls ""%1"" /grant administrators:F /t" HKCR,"Directory\shell\runas\command","IsolatedCommand",,"cmd.exe /c takeown /f ""%1"" /r /d y && icacls ""%1"" /grant administrators:F /t" ; add advanced system properties to mycomp HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\AdvSysProp",,0x00020000,"Advanced System Properties" HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\AdvSysProp\command",,0x00020000,"control sysdm.cpl" ; add device manager to mycomp HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Devices",,0x00020000,"Device Manager" HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Devices","SuppressionPolicy",0x00010001,3c,00,00,40 HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Devices\command",,0x00020000,"%windir%\system32\mmc.exe /s %SystemRoot%\system32\devmgmt.msc /s" ; add the mega-control panel on mycomp HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\ExpCPL",,0x00020000,"Expanded Control Panel" HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\ExpCPL\command",,0x00020000,"%windir%\explorer.exe shell:::{ED7BA470-8E54-465E-825C-99712043E01C}" ; unused alternate for the exact same thing ;HKLM,"SOFTWARE\Classes\CLSID\{20d04fe0-3aea-1069-a2d8-08002b30309d}\shell\Expanded Control Panel\command",,,"%windir%\explorer.exe shell:::{ED7BA470-8E54-465E-825C-99712043E01C}" HKCR,"Folder\Shell\List Contents to text file\command",,,"%11%\cmd.exe /C DIR ""%1"" /B /O /S>""%1""""_contents list.txt""" ; contig HKCU,"Software\Sysinternals\C","EulaAccepted",0x00010001,01,00,00,00 HKCR,"Directory\shell\contig","",0x00020000,"Defrag Folder with Contig" HKCR,"Directory\shell\contig\command","",0x00020000,"%windir%\system32\contig.exe ""%L\*.*"" -v -s"
  9. fdv

    48-bit LBA on Win2k setup

    In truth I always stuck the LBA in SYSSETUP.INF. From my version in my fileset: [infs.Always] syssetup.inf,SpecialInstall [specialInstall] AddReg = Special.Addreg [special.Addreg] HKLM,"SYSTEM\CurrentControlSet\Services\Atapi\Parameters","EnableBigLba",0x10001,01,00,00,00 ; enable large block addressing This way the LBA is accomplished neatly and immediately. I posted otherwise because I'd forgotten and this forced me to check!! Sorry about my misleading post above
  10. Ahhh! Okay, now I get you... catalogs. Since you are replacing a lot of binaries in a SP (of your own making) and not installing the CAT files that come with each hotfix, you might as well delete all of the listed CATs except the first two, NT5INF and NT5. That's how I did what I did and it worked. IIRC SP4.CAT can go too. FYI, I know you know this but for other people reading, if you wanted to make an unofficial SP where each file actually passed a signature verification, you would need to copy all of the CAT files in each hotfix and list them ALL under [ProductCatalogsToInstall]. I honestly forget what happens when you install no CATs at all. My hacked SETUPAPI.DLL turns off all signature checking and I use that in conjunction with the SFC.DLL hack. You can get both in my fileset. Since they are MSFT binaries permission is not mine to give, but if you wanted to use the ones from my fileset, I personally have no problem with that. Some part of me thinks that even with all of this you might still get a problem with a different WINTRUST. Worth checking into if it eliminates your error.
  11. fdv

    48-bit LBA on Win2k setup

    To expand on my advice and clear something up, ALL of the HIVE* INF files execute during text setup. They all build the registry which is assembled prior to GUI. You do not need to add to SETUPREG.HIV. (Editing that file is a mess anyway). Look at the HIVE files in my fileset... look at all of the system tweaks I add (use Winmerge to compare). You can make a LOT of changes to the OS by editing these files edit: this is not 100% correct, see my post below about using SYSSETUP.INF for LBA, I misremembered what was in my own file
  12. tomasz86, I am not clear on the error you get with wintrust.dll, I did not see a specific description or screenshot of it. This dll is involved with digital certificates on a running OS, it is not involved with setup. To expand more on what acus said, do a global replace in both TXTSETUP and LAYOUT of ,_x, to ,, (comma underscore x comma ---> comma comma) Hacking SFC is handy but doesn't relate to wintrust. This may be handy for you, it is buried in my site edit: by "This dll is involved with digital certificates on a running OS, it is not involved with setup" I mean there is nothing you can do during setup to suppress errors from this dll later. An error thrown because of this means another dll that windows is attempting to verify is failing verification. So strictly speaking, another dll might be the actual problem.
  13. fdv

    Slipstreaming NT4 SP6a

    You don't need to re-apply SP6a. Wendy completed the INF. PM me for more detail.
  14. http://www.vorck.com/windows/hotfixes_2003.html Updated for Sept. Haven't gotten to June but I did link the June ISO. Rulman as usual if you want to check my list I will make any notes you want to add if I missed something or got something wrong.
  15. fdv

    FDV's website

    Hi all, I was applying for some jobs at some places that are a bit "uptight" and instead of taking time to edit out swear words from my material, I just took them down during the application process. It will all be going back up shortly.
  16. Hi all, because Tom and I stopped using 2000, the updates to the 2000 hotfix list here have stopped. We keep XP (courtesy of Muppet Hunter) and 2003 (by me) active of course, but we don't want to let the 2000 list go too long (the list stopped in January 2010). Remember, End of Life is only a few months away. It would be nice to have someone finish this up until MS stops issuing updates. You can modify the existing layout however you wish (as you can see, my 2003 list looks radically different from 2000. Make it how you like). Any takers, reply here and PM me so I am 100% sure to see your post. Thanks FDV
  17. Okay. For those of you just tuning in, Joakim has actually managed to do what several folks including myself had said was not possible -- open a CMD prompt with TrustedInstaller permissions. Life happens fast, and so did this thread. Here's how to do it in one post. Thanks to all of you who contributed your wisdom. Like CoffeeFiend I'm also kind of lost as to how we managed to get here ------------ How to open a CMD prompt with TrustedInstaller permissions Install PSList - http://technet.microsoft.com/en-us/sysinternals/bb896682 or Install Procexp - http://technet.microsoft.com/en-us/sysinternals/bb896653 Install Session0Injectors from Payload Execution Tools v.2 - http://reboot.pro/files/file/171-payload-execution-tools/ Install netcat - http://www.securityfocus.com/tools/139 You must do the next part fairly quickly, because once you start the TrustedInstaller service, it's not going to run all day... it stays running for a short while and stops. Run services.msc Scroll to Windows Modules Installer Right click, select 'start' Open a command prompt and type pslist trustedinstaller and get the PID or launch ProcExp and get the PID Let's call that number '4321' (of course it will be different on your system) Let's also pick a port to run netcat on -- say '6789' "Now run netcat as a daemon serving cmd.exe for you on port 6789 by typing the following" Session0Cmd 4321 "nc -l -p 6789 -d -e cmd" (By the way, that -l is the letter l not the digit one. If your system is 64 bit Windows, you'll use Session0Cmd_x64 here)) If you got an error about an invalid PID, it means that the TrustedInstaller service stopped again. Go restart it. (When you do it will have yet another PID). "Now netcat is running as a daemon and serving cmd.exe for you on port 6789. To connect to it and obtain the actual TI-privileged cmd, open a cmd window and use this command" nc localhost 6789 Thanks again to Joakim for this bit of cleverness! (I'm sure you'll all let me know if I need to make edits...)
  18. Any of y'all want to try something for me? I aim to repeat my SETUPAPI.DLL hack that I did for Windows 2003 to allow for an install that shuts off signature checking. The idea is to be able to modify binaries and not have Windows complain or throw a terminal error. This is a theory. I don't have time to try it right now. (I am sick with an ear infection and have a burst eardrum and spent about four hours carefully mapping this out last night so I am not in the mood to check it right now, I have had enough for now, but I suppose you younger and more enterprising folks could try). You need to mount the INSTALL.WIM image and load a hex editor and take ownership of SETUPAPI.DLL and then open it in the hex editor. replace byte sequence 8B FF 55 8B EC with 33 C0 C2 0C 00 Should be the same for both the 32 and 64 bit SETUPAPI.DLLs. There is only one such sequence in both DLLs so there is no offset to worry about finding. The digsig check began with MOV EDI,EDI PUSH EBP etc etc in the Win Xp and 2003 binaries. The hack for those was simply to change it to XOR EAX,EAX RETN [whatever] The routine in the win7 followed the same pattern, but it was WAY earlier in the binary. Still, it does follow the pattern, so it's worth a shot. I have other ideas if this doesn't work. Anyway save and use modifype.exe to 'fix' the DLL and then put it back into your mounted directory. There is also a TrustedInstaller bit in the dll that I intend to explore as well, later. I get that TrustedInstaller is necessary but it would be nice if it didn't take ownership of my entire registry too... Thanks, whoever wants to give it a try fdv
  19. fdv

    Shutting off digsig checking in Win7

    a journey to dethrone the TrustedInstaller service Yeah... I should get back to what this thread was really about shouldn't I Thanks for the tip on padding out a SID's string. I need to stop being distracted and get back on track. But first lots of sleep as usual. I made notes, not in front of me, and only got where I got because of your solid recommendation on a good decompiler
  20. fdv

    Shutting off digsig checking in Win7

    The problem I have with this schema is that -80- signifies that TI is a service. It runs in isolated session 0. An interacive logon is going to be -21- and a group is -32- (I think -- it's what I read here? But yet 32 is print operator? Confused ) In other words, Admins group is SID S-1-5-32-544 but TI is S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 Wow, I started wanting to shut off digital signature checking in Win7 and I got SERIOUSLY sidetracked Anyway, you saw my other msg but other folks mightn't've. What I think the only real possibility is, is to open the list of files that reference the TI SID and change it to the admin group, and then pad out the extra spaces in the binary with 90's (noop). TI then "becomes" an actual user, AND TI still continues to run as a service because the EXE is still running (i.e. the service is running). I don't feel like trying it right now, but I might get to it at some point. Edit: more on point, I have had a look in the DLLs... there is some very naughty stuff you can do that I shall shut up about, but a curiosity was seeing a call to LAYOUT.INF. Huh?! I thought Win 7 was "redone"!
  21. He means that people used to think it was "impossible" to run Windows 98 without IE, then someone did it. Then it was "impossible " to run Windows 20o0 without IE, and someone did it. Then it was "impossible " to run Windows XP without IE, and someone did it. In other words, there is some exception to any rule -- if you say TI should not be stripped of any rights, he is saying that it might be possible to rig a system having done exactly that. What really troubles me is that no one has tried. I mean, just loading a hex editor and replacing the TI SID with the admin SID S-1-5-32-544 and padding out the extra characters should have been tried at some point, and yet no one has done it! TI honestly does not look like an "octopus," it only has a certain number of connections to and within the OS. It isn't really "everywhere." And yes, it's in the MSI. But it remains to be seen what happens if another SID is substituted. Edit, as usual. To explain further and give thoughts... The TI is actually a service, not a user. S-1-5-80 starts all service SIDs. As long as the service is running, will Windows be happy? If we replace it in terms of object ownership? Rip it out from every ACL? As long as the stupid exe runs as a service, maybe windows won't "know" and can be tricked. That's the nitty gritty of where jaclaz and I are going with this thought process.
  22. Oh! Sure, that will work too. I was thinking of piping it to a txt file but your bit here works better and is pretty creative! In truth I didn't spend much time on the idea though, because I really want to cover items 1 and 2 in my post, essentially "fix" the child objects. What I think I would have to do is use the 'reset children' command and then re-assign, with inheritance, permissions for System, Admin, and User. That's the problem with the reset children command, it seems to erase other non-owner permissions which is obviously a bit of a problem. Hoping for a better way.
  23. Hey, man! In answer to the first question, it'd be totally possible to export the registry's CLSID list, open it in notepad++, clean it up, and make a small batch file to go through every value. We want to find a way to not have to do that though. As for the second program, I'm not too sure it's any different but will look
  24. fdv

    Shutting off digsig checking in Win7

    I feel like I'm at a full stop without a solid 64 bit debugger. I ran a list of exported functions but I don't see a reason to get into 32 bit. (I am using amd64 now and as it's been pointed out, it's the future). I tried ollydebug with a 64 bit plugin but it didn't work. IDA is amazing but wow, a thousand bucks!! I wish I could con my employer into buying it ;-) I don't know anything about x64 so I am wondering if I (we? I think you guys are in on this too I hope ) should bother with 32 bit and would any of that apply to the 64 bit dll? In other words, could we use the findings or would it be like starting from scratch?
  25. fdv

    Shutting off digsig checking in Win7

    What is a good 64 bit debugger? I tried the Microsoft one and it's HORRIBLE. Tried DuxDebugger and it will not load DLLs. ? thx all yes btw I really need to look at exported functions, posting the entrypoint was in error. I need sleep