harkaz
Content Type
Profiles
Forums
Events
Posts posted by harkaz
-
-
@Mister Floppy It will not be at the same offsets in German win32k.sys, you have to search the sequence of bytes before the patch to locate the exact offset in Hex editor.
0 -
@glnz I understand your frustration. Unfortunately, I don't have enough time to repeat the process for all XP languages or explain in thorough detail.
0 -
I don't think that they will release a version lower than 6734. The win32k.sys revision number was incremented by 21 in Server 2003 and should be the same with NT5.1 That's why I chose 6733.
0 -
@Atari800XL Creating your own catalog file for your patched, language-specific win32k.sys is required. Also, update the update.ver file with the new checksums.
Otherwise, use the same zip structure.(Make sure it's language-specific)The version to patch is: 5.1.2600.6712 (botched KB3013455 from Microsoft Update catalog)
Make sure you increment the version number at least by one (i.e. minimum 5.1.2600.6713)
ADDED (forgot): Also, patch the language-specific update.exe to accept modified update.inf file, and use language-specific installation files.
0 -
A visual explanation of the patch:
0 -
Patch is ready.
You can try it now. You'll need to have my CA root installed for the catalogs to install (double-click update\update.reg in .zip I uploaded BEFORE running update\update.exe).
Fix: http://s000.tinyupload.com/?file_id=55128295046725465161
2 -
@Outbreaker
Yes, I compared these two files.
I'm trying to create a patch for XP's win32k.sys right now.
0 -
I think I have found a difference:
The order of command execution is reversed.
0 -
@Outbreaker Instead of trying to replace the file, reverse engineer the latest patch and determine what necessary changes are required (if simple patching is possible).
I wish I had more free time to delve into this. (I had started reading some classic books in reversing but I'm busy with many things...)
0 -
I have used Pelles C to compile these 3 EXEs:
WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\ndpsp.exe
WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\setup.exe
WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\dotnetfx.exe
They are placeholders for some MCE disks. They do absolutely nothing (empty WinMain). I don't know why they are reported as malware.
EDIT: The source code is ATTACHED.
0 -
The November 2014 post-SP4 Update Pack has been released.
This update pack must be used with Windows XP SP4 Version 2- integrated media to Clean install Windows XP SP4 + all post-SP4 updates until November 2014 on your system.
Latest Version: 22 November 2014
READ BEFORE DOWNLOADING: UNLIKE ALL OTHER UPDATE PACKS its integration is done in 3 steps:
1. Integrate the 7Z FILE in SP4 media using nLite or RyanVm Integrator. DO NOT perform any other tweaks YET. Close nLite or RyanVM Integrator and proceed with step 2.
2. Copy the CMPNENTS folder from the ZIP FILE to the installation directory.
3A. If you're using HOME Edition copy the HOME\I386\hivesft.inf file from the ZIP FILE to the I386 subfolder of the installation folder. OR:
3B. If you're using PROFESSIONAL Edition copy the PRO\I386\hivesft.inf file from the ZIP FILE to the I386 subfolder of the installation folder.
WARNING: The post-sp4 update pack, unlike Windows XP Service Pack 4 v2, has undergone limited testing! It's designed primarily for Clean, CD-ROM/DVD-ROM-based installations
This update pack is based on Onepiece's .NET Framework addons and 5eraph's POSReady addon.
Verification Information for the UPDATE PACK:
1. SP4addon-Nov14.7z (22450838 bytes): MD5 - 93216D5D89ED33A314C1D087051DE417
2. sp4addon-manualcopy-Nov14.zip (22658042 bytes): MD5 - A4142AF8D18B8AC59522C0AA6604A246Download from Post-SP4 Update Pack Google Drive folder.
0 -
@submix8c I'm afraid it's not patchable.. I have examined the CAB file and it is signed with a special Microsoft Update certificate. If you sign it with everything else it will redownload the muauth.cab from Windows Update.
0 -
Many thanks to b3270791 for reporting this workaround. This means we have to download Microsoft Update hotfixes for our software and keep them in an HDD because Microsoft may not fix this authorization.xml in the future...
0 -
This must be an issue with the update server. The problem appeared today for the first time, probably after the emergency patch was released. I was installing multiple Office versions in VM before MU broke...
0 -
If you're on a domain make sure you install the out-of-band MS14-068 patch ASAP.
If an attacker gets admin credentials exploiting this flaw you won't be able to fix it with this update.
0 -
Windows XP SP4 Final Version 2.0 is now available!
This version brings fixes to the original Final release:
- Fixes issues with .NET Framework 3.5 and 4.0 servicing. .NET framework is now fully compatible with the .NET Framework repair tool.
- Enables uninstallation of future .NET updates.
- Fixes issues with Rosebud installation and Office 2007
- Fixes issues with Starter Edition slipstreaming
- Fixes issues with Windows Imaging Component registration
- Fixes issues with time reporting in many applications.Download torrent: magnet:?xt=urn:btih:99DF20C41F5EFD46E008ABDAE39FF2BA2243507C&dn=Windows%20XP%20Unofficial%20SP4%20Final&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce
0 -
Download hashes and torrent for the fixed Final version are available.
This version of SP4 Final has undergone extensive testing. It has been tested successfully in the following scenario:
Clean Install -> Install .NET Framework 4.0 -> Install Visual Studio 2005 Standard ENU-> Run Microsoft Update and install all updates -> Install Visual Studio 2008 Profesional ENU -> Run Microsoft Update and install updates (these include some Office 2007 ones) -> Install Visual Studio 2010 Ultimate -> Run Microsoft Update and install updates.
All components have been serviced successfully.
This version fixes:
- A time zone issue reported by GH0st
- An important problem with WIC in CD-ROM installations. This would cause several .NET programs to crash.
- Regression issue with Rosebud 12 and Office 2007 servicing.
- urlmon.dll is missing after slipstreaming.0 -
Removing this key fixes an issue with time reporting in some applications:
HKLM,"System\CurrentControlSet\Control\Session Manager\Environment","TZ",0,"MEZ-1MESZ-2"The next, upcoming SP4 Final fix will address this isue, as well as Office 2007 and Rosebud 12 regression issues.
0 -
I'm preparing a new fixed version and I have removed all files.
The new files will be available soon.
0 -
You can also use the excellent CFF Explorer.
0 -
Windows XP SP4 Source Files have been uploaded to Google Drive. You can download the rar file there and examine these files if you want to create a similar service pack for another language or with a different set of components.
No documentation is provided. Use your own software publishing certificate to digitally sign the modified/updated files.
0 -
This fixit file MUST be used ONLY BY THOSE WHO DOWNLOADED AND INSTALLED THE 28 OCTOBER 2014 FINAL VERSION:
http://www.adrive.com/public/prkHTM/netfx35_fixit.regIt fixes issues with .NET Framework 3.5 servicing!
A new version of SP4 Final is being uploaded to address this specific issue.
0 -
@Phenomic Fortuunately I haven't experienced such issues with the latest version of the package installer.
PS. Gurgelmeyer, the 2k USP5 developer, has disappeared since 2006
0 -
Yes, reinstalling Windows is the best way to fix everything.
If you don't use .NET Framework try installing with .NET FW 1.1 and .NET FW 3.5 disabled by default - use the patched netfx11.inf and netfx35.inf files for this purpose. These files can be found in the Patches cloud folder.
0
POSReady 2009 updates ported to Windows XP SP3 ENU
in Windows XP
Posted · Edited by harkaz
1. You will found the @sc1_InitializeTwilightcontours@12 if you follow the jmp instruction
2. I have done statistical analysis of the differences between the 2 MS patches (Server 2003) and I have found an equivalent patch for the NT5.1 win32k.sys. (It's not the same because the Server 2003 corrective patch is done via a function chunk, while my patch is simply a reversal of the function execution order). So crafting the patch is something more than intuition.
3. Deleting HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\F2C90A445A5E0F0F79AEDEB694D50B9656B24A71 is enough to remove my CA from your system. All files signed with certificates chained to this CA will become untrusted.
4. It is possible to perform SSL hijacking by creating certificates signed with my certificate authority (provided you have the encryption keys of the CA, which you don't). Only if I decided/managed to inject a virus in your system would this be possible.