Tihiy
Content Type
Profiles
Forums
Events
Posts posted by Tihiy
-
-
Simple. I've just read technical CAN buletin mentioned in article.
It says integer overflow occurs in LoadImage() function when dwResSize value (4-bit) exceeds maximal word (2-bit) value. If dwResSize will be ~FFFFFFFF (-1) then malicious code can be executed.
So, hacked version of user32.dll has patched import table which LoadImage() points to loader written in "unused" space. It loads Ti......DLL and gives it control.
Check function in Ti......DLL opens icon file and checks if dwResSize>maximal word value. If it is, function fails (so virus won't be executed). If it does not, it transfers control to User32.dll original LoadImage() pointer hardcoded.
[if i had Windows sources i believe it's just 1 line of code to add
But, because Win9x developer team is killed, (
) stupid NT developers trying to write a 16-bit memory hook which do the same, but:- It will consume 16-bit handles, bad
- It won't protect machine until loaded
- When unloaded, will crush everything]
So... if ^^ that was you wanted
? As I as said before, this update isn't critical.AND MY UPDATE SHOULD BE TESTED WELL IF WILL BE INCLUDED SOMEWHERE.
0 -
Yeah, looks like they released new version.
But seems it still present as [hidden] task! (Maybe check msconfig?)
Somebody tested? [i'm still thinking my version is better]
0 -
Just like Windows XP will read FAT32 even if it's NTFS.
Syntax error
0 -
Sorry, there is no other way.
You can place shortcut to shutdown into start menu and assign shortcut.
0 -
HA! Now you are dreaming. The FAT32 file system isn't capable of it first off.
So you want to say that Windows XP x64 won't work with FAT32?
0 -
Good job, Tihiy.
But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK?
Of course. How can I do not care about RP users?!
That version will simply have no effect if installed on Revolutions Pack.
0 -
Hi Tihiy,
Looking good!!
Is there a way to hook in shutdown.exe to thestart menu button, so when I click the start button/shutsown, I get your proggie?
Beta test is over. All found bugs fixed. New shutdown dialog is present by default in Revolutions Pack since 2.5.Please, do not bump old topics.
0 -
The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows.
Have you tested?
0 -
erpdude8, stop crying like baby.
Beta test is over. All found bugs fixed. New shutdown dialog is present by default in Revolutions Pack since 2.5.
You can download standalone version if you want:
0 -
Silently updated it to add qfecheck entries for compatibility with original hotfix.
0 -
Yes... That stupid bug that wasn't actually critical for 9x/ME is closed now. By me. Without lockups or something like.
It was already fixed in 98 Revolutions Pack, but i've separated fix from it and proud to release it here. Spread it worldwide.
(do not link directly please!!!)
Gape: notice that it's 98 user32.dll 4.10.0.2231 version hacked; it's version changed to 4.10.0.2232 to supress errors after installation.
USER.EXE remains unchanged; it's included only for user32.dll compatibility.
If you will include it to Service Pack (hope so), note that Windows won't work propertly without Ti891711.DLL.
Revolutions Pack users: you don't need that update.
0 -
Thx u very much
0 -
I think it's just useless to download every (especially RC) version of SP.
0 -
He PM'ed. I'm finishing version 2.5 and I think we'll talk about next release versions.
0 -
When Unofficial SP will allow "normal" (2k/xp SP-like) slipstreaming?
0 -
Because I'm lazy
The only reason is that I just got this hot-fix a few days ago. Hopefully, it will be in the RC3.
Ah.. RC again?
0 -
Microsoft Windows 98/98 SE Slow Office DOCs + Korean HTML Pages KERNEL32.DLL (build 4.10.2001 for Win98/98 SP1 + build 4.10.2225 for Win98 SE) Fix:
http://ftp.mdgx.com/files/Q320798.EXE
Kernel32.dll from SP2 RC2 is 4.10.2224. Why?
0 -
Ammbr... read readme.txt's. Usual (everyting optional):
0) Install IE
1) Install Unofficial Service Pack
2) Install 98SE2ME
3) Install Revolutions Pack (requires "0)")
0 -
When you click "Connect Network Drive" somewhere in menu or toolbar, which dialog appears? Standard small 95/98 window with drive names list or wizard like in 2000?
0 -
Hm. If "Standby" option enabled (Is it enabled on non-ACPI systems?) and isn't working, please check if "powrprof.dll" is present in \windows\system. Don't bother yourself, i'll try to find a method to standby old systems.
0 -
Hm. Create file with .reg extension. Add
REGEDIT4
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New]
@="{D969A300-E7FF-11d0-A93B-00A0C90F2719}"Run.
0 -
I've seen problems with 98SE2ME, especially on localized (Russian) 9x Windows. I'm not bashing it, but I think it should be more... customizable. For example, installing fonts and updated keyboard layouts can cause problems that i've seen.
0 -
It not an error...
And why do you think that I'll just place them on 1 page? Requires more elegant solution.
0 -
Will think about it.
0
) stupid NT developers trying to write a 16-bit memory hook which do the same, but:
? As I as said before, this update isn't critical.
New Features of Version 2.0
in Windows 9x Member Projects
Posted
Hi, superscotty19
If something about RP confuzes you, ask me.
The newer versions of RP (since 2.1) are separated into few parts,
- Basic (32-bit icon support)
- Shell Update (yes, it actually uses some Windows ME files)
- Toolbar Patch (32-bit icons for toolbars)
so you don't need to extract anything.