Great thread! I have been trying your suggestions and they do work (at least on my VM). Now I've just taken a look at the Chinese XP64G 2.1 patch (downloadable here). The executable patches ntkrnlpa and hal.dll on the fly: it doesn't substitute your files with prepatched files, but patches YOUR files (very convenient if you have a localized edition of XP). Now, the interesting part is that I've done a hex compare between pre-patch and patched files, and I've found out that more strings got patched than we have done here on msfn.org. I have attached screenshots for both ntkrnlpa and hal.dll. You can see what the Chinese patch does. What do you think about this?
