Content Type
Profiles
Forums
Events
Posts posted by Dibya
-
-
Well guys I can't get printdemon to work under XP .
https://github.com/BC-SECURITY/Invoke-PrintDemon
Is XP already Exorcises this demon?
Need some confirmation .
Some one run and see this powershell script.
0 -
On 5/23/2020 at 8:08 PM, jaclaz said:
Probably in Cheshire:
https://en.wikipedia.org/wiki/Ashley,_Cheshireand here we have a rare image of the Cheshire cat:
jaclaz
This image will Get YOU NIGHTMARE!
0 -
I am still in process of figuring out repacking , Hopefully i will fix it soon
0 -
use https://neosmart.net/EasyBCD/ to add back boot loader. its a yearly ritual for me .
0 -
22 hours ago, Sampei.Nihira said:
FranceBB wrote:
Presumably I.E.9 x86 on Windows Server 2008.
What is the version number of jscript.dll after applying the patch?
Have other files of I.E.8 also been updated by the patch?
Well it is not a port of newer jscript , it patches out vulnerability in windows XP IE8 file .
i never said as such to FranceBB i think its a miss understanding
JScript of vista will require expansion of kernel with new api , which i am not willing to do since it may break old XP only programs
implementation of patch is unique as it prevent any such vulnerability .
CVE2020-0674(0 Day) is variant of CVE2019-1429(0 Day)
0 -
-
1 hour ago, Sampei.Nihira said:
Go Dibya.
Has anyone applied both patches, or even a single patch?
Let me fix the uninstaller first . @win32 pointed it out. Then if theirs a bug anyone can uninstall it .
Well anyone have any idea how much dangerous CVE-2020-1048 is .
https://windows-internals.com/printdemon-cve-2020-1048/
In Their blog ,
https://blog.0patch.com/2020/05/micropatching-printdemon-vulnerability.html
0patch Fix mentions LcmCreatePortEntry but nowhere IDA Pro , Relyze & PEExplorer find such reference .
0 -
-
CVE2020-0674(0 Day),CVE2019-1429(0 day) are variant of each other . Microsoft did some quick fix but bad guys can easily work around it so i made a own patch to harden it.
I have carefully studied work of 0patch but their patch is kill switch for JScript.
So I made my own work around to fix it .
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html
My patch in action
https://i.ibb.co/jhpqgrN/Vulnerability-Fixed.png
It prevents both JSEncode & JSCompat vulnerability (Thanks to 0patch to find out JSCompat too can be used)
Edit: I had no intention to share this patch but shared it as my friends asked me to .
Some people likes to judge on basis of your age not your skill . Mastering x86 Assembly takes time .
People are using my patch in wrong way then blaming me , Like using nlite addon without nlite despite knowing SFC can replace back original files from SP3.cab
Many russian and chinese devs copied my RAM patch without my consent .
one of my friends sent me
''I tried this too before. Don't expect too much from it as it was made by some teenage indian dude lol" Sounded racist to me .
First they are dump to use nlite addon in wrong way and blame me without disabling SFC.
In future , I will keep my patches to me . Why shall i bother ? WHat is the use of sharing and caring philosophy ? why shall i waste my bandwidth which i could use to watch anime ?
0 -
kb3124624-v2:
Fixes: CVE-2020-1035, CVE-2020-1058, CVE-2020-1060, CVE-2020-1093,CVE2020-0674(0 Day),CVE2019-1429(0 Day)
kb4056941v2:
Fixes: CVE-2020-0938(0day), CVE-2020-1020(0day)https://ryanvm.net/forum/viewtopic.php?f=25&t=22749
6 -
StructuredQuery.dll doesnt exists in XP how 0patch fix CVE-2020-0729 when it doesnt exists in XP.
anyone know hotfix repacking ?
0 -
You need to code cave some implementations. It's a complex process so hard to explain.
0 -
19 hours ago, WinFX said:
Yes, in firefox 12 I have that error. I use the blackwingcat kernel32 addresses for Windows 2000, which does not call any instructions, instead the one from SP3 calls NTDLL and I don't know if it works.
I Fixed "No more room for sections" bug in PEMaker with Del Rich.You didn't add any code with hex editor. That's the reason.
I am comparing dlls with sp3 , I am looking out for changes made if any fix needed.
Just wait I will do it for you .
0 -
I think you might have corrupted some code.
Their may be some other changes like dx9 upgrade .
Anyway does already compatible software show same ?
0 -
Kinda actually , Biostar re released H61 chipset motherboard.
You can grab i5 3570 for $20 from eBay .So a new xp compatible computer under $150 is very much possible.
2 -
Give me some time I will do it .
0 -
Okay we need to expand existing one then.
0 -
You can use Petools by wildbill to add a section before .rsc & .reloc and move export table their . Then use pemaker for everything else .
0 -
ARM processor?
XP clone ?
Are they kidding? Who gonna use it .
0 -
You need to add another section and move your export table there <3
If you don't mind, pm me your ntdll & kernel32 I will do it for you .I personally too like Windows XP sp1 over sp2.
0 -
CVE-2020-0668: Disable Windows Service Tracing
CVE-2019-1089: Disable RPC
CVE-2020-0645 : Disable IIS
CVE-2020-0772,CVE-2019-1315, CVE-2019-1339,CVE-2019-1319: Disable Windows Error Reporting
CVE-2020-0787 : Disable Bits
CVE-2019-0887,CVE-2019-1108,CVE-2019-1089,CVE-2019-1177,CVE-2019-1333,CVE-2019-1326 : Disable RDP
CVE-2020-0770: Disable Windows ActiveX Installer
CVE-2020-0822 : Disable Windows Language pack installer
CVE-2020-0781, CVE-2020-0783 , CVE-2019-1405 : Disable Universal Plug & Play
CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632 : Disable Windows Search Indexing1 -
On 4/17/2020 at 4:51 PM, Sampei.Nihira said:
Hi,did you perform a code fix or a rename of ATMFD.dll?
Code fix
0 -
Atmfd vulnerability fix is already made by me . I am trying to find someone willing to test it .
0 -
I need someone to repack my updates in update installer. heinoganda always did for me but looks like he is inactive . @heinoganda
0
NTDLL-XEC - My enhanced version of NTDLL
in Windows 2000/2003/NT4
Posted · Edited by Dibya
Don't use Export table tester to add export .it will cause certain tables to break . Never add a section after resources table in NT system files
Use Petools to move Table to new section before .reloc then add anything you like.
If you are not using vanilla file , then wildbill/bwc shall have enough space .
Use the blank space inside .TXT , no need to add another section for code