Zorba the Geek

I have cracked it! Regular updates for NOD32 Antivirus version 8.0.319 provided by an unofficial update server. Unfortunately the forum rules about circumventing license restrictions prevents me from providing details about how it can be done. However, I hope I can give you some idea of how I did it without being specific and getting myself banned. I found a Youtube video that provided a link in the description for a patch that enables a dialogue box in the update settings in which you can specify a server. The person who uploaded the video had his account terminated after a few days thanks to the vigilance of ESET. I logged the changes made by the patch, and noted that no files are over-written or patched, and only the registry was changed. From this log I made a registry file. After NOD32 AV is installed in the usual way, a well known activation patch is applied in safe mode along with the registry file. Then you enter the address of the server in in the update settings, and update in the usual way. I have yet to see if automatic updates still work. You should note that obtaining virus definitions from an unofficial update server is a risky thing to do, as AstroSkipper has made clear. There could be a legitimate reason for the existence of these unofficial update servers, or they could be run by Russian crooks. Who knows? Later I will demonstrate using the ESET Endpoint antivirus for offline updates if there is nothing involved that could get me banned.

I have decided to remove the information I posted here about unofficial update servers for two reasons. Firstly, these sites could be run by crooks who want to include malware with the virus definitions. Secondly, ESET are hyper vigilant about stamping out methods for obtaining their products without paying for them, so these sites could be shut down. If you have discovered other such sites, or Facebook users who offer regular virus definition packages I advice you not to post links to them here.

You would understand what I want to discuss here if you had bothered to read my list of possible workarounds. Obviously ESET no longer supply virus definitions for versions of NOD32 below 10, but as my original post states there are unofficial update servers which are supplying daily updates that look as if they could be compatible with with these unsupported versions of NOD32. There is also a Facebook user who is continuing to supply virus definitions for ESET Endpoint Antivirus Version 6.5 every three days. As for the other thread where the subject has been extensively treated titled "Which Antiviruses are Known for a Fact to be Working on XP SP3 as of 2019?" this only has your unhelpful comment about uninstalling NOD32, and Leifman's comment about being safe enough continuing to use NOD32 without further virus definition updates.

Eset have ceased to supply updates for versions of NOD32 Antivirus below 10 on 19th September 2022. What to do? I love using version 8.0.319 because it retains the classic GUI, it is light on system resources, and it has some advanced features like anti stealth technology and advanced heuristics, so I would prefer to manually update it rather than upgrade to version 10. Here are some options I would like to discuss: Manually Update Version 8.0319. There are several sites that provide regularly updated NOD32 updates which can be found using a Google search for upd.ver. It is possible that servers for version 4 also include updates for versions 5,6,7, and 8. Here is the most recently updated one I could find. It contains hundreds of files with file names with the nodxxxx.nup format including those with the same file names as those in my installation except more recent. If I wanted to copy over files from this online archive to the AllUsersProfile\Application Data\ESET\ESET NOD32 Antivirus\updfiles folder should I always choose files with file names the same as those I currently use? The file names of the contents of the updfiles folder were different when I first installed NOD32 with trial updates. Change over to the ESET Endpoint Antivirus and utilize offline updating and the updates provided for version 6.5 every three days by a certain Facebook user which I have decided not to link to. It may be necessary to use version 5 under XP. Upgrade to version 10 and either pay for a subscription or else try to copy files from an online archive to the updfiles folder. If using version 10 under Windows XP it means that some features will not work. It may be possible to edit the registry settings of version 8.0.319 to change the server to a location on your hard drive.

I ran into a problem compiling psutils under this custom build of 3.8.1350 for XP. I received the error message Does this mean that this Python interpreter was built using the --without-threads option in order to disable threads? Is there some way under Windows to see a list of the options used to build Python so as to see if the --without-threads option was included? Could cmalex provide a list of the options they used when compiling his custom Python 3.8.1350? The archive of Python binaries provided by cmalex is a mess, so I selected and reassembled the relevant files to make a standard Python distribution which you can obtain here. Pip is not included but it can be installed using the ensurepip module and this command: python -m ensurepip --upgrade I am attaching batch files to write the registry entries that might be required with Python 3.8. They are intended to work in conjunction with the mingw compiler. If you are using MSVC the %PYTHONHOME% variable cannot be used. Python 3.8 Add.bat Python 3.8 Delete.bat

I have made a batch file that will adjust visual effects for best performance which can be inserted into the $OEM$\$1\install folder with an appropriate entry under the GuiRunOnce section of winnt.sif. If that does not work place it in $OEM$\$$\Temp and make a batch file in $OEM$\$1\install to place an entry in the RunOnce key to run visual_effects.bat from the %SystemRoot%\Temp folder. When Windows runs for the first time not all the settings are applied until you log off, and then they are written to HKCU. The settings for "Use visual styles on windows and buttons" are not applied until you click the Apply button and the Themes service is activated, which obviously you cannot do in a batch file. Therefore I logged all the relevant settings that are made when "Use visual styles on windows and buttons" is turned off, and included them in my batch file. The only problem is that the reg.exe of XP/2003 does not support the QWORD data type used in some of the settings. Is there an upgrade for reg.exe we can use for XP/2003? Visual_Effects.bat

I have made a batch file that will adjust visual effects for best performance which can be inserted into the $OEM$\$1\install folder with an appropriate entry under the GuiRunOnce section of winnt.sif. If that does not work place it in $OEM$\$$\Temp and make a batch file in $OEM$\$1\install to place an entry in the RunOnce key to run visual_effects.bat from the %SystemRoot%\Temp folder. When Windows runs for the first time not all the settings are applied until you log off. The settings for "Use visual styles on windows and buttons" are not applied until you click the Apply button and the Themes service is activated, which obviously you cannot do in a batch file. Therefore I logged all the relevant settings that are made when "Use visual styles on windows and buttons" is turned off, and included them in my batch file. The only problem is that the reg.exe of XP/2003 does not support the QWORD data type used in some of the settings. Is there an upgrade for reg.exe we can use for XP/2003? Visual_Effects.bat

Can someone explain in a nutshell how ImportPatcher works so that a newbie can get started with it. I dabbled with it by targeting Python37.dll version 3.7.9150.1013 under Windows XP. First I analyzed with Importpatcher and this is the result I received in Python3#.ini [Patches needed] python37.dll=Functions [KERNEL32.dll] GetFinalPathNameByHandleW= InitializeProcThreadAttributeList= UpdateProcThreadAttribute= DeleteProcThreadAttributeList= GetTickCount64= This is what I received in Python3#.log. I have edited out the imports from everything except those from the problematic KERNEL32.dll and WS2_32.dll to make this post easier to read. ImportPatcher.41 Portable Executable: "F:\Internet Downloads\Python\Python 3.7.9\python37.dll" TimeDateStamp: 2020 Aug 17 19:02:10 OS Subsystem Version: 6.0 Importing from WS2_32.dll TimeDateStamp: 2016 May 10 19:21:18 OS Subsystem Version: 4.10 ? 19 ? 7 ? 111 Importing from KERNEL32.dll TimeDateStamp: 2019 Mar 19 18:39:07 OS Subsystem Version: 4.0 * GetFinalPathNameByHandleW * not found * InitializeProcThreadAttributeList * not found * UpdateProcThreadAttribute * not found * DeleteProcThreadAttributeList * not found * GetTickCount64 * not found The log file seems to be importing all the exports of the modules that Python37.dll is linked to. Does that mean that it is listing all the imports in Python37.dll's import table, while noting those that are missing from the OS, and nothing is changed in Python3#.dll? The ini file lists patches required for the missing imports from kernel32.dll. This is the difficult bit. Where do you obtain the patches from, or how do you create them? Are you supposed to extract sections from an NT6 version of kernel32.dll using the hex editor in IDA Pro, or is there some way of automatically creating these patches?

Hi Dibya Can you reply to a message I sent to you at the RyanVM forum because it is not possible to send messages to you here. Incidentally, I am glad to see that you have not given up on XP and 2000.

Websites that only support Chrome are a real dilemma for XP users because those versions of Chrome that will work under windows do not have built in support cipher suites that include Elliptic Curve Digital Signature Algorithms (ECDS), and so have to fall back on system encryption libraries that XP does not have. However, there is no need to use ProxHTTPSProxyMII because 360 Extreme Explorer is a Chromium based browser with support for TLS 1.3 and cipher suites that include Elliptic Curve Digital Signature Algorithms. Here are the supported cipher suites for the website that always give the ERR_SSL_VERSION_OR_CIPHER_MISMATCH message in Chrome under XP (https://www.aidanwoods.com/blog/faulty-login-pages/) TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Here are the cipher suites supported by Advanced Chrome 54.20.6530.0 which as you can see only include the RSA Digital Signature Algorithms, so nothing matches. TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA Here are the cipher suites supported by 360 Extreme Explorer with those that match the supported cipher suites of the aidanwoods.com site highlighted in bold. TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA From this I have concluded that I only have to replace Advanced Chrome with 360 Extreme Explorer on my XP machine and the problem is solved. Although browsing with 360 Extreme Explorer is not trouble free due to pages sometimes being displayed in Chinese and Russian it is only the fallback option when MyPal fails to load a website.

I have discovered that 360 Extreme Explorer has built in support for Elliptic Curve Digital Signature Algorithms (ECDS) which the versions of Chrome suitable for XP do not have, and hence you are not plagued with pages that will not load and give the message "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". Here is the supported cipher suites for a the server of a site that cannot normally be viewed with Chrome under XP - https://www.aidanwoods.com/blog/faulty-login-pages/ TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Here are the cipher suites supported by Advanced Chrome 54.20.6530.0 which only include cipher suites with the RSA Digital Signature Algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA Here are the cipher suites supported by 360 Extreme Explorer. I have highlighted in bold those that match the cipher suites supported by the aidanwoods.com site. TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA As you can see 360 Extreme Explorer provides three cipher suites with Elliptic Curve Digital Signature Algorithms that match those supported by the aidanwoods.com site.

I have examined the Youtube home page in 360 Chrome 12.0.1053 and MyPal 28.6 and the main difference I see is that if you hover the mouse pointer over thumbnails in 360 Chrome the video starts to play in the thumbnail. Also in 360 Chrome there are links for library and history as well as home, trending and subscriptions. Also in Chrome 360 there are links at the top of the page for create a video, youtube apps, user account and settings, while in MyPal the links are for upload, notification and user account. When you open a Youtube video there does not seem to be much difference between Chrome 360 and MyPal except under Chrome 360 a mini player is available, there is a save button and the thumbnails in the "Up Next" column on the right will play the videos when the mouse pointer is hovered over them. To really test the claim that Chrome 360 is really Chrome 78 we need to find web pages that have features that we know are only available with a recent version of Chrome. As far as I can tell it is mainly streaming sites like my5.tv that demand a recent version of Chrome, and I suspect that is because Chrome is now tightly integrated with DirectX 11. This would explain why I could only play the adverts with my5.tv using Chrome 360.

I needed a version of Chrome that would enable me to view the catch-up service provided by Channel 5 known as as my54.tv, The site specifies Chrome 60+ and Vista+ as minimum specifications, so I was out of luck with Advanced Chrome for XP. I have tried the Russian repack version 12.0.1053, but it only enables the advertisements to be played. I have tried to change the browser's user agent to indicate Windows 7 and I did empty the browser cache. Also I remembered to install the Adobe Flash Player for Chrome (PPAPI) .Perhaps a feature of NT6 is required to play video encrypted with FlashAccess DRM. As for the claim that this is really the equivalent of Chrome 78 this is hard to verify because sites like whatismy browser.com only read the information given by the browser's user agent.

The big drawback of this project is that the Xompie modules do not include all the export functions of the NT6 versions that they are meant to complement. If you examine kernelxp.def, for instance , you will see 292 out of 1416 export functions in the NT6 version of kernel32.dll have not been included. Invariably, anyone who wants to backport a Vista+ application to XP will find that Xompie does not provide all the missing imports that they require. For instance, if you want to backport Python 3.7 GetFinalPathNameByHandleW is provided by Xompie, but InitializeProcThreadAttributeList, UpdateProcThreadAttribute, and DeleteProcThreadAttributeList are not. This requires the user to copy and paste code from the Wine project into the kernelxp source, and compile it. If they are not programmers it is inevitable that they will fail. I am not a programmer, so when I tried compiling the unaltered kernelxp.c using mingw-w64 as an experiment, I received baffling error messages which I have posted as an issue at the Xompie github repository. I should point out that the kernelxp source does provide a very useful suggestion for the gcc command with options that must have worked for TuMaGoNx.

I cannot understand why people are having so much trouble backporting Python 3.7 to XP because it seems straightforward to me. Dependency Walker shows the following missing NT6 functions in XP required by Python 3.7 NT6 export functions missing in XP's kernel32.dll GetTickCount64 GetFinalPathNameByHandleW InitializeProcThreadAttributeList UpdateProcThreadAttribute DeleteProcThreadAttributeList NT6 export functions missing in XP's ws2_32.dll inet_pton inet_ntop These Winsock APIs are imported by _socket.pyd, a module which is loaded only when a network operation is performed by Python. On my system WNetRestoreConnectionA is missing from mpr.dll (Multiple Provider Router DLL) which is a dependency of shlwapi.dll (Shell Light-weight Utility Library). I am not sure if this important for the functioning of Python. The simple solution would be dll redirection using a fake kernel32.dll and ws2_32.dll that includes code snippets from the Wine project to supply the missing NT6 export functions while forwarding all the other API calls to the real kernel32.dll and ws2_32.dll of XP using a line of code like this: #pragma comment(linker, "/export:AddRefActCtxWorker=kernel32.AddRefActCtxWorker") The header of Python.exe would have to be edited so that the MajorOperatingSystemVersion and MajorSubsystemVersion is changed from 006 to 005. The import directory of Python.exe would then need to edited so that kernel32.dll is replaced with the name of the fake kernel32.dll located in the same directory of Python.exe. Another approach to intercepting API calls by the fake dlls would be a manifest file in the same directory as Python.exe. I suspect that Dibya is doing something more clever than this but when I tried to download his Python 3.7.1 project I received a 403 forbidden notice. He never provides source code so no-one can really grasp what it is he is trying to do. 404notfound has provided a link to his backported Python 3.7 project that appears to use the kernelxp.dll from the Reactos project with the description ".Kernel32 API BASE COMPATIBILITY LAYER" Usinf CFF Explorer I note that he has changed the MajorSubSystemVersion in the optional header to 005 and kernel32.dll in the import directory has been changed to kernelxp.dll. Opening his Python.exe in Dependency Walker reveals that kernelxp.dll supplies 1476 export functions, including those from the NT6 kernel32.dll, and many others have been forwarded to advapi32.dll, ntext.dll, shlwapi.dll, user32.dll, version.dll, normaliz.dll, kernelex.dll, and fileext.dll. The last three libraries are not Windows system files and they are not present in the Python project. Only one export function is forwarded to kernel32.dll which is GetTickCount. All the kernelxp.dll export functions are coloured grey because they are not in use which is weird. One of the dependencies of kernelxp.dll is ntext.dll which is the Reactos NT Layer DLL Compatibility Layer. This supplies all the export functions of ntdll.dll including 326 export functions from the NT6 ntdll.dll not available in XP, while the others are forwarded to XP's ntdll.dll. Once again all the export functions are grey suggesting they are not in use. The inclusion of ntext.dll is pointless in this context because Python.exe does not import functions from the NT6 version of ntdll.dll not available in XP. Opening his _socket.pyd in CFF Explorer I note that the import table contains entries for ws2_xx.dll and KERNEL3x.dll, the latter of which is not present in his project. ws2_xx.dll has no description, so I do not know if it originates from Reactos. Opening _socket.pyd in Dependecy Walker shows empty parent import and export panes which is weird because it's description shows that it should be an original Python module. One of it's dependencies is ws2_xx.dll which supplies the missing inet_pton and inet_ntop functions, while all the others are forwarded to XP's ws2_32.dll. Again all these export functions are coloured grey I suspect that the reason why get-pip.py does not work is because _socket.pyd has been mucked about with. TuMaGoNx is right in stating that backporting PyPy would be less challenging. pypy3.exe only requires the export function GetTickCount64 from the NT6 version of kernel32.dll and this could be replaced with the XP GetTickCount when recompiling Python. There are still the two missing functions in XP's ws2_32.dll imported by libpypy3-c.dll to deal with. He is wrong to state that C extensions are not an issue with PyPy because C extensions can be compiled for PyPy just as they can be for the standard Python distribution.

A reddit user has posted his custom Python 3.5 binaries intended for Windows XP. The download can be found at https://drive.google.com/open?id=0BwiHllHhj79zaF9faEVsQUsxNDQ As he has not provided an installer I have written this little reg file to provide some of the registry settings one would expect with an official msi installer. It includes associating file types with Python, installation of wheels by double clicking .whl files, the Python path, and the install path. It has been written for an installation at C:\Python35 and needs to be edited if you want to install Python elsewhere. ideally you would use a batch file with the reg command because then you include variables like %SYSTEMROOT% in paths. I have installed this version of Python on my XP machine, and so far everything has gone swimmingly. I ran get-pip.py and the latest versions of pip, wheels, and setup tools were installed with no errors. I have also installed requests2 as a Python wheel and that went OK too. I have been experimenting with this Python as a means to download videos, and despite only succeeding in downloading one video using urllib and requests I have concluded that it is a useful addition to my toolbox and shall keep it on my hard drive According to the developer "zipimport and many 3rd party c extensions don't work on Windows XP now" Requires Microsoft Visual C++ 2015 Redistributable Python 3.5.reg