user57

the registry ones coming from the .inf file dont translate/expand the environment strings %SystemRoot% to like c:\windows REG_EXPAND_SZ neither do even tho they have the "expand" syntax with them when i did this look what it really do they just store the %SystemRoot% string into the registry so it must be the software that reads the environment strings out and then translate them the most KB upgrades use that "inf installer" that installer can control registry entrys and control files replacements reading out the inf information you can combine many of KB upgrades to one for this i written this code: you have to be careful because it can write to registry strings that are system based, also it can replace files (some need a reboot) - it function the same as a trusted installer (you have to know what you doing here - best would be a virtual machine you can try) a other reason for this code is that inf installers are not very fast - they are probaly made for smaller amounts of entrys this one however works very fast you also dont need to installer .net or something else first - you can directly go for the entrys you want you need to open the .dsw files what is written in visual studio 6.0 sometimes called vs6 or vc6 in the past i write something similiar the install time gone down from 12 minutes to 8 seconds - thats a lot Registry_Entrys -> contain registry entrys File_Entrys -> file replacements Registry_Key_Deletes -> deleting registry key entrys it certainly can fix your related problem too - the code is functional the syntax is a bit different HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup,"Installation Sources",0x10000,"%24%\Support\i386" this one would go "HKLM\0,SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\0, Installation Sources\0,0x10000\0,\"whatever_string_is_here\\Support\\i386\"" so you have to add a " at the beginning and at the end - for , it gets \0, - \ gets \\ if you want a " you write \" that %24% is not requied it translate a string it put to that value - you can write this string out whatever it represented custom %% are translated, %SystemRoot% and other environment strings are not you useally dont need a " with the first 4 parameters, only the last parameter (5/"whatever_string_is_here\\Support\\i386") can need " - depends installer.zip

fileextd.dll its a old rare file that provide some functions that xp useally dont have - it can be seen as kernel extender i dont know its origin either some say its from the xbox and a official file while other say its a handmade file by someone maybe we get some more information about it what i know is that it is shown as used library on microsofts website: https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getfileinformationbyhandleex then "Kernel32.lib; FileExtd.lib on Windows Server 2003 and Windows XP"

that all are working on xp ? it would make sence to use a dll file for each of these pieces

j7n seems already figured it out, as thought it´s nothing special to draw/show a "new version" would provide that´s why specific data is like stolen from your computer like the OS, x32-x64 mode, browser version then their server refuse connection - while the code would work - while the display also would show everything (the trick to then display a false error message or making a crash is a old trick to try to hide the real concerns) so it was exactly what we thought the thing with bot´s are that they are not limited to a version - special these are getting upgraded and with "Ki-like" improvements they are sometimes not to detect either way so you have forum moderators to keep the things clean of something like this and there are bot detectors already - if these fail, very likely a version check also fails so i dont think its a security concern rather the common establishment of new versions (where they then have rights to login into your computer) its not different from the pedophile or terrorist question it is not made for that - its a gate opener for them (such as company interests - that dont care about privacy concern for example, or want to sell your specific information (what is worth up to million of dollars) as i already wrote in a different topic - they not doing that for these things they are trying to find a spot like "now win10 can happen, now win11 can happen" -> read terms of use -> if it not standing there no problem next terms of use its like a cut they trying to create this progress was seen over many many years for now - so they overtaken many many spots (and placed company interests - not pedophiles, not terrorists, no security concerns) and as i wrote at some point if everybody would have a webcam at home 24/7 you might find 1 pedophile, a terrorist or maybe even a bot but thats not what they really want the relation is far to off that it could be that the logic is far more simple -> open me the gate and yaaaa there could be pedophile, terrorist or a bot somewhere, wait did you say domestic violence ? sure this certainly was the reason now we can do this its a fault to think always from 1 to many or from a few to many thats part of their "trick chest" who is interested what that website really is doing, j7n seems to have tested it out: https://www.whatismybrowser.com/detect/what-is-my-user-agent/ oh i forgot - thats things a company never should have the right to do so - if something is going on its a police or higher concern you guys litterally give company everything about you - just if the right "keywords" are used and the companys have lawers, influencers also people at the police and politics - so they are trying exactly this somewhat somehow and something about banking - its not the win7 winxp users that have these problem - known problems who have this are happening in win10 or maybe now win11 (you can google how many data or things in this relation are happening like every day) and the majority are not the elders OS´s to say my clear meaning again these are not questions for company´s, these things are police stuff like placing a hidden camera (but then you would you say company come in ?) company´s are not allowed to do so ... but they are coming - hidden - slowly - and step by step more having these things - and this problem we just talked about is something like this - over what a such thing they place these things "open me the gate"

i think we will soon have answers, maybe its a version check - there would be the chrome version or the winhttp request that contains the os name (both can be changed) then a version changer will open the website up, if not we will see "what´s so very special" that this website wants to display but i think its nothing special a programm like that really would raise questions a great lack of compatibility - i also dont know whats worse a programm like that or a browser like that both would be a mental illness and great lack of programming skill

that website https://forum.zdoom.org/ might be some bull.... it dont open for me at all this machine is on a win7 + all upgrades version - having chrome and firefox and IE11 a website what dont open on many varieties useally is just bull.... there used to be such problems in the past only a certain browser, only a certain version, maybe only a certain os it raise questions what the website even wants to display - i guess its nothing special and chrome v138 should be by FAR enough to display well whatever its also getting off-topic - but something went wrong here - and its not just a browser problem

you could try a shortcut and giving it that parameter you want: https://superuser.com/questions/29569/how-to-add-command-line-options-to-shortcut#29571 it works very much like the createprocess method, so it might also work for a shortcut with a parameter

for me chrome was a big problem because it tooks 2 weeks to compile up, this is bad when you want to write something or testing the code then the next problem was that the vm snapshots (only a few) already took up the 2 TB limit. so work was limited for example i could not compile a extra debug version (the compiler optimization can make problems) also when clicking around they are more time consuming if they take time because these sum up windows 10 also is not the fastest horse, it has a lot a background activity - also it force upgrades neither if you dont want them nor you know they dig into your computer in total these things then sum up all together - when you have limited time it gets a even bigger problem to install some new VS2022 compiler and win11 would take to much up - while a better computer still just could "eat it up anyway"

what you wrote rather describe a small console where you can enter a executables name + that parameter the createprocess function can do exactly this, so this might be a question for a plugin someone writes that is doing that that %s is useally something for translate a string with something called printf with %s it knows that is a string it either gets translated before given as parameter (then you not fine) or the programm that reads that parameter untranslated with %s (then you are fine) for a dll there would be the rundll.exe question

these executables (processes) useally just use the parameters given to them having a compling code that means you could write the createprocess() function with a parameter that then can be readed out by the next process (in this case ytdl) the parameter might just be a string to that file like C:\info.ini the program(ytdl) then reads out this from the parameter

it sounds to me someone is trying to make a windows 2000 support for this, or at least it would go that direction i once told sam and dibya what i think about that the GetLogicalProcessorInformation is available in windows xp with SP3 that one contains also NUMA information (SYSTEM_LOGICAL_PROCESSOR_INFORMATION structure) NtQuerySystemInformation( "SystemLogicalProcessorInformation", buffer, *len, len ); maybe "SystemNumaProcessorMap": https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/numa.htm many mothersboards dont have more of NUMA´s, it used to be an second socket for a second (or more then 2 cpu sockets) - with own wires to extra ram (like the RAMBUS-RAM (rd-ram) used to do this) https://en.wikipedia.org/wiki/Non-uniform_memory_access that in win2000 ? raise questions if you want the file what was about to being made for firefox i sended you a private message it may not contain that specific function, however it shows a different way to get this value and give a idea how the ntoskrnl is holding it https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getlogicalprocessorinformation if you really want to have this reaction you have to make a ntoskrnl kernel extender here is a implementation from doxygen { ULONG MaxEntries, Node; PSYSTEM_NUMA_INFORMATION NumaInformation = (PSYSTEM_NUMA_INFORMATION)Buffer; /* Validate input size */ if (Size < sizeof(ULONG)) { return STATUS_INFO_LENGTH_MISMATCH; } NumaInformation->HighestNodeNumber = KeNumberNodes - 1; /* Compute how much entries we will be able to put in output structure */ MaxEntries = (Size - FIELD_OFFSET(SYSTEM_NUMA_INFORMATION, ActiveProcessorsAffinityMask)) / sizeof(ULONGLONG); /* Make sure we don't overflow KeNodeBlock */ if (MaxEntries > KeNumberNodes) { MaxEntries = KeNumberNodes; } /* If we have entries to write, and room for it */ if (Size >= FIELD_OFFSET(SYSTEM_NUMA_INFORMATION, ActiveProcessorsAffinityMask) && MaxEntries != 0) { /* Already set size we return */ *ReqSize = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION, ActiveProcessorsAffinityMask) + MaxEntries * sizeof(ULONGLONG); /* For each node, return processor mask */ for (Node = 0; Node < MaxEntries; ++Node) { NumaInformation->ActiveProcessorsAffinityMask[Node] = KeNodeBlock[Node]->ProcessorMask; } } else { /* We only returned highest node number */ *ReqSize = sizeof(ULONG); } return STATUS_SUCCESS; }

its probaly a known path - it can differ - you also can set some of these best would be to search your disc for a known and relativ unique file filename xp useally has it like at Documents and Settings\ (user like administrator or all users) there then should be something called userdata

for doxygen the function look like this: BOOL WINAPI GetNumaHighestNodeNumber(PULONG HighestNodeNumber) { NTSTATUS Status; ULONG Length; ULONG PartialInfo[2]; // First two members of SYSTEM_NUMA_INFORMATION /* Query partial NUMA info */ //Status = NtQuerySystemInformation(SystemNumaProcessorMap, PartialInfo, sizeof(PartialInfo), &Length); // SystemNumaProcessorMap = 55, // 0x37 Status = NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS)0x00000037, PartialInfo, sizeof(PartialInfo), &Length); if (!NT_SUCCESS(Status)) { return FALSE; } if (Length < sizeof(ULONG)) { return FALSE; } *HighestNodeNumber = PartialInfo[0]; return TRUE; }

in the past we either where called dump, its just not doing that, it would be found, its not a problem, you still can block it with a firewall (no windows has a firewall + software that can do anything at higher software levels - and its hardware supported so software dont have a chance (you dont see it when the hardware is doing that instead of the software)) it might be a good idea to come up with it now again after all these years: https://www.youtube.com/watch?v=RutDZMCjkMs and today: https://www.youtube.com/watch?v=t1eX_vvAlUc i think it was to shortsighted to always not understand that things like "there could be a pedophile, there could be a terrorist" is like we always said not the real thing that is intended - it is a gate-opener or a backdoor behind held open sure if you hang up a camera in everybody´s home - at some point you will find a pedophile and a terrorist but its not the main goal the main goal is that company´s get the private data - things like if you dont work enough - or what they can change in your life (gathering that info) (there such things already also in external things like a email-provider (gmx.net for example providers owners of workers insight in their mails)) after that a lawers apears that says something like "i know everything better then you, and we have the right to do so" or something like that - and then talks something about terms of use maybe eula (or whatsoever the names are) - if it dont stands there now - no problem we write it step by step a little closer with every terms of use upgrade - lawers provide the neccesary support, maybe influencers, maybe politicans but the big deal is that the word company is involved (what says us what this is really about) and i think here is the catch - company dont have the right what the police got - and never should for me thats the main thing (company) that needs to be removed - if something is even doing like that it has to be the police - and never a company ! never if the law is really against us there should be new laws being made that exactly write out the company of these things sometimes they also write something like "but amazon safes that data for the police" or "its property of amazon/company" its not its like a speech on a phone or a packet in a shipping station just because you have it you dont own it (a letter, a packet or spoken message are such examples) - period that needs a better clarification in the law itself - and if somebody is doing that only the police is allowed to - company has nothing to search here and the people that support things like that or mixing it together (like the amazon example) should be clearly identified what they really are - they are the company´s interests - and if a policeman/politician/whatever helps these people, they are helping them for a fraud/crime and so on... as zuckerberg diplomatic once said : facebook ends where the law ends... but by censoring speech (freedom of speech) zuckerberg is going against constitutional law - and zuckerberg/or facebook are not above the law in my opinion zuckerberg did exactly that by censoring certain (and legal spoken things) (so he said exactly that in hope that they dont get the trick - also the lawers could said this to him to say so) zuckerberg certainly dont have ""domiciliary rights" of facebook" to forbid the higher law - there domiciliary rights cant outnorm freedom of speech or legalize false law´s it dont necessary has to be freedom of speech that would include many other laws including the one to spy certain people, prohibits other company´s interests or stealing data ect. that´s why we need better law´s against company´s doing such things

i looked at it in doxygen QueryWorkingSet and Ex are doing partly the same thing they call up NtQueryVirtualMemory where then both access the either "MemoryWorkingSetList" or "MemoryWorkingSetListEx" as parameter // typedef enum _MEMORY_INFORMATION_CLASS { MemoryBasicInformation, MemoryWorkingSetList, // <-- this MemorySectionName, MemoryBasicVlmInformation, MemoryWorkingSetExList // <-- and this } MEMORY_INFORMATION_CLASS; however on msdn they might look different: (QueryWorkingSet) typedef struct _PSAPI_WORKING_SET_INFORMATION { ULONG_PTR NumberOfEntries; PSAPI_WORKING_SET_BLOCK WorkingSetInfo[1]; } PSAPI_WORKING_SET_INFORMATION, *PPSAPI_WORKING_SET_INFORMATION; (QueryWorkingSetEx) typedef struct _PSAPI_WORKING_SET_EX_INFORMATION { PVOID VirtualAddress; PSAPI_WORKING_SET_EX_BLOCK VirtualAttributes; } PSAPI_WORKING_SET_EX_INFORMATION, *PPSAPI_WORKING_SET_EX_INFORMATION; the parameter sizes are the same, so a linking to that function works, just maybe not fully functional that we should keep an eye on if it behave different if they behave different you have have to write a code that redirects to QueryWorkingSetEx to -> NtQueryVirtualMemory with that MemoryWorkingSetExList xp might got this function parameter