neopets_35 Posted September 30, 2008 Share Posted September 30, 2008 I've been doing hours of research of patching the syssetup.dll and setupapi.dll in Windows XP SP3. From what I know, patching syssetup.dll allows syssetup.inf to be edited without error in XP install, right? I'm not sure what does patch for the setupapi.dll for. Can you clarify this to me?http://www.neowin.net/forum/index.php?showtopic=636532This website has the patched syssetup.dll for XP SP3, but the link isn't working at all! Can anyone share that if you have one? If not, do you know how to patch the syssetup.dll?Found the below web which explains the patching of syssetup.dll (of XP SP2). I'm not sure if it's gonna be the same for XP SP3 or not. But I can hardly understand what it's trying to point to. I managed to find the word, "pSetupVerifyFile" in the SP3's syssetup.dll though notepad and XVI32 hex editor, I just don't know from where to start. I don't now which hex to be edited and which hex address is it trying to refer to! Please explain!!!Some of you are familiar with SYSSETUP.INF because this file is responsible of components installation. In the past, this file was editable and we were able to customize Windows installation with some modifications to this INF. This file is now signed and to be able to play with it, we need to skip the signing verification in the setup process. I give credit to Timothee Ruas for identifying the function called for this verification (pSetupVerifyFile from SYSSETUP.DLL). Many calls are made to this function but only one is important for unlocking SYSSETUP.INF. For the Service Pack 2 (SYSSETUP.DLL english version 5.1.2600.2180), the function call we want to skip is at offset 336BC.Call 697712CAinc dword ptr [ebp+FFFFF5B4]mov edi, eaxcmp edi, esije 6974426Ajmp 697442F0What is interesting is the jmp 697442F0 if the INF is good. Earlier in the ASM, in a block beginning at offset 3366A, there is a jnb 697442F0 followed by 2 functions call to get information's about the INF (before doing the verification).mov eax, dword ptr [ebp+FFFFF5D0]mov ecx, dword ptr [ebp+FFFFF5B4]cmp ecx, dword ptr [eax+04]jnb 697442F0push esipush 00000104lea edx, dword ptr [ebp+FFFFF7DC]push edxpush ecxpush eax......SetupQueryInfFileInformationW at offset 3368ApSetupGetFileTitle at offset 336AC......If we change jnb 697442F0 to jb 697442F0 then we skip the verification and our modified SYSSETUP.INF is not recognize as an invalid file. This mean that only one byte patching is needed. So, at offset 33679 you should read and write the following :73 75 : jnb 697442F0Changed by72 75 : jb 697442F0Finally, checksum of SYSSETUP.DLL must be changed to be able to put it on your installation CD (folder .\I386). PECheckSum can do this correction, just look at my PROGRAMS to get it.Please help! Link to comment Share on other sites More sharing options...
fasm Posted December 10, 2009 Share Posted December 10, 2009 (edited) osfile: setupapi.dll v5.1.2600.5512 (SP3 Eng)offset: 000537ACpatch: 8BFF558BEC > 33C0C23000and required correction "modifype syssetup.dll -c"good works! The error code is 800b0100 resolved!but i have a bug! help me!?any manipulation with syssetup.dll cause bug:1. the service themes not works auto!2. event viewver not available!PLEASE HELP! Edited December 10, 2009 by fasm Link to comment Share on other sites More sharing options...
fasm Posted December 10, 2009 Share Posted December 10, 2009 (edited) apparently i need better to patch nlited file do not genuine syssetup.dll...YES! It's really work! Edited December 11, 2009 by fasm Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now