Jump to content

patch for XP SP3 syssetup.dll and setupapi.dll

neopets_35
 Share

Recommended Posts

neopets_35

neopets_35

Posted
Posted

I've been doing hours of research of patching the syssetup.dll and setupapi.dll in Windows XP SP3. From what I know, patching syssetup.dll allows syssetup.inf to be edited without error in XP install, right? I'm not sure what does patch for the setupapi.dll for. Can you clarify this to me?

http://www.neowin.net/forum/index.php?showtopic=636532

This website has the patched syssetup.dll for XP SP3, but the link isn't working at all! Can anyone share that if you have one? If not, do you know how to patch the syssetup.dll?

Found the below web which explains the patching of syssetup.dll (of XP SP2). I'm not sure if it's gonna be the same for XP SP3 or not. But I can hardly understand what it's trying to point to. I managed to find the word, "pSetupVerifyFile" in the SP3's syssetup.dll though notepad and XVI32 hex editor, I just don't know from where to start. I don't now which hex to be edited and which hex address is it trying to refer to! Please explain!!!

Some of you are familiar with SYSSETUP.INF because this file is responsible of components installation. In the past, this file was editable and we were able to customize Windows installation with some modifications to this INF. This file is now signed and to be able to play with it, we need to skip the signing verification in the setup process. I give credit to Timothee Ruas for identifying the function called for this verification (pSetupVerifyFile from SYSSETUP.DLL). Many calls are made to this function but only one is important for unlocking SYSSETUP.INF. For the Service Pack 2 (SYSSETUP.DLL english version 5.1.2600.2180), the function call we want to skip is at offset 336BC.

Call 697712CA

inc dword ptr [ebp+FFFFF5B4]

mov edi, eax

cmp edi, esi

je 6974426A

jmp 697442F0

What is interesting is the jmp 697442F0 if the INF is good. Earlier in the ASM, in a block beginning at offset 3366A, there is a jnb 697442F0 followed by 2 functions call to get information's about the INF (before doing the verification).

mov eax, dword ptr [ebp+FFFFF5D0]

mov ecx, dword ptr [ebp+FFFFF5B4]

cmp ecx, dword ptr [eax+04]

jnb 697442F0

push esi

push 00000104

lea edx, dword ptr [ebp+FFFFF7DC]

push edx

push ecx

push eax

......

SetupQueryInfFileInformationW at offset 3368A

pSetupGetFileTitle at offset 336AC

......

If we change jnb 697442F0 to jb 697442F0 then we skip the verification and our modified SYSSETUP.INF is not recognize as an invalid file. This mean that only one byte patching is needed. So, at offset 33679 you should read and write the following :

73 75 : jnb 697442F0

Changed by

72 75 : jb 697442F0

Finally, checksum of SYSSETUP.DLL must be changed to be able to put it on your installation CD (folder .\I386). PECheckSum can do this correction, just look at my PROGRAMS to get it.

Please help!

Link to comment
Share on other sites
  • 1 year later...

fasm

fasm

Posted
Posted (edited)

osfile: setupapi.dll v5.1.2600.5512 (SP3 Eng)

offset: 000537AC

patch: 8BFF558BEC > 33C0C23000

and required correction "modifype syssetup.dll -c"

good works! The error code is 800b0100 resolved!

but i have a bug! help me!?

any manipulation with syssetup.dll cause bug:

1. the service themes not works auto!

2. event viewver not available!

PLEASE HELP!

Edited by fasm
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...