Possible bug report: nLite didn't hack XP SP3 syssetup.dll?

[neopets_35]

Managed to customize my Dell Windows XP SP2 disc with SP3 (and the Intel SATA driver too) integrated successfully. Tested and without any error. This time, I started anew by copying all contents of the Dell XP SP2 into my harddisk, and did the following tasks according to the order:

Integrate SP3 and Intel SATA driver (both in one session) using nLite > Integrate WMP11 using WMP11 Slipstreamer (by booogy) > Integrate IE7 and some hotfixes in nLite (under the "Hotfixes, Add-ons and Update Packs") > Remove some components using nLite.

Did tons of research, using a file manager, I managed to see some files being modified, some include SYSSETUP.DL_, SYSSETUP.IN_, TEXTSETUP.SIF and SFCFILES.DL_.

These are my questions:

1. While I know SYSSETUP.DL_ must be hacked to remove components in SYSSETUP.INF, the newly modified date may seem to convince me that the DLL file has been hacked so that there won't be any signature check on SYSSETUP.INF. Referring to this web, I managed to hack the original XP SP2 SYSSETUP.DLL by changing 73 75 to 72 75 at offset 33679. While the page didn't refer to SP3, I managed to find the same set of hex at offset 33B29 (where I intentionally find the same set of hex, [8D B4 F5 FF FF 3B 48 04] before the hex, 73 75). So I assumed that after removing some components, nLite would have hacked the syssetup.dll file. However, I checked the DLL file in SYSSETUP.DL_ and found out that the the hex 73 75 didn't change at all, which means the digital signature check will still go on despite the SYSSETUP.INF have been modified.

Any comment on this?

2. Since I didn't disable the Windows File Protection feature, does nLite modify SFCFILES.DLL according to the components I removed using nLite so that later it doesn't check for those components removed? I can see the SFCFILES.DL_ has been modified, but not sure whether my claim is true or not.

So, what about it then?

[neopets_35]

No one knows it?

[OuTmAn]

Hi,

I just can say nLite hacks sfc_os.dll and syssetup.dll differently than these patch addons

So, to be sure things are ok, I disable SFC using only nLite (so it recognizes the original sfc_os.dll and let me disable SFC ; if patched before, selection box is grayed and displays "SFC enabled", so nLite doesn't seem to like other patch methods than its own one)

About syssetup.dll I do nearly the same : since nLite automatically patches syssetup.dll following its needs, I let nLite handle it. Since I always remove components, I know nLite will remove the syssetup.inf integrity check.

Cheers

Edited October 17, 2008 by OuTmAn