Jump to content

PE Tool for creating patches


WildBill

Recommended Posts

First, Happy New Year everybody!

I wouldn't worry too much about leaving Automatic Updates switched off- it's hardly likely that Microsoft will ever release another update for W2000, security or otherwise. Once W2000 is fully updated with all the official Microsoft stuff currently available, Automatic Updates can be permanently disabled im my opinion. Just a thought.

Link to comment
Share on other sites


I know how to disable automatic updates through the registry (and I tested it), but that's sort of like killing an ant with a thermonuclear device :rolleyes: Killing automatic updates entirely also stops updates for Office, etc. Another option would be to let people tell the Automatic Updates service to hide notifications for the older ones that it wants to reinstall. Basically, if you have it set to "notify but do not download", you can open the dialog, go to the details window to show what it wants to install, and uncheck the ones that you want it to hide. It will ask you if you want them to remain hidden, where you would say yes (you can always unhide them from the Automatic Updates control panel applet). To me that's a really kludgy way to do it, but it works.

Ideally there would be a way to tell Automatic Updates through the registry that it should not offer those updates. I've spent the last few hours crawling through the assembly code for Automatic Updates and I've done some before-and-after registry comparisons and for the life of me I can't find where that information gets stored. For all I know the per-update hide settings get stored at an MS server somewhere.

Anyhow, the patch for MS10-090 is up, and I decided to choose a middle ground...it will set your Automatic Updates to "notify only", which will give you a chance to tell it to not offer the older IE updates. When the icon+balloon appear telling you that an update is available, open it up and do the following:

- Select Custom Install (IMPORTANT)

- Click Next

- Uncheck the IE patch that it offers (e.g. KB982381)

- Click Close

- When the Hide updates confirmation box pops up, check "Don't notify me about these updates again."

- Click Ok.

You might get nagged more than once. A minute or so after after I disabled KB982381, it nagged me about an even older update (KB978207). If that happens, turn off notification for that one the same way. After that, Automatic Updates should leave you alone.

Edited by WildBill
Link to comment
Share on other sites

I'm not really sure where to put this, so I'll just post it here. Apparently the XP MS10-098 and MS10-073 patches were causing BSOD's for some users, and one forum member asked me to make a fix that initializes the variables that I was concerned about (see page 3 for more info). Since applying my revised MS10-098 patch the BSOD's have stopped, so we decided to release it this week if no more problems cropped up.

So here is a link to my revised MS10-098 patch for XP. Let's hope that MS fixes it soon...

WindowsXP-KB2436673-FIX-x86-ENU.exe

Included in the archive is a text file called patches.asm that shows the changes I made. You can get it by extracting everything with the /x option.

Edited by WildBill
Link to comment
Share on other sites

Hi, WildBill

Happy new year.

0.0.3 also broken an export table as same as 0.0.2

and I want a function "Save As..."

I've posted version 0.0.3 of my PE Tool, which should help anyone working on patches. See the top post for an updated link...

Edited by blackwingcat
Link to comment
Share on other sites

Happy new year for both of you, blackwingcat and WildBill! And for Dagwood, too!

I'll add a minor request: controlling the font of the disassembly would be very helpful, too.

It's always too big in my 1024x768 screen. But my tired eyes forbid me of going to any higher resolution, in my 19" screen.

Link to comment
Share on other sites

Thanks for the kudos. This is consuming 100% of my free time, so I'd really appreciate it if some kind person could also make some patches.

I can imagine. :} Unfortunately while I've done a fair amount of coding, I'm not a programmer and I certainly don't have the technical capability to do what you're doing. I'm very grateful for your work and hopefully you'll receive support from other technically competent members.

Edited by Prozactive
Link to comment
Share on other sites

Hello WildBill,

By using your guide I managed to make hotfixes for the Polish version of Windows 2000. Thank you very much!

I'll keep my list at a Polish forum here: http://forum.windowsmx.pl/nowe-poprawki-t11936.html

WARNING

Actually it's much more complicated to do it than how it's explained on the 3rd page of this thread. If you leave the original files from the XP installation of the hotfix (ex. shell32.dll) it works but you'll get an error after restarting the system as there are strings in this file referring to some XP related files (msgina.dll etc.). On the other hand, when using the modified version from the English version provided by WildBill you get no errors but parts of your system will change into English after the installation.

So what's the solution? I think you have to edit the files already modified by WildBill and change strings inside them from English into your language. Basically you need to copy them from the original system files. It takes time but should work without any problem.

Edited by tomasz86
Link to comment
Share on other sites

WildBill,

You said that it's necessary to change

[strings]

SERVICE_PACK_NUMBER = 4

from 4 to 5 but in MS10-054 you didn't change it. Was it left unchanged for purpose? Or maybe it doesn't matter at all?

Also sometimes you delete

[ArchiveCatalogFilesOnly]

%SP_SHORT_TITLE%.cat

and sometimes you leave it... does it make any change?

Edited by tomasz86
Link to comment
Share on other sites

WildBill,

You said that it's necessary to change

[strings]

SERVICE_PACK_NUMBER = 4

from 4 to 5 but in MS10-054 you didn't change it. Was it left unchanged for purpose? Or maybe it doesn't matter at all?

Also sometimes you delete

[ArchiveCatalogFilesOnly]

%SP_SHORT_TITLE%.cat

and sometimes you leave it... does it make any change?

Those were oversights on my part. SERVICE_PACK_NUMBER should always be set to 5. I delete all .cat references to keep the patch program from demanding that the update be signed. I guess leaving it in that patch didn't cause any problems.

Link to comment
Share on other sites

  • 2 weeks later...

Just a little update...

I'm presently working on MS-091, the critical font patch. There are an enormous amount of changes, though I'm making steady progress. I tried using the XP driver as-is, but that wouldn't work, so I'm having to upgrade the 2k version. I'll definitely get there, but it's a long slog. I have made a lot of progress on it so far, though, enough that I'm confident that I'll eventually get it done.

I also have on my box upgraded versions of win32k.sys and user32.dll. They add support for EngBugCheck, which I had to add when I was trying the XP font driver. They also add support for GetLayeredWindowAttributes, which let me finally run the HP Update program that came with my laptop ;) I'm currently holding off on releasing them until the next time MS patches those files, which if history is any guide, won't be long.

Edited by WildBill
Link to comment
Share on other sites

Hmm. I've got most of the changes in for MS-091, and I might have found why all the PS fonts show up as invalid when I try the XP driver as-is. I haven't tried patching it yet, but there's a section of code where they do this:

and [ebp+###], 0 (local variable)
ja ######## (if it takes the jump it means something is invalid)

The problem with this is that JA jumps if CF=0 and ZF=0. However, AND **always** sets CF=0 and also sets ZF=0 in this case because the result is 0. The end result: the condition is always true and it always makes the jump. I haven't tried to see what happens if I change the code but as it stands it isn't correct (and I checked the Intel docs to make sure).

Edited by WildBill
Link to comment
Share on other sites

I've finally added patches for MS10-091 and MS10-097 to the patch list. The number of changes in MS10-091 is enormous, so for anyone who wants to port it to other languages I strongly recommend translating the ENU version rather than porting all the changes to a different one. There's a reason why it took me a month to finish it. :(

On the flip side, MS10-097 was really easy and it only took a few hours to make. Next up will be either MS10-099 or MS11-002...I haven't yet decided which. I've taken a look at both, and while MS11-002 is critical I'm not sure yet how to attack it.

Each patch file has my notes bundled inside: you can get them by running them with the /x option to extract the contents.

Edited by WildBill
Link to comment
Share on other sites

GAH. I forgot to put in relocs for the MS10-097 patch. I've uploaded a V2 version and updated the link above, and the file version will bump up one more so you can tell it apart. If you installed V1 of MS10-097, just install the V2 version over it. Sorry for the mix-up :(

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...