Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

PE Tool for creating patches


WildBill
 Share

Recommended Posts


I've been sitting on the update so I could test it thoroughly, but I just posted KB2479629. It combines KB2479628 and KB2393802, rendering them obsolete. It also adds some new stuff:

 

ntoskrnl/ntkrnlpa/ntkrnlmp/ntkrpamp.exe

 

The fix for the NTQueryInformationProcess bug that blackwingcat found.

 

setupapi.dll

 

Added SetupUninstallOEMInfW

 

user32.dll

 

Added true implementations for the following (for mouse and keyboard support only, not other USB devices)

 

DefRawInputProc

GetRawInputBuffer

GetRawInputData

GetRawInputDeviceInfoA

GetRawInputDeviceInfoW

GetRawInputDeviceList

GetRegisteredRawInputDevices

RegisterRawInputDevices

 

win32k.sys

 

Kernel-side implementation of the raw-input API that user32.dll invokes (where the real work is).

 

wtsapi32.dll

 

Added stubs for WTSRegisterSessionNotification and WTSUnRegisterSessionNotification

Link to comment
Share on other sites

  • 5 months later...

New update: KB2508429 v16 (apparently I never uploaded v15, oh well...). There are three new functions for advapi32 since v14:

 

RegSaveKeyExA

RegSaveKeyExW

EnumerateTraceGuids

Link to comment
Share on other sites

  • 1 month later...

It's been a long while since I mentioned it, but I've quietly been working on a total rewrite of kernel32.dll in C. It took forever, but I've finally squashed enough of the bugs such that it's booting in a VM without exhibiting any errors. Once I synchronize it with the current kernel32.dll in my patches, I'll be releasing a new version of the rewrite with full source.

  • Upvote 1
Link to comment
Share on other sites

Thanks for your work Wildbill.

To run some modern browsers, some missing dependencies are required. Could you add them?

GetNumaHighestNodeNumber - Palemoon AtomXP 25x, Firefox 39x

GetLogicalProcessorInformation - Palemoon AtomXP SSE (for old processors) - http://www.romanstefko.com/pale-moon-sse/

CreateActCtxW - K-meleon 75x

WTSGetActiveConsoleSessionId, RtlCaptureContext - Vivaldi - https://vivaldi.com/

Edited by tierney
Link to comment
Share on other sites

  • 5 weeks later...

There seems to be a bug in KB2479629: When I attempt to install it on a "fresh" Windows 2000 system (Windows 2000 SP4+UR1, no unofficial patches installed), the installer will say that KB2479628 is not installed. From looking at update.inf, it seems like the old WIN32K.SYS version check from MS11-011/KB2393802 was left in the INF. Removing the check from the INF fixed the installer and everything is working.

 

Thanks again for the patches!

Link to comment
Share on other sites

Thanks for your work Wildbill.

To run some modern browsers, some missing dependencies are required. Could you add them?

GetNumaHighestNodeNumber - Palemoon AtomXP 25x, Firefox 39x

GetLogicalProcessorInformation - Palemoon AtomXP SSE (for old processors) - http://www.romanstefko.com/pale-moon-sse/

CreateActCtxW - K-meleon 75x

WTSGetActiveConsoleSessionId, RtlCaptureContext - Vivaldi - https://vivaldi.com/

 

Funny that you mention those, since I'm testing an update here that adds the first two (GetNumaHighestNodeNumber and GetLogicalProcessorInformation). Unfortunately health issues intervened and I'm currently recovering from gall bladder surgery. When I get back on my feet so to speak I'll try to remember to look at the rest of those.

Edited by WildBill
Link to comment
Share on other sites

  • 2 weeks later...

Thanks! I'm almost fully recovered; I had a bout of anemia a couple weeks ago, and I've been cooking steaks every night to try to get my numbers back up. I'll be seeing the doc tomorrow, but I anticipate that I should be back to work on Monday.

 

I've started looking at the requested routines, and it looks like I only need to add CreateActCtxW (as the patch versions I have here already contain the other routines). That one will be tricky because I've found that putting in stub versions causes some applications to act wonky (because they expect them to actually work). I once took a stab ad making fully functional versions of the activation context API (which MS calls the Fusion API), but it's far from trivial. Still, taking another look never hurts.

Link to comment
Share on other sites

  • 1 month later...

I've got a couple new versions posted up on the master list:

 

Windows2000-KB2508429-v17-x86-ENU.exe

 

iphlpapi.dll

if_indextoname
 

 

 

Windows2000-KB2479629-v3-x86-ENU.exe

 

(There was no v2, that was internal and only added IsProcessInJob)

 

kernel32.dll

IsProcessInJob
GetNumaHighestNodeNumber
GetNumaProcessorNode
GetNumaNodeProcessorMask
GetNumaProcessorMap
GetNumaAvailableMemory
GetNumaAvailableMemoryNode
GetLogicalProcessorInformation


ntdll.dll

NtIsProcessInJob
ZwIsProcessInJob


ntoskrnl.exe/ntkrnlpa.exe/ntkrnlpa.exe/ntkrpamp.exe

Added support to NtQuerySystemInformation for new kernel32 API calls

Edited by WildBill
Link to comment
Share on other sites

Unfortunately, I have been unable to download Windows2000-KB2479629-v3-x86-ENU.exe.

 

MediaFire says "The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files."

Link to comment
Share on other sites

Unfortunately, I have been unable to download Windows2000-KB2479629-v3-x86-ENU.exe.

 

MediaFire says "The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files."

 

That's just bizarre. I scanned it on my end with Avast and it's clean, so I deleted it from MediaFire and I'm re-uploading it. I'll update the link once it completes.

 

Hmm. It still thinks it's infected, so I rebuilt the .exe and I'm reposting it. For some reason the new one is different from the original. I have no idea why.

Edited by WildBill
Link to comment
Share on other sites

zip, rar or 7z it with a password, and MediaFire'll stop meddling. If I may suggest a general password for such cases, "False8positivE" is a good one. :)

 

 

BTW, how many false positives does it get from Virus Total?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...