Zorba the Geek Posted December 28, 2021 Posted December 28, 2021 (edited) Can someone explain in a nutshell how ImportPatcher works so that a newbie can get started with it. I dabbled with it by targeting Python37.dll version 3.7.9150.1013 under Windows XP. First I analyzed with Importpatcher and this is the result I received in Python3#.ini [Patches needed] python37.dll=Functions [KERNEL32.dll] GetFinalPathNameByHandleW= InitializeProcThreadAttributeList= UpdateProcThreadAttribute= DeleteProcThreadAttributeList= GetTickCount64= This is what I received in Python3#.log. I have edited out the imports from everything except those from the problematic KERNEL32.dll and WS2_32.dll to make this post easier to read. ImportPatcher.41 Portable Executable: "F:\Internet Downloads\Python\Python 3.7.9\python37.dll" TimeDateStamp: 2020 Aug 17 19:02:10 OS Subsystem Version: 6.0 Importing from WS2_32.dll TimeDateStamp: 2016 May 10 19:21:18 OS Subsystem Version: 4.10 ? 19 ? 7 ? 111 Importing from KERNEL32.dll TimeDateStamp: 2019 Mar 19 18:39:07 OS Subsystem Version: 4.0 * GetFinalPathNameByHandleW * not found * InitializeProcThreadAttributeList * not found * UpdateProcThreadAttribute * not found * DeleteProcThreadAttributeList * not found * GetTickCount64 * not found The log file seems to be importing all the exports of the modules that Python37.dll is linked to. Does that mean that it is listing all the imports in Python37.dll's import table, while noting those that are missing from the OS, and nothing is changed in Python3#.dll? The ini file lists patches required for the missing imports from kernel32.dll. This is the difficult bit. Where do you obtain the patches from, or how do you create them? Are you supposed to extract sections from an NT6 version of kernel32.dll using the hex editor in IDA Pro, or is there some way of automatically creating these patches? Edited December 28, 2021 by Zorba the Geek
jumper Posted December 29, 2021 Author Posted December 29, 2021 (edited) The log file shows all imports, not just the missing ones. It has lots of details for experts. Feature creep has made it ever harder to understand, so just ignore it. You should also ignore the ini file, a historical legacy, and just use the dialog box interface. Just fill in the name of a replacement function after each equal sign. For example: GetTickCount64=GetTickCount Then click Patch. For functions missing from Kernel32, try DebugBreak if research doesn't turn up a better option. Edited December 29, 2021 by jumper
Goodmaneuver Posted December 30, 2021 Posted December 30, 2021 It cannot make changes if the new function name is longer than the function name to be replaced. The checksum will be removed.
kampaster Posted March 31, 2022 Posted March 31, 2022 Good afternoon! Please help me to patch PickMeApp for windows 2000 (this program helps to port applications from one operating system to another) By the way, maybe you have not heard about it and it will be useful for you! The PickMeApp site says it does not officially support windows 2000. The latest versions of PickMeApp do not even work on Windows XP But I found a version of PickMeApp0_5_11_7 which works perfectly on Windows Xp Maybe you can patch PickMeApp to make it work on windows 2000? Thank you! File link: https://drive.google.com/file/d/1AsQPjV-Kss8uD_o8gc5pOK1pW2KgTHdb/view?usp=sharing mirror https://cloud.mail.ru/public/5i4R/v46emd35g mirror https://disk.yandex.kz/d/hhQoDqrla-xKBw
windows2 Posted April 5, 2022 Posted April 5, 2022 (edited) On 3/31/2022 at 9:43 AM, kampaster said: Good afternoon! Please help me to patch PickMeApp for windows 2000 (this program helps to port applications from one operating system to another) By the way, maybe you have not heard about it and it will be useful for you! The PickMeApp site says it does not officially support windows 2000. The latest versions of PickMeApp do not even work on Windows XP But I found a version of PickMeApp0_5_11_7 which works perfectly on Windows Xp Maybe you can patch PickMeApp to make it work on windows 2000? Thank you! File link: https://drive.google.com/file/d/1AsQPjV-Kss8uD_o8gc5pOK1pW2KgTHdb/view?usp=sharing mirror https://cloud.mail.ru/public/5i4R/v46emd35g mirror https://disk.yandex.kz/d/hhQoDqrla-xKBw Hi @kampaster , I think you dont know the blackwingcat extended kernel for windows 2000, for me PickMeApp work correctly on windows 2000 : at first you should to install the bwc update Windows2000-KB935839-v31aM-x86-ENU , link of update : http://blog.livedoor.jp/blackwingcat/archives/1299806.html and before you should to install wlu decompressor from bwc site : http://win2k.org/wlu/wluen.htm Edited April 5, 2022 by windows2 1
kampaster Posted April 6, 2022 Posted April 6, 2022 23 hours ago, windows2 said: Привет@кампастер , я думаю, вы не знаете расширенное ядро blackwingcat для Windows 2000, для меня PickMeApp правильно работает на Windows 2000 : сначала вы должны установить обновление bwc Windows2000-KB935839-v31aM-x86-ENU, ссылка на обновление : http://blog.livedoor.jp/blackwingcat/archives/1299806.html и прежде чем вы должны установить декомпрессор wlu с сайта bwc : http://win2k.org/wlu/wluen.htm Hi! If I make a kernel modification then my program which I wanted to transfer with PickMeApp stops working (probably the kernel update makes some modifications in the registry) So I suggested that it is possible to patch PickMeApp itself without modifying the system
jumper Posted April 6, 2022 Author Posted April 6, 2022 On the target system, put ImportPatcher.exe in the same folder as the program to be patched. Drop the main executable onto ImportPatcher. Analyze. What are the results?
mina7601 Posted April 7, 2022 Posted April 7, 2022 I put ImportPatcher.exe in PickMeApp's folder, and dropped the main exe to ImportPatcher: Then I analyzed, and these are the results:
WinWord2000 Posted April 10, 2022 Posted April 10, 2022 (edited) 10 hours ago, jumper said: W2k? I see it is W2k without bwc update WinWord2000 Grazie a tutti ! Edited April 10, 2022 by WinWord2000
mina7601 Posted April 10, 2022 Posted April 10, 2022 10 hours ago, jumper said: W2k? 4 minutes ago, WinWord2000 said: I see it is W2k without bwc update WinWord2000 Grazie a tutti ! Yes, this is vanilla 2K! I think that's what @kampaster wants.
jumper Posted April 11, 2022 Author Posted April 11, 2022 Thanks. Didn't recognize it. Too many important-sounding APIs missing. Chance of even partial success next to nil. Locate missing DLLs and add replacement api names. Then Patch. 1
WinWord2000 Posted April 11, 2022 Posted April 11, 2022 (edited) 17 hours ago, jumper said: Thanks. Didn't recognize it. Too many important-sounding APIs missing. Chance of even partial success next to nil. Locate missing DLLs and add replacement api names. Then Patch. this win2k without bwc update I used XP kernel32.dll with new name kernel2.dll I have removed a letter from every function name in order the checksum will be not removed, so the operation was completed successfully but the error has not changed Always the same error ! WinWord2000 Grazie a tutti ! Edited April 11, 2022 by WinWord2000
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now