Jump to content

ImportPatcher.41 - Find and fix dependency problems


jumper

Recommended Posts

Can someone explain in a nutshell how ImportPatcher works so that a newbie can get started with it.  I dabbled with it by targeting Python37.dll version 3.7.9150.1013 under Windows XP.

First I analyzed with Importpatcher and this is the result I received in Python3#.ini

[Patches needed]
python37.dll=Functions          
[KERNEL32.dll]
GetFinalPathNameByHandleW=
InitializeProcThreadAttributeList=
UpdateProcThreadAttribute=
DeleteProcThreadAttributeList=
GetTickCount64=

This is what I received in Python3#.log.  I have edited out the imports from everything except those from the problematic KERNEL32.dll and WS2_32.dll to make this post easier to read.

ImportPatcher.41
Portable Executable: "F:\Internet Downloads\Python\Python 3.7.9\python37.dll"
  TimeDateStamp:        2020 Aug 17 19:02:10
  OS Subsystem Version: 6.0 
  Importing from WS2_32.dll
    TimeDateStamp:        2016 May 10 19:21:18
    OS Subsystem Version: 4.10 
    ? 19
    ? 7
    ? 111
  Importing from KERNEL32.dll
    TimeDateStamp:        2019 Mar 19 18:39:07
    OS Subsystem Version: 4.0 
    * GetFinalPathNameByHandleW	* not found
    * InitializeProcThreadAttributeList	* not found
    * UpdateProcThreadAttribute	* not found
    * DeleteProcThreadAttributeList	* not found
    * GetTickCount64	* not found

The log file seems to be importing all the exports of the modules that Python37.dll is linked to.  Does that mean that it is listing all the imports in Python37.dll's import table, while noting those that are missing from the OS, and nothing is changed in Python3#.dll?

The ini file lists patches required for the missing imports from kernel32.dll.  This is the difficult bit.  Where do you obtain the patches from, or how do you create them?  Are you supposed to extract sections from an NT6 version of kernel32.dll using the hex editor in IDA Pro, or is there some way of automatically creating these patches?

Edited by Zorba the Geek
Link to comment
Share on other sites


The log file shows all imports, not just the missing ones. It has lots of details for experts. Feature creep has made it ever harder to understand, so just ignore it.

You should also ignore the ini file, a historical legacy, and just use the dialog box interface.

Just fill in the name of a replacement function after each equal sign. For example:

GetTickCount64=GetTickCount

Then click Patch. For functions missing from Kernel32, try DebugBreak if research doesn't turn up a better option.

 

Edited by jumper
Link to comment
Share on other sites

  • 3 months later...

Good afternoon!

Please help me to patch PickMeApp for windows 2000

(this program helps to port applications from one operating system to another) 

By the way, maybe you have not heard about it and it will be useful for you!

The PickMeApp site says it does not officially support windows 2000.

The latest versions of PickMeApp do not even work on Windows XP

But I found a version of PickMeApp0_5_11_7 which works perfectly on Windows Xp

Maybe you can patch PickMeApp to make it work on windows 2000?

Thank you!

File link:

https://drive.google.com/file/d/1AsQPjV-Kss8uD_o8gc5pOK1pW2KgTHdb/view?usp=sharing

mirror

https://cloud.mail.ru/public/5i4R/v46emd35g

mirror

https://disk.yandex.kz/d/hhQoDqrla-xKBw

 

Link to comment
Share on other sites

On 3/31/2022 at 9:43 AM, kampaster said:

Good afternoon!

Please help me to patch PickMeApp for windows 2000

(this program helps to port applications from one operating system to another) 

By the way, maybe you have not heard about it and it will be useful for you!

The PickMeApp site says it does not officially support windows 2000.

The latest versions of PickMeApp do not even work on Windows XP

But I found a version of PickMeApp0_5_11_7 which works perfectly on Windows Xp

Maybe you can patch PickMeApp to make it work on windows 2000?

Thank you!

File link:

https://drive.google.com/file/d/1AsQPjV-Kss8uD_o8gc5pOK1pW2KgTHdb/view?usp=sharing

mirror

https://cloud.mail.ru/public/5i4R/v46emd35g

mirror

https://disk.yandex.kz/d/hhQoDqrla-xKBw

 

Hi @kampaster , I think you dont know the blackwingcat extended kernel for windows 2000, for me PickMeApp work correctly on windows 2000 :

Capsssture.thumb.PNG.6ac88befe948d68ba411db8083673770.PNG

at first you should to install the bwc update Windows2000-KB935839-v31aM-x86-ENU , link of update :

http://blog.livedoor.jp/blackwingcat/archives/1299806.html

and before you should to install wlu decompressor from bwc site :

http://win2k.org/wlu/wluen.htm

 

Edited by windows2
Link to comment
Share on other sites

23 hours ago, windows2 said:

Привет@кампастер , я думаю, вы не знаете расширенное ядро blackwingcat для Windows 2000, для меня PickMeApp правильно работает на Windows 2000 :

Capsssture.thumb.PNG.6ac88befe948d68ba411db8083673770.PNG

сначала вы должны установить обновление bwc  Windows2000-KB935839-v31aM-x86-ENU, ссылка на обновление :

http://blog.livedoor.jp/blackwingcat/archives/1299806.html

и прежде чем вы должны установить декомпрессор wlu с сайта bwc :

http://win2k.org/wlu/wluen.htm

 

Hi!

If I make a kernel modification then my program which I wanted to transfer with PickMeApp stops working (probably the kernel update makes some modifications in the registry)

So I suggested that it is possible to patch PickMeApp itself without modifying the system

Link to comment
Share on other sites

On the target system, put ImportPatcher.exe in the same folder as the program to be patched. Drop the main executable onto ImportPatcher. Analyze. What are the results?

 

Link to comment
Share on other sites

Thanks. Didn't recognize it. Too many important-sounding APIs missing. Chance of even partial success next to nil. 

Locate missing DLLs and add replacement api names. Then Patch.

 

Link to comment
Share on other sites

17 hours ago, jumper said:

Thanks. Didn't recognize it. Too many important-sounding APIs missing. Chance of even partial success next to nil. 

Locate missing DLLs and add replacement api names. Then Patch.

 

this win2k without bwc update 

I used XP kernel32.dll with new name kernel2.dll

I have removed a letter from every function name in order the checksum will be not removed, so the operation was completed successfully but the error has not changed

1.PNG.b2b8c1a82b6cfacc7c5b18d42aeddc3b.PNG2.PNG.b3f33e3ca03deb377ff5492d83c951d6.PNG

Always the same error !

 

WinWord2000 Grazie a tutti !

e.PNG.abe4c659aa826b80d5735b1812bc01e3.PNG

Edited by WinWord2000
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...