Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


glnz

POSReady 2009 updates ported to Windows XP SP3 ENU

Recommended Posts

If I got it right, I could also directly patch my german win32k.sys v 5.1.2600.6712 (which I got after installing KB3013455) by the following steps:

Try 

1. Open the win32k.sys in a hex editor.

2. search for 8b d7 e8

3. recognice pattern 0x8b 0xd7 0xe8 * * 0x0 0x0, expect address about 55D1F

4. find e.g. E8 AB 25 00 00 at 530F7

5. search for 8b cb e8

6. recogince pattern 0x8b 0xcb 0xe8 * * 0xff 0xff, expect address about 55D2A

7. find e.g. E8 BE B4 FF FF at 53248

8. Patch 530F7 : E8 BE B4 FF FF

9. Patch 53248 : E8 AB 25 00 00

Adjust PE checksum

http://www.coderforlife.com/projects/utilities/#PEChecksum

A XP at a virtual machine does boot still.

Edited: Ignore this.

Try your patch. A different approach, the same patch:

search for 8b cb 8b d7 e8 expect address about 55D1F

find e.g. E8 22 7E FF FF at 55D1F

search for 8b d7 8b cb e8 expect address about 55D2A

find e.g. E8 EC 04 00 00 at 55D2A

Patch 55D1F : E8 EC 04 00 00

Patch 55D2A : E8 22 7E FF FF

Edited by cdob

Share this post


Link to post
Share on other sites

The Russion version of win32k.sys has the same offset for patching like an English one, and it works perfectly, thanks harkaz ;)

 

By the way, i have to add my one cent to "update.ver" file patching. It has the structure, as it described below:

[sourceFileInfo]
sp3qfe\win32k.sys=D34BA6467C2109D604646747AB33D3AC,000500010A281A4D,1890432,SP3QFE,7B2FBF88
|----------- MD5 -------------| |-- Version --| |--bytes--| |--Branch--| |--Unknown--|
========
In our case Version is 5.1.2600.6733, so it can be decoded in this way:
0x0005 - 5
0x0001 - 1
0x0A28 - 2600
0x1A4D - 6733

 

PS: What means the last group of digits i dont know. If anyone knows, so describe it here, please.

Edited by eGo®Z

Share this post


Link to post
Share on other sites

 

If I got it right, I could also directly patch my german win32k.sys v 5.1.2600.6712 (which I got after installing KB3013455) by the following steps:

Adjust PE checksum

http://www.coderforlife.com/projects/utilities/#PEChecksum

A XP at a virtual machine does boot still.

Edited: Ignore this.

Try you patch. A different approach, the same patch:

search for 8b cb 8b d7 e8 expect address about 55D1F

find e.g. E8 22 7E FF FF at 55D1F

search for 8b d7 8b cb e8 expect address about 55D2A

find e.g. E8 EC 04 00 00 at 55D2A

Patch 55D1F : E8 EC 04 00 00

Patch 55D2A : E8 22 7E FF FF

 

Yeah, that was exactly the result I got by doing it my way, but I didn't adjust PE checksum - after using the tool you suggested, I didn't get a BSOD anymore when booting, but the font corruption wasn't cured. So, as Dave-H said that he had to re-do the ClearType tuning, I tried this, too, by installing Microsofts Cleartype Tuner Powertoy. But then I got BSOD after BSOD, so in the end, I had to recover my imaged file :-(

 

Has anyone an idea what did go wrong?

Edited by Mister Floppy

Share this post


Link to post
Share on other sites

@Mister Floppy

Patch 55D1F : E8 F7 04 00 00
Patch 55D2A : E8 17 7E FF FF

Danach PEChecksum an win32k.sys ausführen! Funktioniert bei mir einwandfrei!

 

Then run PEChecksum on win32k.sys! Works perfectly for me!

 

Many thank's to harkaz and cdob for very good working!

:thumbup 

Edited by heinoganda
  • Upvote 2

Share this post


Link to post
Share on other sites

Patch 55D1F

Patch 55D2A

Works perfectly for me!

 

The Russion version of win32k.sys has the same offset for patching like an English one

With some KB files

for /r %a in (win32k.sys) do @if exist %a gsar -b "-s:x8b:xcb:x8b:xd7:xe8" "%a" | find "0x55"
X86-ar-windowsxp-kb3013455-x86-embedded-ara\SP3QFE\win32k.sys: 0x55d1b

X86-cs-windowsxp-kb3013455-x86-embedded-csy\SP3QFE\win32k.sys: 0x55d1b

X86-da-windowsxp-kb3013455-x86-embedded-dan\SP3QFE\win32k.sys: 0x55d1b

X86-de-windowsxp-kb3013455-x86-embedded-deu\SP3QFE\win32k.sys: 0x55d1b

X86-el-windowsxp-kb3013455-x86-embedded-ell\SP3QFE\win32k.sys: 0x55d1b

X86-en-windowsxp-kb3013455-x86-embedded-enu\SP3QFE\win32k.sys: 0x55d1b

X86-es-windowsxp-kb3013455-x86-embedded-esn\SP3QFE\win32k.sys: 0x55d1b

X86-fi-windowsxp-kb3013455-x86-embedded-fin\SP3QFE\win32k.sys: 0x55d1b

X86-fr-windowsxp-kb3013455-x86-embedded-fra\SP3QFE\win32k.sys: 0x55d1b

X86-he-windowsxp-kb3013455-x86-embedded-heb\SP3QFE\win32k.sys: 0x55d1b

X86-hu-windowsxp-kb3013455-x86-embedded-hun\SP3QFE\win32k.sys: 0x55d1b

X86-it-windowsxp-kb3013455-x86-embedded-ita\SP3QFE\win32k.sys: 0x55d1b

X86-ja-windowsxp-kb3013455-x86-embedded-jpn\SP3QFE\win32k.sys: 0x55d1b

X86-ko-windowsxp-kb3013455-x86-embedded-kor\SP3QFE\win32k.sys: 0x55d1b

X86-nl-windowsxp-kb3013455-x86-embedded-nld\SP3QFE\win32k.sys: 0x55d1b

X86-no-windowsxp-kb3013455-x86-embedded-nor\SP3QFE\win32k.sys: 0x55d1b

X86-pl-windowsxp-kb3013455-x86-embedded-plk\SP3QFE\win32k.sys: 0x55d1b

X86-pt-br-windowsxp-kb3013455-x86-embedded-ptb\SP3QFE\win32k.sys: 0x55d1b

X86-pt-windowsxp-kb3013455-x86-embedded-ptg\SP3QFE\win32k.sys: 0x55d1b

X86-ru-windowsxp-kb3013455-x86-embedded-rus\SP3QFE\win32k.sys: 0x55d1b

X86-sv-windowsxp-kb3013455-x86-embedded-sve\SP3QFE\win32k.sys: 0x55d1b

X86-tr-windowsxp-kb3013455-x86-embedded-trk\SP3QFE\win32k.sys: 0x55d1b

X86-zh-cn-windowsxp-kb3013455-x86-embedded-chs\SP3QFE\win32k.sys: 0x55d1b

X86-zh-tw-windowsxp-kb3013455-x86-embedded-cht\SP3QFE\win32k.sys: 0x55d1b

It's the same offset at all languages.

  • Upvote 1

Share this post


Link to post
Share on other sites

I think I have found a difference:

 

The order of command execution is reversed.

 

2uig1ol.jpg

I can't find such difference in my 6712 CHT when comparing with 6648 CHT.

 

EDIT: oh you mean WindowsServer2003-KB3013455-x86-ENU vs WindowsServer2003-KB3037639-x86-ENU

in post http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/page-13#entry1095037does work. thanks!

Edited by roytam1

Share this post


Link to post
Share on other sites

 

 

If I got it right, I could also directly patch my german win32k.sys v 5.1.2600.6712 (which I got after installing KB3013455) by the following steps:

Adjust PE checksum

http://www.coderforlife.com/projects/utilities/#PEChecksum

A XP at a virtual machine does boot still.

Edited: Ignore this.

Try you patch. A different approach, the same patch:

search for 8b cb 8b d7 e8 expect address about 55D1F

find e.g. E8 22 7E FF FF at 55D1F

search for 8b d7 8b cb e8 expect address about 55D2A

find e.g. E8 EC 04 00 00 at 55D2A

Patch 55D1F : E8 EC 04 00 00

Patch 55D2A : E8 22 7E FF FF

 

Yeah, that was exactly the result I got by doing it my way, but I didn't adjust PE checksum - after using the tool you suggested, I didn't get a BSOD anymore when booting, but the font corruption wasn't cured. So, as Dave-H said that he had to re-do the ClearType tuning, I tried this, too, by installing Microsofts Cleartype Tuner Powertoy. But then I got BSOD after BSOD, so in the end, I had to recover my imaged file :-(

 

Has anyone an idea what did go wrong?

 

not only copying bytes but also need offset value adjustment as http://www.msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/page-13#entry1095037posted.

Share this post


Link to post
Share on other sites

2. Go to Offset 55D1F and note its and the following 4 bytes values.

3. Go to Offset 55D2A and note its and the following 4 bytes values.

4. Replace the values at Offset 55D1F with the ones I noted under step 3.

5. Replace the values at Offset 55D2A with the ones I noted under step 2.

It's the same offset at all languages.

A batch

dd.exe if=win32k.sys of=55D1F.bin skip=351519 bs=1 count=5dd.exe if=win32k.sys of=55D2A.bin skip=351530 bs=1 count=5dd.exe if=55D1F.bin of=win32k.sys seek=351530 bs=1 count=5dd.exe if=55D2A.bin of=win32k.sys seek=351519 bs=1 count=5PEChecksum.exe win32k.sys
http://www.chrysocome.net/dd

http://www.coderforlife.com/projects/utilities/#PEChecksum

Share this post


Link to post
Share on other sites

Thanks cdob!! A very nice and clean script, dd might come in handy for other tasks as well, nice new addition to my toolkit.

 

So do you think I could use WinNTSetup to replace win32k.sys after "apply" of the XP files to HD, just prior to start of XP setup? I'm not an expert in other setup (inf) files, so I don't know if there are other checkums to edit?

 

Thanks again!

Share this post


Link to post
Share on other sites

@ cdob
I have tested your batch on virt. Machine, very good Idea, but with the patched win32k.sys all my fonts brocken!


your code: brocken all fonts

Patch 55D1F : E8 EC 04 00 00

Patch 55D2A : E8 22 7E FF FF


harkaz code: all fonts ok

Patch 55D1F : E8 F7 04 00 00

Patch 55D2A : E8 17 7E FF FF


:(

Edited by heinoganda
  • Upvote 1

Share this post


Link to post
Share on other sites

I have tested your batch on virt. Machine, very good Idea, but with the patched win32k.sys all my fonts brocken!

Thanks for report. Did I misunderstood the instruction?

Patch harkaz code as fixed code for all languages?

Patch 55D1F : E8 F7 04 00 00

Patch 55D2A : E8 17 7E FF FF

Share this post


Link to post
Share on other sites

 

I have tested your batch on virt. Machine, very good Idea, but with the patched win32k.sys all my fonts brocken!

Thanks for report. Did I misunderstood the instruction?

Patch harkaz code as fixed code for all languages?

Patch 55D1F : E8 F7 04 00 00

Patch 55D2A : E8 17 7E FF FF

 

seems so.

  • Upvote 1

Share this post


Link to post
Share on other sites

cdob

Yes, the harkaz code is the correctly code to fix all languages!

 
Have yourself first your code tries on the German version of win32k.sys, where in all the font smoothing have been disabled. With harkaz code has then for font smoothing is working again! In harkaz patched win32k.sys, I looked at myself in the HEX editor and compared with the original Microsoft my enlightenment came the 2 codes (F7 and 17) there is a difference.
 
 
Sorry for my bad english.  :)
Edited by heinoganda
  • Upvote 1

Share this post


Link to post
Share on other sites

@cdob

@all

Once there will be agreement on the patch, maybe better suited than dd would be hexalter:

kuwanger.net/misc/hexalter.shtml

possibly even using an ips file.

jaclaz

Share this post


Link to post
Share on other sites

@ jaclaz

Here a batch for hexalter and PEChecksum:

hexalter.exe win32k.sys 0x55D20=0xF7 0x55D21=0x04 0x55D22=0x00 0x55D23=0x00 0x55D2B=0x17 0x55D2C=0x7E 0x55D2D=0xFF 0x55D2E=0xFF
PEChecksum.exe win32k.sys
Edited by heinoganda
  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×