Jump to content

Windows 10 GWX Update Removal Tool for Windows 7 and Windows 8.1


rn10950

Recommended Posts

Incidentally, a similar method, but based solely (AFAIK) on the version of kernel32.dll, has been the way Kan Yabumoto settled on for xxcopy to know which windows it's running on, for quite a long time already... The loss of a sane versioning mechanism is another great accomplishment of the more recent versions of windows, so MS must be quite proud of it! :crazy:

OT :w00t::ph34r:, shameless plug :blushing: , and only to show how great minds often think alike ;):

http://reboot.pro/topic/18544-release-dll-verg4b-grub4dos-batch-to-find-dll-version/

as used in PassPass:

http://reboot.pro/topic/18588-passpass-bypass-the-password/

 

jaclaz

Link to comment
Share on other sites


I do think SMSS.EXE may be the best file to target if using just a single system file to ascertain windows version, because it is rarely, if ever, replaced by hotfixes or security patches (and, BTW, here's some interesting info on Win 10's SMSS.EXE). But using more than one file should be more reliable, albeit a little more complicated.

Link to comment
Share on other sites

Well... I, for one, found that story interesting... but, yes, nothing changed.

For the record, here is a pointer to Geoff Chappell's detailed version history for the NTOSKRNL, and a similar one for NTDLL is available on the same site make sure to scroll down... these pages are rather long, but quite worth it).

Some more info on NTOSKRNL on this page.

Link to comment
Share on other sites

Well... I, for one, found that story interesting... but, yes, nothing changed.

Well, then you might enjoy this .pdf about hacking an Iodd/Zalman Ve-400 encryption:

https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Article-hardware_re_for_software_reversers-czarny_rigo.pdf

 

I guess the moral is that sometimes it is not important where you go but rather the path that you choose to get there ... :unsure:

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Version 2.0 is here!

 

Here are the changes in this release:

  • Improves compatibility with Windows 8.1, I just used the manifest and hoped for the best. I currently don't have access to a Windows 8.1 VM so anyone that does, can you please verify that it works?
  • The x86 build works on both 32-bit and 64-bit Windows
  • MFC and VC++ classes are embedded in the application. I don't know if this works yet, so I still included the VC++ redistributable in the zip. Once I know that it works without the VC++ DLLs, I will stop including the installer.

Special thanks to Glenn9999, NoelC, dencorso, and jaclaz for helping me with this update.

Edited by rn10950
Link to comment
Share on other sites

@rn10950: Great! Thanks! :thumbup

 

@all: We need to ascertain the version numbers of SMSS.EXE across Windows Versions... those I've not found anywhere... :}
 


@jaclaz:I sure do. Thanks! :thumbup
And here is something you might enjoy, too (it was fist published in 1891, mind you!)...

Link to comment
Share on other sites

Can you think of Anything wrong with reading the build number from the registry at the following?

 

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion]  

 

CurrentBuildNumber  REG_SZ

 

-Noel

 

Link to comment
Share on other sites

Yes. It's easy to spoof. File versions require a lot more work to spoof. On things like this I agree with the X-files: "Trust no one!"
 
And, just to start gathering some data, here's the only relevant datum I can provide:
 
Windows 7 Ultimate x64 SP1 (EN-US) SMSS.EXE is v. 6.1.7601.18798, having a PE Timestamp of 0x5507A49D or Tue Mar 17, 2015 03:50:53 GMT, 112,640 bytes of size and  SHA-1: D34ED774F9FDCBA938A7807BD8FB1B398C51BC81
 

Since this subject ends up touching on PE Timestamps, let me point out my own little tool to read them may be of help:
Here's another link to it: PETmStp.7z


It's possible that the numbers listed here for 7 and later may hold... but better sure than sorry.

Link to comment
Share on other sites

Version 2.0 is here!

<snip>

Improves compatibility with Windows 8.1, I just used the manifest and hoped for the best. I currently don't have access to a Windows 8.1 VM so anyone that does, can you please verify that it works?

<snip>

 

 

Works great now.    Only thing that might be good to add is an existence check (put up a message) if the update is already present.  That wouldn't be too hard though.  Like I said earlier, it might be worth trying to rig something up that's more generic if there's enough demand.

Link to comment
Share on other sites

 

Version 2.0 is here!

<snip>

Improves compatibility with Windows 8.1, I just used the manifest and hoped for the best. I currently don't have access to a Windows 8.1 VM so anyone that does, can you please verify that it works?

<snip>

 

 

Works great now.    Only thing that might be good to add is an existence check (put up a message) if the update is already present.  That wouldn't be too hard though.  Like I said earlier, it might be worth trying to rig something up that's more generic if there's enough demand.

 

 

I may do that, I am (and I already have code written for) also going to kill the GWX.EXE process after install and I am also thinking about adding an "Advanced Mode" that makes the Administrator owner of C:\WINDOWS\GWX, deletes its contents, and makes it read-only. What do you mean by more generic though?

Edited by rn10950
Link to comment
Share on other sites

I may do that, I am (and I already have code written for) also going to kill the GWX.EXE process after install and I am also thinking about adding an "Advanced Mode" that makes the Administrator owner of C:\WINDOWS\GWX, deletes its contents, and makes it read-only. What do you mean by more generic though?

 

 

Something that presents a menu of installed updates and allows you to select the one you want to uninstall.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...