jaclaz Posted June 7, 2015 Posted June 7, 2015 Incidentally, a similar method, but based solely (AFAIK) on the version of kernel32.dll, has been the way Kan Yabumoto settled on for xxcopy to know which windows it's running on, for quite a long time already... The loss of a sane versioning mechanism is another great accomplishment of the more recent versions of windows, so MS must be quite proud of it! OT , shameless plug , and only to show how great minds often think alike :http://reboot.pro/topic/18544-release-dll-verg4b-grub4dos-batch-to-find-dll-version/as used in PassPass:http://reboot.pro/topic/18588-passpass-bypass-the-password/ jaclaz
dencorso Posted June 7, 2015 Posted June 7, 2015 I do think SMSS.EXE may be the best file to target if using just a single system file to ascertain windows version, because it is rarely, if ever, replaced by hotfixes or security patches (and, BTW, here's some interesting info on Win 10's SMSS.EXE). But using more than one file should be more reliable, albeit a little more complicated.
jaclaz Posted June 7, 2015 Posted June 7, 2015 (and, BTW, here's some interesting info on Win 10's SMSS.EXE).I am failing to see the interesting part. Nothing has seemingly changed, there was only a hiccup in interpreting the logs, soon reviewed, corrected and explained.Or am I missing something? jaclaz
dencorso Posted June 7, 2015 Posted June 7, 2015 Well... I, for one, found that story interesting... but, yes, nothing changed. For the record, here is a pointer to Geoff Chappell's detailed version history for the NTOSKRNL, and a similar one for NTDLL is available on the same site make sure to scroll down... these pages are rather long, but quite worth it). Some more info on NTOSKRNL on this page.
jaclaz Posted June 7, 2015 Posted June 7, 2015 (edited) Well... I, for one, found that story interesting... but, yes, nothing changed.Well, then you might enjoy this .pdf about hacking an Iodd/Zalman Ve-400 encryption:https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Article-hardware_re_for_software_reversers-czarny_rigo.pdf I guess the moral is that sometimes it is not important where you go but rather the path that you choose to get there ... jaclaz Edited June 7, 2015 by jaclaz
rn10950 Posted June 7, 2015 Author Posted June 7, 2015 (edited) Version 2.0 is here! Here are the changes in this release:Improves compatibility with Windows 8.1, I just used the manifest and hoped for the best. I currently don't have access to a Windows 8.1 VM so anyone that does, can you please verify that it works?The x86 build works on both 32-bit and 64-bit WindowsMFC and VC++ classes are embedded in the application. I don't know if this works yet, so I still included the VC++ redistributable in the zip. Once I know that it works without the VC++ DLLs, I will stop including the installer.Special thanks to Glenn9999, NoelC, dencorso, and jaclaz for helping me with this update. Edited June 7, 2015 by rn10950
dencorso Posted June 7, 2015 Posted June 7, 2015 @rn10950: Great! Thanks! @all: We need to ascertain the version numbers of SMSS.EXE across Windows Versions... those I've not found anywhere... Well, then you might enjoy this .pdf about hacking an Iodd/Zalman Ve-400 encryption:https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Article-hardware_re_for_software_reversers-czarny_rigo.pdf@jaclaz:I sure do. Thanks! And here is something you might enjoy, too (it was fist published in 1891, mind you!)...
NoelC Posted June 7, 2015 Posted June 7, 2015 Can you think of Anything wrong with reading the build number from the registry at the following? [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] CurrentBuildNumber REG_SZ -Noel
dencorso Posted June 7, 2015 Posted June 7, 2015 Yes. It's easy to spoof. File versions require a lot more work to spoof. On things like this I agree with the X-files: "Trust no one!" And, just to start gathering some data, here's the only relevant datum I can provide: Windows 7 Ultimate x64 SP1 (EN-US) SMSS.EXE is v. 6.1.7601.18798, having a PE Timestamp of 0x5507A49D or Tue Mar 17, 2015 03:50:53 GMT, 112,640 bytes of size and SHA-1: D34ED774F9FDCBA938A7807BD8FB1B398C51BC81 Since this subject ends up touching on PE Timestamps, let me point out my own little tool to read them may be of help:Here's another link to it: PETmStp.7zIt's possible that the numbers listed here for 7 and later may hold... but better sure than sorry.
Glenn9999 Posted June 8, 2015 Posted June 8, 2015 Version 2.0 is here! <snip> Improves compatibility with Windows 8.1, I just used the manifest and hoped for the best. I currently don't have access to a Windows 8.1 VM so anyone that does, can you please verify that it works? <snip> Works great now. Only thing that might be good to add is an existence check (put up a message) if the update is already present. That wouldn't be too hard though. Like I said earlier, it might be worth trying to rig something up that's more generic if there's enough demand.
rn10950 Posted June 8, 2015 Author Posted June 8, 2015 (edited) Version 2.0 is here!<snip>Improves compatibility with Windows 8.1, I just used the manifest and hoped for the best. I currently don't have access to a Windows 8.1 VM so anyone that does, can you please verify that it works?<snip> Works great now. Only thing that might be good to add is an existence check (put up a message) if the update is already present. That wouldn't be too hard though. Like I said earlier, it might be worth trying to rig something up that's more generic if there's enough demand. I may do that, I am (and I already have code written for) also going to kill the GWX.EXE process after install and I am also thinking about adding an "Advanced Mode" that makes the Administrator owner of C:\WINDOWS\GWX, deletes its contents, and makes it read-only. What do you mean by more generic though? Edited June 8, 2015 by rn10950
Kelsenellenelvian Posted June 8, 2015 Posted June 8, 2015 Does this support switches to run it automatically? If not could you add it.
rn10950 Posted June 8, 2015 Author Posted June 8, 2015 Does this support switches to run it automatically? If not could you add it. Sure, I will add them in v3.0
Glenn9999 Posted June 8, 2015 Posted June 8, 2015 I may do that, I am (and I already have code written for) also going to kill the GWX.EXE process after install and I am also thinking about adding an "Advanced Mode" that makes the Administrator owner of C:\WINDOWS\GWX, deletes its contents, and makes it read-only. What do you mean by more generic though? Something that presents a menu of installed updates and allows you to select the one you want to uninstall.
dencorso Posted June 8, 2015 Posted June 8, 2015 What do you mean by more generic though?Something that presents a menu of installed updates and allows you to select the one you want to uninstall.In case you mean the updates in the menu ought to be limited to those listed in the thread about avoiding Win 10, I do fully agree.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now