Jump to content

Latest Version of Software Running on XP


pointertovoid

Recommended Posts

2 hours ago, IntMD said:

I've scanned these files with Windows Defender/Security in Windows 10 1909 (18363.535) with latest definitions, and it hasn't detected anything.

At both of your VirusTotal links, Microsoft's engine detects Trojan Win32/Occamy C. In the past, I have submitted fake "Flash Player Updates" offered as drive-by downloads by strange URLs I was mysteriously redirected to (i.e. couldn't possibly be legitimate) that were only detected by 2 or 3 engines. I'm with caliber, and would never consider using a program that is detected by 23 engines!

Link to comment
Share on other sites


On 1/5/2020 at 7:36 PM, caliber said:

that tool from github contains a trojan. why don't github files get scanned ?

 

 

trojan.png

 

avast1.png

It has a file called "kernelxp.dll". Once you patch a programme, the programme will use kernelxp.dll instead of directly calling the XP kernel. Such a thing is needed as it implements redirections to the xp kernel for known functions while it uses Wine implementations for those missing. Of course an antivirus isn't going to like that! Heck, you're basically redirecting calls of programmers and you're gonna let pass to the real kernel only those you decided to let pass while you're gonna employ a non Microsoft compiled and totally unsigned mini kernel for the others. What did you expect from the Antivirus? To say that everything was fine? XD

Anyway those are all false positive. Feel free to check @TuMaGoNx code on Github if you don't believe me.

As to the behaviours you encountered, you may wanna let him know if you are 100% sure that it's xompie that it's causing them.

By the way, Tuma, shall we expect a new release in the future or did you just drop the project?

Link to comment
Share on other sites

2 hours ago, FranceBB said:

 Once you patch a programme, the programme will use kernelxp.dll instead of directly calling the XP kernel.

Anyway those are all false positive. Feel free to check @TuMaGoNx code on Github if you don't believe me.

I have not patched anything with it.

it could be a false positive for Avast but once you install it and get infected it can be nothing but a trojan.

Link to comment
Share on other sites

10 hours ago, caliber said:

it could be a false positive for Avast but once you install it and get infected it can be nothing but a trojan.

Like I said, provide concrete proof that it's a trojan, and not just a circumstantial thing.

Have you tried making a clean XP SP3 VM to test whether this also happens with both 0.6a and the master build?

Link to comment
Share on other sites

On 1/6/2020 at 4:02 PM, caliber said:

this trojan makes firefox based browsers @roytam1 almost unusable unless you delete the profile folder or start them in safe mode.

I had sort of this problem with Roy's browsers after installing XomPie (On Windows Server 2003 the browsers don't start at all and some programs that aren't patched give errors until you uninstall the patcher) It seems like there some sort of "DLL conflict" with the programs, but again it's NOT a Trojan or nor anything malicious included, some AntiViruses give false positives for these custom DLLs from my experience :)

Link to comment
Share on other sites

11 hours ago, Nojus2001 said:

I had sort of this problem with Roy's browsers after installing XomPie (On Windows Server 2003 the browsers don't start at all and some programs that aren't patched give errors until you uninstall the patcher) It seems like there some sort of "DLL conflict" with the programs, but again it's NOT a Trojan or nor anything malicious included, some AntiViruses give false positives for these custom DLLs from my experience :)

I cannot say I've ever run into this problem you speak of. I've even installed XomPie on server 03, didnt happen there.

Link to comment
Share on other sites

  • 2 weeks later...
37 minutes ago, caliber said:

1.8.5 or 2.04 I use either of them they feature the last nice visual theme.

I know, I myself use these versions and version 2.1.1 with the skin installed. I just found out that the latest version is not working already, so I’m looking for the latest supported one to add it to the archive.

Link to comment
Share on other sites

On 1/17/2020 at 3:00 PM, RED-CHAMBER said:

The latest version of Telegram 1.9.3 can be installed but is no longer compatible with XP. So, I guess the support's over.

In case anyone was wondering, I tried with my modified kernel and it doesn't run on my machine either.

All the missing kernel calls are patched except for "CancelIoEx": https://docs.microsoft.com/en-us/windows/win32/fileio/cancelioex-func

The good news though was that there's CancelIo in Windows XP, so I replaced CancelIoEx with its non-ex counterpart and I tried to make a few tests without any positive result. 

The reason is that the normal CancelIo (the non-ex one available in XP) can't be used to cancel io operations in other threads, so most of time it just hangs on nn_close... :(

On top of that, the new code has several missing calls for the UI as well and I can't fix any of them in Shell32 as I'm not a UI guy... :(

I guess I'm gonna stick with 1.8.15 'till it's gonna work, then I don't know... :(

 

A few screenshot for those interested:

On a normal XP SP4 Installation:

8XG3jz0.png

On my XP running a custom kernel:

RNUINlc.png

 

Then there are missing calls in Shell32 and User32:

wtIxfTL.png

1SI3IxL.png

 

SA5Rja6.png

 

 

I guess that's pretty much it for Telegram, unless someone wants to try to fork it and re-introduce XP compatibility.

I'll leave a link to the source code anyway: https://github.com/telegramdesktop/tdesktop

Out of curiosity, is there anyone who can try the official installer on Windows Vista?

 

Edited by FranceBB
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...