Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


pointertovoid

Latest Version of Software Running on XP

Recommended Posts


Looking around the page below (I use fileoptimizer every now and then), saw this thing:

https://nikkhokkho.sourceforge.io/static.php?page=PatchPE

Supposedly, " PatchPE is a patcher for PE executable headers, that could make them compatible with older versions of Windows. Additionaly it enables LAA (Large Address Aware) attribute to the EXE, so it can take advantage of allocating more than 2 GB. of physical memory. Recent linkers, use to add latest versions on the headers, so, you can find programs that are marked to work only on Windows 10, but once patched, they can work in Windows XP, or even 2000 or NT."

Has anybody tried it?
 

Share this post


Link to post
Share on other sites
Posted (edited)
On 12/31/2019 at 9:41 AM, dmiranda said:

Looking around the page below (I use fileoptimizer every now and then), saw this thing:

https://nikkhokkho.sourceforge.io/static.php?page=PatchPE

Supposedly, " PatchPE is a patcher for PE executable headers, that could make them compatible with older versions of Windows. Additionaly it enables LAA (Large Address Aware) attribute to the EXE, so it can take advantage of allocating more than 2 GB. of physical memory. Recent linkers, use to add latest versions on the headers, so, you can find programs that are marked to work only on Windows 10, but once patched, they can work in Windows XP, or even 2000 or NT."

Has anybody tried it?
 

OK, I have jush finished to test PatchPE 1.30 (why not version 1.31, see below) with hexdump for Windows https://www.di-mgt.com.au/hexdump-for-windows.html

By default, hexdump doesn't works on XP:

1.jpg.cd71bde0dd83c7c664234b61c46bcbef.jpg

So, I have patched hexdump with PatchPE 1.30 and that's works :w00t::

2.thumb.jpg.ef3283179aac399d2b38280f8a7edce2.jpg

I have used version 1.30 because version 1.31 doesn't works on XP ! :wacko:

3.jpg.d2a94b0f477916aeaae6bf69af13b2c0.jpg

BUT, if you want, you can patch PatchPE 1.31 with PatchPE 1.30 and it will works again on XP :blink::

4.thumb.jpg.352abab14f8e2e167746dd0a4c4a8e73.jpg

5.thumb.jpg.4cb8c7a92b93eaf99bb2d5bd5ab0aa9a.jpg

There is only one disavantage with the version 1.31, now PatchPE need a computer that's support SSE2. It is not the case with the version 1.30.

 

It seems that PatchPE can be useful in some situations. :w00t:

Edited by genieautravail
  • Like 2
  • Upvote 1

Share this post


Link to post
Share on other sites
3 hours ago, genieautravail said:

I have used version 1.30 because version 1.31 doesn't works on XP ! :wacko:

3.jpg.d2a94b0f477916aeaae6bf69af13b2c0.jpg

BUT, if you want, you can patch PatchPE 1.31 with PatchPE 1.30 and it will works again on XP :blink::

xzibit-happy.jpg

Share this post


Link to post
Share on other sites
Posted (edited)

Sure, fine, you can use that, but why don't you just use xompie as you can automatise it through a bat and it's not only gonna replace the header but it's also gonna try to relink the programme to use a patched version of kernelxp.dll in order to redirect calls that have a different name but that can still work with the XP implementation of them thus increasing your chances of getting programmes to work? Xompie has been available for years now...

Edited by FranceBB

Share this post


Link to post
Share on other sites
6 hours ago, FranceBB said:

Sure, fine, you can use that, but why don't you just use xompie as you can automatise it through a bat and it's not only gonna replace the header but it's also gonna try to relink the programme to use a patched version of kernelxp.dll in order to redirect calls that have a different name but that can still work with the XP implementation of them thus increasing your chances of getting programmes to work? Xompie has been available for years now...

Perhaps more simple to use, especially with command line tools.

I Use a lot of them for my scripts. :hello:

Share this post


Link to post
Share on other sites
Posted (edited)
On 1/3/2020 at 11:17 AM, FranceBB said:

Sure, fine, you can use that, but why don't you just use xompie

that tool from github contains a trojan. why don't github files get scanned ?

 

 

trojan.png

 

avast1.png

Edited by caliber

Share this post


Link to post
Share on other sites
1 hour ago, caliber said:

that tool from github contains a trojan. why don't github files get scanned ?

 

 

trojan.png

 

avast1.png

False positive. I'm pretty sure that if you scan the file in virustotal, the positives will significantly outweight the negatives.

Share this post


Link to post
Share on other sites
Posted (edited)
17 hours ago, IntMD said:

False positive. I'm pretty sure

a false positive should not infect Windows whatsoever.

this trojan makes firefox based browsers @roytam1 almost unusable unless you delete the profile folder or start them in safe mode.

then you run the anti virus to clean up the trojan ET VOILÀ ! problem solved.

Edited by caliber

Share this post


Link to post
Share on other sites
Posted (edited)
56 minutes ago, caliber said:

a false positive should not infect Windows whatsoever.

this trojan makes firefox based browsers @roytam1 almost unusable unless you delete the profile folder or start them in safe mode.

then you run the anti virus to clean up the trojan ET VOILÀ ! problem solved.

Are you sure that it's Xompie itself that wrecks it up instead of something else that might cause any incompatibility? The author of this project has been in this community for at least 10 years, so those are bold accusations. (also have you tested it on a clean profile before installing xompie? I'm not aware of anything that might mess with firefox or roytam's browsers). Also the source code is on github, so anybody can review it for any malware behavior, and so far nobody has said about it being malware. Have you used the latest master build (clone the repo, save as zip, launch the install cmd), whether this happens with that too?

Remind you that Malware.Gen and other Artemis detections may happen to be false positives, so be sure that what you say is really true.

I'll let these virustotal results be posted to research 'em (not just look at the summary results):

https://www.virustotal.com/gui/file/24f612ee3e13fdb5cd3273159e49a9072ae4cc330fb473e633224f19f5ce6d01/detection - Xompie 0.6a (23/69 = ~33%)

https://www.virustotal.com/gui/file/7505068ee4fe4a7d809b84271494201aa2b1c353ec302dfd58bfb743b104daac/detection - Xompie master build (zip clone repo from github) (19/64 = ~29-30%)

I've scanned these files with Windows Defender/Security in Windows 10 1909 (18363.535) with latest definitions, and it hasn't detected anything.

Edited by IntMD

Share this post


Link to post
Share on other sites

This program patches other programs, making changes to them, of course, some antiviruses can regard this as a virus. Kaspersky with the current base does not detect anything.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...