Jump to content

Possible to Spoof XP x64 SP2 to report SP3?


Recommended Posts

Has anyone here tried spoofing XP x64 SP2 to report SP3? I've encountered an issue with a program that defines XP SP3 as the minimum requirement for operation under XP. It makes no distinction that no SP3 exists for x64 XP (which should be defined as a BUG, but most of you here know how such people react and the response you will generally get if you criticize something that doesn't work properly on an older system), and demands an update to Vista in order to run under an x64 OS.

I turned up some pages with Google that discussed spoofing x86 SP2 to SP3, but the values in the given registry locations did not match the original x86 values under x64. :unsure:

Link to comment
Share on other sites


On x86 it is AFAICR :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

CSDVersion=300 (instead of the 200 that SP2 has)

No idea what x64 has, but probably - even if it is elsewhere - the REG_DWORD will anyway be called CSDVersion? :unsure:

jaclaz

Link to comment
Share on other sites

15 hours ago, jaclaz said:

On x86 it is AFAICR :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

CSDVersion=300 (instead of the 200 that SP2 has)

No idea what x64 has, but probably - even if it is elsewhere - the REG_DWORD will anyway be called CSDVersion? :unsure:

jaclaz

Apparently I wasn't reading too clearly when I examined my registry. :blink:
I'm not sure what happened, but the x86 and x64 values do indeed match at that location. :blushing:
These locations use the same "200" value in a DWORD format.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Windows

Also, at these locations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion
x64 has "Service Pack 2" as a string value.

I suppose it's trial and error now to see if changing these will circumvent the problem... Thanks! :thumbup

 

11 hours ago, dencorso said:

Well, if your problem is just to install one or more program, @blackwingcat's version spoofer might be the best option, and it should be worth a try, in any case. Here's it: fcwin2k :)

I wish it were that simple. The program (a game I play infrequently) is already installed, and previously worked until they decided to change the base minimum specs and pushed an update that broke things. Not even sure this will cure the problem, as there is no error thrown, but it seemed like a good place to start since they specifically changed the  prerequisites. :}

Link to comment
Share on other sites

The issue may be that some programs (rightly) check the:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

(the ControlSet in use can be found in the HKEY_LOCAL_MACHINE\SYSTEM\Select key)

While some check (wrongly) the string at (either):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion

and possibly some check both.

So changing the value or the string (or both) may be needed :unsure:

jaclaz

 

Edited by jaclaz
Link to comment
Share on other sites

You may want to run a trace on the program to see if it actually uses the registry to determine Service Pack level, or if it uses something else.

I had a similar issue in the past concerning iTunes but was not able to determine a method to easily fool the program. It used some method other than reading the registry or the version of a particular file. I ended up not solving the issue, ending up with a broken iTunes... :blushing:

Link to comment
Share on other sites

On 7/11/2018 at 5:30 AM, jaclaz said:

The issue may be that some programs (rightly) check the:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

(the ControlSet in use can be found in the HKEY_LOCAL_MACHINE\SYSTEM\Select key)

While some check (wrongly) the string at (either):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion

and possibly some check both.

So changing the value or the string (or both) may be needed :unsure:

jaclaz

 

Changing all of these locations unfortunately didn't help. :}

I assume, as Trip mentions, that something else is used to determine the Service Pack level or there is some other problem causing the game to fail silently.

On 7/11/2018 at 9:20 AM, Tripredacus said:

You may want to run a trace on the program to see if it actually uses the registry to determine Service Pack level, or if it uses something else.

I had a similar issue in the past concerning iTunes but was not able to determine a method to easily fool the program. It used some method other than reading the registry or the version of a particular file. I ended up not solving the issue, ending up with a broken iTunes... :blushing:

Any suggestions for running such a trace?

I've also encountered other XP x64 specific issues before that I keep meaning to find solutions to but there never seems to be enough time to spend on it. :wacko:
The most annoying example so far besides this current one involves HP Printer driver packages that provide XP x86 drivers and Server 2003 x86/x64 drivers but contains a specific artificial block against XP x64. Manually unpacking the drivers and trying to manually install any of the files for those other three systems fails to produce a working printer.

 ~

Backing up a bit to provide more info and add what else I have learned so far; I started this topic thinking that a simple SP level spoof would cure the problem because at that time I had yet to encounter anything else (other than the deliberate printer exclusion) that works on XP x86 SP3 that failed to work under XP x64 SP2.

The game in question is League of Legends, and at least as of fall of last year it was working properly under XP x64 SP2 despite an occasional nag screen about updating to SP3. Hadn't played the game since then, and now it's broken.

The game uses at least two .EXE files, one for player interaction, matchmaking, and other game content; and the other for the actual game itself. (They have been pushing a "new client" program for a while now and have now made it mandatory; I assume this is probably involved in the problem, but it's not perfectly clear which "client" EXE is changed or both.) The first of these two EXE's still works fine. The second, the game client, fails silently when a game is launched from the first "interaction" client. The EXE is listed as a running process in the Task Manager, but nothing happens. This process has to be killed manually, which will then cause the "interaction" client to reload and report that the game is in progress and give the option to rejoin it. Doing so reenters the same loop.

I examined the offending game client EXE file with Dependency Walker. Three delay-loaded dependencies are listed as missing. Two of these are in IESHIMS.DLL and WER.DLL; which according to everything I can find with Google are irrelevant for Windows XP and programs reporting these dependencies are "expected" to be intelligent enough to not use these functions under XP. Searched for these files anyway and ended up on a long wild goose chase to nowhere. I suppose one could rob them from Vista or 7 if necessary; but I doubt this is the issue. The third missing dependency is in DEVMGR.DLL. Pulled a copy of this file from XP x86 SP3 and dropped it into the game folder. No joy here (this was with the reg spoof above still in place as well).

After all of this failed to work, I wondered if it might be video hardware related since the machine I was using had a somewhat "older" video card. Loaded the game on my Core i7/X79 chipset/GTX980 system and had the exact same problem under XP x64 SP2. Set up XP x86 SP3 on this system and the game runs perfectly fine (with some annoying crashes from time to time, but I'll wager they have not been spending much time properly debugging under XP anyhow).

So, the game does in fact still work under XP x86 SP3. Somewhere along the way a difference between it and XP x64 SP2 has become an issue.

Link to comment
Share on other sites

You can see what the program is doing by using Process Monitor. Open ProcMon, add the process names to the filte, then you start monitoring and then run your program that generates the error. As soon as the error appears, stop the monitor.

If this is the first time you are running ProcMon, sometimes it will start as soon as you open and/or accept the EULA. In that case, stop the monitor, then clear the log, then add the things to the filter. If there are no leads from that, you may want to enable the advanced output (under Filter).

However, using ProcMon may be a problem concerning some games. It may be useful enough for detecting an OS check error, but some games have DRM that will not run if ProcMon is active, or has been run at some point during the current Explorer session. Something I ran into when trying to debug NHL 08 many moons ago. So there is the potential to get an altogether different error when trying to run the game, if that game has any detection response to programs like that.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...