Jump to content

On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

Mcinwwl

By Mcinwwl
in Windows XP

 Share

Recommended Posts

D.Draker

D.Draker

Posted
Posted
20 hours ago, maile3241 said:

Hello @Dave-H have you tried this yet? http://i430vx.net/files/wsusstuff/NT5x/rootsupd.exe

This is the same Microsoft tool from here , just from another mirror.

https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/

For Root Certificate Update "rootsupd.exe" Microsoft download (http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe), unzip to a folder (eg with WinRAR), in "rootsupd.inf" entry in the string VERSION should "40,0,2195,0" loud and in VER "040" , In the next step,

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authroots.sst"

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/delroots.sst"

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/roots.sst"

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/updroots.sst" download and paste the unzipped folder and replace older files. Then with e.g. (Create Self-Extracting Archive) WinRAR all files in the folder to an archive option SFX with the following comment:

TempMode

Silent=1

Overwrite=1

Setup=Rundll32.exe advpack.dll,LaunchINFSection rootsupd.inf,DefaultInstall

pack and you have a current root certificate update!

Link to comment
Share on other sites

ExtremeGrief

ExtremeGrief

Posted
Posted
14 hours ago, D.Draker said:

This is the same Microsoft tool from here , just from another mirror.

https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/

For Root Certificate Update "rootsupd.exe" Microsoft download (http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe), unzip to a folder (eg with WinRAR), in "rootsupd.inf" entry in the string VERSION should "40,0,2195,0" loud and in VER "040" , In the next step,

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authroots.sst"

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/delroots.sst"

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/roots.sst"

"http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/updroots.sst" download and paste the unzipped folder and replace older files. Then with e.g. (Create Self-Extracting Archive) WinRAR all files in the folder to an archive option SFX with the following comment:

TempMode

Silent=1

Overwrite=1

Setup=Rundll32.exe advpack.dll,LaunchINFSection rootsupd.inf,DefaultInstall

pack and you have a current root certificate update!

You forgot disallowedcerts.sst

Link to comment
Share on other sites
maile3241

maile3241

Posted
Posted
15 hours ago, AstroSkipper said:

@maile3241 Have you already checked if at offset EC84 of your file this code 83F89D7508 matches? You always say the same but you give less information about what you have tried. Use an hexeditor like WinHex and look inside! If code matches then you can patch outside of system32 without any problems.

I think I found the problem. I have version 5.1.2600.5512 not 5.1.2600.3264. :blushing:

Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
On 1/23/2022 at 12:34 PM, maile3241 said:

I don't have EC84

@maile3241https://imgur.com/AqLdRes

Of course you have. In hexeditor all lines are arranged hexadecimal on left side. Find line 0000EC80 and then position (column) 4. Open your eyes! In your screenshot I can see the matching code. :whistle:

Edited by AstroSkipper
deletion
Link to comment
Share on other sites
maile3241

maile3241

Posted
Posted
28 minutes ago, AstroSkipper said:

@maile3241 Of course you have. In hexeditor all lines are arranged hexadecimal on left side. Find line 0000EC80 and then position (column) 4. Open your eyes! In your screenshot I can see the matching code. :whistle:

Thanks, found it. Can I just use the cursor to replace the values?

Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
11 minutes ago, maile3241 said:

Thanks, found it. Can I just use the cursor to replace the values?

@maile3241 Of course you can. Copy new code, mark this region with your mouse and paste new code, But do not change other bits. Check after patching if only these ten digits have changed. It's the most simple thing. :buehehe:

Edited by AstroSkipper
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted
16 minutes ago, maile3241 said:

I get an error message that the file is in use. I have already stopped the cryptographic service

@maile3241 I don't know what you are doing. I told you a lot of posts above you have to copy sfc_os.dll to another partition or folder. Windows may not have access to your file. Do not patch this file in folder system32 or system32\dllcache! Then copy your patched file first to system32\dllcache and then to system32.If it is blocked do it using linux or WinPE.

Link to comment
Share on other sites
maile3241

maile3241

Posted
Posted
17 minutes ago, AstroSkipper said:

@maile3241 I don't know what you are doing. I told you a lot of posts above you have to copy sfc_os.dll to another partition or folder. Windows may not have access to your file. Do not patch this file in folder system32 or system32\dllcache! Then copy your patched file first to system32\dllcache and then to system32.If it is blocked do it using linux or WinPE.

OK. I patched the file on the desktop. But I don't see any dllcache folder. I'm slowly giving up.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...