Jump to content

Changing XP x64's major and minor version?

doldolekim

By doldolekim
in Windows XP

 Share

Recommended Posts

doldolekim

doldolekim

Posted
Posted

If you want change 2000, XP x86's version and build number, use imagecfg! for Longhorn, modify ntoskrnl or ntkr**** via hex editor. (follow this guide!)

But in case of XP x64, imagecfg doesn't work and I can't find where major and minor are in ntoskrnl..

 

Does anyone know where they are? I was able to find build number in ntoskrnl, so version is 5.2.2600 now

KakaoTalk_20230515_195419617.thumb.png.be9324637dc0090bbd389b7dba79ee77.png


doldolekim

doldolekim

Posted
  • Author
Posted (edited)
Quote

Whats exactly your goal?

Changing minor version.

+ Purpose is testing compatiblity

Edited by doldolekim
win32

win32

Posted
Posted

Look in ntos' RtlGetVersion. It's either hardcoded in there (Vista+) or it references the global variables that store the major and minor versions (XP x64, I'm almost certain).

1
George King

George King

Posted
Posted

Changing build for what test exactly? Compatibility of what exactly?

 

If you want to lie for certain app, use Application Verifier. Otherwise build could be changed using hacking kernel32.dll If I remember correctly. Also If you just want to display different build in WinVer dialog, it can be done by registry 

doldolekim

doldolekim

Posted
  • Author
Posted (edited)
1 hour ago, win32 said:

Look in ntos' RtlGetVersion. It's either hardcoded in there (Vista+) or it references the global variables that store the major and minor versions (XP x64, I'm almost certain).

I modified RtlGetVersion and PsGetVersion both, but version is still 5.2

idatest.thumb.png.b04cdeadc6c7921e157f54e5aa1335c0.png

Edited by doldolekim
win32

win32

Posted
Posted

So XP x64 doesn't have the global variables that store the major/minor versions after all (WRK does). In that event, you should look for MmCreatePeb or a similarly named function; this will provide the values that are fed to user mode version functions. You can also modify ntdll's RtlGetVersion or "intercept" kernel32's GetVersionExW.

2
doldolekim

doldolekim

Posted
  • Author
Posted (edited)
1 hour ago, win32 said:

So XP x64 doesn't have the global variables that store the major/minor versions after all (WRK does). In that event, you should look for MmCreatePeb or a similarly named function; this will provide the values that are fed to user mode version functions. You can also modify ntdll's RtlGetVersion or "intercept" kernel32's GetVersionExW.

Thank you so much!! I found major and minor near MmCreatePeb function

idatest2.thumb.png.f0c59e8b4660d70e6f531104cb24e04a.png

image.png.dc859b3cc60792e0a582f9a87b028176.png

Edited by doldolekim

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...