doldolekim Posted May 16, 2023 Share Posted May 16, 2023 If you want change 2000, XP x86's version and build number, use imagecfg! for Longhorn, modify ntoskrnl or ntkr**** via hex editor. (follow this guide!) But in case of XP x64, imagecfg doesn't work and I can't find where major and minor are in ntoskrnl.. Does anyone know where they are? I was able to find build number in ntoskrnl, so version is 5.2.2600 now Link to comment Share on other sites More sharing options...
George King Posted May 16, 2023 Share Posted May 16, 2023 Whats exactly your goal? Link to comment Share on other sites More sharing options...
doldolekim Posted May 16, 2023 Author Share Posted May 16, 2023 (edited) Quote Whats exactly your goal? Changing minor version. + Purpose is testing compatiblity Edited May 17, 2023 by doldolekim Link to comment Share on other sites More sharing options...
win32 Posted May 17, 2023 Share Posted May 17, 2023 Look in ntos' RtlGetVersion. It's either hardcoded in there (Vista+) or it references the global variables that store the major and minor versions (XP x64, I'm almost certain). 1 Link to comment Share on other sites More sharing options...
George King Posted May 17, 2023 Share Posted May 17, 2023 Changing build for what test exactly? Compatibility of what exactly? If you want to lie for certain app, use Application Verifier. Otherwise build could be changed using hacking kernel32.dll If I remember correctly. Also If you just want to display different build in WinVer dialog, it can be done by registry Link to comment Share on other sites More sharing options...
doldolekim Posted May 17, 2023 Author Share Posted May 17, 2023 (edited) 1 hour ago, win32 said: Look in ntos' RtlGetVersion. It's either hardcoded in there (Vista+) or it references the global variables that store the major and minor versions (XP x64, I'm almost certain). I modified RtlGetVersion and PsGetVersion both, but version is still 5.2 Edited May 17, 2023 by doldolekim Link to comment Share on other sites More sharing options...
win32 Posted May 17, 2023 Share Posted May 17, 2023 So XP x64 doesn't have the global variables that store the major/minor versions after all (WRK does). In that event, you should look for MmCreatePeb or a similarly named function; this will provide the values that are fed to user mode version functions. You can also modify ntdll's RtlGetVersion or "intercept" kernel32's GetVersionExW. 2 Link to comment Share on other sites More sharing options...
doldolekim Posted May 17, 2023 Author Share Posted May 17, 2023 (edited) 1 hour ago, win32 said: So XP x64 doesn't have the global variables that store the major/minor versions after all (WRK does). In that event, you should look for MmCreatePeb or a similarly named function; this will provide the values that are fed to user mode version functions. You can also modify ntdll's RtlGetVersion or "intercept" kernel32's GetVersionExW. Thank you so much!! I found major and minor near MmCreatePeb function Edited May 17, 2023 by doldolekim Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now