Tihiy Posted April 10, 2005 Share Posted April 10, 2005 Yes... That stupid bug that wasn't actually critical for 9x/ME is closed now. By me. Without lockups or something like.It was already fixed in 98 Revolutions Pack, but i've separated fix from it and proud to release it here. Spread it worldwide.Download(do not link directly please!!!)Gape: notice that it's 98 user32.dll 4.10.0.2231 version hacked; it's version changed to 4.10.0.2232 to supress errors after installation.USER.EXE remains unchanged; it's included only for user32.dll compatibility.If you will include it to Service Pack (hope so), note that Windows won't work propertly without Ti891711.DLL.Revolutions Pack users: you don't need that update. Link to comment Share on other sites More sharing options...
Acheron Posted April 10, 2005 Share Posted April 10, 2005 Nice one. Gonna test it for use with Dutch SP Link to comment Share on other sites More sharing options...
Tihiy Posted April 11, 2005 Author Share Posted April 11, 2005 Silently updated it to add qfecheck entries for compatibility with original hotfix. Link to comment Share on other sites More sharing options...
erpdude8 Posted April 11, 2005 Share Posted April 11, 2005 Silently updated it to add qfecheck entries for compatibility with original hotfix. <{POST_SNAPBACK}>Too bad it's for W98SE only since you modified the user32.dll file to v4.10.2232.I will use this ONLY under a Win98se system.As for the W98fe and WME machines that I have, I'll just wait for revised KB891711 patches to be posted by Microsoft. The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows. Link to comment Share on other sites More sharing options...
Tihiy Posted April 11, 2005 Author Share Posted April 11, 2005 The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows.Have you tested? Link to comment Share on other sites More sharing options...
jasinwa Posted April 12, 2005 Share Posted April 12, 2005 As for the W98fe and ...without risking sounding too dumb... what is 98fe (hay, gotta learn somewhere)? Link to comment Share on other sites More sharing options...
Sonict Posted April 12, 2005 Share Posted April 12, 2005 FE : First Edition Link to comment Share on other sites More sharing options...
Gape Posted April 12, 2005 Share Posted April 12, 2005 Good job, Tihiy.But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK? Link to comment Share on other sites More sharing options...
Tihiy Posted April 12, 2005 Author Share Posted April 12, 2005 Good job, Tihiy.But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK?Of course. How can I do not care about RP users?!That version will simply have no effect if installed on Revolutions Pack. Link to comment Share on other sites More sharing options...
Gape Posted April 12, 2005 Share Posted April 12, 2005 Of course. How can I do not care about RP users?!That version will simply have no effect if installed on Revolutions Pack.<{POST_SNAPBACK}> You're right. Link to comment Share on other sites More sharing options...
mr_bumbles Posted April 12, 2005 Share Posted April 12, 2005 Hi Tihiy,It looks like there is a fix from Windows Update for this. It came out today. I downloaded it a few minutes ago and rebooted. It looks like it is no longer running as a service. It still shows up in Add/Remove Programs, but not in the Task Manager as it did before.bUMBLES Link to comment Share on other sites More sharing options...
Tihiy Posted April 12, 2005 Author Share Posted April 12, 2005 Yeah, looks like they released new version.But seems it still present as [hidden] task! (Maybe check msconfig?)Somebody tested? [i'm still thinking my version is better] Link to comment Share on other sites More sharing options...
Acheron Posted April 12, 2005 Share Posted April 12, 2005 Tihiy. How do you know your patch is working? Simply copy-past hexcode will not do the trick I guess Did you test it?BTW, if Microsoft's new patch solves the issue I'll stick with that one for Dutch SP. Link to comment Share on other sites More sharing options...
Tihiy Posted April 12, 2005 Author Share Posted April 12, 2005 Simple. I've just read technical CAN buletin mentioned in article.It says integer overflow occurs in LoadImage() function when dwResSize value (4-bit) exceeds maximal word (2-bit) value. If dwResSize will be ~FFFFFFFF (-1) then malicious code can be executed.So, hacked version of user32.dll has patched import table which LoadImage() points to loader written in "unused" space. It loads Ti......DLL and gives it control.Check function in Ti......DLL opens icon file and checks if dwResSize>maximal word value. If it is, function fails (so virus won't be executed). If it does not, it transfers control to User32.dll original LoadImage() pointer hardcoded.[if i had Windows sources i believe it's just 1 line of code to addBut, because Win9x developer team is killed, ( ) stupid NT developers trying to write a 16-bit memory hook which do the same, but:- It will consume 16-bit handles, bad- It won't protect machine until loaded- When unloaded, will crush everything]So... if ^^ that was you wanted ? As I as said before, this update isn't critical.AND MY UPDATE SHOULD BE TESTED WELL IF WILL BE INCLUDED SOMEWHERE. Link to comment Share on other sites More sharing options...
mr_bumbles Posted April 12, 2005 Share Posted April 12, 2005 Yeah, looks like they released new version.But seems it still present as [hidden]task! (Maybe check msconfig?)Somebody tested? [i'm still thinking my version is better]It does show up in MSConfig as KB891711 in C:\windows\system\KB891711\KB891711.exeIt seems to be running fine on the 3 machines here at work that I updated a couple of hours ago. Although to be honest, we never really had problems with the original update.Tihy,When I get home for work, I will post about my experience with your update.BumBlEs Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now