Win2K - Replacing Explorer.exe cab files problem

[rnd]

Hi,

Hopefully this is the right forum to post this in. I've tried Googling and searching for threads on checksum mismatches, but haven't been successful.

I'm trying to replace Explorer.exe for a custom Win2k installation, but makecab.exe doesn't seem to re-compress explorer to the original size.

The original (Win2k SP4) Explorer CAB file (EXPLORER.EX_) is 91.7 KB (93,929 bytes).

I'm just changing 3 bytes at $88EEh, $14E28h and $14E36h from 0x01 to 0x11. Which makes Windows 2000's system tray have 256 colors, instead of the original 16.

But when I try to recompress explorer.exe (same filesize), makecab.exe (Version 5.0.2147.1) makes it 8KB~ larger. Here's the output.

Microsoft (R) Cabinet Maker - Version 5.00.2134.1
Copyright (C) Microsoft Corp. 1981-1999.

  0.00% - raw=0  compressed=0
 13.46% - raw=32,768  compressed=20,645
 26.92% - raw=65,536  compressed=38,642
 40.38% - raw=98,304  compressed=57,786
 53.83% - raw=131,072  compressed=68,456
 67.29% - raw=163,840  compressed=74,228
 80.75% - raw=196,608  compressed=81,868
 94.21% - raw=229,376  compressed=93,723
100.00% - raw=243,472  compressed=102,025
** EXPLORER.EXE placed in cabinet EXPLORER.EX_(-1) on disk
100.00% [flushing current folder]

The new EXPLORER.EX_ is 99.7 KB (102,162 bytes).

So my question is this:

Does Windows 2000 installation check the filesize/crc32 checksum of each file before it tries to install them? If so, what file do I modify so that Win2k doesn't check this. Or how do I stop Windows from checking this altogether (like disabling SFC for example).

[rnd]

P.S: I just double checked the version after seeing "Microsoft ® Cabinet Maker - Version 5.00.2134.1", and it's definitely version 5.0.2147.1. So is the one in /system32. Perhaps the people who compiled makecab forgot to update that text.

[rnd]

Hmm, just came across the Microsoft Cabinet Software Development Kit, which has some pretty in-depth documentation.

Time to RTFM >:|

edit: After reading the cabsdk manuals, I feel that I'm "close" to where I need to be. But it's still a few hundred bytes off.

Has anyone come across issues like this before?

Original explorer.ex_

Listing of cabinet file 'explorer.cab' (size 93929):
   1 file(s), 1 folder(s), set ID 0, cabinet #0

File name                      File size     Date      Time   Attrs
-----------------------------  ---------- ---------- -------- -----
   explorer.exe                    243472 2003/06/19 12:05:04  -a--

Recompressed explorer.exe with lzx:15 compression

Listing of cabinet file 'explorer_lzx15.cab' (size 94723):
   1 file(s), 1 folder(s), set ID 0, cabinet #0

File name                      File size     Date      Time   Attrs
-----------------------------  ---------- ---------- -------- -----
   explorer.exe                    243472 2005/04/21 12:34:38  -a--

Recompressed explorer.exe with lzx:16 compression

Listing of cabinet file 'explorer_lzx16.cab' (size 93859):
   1 file(s), 1 folder(s), set ID 0, cabinet #0

File name                      File size     Date      Time   Attrs
-----------------------------  ---------- ---------- -------- -----
   explorer.exe                    243472 2005/04/21 12:34:38  -a--

So to achieve the correct filesize, I need to use a compression algorithm similar to LZX 15/16.

Has anyone had this problem, to save me re-inventing the wheel trying to find a solution? :/

I've also re-searched for info on 'cabarc', and am filtering through the results as I type this post.

[rnd]

* Cliff notes at the bottom for those who don't want to hear my ranting.

OK.

After extensive research, and some help w/ a friend who's good with a debugger. It appears that setupldr.exe (W2K setup file) [maybe] checks the version of various PE files (EXE/DLL/OCX/SYS/etc) against one in it's database (which I'm still yet to find), but if the version is newer. It copies it across with no problems.

This is an image of the original error I was getting:

I decided to try changing the version (stored in PE's resource [aka .rc] files) with Resource Hacker, by incrementing it by one. Effectively changing the version of Explorer.exe from 5.0.3700.6690 to 5.0.3700.6691, by replacing 4 instances of the version, then recompiling the resource file and saving the changes. (I didn't however check if you need to replace all 4 instances, so you might be able to get away with less).

Win2k then installed flawlessly, and I downloaded the 256ColorTrayTest application from Dr. Hoiby's homepage. The same site I originally got the correct offsets from to modify Explorer.exe. Which appeared to now have the results I originally desired.

Here's an example image of what Windows 2000 looks like with a 256 color system tray.

* Cliff notes:

- Discovered that setupldr.exe just gets expand.exe to extract everything from the CAB's (regardless of the form of compression used)

- Realized that setupldr.exe then checks the version located in the resource section of portable executables

- Updated the version of Explorer.exe, then compressed it with the command: CABARC.EXE -m LZX:21 n explorer.cab explorer.exe

- Renamed it to explorer.ex_ then built the ISO and installed Windows 2000

- Tested it w/ the older version to ensure it wasn't just the compression algorithm being used (which failed)

So uh, problem solved.

Others may have experienced this problem before (which I was unable to find documented anywhere), so perhaps this thread may be of help to some people.

nB: XP comes with 256 color system tray by default, but I prefer 2K.

[Bilou_Gateux]

As you can see in my signature, i'm still using 2K.

Thanks for sharing your eXPerience

Searching with google, i have found this thread on neowin.net forums that could be of some interest for 2K Users:

Change The Icons And Text On 2000 Desktop