Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hello, I have tried your tools without success in general. #27 #28

Open
LordGarfio opened this issue Jun 5, 2024 · 12 comments
Open

Hello, I have tried your tools without success in general. #27 #28

LordGarfio opened this issue Jun 5, 2024 · 12 comments

Comments

@LordGarfio
Copy link 

          Hello, I have tried your tools without success in general.

· vista2xp v0.8.4 by katahiromz.
· vista2xp v0.8.3 by katahiromz.
· vista2xp v0.8.2 by katahiromz.

RegDeleteKeyExW ERROR:
ImgDrive v2.1.8 FREEWARE PORTABLE by www.yubsoft.com/imgdrive do not works still.
RegDeleteKeyExW ERROR:
ImgDrive v2 1 8 XP

Direct Folders v4.2 Freeware Installer and TeraCopy Pro v3.17 Freeware Installer by Code Sector which is using Advanced Installer v21.1.x from www.caphyon.com.
CreateEventExW ERROR:
Direct Folders v4 2 Free Installer
TeraCopy Pro v3 17 Free Installer

FastCopy v5.7.12 ERROR:
FastCopy x32 v5 7 12 XP

FastCopy v5.7.12 FREEWARE by fastcopy.jp With Vista-to-XP application converter, WORKS very good.
FastCopy x32 v5 7 12 XP works

Thank you in advanced.

Originally posted by @LordGarfio in #27 (comment)
@katahiromz
Copy link
Owner

katahiromz commented Jun 6, 2024 via email

@LordGarfio
Copy link
Author

ImgDrive v2.1.8 Portable, still does not work. I see that the problem is in the conversion of the ADVAPI32.DLL.RegDeleteKeyExW function.

imgdrive exe

Below, I leave you a list of files in which your v2xadv32.dll library is not available after the conversion, and that using vista2xp v0.8.5 by katahiromz:

language
vista2xp-0.8.5-bin
Vista2XP-Backup
x86
imgdrive.cat
imgdrive.dll
imgdrive.exe
imgdrive.inf
v2xker32.dll
v2xol.dll

vista2xp v0 8 5 by katahiromz

Why v2xol.dll library ?.

ImgDrive FREEWARE Downloads:
https://download.yubsoft.com/imgdrive_2.1.8.exe
https://download.yubsoft.com/imgdrive_2.1.8_portable.zip

On the other hand, TeraCopy Pro v3.17 Installer (teracopy.exe) and Direct Folders v4.2 Installer (directfolders.exe), now require another API: GetFinalPathNameByHandleW. from v2xker32.dll

teracopy exe
directfolders exe

Cheers.

@katahiromz
Copy link
Owner

Done.

@LordGarfio
Copy link
Author

LordGarfio commented Jun 7, 2024
edited

vista2xp v0.8.6 has a problem during the convertion of ImgDrive, do not works, it crashes like this:

vista2xp-0 8 6-bin error1
vista2xp-0 8 6-bin error2
vista2xp-0 8 6-bin error3

I see that the Kernel32.InitializeCriticalSectionEx function will be supported in vista2xp v0.8.7.

directfolders_InitializeCriticalSectionEx
teracopy_InitializeCriticalSectionEx

;-)

@katahiromz
Copy link
Owner

Fixed.

@LordGarfio
Copy link
Author

¡Nice Hook! Now ImgDrive v2.1.8 is loading with surprise:

imgdrive exe 2 1 8 works

Now Kernel32.Wow64DisableWow64FsRedirection is now required.

directfolders exe WoW64
teracopy exe WoW64

Wow64DisableWow64FsRedirection API reminded me the case of ExeInfoPE by ASL, here: ExeinfoASL/ASL#9

Thank you.

@LordGarfio
Copy link
Author

LordGarfio commented Jun 7, 2024
edited by katahiromz

Addional Information by the way

DriveImg do the next checks:

  1. Return: 0x00050001 on Windows XP at 00422081 | call dword ptr ds:[<kernel32.GetNativeSystemInfo>].
  2. Return: Zero on Windows XP and 6.1 was checked.at 004220C4 | call dword ptr ds:[<v2xker32.GetVersionExW>].
  3. Returned Zero:GetProcessAddress wintrust.CryptCATAdminAcquireContext2 (SHA-2 update support patches is missing).

https://yubsoft.com/imgdrive/windows-7-updates-for-sha-2-support.html

ImgDrive cannot be installed on Microsoft Windows 7 and Microsoft Windows Server 2008 R2 if the following updates are not installed:

KB4490628 (update from 12 march 2019);
KB4474419 (update from 23 september 2019).

Installation error occurs as a result of Microsoft having updated the algorithm for signing modules and drivers of third-party applications. Now modules and drivers of third-party applications are signed using SHA256 hashing algorithm. You need to install updates for KB4490628 and KB4474419, so that ImgDrive modules and drivers could be signed using SHA256 hashing algorithm.

And SHA is supported in an updated BCRYPT.DLL:
https://github.com/Blaukovitch/bcrypt-XP

Windows XP bcrypt.dll - Cryptography API Next Generation (CNG)

Supporting small set of CNG API (https://learn.microsoft.com/en-us/windows/win32/seccng/cng-portal)

support crypto context - only HASH:

BCRYPT_SHA1_ALGORITHM
BCRYPT_MD5_ALGORITHM
BCRYPT_RNG_ALGORITHM
BCRYPT_SHA256_ALGORITHM
BCRYPT_SHA384_ALGORITHM
BCRYPT_SHA512_ALGORITHM
BCRYPT_ECDSA_P256_ALGORITHM
BCRYPT_ECDSA_P384_ALGORITHM

with HMAC

hash API available:

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptGenRandom
BCryptHashData
BCryptOpenAlgorithmProvider

Cheers.

@katahiromz
Copy link
Owner

image
I see.

@LordGarfio
Copy link
Author

I see that ImgDrive uses the imgdrive.sys driver.

I am not clear if Vista2XP is enough to perform the Trampoline.

I have seen another project called NTOSKRNL_Emu - Library of missed NTOSKRNL import functions: https://github.com/GeorgeK1ng/NTOSKRNL_Emu.

I hope you find it useful to improve Vista2XP.

@katahiromz
Copy link
Owner

Wow64DisableWow64FsRedirection is added.

@LordGarfio
Copy link
Author

LordGarfio commented Jun 14, 2024
edited

Code Sector Direct Folders v4.2 (directfolders.exe).
Code Sector TeraCopy Pro v3.17 (teracopy.exe).

I have seen that it is need implement some APIs more for above installers (Advanced Installer v21.1.x from www.caphyon.com.).

  1. LCMapStringEx is missing.
  2. CompareStringEx is there.
  3. GetLocaleInfoEx and ReOpenFile by the way is missing too.

LCMapStringEx:
directfolders exe_LCMapStringEx_1
directfolders exe_LCMapStringEx_2

LCMapStringEx HACK did not work (it explodes):
directfolders exe_LCMapStringEx_1_HACK
directfolders exe_LCMapStringEx_2_HACK

CompareStringEx is good:
directfolders exe_CompareStringEx_1
directfolders exe_CompareStringEx_2

Dependency Walker v2.2.6000
directfolders exe_Kernel32_DW
directfolders exe_User32_DW
directfolders exe_UXTheme_DW

Sincerely, I no longer know if the trampolines are possible for these cases.

Cheers.

@LordGarfio
Copy link
Author

VISTA2XP v0.8.8 has processing errors

WinRAR v7.01 - Bad patching using vista2xp v0.8.8

I comment you that Vista2XP on WinRAR v7.01, patches the wrong libraries on WinRAR.exe and RarExt.dll with ole32.dll instead of advapi32.dll which would be the correct one. A hand-corrected image is shown below.

[7 missing functions in KERNEL32]
WRAR-x32-701-kernel32

[Now, only 3 functions are missing in KERNEL32 by using vista2xp]
WRAR-x32-701-v2xker32 dll

[OLE32.DLL (v2xol.dll) was patched instead of ADVAPI32.DLL], it is an error
WRAR-x32-701-v2xol dll

[ADVAPI32 FIXED (v2xadv32.dll instead of v2xol.dll) by hand]
WRAR-x32-701-v2xadv32 dll

[COMCTL32.DLL Only Ordinal 381d / 17Dh is present, No Hint, No Function Name]
WRAR-x32-701-ComCTL32 DLL

[LATEST COMCTL32.DLL RELEASE BY MICROSOFT]:
SECURITY UPDATE FOR WINDOWS XP SP3, EMBEDDED AND POSREADY 2009 (KB2296011)

COMCTL32.DLL v5.82.2900.6028 Direct Downloads for Security Update for Windows XP Embedded (KB2296011)
https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2010/09/windowsxp-kb2296011-x86-custom-enu_29b33ff228ac6b2e6f088a295bf549a35d0f0746.exe

COMCTL32.DLL v5.82.2900.6028 Direct Downloads for Security Update for Windows XP SP3 (KB2296011)
https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2010/09/windowsxp-kb2296011-x86-enu_95ff937b7a8443ddb8ae0579da94690ac3a85d0d.exe

Direct Downloads for WinRAR v7.01 Installers:
https://www.rarlab.com/rar/winrar-x32-701.exe
https://www.rarlab.com/rar/winrar-x32-701jp.exe
https://www.rarlab.com/rar/winrar-x32-701es.exe

Next, I write the missing functions from WINRAR.EXE, RAREXT.DLL, WINCON32.SFX, DEFAULT32.SFX, ZIP32.SFX (All missing functions are the same):

WINRAR.EXE
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_InDllMainContext
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_SetRedirectRegistryForThread
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Initialize
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Uninitialize
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_GetOriginatingThreadId
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCloseHandle
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSetParameter
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSubmit
WinRAR.exe -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCreate
WinRAR.exe -> SHELL32.DLL -> EFSADU.DLL -> EfsDetail
WinRAR.exe -> SHLWAPI.DLL -> MPR.DLL -> WNetRestoreConnectionA

RAREXT.DLL
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_InDllMainContext
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_SetRedirectRegistryForThread
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Initialize
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Uninitialize
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_GetOriginatingThreadId
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCloseHandle
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSetParameter
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSubmit
RarExt.dll -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCreate
RarExt.dll -> SHELL32.DLL -> EFSADU.DLL -> EfsDetail
RarExt.dll -> SHLWAPI.DLL -> MPR.DLL -> WNetRestoreConnectionA

WINCON32.SFX
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_InDllMainContext
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_SetRedirectRegistryForThread
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Initialize
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Uninitialize
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_GetOriginatingThreadId
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCloseHandle
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSetParameter
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSubmit
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCreate
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHELL32.DLL -> EFSADU.DLL -> EfsDetail
WinCon32.sfx -> ADVAPI32.DLL -> SECUR32.DLL -> NETAPI32.DLL -> DNSAPI.DLL -> IPHLPAPI.DLL -> MPRAPI.DLL -> SETUPAPI.DLL -> SHLWAPI.DLL -> MPR.DLL -> WNetRestoreConnectionA

DEFAULT32.SFX
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_InDllMainContext
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_SetRedirectRegistryForThread
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Initialize
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Uninitialize
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_GetOriginatingThreadId
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCloseHandle
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSetParameter
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSubmit
Default32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCreate
Default32.sfx -> SHELL32.DLL -> EFSADU.DLL -> EfsDetail
Default32.sfx -> SHLWAPI.DLL -> MPR.DLL -> WNetRestoreConnectionA

ZIP32.SFX
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_InDllMainContext
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_SetRedirectRegistryForThread
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Initialize
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_Uninitialize
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> IESHIMS.DLL -> IEShims_GetOriginatingThreadId
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCloseHandle
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSetParameter
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportSubmit
Zip32.sfx -> SHELL32.DLL -> SHDOCVW.DLL -> MSHTML.DLL -> IEFRAME.DLL -> WER.DLL -> WerReportCreate
Zip32.sfx -> SHELL32.DLL -> EFSADU.DLL -> EfsDetail
Zip32.sfx -> SHLWAPI.DLL -> MPR.DLL -> WNetRestoreConnectionA

UFS EXPLORER DATA RECOVERY v10.5 - Fake patching using vista2xp v0.8.8

I also comment you that sometimes Vista2XP does not patch some targets even if the successful message is issued (ufs-explorer-pro.exe), for example:

UFS v10.5.0.7027 Aplication (ufs-explorer-pro.exe v10.5.0.7027)..
UFS v10.5.0.7044 Installer (MD5SUM: e072dc32987a78c5faa4210224ff32b6 *ufsxpci.exe) and Program that is packed (MD5: b746e3795bc09ca59c41a81abf988547 *ufs-explorer-pro.exe)..
UFS v10.5.0.7027 Installer (MD5SUM: dcfe651aec216e9f697079bbd0567c3f *ufsxpci10.5.exe) and Program (MD5: c7be7252522c8fdc9d854ae799d87865 *ufs-explorer-pro.exe).

[15 missing functions in KERNEL32]
UFS v10 5 0 7027 Kernel32 dll

[Now, only 4 functions are missing in KERNEL32]
UFS v10 5 0 7027 v2xker32 dll

[Missing function PowerReadFrienlyName in POWRPROF.DLL]
UFS v10 5 0 7027 POWRPROF DLL

Direct Download for UFS Data Recovery v10.5 Build 7027 Installer:
https://www.upload.ee/files/16767700/ufsxpci10.5.exe.html

Direct Download for UFS Data Recovery v10.5 Build 7044 Installer:
https://www.sysdevlabs.com/download/hist/ufsx/10.5/ufsxpci.exe

Too much thank you Mr. katahiromz.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@katahiromz @LordGarfio