is there a faster way and reliable way to get build numbers from older operating systems. 95-2000 I used to check the user.exe with a hex editor and it would get me a close idea but mostly had to install them. I have a few builds I want to upload but I want to verified there real first.
thanks
getting correct builds
getting correct builds
_________________________
_╔═╦╗______________ ╔═╗__
_║║║║______________ ╚╗║__
_║║║╠══╦╦╦╦══╦══╦═╗║║__
_║║║║║═╣║║║╔╗║║═╣╔╝║║__
_║║║║║═╣║║║║║║║═╣╚╦╝╚╗_
_╚╩═╩══╩══╩╝╚╩══╩═╩══╝_
__________________________
_╔═╦╗______________ ╔═╗__
_║║║║______________ ╚╗║__
_║║║╠══╦╦╦╦══╦══╦═╗║║__
_║║║║║═╣║║║╔╗║║═╣╔╝║║__
_║║║║║═╣║║║║║║║═╣╚╦╝╚╗_
_╚╩═╩══╩══╩╝╚╩══╩═╩══╝_
__________________________
- johnleakedfan
- Posts: 457
- Joined: Fri May 02, 2014 10:49 pm
- Location: Titans Tower, Jump City
Re: getting correct builds
Check the ntoskrnl.exe version number, its what other people do, I think you can find the build, not sure of you have to install it, I've never did
Last edited by johnleakedfan on Tue Jun 30, 2015 10:35 pm, edited 1 time in total.
Re: getting correct builds
I saw the tutorial on it but so many people were putting there 2 cents in wasn't sure. thanks again!
_________________________
_╔═╦╗______________ ╔═╗__
_║║║║______________ ╚╗║__
_║║║╠══╦╦╦╦══╦══╦═╗║║__
_║║║║║═╣║║║╔╗║║═╣╔╝║║__
_║║║║║═╣║║║║║║║═╣╚╦╝╚╗_
_╚╩═╩══╩══╩╝╚╩══╩═╩══╝_
__________________________
_╔═╦╗______________ ╔═╗__
_║║║║______________ ╚╗║__
_║║║╠══╦╦╦╦══╦══╦═╗║║__
_║║║║║═╣║║║╔╗║║═╣╔╝║║__
_║║║║║═╣║║║║║║║═╣╚╦╝╚╗_
_╚╩═╩══╩══╩╝╚╩══╩═╩══╝_
__________________________
-
The Distractor
Re: getting correct builds
for 9x use user.exe, for anything NT check ntoskrnl!NtBuildNumber
Re: getting correct builds
The Distractor is right, for NT you should check the function NtBuildNumber inside the ntoskrnl.exe, as the file itself didn't always have the same version as OS (mostly in NT 3.X IIRC).
No one mentioned Windows 3.x or earlier yet, though. From what I've gathered, pre-3.1 files don't even have version data, so you'll have to rely on what the OS itself, install media, etc. says. And Windows 3.1x is basically the same as 9x, checking USER.EXE is your best bet.
No one mentioned Windows 3.x or earlier yet, though. From what I've gathered, pre-3.1 files don't even have version data, so you'll have to rely on what the OS itself, install media, etc. says. And Windows 3.1x is basically the same as 9x, checking USER.EXE is your best bet.
All roads lead to Neptune™
KRNL386 - my site about retro computing | My site about Windows 1.0 | My blog | 86Box Manager | LeakDB - list of PC OS warez leaks
KRNL386 - my site about retro computing | My site about Windows 1.0 | My blog | 86Box Manager | LeakDB - list of PC OS warez leaks
-
Lukas Marsik
- Posts: 1268
- Joined: Thu Mar 29, 2012 4:14 pm
Re: getting correct builds
Another good one for 9X is command.com
Re: getting correct builds
How i can check this function?Overdoze wrote:The Distractor is right, for NT you should check the function NtBuildNumber inside the ntoskrnl.exe, as the file itself didn't always have the same version as OS (mostly in NT 3.X IIRC).
-
The Distractor
Re: getting correct builds
use IDA, or some other disassembler that resolves exports. CFF Explorer might work, but not sure.German wrote:How i can check this function?Overdoze wrote:The Distractor is right, for NT you should check the function NtBuildNumber inside the ntoskrnl.exe, as the file itself didn't always have the same version as OS (mostly in NT 3.X IIRC).
The top 8 bits of the DWORD is either 0xC for chk or 0xF for fre, the bottom 24 bits are the build number.
- os2fan2
- Donator
- Posts: 1394
- Joined: Sun Dec 30, 2007 8:12 am
- Location: Brisbane, Queensland
- Contact:
Re: getting correct builds
Command.com is not a good way of getting the build number. Specifically, the version does not change from 1111 through the run of OS/R 2.x, when the general build changes through 1111 to 1214. In any case, my MS-DOS 7.1, which is mastered from 2222 files, actually gives 2400 as the build.
I don't think using DOS files is a good idea at all, since the DOS in 1998 and 98SE are nearly identical.
I would be tempted to look at some of the files loaded after VMM32 is loaded. I believe VMM32 is build on demand, and so might itself be a hodgepodge of VXDs (it is a vxd array, after all). Maybe kernel32.exe or something.
I don't think using DOS files is a good idea at all, since the DOS in 1998 and 98SE are nearly identical.
I would be tempted to look at some of the files loaded after VMM32 is loaded. I believe VMM32 is build on demand, and so might itself be a hodgepodge of VXDs (it is a vxd array, after all). Maybe kernel32.exe or something.