getting correct builds

Discuss Windows 95, 98 and ME.
Post Reply
newnec1
User avatar
Donator
Posts: 50
Joined: Tue Jun 16, 2015 5:29 am

getting correct builds

Post by newnec1 »

is there a faster way and reliable way to get build numbers from older operating systems. 95-2000 I used to check the user.exe with a hex editor and it would get me a close idea but mostly had to install them. I have a few builds I want to upload but I want to verified there real first.

thanks
_________________________
_╔═╦╗______________ ╔═╗__
_║║║║______________ ╚╗║__
_║║║╠══╦╦╦╦══╦══╦═╗║║__
_║║║║║═╣║║║╔╗║║═╣╔╝║║__
_║║║║║═╣║║║║║║║═╣╚╦╝╚╗_
_╚╩═╩══╩══╩╝╚╩══╩═╩══╝_
__________________________

johnleakedfan
User avatar
Posts: 457
Joined: Fri May 02, 2014 10:49 pm
Location: Titans Tower, Jump City

Re: getting correct builds

Post by johnleakedfan »

Check the ntoskrnl.exe version number, its what other people do, I think you can find the build, not sure of you have to install it, I've never did
Last edited by johnleakedfan on Tue Jun 30, 2015 10:35 pm, edited 1 time in total.
Image

newnec1
User avatar
Donator
Posts: 50
Joined: Tue Jun 16, 2015 5:29 am

Re: getting correct builds

Post by newnec1 »

I saw the tutorial on it but so many people were putting there 2 cents in wasn't sure. thanks again!
_________________________
_╔═╦╗______________ ╔═╗__
_║║║║______________ ╚╗║__
_║║║╠══╦╦╦╦══╦══╦═╗║║__
_║║║║║═╣║║║╔╗║║═╣╔╝║║__
_║║║║║═╣║║║║║║║═╣╚╦╝╚╗_
_╚╩═╩══╩══╩╝╚╩══╩═╩══╝_
__________________________

The Distractor

Re: getting correct builds

Post by The Distractor »

for 9x use user.exe, for anything NT check ntoskrnl!NtBuildNumber

Overdoze
User avatar
Posts: 1762
Joined: Mon Feb 24, 2014 10:28 am
Location: Slovenia

Re: getting correct builds

Post by Overdoze »

The Distractor is right, for NT you should check the function NtBuildNumber inside the ntoskrnl.exe, as the file itself didn't always have the same version as OS (mostly in NT 3.X IIRC).

No one mentioned Windows 3.x or earlier yet, though. From what I've gathered, pre-3.1 files don't even have version data, so you'll have to rely on what the OS itself, install media, etc. says. And Windows 3.1x is basically the same as 9x, checking USER.EXE is your best bet.
All roads lead to Neptune™

KRNL386 - my site about retro computing | My site about Windows 1.0 | My blog | 86Box Manager | LeakDB - list of PC OS warez leaks

Lukas Marsik
Posts: 1268
Joined: Thu Mar 29, 2012 4:14 pm

Re: getting correct builds

Post by Lukas Marsik »

Another good one for 9X is command.com :)

German
Posts: 464
Joined: Thu Sep 02, 2010 10:48 am
Location: Russia, Kemerovo
Contact:

Re: getting correct builds

Post by German »

Overdoze wrote:The Distractor is right, for NT you should check the function NtBuildNumber inside the ntoskrnl.exe, as the file itself didn't always have the same version as OS (mostly in NT 3.X IIRC).
How i can check this function?

The Distractor

Re: getting correct builds

Post by The Distractor »

German wrote:
Overdoze wrote:The Distractor is right, for NT you should check the function NtBuildNumber inside the ntoskrnl.exe, as the file itself didn't always have the same version as OS (mostly in NT 3.X IIRC).
How i can check this function?
use IDA, or some other disassembler that resolves exports. CFF Explorer might work, but not sure.

The top 8 bits of the DWORD is either 0xC for chk or 0xF for fre, the bottom 24 bits are the build number.

os2fan2
User avatar
Donator
Posts: 1394
Joined: Sun Dec 30, 2007 8:12 am
Location: Brisbane, Queensland
Contact:

Re: getting correct builds

Post by os2fan2 »

Command.com is not a good way of getting the build number. Specifically, the version does not change from 1111 through the run of OS/R 2.x, when the general build changes through 1111 to 1214. In any case, my MS-DOS 7.1, which is mastered from 2222 files, actually gives 2400 as the build.

I don't think using DOS files is a good idea at all, since the DOS in 1998 and 98SE are nearly identical.

I would be tempted to look at some of the files loaded after VMM32 is loaded. I believe VMM32 is build on demand, and so might itself be a hodgepodge of VXDs (it is a vxd array, after all). Maybe kernel32.exe or something.

Post Reply