BetaArchive is a non-profit site and your donations help to keep us online and thriving. If you can, please consider donating a small amount to help keep us online. Donate and find out more here. Thank you! - Andy & mrpijey
Knabe91 wrote:Hello, I'd like to show how to modify Longhorn's major, minor and build numbers. As an example I will show how to modify Windows Longhorn 4074 to appear as Windows XP to any software used on it even drivers. This will solve many compatibility issues.
Step 1: This will require a hex editor since you will be editing the actual kernel, so pick your favorite editor.
Step 2: With your hex editor open the file "ntoskrnl.exe" or any of the kernel files that you will be using to boot Windows. (ex. ntkrnlpa.exe)
Step 3: With the file open in your hex editor, search for the string of the build number of the Windows that you will be modifying. (ex. 4074) You should find something like this in your hex editor
Step 4: After locating the string look to the left of where the string is located and look for a hex value of 0600000000. Then modify the hex value to appear as 0500000001. This will modify the major and minor versions of windows.
Step 5: After making that modifcation it is now time to change the build number. In the hex editor search for the integer number of your build like 4074. In Longhorn 4074 the number should be located near a string that reads "\.S.y.s.t.e.m.R.o.o.t.\.S.y.s.t.e.m.3.2.\.s.m.s.s...e.x.e" The value you need to change is the build number in hex which is EA 0F, change this to 28 0A so that it now will use the XP build number 2600.
Step 6: Save your changes and either reboot or copy over the modified file into the System32 folder. After reboot you should now have an XP major, minor and build number.
I'm editing LH 5048's 6 kernel files. (like ntoskrnl, ntkrnlup, etc)
But in ntoskrnl, ntkrnlup, I can't find 60 00 00 00 00.
And I searched "\.S.y.s.t.e.m.R.o.o.t.\.S.y.s.t.e.m.3.2.\.s.m.s.s...e.x.e" in all six files, but HxD can't find that text. Instead, HxD searched like this.
In this situation, What can I do?
Main OS : Windows XP
Windows 9x Series : Good! Windows 2000 Good! Windows Vista : Not bad Windows 7 : Very good!
Windows XP = Love!!
Near smss (find "\SystemRoot\system32\smss.exe" with "Unicode string" or sth like that checked) find B8 13 and change it to 28 0A, in ntoskrnl just find 06 00 00 00 00 and maybe you'll find it.
oscareczek wrote:Near smss (find "\SystemRoot\system32\smss.exe" with "Unicode string" or sth like that checked) find B8 13 and change it to 28 0A, in ntoskrnl just find 06 00 00 00 00 and maybe you'll find it.
I found smss.exe, but there no'B8 13' near. What is meaning of 'sth like that checked'?
And I searched 06 00 00 00 00, HxD searched many cases!!
Main OS : Windows XP
Windows 9x Series : Good! Windows 2000 Good! Windows Vista : Not bad Windows 7 : Very good!
Windows XP = Love!!
Which version of Longhorn are you trying this on? I've only been successful with 32-bit versions mostly except the pre-reset 64-bit builds. Also, which file are you trying this on? Some of them don't seem to have the version info in the same location or handle it differently.
EDIT: Okay I just realized. The post reset builds have it a little differently. The major and minor is in the same location, but the build number is near where the string says the build string so change the B8 13 00 F0 to 28 0A 00 F0 and I think that should work. Sorry for the confusion, its been awhile since I've played around with this stuff.
Knabe91 wrote:Which version of Longhorn are you trying this on? I've only been successful with 32-bit versions mostly except the pre-reset 64-bit builds. Also, which file are you trying this on? Some of them don't seem to have the version info in the same location or handle it differently.
EDIT: Okay I just realized. The post reset builds have it a little differently. The major and minor is in the same location, but the build number is near where the string says the build string so change the B8 13 00 F0 to 28 0A 00 F0 and I think that should work. Sorry for the confusion, its been awhile since I've played around with this stuff.
Thanks for your answer!!
But in ntoskrnl.exe, where is 06 00 00 00 00?
I can't find major and minor. When I clicked search in hxd, HxD found four cases.
Sorry for asking this again
Main OS : Windows XP
Windows 9x Series : Good! Windows 2000 Good! Windows Vista : Not bad Windows 7 : Very good!
Windows XP = Love!!
What is the original filename of ntoskrnl? You may need to use one of the other ones if you can. I found that some don't handle this in the same way and still don't know how to modify them.
