Windows Whistler Build 2309 Recreation [IN PROGRESS]

[coltonspleen]

Since this build, no matter how fake or real it is, intrigues me, I have decided to try and see if I can reconstruct it using the images available and build 2296 as a base, due to the possibility of it being a build 2296 hack, which seems likely due to build 2296's compile date being from October 24, 2000, and build 2400's compile date being from October 22, 2000. The timebomb will have to be redone however, since October 47th is technically November 17th, and 12:79 PM is technically 1:19 PM, the timebomb would have to be 180 days from November 17, 2000 @1:19 PM for it to still make sense. However, for those of you who would get confused over this build's legitimacy, this build is fake. End of story. This is only being done for educational purposes.

[AlphaBeta]

Why recreate a fake? Would be no different from the 2296 you'd modify...

[coltonspleen]

As mrpijey said in another thread, it could help me get into the inner guts of Windows, however, I would have to distribute the result somewhere else, and make sure I specify that it indeed is a fake when I go to package it up.

[AlphaBeta]

Hexediting a build number will not help you understand the inner workings of Windows at all.

[mrpijey]

And why would you need to distribute it? Hack away and hexedit, merge and replace all you want, but keep that frankenbuild to yourself. Gives the rest of us headache when some brainiac tries to pass it for a real build...

[Wheatley]

I can safely say that the few fakes I have created myself have taught me almost nothing about Windows.

[coltonspleen]

Good to know, you guys. Now the question is how exactly do I modify the build numbers/buildtag? Where are they in the files? First one to do would obviously be the kernel.

[TheCollector1988]

I think, for the build number, it's on ntoskrnl.exe.

[coltonspleen]

So what addresses hold the build number in ntoskrnl anyway?

Offtopic Comment

My post count surpasses the maximum number 1 byte can hold.

[coltonspleen]

Also, is it possible to make a WIM install version of build 2296? We have the WinPE to do it with (the 2296 WinPE beta), so why not?

[coltonspleen]

I don't mean to make 3 posts on this, but now I need to change the timebomb through setupreg.hiv. How exactly do I do that? I need to change it to November 16, 2000 @ 1:19 PM.
EDIT: You go to ControlSet001/Services/setupdd and you change the hex values there (I think these values determine the timebomb of the CD). Although I'm not sure which hex values will give me the timebomb date/time I want.

[coltonspleen]

I've been getting a lot of progress done. It currently stops at the text stage of setup with this error:

which means I'll need to disable SFC in the CD itself for the next part. How exactly do you guys think I should do that?

Offtopic Comment

I have as many posts as there are YT views on a video for a while...

[LuLu]

nLite (at least older ones) did it by patching ofc.dll
if it can load/reckognise this build, then it will patch it

[coltonspleen]

I'm picking up this project, and it seems like I'm picking up steam. I'm now using PEChecksum and a variant of Knabe91's Longhorn build patching tutorial (modified for Whistler instead of Longhorn), and so far, it looks good. I haven't tested the new ISO yet.
EDIT: That seems to have fixed my problem with the modified kernels, but it currently hangs at the "Starting Windows..." screen from the bootloader for some reason. The checked/debug version of this would be useful for this, since I can see what's going on with the kernel through the debugger. What debugger(s) should you attach it to anyway?