Windows Whistler Build 2309 Recreation [IN PROGRESS]
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Windows Whistler Build 2309 Recreation [IN PROGRESS]
Since this build, no matter how fake or real it is, intrigues me, I have decided to try and see if I can reconstruct it using the images available and build 2296 as a base, due to the possibility of it being a build 2296 hack, which seems likely due to build 2296's compile date being from October 24, 2000, and build 2400's compile date being from October 22, 2000. The timebomb will have to be redone however, since October 47th is technically November 17th, and 12:79 PM is technically 1:19 PM, the timebomb would have to be 180 days from November 17, 2000 @1:19 PM for it to still make sense. However, for those of you who would get confused over this build's legitimacy, this build is fake. End of story. This is only being done for educational purposes.
Last edited by coltonspleen on Mon Dec 05, 2016 5:05 pm, edited 1 time in total.
Re: Windows Whistler Build 2309 Recreation Possibility
Why recreate a fake? Would be no different from the 2296 you'd modify...
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation Possibility
As mrpijey said in another thread, it could help me get into the inner guts of Windows, however, I would have to distribute the result somewhere else, and make sure I specify that it indeed is a fake when I go to package it up.
Re: Windows Whistler Build 2309 Recreation Possibility
Hexediting a build number will not help you understand the inner workings of Windows at all.
Re: Windows Whistler Build 2309 Recreation Possibility
And why would you need to distribute it? Hack away and hexedit, merge and replace all you want, but keep that frankenbuild to yourself. Gives the rest of us headache when some brainiac tries to pass it for a real build...
Official guidelines: Contribution Guidelines
Channels: Discord :: Twitter :: YouTube
Misc: Archived UUP
Re: Windows Whistler Build 2309 Recreation Possibility
I can safely say that the few fakes I have created myself have taught me almost nothing about Windows.
Windows Defender for great justice! Bugs are an international trading company. I need to defeat the anti-debugging and obfuscation methods. It wasn't for Intel's absurd ability to load in ie6. Why even waste time with people in an envelope?
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation Possibility
Good to know, you guys. Now the question is how exactly do I modify the build numbers/buildtag? Where are they in the files? First one to do would obviously be the kernel.
- TheCollector1988
- Donator
- Posts: 3604
- Joined: Wed Feb 23, 2011 12:11 am
- Location: Italy
- Contact:
Re: Windows Whistler Build 2309 Recreation Possibility
I think, for the build number, it's on ntoskrnl.exe.
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation Possibility
So what addresses hold the build number in ntoskrnl anyway?
Offtopic Comment
My post count surpasses the maximum number 1 byte can hold.
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation Possibility
Also, is it possible to make a WIM install version of build 2296? We have the WinPE to do it with (the 2296 WinPE beta), so why not?
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation Possibility
I don't mean to make 3 posts on this, but now I need to change the timebomb through setupreg.hiv. How exactly do I do that? I need to change it to November 16, 2000 @ 1:19 PM.
EDIT: You go to ControlSet001/Services/setupdd and you change the hex values there (I think these values determine the timebomb of the CD). Although I'm not sure which hex values will give me the timebomb date/time I want.
EDIT: You go to ControlSet001/Services/setupdd and you change the hex values there (I think these values determine the timebomb of the CD). Although I'm not sure which hex values will give me the timebomb date/time I want.
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation [IN PROGRESS]
I've been getting a lot of progress done. It currently stops at the text stage of setup with this error:
which means I'll need to disable SFC in the CD itself for the next part. How exactly do you guys think I should do that?
which means I'll need to disable SFC in the CD itself for the next part. How exactly do you guys think I should do that?
Offtopic Comment
I have as many posts as there are YT views on a video for a while...
Re: Windows Whistler Build 2309 Recreation [IN PROGRESS]
nLite (at least older ones) did it by patching ofc.dll
if it can load/reckognise this build, then it will patch it
if it can load/reckognise this build, then it will patch it
-
coltonspleen
- Posts: 355
- Joined: Wed Jan 22, 2014 5:59 pm
Re: Windows Whistler Build 2309 Recreation [IN PROGRESS]
I'm picking up this project, and it seems like I'm picking up steam. I'm now using PEChecksum and a variant of Knabe91's Longhorn build patching tutorial (modified for Whistler instead of Longhorn), and so far, it looks good. I haven't tested the new ISO yet.
EDIT: That seems to have fixed my problem with the modified kernels, but it currently hangs at the "Starting Windows..." screen from the bootloader for some reason. The checked/debug version of this would be useful for this, since I can see what's going on with the kernel through the debugger. What debugger(s) should you attach it to anyway?
EDIT: That seems to have fixed my problem with the modified kernels, but it currently hangs at the "Starting Windows..." screen from the bootloader for some reason. The checked/debug version of this would be useful for this, since I can see what's going on with the kernel through the debugger. What debugger(s) should you attach it to anyway?