[Guide] How to identify the build of Windows NT

Tutorials for Operating Systems, Applications etc can be posted here.
Post Reply
Rob Jansen
User avatar
Donator
Posts: 5271
Joined: Sat May 12, 2007 1:05 pm
Location: The Collection Book
Contact:
Contact Rob Jansen

Re: [Guide] How to identify the build of Windows NT

Post by Rob Jansen »

If you read the posts in this topic (which you didn't, I know that, since this has been posted already and it was proven wrong 8-) ) you noticed that Winver in very early days is wrong, then it was right for a long time until the full buildstrings came, sometimes it would show the complete buildstring other times just the buildnumber.

And for the NT builds since the early Whistler builds always have an buildtag for example:

Code: Select all

5.1.2223.1 (main.000411-2307)
but is not always shown in the Winver.
That is why you need to check the registery for the actual buildnumber.

Even better, check the main files for NT themselfs, most of the time I use NTOSKRNL.EXE itsself.

(This last one goes for all NT's (NTOSKRNL), the registery with complete buildstring from pre-beta Whistler until the current builds).

@mrpijey:
Could you please complete your guide series and sticky them?
For all of them?
Top
TheCollector1988
User avatar
Donator
Posts: 3544
Joined: Wed Feb 23, 2011 12:11 am
Location: Italy
Contact:
Contact TheCollector1988

Re: [Guide] How to identify the build of Windows NT

Post by TheCollector1988 »

Sometimes identifying it can be hard, in the case of NT 3.1 Build 319-340 (and about Build 239, I wonder why on the kernel it is 1.0 while on the OS itself is 3.2??? Was it just random by Microsoft? for the 3.2 thing)
Top
ACESUS
Posts: 1
Joined: Sat May 07, 2011 11:36 am

Re: [Guide] How to identify the build of Windows NT

Post by ACESUS »

Press winkey+r and run 'dxdiag'. It will hopefully give full info
Top
Overdoze
User avatar
FTP Access
Posts: 1698
Joined: Mon Feb 24, 2014 10:28 am
Location: Slovenia

Re: [Guide] How to identify the build of Windows NT

Post by Overdoze »

Just a heads up to anyone who's still not aware of this:

If you have an unknown build of Windows NT before version 4.0 and you need to make sure of the build number, but you can't actually install the build to check, do not use file versions of the kernel (NTOSKRNL.EXE/NTKRNLMP.EXE) as a reliable source of information, because they are not. The file versions of the kernel (and other files as well) have always been behind the actual build number reported in Winver until Windows NT 4.0 fixed this. This is the cause of many mislabels, such as NT 3.10.340 (mislabeled as both 319 and 328 based on the two kernel file versions).

The correct build number is actually hardcoded in the kernel. NT 3.51 introduced a kernel export called NtBuildNumber between builds 944 and 1024, which can be used to get the actual build number of the OS (along with the existing GetVersion calls). Before this, finding it is a bit trickier, but the simplest approach is to use a hex editor and search for the build number in little endian hexadecimal (it's usually stored next to some strings). Or you can disassemble the kernel and look for the code that displays the build number on the bootscreen and trace back the dword.

So, tl;dr: for NT 4.0 and later, you can stick to file versions etc. as they are correct. For NT 3.51 builds with NtBuildNumber, simply find and use that value. For NT 3.51 builds without NtBuildNumber and earlier, find the dword that stores the value.
All roads lead to Neptune™

KRNL386 - my site about retro computing | My site about Windows 1.0 | My blog | 86Box Manager | LeakDB - list of PC OS warez leaks
Top
Post Reply

Return to “Tutorials and Guides”