Win2K3 extra patches

Win2K3 extra patches

Anon-maintained list of their own patches.

Changelog

2021-10-21: Initial upload.

2021-10-23: Added "Fixes for decompiled winlogon".

Use long-term test certificates

This is a quite large guide, moved to the separate page.

Identify as Windows XP instead of Windows 2000

Updates string formatter to identify the OS name in systeminfo and msinfo32 as Windows XP instead of Windows 2000.

|---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 | --- a/admin/wmi/wbem/providers/win32provider/providers/systemname.cpp +++ b/admin/wmi/wbem/providers/win32provider/providers/systemname.cpp @@ -372,7 +372,7 @@ CHString CSystemName::GetLocalizedName(void) #else if( IsWinNT5() ) { - if ( IsWinNT51() ) + if ( IsWinNT51() || IsWinNT52() ) { if (VER_SUITE_PERSONAL & t_ku.SuiteMask()) { |

Support for SHA-2 RSA signatures in crypt32.dll

Support for SHA-2 RSA certificate signatures was added in XP SP3 only. Without this patch, modern certificates (like ISRG Root X1 from Let's Encrypt) won't be verified.

|---------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | --- a/ds/security/cryptoapi/pki/certstor/oidinfo.cpp +++ b/ds/security/cryptoapi/pki/certstor/oidinfo.cpp @@ -140,6 +140,11 @@ static CCRYPT_OID_INFO PubKeyAlgTable[] = { // Signature Algorithm Table //-------------------------------------------------------------------------- static const ALG_ID aiRsaPubKey = CALG_RSA_SIGN; +static const DWORD rgdwRsaSha2Sign[] = { + CALG_RSA_SIGN, + 0, + PROV_RSA_AES +}; static const DWORD rgdwMosaicSign[] = { CALG_DSS_SIGN, CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG | @@ -160,12 +165,17 @@ static const DWORD rgdwDssSign[] = { OID_INFO_LEN, pszOID, pwszName, CRYPT_SIGN_ALG_OID_GROUP_ID, aiHash, sizeof(rgdwExtra), (BYTE *) rgdwExtra +#define RSA_SHA2_SIGN_ALG_ENTRY(pszOID, pwszName, aiHash)+ SIGN_EXTRA_ALG_ENTRY(pszOID, pwszName, aiHash, rgdwRsaSha2Sign) #define DSS_SIGN_ALG_ENTRY(pszOID, pwszName) SIGN_EXTRA_ALG_ENTRY(pszOID, pwszName, CALG_SHA1, rgdwDssSign) static CCRYPT_OID_INFO SignAlgTable[] = { RSA_SIGN_ALG_ENTRY(szOID_RSA_SHA1RSA, L"sha1RSA", CALG_SHA1), RSA_SIGN_ALG_ENTRY(szOID_RSA_MD5RSA, L"md5RSA", CALG_MD5), + RSA_SHA2_SIGN_ALG_ENTRY("1.2.840.113549.1.1.11", L"sha256RSA", CALG_SHA_256), + RSA_SHA2_SIGN_ALG_ENTRY("1.2.840.113549.1.1.12", L"sha384RSA", CALG_SHA_384), + RSA_SHA2_SIGN_ALG_ENTRY("1.2.840.113549.1.1.13", L"sha512RSA", CALG_SHA_512), DSS_SIGN_ALG_ENTRY(szOID_X957_SHA1DSA, L"sha1DSA"), RSA_SIGN_ALG_ENTRY(szOID_OIWSEC_sha1RSASign, L"sha1RSA", CALG_SHA1), RSA_SIGN_ALG_ENTRY(szOID_OIWSEC_sha1RSASign, L"shaRSA", CALG_SHA1), |

It also probably requires relatively modern rsaenh.dll, but the one provided by win2003_x86-missing-binaries_v2.7z should be enough. Binary only, yes.

Remove "For testing purposes only" message from desktop

Just skip the check for test certificate (which you probably use for builds).

|---------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 | --- a/windows/core/ntuser/kernel/init.c +++ b/windows/core/ntuser/kernel/init.c @@ -3100,7 +3100,7 @@ BOOL xxxUpdatePerUserSystemParameters( /* * Desktop Build Number Painting */ - if (USER_SHARED_DATA->SystemExpirationDate.QuadPart || gfUnsignedDrivers) { + if (0 && (USER_SHARED_DATA->SystemExpirationDate.QuadPart || gfUnsignedDrivers)) { gdwCanPaintDesktop = 1; } else { FastGetProfileDwordW(pProfileUserName, PMAP_DESKTOP, L"PaintDesktopVersion", 0, &gdwCanPaintDesktop, dwPolicyFlags); |

Disable waiting for network in ported winlogon

Just reorders some stuff and disables the network check (which is not really needed). For those who still use the ported version of winlogon (Winlogon200X_v3c.zip).

|------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | --- a/ds/security/gina/winlogon/wlxutil.c +++ b/ds/security/gina/winlogon/wlxutil.c @@ -2578,6 +2578,9 @@ VOID WaitForServices( HANDLE hDsReindexEvent ; ULONG SamWaitTime = 15000 ; + DWORD fWaitForNetwork; + HKEY hKey; + DWORD cbData, dwType; if ( pTerm->SafeMode ) { @@ -2587,6 +2590,30 @@ VOID WaitForServices( StatusMessage(FALSE, 0, IDS_STATUS_SYSTEM_STARTUP ); WaitForServiceToStart( TEXT("SamSs"), SamWaitTime); + StatusMessage (TRUE, 0, IDS_STATUS_RPCSS_START); + WaitForServiceToStart (TEXT("RpcSs"), 120000); + + fWaitForNetwork = FALSE; + if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, + TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"), + 0, + KEY_READ, + &hKey ) == ERROR_SUCCESS ) + { + cbData = sizeof(fWaitForNetwork); + RegQueryValueEx( hKey, + TEXT("WaitForNetwork"), + NULL, + &dwType, + (LPBYTE)&fWaitForNetwork, + &cbData ); + RegCloseKey( hKey ); + } + + if ( !fWaitForNetwork ) { + return; + } + if ( pTerm->SafeMode ) { // @@ -2615,9 +2642,6 @@ VOID WaitForServices( StatusMessage (FALSE, 0, IDS_STATUS_NET_START); WaitForServiceToStart (SERVICE_NETLOGON, 120000); - StatusMessage (TRUE, 0, IDS_STATUS_RPCSS_START); - WaitForServiceToStart (TEXT("RpcSs"), 120000); - StatusMessage (TRUE, 0, IDS_STATUS_MUP_START); WaitForMUP (120000); |

Fixes for decompiled winlogon

This version of winlogon (ds.zip_decompiled_XPSP1_winlogon.zip) can't be built without additional fixes. Moreover, it has some controversial stuff which can be easily removed.

  1. Everything in licensing is completely unnecessary. It contains a lot of unreadable disassembled code (and it's explained why in the included readme file). This directory can be easily removed with some code changes.
  2. Smartcard logon (sclogon2.c) is incomplete and conflicts with definitions from sclgnrpc.h. I decided to just remove it intead of trying to fix.
  3. Windows 3.1 migration code is incomplete and of course it's not needed at all. Moreover, even the ported version of winlogon doesn't have it (it was replaced with stubs, so I did the same).
  4. Some minor fixes here and there to make it buildable.

|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 | --- a/ds/security/gina/winlogon/sas.c +++ b/ds/security/gina/winlogon/sas.c @@ -10,8 +10,6 @@ #include <tsperf.h> #include <rdfilter.h> -#include "../../licensing/explib/checkstatus.h" - #define SHELL_RESTART_TIMER_ID 100 //#define EVENT_SHELL_RESTARTED (1002 | 0x40000000) @@ -1294,13 +1292,10 @@ LRESULT SASWndProc( if ( pTerm->UserLoggedOn && !IsLocked( pTerm->WinlogonState )) { - DWORD val = 0; - if (!sub_1043104(978, &val) && val) { StartApplication(pTerm, szDesktop, pTerm->pWinStaWinlogon->UserProcessData.pEnvironment, szTaskMgr); - } } return(0); } @@ -1814,6 +1809,7 @@ LRESULT SASWndProc( DWORD dwType, dwSize; +#if 0 if (wParam == 977) { DWORD val = 0; // licensing check timer @@ -1836,6 +1832,7 @@ LRESULT SASWndProc( SetTimer(hwnd, 976, 3600000, NULL); return 0; } +#endif if (wParam != SHELL_RESTART_TIMER_ID) { break; --- a/ds/security/gina/winlogon/sources +++ b/ds/security/gina/winlogon/sources @@ -75,7 +75,6 @@ SOURCES= secboot.c notify.c sc.c- sclogon2.c wlxutil.c jobwait.c samwait.c@@ -115,8 +114,6 @@ TARGETLIBS= $(DS_GLOBAL_LIB_PATH)\wxapisrv.lib $(SHELL_LIB_PATH)\shguidp.lib $(SDK_LIB_PATH)\uuid.lib- $(SECURITY_LIB_PATH)\sclgnrpc.lib- $(SDK_LIB_PATH)\sclogon.lib $(SDK_LIB_PATH)\advapip.lib $(DS_LIB_PATH)\rsa32.lib $(DS_LIB_PATH)\bignum.lib@@ -125,12 +122,6 @@ TARGETLIBS= $(NET_LIB_PATH)\mprp.lib $(SDK_LIB_PATH)\psapi.lib $(SDK_LIB_PATH)\version.lib- ..\..\licensing\shortsig\$(O)\shortsig.lib- ..\..\licensing\shortsig00\$(O)\shortsig00.lib- ..\..\licensing\lib\$(O)\license.lib- ..\..\licensing\pidlib\$(O)\pidlib.lib- ..\..\licensing\explib\$(O)\explib.lib- ..\..\licensing\liclib\$(O)\liclib.lib $(SDK_LIB_PATH)\oleaut32.lib $(WINDOWS_LIB_PATH)\user32p.lib $(SDK_LIB_PATH)\ws2_32.lib--- a/ds/security/gina/winlogon/termutil.c +++ b/ds/security/gina/winlogon/termutil.c @@ -790,6 +790,7 @@ DWORD CALLBACK DeferredTSNotify(LPVOID pVoid) { HANDLE HandlesToWait[2]; DWORD dwWaitResult = WAIT_FAILED; HANDLE hTermSrvReadyEvent; + BOOLEAN pfIsRedirected; ASSERT(g_Console); // line 2050 ASSERT(g_hUserLogoffEvent); // line 2051 @@ -824,7 +825,8 @@ DWORD CALLBACK DeferredTSNotify(LPVOID pVoid) { g_TSNotifyData.UserName, L"", 0, - &g_pTerminals->MuGlobals.UserConfig)) + &g_pTerminals->MuGlobals.UserConfig, + &pfIsRedirected)) { DebugLog((DEB_ERROR, "FAILED DeferredTSNotify - _WinStationNotifyLogon\n")); dwResult = GetLastError(); @@ -1295,6 +1297,7 @@ int MultiUserLogonAttempt( PDOMAIN_CONTROLLER_INFO DcInfo = NULL ; DWORD Error; BOOLEAN WinStaResult; + BOOLEAN pfIsRedirected; ASSERT(!g_hDeferredTSNotifyThread); // line 1518 @@ -1525,11 +1528,11 @@ int MultiUserLogonAttempt( if (!IsAppServer()) { WinStaResult = _WinStationNotifyLogon( (BOOLEAN)TestTokenForAdmin(hToken), hToken, pMprInfo->pszDomain, - pMprInfo->pszUserName, L"", 0, &pTerm->MuGlobals.UserConfig); + pMprInfo->pszUserName, L"", 0, &pTerm->MuGlobals.UserConfig, &pfIsRedirected); } else { WinStaResult = _WinStationNotifyLogon( (BOOLEAN)TestTokenForAdmin(hToken), hToken, pMprInfo->pszDomain, - pMprInfo->pszUserName, pMprInfo->pszPassword, 0, &pTerm->MuGlobals.UserConfig); + pMprInfo->pszUserName, pMprInfo->pszPassword, 0, &pTerm->MuGlobals.UserConfig, &pfIsRedirected); } if (!WinStaResult) { LONG error; --- a/ds/security/gina/winlogon/win31mig.c +++ b/ds/security/gina/winlogon/win31mig.c @@ -114,6 +114,7 @@ Windows31Migration( PTERMINAL pTerm ) { +#if 0 HANDLE ImpersonationHandle; WIN31_MIGRATION_DIALOG DialogInfo; DWORD Win31MigrationFlags; @@ -151,6 +152,8 @@ Windows31Migration( Win31MigrationDlgProc, (LPARAM)&DialogInfo ); +#endif + return FALSE; } @@ -188,6 +191,7 @@ Win31MigrationDlgProc( LPARAM lParam ) { +#if 0 PWIN31_MIGRATION_DIALOG pDialogInfo = (PWIN31_MIGRATION_DIALOG) GetWindowLongPtr(hDlg, GWLP_USERDATA); HANDLE ImpersonationHandle; UINT idFocus = (UINT) -1; @@ -331,6 +335,7 @@ Win31MigrationDlgProc( break; // Fall through to do default processing // We may have validated part of the window. } +#endif // We didn't process the message return(FALSE); --- a/ds/security/gina/winlogon/winlogon.c +++ b/ds/security/gina/winlogon/winlogon.c @@ -1180,7 +1180,6 @@ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, InitializeUserProfile(); } - SclogonInit(); if (!g_fHelpAssistantSession) { BaseInitAppcompatCacheSupport(); @@ -1693,7 +1692,6 @@ VOID PostSetupShutdown(PTERMINAL pTerm, SHUTDOWN_ACTION Action) { VOID MiscInitialization (PTERMINAL pTerm) { - DWORD Win31MigrationFlags; DWORD SetupShutdownRequired; @@ -1744,6 +1742,7 @@ VOID MiscInitialization (PTERMINAL pTerm) } +#if 0 if (!IsWin9xUpgrade()) { // // Check to see if there is any WIN.INI or REG.DAT to migrate into @@ -1762,6 +1761,7 @@ VOID MiscInitialization (PTERMINAL pTerm) InitSystemFontInfo(); } } +#endif // --- a/ds/security/gina/winlogon/wlx.c +++ b/ds/security/gina/winlogon/wlx.c @@ -14,7 +14,6 @@ #include <commctrl.h> #define NO_COMMCTRL_ALLOCFCNS #include <comctrlp.h> -#include "../../licensing/explib/checkstatus.h" #define _MSGINA_ #include <msginaexports.h> #include <shellapi.h> @@ -83,7 +82,6 @@ extern TCHAR szNoPageFile[]; TCHAR szAdminName[ MAX_STRING_BYTES ]; BOOL g_fReadyForShutdown = FALSE; -HANDLE dword_1075C6C = NULL; HINSTANCE hShell32Module = NULL; HANDLE g_hEventReconnect = NULL; @@ -1479,7 +1477,6 @@ DoStartShell( WCHAR szDesktop[MAX_PATH]; PWINDOWSTATION pWS = pTerm->pWinStaWinlogon; UINT ErrorMode ; - BOOL fWPABlockedShell = FALSE; HANDLE hUserLogonEvent; @@ -1535,6 +1532,7 @@ DoStartShell( InitMultimediaForStartShell(pTerm); } +#if 0 if (dword_1075C6C && WaitForSingleObject(dword_1075C6C, 0)) { fWPABlockedShell = TRUE; } else { @@ -1575,9 +1573,7 @@ DoStartShell( CloseHandle(dword_1075C6C); } dword_1075C6C = NULL; - - if (!fWPABlockedShell) - { +#endif StatusMessage(TRUE, 0, IDS_STATUS_RESTORE_NET); @@ -1683,9 +1679,7 @@ DoStartShell( SetErrorMode( ErrorMode ); - } - - return fWPABlockedShell ? FALSE : StartStatus ; + return StartStatus; } //+--------------------------------------------------------------------------- @@ -3241,17 +3235,6 @@ MainLoop(PTERMINAL pTerm) fIsIdleLogonTimeoutDisabled = IsIdleLogonTimeoutDisabled(); } - if (g_Console) { - dword_1075C6C = CreateEvent(NULL, FALSE, FALSE, NULL); - if (dword_1075C6C == NULL) { - return; - } - if (!QueueUserWorkItem(sub_10470D2, (PVOID)dword_1075C6C, 0)) { - return; - } - SetTimer(pTerm->hwndSAS, 977, 60000, NULL); - } - // // Start profile mapping APIs // @@ -3620,10 +3603,6 @@ MainLoop(PTERMINAL pTerm) if (WlxResult == WLX_SAS_ACTION_LOGON) { - sub_10432CC(978, 0); - sub_10432CC(977, 0); - SetTimer(pTerm->hwndSAS, 977, 60000, NULL); - if (IsPerOrProTerminalServer() && !pTerm->MuGlobals.field_E68 && (IsActiveConsoleSession() || !g_fHelpAssistantSession)) { |

相关推荐
蓝田~2 小时前
观察者模式和订阅模式
windows·观察者模式
梓仁沐白8 小时前
ubuntu+windows双系统切换后蓝牙设备无法连接
windows·ubuntu
九鼎科技-Leo12 小时前
什么是 WPF 中的依赖属性?有什么作用?
windows·c#·.net·wpf
Yang.9914 小时前
基于Windows系统用C++做一个点名工具
c++·windows·sql·visual studio code·sqlite3
我不瘦但很逗15 小时前
Windows下使用DBeaver连接云数据库(MySQL)
数据库·windows
ashane131416 小时前
Java list
java·windows·list
万里沧海寄云帆16 小时前
Word 插入分节符页码更新问题
windows·microsoft·word
dot.Net安全矩阵17 小时前
.NET 通过模块和驱动收集本地EDR的工具
windows·安全·web安全·.net·交互
编程修仙19 小时前
Collections工具类
linux·windows·python
程序员小羊!20 小时前
高级 SQL 技巧讲解
windows