31 December 2013

A Retrospect for NT 5

This year I've been using Windows 7 for most of the time and only few month ago I decided to back on XP :-) and now it feels like at home again! In those period I found lot of bugs and the quirk of NT 6 so what's the point of getting new OS if you still have bugs to deal? No apparent productivity increase? Yes W7 doing good job at caching (just about everything that matter cached) but it's also a natural step as system with bigger RAM become common nevertheless XP can do some of that too though not as far.

When I go back with XP actually I just upgraded my system, now with 2.9 Ghz CPU and 8GB of RAM, thats right 8GB RAM equipped with 32bit Windows! I took a little experiment with Win 2003 32bit Enterprise (yep this version support BIG RAM), lot of tweaks required to make it behave like XP such as enabling hardware acceleration, sound, etc next I install RRamdisk because some apps refuse to run without pagefile. I allocate 512MB for OB intel GMA and 5GB for rramdisk (4GB pagefile and 1GB for %TEMP%) and it still spare 2.5GB of free RAM. Everything looks great and snappy. With this system I could run 16bit apps directly (OK via ntvdm) or run 64bit apps via VirtualBox. The key is multitasking, if your apps use RAM efficienly and the OS use less memory then you gain productivity! A 32bit apps usually well designed to work with e.g 2GB limit (so unlike 64bit app no need to worry about an app will eat your entire RAM!) though a further tweaks such /3GB ratio or editbin's LAA flagging will provide another scenario.

How about XP64bit? it still basically a dual system so more RAM needed.

I think about next year when XP no longer supported, well first I'm pretty sure the guys at MSFN will make unofficial Rollup Update like they do for Windows 2000. They made it able (to some extent) run some modern apps especially those not relying too much on Win32 API which updated in every major point release and things like .NET/Java. Before April doom come, I will give a test on that Windows 2000 inside Vbox (internet connected) to prove the 0day exploit buzz considering this Windows receive less patches than XP. If it's true then lets try freeze it with EWF/SteadyState, anyway I believe there many people still using it for good reason.

Happy new year XP! you are longest supported PC OS ever!

03 December 2013

Gametop.com Games without Gametop.com Redirection

I like this game library site, there are dozen HQ free racing (my favorite genre) games  for download. As we know the games upon exiting will launch your browser pointing to their site. There seems to be no catch here, no suspicious parameter etc. it's simply "open this url" call, although a googling for privacy concern of these games return a few security paranoid's comments.

Having a look from dependency walker I believe ShellExecute is responsible for the call. I try hex it with another same-length function name of shell32.dll (e.g. CheckEscapes) and yeah that's it.


  1. Download and install free hex editor: WXHexeditor / HexEditor or HxD
    in this case I use HexEditor.
  2. Download the game, in this case Battle Rush.
  3. Browse battle rush executable, open it in HexEditor
  4. battle rush.exe
  5. In HexEditor pres Ctrl-H to bring Find and Replace dialog, find "ShellExecuteA" and for the replacement use "CheckEscapesA" click Replace All. You'll be asked to turn off read only mode, Click ok :
  6. Replace the function
  7. A confirmation of the function being replaced will shown like below. If not, it may be in another name e.g. "ShellExecuteW" -> "CheckEscapesW" just give it a try. You can now save the file. Try run it.
  8. Confirmation