Age of Mythology Extended Edition in Windows XP

Five years ago I made xompie (which is nothing original) and one of its part is wined3d, but sadly because of my Intel HD has crappy OpenGL driver, wined3d never really works for me.

Now replacing my old ivybridge mobo with another ivybridge (optiplex 7010) mobo with 16GB and nvidia GT 730, I could run AOM EE with wined3d.

aom ee run in xp

basically just need d3d11.dll, wined3d.dll, dxgi.dll and gdixp.dll dropped in the game directory, but the developer add OS version check in aomx.exe which I think could be solved with MS Application Verifier that lies about windows version, or else using IDA I found the game filter out OS that older than NT 6.0 (Vista need SP2 for DirectX 11), patch can be peformed using hex editor at offset 1618813 by changing 06 into 05 (the version major) now it will filtered out anything older than Windows 2000. Also aomx.exe has PE subsystem version of  6.0 so we need to fix that to 5.0 as well.

Additionally it appears that cursor initial coord by wined3d is wrong, therefor mouse has offset. This only happen in fullscreen mode. To fix it we could create override config file in .\startup\user.cfg and put these lines:

xres 1280
yres 720
+window

That's it. well I'm not really a gamer but if there is a game that I play a lot in the past that would be Age of Mythology.

ActivePerl 5.22 XP installable

I have installed MSYS2 version that works with XP, and Perl 5.22 was the last build to run. In few cases I'd need to use native version e.g. in conjunction with native gnu-make. So I look at ActivePerl 5.22 which unfortunately drop support for XP just at the same version that I need.. heh!

Installing it under MS Application Verifier disguise works well, but damn, ActiveState sure know how to play hide and seek with their installation files lol. No worries! Process Explorer/Hacker will track them down for us.

After trivial tests I don't see any problem with its executables it's not like they try to disallow it to run on XP, seems they just make it not installable. I wonder if more ISVs doing this.

So I remove the "obstacle" in the msi file and pack a 7zip of it.

Note that while Perl is opensource, ActiveState added package manager among other enhancements which make it overall not OSS.

ActivePerl-5.22.4_installer.7z

FFmpeg for Windows XP

FFmpeg itself has no problem with XP, but its dependencies are. This build is feature complete  (and therefor non-opensource and not redistributable) oh well.

This build specifically for XP so most of AVX optimization disabled
Aotuv is used for vorbis encoder and capable of ~32kbps at -aq 0
x264 and vpx codec use high bitdepth but not for x265 (is too slow)
your custom fonts goes to fonts sub-directory (via fontconfig)
your frei0r dlls goes to frei0r sub-directory
your ladspa dlls goes to ladspa sub-directory
place libbdplus.dll+libaacs.dll or libmmbd.dll in the root directory if you need those
flagged with LAA (bigmem)

download:
version 3.4.1
ffmpeg-3.4.1.7z (24.4 MB)
ffmpeg-3.4.1_LTO.7z (21.3 MB) small build

Configured as:

configure --enable-nonfree --enable-gpl --enable-version3 --enable-small --enable-avresample --enable-pthreads --disable-w32threads --enable-avisynth --enable-chromaprint --enable-frei0r --enable-gnutls --enable-ladspa --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libdc1394 --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libilbc --enable-libkvazaar --enable-libmodplug --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopencv --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librsvg --enable-librubberband --enable-librtmp --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvmaf --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-decklink --enable-libmysofa --enable-openal --enable-opencl --enable-opengl --enable-libmfx --disable-avx --disable-avx2 --pkg-config-flags=--static --extra-libs="-lstdc++ -lgomp"

Visual True Type for XP

Been years looking how to download this thing from Microsoft. Previously this was only available "by request" to Microsoft typography group or something, however it's near impossible to get a reply. Originally the program itself released circa 1999-2001 (yeah Win 9.x era and slightly updated when XP released). Now that it was made freely available https://www.microsoft.com/en-us/download/details.aspx?id=48728 (previously MS VOLT also made free and has been regularly updated). Together with other free tools in https://www.microsoft.com/typography/default.mspx are extensive font development tool for Windows. But there is one problem: VTT 6 is not for XP! geh

So I ask an anon question at stackexchange regarding backporting vista apps. I kind of expecting to get l33t answer like reconstructing IAT and some OllyDbg hacking session but it was shim method that come up. Well it was a technique commonly practiced anyway.

To summarize:
- VTT.exe need CompareStringEx and InitializeCriticalSectionEx which unavailable in XP kernel.
- Both functions available in msvcp140.dll (part of Visual C++ 2015 redistributable) with slightly different name along with other interesting backported functions
- VTT.exe is compiled with linker's osversion set to Vista (6.0)
- VTT.exe also protected with Microsoft digital signature

The shim will sit between vtt.exe and kernel32.dll+msvcp140.dll, so we could use renamed function redirection or loadlibrary way. I choose the first since there are not much of imported functions.

Basically I made shim that contain lowercase version of the function (you could use MSDN or MinGW headers to see the correct declaration) which call the actual function in kernel32.dll and msvcp140.dll for the missing one.

for example:

...
// CompareStringEx
WINBASEAPI int WINAPI __crtCompareStringEx (LPCWSTR lpLocaleName, DWORD dwCmpFlags, LPCWCH lpString1, int cchCount1, LPCWCH lpString2, int cchCount2, LPNLSVERSIONINFO lpVersionInformation, LPVOID lpReserved, LPARAM lParam);

WINBASEAPI int WINAPI comparestringex (LPCWSTR lpLocaleName, DWORD dwCmpFlags, LPCWCH lpString1, int cchCount1, LPCWCH lpString2, int cchCount2, LPNLSVERSIONINFO lpVersionInformation, LPVOID lpReserved, LPARAM lParam) {
__crtCompareStringEx (lpLocaleName, dwCmpFlags, lpString1, cchCount1, lpString2, cchCount2, lpVersionInformation, lpReserved, lParam);
}
...

and compile with:

gcc -shared -Wl,--kill-at -o vttforxp.dll vttforxp.c -L. -lmsvcp140 -s

Next we need to rename imported functions in VTT.exe to lowercase too (yeah kind of risky here) and rename kernel32.dll to vttforxp.dll, we can use hex editor.

Next we remove the digital signature, since it obviously become invalid now. we can use osslsigncode:

osslsigncode remove-signature -in vtt.exe -out vtt.exe

Next we need to downgrade os.version PE header to 5.1 (XP). we can use editbin or pehdr-lite

pehdr-lite vtt.exe -osver 5.1 -subsysver 5.1

As a bonus step, we can use Microsoft mt to add xptheme manifest

That's it! Well of course this case is rather simpleton but still is a real-world case :)
heck some apps even simply set the higher os.version (due to never compiler default) so that it could spew stupid error message like "invalid win32 application"...

 

Attack Surface Analyzer for XP

This utility released by Microsoft long time ago when XP still supported but ironically decidedly for Vista or newer only. I thought it kind of regshot (registry and filesystem snapshot) or similar but turn out a security risks snapshot. I patch it to work with XP (only) because when debug the half native half dotnet apps it actually or at least initially designed for a minimum XP SP2. The patch just change the required NT version from 6 to 5 and it works but hey I'm no security expert kay?

Dedicated to XP diehards:
http://d-h.st/Tk6 (32bit only)

Original source:
www.microsoft.com/en-us/download/details.aspx?id=24487

Gametop.com Games without Gametop.com Redirection

I like this game library site, there are dozen HQ free racing (my favorite genre) games  for download. As we know the games upon exiting will launch your browser pointing to their site. There seems to be no catch here, no suspicious parameter etc. it's simply "open this url" call, although a googling for privacy concern of these games return a few security paranoid's comments.

Having a look from dependency walker I believe ShellExecute is responsible for the call. I try hex it with another same-length function name of shell32.dll (e.g. CheckEscapes) and yeah that's it.

EDIT:

Steps:

1. Download and install free hex editor: WXHexeditor / HexEditor or HxD
   in this case I use HexEditor.
2. Download the game, in this case Battle Rush.
3. Browse battle rush executable, open it in HexEditor



battle rush.exe

4. In HexEditor pres Ctrl-H to bring Find and Replace dialog, find "ShellExecuteA" and for the replacement use "CheckEscapesA" click Replace All. You'll be asked to turn off read only mode, Click ok :



Replace the function

5. A confirmation of the function being replaced will shown like below. If not, it may be in another name e.g. "ShellExecuteW" -> "CheckEscapesW" just give it a try. You can now save the file. Try run it.



Confirmation

Portable IBM Lotus Symphony 3 Fixpack3

Update 26 May 2012:
- now if somehow symphony stopped working (not started), deleting 'IBM' folder will reset settings
- revert to use soffice.bin since some featured hardcoded to this, thus do not run openoffice with symphony
- in 64-bit windows symphony didn't quit cleanly, fixed
- workaround for path with spaces 

Update 12 May 2012:
Apparently IBM has discontinued Lotus Symphony, what a shame :( (last version is 3.0.1)  so I decided to update this:
Portable Lotus Symphony 3.0.1 fixpack 1 All languages 194 MB or
Launcher only (to run pre-installed symphony 3.0.1 unmodified in portable mode) 678KB

Notes:
- Although this was less than half smaller of original installer (570MB), it is really full version :)
- All jars and zips were unpacked so you may experience slightly better responsiveness
- Startup (as older version) also has been tweaked, it should be significantly faster than the original, especially after first run
- Although IBM has offered Symphony to Apache OpenOffice as open source, do note that this download remain illegal except the launcher download


A continuation of my guide here, I made small launcher (basically a 7-zip SFX) to make Lotus Symphony a little more portable. This is based on version 3 with fixpack 3, the SFX installer will extract to PortableSymphony3 folder from there run launcher.exe (symphony.exe.bak - the original launcher- has been renamed as I don't use it).

Unlike the original Symphony this one will kill soffice.bin (file has been renamed to prevent conflict) after exit to make it usable in removable drive. One caveat: don't run multiple instance of it... but that shouldn't be an issue as it was a multitabbed office anyway.

If you wish you could manually extract it with 7-zip

Portable Lotus Symphony 3 125 MB
md5: 8c85538e10d804136e4d394f6b8a93cb