Force OS to skip the "Not a Valid Win32 Application" check?

Windows 2000 fixes and solutions for apps

Force OS to skip the "Not a Valid Win32 Application" check?

PostPosted by HostileExpanse » Thu Jun 14, 2012 3:11 am

Mostly, Windows 2000 users are finding that the operating system throws this error when a user tries to run some of the EXE files that created with the tools for newer operating systems.

Does anyone know of a way to prevent Windows 2000 from attempting this EXE checking in the first place? Specifically, does anyone know a way to disable the PE header validation related to the Major Subsystem and Minor Subsystem values?


I know that you can use PE Tools to change the target EXE file so that Windows 2000 won't think the EXE is invalid, but I have a case where that isn't a viable solution.
HostileExpanse
 
Posts: 4
Joined: Thu Jun 14, 2012 2:48 am

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by OldBoy2k » Thu Jun 14, 2012 1:53 pm

Hello HostileExpanse,

welcome to Win2kgaming forum and thank you for your question. I've thought of implementing a PE Header solution in the next wrapper update together with some important new game APIs (also a implemented Vista API to extend the fake version lie which is already working in 1.10beta) and have plenty of information about the PE Header but the aim is to find a way without patching the OS system files or the executable and that is not so easy. It's on the feature list.

BR
OldBoy
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by HostileExpanse » Thu Jun 14, 2012 5:48 pm

Thanks OldBoy! (And belated thanks for bringing this site back)

I'd actually be pretty OK with patching any necessary Windows 2000 system files.


My situation is this:
I'm trying to run Star Trek Online, but I have to modify Star Trek EXE, to change the MinorSubSystem field of the PE Header. It begins to run after the modification, but then it wants to download an update. The update is the same filesize. After I modify the header of the new update, I run it and this new EXE still wants to download an update.

What I think is happening is that the EXE file checks itself (maybe calculates its own hash), and because I've modified the file, it doesn't match what it expects and then continually thinks it is out-of-date.

I would either need to hack the Star Trek executable so that it stops checking whether it needs an update, or disable Windows 2000 from checking the Subsytem fields in the PE header so that I could run the executable without getting the "Not a valid Win32 application" error.
HostileExpanse
 
Posts: 4
Joined: Thu Jun 14, 2012 2:48 am

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by OldBoy2k » Thu Jun 14, 2012 6:42 pm

This PE Header issue bugs me as much as it bugs you. The PE Header check is part of the PE Loader routine and the loader thinks its a invalid file format. The internal Kernel calls NtQuerySection,LdrQueryImageFileExecutionOptions are the key parts here but thats about all what i found out. On Windows XP the execution is also handled by .net CLR and that why this problem only occurs on Win9x and Win2k. Last time i spoke to BlackWingCat about it he mentioned, that his extended Kernel can manage the PE Header version but this requires a KDW system transformation.

Here's explained how to solve some installer problems: PE Tools

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by HostileExpanse » Sun Jun 17, 2012 4:53 pm

You're saying that the KDW developer claims to have removed the PE Loader verifications? How would I perform a KDW system transformation?


I've seen his wrappers. Not sure if I have seen anything on the extended KDW stuff.
HostileExpanse
 
Posts: 4
Joined: Thu Jun 14, 2012 2:48 am

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by BlackWingCat » Sun Jun 17, 2012 11:45 pm

KDW's wrapper doesn't have the mechanism for skip PE Loader version verifier.
So I took tools which it can change PE Header.
But There is some case , Application blocks when it detects self changeing.

So I took extended kernel which can skip it.
You can find more information following site.

http://blog.livedoor.jp/blackwingcat/ar ... 99806.html
http://www.msfn.org/board/topic/149233- ... r-win2000/

HostileExpanse wrote:You're saying that the KDW developer claims to have removed the PE Loader verifications? How would I perform a KDW system transformation?


I've seen his wrappers. Not sure if I have seen anything on the extended KDW stuff.
BlackWingCat
 
Posts: 75
Joined: Sat Mar 07, 2009 7:20 am
Location: Kanagawa, Japan

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by HostileExpanse » Mon Jun 18, 2012 6:39 am

Thanks BlackWingCat!


Do you know if there is any modified (Win2000) kernel32.dll that has only the one change to skip the PE Loader version verifier?
HostileExpanse
 
Posts: 4
Joined: Thu Jun 14, 2012 2:48 am

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by charlieb000 » Mon Feb 11, 2013 4:05 am

I Do. Heres how to get rid of the 'not a valid win32 application' error:

because of all the different KERNEL32.DLLs out there i will just tell how i found it and you can incorperate it into your fixes. Im almost fed up with these update packs not doing a good job on new installs so i am not going to endorse any K DLL.

test scenario:
Run ollydbg, and debug a second instance of ollydbg
use PE tools to change the SubSystem of a copy of notepad.
ollydbg#2 will fail to load this.

(if you have a better way of using olly, dont follow my instructions because im a newbie!)
from amoung the [E]xecutable modules window, select Kernel32.dll
the address numbers that follow are used during the running of the debugged program. Please note if you are using a modded file, the address may be different, search for text instead.
scroll to here and fill these lines with NOPs: (pasted)
Code: Select all
7C595D9E     \0FB785 B4FEFF MOVZX EAX,WORD PTR SS:[EBP-14C]
7C595DA5      50            PUSH EAX
7C595DA6      0FB785 B6FEFF MOVZX EAX,WORD PTR SS:[EBP-14A]
7C595DAD      50            PUSH EAX
7C595DAE      E8 D4EBFFFF   CALL 7C594987
7C595DB3      85C0          TEST EAX,EAX
7C595DB5      75 0A         JNE SHORT 7C595DC1
7C595DB7      68 C1000000   PUSH 0C1
7C595DBC      E9 E7030000   JMP 7C5961A8

now, notepad will work and run (olly begins to execute the code when you load it).

binary copy of same area
Code: Select all
0F B7 85 B4 FE FF FF 50 0F B7 85 B6 FE FF FF 50
E8 D4 EB FF FF 85 C0 75 0A 68 C1 00 00 00 E9 E7
03 00 00


while selected, choose edit/'copy to executable' and these are selected and filled with NOPs in the DLL file:
Code: Select all
0002539E   \0FB785 B4FEFFFF MOVZX EAX,WORD PTR SS:[EBP-14C]
000253A5    50              PUSH EAX
000253A6    0FB785 B6FEFFFF MOVZX EAX,WORD PTR SS:[EBP-14A]
000253AD    50              PUSH EAX
000253AE    E8 D4EBFFFF     CALL 00023F87
000253B3    85C0            TEST EAX,EAX
000253B5    75 0A           JNE SHORT 000253C1
000253B7    68 C1000000     PUSH 0C1
000253BC    E9 E7030000     JMP 000257A8

save as a file on the desktop then use a liveCD to pop it in (eg SUSE 21.1, but make sure there are no cAse difFeREncEs in the file name).
now this notepad works without olly.

for any other future issues running programs, olly uses this to launch the program, so you can fast track to that.
Code: Select all
00444101  |.  E8 80930900   CALL <JMP.&KERNEL32.CreateProcessW>                         ; \KERNEL32.CreateProcessW


you may have noticed that i dont just edit one line to crack it, if my edit makes things redundant, i remove those too, but i dont know enough to know if the data in this case is being stored for other programs to use and look at, if that is the case i would just remove from CALL to JMP. although i use my 2k machine rarely due to all the problems (though my fix would now help a long way though), there has been no issues with programs running without that code there.


But, happy gaming.
Charlie.
charlieb000
 
Posts: 11
Joined: Sun Nov 21, 2010 2:05 am

Re: Force OS to skip the "Not a Valid Win32 Application" che

PostPosted by OldBoy2k » Mon Feb 18, 2013 3:19 pm

Hello Charlie,

thankyou for this important information. Hopefully OldCigarette will somehow soon have some time so that we can release the new Wrapper update and include a wrapper solution to handle the annoying PE Header checks. Your information will help to get this done. Thanks!

Please also take a look on my post related the HookProcessCreation tool. This works very nice with PE Header installation problems: Info: Error 193: %1 is not a valid Win32 application

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm


Return to Backporting Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron