some confusion about the `Reverse, then Forward` part in extracting-and-diffing-ms-patches-in-2020

wumb0 / website

pelican website.

0 stars 1 forks source link

some confusion about the `Reverse, then Forward` part in extracting-and-diffing-ms-patches-in-2020 #7

Closed salutdamour closed 2 years ago

salutdamour commented 2 years ago

You find the reverse differentials of ntoskrnl.exe on version 10.0.18362.388. Is it means that you want to recover the windows to original version and then patch it with the 2020.07 or 2020.08 patches? If you could help me, thanks sincerely.

wumb0 commented 2 years ago

You must roll back to the .1 version using the reverse differential for the version you have. Windows stores the forward and reverse differential files in C:\windows\winsxs. Then once you have the .1 version of the file you can apply the forward differential from whatever month you want. In the case of the kernel version 10.0.18362.388 I apply the reverse differential to get 10.0.18362.1 and then apply the forward differentials to get whatever versions I'm after.

Does that clear it up?

salutdamour commented 2 years ago

Yep, I get it. Thank you.