Wrong OS version may be obtained in Compatibility Mode #3864
AlexAdasCca
started this conversation in
General
Replies: 1 comment
-
can you submit a patch for this? The source is available. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
My discovery may not be very important.
When program is running in Compatibility Mode, the function RtlGetVersion(and GetVersionEx) will return incorrect OS version information. The reason is that in Compatibility Mode, Microsoft redirected the implementation of this function using IATHook. The most secure method to obtain version numbers is to use RtlGetNtVersionNumbers. In addition, it is possible to know which running programs are executing in Compatibility Mode through the registry 'HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers'.
It could also be in HKEY_LOCAL_MACHINE.
The function declaration can be obtained here.
But the obtained
NtBuildNumber
needs to be converted, usingNtBuildNumber&=0x0ffff
.Beta Was this translation helpful? Give feedback.
All reactions