# Build a Bootable Windows XP disk with SP3 and all critical post-SP3 hotfixes slipstreamed in
# Copyright (c) 2003-2008, Ross Smith. All rights reserved.
# ChangeLog:
# Added jun-sep releases
# $Id$
# requires the Cygwin commands:
#
# basename bash chmod cp cut cygpath echo grep ls make md5sum mkdir mv perl pwd rm test touch tr unzip wget which
#
# To have these commands, you will need to install the following optional packages:
#
# make
# perl
# unzip
# wget
#
# optional:
# mkisofs/cdrecord
# Inspiration:
# http://www.windows-help.net/WindowsXP/winxp-sp1-bootcd.html
# See also:
# http://www.theeldergeek.com/slipstream_01.htm
# Windows drive letter for CD drive containing original Windows XP disk
CD ?=D:
# cdrecord device for the CD-R drive to burn the new disk (run 'cdrecord -scanbus' to discover)
CD_DEV ?=1,0,0
# Additional cdrecord options
CDRECORD_OPTS ?=
# Set to Y to wait until you press Enter before burning CD (CD and CD_DEV above refer to the same drive)
PAUSE ?=Y
BBIE_VER?=10
PEBUILDER_VER?=3110a
BBIE_ZIP=bbie$(BBIE_VER).zip
PEBUILDER_ZIP=pebuilder$(PEBUILDER_VER).zip
NU2_MIRRORS=http://69.90.47.6/mybootdisks.com/mybootdisks_com/nu2 \
http://www.hamnerconsulting.com/nu2/mirrorfiles \
http://securitywonks.net/n2u/mirrorfiles \
http://securitywonks.org/n2u/mirrorfiles \
http://nu2.zone-x.com/mirrorfiles \
http://www.web-techs.net/bart \
http://sharkden.com/bart \
http://www.mirror.ac.uk/mirror/ftp.nu2.nu \
ftp://dl.xs4all.nl/pub/mirror/nu2files \
http://ftp.rz.tu-bs.de/pub/mirror/www.nu2.nu/nu2files \
http://downloads.planetmirror.com/pub/nu2files \
ftp://dlsrv3.winboard.org/nu2 \
http://217.160.177.182/nu2files \
http://bartpe.surfnow.nl \
http://gd.tuwien.ac.at/pc/nu2files \
http://nu2.abwehr.net \
http://nu2.gipsvagga.com \
http://nu2.phpwiz.dk \
http://nu2files.osterberg.org \
http://nu2mirror.frashii.com \
http://www.nu2.mostlycreativeworkshop.com/files
DD_MMM_YY=$(shell date +%d-%b-%y)
# http://www.microsoft.com/security/default.mspx
SERVICE_PACK_URL=http://download.microsoft.com/download/d/3/0/d30e32d8-418a-469d-b600-f32ce3edf42d/WindowsXP-KB936929-SP3-x86-ENU.exe
SERVICE_PACK_EXE=$(shell basename $(SERVICE_PACK_URL))
# http://support.microsoft.com/kb/873339: MS04-043: Vulnerability in HyperTerminal could allow code execution
KB873339_URL?=http://download.microsoft.com/download/8/3/e/83e7e311-f8ea-4e59-9b50-64dbfdcb0f1f/WindowsXP-KB873339-x86-ENU.exe
KB873339_EXE?=$(shell basename $(KB873339_URL))
# jun 08:
# MS08-030 – Critical
# Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
KB951376_URL?=http://download.microsoft.com/download/a/6/5/a65308a2-7ede-4219-981a-20feb38bfd0e/WindowsXP-KB951376-v2-x86-ENU.exe
KB951376_EXE?=$(shell basename $(KB951376_URL))
# MS08-031 - Critical
# Cumulative Security Update for Internet Explorer (950759)
# replaced by MS08-45
# call :download http://download.microsoft.com/download/2/2/5/2255ad65-47ba-44f1-9e88-feba8f019c55/WindowsXP-KB950759-x86-ENU.exe
# MS08-032 - Moderate
# Cumulative Security Update of ActiveX Kill Bits (950760)
KB950760_URL?=http://download.microsoft.com/download/c/6/e/c6e4b3e0-0af6-4ac8-92f7-5f7e8d471fb2/WindowsXP-KB950760-x86-ENU.exe
KB950760_EXE?=$(shell basename $(KB950760_URL))
# MS08-033 – Critical
# Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
KB951698_URL?=http://download.microsoft.com/download/3/1/5/315c86ba-2910-47f0-9f02-b5616511536d/WindowsXP-KB951698-x86-ENU.exe
KB951698_EXE?=$(shell basename $(KB951698_URL))
# MS08-035 – Important
# Vulnerability in Active Directory Could Allow Denial of Service (953235)
KB949269_URL?=http://download.microsoft.com/download/5/f/a/5fa7006d-023f-496f-9c85-796fb82dfd16/WindowsXP-KB949269-x86-ENU.exe
KB949269_EXE?=$(shell basename $(KB949269_URL))
# MS08-036 – Important
# Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
KB950762_URL?=http://download.microsoft.com/download/1/4/3/1438b520-8200-466d-9daf-4de18bd4dc0f/WindowsXP-KB950762-x86-ENU.exe
KB950762_EXE?=$(shell basename $(KB950762_URL))
# jul 08:
# MS08-037 – Important
# Vulnerabilities in DNS Could Allow Spoofing (953230)
KB951748_URL?=http://download.microsoft.com/download/f/5/f/f5f31962-0215-44e6-be41-02818b4373f3/WindowsXP-KB951748-x86-ENU.exe
KB951748_EXE?=$(shell basename $(KB951748_URL))
# aug 08:
# MS08-045 - Critical
# Cumulative Security Update for Internet Explorer (953838)
KB953838_URL?=http://download.microsoft.com/download/3/9/3/3933471e-a08e-4640-8980-d3d3eb5b3c34/WindowsXP-KB953838-x86-ENU.exe
KB953838_EXE?=$(shell basename $(KB953838_URL))
# MS08-046 – Critical
# Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
KB952954_URL?=http://download.microsoft.com/download/a/1/9/a19c9aff-bd94-4fc1-98ff-db432358f902/WindowsXP-KB952954-x86-ENU.exe
KB952954_EXE?=$(shell basename $(KB952954_URL))
# MS08-048 - Important
# Security Update for Outlook Express and Windows Mail (951066)
KB951066_URL?=http://download.microsoft.com/download/3/a/f/3afd84f3-729c-4f54-9d38-e77c5112ae0d/WindowsXP-KB951066-x86-ENU.exe
KB951066_EXE?=$(shell basename $(KB951066_URL))
# MS08-049 – Important
# Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
KB950974_URL?=http://download.microsoft.com/download/5/d/d/5dd0ab05-b357-4175-bd93-894903f07579/WindowsXP-KB950974-x86-ENU.exe
KB950974_EXE?=$(shell basename $(KB950974_URL))
# MS08-050 – Important
# Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
KB946648_URL?=http://download.microsoft.com/download/4/d/8/4d84fd95-9124-461a-95eb-6b5908b6fe62/WindowsXP-KB946648-x86-ENU.exe
KB946648_EXE?=$(shell basename $(KB946648_URL))
# sep 08:
# MS08-052 - Critical
# Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
KB938464_URL?=http://download.microsoft.com/download/7/8/1/78141dc7-3b1d-42f3-9aa2-4dca79ad739b/WindowsXP-KB938464-x86-ENU.exe
KB938464_EXE?=$(shell basename $(KB938464_URL))
# MS08-053 - Critical
# Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
KB954156_URL?=http://download.microsoft.com/download/2/b/2/2b252ed6-39fe-423d-a74e-d48c85d24c2a/WindowsMedia9-KB954156-x86-ENU.exe
KB954156_EXE?=$(shell basename $(KB954156_URL))
# MS08-054 - Critical
# Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
KB954154_URL?=http://download.microsoft.com/download/b/6/6/b662a844-9aa2-4b80-8713-27a6c0da16d8/WindowsMedia11-KB954154-x86-ENU.exe
KB954154_EXE?=$(shell basename $(KB954154_URL))
KBS=\
946648 \
949269 \
950760 \
950762 \
950974 \
951066 \
951376 \
951698 \
951748 \
938464 \
952954 \
953838 \
954154 \
954156
# doesn't work :(
#define kbexe
#KB$(1)_EXE=$(shell basename $$(KB$(1)_URL))
#endef
#$(foreach kb,$(KBS),$(eval $(call kbexe,$(kb))))
define kbtouch
KB$(1)_TOUCH=$$(KB$(1)_EXE).touch
endef
$(foreach kb,$(KBS),$(eval $(call kbtouch,$(kb))))
define kbsetup
KB_EXES+=$$(KB$(1)_EXE)
endef
$(foreach kb,$(KBS),$(eval $(call kbsetup,$(kb))))
KB_TOUCHES=$(KB_EXES:.exe=.exe.touch)
WGET?=wget -N
CYGPATH_EXE:=$(shell which cygpath)
BUILD_DIR:=$(shell pwd)
BUILD_DIR_WIN:=$(shell $(CYGPATH_EXE) -m -s "$(BUILD_DIR)")
CD_DIR_WIN=$(BUILD_DIR_WIN)/$(CD_DIR)
LOCAL_MAK?=$(shell ls local.mak 2>/dev/null)
ifneq ('$(LOCAL_MAK)', '')
include local.mak
endif
#ifeq ('$(VOLID)', '')
# #Get the volume ID from the CD volume label itself (the CD must be in the drive)
# VOLID=$(shell cmd /c vol $(CD) | grep "Volume in" | cut -b 23-34)
#endif
ifeq ('$(VOLID)', '')
# Volume ID of new disk (11 characters max)
# 12345678901
VOLID=xpsp3
#$(error Please define the VOLID variable: VOLID=A_11CHAR_ID make)
endif
# Label to display after CD is burned
CD_LABEL=Windows XP SP3 + Hotfixes as of $(DD_MMM_YY) ($(VOLID))
CD_DIR=$(VOLID)_cd
I386=$(CD_DIR)/I386
SVCPACK_DIR=$(I386)/svcpack
BOOT_DIR=$(VOLID)_boot_image
BOOT_IMG=image1.bin
VOLID_ISO=$(VOLID).ISO
BOOT_TOUCH=$(BOOT_DIR).touch
PEBUILDER_TOUCH=$(PEBUILDER_ZIP).touch
SERVICE_PACK_TOUCH=$(SERVICE_PACK_EXE).touch
VOLID_ISO_TOUCH=$(VOLID_ISO).touch
VOLID_TOUCH=$(VOLID).touch
.PHONY: all
all: cdrecord
XP2MD5S=
$(VOLID_TOUCH):
@echo Copying $(CD) to $(CD_DIR)...
mkdir -p $(CD_DIR)
xcopy $(CD)\\ $(CD_DIR)\\ /e /r /y
touch $@
define md5sum
if [ -f md5s.txt ] ;\
then \
echo Verifying MD5 checksum for $(1).. ;\
grep -i $(1) md5s.txt | md5sum --check - || exit 1;\
fi
endef
$(SERVICE_PACK_EXE):
@if [ ! -e $(CD_DIR)/I386/sp3.cab ] ;\
then \
echo Downloading $(SERVICE_PACK_URL)... ;\
$(WGET) $(SERVICE_PACK_URL) ;\
$(call md5sum,$(SERVICE_PACK_EXE)) ;\
chmod +rx $@ ;\
fi
$(SERVICE_PACK_TOUCH): $(SERVICE_PACK_EXE)
@# Don't update if the disk already has SP3
@if [ ! -e $(CD_DIR)/I386/sp3.cab ] ;\
then \
echo Integrating $(SERVICE_PACK_EXE) into $(CD_DIR_WIN)... ;\
chmod +rx $< ;\
./$< /quiet /integrate:"$(CD_DIR_WIN)" ;\
fi
touch $@
define kbapply
$(info Preprocessing $(1)...)
$$(KB$(1)_EXE):
@echo Downloading $$(KB$(1)_URL)...
$(WGET) $$(KB$(1)_URL)
@$(call md5sum,$$(KB$(1)_EXE))
@chmod +rx $$(KB$(1)_EXE)
$$(KB$(1)_TOUCH): $$(KB$(1)_EXE) $(SERVICE_PACK_TOUCH)
@chmod +rx $$(KB$(1)_EXE)
-@if [ ! -e $(SVCPACK_DIR)/KB$(1).cat ] ; \
then \
echo Integrating $$(KB$(1)_EXE) into $(CD_DIR_WIN)... ;\
./$$(KB$(1)_EXE) /quiet /integrate:"$(CD_DIR_WIN)" ; \
fi
@#if [ ! -e $(SVCPACK_DIR)/KB$(1).cat ] ; \
@#then \
@# /bin/false ;\
@#fi
@# Note: KB885835 and KB885250 share the same file (mrxsmb.sys), so they can't be applied together.
@# This script solves this issue by ignoring KB885835's version of the file (5.1.2600.2541, xpsp_sp2_gdr.040919-1056, dated 10-27-2004, 448,128 bytes),
@# and using KB885250's version (5.1.2600.2598, xpsp_sp2_gdr.041130-1729, dated 1-18-2005, 451,584 bytes) as it is newer.
@if [ "$(1)" = "885835" ] ; \
then \
perl -pi.bak -e 's/mrxsmb\.sys/;mrxsmb\.sys: replaceed by KB885250/i' $(SVCPACK_DIR)/HFINT.dat ; \
fi
touch $$(KB$(1)_TOUCH)
.PHONY: KB$(1)
KB$(1): $$(KB$(1)_TOUCH)
endef
$(foreach kb,$(KBS),$(eval $(call kbapply,$(kb))))
$(info Preprocessing finished)
#################################
define download
@for url in "$(2)" ; \
do \
echo Downloading $$url/$(1)... ;\
$(WGET) $$url/$(1) && break ;\
done
endef
# from
$(BBIE_ZIP):
$(call download,$@,"$(NU2_MIRRORS)")
bbie.exe: $(BBIE_ZIP)
unzip -o $(BBIE_ZIP) $@
chmod +rx bbie.exe
touch $@
$(BOOT_TOUCH): bbie.exe
mkdir -p $(BOOT_DIR)
bbie.exe $(CD)
mv image*.bin $(BOOT_DIR)
touch $@
# patched mkisofs from pebuilder
$(PEBUILDER_ZIP):
$(call download,$@,"$(NU2_MIRRORS)")
mkisofs.exe: $(PEBUILDER_ZIP)
unzip -o $(PEBUILDER_ZIP) $@
chmod +rx $@
download: ${KB_TOUCHES}
$(VOLID_ISO_TOUCH): \
$(VOLID_TOUCH) \
$(SERVICE_PACK_TOUCH) \
${KB_TOUCHES} \
$(BOOT_TOUCH) \
mkisofs.exe
cd $(CD_DIR) && \
PATH="$$PATH:.." mkisofs.exe \
-iso-level 4 \
-force-uppercase \
-volid "$(VOLID)" \
-A MKISOFS \
-sysid "DOS" \
-b "$(BOOT_IMG)" \
-no-emul-boot \
-boot-load-size 4 \
-hide "$(BOOT_IMG)" \
-hide "boot.catalog" \
-o "../$(VOLID_ISO)" \
"../$(BOOT_DIR)" \
.
touch $@
cdrecord.exe: $(PEBUILDER_ZIP)
unzip -o $(PEBUILDER_ZIP) $@
chmod +rx $@
.PHONY: cdrecord
cdrecord: $(VOLID_ISO_TOUCH) cdrecord.exe
ifneq ('$(PAUSE)', '')
@echo
@echo Insert a blank CD-R/CD-RW/DVD±R/DVD±RW into the following drive
@-PATH="$$PATH:." cdrecord --scanbus | grep "$(CD_DEV)" | cut -b 2-
@echo and press [Enter] to continue
@echo -e \\a
@read dummy
endif
PATH="$$PATH:." cdrecord -dev=$(CD_DEV) -v $(CDRECORD_OPTS) $(VOLID_ISO)
@echo
@echo "Please label this disk '$(CD_LABEL)'"
.PHONY: tidy
tidy:
rm -fr \
$(VOLID_TOUCH) \
$(SERVICE_PACK_TOUCH) \
${KB_TOUCHES} \
$(BOOT_TOUCH) \
$(BOOT_DIR) \
$(CD_DIR) \
$(BBIE_ZIP) \
$(PEBUILDER_ZIP)
.PHONY: clean
clean: tidy
rm -fr \
$(VOLID_ISO_TOUCH) \
$(VOLID_ISO)
.PHONY: realclean
realclean: clean
rm -fr \
bbie.exe \
cdrecord.exe \
mkisofs.exe \
$(SERVICE_PACK_EXE) \
${KB_EXES}
.PHONY: undo
undo:
rm -f *.exe.touch $(SVCPACK_DIR)/*
.PHONY: md5sum md5s
md5sum: md5s.txt
md5s: md5s.txt
md5s.txt: *.exe
md5sum [Ww]indows*.[Ee][Xx][Ee] | sort -k 2 >md5s.txt