TCP-Z, Best TCP/IP Patch

How to make a tcpip.sys patch without press F8
Wednesday, January 14, 2009

A friend of mine asked me, how to make a Vista tcpip.sys File Patch not needing press F8 key.
This is not difficult, just sign tcpip.sys with a test signature.

More information about tcpip.sys File Patch, you can visit: TCP/IP Patcher Compare Technical Features.
http://deepxw.blogspot.com/2008/12/on-internet-there-are-all-kinds-of-tcp.html

Here is detail of patch tcpip.sys with test signature, perhaps these will help you.

1) All operation needs "Run as Administrator".

2) Set testsigning to on:
Bcdedit -set TESTSIGNING ON
All tcpip.sys File Patch must do this; otherwise, BSOD will occur after tcpip.sys has been modified.
After Testsigning on, "Test Mode" will dispaly in the 4 corners of desktop.
You can get rid of it through modify "user32.dll.mui". The string ID is 738 & 723.

3) Reboot, check if testsigning is on correctly. (This step is optional.)
You can check it by bcdedit, or check it in the registry.

4) Modify half open connection limited value in file "tcpip.sys".
First, make a temporary copy of tcpip.sys for modify.
You can disassemble tcpip.sys and get the limited offset.
In tcpip.sys, asm code like this:
NT5: mov _ActiveOpenProgressThreshold, 0Ah
NT6: cmp edx, 0Ah

NT5, you can set new value up to 0xFFFFFFFF.
NT6, new value is up to 0xFF! Only 1 byte available for use!

If you are a lazy guy, you can get these offset by the TCP-Z tool. In "patch" tab, you can get the limited offset.
Default, TCP-Z does not show the file offset.But you can run tcpz.exe with argument: tcpz.exe -showoffset.

5) Re-Checksum tcpip.sys.
You can use setcsum.exe.
Or do it in your program by API CheckSumMappedFile().

6) Create a test certificate by the makecert.exe tool.
Makecert -r -pe -ss PrivateCertStore -n "CN=TcpipCert" tcpipcert.cer

7) Sign tcpip.sys with the signtool.exe.
signtool sign /a /s PrivateCertStore /n "TcpipCert" tcpip.sys

You can verify the signature of tcpip.sys:
signtool verify tcpip.sys

Because our signature is not a valid signature, so signtool will report "File not valid".
If returns "A certificate chain processed", it means the Test Signature is OK.

8) Now copy the temporary tcpip.sys to driver folder, overwrite the original tcpip.sys.
Before copy, takeown and icacls tcpip.sys is required.

9) All done, restart your computer to take effect!

Posted by deepxw at 18:00   |    

Labels: Patcher

62 comments:

Anonymous said... January 14, 2009 at 11:55 PM  

Regarding Windows 7 (x86), if anyone has successfully managed to replace the default tcpip.sys, please post. I tried it last week, replacing not only the one in the Drivers directory, but also the two in the Winsxs directories, but upon booting Win7, the new Startup Repair *always* ran, told me there was a problem, and replaced the file (somehow) with the original one.

The thing is very smart, and it defeated me. So while I didn't have a problem doing this with Vista, Win7 is much more difficult.

deepxw said... January 15, 2009 at 11:49 PM  

I tried, it is no problem.
look:
win7_x86_7000_mod_tcpip.sys.png

Main point:
Sign tcpip.sys with a test signature;
Set testsigning on with bcedit.

Anonymous said... January 17, 2009 at 4:06 PM  

Signing wouldn't matter for this problem, since the file was different than the original and would always be, and that's all that Win7 needs to know to want to replace it.

Did your Win7 installation have the hidden 200MB recovery partition? Mine did, and I now know that it's what does repairs like this. If there's any way to tell it to ignore a certain file for good, I don't know what it is (this is not to be confused with disabling driver signing checking, which is unrelated). It may be impossible for all I know.

Since Vista never had a recovery partition (it was a manual process via DVD), this wasn't a problem there.

I expect your system does not have this partition. You only get it on certain kinds of clean installs.

deepxw said... January 17, 2009 at 8:47 PM  

My Win7 is on a virtual machine. It also have a hidden 200MB recovery partition.
After I replace tcpip.sys, the system does not prompt the repair window at boot time.
All seem to have no problem.

I record a video, and upload to here:
http://www.rayfile.com/files/384892f3-e493-11dd-9f9e-0014221b798a/

Anonymous said... January 18, 2009 at 4:53 AM  

Wow, that's really interesting. I wonder what the other variable is then, since the crazy thing was very persistent here. I imagine it might actually be useful in most normal cases where a system has an actual corrupt file(s), but not in this case. I'll try it on another system once I get it going.

Do you bother to replace the two files in Winsxs too? I did, but maybe I shouldn't have.

On an unrelated note, I didn't know VMWare had a recording function. That's great, and it's tempting to switch to it now.

deepxw said... January 18, 2009 at 11:45 AM  

I just replace one file in \drivers.
You can try to restore the two files in winsxs.

Yes, VMWare has recording function.
Recording in windows, video quality is good.
But recording at boot time, video quality is bad.

Anonymous said... January 21, 2009 at 8:18 AM  

Hi Deepxw

Thanks for all your suggestions - replacing the tcpipsys will be really good! But I don't quite get your instructions - I'm new to W7 and wondered if you can elaborate a little more in how to do it - or create another video exactly with step-by-step instructions - your video you have already uploaded is excellent!

Thanks in advance...

deepxw said... January 21, 2009 at 10:37 AM  

Thans your suggestion!

I have to create a tcpip.sys File Patch, it will be avalibled at some time later.

Anonymous said... January 21, 2009 at 5:11 PM  

Fantastic! My P2P progs aren't working properly so I can't see the football!!

Cheers!

Anonymous said... August 29, 2009 at 9:54 AM  

Hello can u make it clearer so i can understand clearly. sorry for my bad english.

Copper cables Pakistan said... November 2, 2011 at 8:22 PM  

"I have been reading your posts regularly. I need to say that you are doing a fantastic job. Please keep up the great work."

pepa prase igre said... November 26, 2011 at 8:26 PM  

I'm so excited. I really appreciate sharing this great post. Keep up your excellent work.
bojanke
bojanke za printanje
gledanje u solju

Knjigovodstvena agencija Beograd said... January 8, 2012 at 9:20 PM  

This is great, I will bookmark this site.

Anonymous said... January 11, 2012 at 6:22 AM  

Perfect website, well done!
Ekologija
recepti
advokatska kancelarija

bgsteel said... January 16, 2012 at 2:51 AM  

Cool article, I really like to read useful things.
Knjigovodstvena agencija

Generic Plavix said... January 19, 2012 at 7:26 PM  

it's the same style as one of my sites actually but yours is a bit refreshing looking.

Anonymous said... February 15, 2012 at 5:10 AM  

Good written, well done.

Plasticne kese
Ekologija
Celik
Knjigovodstvo
Celici

Anonymous said... April 10, 2012 at 9:14 PM  

biografija žarko lauševic
types of lenses

leddiode said... June 9, 2012 at 10:31 PM  

I saw this really great post today….

Agen Ibcbet said... August 10, 2012 at 12:01 PM  

nice blog...friends..

Liga Inggris said... December 20, 2014 at 12:34 PM  

Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work

Berita Liga Spanyol said... February 3, 2015 at 10:32 AM  

I really admire the important ideas that you offer in the content. I am looking forward for more important thoughts and more blogs.

High School Diploma Program said... April 22, 2015 at 2:17 PM  

Really well created post i have got here.

Bella Tran said... August 29, 2015 at 12:00 PM  

This article is really fantastic and thanks for sharing the valuable post.
----
juegos de kizi | juegoskizi | jogos friv | jogos do friv | clickjogos | juegos de pou | juegos de terror | jogos online | unblockedgames

Unknown said... May 23, 2016 at 12:29 PM  

Harga paket wisata bromo midnight dari kota malang atau surabaya sangatlah murah, yaitu bertarif 300.000/pax dan minimal jumlah rombongan 6 orang. Wisata bromo ini berkunjung ke 4 titik objek wisata yaitu kawah, sunrise, pasir dan bukit savana. Detail harga murah paket wisata bromo midnight dari malang atau surabaya lihat info lengkap.

Salah satu kebutuhan wisatawan malang adalah alat transportasi yang bisa mengantarkan ke berbagai objek wisata di kota malang batu. Para wisatawan bisa menggunakan jasa rental mobil wisata malang yang murah dan tentunya dengan pelayanan yang ramah dan professional. Harga rental mobil wisata di kota malang batu lihat blog ini.

Butuh transportasi jemputan ke bandara juanda surabaya? Kami dari sewa mobil surabaya melayani antar jemput bandara juanda dan juga bisa keliling kota surabaya untuk berbagai keperluan. Sewa mobil di tempat kami sudah beserta sopir yang paham seluk-beluk sudut seluruh kota surabaya dan sekitarnya. Penawaran harga murah dari kami akan sangat bersahabat dengan kantong anda. Tarif sewa mobil di surabaya baca link blog.

Jika butuh sewa mobil harga murah di jogja maka silahkan hubungi kantor sewa mobil jogja kami. Nomor telepon kantor rent car jogja kami sudah jelas tertera di website kami. Kami akan membalas pertanyaan anda dengan ramah dan fast respon. Pelayanan sewa mobil yogyakarta di tempat kami sangat professional dan murah, tapi tidak murahan. Baca detail info sewa mobil jogja di tempat kami link blog ini.

Daftar harga sewa mobil di bali, khususnya di kota denpasar antara perusahaan yang satu dengan yang lainnya sangatlah bersaing dab murah. Bahkan ada yang nenawarkan harga sewa mobil bali jenis avanza 350.000 rupiah saja. Itu bisa dipakai seharian (fullday) dan sudah include mobil, sopir, bbm, tapi tidak termasuk parkir dan makan sopir. Selengkapnya daftar harga sewa mobil bali dengan pilihan mobil terbaik baca website kami.

Unknown said... June 25, 2016 at 5:41 PM  

گن لاغري کاسمارا اصل

گن لاغري کاسمارا

گن لاغري مردانه

خريد گن لاغري مردانه

گن زنانه

خريد گن لاغري

خريد گن لاغري زنانه کاسمارا

آموزش خياطي خانم عمراني

آموزش خياطي

خياطي خانم عمراني

خياطي سيما عمراني

آموزش آرايشگري

آموزش آشپزي

آموزش بافت مو

آموزش زبان انگليسي

آموزش ژيمناستيک

آموزش ميوه آرايي

آموزش سفره آرايي

آموزش شنا

آموزش فوتبال

آموزش فوتسال

آموزش کشتي

چاي سبز لاغري

چاي سبز

دستگاه بافت مو

عينک آفتابي

خريد عينک آفتابي

خريد اينترنتي عينک آفتابي

عينک آفتابي پليس

عينک پليس

خريد عينک پليس

عينک آفتابي پورشه

عطر 212

عطر مردانه

shakila said... March 13, 2017 at 10:47 PM  

Obat Penggemuk Badan

Obat Pemerah Bibir

Obat Pemutih Badan

Cream Pembesar Payudara

Obat Pembesar Payudara


گيفت ويزا کارت

گيفت آيتونز

لوازم آشپزخانه

تجهيزات آشپزخانه صنعتي

Anonymous said... April 18, 2017 at 5:15 AM  

Thanks very practical. Will certainly share site with my buddies http://allgomedic.com/generic-levitra-online-20mg-10mg.html

دوربین مدار بسته said... July 19, 2017 at 1:07 PM  

thank you so much great job

دوربین مدار بسته
طراحی سایت
درج آگهی رایگان

Unknown said... September 7, 2018 at 3:06 PM  

Shared this Obat benjolan keloid more Obat jari tangan yang kaku enough Obat luka dekubitus just Obat badan lemas dan lesu karena maag silva Obat untuk mempercepat datangnya haid messi Obat penyempitan saluran kencing CR7 Obat hidrokel rakitic Obat gondok beracun kane Obat penghilang koreng di kulit kepala sterling Obat herpes zoster Thank you so much... hehehe

Indi Host said... November 10, 2018 at 3:15 PM  

An impressive share, I just given this onto a colleague who was doing a little analysis on this. And he in fact bought me breakfast because I found it for him.. smile. So let me reword that: Thnx for the treat! But yeah Thnkx for spending the time to discuss this, I feel strongly about it and love reading more on this topic. If possible, as you become expertise, would you mind updating your blog with more details? It is highly helpful for me. Big thumb up for this blog post!

Click Here
Docker.com

needs you deserve said... December 13, 2018 at 12:14 AM  

شركة رش مبيدات بتبوك
شركة رش مبيدات بحائل
شركة رش مبيدات بنجران

Salsabila said... February 27, 2019 at 9:28 PM  

Great Article! SudutZ.com

Robert Howard said... June 11, 2019 at 12:18 PM  

I’m impressed, I must say. Really rarely do I encounter a blog that’s both educative and entertaining, and let me tell you, you have hit the nail on the head. Your idea is outstanding; the issue is something that not enough people are speaking intelligently about. I am very happy that I stumbled across this in my search for something relating to this.

Click Here
Crowdrise.com

annaphamctp123 said... August 23, 2019 at 10:08 AM  

I loved the way you discuss the topic great work thanks for the share Your informative post.
drawing games

alicetaylor said... March 7, 2020 at 8:00 PM  

do not need to restart the computer. Universal Tcpip.sys Patch is a File Patch. It direct modifies the file tcpip.sys on hard disk. It is a patch without press F8 key.

download

alicetaylor said... June 5, 2020 at 6:51 PM  

sys Patch is an alternative to EvID4226Patch. They do the same thing which is intelligently patching the TCPIP.SYS file to increase the number of half open ...

URL

Gladys Stephanie said... June 14, 2020 at 5:27 PM  

This comment has been removed by the author.

arianapham said... July 7, 2020 at 4:03 PM  

I really wanted to send a small word to say thanks to you for the fantastic points you are writing on this site

Lillian J. Turner said... July 16, 2020 at 6:07 AM  

MyBlogger Club

Guest Posting Site

Best Guest Blogging Site

Guest Blogger

Guest Blogging Site

Sajjad Ahmed said... July 16, 2020 at 5:31 PM  

Nice Blog. Thanks for sharing.

Best MBA College in Dehradun

How Online Education is helpful for B.Tech Students?

How do I prepare for college placement session?

bandarq228 said... August 5, 2020 at 11:14 AM  

kami hadirkan kepada anda situs dominoqq yang terbaik dan terbesar saat ini yang terbukti membayar dan dapat menghasilkan banyak uang hanya di http://180.215.13.115

pkv games said... August 22, 2020 at 4:32 PM  

mainkan judi slot online hanya disini https://www.jackpot168slot.com

Darren Demers said... September 12, 2020 at 2:22 PM  

If you are a lazy guy, you can get these offset by the TCP-Z tool. In "patch" tab, you can get the limited offset. new bed sheet , double bed comforter , gul ahmed comforter price , fancy bed sheets designs , duvet sets

Darren Demers said... November 10, 2020 at 2:42 PM  

Kami juga memiliki artikel yang menarik untuk kalian baca silahkan klik link dibawah ini untuk masuk ke artikel kami: asian clothes uk ready made , asian attire uk , asian dresses online uk , asian ready made suits uk , kurta pyjama uk , pakistani readymade suits uk , buy salwar kameez online usa , white chikankari anarkali suit , baby pink chikankari kurta , chikankari gota patti suits , cotton chikankari kurti

He Luo luo said... August 14, 2021 at 12:09 PM  

Supreme merupakan merek dagang pakaian skateboard yang sukses asal Amerika Serikat dengan berbagai kolaborasi mulai dari sepatu dan lainnya. https://supremeindonesia.web.id/ Produk rilisannya tidak hanya berbasis fashion saja, melainkan juga produk-produk non-fashion.

Juliany said... August 18, 2021 at 6:30 AM  

Agen Judi Casino Up-to-date Terpercaya dengan Tambahan Bervariasi dengan Sangat Komplit – Pemilihan bandar judi https://genehughescasinos.com bisa terlampau melelahkan untuk para yang sebetulnya belum paham dari mana sepatutnya validasi pencarian dilakukan.

casinosite777info.JDS said... May 28, 2022 at 5:34 PM  

I like your site and content. thanks for sharing the information keep updating, looking forward for more posts. 바카라사이트

casinositezone.JDS said... May 28, 2022 at 5:35 PM  

Simply desire to say your article is as amazing. The clarity on your post is just excellent and that i hink you’re knowledgeable in this subject. 바카라사이트

casinositeguidecom.JDS said... May 28, 2022 at 5:37 PM  

Really satisfied with all the information I have found in this article. It gives immense knowledge on physical education, it is very helpful and quite generous to spread a good message. 온라인카지노

casinositeguidecom.JDS said... May 28, 2022 at 5:38 PM  

Everything is very open with a really clear explanation of the challenges. It was definitely informative. Your site is useful. Thank you for sharing. Feel free to visit my website; 바카라사이트

Peluang Bisnis Gacor said... December 22, 2022 at 10:59 PM  

bandar casino

168galaxy said... May 9, 2023 at 11:43 PM  

168galaxy เว็บไซต์รวม สล็อต ทุกค่าย ฝาก ถอน ไม่มีอย่างต่ำเป็นเว็บไซต์ที่ให้บริการเกมค่าย pg slot เว็บไซต์ตรง แล้วก็เป็นแหล่งรวมค่าย สล็อตใหญ่ที่สุดในประเทศ และมาแรงที่สุด

pg slot said... May 9, 2023 at 11:44 PM  

allingame2 เป็นเกมส์ที่มีความน่าสนใจและเป็นที่นิยมของผู้เล่นในปัจจุบัน สมัครได้โดยเกมส์นี้ถูกพัฒนาโดยทีมผู้เชี่ยวชาญด้านการออกแบบเกมส์ PG SLOT

섯다 said... July 9, 2023 at 12:18 AM  

Everything is very open with a really clear explanation of the challenges.

토토 said... July 9, 2023 at 12:19 AM  

Many thanks for sharing!

한국야동 said... July 9, 2023 at 12:19 AM  

This is incredibly charming substance! I have taken a lot of joy.

카지노사이트존 said... July 9, 2023 at 12:20 AM  

Many thanks for the efforts you have put into writing this site.

토토사이트 said... July 9, 2023 at 12:21 AM  

I AM REALLY LOOKING FORWARD TO READ MORE ABOUT THIS.

casinositerank said... July 21, 2023 at 11:40 AM  

This is really helpful post and very informative there is no doubt about it.

totosafesite said... July 21, 2023 at 11:40 AM  

Everyone an extremely breathtaking chance to read from this blog.

gwolf said... July 21, 2023 at 11:41 AM  

Nice post. I learn something totally new and challenging on blogs I stumbleupon everyday.

Post a Comment