Windows Server 2003 (NT 5.2.3790.0) build guide

Additional Info additions list

  • New unexpired test-signing certificates (valid to October 2021 - tools\openssl.txt describes how to generate them)
  • Updated midl.exe/midlc.exe from Win2003 SP1 DDK, fixes olepro32.dll errors
  • Reordered dirs file to ensure that conlibk.lib is built before it gets used
  • parse.cpp/parse.hpp files required to build DirectUI.lib, and the bison.exe/Bison.skl files used to generate them.
  • Pre-compiled parse.obj file, as the parse.cpp/parse.hpp mentioned above has some issues parsing things.. (parse.obj taken from win2003 directuid.lib - causes LNK4206 warnings when using it though, suppressed via changes to sources files)
  • Pre-compiled GdiPlus v1.0.100.0 from RTM ISO, to be included into (x86 only), as the GdiPlus code sadly can’t be built.
  • Updated DUser build scripts, to make sure it gets placed in the proper location & gets built with the right optimization flags.
  • Updated windows\advcore\dirs file to allow DUser/DirectUI to get built during main build
  • Updated 16-bit build tools inside com\ole32\olethunk\ole16\tools, and updated olethunk code so it’ll build fine with them. (updates are only used if OS requires them to build, XP/2003 should be able to build them fine without changes)
  • Disabled, ntbackuponpersonal.cmd, gpmc.cmd, msi.cmd & incbbt.cmd calls from pbuild.dat, as we’re missing required build-files for those (you can grab the results of those scripts from RTM ISO, or from the 2k3-missing-x86fre.7z pack)
  • Updated setupw95.cmd & drivercab.cmd to add a delay between async calls, fixes an issue with filename-collisions. (update only needed under newer OS’s, older OS’s like XP don’t seem to have this issue)
  • Updated razzle.cmd to always set __BUILDMACHINE__ variable, allows build tag built into kernel to match with BuildName.txt (and won’t leak your build OS username into the build-tag any more)
  • Updated razzle.cmd to always set NO_PDB_PATHS=1, the build already uses FixPdbPaths.exe to remove file-paths from PDB, but that method leaves null-characters in place which aren’t in the retail files, may as well enable this since there’s no reason not to.
  • Updated ixsso makefile, to prevent MIDL2346 warning from breaking the build (warning seems locale related, for some reason BUILD_ALLOW_MIDL_WARNINGS only worked when defined inside makefile, pretty strange)
  • Reordered windows\appcompat\dirs file to help with single-core builds (from idkwhy’s OpenXP git repo)
  • Updated msitoddf.cpp, now closes the MSI package handle when finished (prevents stalling postbuild on Win10), and added fix for 64-bit build OS (redirects SysWOW64 to System32)
  • Updated mshtml.ref reference file - used to compare mshtml output against known-good one? last updated in 1999(!), without updating it seems to randomly cause build error in certain conditions (I’m not sure why we never had problems with this until we tried 64-bit stuff though…)
  • [x64] Added 32-bit mapsym.exe & rc.bat MSDOS-Player wrapper to printscan\faxsrv\print\faxprint\faxdrv\win9x\sdk\binw16 dir, since some anons seemed to get errors from this folder.
  • [x64] Replaced masm.exe/mkpublic.exe with 32-bit versions (taken from Sizzle), as some anons had issues with MS-DOS Player reporting a bad DOS version, breaking those two tools as they require DOS 2.0+
  • [x64] Replaced MS-DOS Player for some 16-bit tools with recompiled amd64 versions, provided by an anon in the threads (many thanks!), source available inside _x64\tools\tools16\
  • Added missing public\internal\windows\lib\amd64\usp10p.lib library needed for amd64 build, taken from XPSP1 tree.
  • Added parse.obj to windows\advcore\duser\directui\engine\parser\obj\amd64 & objd folder, extracted from amd64 directui.lib file.
  • Added msgina_sp1.def & userenv_sp1.def from the winlogon200X pack, these will make amd64 builds of msgina/userenv use the SP1 export ordinal numbers, improving compatibility with SP1 winlogon & possibly other SP1 files.
  • Added exinit.c & systime.c from anon’s decompilations, along with original exp.h (to overwrite older modified exp.h from earlier prepatched zip)
  • Added pre-generated inetsrv\iis\svcs\cmp\webdav\davcprox\fhcache_p.c file, includes defs for both x86/x64, should help with issues switching between x86/x64 builds.
  • Added link.bat/link16.bat wrappers for link.exe/link16.exe, which randomize TEMP env var and give it 5 retries before failing.
  • Updated rc16 call inside net\tapi\thunk\, changed WINNT=1 define to WINNT to fix an error under some NTVDM versions.
  • razzle64.cmd which can take care of converting 16-bit tools to 32-bit (via MS-DOS Player), and setting required environment variables before launching razzle.
  • prebuild.cmd that can handle installing driver.pfx keys, fixing file attributes, removing updated files if OS doesn’t require them, and copying GdiPlus SxS policies.
  • missing.cmd that can copy files we don’t have source for from a mounted ISO.
  • oscdimg.cmd to generate an ISO image from a finished post-build.

x64 build OS support v9 adds support for using x64 build OS’s such as Win10 x64, this is done by wrapping certain 16-bit tools using MS-DOS Player, using .bat files to redirect calls to use the player, changing some makefiles to use 32-bit equivalents, etc.

Unfortunately some of the wrapped 16-bit tools can still randomly error without rhyme or reason for it, as a workaround the .bat files of the worst offenders will give it 5 attempts before failing, hopefully this should be enough to allow builds to complete fine, but there’s still a chance one of the other 16-bit tools could error too… maybe in future I’ll apply this 5-attempts bandaid over all the 16-bit tools.

Huge thanks to the anon who initially worked on fixing the 16-bit tools!

amd64 build support

As of update v10 an amd64 build can be created by initialising razzle with the win64 amd64 options, the build should mostly complete without errors, but note that postbuild+ hasn’t been updated at all to work properly with amd64 yet.

Unfortunately as the leak didn’t come with exinit.obj/systime.obj for amd64 these need to be built from anon’s decompilations instead. v10a adds newer exinit.c/systime.c decompilations that are apparently an exact match to the x86 .obj files included in the leak, hopefully these should work well with other architectures too.

Some anons have been slowly working on amd64, being able to get past text-mode setup and start booting GUI-mode setup, though sadly as of this release nobody has been able to actually get GUI mode to fully start up.

Note that this source code is from around ~2 years before amd64 was officially released by MS as Server2003 SP1, so there’s likely a lot missing. (WRK may have some newer kernel-mode parts, being both based on SP1 and including support for amd64, though note that WRK also has many things removed too…)

However there’s also many indications in the leak that MS did have amd64 running at this point, so it should eventually be possible for us to get it working too.


  • Time can be adjusted by editing DAYS variable inside \tools\postbuildscripts\timebomb.cmd (line 44)
  • Setting DAYS to 0 will disable the timebomb.
  • Only certain DAYS parameters are valid (0, 5, 15, 30, 60, 90, 120, 150, 180, 240, 360, 444)

Different build options

You can modify your razzle shortcut (or execute it manually inside your source folder) to include (or remove) additional argument(s):

  • free - build ‘free’ bits (production, omitting it will generated checked bits)
  • chkkernel - build ‘checked’ (testing) kernel/hal/ntdll when building ‘free’ bits
  • no_opts - disable binary optimization (useful for debugging, but will most likely fail a full build, some code can’t be built without optimization)
  • verbose - enable verbose output of the build process
  • binaries_dir <basepath> - specifies custom output directory (default is binaries, the suffix added after . is non-customizable)
  • officialbuild - sets razzle to build this as an “official” build, requires updating BuildMachines.txt, see the section below
  • win64 amd64 - builds for amd64 instead of x86, see amd64 build support section above.

Other options are not described here, see razzle.cmd /? for details.

‘OfficialBuild’ parameter / BuildMachines.txt

The OfficialBuild razzle parameter changes a few things in the build, which will make it match up closer to the retail builds, should be useful if you need to compare against retail for any reason.

For a list of things affected by the OfficialBuild parameter see &, thanks to the anon that compiled them! (note that these aren’t complete lists, and not all things mentioned here are guaranteed to take effect).

However, using this parameter requires a file to be updated with info about your build machine first!

An easy way to update the file required is to run the following command inside a razzle window, at the root of the source tree:

echo %COMPUTERNAME%,primary,%_BuildBranch%,%_BuildArch%,%_BuildType%,ntblus >> tools\BuildMachines.txt

After that you can run tools\verifybuildmachine.cmd to make sure it was setup correctly, if there’s any problem an error message will show, otherwise the command will return without any message.

With that in place you should now be able to use the OfficialBuild parameter next time you init razzle, eg. tools\razzle.cmd free offline officialbuild

Some small notes to be aware of:

  • if you change build arch or build type (eg. to amd64, or to a checked build) you’ll need to run the echo command again to add your machine for that build arch/type combination
  • if you see Clearing OFFICIAL_BUILD_MACHINE variable after initing razzle, rerun the echo command and then close down/reinit razzle again, else the build won’t properly count itself as official.

Pseudo-localization builds

An anon has made some progress with localization, allowing “Pseudo-Localization” (PLOC) builds to be created in 3 different configurations, via certain razzle options & postbuild script changes, these builds should come in useful for people looking into creating non-English builds.

The three configs available are PSU (Pseudo), FE (Far East) and MIR (Mirrored), representing some of the main changes that localization might require (such as right-to-left text, etc)

Their instructions for creating these builds have been archived here: &

Creating fresh postbuild

  • tools\postbuild.cmd -full
  • tools\missing.cmd
  • tools\postbuild.cmd

Use -sku:{sku} if you want to process only specific one (no brackets!)

Building specific components

Most components can be built seperately. For example, if you wish to rebuild ntos component, perform these steps:

  • cd base\ntos (you can also use ntos alias that razzle has set up for you)
  • bcz (alias for build /cPZ)

Generally postbuild.cmd is clever enough to include your changes properly without needing fresh build as it uses bindiff to find differences.

Generating new build number/name

Version information is stored in \public\sdk\inc\ntverp.h

You can also use m0 set_builddate set_buildnum set_buildname to generate new build name quickly.

Original CD filenames

  • 5.2.3790.0.srv03_rtm.030324-2048_x86fre_server-standard_retail_en-us-NRMSFPP_EN.iso (SHA1: A600409482A5678EF6AF2B26D3576D6D9894178D)
  • 5.2.3790.0.srv03_rtm.030324-2048_x86fre_server-datacenter_retail_en-us-NRMDOEM_EN.iso (SHA1: E2B47A7CE45C6C6305594CEE4C1B64894805AAF4)
  • 5.2.3790.0.srv03_rtm.030324-2048_x86fre_server-enterpriseserver_retail_en-us-NRMEFPP_EN.iso (SHA1: 0309FFB4181BA5122C692A6E1079E9FC1D53FCE4)
  • 5.2.3790.0.srv03_rtm.030324-2048_x86fre_server-webserver_retail_en-us-NRMWFPP_EN.iso (SHA1: 46C1CCB2CFC96803E304A35BEF50CD71B2C1DE38)
  • sbs.iso (converted from mdf; SHA1: CDB30C80FDE314C16CA11F5CD31650ECBEC7A214)
  • 5.2.3790.0.srv03_rtm.030324-2048_x86chk_server-enterpriseserver_retail_en-us-NRMECHK_EN.iso (SHA1: EEF5F921CC8FC20FB29A862E1E132359E0D151BB)
  • 5.2.3790.1830.srv03_sp1_rtm.050324-1447_amd64fre_server-enterprise_retail_en-us-ARMEXFPP_EN.iso (SHA1: 076EDCF017EDE0B2D0D8067FA52CF3D44EEEF79A)
  • 5.2.3790.1830.srv03_sp1_rtm.050324-1447_amd64chk_server-enterprise_retail_en-us-AX2EXCFPP_EN.iso (SHA1: 8916DFBB1D93A9CECB1FE8600BE2E2C752E85E7F)
  • 5.1.2600.0.xpclient.010817-1148_x86fre_client-home_retail_en-us-WXHFPP_EN.iso (SHA1: B273C8D41E3844E3E46722F52F5A4CF9F206C8D0)
  • 5.1.2600.0.xpclient.010817-1148_x86fre_client-professional_retail_en-us-WXPFPP_EN.iso (SHA1: 1400DED4402D50F3864ED3D8DCF5CC52BA79A04A)
  • 5.1.2600.0.xpclient.010817-1148_x86chk_client-professional_retail_en-us-WXPFPP_EN.iso (SHA1: 017F10E4555D1A9280874B9B0243442F045F1B2D)

Product keys

  • Standard Edition: M6RJ9-TBJH3-9DDXM-4VX9Q-K8M8M
  • Enterprise Edition: QW32K-48T2T-3D2PJ-DXBWY-C6WRJ
  • Enterprise x64: KK2WD-BFYJ6-77X87-8TRBF-9B343