ntkrnlpa.exe same version different size?

C:\WINDOWS\system32\ntkrnlpa.exe

NT Kernel & System
5.1.2600.5755
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
1.92 MB (2,023,936 bytes)
Wednesday, 4 August 2004, 12:59:00 AM

------
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

NT Kernel & System
5.1.2600.5755
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
1.96 MB (2,066,048 bytes)
Wednesday, 15 October 2008, 6:25:35 AM


Anyone know WHY?????

 

They're in different folders and serve different purposes.

PS: You've got another one in C:\WINDOWS\SYSTEM32\DLLCACHE <=this folder,
too.


Briz Borg wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> C:WINDOWSsystem32ntkrnlpa.exe
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.92 MB (2,023,936 bytes)
> Wednesday, 4 August 2004, 12:59:00 AM
>
> ------
> C:WINDOWSDriver Cachei386ntkrnlpa.exe
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.96 MB (2,066,048 bytes)
> Wednesday, 15 October 2008, 6:25:35 AM
>
>
> Anyone know WHY????? <!--colorc--><!--/colorc-->

 

Yes, And now "PA Bear [MS MVP]"
Would you please inform me as to why the two file which are different,
have the same version?

C:\WINDOWS\SYSTEM32\DLLCACHE \ <

NT Kernel & System
5.1.2600.5755
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
..96 MB (2,066,048 bytes)
Wednesday, 15 October 2008, 6:25:35 AM

5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
1.96 MB (2,066,048 bytes)


Also in;
C:\i386\SP2.CAB
C:\WINDOWS\ServicePackFiles\i386 <5.1.2600.5512
(xpsp.080413-2111)
C:\WINDOWS\$hf_mig$\KB896256\SP2QFE <5.1.2600.3023
(xpsp_sp2_qfe.061030-0020)
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE <5.1.2600.3093
(xpsp_sp2_qfe.070227-2300)
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE <5.1.2600.5755
(xpsp_sp3_qfe.090206-1316)
:\WINDOWS\$hf_mig$\KB956841\SP3QFE ECT,ECT,ECT

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:eDtcPAI3JHA.1432@TK2MSFTNGP02.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> They're in different folders and serve different purposes.
>
> PS: You've got another one in C:WINDOWSSYSTEM32DLLCACHE <=this folder,
> too.
>
>
> Briz Borg wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
>> C:WINDOWSsystem32ntkrnlpa.exe
>>
>> NT Kernel & System
>> 5.1.2600.5755
>> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
>> 1.92 MB (2,023,936 bytes)
>> Wednesday, 4 August 2004, 12:59:00 AM
>>
>> ------
>> C:WINDOWSDriver Cachei386ntkrnlpa.exe
>>
>> NT Kernel & System
>> 5.1.2600.5755
>> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
>> 1.96 MB (2,066,048 bytes)
>> Wednesday, 15 October 2008, 6:25:35 AM
>>
>>
>> Anyone know WHY?????<!--colorc--><!--/colorc-->
> <!--colorc--><!--/colorc-->

 

If you right-click on each file in each folder & select Properties, you'll
see that each one has a different Created date but the ones in
C:\WINDOWS\SYSTEM32 <=this folder and C:\WINDOWS\SYSTEM32\DLLCACHE <=this
folder (at least) will have identical Modified dates (modified by MS, not
you; i.e., 07 Feb-09).

ntkrnlpa.exe v5.1.2600.5755 corresponds to MS09-012; see the File tables
here:

Any particular reason you're asking and asking in this Security-specific
newsgroup?

Briz Borg wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Yes, And now "PA Bear [MS MVP]"
> Would you please inform me as to why the two file which are different,
> have the same version?
>
> C:WINDOWSSYSTEM32DLLCACHE <
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> .96 MB (2,066,048 bytes)
> Wednesday, 15 October 2008, 6:25:35 AM
>
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.96 MB (2,066,048 bytes)
>
>
> Also in;
> C:i386SP2.CAB
> C:WINDOWSServicePackFilesi386 <5.1.2600.5512
> (xpsp.080413-2111)
> C:WINDOWS$hf_mig$KB896256SP2QFE <5.1.2600.3023
> (xpsp_sp2_qfe.061030-0020)
> C:WINDOWS$hf_mig$KB931784SP2QFE <5.1.2600.3093
> (xpsp_sp2_qfe.070227-2300)
> C:WINDOWS$hf_mig$KB956572SP3QFE <5.1.2600.5755
> (xpsp_sp3_qfe.090206-1316)
> :WINDOWS$hf_mig$KB956841SP3QFE ECT,ECT,ECT
>
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:eDtcPAI3JHA.1432@TK2MSFTNGP02.phx.gbl...<!--coloro:green--><span style="color:green <!--/coloro-->
>> They're in different folders and serve different purposes.
>>
>> PS: You've got another one in C:WINDOWSSYSTEM32DLLCACHE <=this folder,
>> too.
>>
>>
>> Briz Borg wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> C:WINDOWSsystem32ntkrnlpa.exe
>>>
>>> NT Kernel & System
>>> 5.1.2600.5755
>>> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
>>> 1.92 MB (2,023,936 bytes)
>>> Wednesday, 4 August 2004, 12:59:00 AM
>>>
>>> ------
>>> C:WINDOWSDriver Cachei386ntkrnlpa.exe
>>>
>>> NT Kernel & System
>>> 5.1.2600.5755
>>> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
>>> 1.96 MB (2,066,048 bytes)
>>> Wednesday, 15 October 2008, 6:25:35 AM
>>>
>>>
>>> Anyone know WHY?????<!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Briz Borg wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> C:WINDOWSsystem32ntkrnlpa.exe
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.92 MB (2,023,936 bytes)
> Wednesday, 4 August 2004, 12:59:00 AM
>
> ------
> C:WINDOWSDriver Cachei386ntkrnlpa.exe
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.96 MB (2,066,048 bytes)
> Wednesday, 15 October 2008, 6:25:35 AM
>
> Anyone know WHY?????<!--colorc--><!--/colorc-->

On my host (the MODIFIED date is shown):

path: C:\WINDOWS\system32\ntkrnlpa.exe
size: 2,066,048 bytes <-- differs from your host
ver: 5.1.2600.5755
date: Saturday, February 07, 2009, 7:02:58 PM

path: C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
size: 2,066,048 bytes
ver: 5.1.2600.5755
date: Saturday, February 07, 2009, 7:02:58 PM

path: C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
size: 2,066,048 bytes
ver: 5.1.2600.5755
date: Saturday, February 07, 2009, 7:02:58 PM

They are all the same on my host. Have you yet run the system file
checker ("sfc /scannow")? You'll nee the install CD on hand or the path
to the saved i386 folder if SFC needs to yank a copy from there.

 

I have the same situation...and if you open properties of file and choose
Version tab, then Original file name then you'll see
that original file name of ntkrnlpa.exe is NTKRPAMP.EXE


The NT kernel is distributed with each Windows package in as many as four
files:

* NTOSKRNL.EXE, single-processor without PAE;
* NTKRNLMP.EXE, multi-processor without PAE;
* NTKRNLPA.EXE, single-processor with PAE (version 5.0 and higher);
* NTKRPAMP.EXE, multi-processor with PAE (version 5.0 and higher).

As I understand you system chose file which is needed and renamed it to
NTKRNLPA.EXE...

I think it is Ok! I think you system is multi-processor with PAE...

"Briz Borg" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> C:WINDOWSsystem32ntkrnlpa.exe
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.92 MB (2,023,936 bytes)
> Wednesday, 4 August 2004, 12:59:00 AM
>
> ------
> C:WINDOWSDriver Cachei386ntkrnlpa.exe
>
> NT Kernel & System
> 5.1.2600.5755
> 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
> 1.96 MB (2,066,048 bytes)
> Wednesday, 15 October 2008, 6:25:35 AM
>
>
> Anyone know WHY?????
>
>
>
>
>
> <!--colorc--><!--/colorc-->