Yep .
The generic issue with this kind of stuff is that the ones actually "knowing what to do" usually (since they also know where their passwords - besides their towels - are ) actually *never* or almost never *need* this kind of tricks, and when they need it they can actually do it from command line alright.
On the other hand the "end users" of this kind of solutions tend to be poor morons less advanced users that by fiddling senselessly with their PC got locked out of it and come here in panic.
Both kind of users however never or almost never report what was asked since day one, i.e. the EXACT version of the OS and dll for which the patch worked (or failed to work).
Without this data it is difficult or impossible to make an adequate "database" of dll's and their versions.
Please note how this info has been asked for since day one (JFYI , EXACTLY because I suspected that before or later the *need* for such a database would have arisen) and there was already enough bickering about this request.
The "more restrictive" detection is a good step forward BUT to be picky (as I am) you fall in the same trap, you didn't report which EXACT version of the .dll confused the detection.
I believe additionally that limiting the "range" would be (slightly) faster, *like*:
cat --locate=\x50\x45\x00\x00\x64\x86 --length=512 --number=1 (hd0,0)/Windows/System32/msv1_0.dll
(I know that the above 512 is "arbitrary" and in theory it should be the value of e_lfanew + 6 bytes, but I believe that no file has a MS-DOS stub larger than 240 or 256 bytes and anyway the time to load the first sector should be the same as that of a lower value, but at least this way we avoid scanning the whole fine when the pattern is not found at the beginning)
Wonko