Leaderboard

Summary: This project is a combination of NTDLL from BlackWingCat's Extended Kernel and NTDLL from WildBill's KB2479629-v3. How this began: This project began when I needed to run a program that required some functions that were only present in NTDLL from BlackWingCat's Extended Kernel and some functions that were only present in NTDLL from WildBill's KB2479629-v3. The NTDLL file: The first 3 versions of NTDLL-XEC (NTDLLx1-3(B)) are based on NTDLL from BlackWingCat's Extended Kernel v30e (latest version as of writing this) and contain some functions from WildBill's KB2479629-v3. NTDLLx4 is based on NTDLL from WildBill's KB2479629-v3 and contains functions from BlackWingCat's Extended Kernel. Downloads: NTDLLx4: DLL | Installer Changelog: NTDLLx1: Initial Release NTDLLx2: Code for new functions now stored in .xdata ZwQueryDebugState no longer uses same code as NtQueryDebugState Error in LdrCreateOutOfProcessImage fixed NTDLLx3: Test release for adding exports with PEMaker NTDLLx3B: Fixed issues in NTDLLx3 Changed file version to 5.0.2195.7133 to follow new file version rules NTDLLx4: File is now based on NTDLL from WildBill's KB2479629-v3. Added ALL functions from NTDLL from BlackWingCat's Extended Kernel v30e. Added Functions: Click on each version to view the list of added functions in semi-alphabetical order. NTDLLx1 | NTDLLx2/3(B) | NTDLLx4 File modification process: Find required subroutines for functions with IDA Move export table to new section before .rsrc (if needed) Increase size of .patch with PEMaker (if needed) Add code to blank space in .text and if needed, add code at end of .patch with HxD Add exports to export table with PEMaker Fix errors in code with IDA Change file version and fix red text on main page of PEMaker Name and version number info: NTDLL-XEC: X - Ximonite E - Extension C - Combo File Version: 5.0.2195.71## ## = My version number + 30 Examples: NTDLLx4 - 5.0.2195.7134, NTDLLx12 - 5.0.2195.7142 IDA Tips and Tricks: Press F2 while in Hex View to edit hex values. Right click a location a function is calling and click "Manual" to change the location. Go to Edit > Patch program > Assemble... to have IDA automatically modify hex values after changing location with Manual. Save modifications made in IDA in Edit > Patch program > Apply patches to input file... Archive: NTDLLx3B: DLL | Installer Older files: NTDLLx1 | NTDLLx2 | NTDLLx3 (no download on my website because of major issue in file) | NTDLLx3B First Installer

Update for root certificates: New: CN = GlobalSign Client Authentication Root E45 O = GlobalSign nv-sa C = BE CN = GlobalSign Client Authentication Root R45 O = GlobalSign nv-sa C = BE CN = GlobalSign Code Signing Root E45 O = GlobalSign nv-sa C = BE CN = GlobalSign Code Signing Root R45 O = GlobalSign nv-sa C = BE CN = GlobalSign Document Signing Root E45 O = GlobalSign nv-sa C = BE CN = GlobalSign Document Signing Root R45 O = GlobalSign nv-sa C = BE CN = GlobalSign Secure Mail Root E45 O = GlobalSign nv-sa C = BE CN = GlobalSign Secure Mail Root R45 O = GlobalSign nv-sa C = BE CN = GlobalSign Timestamping Root R45 O = GlobalSign nv-sa C = BE Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

@dencorso Agreed. Just because the latest release is no longer compatible with XP, doesn't mean that the last release that is won't suddenly stop working (we've seen some rather unscrupulous examples of that elsewhere over the 6 or so years since XP's "official" EoS). My understanding is that, while Bittorrent has added new features to its protocols over the years since it was introduced, the basic architecture is more or less the same, and virtually all clients, new and old, can still connect to it just fine, just without the advanced features of newer versions. Unless I'm missing something? With all the paranoia surrounding the coronavirus lately, this is actually becoming a real life phenomena, something I never thought would happen! (I kid you not, I recently came across a headline (from a reputable source) that stated that some people are *wearing hazmat suits on airplanes* because of the extreme fear of acquiring the virus!) While i won't be stupid and go put myself in a situation where I'd be infected, I'm not going to live in that kind of fear. Same applies to old Windows and software. While I will use newer, safer software when appropriate (online shopping, banking transactions, etc.), I'm not going to stop using XP, Vista or 7 (or any software thence developed) simply because MS isn't releasing patches for them anymore! Enough said. c

hey, i wanted to report a problem with your program, theres a problem with the win2k or xp setup tab where if you load drivers for it for example a wrong scsi driver, it drops these txtsetup.sif and ntldr stuff in the boot drive, right? i booted into it and i got a bsod, so, now i loaded a wrong driver, i formatted the destination drive for windows xp, and i tried it again with a driver that works, it drops the new driver sys file to some weird win and character stuff so i restart and go to windows xp setup, and i still bsod, why? because i think your program doesnt care about txtsetup.sif when it exists on the boot drive no matter what, you have to delete it so setup can make a new one and add lines in it to load my driver, it irritated me for so long, please make it so it overwrites txtsetup.sif and other boot files when you load another driver, cause this took like 4 hours to see what the f*** was the problem.

Yeah, just remove the NTx86 references everywhere. That first INTEL_HDC too; it's probably there because they had some intention of supporting Windows 2000 but didn't in the end. Use nLite to integrate the driver before running HFSLIP; apparently there is a way to integrate drivers with HFSLIP but no one has documented it of course.

deleted

Throughout time, the number of processes to support my empty desktop, with my favorite tweaks and "to work" software: XP: High teens. 100 MB. Vista: 30 or so. 800 MB. Win 7: 34. 1 GB. Win 8.1: 42. 1.2 GB. Win 10: 120. 4 GB. 3x the processes prior versions had to rock, just to get anything done. Says it all right there. No wonder it really doesn't seem to run any better on modern hardware than prior versions did on the best hardware of 7 years ago. And you can't really trim it down any more, for several reasons. Back when we thought Vista, Win 7, and Win 8.1 were bloated, we simply didn't know what True Bloat was. -Noel