Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Ximonite

Member
  • Posts

    170
  • Joined

  • Last visited

  • Days Won

    3
  • Donations

    $10.00 
  • Country

    United States

Everything posted by Ximonite

  1. I am fairly close to being able to test keyed events and have lots of smaller additions ready to test. I hope to have a technical preview KernelXE available sometime in June and a full release done before September. I also plan on making a page on my website for KernelXE because I don’t want KernelXE to suddenly become unavailable because of something happening on MSFN, like server maintenance.
  2. Here is a working link for it. https://mega.nz/file/8kckyRhA#jEP0wP56a5Cu19nUHbh6MrStRMtOEjLMBHV2TZSWb30
  3. Are you installing KernelXE lite over full KernelXE? That's definitely bound to cause problems cause BlackWingCat ntdll. Also, I plan on adding the newer version of devmgr.dll to full KernelXE. It's not needed in KernelXE lite cause it's made to install on top of BlackWingCat's extended kernel, which already contains the new devmgr.dll
  4. You can install KB2479629-v3 and KB2508429-v17. Those are the important 2 WildBill updates that are required.
  5. I am definitely still working on KernelXE. The main thing I'm doing that's taking so long is adding keyed events. Keyed events are very tied into existing ntoskrnl code and it's gonna take a while to adapt existing stuff to work with them. Lots of stuff uses keyed events, so when this is done, it will be very good for Windows 2000 users. Here is a list of ntdll functions that use them: RtlAcquireSRWLockExclusive RtlAcquireSRWLockShared RtlReleaseSRWLockExclusive RtlReleaseSRWLockShared RtlRunOnceBeginInitialize RtlRunOnceComplete RtlRunOnceExecuteOnce RtlSleepConditionVariableCS RtlSleepConditionVariableSRW RtlWaitOnAddress RtlWakeAddressAll RtlWakeAddressSingle RtlWakeAllConditionVariable RtlWakeConditionVariable TpAllocPool TpAllocTimer TpAllocWait TpAllocWork TpDisassociateCallback TpPostWork TpReleaseCleanupGroupMembers TpReleasePool TpReleaseTimer TpReleaseWait TpReleaseWork TpSetPoolMinThreads TpSetTimer TpSetWait TpSimpleTryPost TpWaitForTimer TpWaitForWait TpWaitForWork I'm planning on adding all those functions and the kernel32 functions that rely on them. January has been very busy for me, but I hope that February is lighter so I get more time to work on KernelXE.
  6. Try profiling it with Dependency Walker and post the log. You could also try installing Visual C++ 2019, which might help, since it can load concrt140.dll
  7. You probably shouldn't have a download link to the whole OS. That might be bannable.
  8. ??? I definitely remember this being your project. I just did a few quick things so you could look around in IDA and figure out the basics.
  9. Which version of UMDF are you trying. UMDF 1.0 doesn't have this file and it isn't included in Windows 2000. Definitely not. I'm pretty sure it isn't even possible on XP.
  10. Hello. I have a Dell XPS M1210 that I am going to install Windows ME on. There is space for a Dell Truemobile Bluetooth module and I am planning to buy one. I want to know if anyone has any experiences or info that could be useful so I don't waste my money on an incompatible one. There are 3 different ones I could buy: Dell Truemobile 350 - Bluetooth 2.0, Uses Toshiba drivers Dell Truemobile 355 - Bluetooth 2.0, Based on Broadcom BCM92045MD Dell Truemobile 360 - Bluetooth 2.1, Uses Toshiba drivers
  11. I was just saying how I like the rounded edges. Not saying you mentioned it. Interesting. No squares here with Firefox 78.6.0 on vista. I do get those types of squares on Discord sometimes though.
  12. The colors can be changed with the color picker. The color picker has been on MSFN for a while. Also, I like the new design and rounded edges. It looks cleaner in my opinion. Just sharing my opinion on the new design since you shared yours.
  13. Here is what I can do for all these functions: videoprt.VideoPortIsNoVesa - relies on code that doesn't exist in KernelXE's videoprt.sys and cannot be added easily. user32 functions - I can add most of them, but they will be stubs. I only add stubs when requested since they don't actually do anything and are just placeholders to take care of program dependencies. gdi32.ClearBitmapAttributes - redirects to a win32k function that doesn't exist in WildBill's win32k.sys. I will add this function when I get to modifying win32k.sys. I tried taskmgr from Longhorn build 5259 and it doesn't run at all. No error message or anything. Just "Thread terminated" in IDA.
  14. 1. The .sys and .inf files shouldn't be in system32. 2. I noticed that they aren't in the locations they should be. I am currently doing a lot of optimization to update.inf and this should hopefully fix this.
  15. I use paint.net for the actual photo editing. I use icofx for any conversion from or to .ico, and I use Bome Restorator for modifying the resource section of the file.
  16. The error is valid. My version of ntdll doesn't have RtlRegisterSecureMemoryCacheCallback, but it's weird that it says mstask.exe on the top because the version of mstask.exe on my system doesn't call that function.
  17. It definitely won't work. KernelXE requires WildBill's ntoskrnl and win32k.
  18. There's a way to do it without LoadLibraryA or GetProcAddress. This is what I do with everything cause I would rather spend my own time getting those functions in the import table than having the dll use a bunch of CPU clock cycles finding it. If it imports to the last file in the list, I can just add the import to the end. If it doesn't, here's what I do: 1. Shift every reference to everything in the import address table that's going to be moved by how much it will be moved. Example: The order of dlls imported is gdi32, kernel32, ntdll and I want to add an import to gdi32 (this is literally what I've been doing today in user32). I would shift every reference to every address in the import address table that corresponds to ntdll or kernel32 up by 4. I do this in HxD with the replace tool and I start at the very end and go up the table until I get through all the ntdll and kernel32 imports. 2. Rebuild the import directory in PEMaker. In my example, I would delete all the imports to kernel32 and ntdll, add the new gdi32 import, and readd all the kernel32 and ntdll imports with the addresses shifted up by 4. Tip for Step 2: I make the PEMaker window as short as possible to reduce physical strain from moving the mouse from the table to the delete button as many times as I need, since that number of times is usually in the hundreds. Note: Import hints don't needed to be correct when added back when doing this. They aren't essential for the file to work and if you care, ImportPatcher v29 can automatically correct them.
  19. Here's all the basics in one big post. Tools: IDA - A very good disassembler that handles Windows system files very well. HxD - The hex editor I use. It doesn't matter which one you use, but you will need one. PEMaker - Used for other general tasks, like adding imports and exports. PETool - Another program made for general PE file editing. There's a few features in PETool that aren't done in any other program very well or at all. Beyond Compare - For comparing lists of functions. I use Beyond Compare, but you can use whatever you prefer. CFF Explorer - For editing the file header. Here is an IDA window. The main area is the code you're looking at. In the file, the code is stored as opcodes, which you can look at in a hex editor or the Hex View in IDA. Changing a relative address: A relative address is one where the difference between the current location and the location referred to is stored. Example: At 77E16D22h, this instruction calls the function at 77E1580Eh. The data stored is the difference between 77E16D22h and 77E1580Eh, which is FFFFEAE7h. The data is stored backwards in the file, so a difference of FFFFEAE7h would be stored as E7 EA FF FF. If the location you want to make a function refer to already has a marker (example: loc_77E16D2B), then IDA can do everything for you. To do this, right click the address you want to change, and choose "Manual" in the drop-down menu. In the text field that says "Operand", change this to the address you want the instruction to refer to. This only works if another instruction refers to the address. If it doesn't, you will need to change the hex values directly. You can do this by going to the "Hex View" in IDA and pressing F2, then typing in hex values. Press F2 again to revert back to it's normal state. Other general info: When writing hex values in text, like a post on MSFN, just writing the value may be confusing, so either add "0x" to the beginning or "h" to the end. Changing an absolute address: Changing an absolute address is pretty simple. Just change the hex values in the instruction from the old address to the new one. Remember that these addresses are stored backwards in the file. This is all the info I know that could be very difficult to find noob-friendly info for. I ended up having my dad teach me this stuff, since he is familiar with IDA and uses it. Experimentation is the best way to learn this kind of stuff, so try stuff and see what happens.
  20. Since this is something you're very interested in, you could try starting this project yourself. I simply don't have enough time to start something like this for NT4 and I assume win32 doesn't either. Here's kernel32 with some simple modifications to get you started.
  21. idk but I know that the Renesas USB 3 drivers work with both BlackWingCat's extended core and WildBill's extended kernel. I would just use (or buy if you don't have one) a USB 2.0 PCI or PCIe card and pass that through to the virtual machine if all you need is USB 2.0.
  22. It's from BlackWingCat's extended kernel, but it calls ole32.CoTaskMemAlloc directly instead of calling a function that calls it with LoadLibraryA and GetProcAddress. Also, here's the matching implementation of GetCurrentProcessExplicitAppUserModelID: mov edx, [esp+AppID] test edx, edx jz short loc1 mov eax, lpString test eax, eax jz short loc_7D04A866 push eax ; lpString call ds:lstrlenW inc eax add eax, eax push eax call ds:CoTaskMemAlloc mov [edx], eax mov eax, lpString push eax ; lpString2 push dword ptr [edx] ; lpString1 call ds:lstrcpyW xor eax, eax retn 4 loc1: mov eax, 80004005h retn 4 GetCurrentProcessExplicitAppUserModelID.hex
  23. I have already looked at what functions it needs and there were only a few missing in ntoskrnl. I also noticed that it requires WinUSB. Both of these will be added to KernelXE when they are confirmed working.
  24. PAE Update: I have decided that I will add PAE support to KernelXE v0.2.3 instead of saving it for v0.2.4. This means the expected release of KernelXE will be pushed back, but I think PAE is worth the wait. Here is some decompiled code for one of the modifications I have already made to try to add PAE support: Original: LessThan16Mb = 1; for ( i = *(_UNICODE_STRING **)&RegistryPath[1].Length; i != &RegistryPath[1]; i = *(_UNICODE_STRING **)&i->Length ) { v10 = *(_DWORD *)&i[1].Length; if ( v10 != 6 && v10 != 22 && (unsigned int)i[1].Buffer + *(_DWORD *)&i[2].Length > 0x1000 ) { LessThan16Mb = 0; break; } } dword_8001A4E4 = 0x40; v11 = 0x10000; v12 = HalpAllocPhysicalMemory(RegistryPath, 0x1000000, 0x10, 1); if ( !v12 ) v11 = 0; PhysicalAddress.QuadPart = v12; dword_8001A4F4 = 0; NumberOfBytes = v11; if ( MEMORY[0xFFDF027D] ) { dword_8001A504 = 0x4000; v13 = 0x30000; v14 = HalpAllocPhysicalMemory(RegistryPath, 0xFFFFFFFF, 0x30, 1); if ( !v14 ) v13 = 0; dword_8001A510 = v14; dword_8001A514 = 0; dword_8001A508 = v13; } HalpCallbackRecord.State = 0; KeRegisterBugCheckCallback(&HalpCallbackRecord, HalpBugCheckCallback, 0, 0, "ACPI 1.0 - APIC platform MP"); } result = HalpInitMP(DriverObject, RegistryPath); if ( DriverObject == (PDRIVER_OBJECT)1 ) result = HalpEnableNMI(); LOBYTE(result) = 1; return result; } Modified: LessThan16Mb = 1; for ( i = *(_UNICODE_STRING **)&RegistryPath[1].Length; i != &RegistryPath[1]; i = *(_UNICODE_STRING **)&i->Length ) { v10 = *(_DWORD *)&i[1].Length; if ( v10 != 6 && v10 != 22 && (unsigned int)i[1].Buffer + *(_DWORD *)&i[2].Length > 0x1000 ) { LessThan16Mb = 0; break; } } dword_8001A4E4 = 0x4000; v11 = 0x30000; v12 = HalpAllocPhysicalMemory(RegistryPath, 0xFFFFFFFF, 0x30, 1); if ( !v12 ) v11 = 0; PhysicalAddress.QuadPart = v12; dword_8001A4F4 = 0; NumberOfBytes = v11; HalpCallbackRecord.State = 0; KeRegisterBugCheckCallback(&HalpCallbackRecord, HalpBugCheckCallback, 0, 0, "ACPI 1.0 - APIC platform MP"); } result = HalpInitMP(DriverObject, RegistryPath); if ( DriverObject == (PDRIVER_OBJECT)1 ) result = HalpEnableNMI(); LOBYTE(result) = 1; return result; }

×
×
  • Create New...