Ximonite

Interesting. I did the same and the BSoD didn't go away. The fixed ntdllx3 happens to be only a few kilobytes smaller than ntdllx2. I would like to look at your modified file and test it with my setup. I test my files in a virtual machine in VMware Workstation Pro 15.5.5.

I made an unofficial update to BlackWingCat's Extended Core because the official Extended Core is not on BlackWingCat's new website, and I wanted to make an English version of Extended Core v16d because I cannot read Japanese. Most of the files in this update are from Extended Core v16a because they are the same as the ones in Extended Core v16d except for the language. Update: Made installer with SFXCAB utility. The new installer can be slipstreamed with nLite. ┌───────┐ │ Download │ └───────┘ Files not from Extended Core v16a: acpi.sys from http://blog.livedoor.jp/blackwingcat/archives/1974336.html ndis.sys from Extended Kernel v16d videoprt.sys from KB829884-v9 ntoskrnl.exe* ntkrnlmp.exe* ntkrnlpa.exe* ntkrpamp.exe* *All of these files are from Extended Core v16d but modified (see below) Modifications made to NT Kernel & System (the 4 exe files with '* next to them): All Japanese resources replaced with resources from Extended Core v16a. Exports for ExVerifySuite and RtlIntegerToUnicode added because the code for the functions was present but the exports were not added to the export table. New boot screen for Windows 2000 Professional:

CFF Explorer stated that it was invalid. I figured out that I need to change the value of the Import Address Table Directory RVA to the same value as SizeOfHeaders.

Thank you for the suggestion. It works exactly how I need it to except for one thing. The one thing is that after adding a section, the Import Address Table Directory RVA is invalid. Is this important? If it is, does anyone know a way to fix this?

Hello. I have been trying to do something similar to this but with NTOSKRNL.EXE and the other 3 similar exe files. I have been unable to add a section to the file like I can with ntdll.dll. How I added a section to ntdll.dll: I made a blank file and added the code I wanted to add to ntdll.dll with HxD Opened CFF Explorer and clicked "Section Headers" in the sidebar. Right clicked the space below the last section and clicked "Add Section (File Data)" and chose the file with the new code. Programs I tried when trying to add a section to NTOSKRNL.EXE: CFF Explorer (Same process as ntdll.dll) LordPE (Invalid RVAs) PEMaker (Couldn't make new section) Does anyone have info that could help me?

Interesting. The link worked for me. I uploaded the file to my own website here. http://ximonite.com/ethernet/intel/w2k/PRO2Kv3.zip

Serpent 52 is perfectly stable on Windows 2000 with the new version of ntdll (x2).

BlackWingCat's PRO2KV3 should work.

This is a very strange issue. I have never seen Windows 7 give a BSoD related to ACPI. Even Windows Vista SP2 unmodified has no ACPI issues on my Ryzen computer. The only thing I can think of that would cause that is a BIOS setting.

I noticed that there is a very similar error in LdrCreateOutOfProcessImage, which is one of the functions I added. Do you know of any programs that use that function that don't require other new functions from other files? I don't know if this causes the issues, but I added the extra data for the new functions in some blank space in the section called "EDATA". Right now, I'm trying to figure out how to add a new section to a dll file properly. When I figure it out, my added functions will be in the new section. Edit: ntdllx2 does not have the error in LdrCreateOutOfProcessImage and I figured out how to make a new section properly.

IDA found an error in the code at this address in both my dll and the original BlackWingCat dll. Does this error occur with the original BlackWingCat dll?

Found some info about changing the color of the progress bar. http://www.virtualplastic.net/html/logo_scr.html

Here it is: http://www.mdgx.com/files/DSCLIENT.EXE

Here it is. http://ximonite.com/wifi/odysseyclient/v456/OdysseyClient.msi

That is Odyssey Client 4.52. I was wondering if anyone had Odyssey Client 4.56 and could reupload it.

Is anyone able to reupload this?

In nLite, make sure the option called "Hotfixes, Add-ons and Update Packs" is selected (picture included). Then, click "Insert", browse to the zip file, and click "Open" in the explorer window that appears. This adds Extended Core v16a, the patched version of acpi.sys you are trying to add, and the latest stable version of videoprt.sys. Nothing else needs to be done to make the patched acpi.sys work. Also, after installation, do NOT install Extended Core because this will replace acpi.sys with an older version and videoprt.sys with a version that is known to be buggy. Hope this helps.

If you are talking about the nLite addon I posted in that topic, it contains BlackWingCat's extended core v16a, the patched acpi.sys, and a version of videoprt.sys that doesn't cause the setup to crash. It is meant to be used with nLite through the hotfixes, add-ons, and update packs option.

Summary: This project is a combination of NTDLL from BlackWingCat's Extended Kernel and NTDLL from WildBill's KB2479629-v3. How this began: This project began when I needed to run a program that required some functions that were only present in NTDLL from BlackWingCat's Extended Kernel and some functions that were only present in NTDLL from WildBill's KB2479629-v3. The NTDLL file: The first 3 versions of NTDLL-XEC (NTDLLx1-3(B)) are based on NTDLL from BlackWingCat's Extended Kernel v30e (latest version as of writing this) and contain some functions from WildBill's KB2479629-v3. NTDLLx4 is based on NTDLL from WildBill's KB2479629-v3 and contains functions from BlackWingCat's Extended Kernel. Downloads: NTDLLx4: DLL | Installer Changelog: NTDLLx1: Initial Release NTDLLx2: Code for new functions now stored in .xdata ZwQueryDebugState no longer uses same code as NtQueryDebugState Error in LdrCreateOutOfProcessImage fixed NTDLLx3: Test release for adding exports with PEMaker NTDLLx3B: Fixed issues in NTDLLx3 Changed file version to 5.0.2195.7133 to follow new file version rules NTDLLx4: File is now based on NTDLL from WildBill's KB2479629-v3. Added ALL functions from NTDLL from BlackWingCat's Extended Kernel v30e. Added Functions: Click on each version to view the list of added functions in semi-alphabetical order. NTDLLx1 | NTDLLx2/3(B) | NTDLLx4 File modification process: Find required subroutines for functions with IDA Move export table to new section before .rsrc (if needed) Increase size of .patch with PEMaker (if needed) Add code to blank space in .text and if needed, add code at end of .patch with HxD Add exports to export table with PEMaker Fix errors in code with IDA Change file version and fix red text on main page of PEMaker Name and version number info: NTDLL-XEC: X - Ximonite E - Extension C - Combo File Version: 5.0.2195.71## ## = My version number + 30 Examples: NTDLLx4 - 5.0.2195.7134, NTDLLx12 - 5.0.2195.7142 IDA Tips and Tricks: Press F2 while in Hex View to edit hex values. Right click a location a function is calling and click "Manual" to change the location. Go to Edit > Patch program > Assemble... to have IDA automatically modify hex values after changing location with Manual. Save modifications made in IDA in Edit > Patch program > Apply patches to input file... Archive: NTDLLx3B: DLL | Installer Older files: NTDLLx1 | NTDLLx2 | NTDLLx3 (no download on my website because of major issue in file) | NTDLLx3B First Installer

I don't have the CAB file, but I have an nLite addon that contains the patched acpi.sys http://ximonite.com/ExtendedCore16a.zip

I have been using the GameGuard version of the Extended Kernel and I_RpcBindingInqLocalClientPID is missing.

Where could I download the rpcrt4.dll with I_RpcBindingInqLocalClientPID?

If you want/need the Extended Kernel with the GameGuard fix, it will be up on my website until it's added to BlackWingCat's new website. http://ximonite.com/Windows2000-KB935839-v30eG-x86-ENU.exe EDIT: BlackWingCat's extended kernel is on the new website, so the link above is not needed.

I use ZakMcKraken's NVIDIA Drivers. They work perfectly with my GeForce 7950 GT PCI-E. They can be found at windows98.xf.cz