windows2

Please re-upload this video (the link doesn't work) it seems to contain rare information.

Well, thank you for all this important informations . You are a great explainer . I'll give it a try later, and hopefully I don't have to redo everything. I apologize for the bad writing in English.

I rebuilt the PE header on the first etape when I add the function using ExportTableTester. This means that I have to do everything again. Without building a PE head ?

I did this part after adding the function using ExportTableTester. Do I rebuild after patching kernel32.dll with IDA?

Sorry, I didn't know before that it was forbidden i don' t know how to correct PE checksum. do you explain to me more please.

Please, how do I test the new kernel32 .dll?

Hi, do I save my kernel32.dll patch with this method?

Thank you very much, I will try it tomorrow.

@win32 I had a small problem which is that the two addresses do not match the addresses that should be called, how do I fix this please.

I have finally added it successfully, Thanks a lot

I don't understand why there is a code with an new section (empty space). So if I deleted the added code alone (strange thing with a new empty space) Does an error occur?

Hi @win32 , I try to make an extended kernel for Windows NT 4.0 I have add this function : GetProcessIoCounters But i found an error : I don’t found the function in IDA list of functions ! But in export table tester and export directory in CFFExplorer the function exist ! I found the code in IDA in the HEX view and IDA view in .xdata segment : I don’t know how to resolve this problem Give me a way to solve this problem please. I documented everything I did, using several pictures to illustrate every step I took in this link: https://mega.nz/file/4k0iCYiJ#3CaHXrnEUnsdRqMB3IMiMeuJpxbFp24bm1Rp7Kf75RA

Well thank you I will do everything you told me . Please if you have time in the future. Explain the method of adding a simple function, and processing imports, and send it in a link from Drive. Maybe I will need it if I can't implement your words correctly. I don't force you to make a video, I say if you can, otherwise, thank you. I benefited a lot with your informations .

OK thank you I mean for the imports do they need modifications? If yes, how do I do that? What are the tasks that must be done? What are the necessary tools?

I understand, thank you very much I will try this method to fix up the imports, function calls and data references . Do I use rebuild in cff explorer? This is the only thing I don't understand yet. Forgive me for bothering you with my questions which seem trivial to you . But it is very important to me and I thank you for teaching me what I didn't know.

This means I have to rewrite kernel32 .dll using IDA to browse to a newer code, for example XP kernel32.dll code, and then rewrite it with C. Example open kernel32 .dll for Windows XP and rewrite it to C, but this is very difficult. Will functions in this way preserve their addresses, which other .dll files use for the request? . Do you mean like this, or do you mean to transfer a specific function code from IDA and then arrange it in C. Then turn it into an ASM code. Then to hexa and then add it to the new section in the export table. Do you mean like this? Please simplify the talk for me. Because I hardly understand English, sorry

Hello Win32 ,I started yesterday to test the kernel extension based on your topic. Thank you for all these explanations. I want to ask you, where do you get these Hexa functions? I want to add some functions to kernel32 .dll for windows 2000. as an experience. Can I move the functions in the kernel32.dll export table for Windows XP or Vista 32bit? To the export table in the new kernel32.dll section for Windows 2000.?

Hi mina ,there is a new BWC update v3.0hM with a new fix for today.

He means that there may have been a misunderstanding between the size of the added code and the address, which caused an error in the work of this function, and this error caused the blocking of the request for the function when it was called from ntdll. First of all, I advise you to renew your information. This helped me a lot in getting started: Yesterday I started learning and experimenting.

Extended kernel v3.0i BWC released, changes are as follows: -Fixed a bug that some components did not work when MSVCRT was changed to NT5 series. -Fixed the implementation omission of MFC90ESN.DLL. -Improvement of CoRevolkInitializeSpy / CoRegisterInitializeSpy function of OLE32.DLL -Replace MsgBox2K.exe with a modified version Link for Extended kernel v3.0i : http://blog.livedoor.jp/blackwingcat/archives/1299806.html

Thank you very much

Your words are wonderful, right and realistic. I promise you that there will be a new extended nucleus in the middle of next year, in which there will be great progress at the level of running modern programs. There is a person who is giving everything he has to issue this extension. I pray to God to grant him success in his work.

@husara1 @MicahMoo11 There will be better updates in the future than BWC updates. It will be able to run newer software. With the removal of the shortcomings, and perhaps Windows 2000 will be a high match in the coming years, stay tuned. Wish this person success in his work. Don't tell people that Windows 2000 is over, There is someone who tires of developing new, cutting-edge updates.