Remodeling Windows XP Kernel32

[jaclaz]

14 minutes ago, Dibya said:

First learn assembly then come and talk here.

I have to assume that you already learned it FULLY, correct? 

If this is the case, it should have normally taken years (NOT just months or weeks) of hard study and work, and even if you are a genius at it , you shouldn't be so patronizing (if not downright offensive) about other people's attempts or (supposedly) inferior level of knowledge.

jaclaz
 

Edited May 14, 2016 by jaclaz

[Dibya]

sorry man

I am really angry on my friend

[FranceBB]

Don't argue, it's fine, we are a community and we share knowledge.

The one I wrote above is the procedure I'm actually using. As to the alky for application, they used pyton and Perl, which I generally use for a very few stuff. My favourite programming language is C# and I'm very familiar with C++, but guys, trying to debug a pyton and Perl code without any input from the creator it's a pain in the butt. (Sorry for the expression I used). @problemchild.. I will send you the code this evening (UK time), sorry if I didn't send it to you before but it's been a long hard week.

@dibya... don't be upset and keep working for the community; we must share; we are a community.

[PROBLEMCHYLD]

I agree, I don't hold grudges. I have contributed to the community just on a different level. No more fighting. Thanks.

[Dibya]

I am not a Assembly Guru but i have some knowledge in  it.

[Dibya]

GetThreadId , this api should rest in hell.

for so long i am tring on it still nothing

[Dibya]

Friends, I am trying to fix following pograms any more you want  but some small small and simple app only

1.Googlecrome

2.Vivaldi

3.Opera37

4.UCBrowser

5.Palemoon(not atom)

6.Filezzila

7.Adobe Acrobet Reader(I never like it , fully bloated)

8.EMET 5.1

[FranceBB]

Filezilla installs but fails to run, even with DLLs imported from Vista; must be a win7 call. There is the source code, though, so you should try to recompile it using MinGW (GCC) and codeblock, targeting XP. It should work. Don't use Visual Studio 2010; express will probably fail due to some C99 code, while the professional edition will end up with an error due to MSBuild. I would do it myself, but I'm pretty busy now and I'm still working at utvideo. 

Edited May 17, 2016 by FranceBB

[AnX]

Any chance of getting GTA V running on XP x64 edition with this?

According to Dependency Walker,
GTA5.exe needs kernel32 WerSetFlags and GetSystemDefaultLocaleName
GTAVLauncher.exe and PlayGTAV.exe need kernel32 QueryFullProcessImageNameW , GetTickCount64 and GetUserDefaultLocaleName and shell32 SHGetKnownFolderPath

Some DLL files such as IESHIMS.DLL and WER.DLL are also needed.

[Tripredacus]

9 hours ago, AnX said:

Some DLL files such as IESHIMS.DLL and WER.DLL are also needed.

See 2nd comment on this relatable bug report:

https://bugzilla.mozilla.org/show_bug.cgi?id=590913

In other words, you can usually ignore ieshims.dll dependency missing message.

[PROBLEMCHYLD]

Can this method be reversed to add exports instead of imports, if so, how would we do it?

http://www.sunshine2k.de/reversing/tuts/tut_AddImp.htm

Edited May 17, 2016 by PROBLEMCHYLD

[Dibya]

I have today asked Super Genius of RE master, BlackwingCat

I asked him how he add function.

If he teach us how he do then i will surely make a compability layer for XP.

Otherwise i have to go my old methode of assembly editing by adding fuction , making ASM Files and reassembling.

If god take my life and make XP topest OS in the World then also i have no problem.

Please understand my feelings

[Dibya]

ASSEMBLY CODE of GetThreadID

Please Help me

I have to make ASM File Reasssebling by adding following lines or some other way exist.

Any app exist that can directly edit a file in assembly with out hexbyte patching methode.

.text:1000A2A0 ; Exported entry 613. GetThreadId

	.text:1000A2A0

	.text:1000A2A0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦

	.text:1000A2A0

	.text:1000A2A0 ; Attributes: thunk

	.text:1000A2A0

	.text:1000A2A0                 public GetThreadId

	.text:1000A2A0 GetThreadId     proc near

	.text:1000A2A0                 jmp     dword_100244B4

	.text:1000A2A0 GetThreadId     endp

	.text:1000A2A0[\code]

 

ASSEMBLY CODE of GetThreadID

.text:1000A2A0 ; Exported entry 613. GetThreadId

	.text:1000A2A0

	.text:1000A2A0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦

	.text:1000A2A0

	.text:1000A2A0 ; Attributes: thunk

	.text:1000A2A0

	.text:1000A2A0                 public GetThreadId

	.text:1000A2A0 GetThreadId     proc near

	.text:1000A2A0                 jmp     dword_100244B4

	.text:1000A2A0 GetThreadId     endp

	.text:1000A2A0[\code]%0

Edited May 27, 2016 by Dibya

[submix8c]

@Dibya - o_O

You do realize Assembly code is... Assembly code and must be assembled either into a full Assembly Code module or patch the Original (hex) to "call" a separate module? You *must* have full code to "insert" code or else Hex-Patch. There is no other way.

Side note - Been there, done that, told Computer Associates where their code was wrong on a Mainframe Database module. Supplied both the Hex Patch and the Patched Full Code. No other way, Bro. I had a REALLY neat Disassembler that I LITERALLY improved the code that saved the loss of Source for a VERY important CICS sub-module (after using it on the Load Module), so, no, ain't gonna happen that way. Sorry.

[Dibya]

Any one can help

when i am adding some zero bytes in hex mode in kernel32.dll it is getting broken.

I donot want to replace anything