burd Posted October 19, 2017 Share Posted October 19, 2017 On 10/11/2017 at 8:21 PM, Dibya said: My health is better than before . I am getting back . Now I will start from beginning. Welcome Back Please do great things Link to comment Share on other sites More sharing options...
Dibya Posted October 19, 2017 Author Share Posted October 19, 2017 7 minutes ago, burd said: Welcome Back Please do great things Thanks 1 Link to comment Share on other sites More sharing options...
Dibya Posted October 21, 2017 Author Share Posted October 21, 2017 Anyone knows any good API redirection engine? That can redirect missing API calls to my wrapper when needed. Link to comment Share on other sites More sharing options...
jumper Posted October 21, 2017 Share Posted October 21, 2017 None at run-time for XP. ImportPatcher or others manually pre-run. Vista's explicit-load-of-DLL's-that-use-implicit-TLS problem might be solvable by simply adding the delayed dependency to the import table. I'm working on adding support for this, plus automation and more to ImportPatcher. 1 Link to comment Share on other sites More sharing options...
Dibya Posted October 22, 2017 Author Share Posted October 22, 2017 (edited) Thanks jumper Can you see that kernel ex 0.38 source once if you can fix it for XP ? Edited October 22, 2017 by Dibya Link to comment Share on other sites More sharing options...
jumper Posted October 22, 2017 Share Posted October 22, 2017 > kernel ex 0.38 source ??? > fix it ??? Link to comment Share on other sites More sharing options...
Dibya Posted October 22, 2017 Author Share Posted October 22, 2017 (edited) Here it is http://www.mediafire.com/file/96cw6qen6dn6yr5/EXTENDEDKERNEL_SRC+CODE.7z It is a modified kernel ex for 9x . It does works but breaks kernel32,ntoskrnl while patching. Probably some changes may be required to make it XP friendly. If anyone play around with this one please use VM as their are chances of destroying your os. If possible if somehow kernel ex section created before .rsc that improves stability. Petool by wildbill able to create section before .rsc Edited October 22, 2017 by Dibya Link to comment Share on other sites More sharing options...
Dibya Posted October 22, 2017 Author Share Posted October 22, 2017 (edited) https://www.codeproject.com/Articles/14360/Injective-Code-inside-Import-Table Import table runtime redirector is used previously by me for game hacks. Here is a outstanding patch less API redirection engine but .ini support is needed so that easily it can be configured for redirecting desired API into my own wrapper. Edited October 22, 2017 by Dibya 1 Link to comment Share on other sites More sharing options...
jumper Posted October 22, 2017 Share Posted October 22, 2017 (edited) Sorry, I am not familiar with old versions of KernelEx or XP internals. I recommend using KernelEx v4.5.1 instead. The code injection article is only for modifying the behavior of existing functions, not for adding missing ones. If we add a large implicit TLS data section to Kernel32.dll, that should solve the thorny reallocation problem. Then LoadLibrary just needs to properly initialize the TLS selector index. Edited October 22, 2017 by jumper 1 Link to comment Share on other sites More sharing options...
Dibya Posted October 23, 2017 Author Share Posted October 23, 2017 (edited) Jumper if I adjust kernel ex 4.5.1 will it work on XP. Please explain me more about kex4.5.1 Edit: jumper if you can clean up the code of kex4.5.1 and add ini support like below. I will be greatly helped. Ini may be like this ; API redirection list Kernel32.Getthreadid =exkernel.Getthreadid ; Application exception Avast.exe I wish to write my wrapper in assembly as that gives me maximum flexibility. Edited October 23, 2017 by Dibya Link to comment Share on other sites More sharing options...
jumper Posted October 24, 2017 Share Posted October 24, 2017 KernelEx 4.5.1 is 4.5.2 without the VXD. Application exceptions are supported. Just patch Kernel32.dll like you already have experience doing. Identifying the undocumented entry points will be the challenge. Kexstubs.dll should work with it. Kexstubs.ini provides all the API addition and redirection you want. Link to comment Share on other sites More sharing options...
Dibya Posted October 24, 2017 Author Share Posted October 24, 2017 (edited) @jumper can you explain me about kexstubs.ini redirection syntax?A example will be enough. Edit: does kernel ex works with kernel mode API? Edited October 24, 2017 by Dibya Link to comment Share on other sites More sharing options...
jumper Posted October 24, 2017 Share Posted October 24, 2017 [Ntdll.dll] CsrClientCallServer=>ROS\Ntdll: ;redirect [User32.dll] CalcMenuBar=z5e ;stub Details at Kext: DIY KernelEx extensions. KernelEx extends Kernel32.dll (and now others) for user mode only. WdmEx is for kernel-mode extensions. Link to comment Share on other sites More sharing options...
Dibya Posted October 25, 2017 Author Share Posted October 25, 2017 Thanks jumper Link to comment Share on other sites More sharing options...
pinkmoon89 Posted December 6, 2017 Share Posted December 6, 2017 Is there a list of what common programs will function under this modified kernel anywhere? ^^ I could try to compile a list of things if needed if I decide to boot up a VM - there's no way I'm doing testing on my real install. Feel free to give me things to test ^^ Link to comment Share on other sites More sharing options...
Recommended Posts