Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Dibya

[Cancelled by the Author] Extended Kernel for XP (ExtendedXP)

Recommended Posts

On 10/11/2017 at 8:21 PM, Dibya said:

My health is better than before . I am getting back .  Now I will start from beginning. 

Welcome Back :) Please do great things

Share this post


Link to post
Share on other sites

7 minutes ago, burd said:

Welcome Back :) Please do great things

Thanks 

  • Like 1

Share this post


Link to post
Share on other sites

Anyone knows any good API redirection engine? That can redirect missing API calls to my wrapper when needed.

 

Share this post


Link to post
Share on other sites

None at run-time for XP. ImportPatcher or others manually pre-run.

Vista's explicit-load-of-DLL's-that-use-implicit-TLS problem might be solvable by simply adding the delayed dependency to the import table. I'm working on adding support for this, plus automation and more to ImportPatcher.

  • Upvote 1

Share this post


Link to post
Share on other sites

Thanks jumper

Can you see that kernel ex 0.38 source once if you can fix it for XP ?

Edited by Dibya

Share this post


Link to post
Share on other sites

Here it is http://www.mediafire.com/file/96cw6qen6dn6yr5/EXTENDEDKERNEL_SRC+CODE.7z

It is a modified kernel ex for 9x . It does works but breaks kernel32,ntoskrnl while patching.

Probably some changes may be required to make it XP friendly. If anyone play around with this one please use VM as their are chances of destroying your os.

If possible if somehow kernel ex section created before .rsc that improves stability. Petool by wildbill able to create section before .rsc

Edited by Dibya

Share this post


Link to post
Share on other sites

https://www.codeproject.com/Articles/14360/Injective-Code-inside-Import-Table

Import table runtime redirector is used previously by me for game hacks.

Here is a outstanding patch less API redirection engine but .ini support is needed so that easily it can be configured for redirecting desired API into my own wrapper.

Edited by Dibya
  • Like 1

Share this post


Link to post
Share on other sites

Sorry, I am not familiar with old versions of KernelEx or XP internals. I recommend using KernelEx v4.5.1 instead.

The code injection article is only for modifying the behavior of existing functions, not for adding missing ones.

If we add a large implicit TLS data section to Kernel32.dll, that should solve the thorny reallocation problem. Then LoadLibrary just needs to properly initialize the TLS selector index.

Edited by jumper
  • Upvote 1

Share this post


Link to post
Share on other sites

Jumper if I adjust kernel ex 4.5.1 will it work on XP. Please explain me more about kex4.5.1

Edit: jumper if you can clean up the code of kex4.5.1 and add ini support like below. I will be greatly helped.

Ini may be like this

; API redirection list 

Kernel32.Getthreadid =exkernel.Getthreadid

; Application exception

Avast.exe 

I wish to write my wrapper in assembly as that gives me maximum flexibility.

Edited by Dibya

Share this post


Link to post
Share on other sites

KernelEx 4.5.1 is 4.5.2 without the VXD. Application exceptions are supported. Just patch Kernel32.dll like you already have experience doing. Identifying the undocumented entry points will be the challenge. Kexstubs.dll should work with it. Kexstubs.ini provides all the API addition and redirection you want.

Share this post


Link to post
Share on other sites

@jumper can you explain me about kexstubs.ini redirection syntax?A example will be enough.

Edit: does kernel ex works with kernel mode API?

Edited by Dibya

Share this post


Link to post
Share on other sites
[Ntdll.dll]
CsrClientCallServer=>ROS\Ntdll: ;redirect

[User32.dll]
CalcMenuBar=z5e ;stub

Details at Kext: DIY KernelEx extensions.

KernelEx extends Kernel32.dll (and now others) for user mode only.
WdmEx is for kernel-mode extensions.

Share this post


Link to post
Share on other sites

Is there a list of what common programs will function under this modified kernel anywhere? ^^

I could try to compile a list of things if needed if I decide to boot up a VM - there's no way I'm doing testing on my real install. Feel free to give me things to test ^^

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...