XomPie

[Dibya]

31 minutes ago, Svyatpro said:

Only up to 50's version. I don't certainly know why. Fails at the beginning at Chrome.exe

Same here it crashes on XP.

Crome 50 works but give bsod with dx10 . I am using FF for now.

[Svyatpro]

I think we can run Opera 39 dev build which is newer than Chrome 50 and is based on Chrome 51. I've added a bit more exports to my Extended Kernel for 2003 and Opera 39 starts, shows a browser window and crashes right after start. It needs more digging, I will try to do my best working around on it.

Edited October 31, 2016 by Svyatpro

[Dibya]

9 hours ago, Svyatpro said:

I think we can run Opera 39 dev build which is newer than Chrome 50 and is based on Chrome 51. I've added a bit more exports to my Extended Kernel for 2003 and Opera 39 starts, shows a browser window and crashes right after start. It needs more digging, I will try to do my best working around on it.

Same Happening It opens for few second then show some read write error .

I debugged with ida but found nothing suspicious . It is really tough to shoot out the problem.

do you know any way to get GPT drive support in 32bit XP?

Edited November 1, 2016 by Dibya

[leecher]

17 hours ago, Dibya said:

do you know any way to get GPT drive support in 32bit XP?

I guess you already know but Paragon GPT Loader works like a charm for me for years if you use the 2 patches I made for it:

http://hardwarefetish.com/524-paragon-gpt_loadersys-bsod-analysis-and-fix

http://hardwarefetish.com/612-gpt_loader-sys-revisited-file-read-problem

[jaclaz]

5 minutes ago, leecher said:

I guess you already know but Paragon GPT Loader works like a charm for me for years if you use the 2 patches I made for it:

http://hardwarefetish.com/524-paragon-gpt_loadersys-bsod-analysis-and-fix

http://hardwarefetish.com/612-gpt_loader-sys-revisited-file-read-problem

Good to know  (about the patches), talking of serendipity ....

Cross linking to:

http://reboot.pro/topic/18547-vhd-xp-setup-install-xp-in-vhd/?p=199566
http://reboot.pro/topic/18547-vhd-xp-setup-install-xp-in-vhd/?p=200682

jaclaz
 

[leecher]

On 12.10.2016 at 0:08 AM, TuMaGoNx said:

BTW I think I'd abandon patchless idea.. hooksubsystem itself is hackish and might be restrictive, I can't use redirection manifest either as having another "kernel32.dll" often trigger DEP. Not to mention I get chicken-egg situation as my dll (the xp kernel32 part) is just forwarder not even wrapper, the redirection manifest would meant any dependencies (dll) would call the fake kernel instead of just the executable.

What about AppCompat shims? I haven't reverse engineered the Windows XP Shim Engine yet, but some people attempted to do this and in my opinion it may be the "cleanest" way, as the compatibility settings for running applications in compatibility mode are also applied with the Shim Engine. So maybe we could do some research on it?

This document sums up available documentation: https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf

Just an idea...

[TuMaGoNx]

Awesome leecher! I will read up the doc
BTW looks like the patch works for gpt loader that bundled in FREE drive copy 14 XP edition https://www.paragon-software.com/home/dc-xp/

EDIT:
@leecher
Would you enlighten me how thing might works with AppCompat ? maybe a diagram

Edited November 3, 2016 by TuMaGoNx

[roytam1]

anyone tried this on palemoon 27 beta 3?

http://www.palemoon.org/WIP/

[leecher]

19 hours ago, TuMaGoNx said:

Would you enlighten me how thing might works with AppCompat ? maybe a diagram

Hi,

I'm don't really know a lot about AppCompat Shim Engine myself yet, but in LdrpMapDll, there is some code referencing an AppCompat redirect, which in turn allows the application to setup a DLL redirection path for a library on load:

typedef
NTSTATUS (NTAPI *PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION)(
    IN ULONG Flags,
    IN PCWSTR DllName,
    IN PCWSTR DllPath OPTIONAL,
    IN OUT PULONG DllCharacteristics OPTIONAL,
    IN PVOID CallbackData,
    OUT PWSTR *EffectiveDllPath
    );

NTSYSAPI
NTSTATUS
NTAPI
LdrSetAppCompatDllRedirectionCallback(
    IN ULONG Flags,
    IN PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION CallbackFunction,
    IN PVOID CallbackData
    );

I think documentation is quite clear, check DllName in callback, if it is one of our system DLLs that need redirection and if so, fill EffectiveDllPath pointer accordingly with pointer to memory allocated with RtlAllocateHeap, caller will free. As I didn't find any direct reference to this function, my assumption is that it is designed to be used by some Shim-DLLs in the Notify-Routine in order to setup redirection.

I just thought I should point into that direction, maybe it is useful, as this method circumvents KnownDLLs check.

[TuMaGoNx]

@leecher: thank you, if the redirection possible then the problem left is subsystem version check workaround?
maybe how wine run executable can be used? when i used wine msi to workaround installer, i think wine may have pe loader (like mono/netCore) too (though not convenient to use)

[leecher]

26 minutes ago, TuMaGoNx said:

@leecher: thank you, if the redirection possible then the problem left is subsystem version check workaround?
maybe how wine run executable can be used? when i used wine msi to workaround installer, i think wine may have pe loader (like mono/netCore) too (though not convenient to use)

Hmn, you would need to patch BasepIsImageVersionOk() call in KERNEL32 for that... If you completely replace KERNEL32.DLL with your version (should work if you exclude kernel32.dll from SFP (http://www.rohitab.com/discuss/topic/27845-disable-windows-file-protection/) ),you could also replace this check, but that doesn't look like a clean solution. In my NTVDM x64 project, I used an additional DLL that gets loaded into every process and patches the NT loader according to my needs to re-enable startup of NTVDM on 64bit Windows, this would also be an option (see my sourcecode at https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/src/ldntvdm/ldntvdm/ldntvdm.c), but maybe AppCompat wrapper DLL can do these patches too on load or something like that?

[TuMaGoNx]

@leecher: No, XomPie try to be application-side so it wont initialized by/with system (e.g wont make XP act like Win7)
the AppInit hook won't be dissimilar from HookSubSystem that I found earlier but I think this may be the only proper place to do as AppCompat seems come a bit late according to http://www.alex-ionescu.com/?m=200705

[TuMaGoNx]

been a while with no update.. I think of other loader (similar purpose to msiexec7) but for non-msi installer that will lie about nt version (via API intercept/virtualized registry). Could make use of Deviare-InProc and with few more shims (winsock2 and maybe crypto dlls) then maybe a final alpha will out

[jumper]

> @Jumper: which gcc you use? it reject def the way you use
MSVC5 and 6, not gcc.

Both @101 and #101 seem to work for both implicit and explicite loads by ordinal, however,
shell.#@101 (in shellxp.dll v0.2a) probably will not!

> and you can delete the attachment you made like dencorso said. I *missed* the bin icon previously, since I always turned off the JS and images (only turn JS on to upload)
No bin icon for me, even with Chrome fully enabled.

Update: As of mid-November 2016, the Delete button has been fully restored to My Attachments and works great. Thanks, xper!

Edited January 7, 2017 by jumper

[MikeyV]

I am just happy people are trying to do this. I will be in the clouds if and when it is a reality.

So, i know there is no perfect solution at this time, but i will take this moment to say thank you to all contributing, either with code or knowledge.

I only wish i knew what i was doing in relation to this topic to be able to help. Using AppVerifier to remove false vista+ requirements is as far as i have got.