win32 Posted June 7, 2022 Author Posted June 7, 2022 12 hours ago, D.Draker said: So you mean I need to patch the drivers and then prevent the tool to automatically rebuild the PE header while letting only the checksum to be fixed ? Yes.
D.Draker Posted June 8, 2022 Posted June 8, 2022 I'm pretty sure that's what I did earlier , I did not rebuild it . I removed the checkmark. Replacing K32GetModuleFileNameExA with GetModuleFileNameA was a success. Replacing K32EnumProcessModules with EnumProcessModulesEx was a failure . Found this official statement by Microsoft : "Programs that must run on earlier versions of Windows as well as Windows 7 should always call this function as EnumProcessModulesEx." https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-enumprocessmodulesex Is this a blatant lie 'cause ther's no such thing in Vista ? Perhaps you know what to insert instead ? Thank you.
UCyborg Posted June 8, 2022 Posted June 8, 2022 Not a lie, EnumProcessModulesEx is in psapi.dll. K32 version is obviously in kernel32.dll on newer OS. 1
D.Draker Posted June 8, 2022 Posted June 8, 2022 4 hours ago, UCyborg said: Not a lie, EnumProcessModulesEx is in psapi.dll. K32 version is obviously in kernel32.dll on newer OS. Thank you , but the dll wants it to be in the kernel , unfortunately. Fake redirect results in weird behaviour . All I'm saying , the dll needs to get some real values. It expects them. Looks there's a chance to launch it otherwise. Also , started to dig much newer versions and they dumped idiotic Windows 7 APIs and started to use only the ones available in Vista . There are lots of negative reviews/articles 'bout those APIs. I had to read a lot ... This driver is very fast , BTW . Example : driver of the 456.xx series loads the main nvwgf2umx.dll (32 and 64 bit , both) *even without the ex-kernel* just fine ! nvwgf2um.dll - DX10/11 32-bit driver nvwgf2umx.dll - DX10/11 64-bit driver These are all I need , 'cause I don't play DX9 games.
D.Draker Posted June 8, 2022 Posted June 8, 2022 5 hours ago, UCyborg said: Not a lie, EnumProcessModulesEx is in psapi.dll. By any chance, you know an easy way how to redirect it from kernel to psapi in the dll itself , not in windows ? Thanks.
UCyborg Posted June 9, 2022 Posted June 9, 2022 (edited) Replacing K32EnumProcessModules string in the import table with any valid kernel32.dll function name of equal or lesser length, then adding new entry in export table for psapi.dll -> EnumProcessModules, then fixing references (addresses) in the code (so that they don't point to the random kernel32.dll function from the very first step) to the new one could work. There are multiple PE editors that can add new imported functions, don't recall which ones I tried in the past, for the code fixing there's OllyDbg and similar software. I mostly worked with OllyDbg in the past, but it handles only 32-bit stuff. Quick procedure is something like this: Open the DLL. CTRL + N to show imports/exports. Locate the name you changed from the original, right-click, find references something option so you get the list of instructions to update. Check the address of the new name / functions in the window you opened with CTRL + N, go to the instructions found before (double click the entry), then double click the instruction, modify the addresses. Somewhere in the right-click menu is the option to copy everything you changed to the executable on disk. Not easy if you've never juggled with these things before, but doable if you take the time to sit down and absorb it slowly. Edited June 9, 2022 by UCyborg 1
D.Draker Posted June 9, 2022 Posted June 9, 2022 1 hour ago, UCyborg said: PE Unfortunately we can't touch PE , like win32 said.
D.Draker Posted June 9, 2022 Posted June 9, 2022 (edited) On 6/7/2022 at 4:28 PM, win32 said: Yes. 1 - Even after I switch windows to test type (I see the watermark on the screen) it still asks if I want to install the "unverified driver" crap. Is it really working ?! 2- I modded the installer of 390.67 to include the patched files . I traced what installer does . It extracts and places my patched DX9 and DX10/11 driver files , but when it comes to the kernel.sys , it extracts fine, but blocked from placing into into the system folder ! Installer failed , finita la commedia. I of course understand I could place it there myself , but I wanted the installer to do it . So what do we have ? The DSE is not really working on 64-bit systems ?! EDIT: Also , KSECDD.SYS isn't in the "right" place ? See the below. Edited June 9, 2022 by D.Draker
D.Draker Posted June 9, 2022 Posted June 9, 2022 On 6/5/2022 at 8:32 PM, win32 said: KSECDD.SYS . Vista has it so it shouldn't need to be removed.
D.Draker Posted June 9, 2022 Posted June 9, 2022 The modded driver works on Vista x86 and the older gen card (900 series) without issues. My trick with packing the dll in a usual zip folder worked like a charm. But talking about x86 and the original kernel would be off-topic here, so I'm just informing of my partial success and hoping someone would continue my work. It's getting really hot here and my damaged brain is literally melting , even with AC always on , so I'm taking a break.
win32 Posted June 10, 2022 Author Posted June 10, 2022 23 hours ago, D.Draker said: ksecdd.sys is in system32\drivers, unlike the two others. I presume the nvidia driver is not in system32\drivers, or it would be shown as present. You can adjust dependency walker's paths so it can look in system32\drivers as well.
D.Draker Posted June 10, 2022 Posted June 10, 2022 Suddenly had a chance to do a quick test on a GTX 1070 8GB from my neighbour. While the modded driver worked fine with a card from 2014 , it failed with this one miserably ! Awful framerates (like 10-15 or so) . Error from the log : "Dedicated video D3D11 device creation failed" So you all could just leave win32 alone because the lack of newer drivers has nothing to do with the ex-kernel and looks like no one's gonna write the new ones , sadly. So either you buy older gen cards or live with these terrible framerates . It couldn't even properly recognise the card ! See: ID=0x0 . And it tried to run on a "software adapter" at DX 10.1 (!). The only thing it got right - the amount of VRAM: 7998 MB. From the Mono engine DX11 game Log : d3d11: CreateDXGIFactory2(...) not found, fallbacking to CreateDXGIFactory1(...). d3d11: D3D_FEATURE_LEVEL_11_1 not-recognized (only 11.0 runtime installed?) d3d11: QueryInterface(IDXGIFactory5) failed (80004002). Direct3D: Version: Direct3D 11.0 [level 10.1] Renderer: Software Adapter (ID=0x0) Vendor: VRAM: 7998 MB Driver: 27.21.14.5638 Begin MonoManager ReloadAssembly - Completed reload, in 0.657 seconds WARNING: Shader Unsupported: 'Legacy Shaders/VertexLit' - All passes removed WARNING: Shader Did you use #pragma only_renderers and omit this platform? Dedicated video D3D11 device creation failed (error: 0x80004005). So here you go , did a test on a newer card for all of ya ....
win32 Posted June 10, 2022 Author Posted June 10, 2022 (edited) In other news, I am getting a GTX 650, which seems to work with every NT 6 GPU driver made up until the end of support, so I will be able to test new drivers on my own soon, and provide my own patching instructions, as some of the possible patches are non-trivial to devise. However based on experiences with both Pascal (and RTX 3xxx on Windows 8.1), it seems that the ability for new drivers to work with old cards does not foretell their ability to run with new cards. Edited June 10, 2022 by win32
D.Draker Posted June 10, 2022 Posted June 10, 2022 3 hours ago, win32 said: In other news, I am getting a GTX 650 This is good , you could use much newer onces , obviously . The thing is they want them for 1000 series and that's not possible. See my test above. Just finished it.
winvispixp Posted June 10, 2022 Posted June 10, 2022 (edited) i noticed that if i have server 2008 updates i can't install office 2010 anymore, it just blue screens every time i run the installer. anyone with the same problem? i don't have the kernel yet, i was going to install if afterwards edit: i found the reason why kaspersky 18 crashes with the newer versions of ex. kernel basically the web antivirus component (i guess) scans the web pages you visit while using firefox and that makes both of them crash i had kaspersky installed with the newest version of the kernel without firefox and it ran fine (even completed a full scan) but as soon as i got firefox on that laptop it broke itself i don't wanna hear any comments about my av decision, i know i could use something else and maybe be fine but just letting you know Edited June 10, 2022 by winvispixp
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now