Jump to content

[WIP] Windows Vista Extended Kernel


win32

Recommended Posts

3 hours ago, WinClient5270 said:

 

Speaking of getting programs working, I have one that you may be interested in trying: After growing up with the widely-beloved original console game from 2003, I decided to purchase the newly released SpongeBob SquarePants: Battle for Bikini Bottom Rehydrated on Steam. To my dismay (but not to my surprise), it will not run in Windows Vista due to several missing functions. It apparently works with Windows 7 or later according to the Steam page (Win7/8.1 support is claimed in the Additional Notes section), but at least two of these functions are exclusive to Windows 8 or later, so unless these are simply delay load functions that don't prevent the game from running in Windows 7 (I have yet to test it on that OS), then the game will only run in Windows 8 or later. 

 

Well maybe the start would be from getting steam(the new one) working, the workaround way might stop working soon , getting waterfox to run could potentially mean that the new steam also does function. Also i second win32 your videos are pretty good:cool:.

Link to comment
Share on other sites


I have now ported over K32EnumProcessModules, K32EnumProcessModulesEx, GetCurrentPackageId and GetSystemTimePreciseAsFileTime. GetCurrentPackageId should work, but it's not perfectly true to the 2012R2 implementation as some instructions ended up being shorter (due to a short proximity between addresses in the file making the call instructions one byte shorter than before. one workaround for a similar issue seen in an earlier post can prove problematic). If there are issues, I will promptly correct them but I don't see why it wouldn't work ATM. K32GetProcessImageFileNameA/W are also done; now all I have to do is K32QueryWorkingSet(Ex) and GetNumaNodeProcessorMaskEx.

P.S. I have no way of actually running Vista right now, and will not for several days. I'll try setting up VMs on my Kaby Lake laptop but I am a little lazy when it comes to that, especially with no way to easily slipstream updates (used to the convenience of HFSLIP and nLite). And building a new wim with updated files will take some time since I do want it to be based on a clean install.

Once those are finished, I think that the vast majority of Windows 7 software will be satisfied. There are still about 18 other functions (mostly of the K32* variety), but in practice they are seldom used by popular applications (but if you do have software that uses these functions, please tell me). Since the Steam client is still 32bit, I think that starting on the 32bit version of kernel32.dll (and extending user32. shell32, and Media Foundation libraries) is a greater priority than ensuring the re-implementation of all Windows 7/8 functions.

And then it's on to the kernelmode stuff like ntoskrnl/dxgkrnl/win32k etc.

I have so many ideas about making extensions to so many operating systems. I'd thought about making kernel extensions for OSes like Windows 95 (usermode), NT4, VxDEX for Windows 95 to run Windows 98 VxD drivers, or even 3.0 to get it to run 3.1x software (forget about the last two for now; not many tools for looking into and editing NE/LXs). And one idea in particular was very perverted: adding UWP support to Vista/7. :crazy:

But I decided to focus on the most practical idea: extending Vista.

 

Edited by win32
Link to comment
Share on other sites

5 hours ago, greenhillmaniac said:

How would you go about in implementing this in a conceptual view? UWP seems so linked to the way Windows 10 handles all of its subsystems, it seems like an impossible task.

There is no UWP without win32, right (on desktop Windows 10)? I haven't looked at the way it's done on Windows 10, but on 2012R2 the WinRT/appx/XAML binaries usually link back to ntdll and the various api-ms-win-*, many of which used to be part of the main usermode Windows NT binaries.

At this point in time, I'd think of trying to port over the Windows 10 explorer along with the store infrastructure. I think that there would be a lot of copying of the api-ms-win-* for XAML/WinRT/UWP/etc. from a Windows 10 install.

Would this work? I still have my doubts as the Windows 2000 explorer has never been successfully ported to XP (no WinRT/XAML involved, and much simpler, but not everyone thinks of adding API functions to XP's files). And it wouldn't be very practical as win32 is still extremely popular.

Link to comment
Share on other sites

Update on the OS version faking situation. Application Verifier is indeed the best tool for this purpose on Windows NT 6.x, and I've found a trick that should allow installation of GIMP 2.10.2 and later on Vista. It will be important to keep in mind for other installers.

The main GIMP installer (gimp-2.10.xx-setup-x.exe) does not do any version checking on its own. But a file spawned by it, named gimp-2.10.xx-setup-x.tmp does. It will be located in your X:\Users\UserXXXX\AppData\Local\Temp in a semi-cryptic but usually most-recent folder, but you actually don't need to track it down; with Application Verifier, you can simply go to File -> Add Application and change the filter from Programs to All Files (*.*) to add the name of the application/temp installer/etc. you need to hoodwink, even if it's not in the folder shown in the dialog. So you will be ready the next time you fire up an installer which creates temp files. Some like VMware version check in both the main executable and in the temp executables.

To put the version faking to work, set the properties in HighVersionLie, listed under Compatibility in the Tests tree. Major version 6, minor version 1, build number 7601 and service pack major 1 should be good enough in most cases for now.

Now that the x64 kernel32.dll is finished (but needs to be tested), it is time to determine which functions need to be extended in auxiliary user-mode binaries. The list will grow somewhat longer over time.

shell32.dll

SetCurrentProcessExplicitAppUserModelID

GetCurrentProcessExplicitAppUserModelID

There may be a couple more that Waterfox calls but I can't remember them at present. I will once I get back to my Vista machine in about 12 hours. :yes:

user32.dll

CloseTouchInputHandle
GetTouchInputInfo
RegisterTouchWindow

SetCoalescableTimer (Office 2019 installer)

mf.dll
MFCreateDeviceSource
MFEnumDeviceSources

mfplat.dll
MFCreateDXGIDeviceManager
MFCreateDXGISurfaceBuffer
MFCreateMFByteStreamOnStream
MFCreateSourceResolver
MFPutWaitingWorkItem

MFTEnumEx

MFCreateMFByteStreamOnStream

I don't see the need to extend advapi32.dll. Only ten new exports (four documented ones) were added to it in Windows 7; a lot more were added in 8 (some were taken away in 8.1), but I highly doubt that these are used by widely available software, as in not custom corporate stuff or part of the OS. If you have evidence to the contrary, please tell me.

 

Edited by win32
Link to comment
Share on other sites

Oh wow, this is AMAZING. If someone would have told me about this before I read this topic, I would have told them to stop dreaming. I mean, this is a huge deal for Vista users. I could even imagine extended hardware support through drivers thanks to this. Since I do feel like Vista has been "killed-off" artificially, with most companies putting XP and Vista in one box, even though Vista and 7 are mostly identical. Just like 8 and 8.1, in my opinion. But then again, I am sadly not very tech-savy, even though I'd wish to be! At least I have basic knowledge, I suppose.

Link to comment
Share on other sites

How will Tobin feel about this? :P

pale-moon-is-working.png

There has only been one minor glitch where the title/URL/bookmark/tab bar briefly expanded when I was on YouTube. But I may have seen it before on 2012R2. Waterfox Classic 2020.3.1 is working too, but only in non-e10s mode (same as Pale Moon). I need to finish up SetCurrentProcessExplicitAppUserModelID in shell32.dll before e10s will work, it appears.

I finished implementing CoGetApartmentType in ole32.dll, and it appears that dwmapi.dll is OK with stubs since the OS doesn't actually use the functions that newer Firefox-based browsers ask of that file. And there are some extra functions in user32.dll and uxtheme.dll that will be needed to make Firefox 68.9 ESR happy.

More updates: K32GetModuleInformation will be added to kernel32 to accommodate SeaMonkey 2.53.x.

And the thing that keeps e10s from working in Waterfox is that earlier one part of SetCurrentProcessExplicitAppUserModelID was bugged in a way similar to that of SetThreadErrorMode a few pages back. Problem is that NtQueryInformationProcess is not imported by the original Vista file, and there is no room to expand the import table (and I haven't found a good way to move import tables in x64 binaries yet). So first I tried adding NtQueryInformationProcess as a subroutine to shell32.dll. But that causes waterfox to crash with a BEX64 error (related to DEP/NX). And NtQueryInformationProcess has a syscall function in it. According to Intel 64 manual, syscall is a "Fast call to privilege level 0 system procedures". And as such, it is inappropriate for shell32 and should only be in ntdll.

Edited by win32
Link to comment
Share on other sites

7 hours ago, win32 said:

How will Tobin feel about this? :P

pale-moon-is-working.png

 

I say we wrap it up and send it to him as a Christmas gift and find out :^)

I haven't been active here in some time, but I just created a new account for this thread. My props to you for this endevour! I never expected a contribution of this magnitude to come to Vista, but I always suspected it would be following 7's EoL if/when it did. Personally I moved to 7 a few years ago, and simply 'converted' it if you will with the help and collaboration of @WinClient5270 among others. I can't say I have any complaints with it, but it still pained me seeing the original NT 6.0 barred from usability by such arbitrary means.

Might I inquire which variant of Waterfox you wish to get working first? Current or Classic? Having WF on Vista would be a night and day difference for web browsing on Vista!

Also, I do have one question for you. As @WinClient5270 and myself have learned, painfully from experience. Haswell absolutely does not play ball with Vista. Not even my x99 Haswell-E setup. Vista will complete installation, and even support all/or most chipset functions. But it suffers from a rather severe startup issue. Essentially, about 1 in every 5 boots will present with a "timing initialization error" or some such. This will either blacken out the login screen, or login with incomplete services. Explorer might not start, or a network/sound device may not initialize, etc. I was wondering if you could perhaps look into this issue?

Also, a friend who wishes to remain nameless created a Vista ISO with all updates slipstreamed, those from Server 2008 up through January of this year included. I'm not sure about the rules regarding sharing ISOs from Internet Archive or similar on this board or I'd link it here. Having said that. Would a pre-updated install medium simplify the process of editing the kernel32 dll? I'd love to share the image here once I have clarity about the rules of sharing such material here.

Cordially

 

Imitation NT 6.0 going strong here :cool:

uuuu.jpg

Link to comment
Share on other sites

11 hours ago, NT 6.0 said:

Since I do feel like Vista has been "killed-off" artificially, with most companies putting XP and Vista in one box, even though Vista and 7 are mostly identical.

Even MS with the whole update throttling after Windows 10 release was just an attempt to kill it off and make less technical people move to 10 IMO.

Rest of your post equally on point.

Link to comment
Share on other sites

33 minutes ago, docR said:

I say we wrap it up and send it to him as a Christmas gift and find out :^)

I haven't been active here in some time, but I just created a new account for this thread. My props to you for this endevour! I never expected a contribution of this magnitude to come to Vista, but I always suspected it would be following 7's EoL if/when it did. Personally I moved to 7 a few years ago, and simply 'converted' it if you will with the help and collaboration of @WinClient5270 among others. I can't say I have any complaints with it, but it still pained me seeing the original NT 6.0 barred from usability by such arbitrary means.

Might I inquire which variant of Waterfox you wish to get working first? Current or Classic? Having WF on Vista would be a night and day difference for web browsing on Vista!

Also, I do have one question for you. As @WinClient5270 and myself have learned, painfully from experience. Haswell absolutely does not play ball with Vista. Not even my x99 Haswell-E setup. Vista will complete installation, and even support all/or most chipset functions. But it suffers from a rather severe startup issue. Essentially, about 1 in every 5 boots will present with a "timing initialization error" or some such. This will either blacken out the login screen, or login with incomplete services. Explorer might not start, or a network/sound device may not initialize, etc. I was wondering if you could perhaps look into this issue?

Also, a friend who wishes to remain nameless created a Vista ISO with all updates slipstreamed, those from Server 2008 up through January of this year included. I'm not sure about the rules regarding sharing ISOs from Internet Archive or similar on this board or I'd link it here. Having said that. Would a pre-updated install medium simplify the process of editing the kernel32 dll? I'd love to share the image here once I have clarity about the rules of sharing such material here.

Cordially

 

Imitation NT 6.0 going strong here :cool:

uuuu.jpg

While I am aware that this is not directed at me by any means, I want to confirm what a great helper @WinClient5270 transformation pack for Windows 7 is. I personally used some of the Windows Sidebar files in combination with 8gadgetbar on Windows 10 to make the sidebar look just like the one you'd find in Vista. Works great! Next goal: Free myself from Windows 10. This project might come in handy there!

Link to comment
Share on other sites

7 minutes ago, docR said:

Might I inquire which variant of Waterfox you wish to get working first? Current or Classic? Having WF on Vista would be a night and day difference for web browsing on Vista!

I've got classic working partially (non-e10s and container tabs work); just need to get over the shell32 import table*/buffer overflow hurdle. I haven't touched Current but I've been looking closely at SeaMonkey 2.53.x and Firefox 68.9 ESR. Both use a few extra functions compared to Pale Moon and Waterfox Classic.

*Stud_PE allows extensive modification of PE32+ import tables, but the first thing I tried was simply adding a function to the full import table. This created a new section with the new import plus dummy entries. Indeed, you cannot split an import table and thus seemed to mess up the file. I will try moving the import table, but Stud_PE can trigger DEP in that scenario. I'll try on my Banias Pentium M laptop.

20 minutes ago, docR said:

Also, I do have one question for you. As @WinClient5270 and myself have learned, painfully from experience. Haswell absolutely does not play ball with Vista. Not even my x99 Haswell-E setup. Vista will complete installation, and even support all/or most chipset functions. But it suffers from a rather severe startup issue. Essentially, about 1 in every 5 boots will present with a "timing initialization error" or some such. This will either blacken out the login screen, or login with incomplete services. Explorer might not start, or a network/sound device may not initialize, etc. I was wondering if you could perhaps look into this issue?

I have a Kaby Lake laptop that could be fit for that purpose. I do plan on installing Vista eventually (need to get a empty DVD-R!) to test a possible kernelmode extension that would support drivers designed for later versions of WDDM. The problem is that I still wouldn't have all of the material necessary for trying to diagnose the timing init problems, like a nullmodem/serial cable or even ports to debug the kernel from another machine using windebug. Would the problems occur when the OS is virtualized? Kernel debugging in such a case would be easier.

And I heard someone say that same problem affected Windows 7 at one time. Further details about that fix would be helpful.

29 minutes ago, docR said:

Also, a friend who wishes to remain nameless created a Vista ISO with all updates slipstreamed, those from Server 2008 up through January of this year included. I'm not sure about the rules regarding sharing ISOs from Internet Archive or similar on this board or I'd link it here. Having said that. Would a pre-updated install medium simplify the process of editing the kernel32 dll? I'd love to share the image here once I have clarity about the rules of sharing such material here.

Some users have been able to share Office 2013 ISOs from IA while others requesting W7 ISOs have been banned immediately. So I'd recommend erring on the side of caution. But I'm sure that others would be willing to promote it in their videos. ;)

No new functions seem to have been added recently to Vista's system binaries, and the security updates the files have received have made them slightly bigger. This will change the memory addresses of the new code thus causing the process to deviate slightly from those for the files I use, as most of the labour involved in extending the kernel is the result of adjusting memory addresses being called by instructions. To keep everything simple, I will provide WUC links to updates containing my versions of the files allowing everyone to play along regardless of update level.

Perhaps I will provide updated instructions for the last versions of files once Vista ESU support ends.

Link to comment
Share on other sites

6 minutes ago, win32 said:

I've got classic working partially (non-e10s and container tabs work); just need to get over the shell32 import table*/buffer overflow hurdle. I haven't touched Current but I've been looking closely at SeaMonkey 2.53.x and Firefox 68.9 ESR. Both use a few extra functions compared to Pale Moon and Waterfox Classic.

*Stud_PE allows extensive modification of PE32+ import tables, but the first thing I tried was simply adding a function to the full import table. This created a new section with the new import plus dummy entries. Indeed, you cannot split an import table and thus seemed to mess up the file. I will try moving the import table, but Stud_PE can trigger DEP in that scenario. I'll try on my Banias Pentium M laptop.

I have a Kaby Lake laptop that could be fit for that purpose. I do plan on installing Vista eventually (need to get a empty DVD-R!) to test a possible kernelmode extension that would support drivers designed for later versions of WDDM. The problem is that I still wouldn't have all of the material necessary for trying to diagnose the timing init problems, like a nullmodem/serial cable or even ports to debug the kernel from another machine using windebug. Would the problems occur when the OS is virtualized? Kernel debugging in such a case would be easier.

And I heard someone say that same problem affected Windows 7 at one time. Further details about that fix would be helpful.

Some users have been able to share Office 2013 ISOs from IA while others requesting W7 ISOs have been banned immediately. So I'd recommend erring on the side of caution. But I'm sure that others would be willing to promote it in their videos. ;)

No new functions seem to have been added recently to Vista's system binaries, and the security updates the files have received have made them slightly bigger. This will change the memory addresses of the new code thus causing the process to deviate slightly from those for the files I use, as most of the labour involved in extending the kernel is the result of adjusting memory addresses being called by instructions. To keep everything simple, I will provide WUC links to updates containing my versions of the files allowing everyone to play along regardless of update level.

Perhaps I will provide updated instructions for the last versions of files once Vista ESU support ends.

Fair enough, re: updates. So you recommend only patching up to 2017 to use your extensions for the time being?

Strangely, no. My first experience was with an MSI Z97 PC Mate. Virtualization was fine. There are also no virtualization related issues with my new (old?) Haswell-E setup, a Precision t5810 to be precise.

I figured that much, WF Classic is more closely to FF 56 so I expected less deviation in the way of new functions being called upon. It's quite a competent browser nevertheless, rather fast with a few content process enabled. Here's hoping you eventually solve the issue with e10s.  ESR 68 / or the impending ESR 78 WF will use in the coming months would be amazing too.

.......Indeed. Linking an ISO image of a fairly recent proprietary OS seems rather unwise atm. AFAIK even freeware must be shared only from a direct, official source.

(pardon my formatting, it's been quite some time since i've used this board)

 

Link to comment
Share on other sites

Just now, docR said:

So you recommend only patching up to 2017 to use your extensions for the time being?

You don't have to do so unless you're planning on replacing your system files with mine. With a manifest or local file in the program folder, it will simply use the modified files present in the program folder (if they're not present there, then it will look in x:\windows\system32 or syswow64). I'd like to say that in such a scenario, an old file of mine should work well with a newer MS file since the differences are relatively minor.

6 minutes ago, docR said:

ESR 68 / or the impending ESR 78 WF will use in the coming months would be amazing too.

ESR 68 seems to ask for nothing more than about 5 extra functions in user32. If they're simple enough (few import and subroutine calls within), I could have them done in a day!

7 minutes ago, docR said:

a Precision t5810 to be precise.

Nice. I use an HP Z600 with a Xeon X5670 for Vista (and Windows 2000)!

Link to comment
Share on other sites

36 minutes ago, win32 said:

You don't have to do so unless you're planning on replacing your system files with mine. With a manifest or local file in the program folder, it will simply use the modified files present in the program folder (if they're not present there, then it will look in x:\windows\system32 or syswow64). I'd like to say that in such a scenario, an old file of mine should work well with a newer MS file since the differences are relatively minor.

ESR 68 seems to ask for nothing more than about 5 extra functions in user32. If they're simple enough (few import and subroutine calls within), I could have them done in a day!

Nice. I use an HP Z600 with a Xeon X5670 for Vista (and Windows 2000)!


Ah, I follow. So a localized dll would eliminate the need to replace the system file(s)? And what of installers with failed dependencies or calls? Could the installer executables similarly be isolated in a directory with the modded extension file(s)? What about soft-locked installers that check the OS version? Can this extension spoof NT 6.1?

That's great to know ESR 68 introduces so few new calls! :)

Ah, the legendary X56 era Xeons. Nice setup! I'm waiting on those v4/Broadwell era Xeons to lose value so I can gain more cores at no expense to ipc. I have my Dell Precision paired with a Maxwell EVGA 970 rn via 3rd party pcie GPU cable, tho in the near future I'll probably snag a 980ti. That would be at the upper limit of this multi-rail 685w PSU, but I'd like to retain as much OS compatibility as I feasibly can. The performance on these Maxwell cards still holds remarkably well.

Link to comment
Share on other sites

1 minute ago, docR said:


Ah, I follow. So a localized dll would eliminate the need to replace the system file(s)? And what of installers with failed dependencies or calls? Could the installer executables similarly be isolated in a directory with the modded extension file(s)? What about soft-locked installers that check the OS version? Can this extension spoof NT 6.1?

Yes! So only user-specified programs can use the kernel extensions, which can easily lock out malware that relies on W7+ functions yet doesn't have local/manifests specified for it.

I'd think that it would work for installers as well, as all program-linked libraries will call the local dlls instead of the system ones.

Bootstrapped ones that check for OS versions are gonna be harder to work of course, but a few posts back I found a solution for new GIMP installers with general advice applicable to installers of such stubbornness. You can use Orca to modify/drop LaunchCondition tables in msi installers. For everything else, version spoofing through Application Verifier will work. In cases where a bootstrapped installer in a temp folder checks as well, you just need to get the name of that installer (but not path) and feed it to Application Verifier.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...