Jump to content

[WIP] Windows Vista Extended Kernel

win32

By win32
in Windows Vista

 Share

Recommended Posts


win32

win32

Posted
  • Author
Posted
15 hours ago, mina7601 said:

 

When opening Nightly Setup:

prochackersetupvista.png

Nightly Portable:

prochackerbinvista.png

Here's the site: https://processhacker.sourceforge.io/nightly.php

The first one will definitely be easier to add than the second. The second actually is implemented in ntoskrnl (in the official version), and there are a few ways of handling it differently.

GetThreadErrorMode will be even easier to implement than either of those.

And also, I found through a bit of experimentation that several of the functions are failing because the stub dll must be explicitly loaded into memory before it can be used. But the system procedures for verifying that the dll is available are quite lax. If the dll is missing altogether, it will give an error stating the function entry point is missing like usual. But if the dll is physically there but not loaded into memory, it "works" but as soon as you try calling the function, it fails due to a null pointer.

So there will have to be some major adjustments to each (32 bit) DLL to confirm that the dll is loaded into memory beforehand. This issue did not seem apparent to me when testing started months ago and 32 bit applications like SeaMonkey started to work. I would have thought that whatever resolved the memory addresses for the functions would check to see that an available dll (as the name is available in the export table) was loaded before trying to call it.

 

2
Link to comment
Share on other sites
winvispixp

winvispixp

Posted
Posted

steam seems to be even more broken now, it wont start at all

with 05142021 the 6th oct. 2020 build works at least partially but games want newer versions to be able to run

an example is ets2 where the steam version wont start because steam is outdated but the newest cracked version works (obviously i wont provide any links to that)

Link to comment
Share on other sites
mina7601

mina7601

Posted
Posted (edited)
7 hours ago, win32 said:

The first one will definitely be easier to add than the second. The second actually is implemented in ntoskrnl (in the official version), and there are a few ways of handling it differently.

Thanks. Here's the actual full list of missing functions for Process Hacker Nightly (captured from Dependency Walker):
Process Hacker Nightly Setup:

NTDLL.DLL
RtlUTF8ToUnicodeN
RtlUnicodeToUTF8N
RtlGetFullPathName_UEx
NtQuerySystemInformationEx

Process Hacker Nightly Portable:

NTDLL.DLL
NtQuerySystemInformationEx
RtlQueryPerformanceFrequency
RtlCreateProcessReflection
RtlUTF8ToUnicodeN
RtlUnicodeToUTF8N

IPHLPAPI.DLL
InternalGetBoundTcp6EndpointTable
InternalGetBoundTcpEndpointTable

22 hours ago, mina7601 said:

In the previous release, it would open the setup, but just a blank window and unresponsive.

Here's a clarification of this part:
reshackersetupvista.png

Above screenshot shows setup tested in Feb 2022 KernelEx (Resource Hacker 5.1.8, 5.1.7 opens the setup, and installs fine). Trying it with June 2022 makes the 5.1.8 setup open, and then close quickly, and 5.1.7 gives "Access violation at address 00000001", just like @TSNH. (When he tested with CFF Explorer)

Edited by mina7601
Link to comment
Share on other sites
D.Draker

D.Draker

Posted
Posted
11 hours ago, winvispixp said:

steam seems to be even more broken now, it wont start at all

with 05142021 the 6th oct. 2020 build works at least partially but games want newer versions to be able to run

an example is ets2 where the steam version wont start because steam is outdated but the newest cracked version works (obviously i wont provide any links to that)

That's the problem of the "legit" games because they want the telemetry functions that Vista lacks, for example , I have a legit copy of MK11 , but it won't start because the game protection wants the telemetry functions. Otherwise it would work with the ex-kernel. And like you said , it's also from the bloody steam . I asked win32 wether those could be added or not , but got no reply . Looks like it's not that easy...

1
Link to comment
Share on other sites
SigmaTel71

SigmaTel71

Posted
Posted (edited)
On 6/11/2022 at 6:48 AM, win32 said:

I released a new extended kernel.

Very nice! Is there a more detailed changelog against the previous release?

On 6/11/2022 at 6:48 AM, win32 said:

and some newer compilers/linkers should work too.

IIRC, executables built with VC2015 linkers and compilers work perfectly, but some of them may not be working due to 'incompatible' PE header (if I got it right). Or have you meant the 2017+ ones?

 

image.png.86197e1b07f77f0088547c2d5bf7b512.png

Edited by SigmaTel71
Link to comment
Share on other sites
win32

win32

Posted
  • Author
Posted
8 minutes ago, SigmaTel71 said:

IIRC, executables built with VC2015 linkers and compilers work perfectly, but some of them may not be working due to 'incompatible' PE header (if I got it right). Or have you meant the 2017+ ones?

I meant compilers and linkers themselves. Clang works now, which is important for the MozillaBuild toolchain.
 

16 minutes ago, SigmaTel71 said:

Very nice! Is there a more detailed changelog against the previous release?

Many functions were added on the WOW64 side, including kernel32, ole32, shell32, user32, dwmapi, uxtheme and powrprof.

However there seem to be issues with some of them, that testers did not discover at first.

2
Link to comment
Share on other sites
Sergiaws

Sergiaws

Posted
Posted

I can't install it, the installer fails while creating the .bak files. Tried too in safe mode, it apparently installs but no modified files in system32/syswow64 when I checked. How can I solve it?

Link to comment
Share on other sites
winvispixp

winvispixp

Posted
Posted
21 minutes ago, Sergiaws said:

I can't install it, the installer fails while creating the .bak files. Tried too in safe mode, it apparently installs but no modified files in system32/syswow64 when I checked. How can I solve it?

did you run it as administrator?

Link to comment
Share on other sites
mina7601

mina7601

Posted
Posted (edited)
On 6/13/2022 at 12:21 AM, mina7601 said:

reshackersetupvista.png

Above screenshot shows setup tested in Feb 2022 KernelEx (Resource Hacker 5.1.8, 5.1.7 opens the setup, and installs fine). Trying it with June 2022 makes the 5.1.8 setup open, and then close quickly, and 5.1.7 gives "Access violation at address 00000001", just like @TSNH. (When he tested with CFF Explorer)

I should add, this only happens with the setup installer of the program. The portable version (zip install) of the program works fine otherwise of course.

Edited by mina7601
Link to comment
Share on other sites
win32

win32

Posted
  • Author
Posted
1 hour ago, mina7601 said:

I should add, this only happens with the setup installer of the program. The portable version (zip install) of the program works fine otherwise of course.

I believe this particular issue happens on all Vista.

A lot of the breakage that has occurred is attributed to ChangeWindowMessageFilterEx; looks like it will have to be looked over quite heavily.

2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...