Jump to content

[WIP] Windows Vista Extended Kernel


win32

Recommended Posts

12 hours ago, D.Draker said:

So you mean I need to patch the drivers and then prevent the tool to automatically rebuild the PE header while letting only the checksum to be fixed ?

Yes.

Link to comment
Share on other sites


I'm pretty sure that's what I did earlier , I did not rebuild it . I removed the checkmark.

Replacing K32GetModuleFileNameExA with GetModuleFileNameA was a success. 

Replacing  K32EnumProcessModules with EnumProcessModulesEx was a failure .

Found this official statement by Microsoft :

"Programs that must run on earlier versions of Windows as well as Windows 7 should always call this function as EnumProcessModulesEx."

https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-enumprocessmodulesex

Is this a blatant lie 'cause ther's no such thing in Vista ? Perhaps you know what to insert instead ?

Thank you.

 
Link to comment
Share on other sites

4 hours ago, UCyborg said:

Not a lie, EnumProcessModulesEx is in psapi.dll.

spacer.png

K32 version is obviously in kernel32.dll on newer OS.

Thank you , but the dll wants it to be in the kernel , unfortunately. Fake redirect results in weird behaviour . All I'm saying , the dll needs to get some real values. It expects them.

Looks there's a chance to launch it otherwise. Also , started to dig much newer versions and they dumped idiotic Windows 7 APIs and started to use only the ones available in Vista .

There are lots of negative reviews/articles 'bout those APIs. I had to read a lot ...

This driver is very fast , BTW .

Example driver of the 456.xx series loads the main nvwgf2umx.dll (32 and 64 bit , both) *even without the ex-kernel* just fine !

nvwgf2um.dll - DX10/11 32-bit driver

nvwgf2umx.dll - DX10/11 64-bit driver

These are all I need , 'cause I don't play DX9 games. 

Link to comment
Share on other sites

5 hours ago, UCyborg said:

Not a lie, EnumProcessModulesEx is in psapi.dll.

By any chance, you know an easy way how to redirect it from kernel to psapi in the dll itself , not in windows ? Thanks.

Link to comment
Share on other sites

Replacing K32EnumProcessModules string in the import table with any valid kernel32.dll function name of equal or lesser length, then adding new entry in export table for psapi.dll -> EnumProcessModules, then fixing references (addresses) in the code (so that they don't point to the random kernel32.dll function from the very first step) to the new one could work.

There are multiple PE editors that can add new imported functions, don't recall which ones I tried in the past, for the code fixing there's OllyDbg and similar software. I mostly worked with OllyDbg in the past, but it handles only 32-bit stuff. Quick procedure is something like this:

  1. Open the DLL.
  2. CTRL + N to show imports/exports.
  3. Locate the name you changed from the original, right-click, find references something option so you get the list of instructions to update.
  4. Check the address of the new name / functions in the window you opened with CTRL + N, go to the instructions found before (double click the entry), then double click the instruction, modify the addresses.
  5. Somewhere in the right-click menu is the option to copy everything you changed to the executable on disk.

Not easy if you've never juggled with these things before, but doable if you take the time to sit down and absorb it slowly.

Edited by UCyborg
Link to comment
Share on other sites

On 6/7/2022 at 4:28 PM, win32 said:

Yes.

1 - Even after I switch windows to test type (I see the watermark on the screen) it still asks if I want to install the "unverified driver" crap. Is it really working ?!

2- I modded the installer of 390.67 to include the patched files . I traced what installer does . It extracts and places my patched DX9 and DX10/11 driver files , but when it comes to the kernel.sys , it extracts fine, but blocked from placing into into the system folder ! Installer failed , finita la commedia.

I of course understand I could place it there myself , but I wanted the installer to do it . So what do we have ? The DSE is not really working on 64-bit systems ?!

EDIT:

Also , KSECDD.SYS isn't in the "right" place ? See the below.

Edited by D.Draker
Link to comment
Share on other sites

The modded driver works on Vista x86 and the older gen card (900 series) without issues. My trick with packing the dll in a usual zip folder worked like a charm. But talking about x86 and the original kernel would be off-topic here, so I'm just informing of my partial success and hoping someone would continue my work. It's getting really hot here and my damaged brain is literally melting , even with AC always on , so I'm taking a break. 

Link to comment
Share on other sites

23 hours ago, D.Draker said:

 

KSECDD.SYS.png

ksecdd.sys is in system32\drivers, unlike the two others. I presume the nvidia driver is not in system32\drivers, or it would be shown as present. You can adjust dependency walker's paths so it can look in system32\drivers as well.

Link to comment
Share on other sites

 

Suddenly had a chance to do a quick test on a GTX 1070 8GB from my neighbour. 

While the modded driver worked fine with a card from 2014 , it failed with this one miserably ! Awful framerates (like 10-15 or so) . 

Error from the log : "Dedicated video D3D11 device creation failed"

So you all could just leave win32 alone because the lack of newer drivers has nothing to do 

with the ex-kernel and looks like no one's gonna write the new ones , sadly.

 

So either you buy older gen cards or live with these terrible framerates .

It couldn't even properly recognise the card ! See: ID=0x0 . And it tried to run on a  "software 

adapter" at DX 10.1 (!). The only thing it got right - the amount of VRAM:  7998 MB.

From the Mono engine DX11 game Log :

d3d11: CreateDXGIFactory2(...) not found, fallbacking to CreateDXGIFactory1(...).

d3d11: D3D_FEATURE_LEVEL_11_1 not-recognized (only 11.0 runtime installed?)

d3d11: QueryInterface(IDXGIFactory5) failed (80004002).

Direct3D:

    Version:  Direct3D 11.0 [level 10.1]

    Renderer: Software Adapter (ID=0x0)

    Vendor:   

    VRAM:     7998 MB

    Driver:   27.21.14.5638

Begin MonoManager ReloadAssembly

- Completed reload, in  0.657 seconds

WARNING: Shader Unsupported: 'Legacy Shaders/VertexLit' - All passes removed

WARNING: Shader Did you use #pragma only_renderers and omit this platform?

Dedicated video D3D11 device creation failed (error: 0x80004005). 

 

So here you go , did a test on a newer card for all of ya ....

 
Link to comment
Share on other sites

In other news, I am getting a GTX 650, which seems to work with every NT 6 GPU driver made up until the end of support, so I will be able to test new drivers on my own soon, and provide my own patching instructions, as some of the possible patches are non-trivial to devise.

However based on experiences with both Pascal (and RTX 3xxx on Windows 8.1), it seems that the ability for new drivers to work with old cards does not foretell their ability to run with new cards.

Edited by win32
Link to comment
Share on other sites

3 hours ago, win32 said:

In other news, I am getting a GTX 650

This is good , you could use much newer onces , obviously . The thing is they want them for 1000 series and that's not possible. See my test above. Just finished it.

Link to comment
Share on other sites

i noticed that if i have server 2008 updates i can't install office 2010 anymore, it just blue screens every time i run the installer. anyone with the same problem?

i don't have the kernel yet, i was going to install if afterwards

edit: i found the reason why kaspersky 18 crashes with the newer versions of ex. kernel

basically the web antivirus component (i guess) scans the web pages you visit while using firefox and that makes both of them crash

i had kaspersky installed with the newest version of the kernel without firefox and it ran fine (even completed a full scan) but as soon as i got firefox on that laptop it broke itself

i don't wanna hear any comments about my av decision, i know i could use something else and maybe be fine but just letting you know

Edited by winvispixp
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...