Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


win32

[WIP] Windows Vista Extended Kernel

Recommended Posts

6 hours ago, win32 said:

And in other news, so far the version changing initiative has crashed and burned. While the browsers are in better shape with the OS identifying as NT 10.0 than before, I still can't get MinorVersion changed whatsoever! Qt 5.10+ still manages to bypass ntext to call RtlGetVersion from ntdll! :realmad:

Major changes to RtlGetVersion in ntoskrnl but no effect on the user-mode version checking components. Some testing is needed with the considerably different XP x64 and W7 versions of RtlGetVersion to see if there are effects on those OSes and if so, I will look into replacing the Vista version of that function with one of those.

I think it'd be best to fake NT 6.1 or 6.3 rather than 10

Share this post


Link to post
Share on other sites

@win32 any news on the LoadLibraryRewrite from XP x64? or did it just not work out.

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, asdf2345 said:

I think it'd be best to fake NT 6.1 or 6.3 rather than 10

Unfortunately that is not possible right now as it seems to be much harder to change MinorVersion than MajorVersion on Vista (wasn't NT 6.0 supposed to be followed up by NT 7.0 according to MS plans in 2006?). I'm thinking of making a code cave to another part of the file where MinorVersion gets inserted farther up the food chain and see if it changes anything. And possibly even a filename swap between ntdll and ntext to deal with problematic software like Qt 5.10+.

Though I feel that this limitation may well be applicable to Windows 7 as well, but is less of an issue since I think W7 users will only need to spoof NT 10.0 in the future.

45 minutes ago, burd said:

 any news on the LoadLibraryRewrite from XP x64? or did it just not work out.

it didn't. though it may be revisited in the future based on 6519/7000/7601 since I am now aware of workarounds to import table limitations. Though the structures that Vista LoadLibraryExW refers to are very different from the other OSes.

Edited by win32
  • Like 1

Share this post


Link to post
Share on other sites

Got the CD's, burned the Windows Vista x64 with updates to EOL file to it, and got it installed on my HP 15-f233wm. Now I need to install Ubuntu and I will be rocking and rolling.

Share this post


Link to post
Share on other sites

I brought BWC's PE Maker to its knees. It appears that the gigantic export table of my 32 bit ntext with about 1850 functions and about 109 000 (decimal) bytes in size is too much for the application. It only seems to write the first 100 000 bytes of it. And having the export table below rsrc/reloc is a no-go with PE32 of course (need to redirect to a kernel32 pointing to ntdll or OG ntext for x86 software to work at all on my system right now :lol:).

So I looked at the problematic x86 K32* functions again. It appears that any upgrading of Nt/Zw* functions will need to be done in ntoskrnl, and some of those are very complex. But there are other ways to look at the situation, like comparing the changes between the original psapi functions and the K32 equivalents (simply forwarding a K32* to psapi doesn't work in many cases). And guess what, the only differences I saw between psapi's GetProcessMemoryInfo and K32GetProcessMemoryInfo were quite minor. All of them were like this:

NT 6.0 psapi!GetProcessMemoryInfo

jz routine1

if not zero, go to routine2

NT 6.1 kernel32!K32GetProcessMemoryInfo

jnz routine2

if zero, go to routine1

Every routine was the exact same!! A change in strategy is needed.

  • Like 2

Share this post


Link to post
Share on other sites
5 hours ago, win32 said:

I brought BWC's PE Maker to its knees.

Have you ever heard about binary ninja ? I've never had the opportunity to test it myself, but maybe it can be of help in your project... 

  • Upvote 1

Share this post


Link to post
Share on other sites
6 hours ago, dencorso said:

Have you ever heard about binary ninja ? I've never had the opportunity to test it myself, but maybe it can be of help in your project... 

No I haven't, but looking at it, it seems that it will fill the disassembly niche moreso than the PE editing niche (there are no references to PE in the documentation). And I also need to get Qt 5.10+ working before I can use it. :lol:

At least they don't actively block users from installing/running it on unsupported platforms. I can't believe that more and more software only supports Windows 10 now.

Export Table Tester crunches through the larger export tables easily (some people have complained of corruption but I never had problems) and is the only name in the game for PE32+. A masochist could probably modify/expand export tables in a hex editor though.

Share this post


Link to post
Share on other sites
23 minutes ago, win32 said:

And I also need to get Qt 5.10+ working before I can use it. :lol:

At least they don't actively block users from installing/running it on unsupported platforms. I can't believe that more and more software only supports Windows 10 now.

Is this the issue for logitech ghub? the qt plugin error thingy

Share this post


Link to post
Share on other sites
12 minutes ago, burd said:

Is this the issue for logitech ghub? the qt plugin error thingy

I think that's why teamspeak also does not work, and in future virtualbox may not work too.

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, burd said:

Is this the issue for logitech ghub? the qt plugin error thingy

Yes it is. It turns out that Qt does not discriminate against Vista, and I just updated user32 so that Qt 5.10+ will work. The Qt 5.15 application that @dencorso mentioned is working. It seems more interesting than I thought it would be, but I shouldn't need a 1200 USD licence to use multithreading, when 12 thread CPUs are dirt cheap.

Bugfixes for kernel32 have been made that allow browsers such as Brave 83 to load, but it appears that something else has broken page rendering in all Chromium browsers on my end.

3ds max 2021 starts, but now it complains about there being no IE10. If you run it through dependency walker then it doesn't, but then the licensing service whines and brings everything to a halt. (it relies on IE). Perhaps the IE10 platform preview could work.

Edited by win32
  • Upvote 1

Share this post


Link to post
Share on other sites
9 minutes ago, win32 said:

Yes it is. It turns out that Qt does not discriminate against Vista, and I just updated user32 so that Qt 5.10+ will work. Bugfixes for kernel32 have been made that allow browsers such as Brave 83 to load, but it appears that something else has broken page rendering in all Chromium browsers on my end.

Sounds positive

 

9 minutes ago, win32 said:

3ds max 2021 starts, but now it complains about there being no IE10. If you run it through dependency walker then it doesn't, but then the licensing service whines and brings everything to a halt. (it relies on IE). Perhaps the IE10 platform preview could work.

I doubt ie10 platform preview would work though i could be wrong , its very early based with a few minor improvements to ie9 

Share this post


Link to post
Share on other sites
1 minute ago, burd said:

I doubt ie10 platform preview would work though i could be wrong , its very early based with a few minor improvements to ie9 

I was going by this thread:

 

Share this post


Link to post
Share on other sites
1 minute ago, win32 said:

I was going by this thread:

 

what i meant is that , Ofc the platform preview itself works , but it has so less improvements over IE9 that would possibly still not work , idk.

Share this post


Link to post
Share on other sites
Just now, burd said:

what i meant is that , Ofc the platform preview itself works , but it has so less improvements over IE9 that would possibly still not work , idk.

In this case, it would only be needed for the licensing component of one application. At the very least it would satisfy the version check. And less risky than say, putting IE7 on win2k since they started to decouple IE from the shell in Vista. Web applications that rely on IE probably don't use its most cutting edge features.

Since it's a licensing service issue, maybe there are other ways to fix it, but I will not talk about them.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, win32 said:

Yes it is. It turns out that Qt does not discriminate against Vista, and I just updated user32 so that Qt 5.10+ will work. The Qt 5.15 application that @dencorso mentioned is working.

Definitely working on my end too , latest LGHUB , absolutely amazing.

lghub.jpg

lghub2.jpg

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...