Jump to content

NTOSKRNL Emu_Extender for Windows XP/2003


Recommended Posts

19 minutes ago, George King said:

I just tried to port sdbus.sys + sdstor.sys from Windows 8 build 8056 (first true Generic SD/MMC driver) to Windows 7 and XP and on Windows 7 are these functions needed to add into extender, otherwise there will be missing imports.

        PoFxIdleComponent
	IoSynchronousCallDriver
	PoFxSetDeviceIdleTimeout
	PoFxUnregisterDevice
	PoFxStartDevicePowerManagement
	PoUnregisterPowerSettingCallback
	PoFxActivateComponent
	KeLeaveGuardedRegion
	KeEnterGuardedRegion
	PoFxCompleteIdleCondition
	PoFxCompleteIdleState
	PoFxReportDevicePoweredOn
	PoFxCompleteDevicePowerNotRequired
	PoFxRegisterDevice
	IoGetActivityIdIrp
	RtlQueryRegistryValuesEx

Most important is Win8 new Power Framework embeded to ntoskrnl

it is complicated code with callbacks to user code(not sure 100%), it is hard to emulate it properly, you can try replace most of functions to dummy stubs, but do it just as a fun, no any guarantee

Link to comment
Share on other sites


11 minutes ago, Mov AX, 0xDEAD said:

Most important is Win8 new Power Framework embeded to ntoskrnl

it is complicated code with callbacks to user code(not sure 100%), it is hard to emulate it properly, you can try replace most of functions to dummy stubs, but do it just as a fun, no any guarantee

I tried it, but without success. This is what I used to add blank exports. I think there must be added real code for that.

Link to comment
Share on other sites

PoFxRegisterDevice - CALLBACKs

Quote

 

NTSTATUS PoFxRegisterDevice(
  _In_   PDEVICE_OBJECT Pdo,
  _In_   PPO_FX_DEVICE Device,
  _Out_  POHANDLE *Handle
);
Device

A pointer to a caller-allocated PO_FX_DEVICE structure that contains the registration information for the device. This structure contains pointers to a set of callback routines that are implemented by the device driver. PoFx calls these routines to communicate with the driver.

 

PoFxIdleComponent - NO CALLBACKs

PoFxSetDeviceIdleTimeout - NO CALLBACKs

PoFxUnregisterDevice - NO CALLBACKs   PoFxStartDevicePowerManagement - NO CALLBACKs
PoRegisterPowerSettingCallback + PoUnregisterPowerSettingCallback - CALLBACKs, Vista+ new feature, not used in  sdbus
PoFxActivateComponent - NO CALLBACKs
PoFxCompleteIdleCondition - NO CALLBACKs
PoFxCompleteIdleState - NO CALLBACKs
PoFxReportDevicePoweredOn - NO CALLBACKs
PoFxCompleteDevicePowerNotRequired - NO CALLBACKs
Link to comment
Share on other sites

On 7/11/2022 at 2:26 PM, Mov AX, 0xDEAD said:

PoFxRegisterDevice - CALLBACKs

 

PoFxIdleComponent - NO CALLBACKs

PoFxSetDeviceIdleTimeout - NO CALLBACKs

PoFxUnregisterDevice - NO CALLBACKs   PoFxStartDevicePowerManagement - NO CALLBACKs
PoRegisterPowerSettingCallback + PoUnregisterPowerSettingCallback - CALLBACKs, Vista+ new feature, not used in  sdbus
PoFxActivateComponent - NO CALLBACKs
PoFxCompleteIdleCondition - NO CALLBACKs
PoFxCompleteIdleState - NO CALLBACKs
PoFxReportDevicePoweredOn - NO CALLBACKs
PoFxCompleteDevicePowerNotRequired - NO CALLBACKs

 

I just looked into wdm.h. This is what I can add and compile. It's far from my know how and it probably can't work.

	    
typedef PO_FX_COMPONENT_ACTIVE_CONDITION_CALLBACK, *PPO_FX_COMPONENT_ACTIVE_CONDITION_CALLBACK;
typedef PO_FX_COMPONENT_IDLE_CONDITION_CALLBACK, *PPO_FX_COMPONENT_IDLE_CONDITION_CALLBACK;
typedef PO_FX_COMPONENT_IDLE_STATE_CALLBACK, *PPO_FX_COMPONENT_IDLE_STATE_CALLBACK;
typedef PO_FX_DEVICE_POWER_REQUIRED_CALLBACK, *PPO_FX_DEVICE_POWER_REQUIRED_CALLBACK;
typedef PO_FX_DEVICE_POWER_NOT_REQUIRED_CALLBACK, *PPO_FX_DEVICE_POWER_NOT_REQUIRED_CALLBACK;
typedef PO_FX_POWER_CONTROL_CALLBACK, *PPO_FX_POWER_CONTROL_CALLBACK;

typedef struct _PO_FX_COMPONENT_IDLE_STATE {
    ULONGLONG TransitionLatency;
    ULONGLONG ResidencyRequirement;
    ULONG NominalPower;
} PO_FX_COMPONENT_IDLE_STATE, *PPO_FX_COMPONENT_IDLE_STATE;

typedef struct _PO_FX_COMPONENT_V1 {
    GUID Id;
    ULONG IdleStateCount;
    ULONG DeepestWakeableIdleState;
    PPO_FX_COMPONENT_IDLE_STATE IdleStates;
} PO_FX_COMPONENT_V1, *PPO_FX_COMPONENT_V1;

typedef struct _PO_FX_DEVICE_V1 {
  ULONG                                      Version;
  ULONG                                      ComponentCount;
  PPO_FX_COMPONENT_ACTIVE_CONDITION_CALLBACK ComponentActiveConditionCallback;
  PPO_FX_COMPONENT_IDLE_CONDITION_CALLBACK   ComponentIdleConditionCallback;
  PPO_FX_COMPONENT_IDLE_STATE_CALLBACK       ComponentIdleStateCallback;
  PPO_FX_DEVICE_POWER_REQUIRED_CALLBACK      DevicePowerRequiredCallback;
  PPO_FX_DEVICE_POWER_NOT_REQUIRED_CALLBACK  DevicePowerNotRequiredCallback;
  PPO_FX_POWER_CONTROL_CALLBACK              PowerControlCallback;
  PVOID                                      DeviceContext;
  PO_FX_COMPONENT_V1                         Components[ANYSIZE_ARRAY];
} PO_FX_DEVICE, *PPO_FX_DEVICE;
	
Edited by George King
Link to comment
Share on other sites

18 hours ago, George King said:

I just looked into wdm.h. This is what I can add and compile. It's far from my know how and it probably can't work.

@George King

Ignore callback logic, let driver registers calbacks, but currenlty no way to call driver code from kernel.

You can try sdbus driver with your simple stabs, they are OK, if you'l get error 10, you are unlucky, this means some condition fail in code driver, you never discover it without steb-by-step debugging

Link to comment
Share on other sites

16 hours ago, Andalu said:

Where can I get the latest master? I'm still using the extender from February 2021 with included 80 functions and now I read that the one with 81 functions is old :o

 

 

Download project from GitHub and these files to get latest discussed sources with added missing exports for latest 6.0 and 6.1 kernels targets and new functions for porting Generic SD/MMC driver from Windows 8.0 build 8056

 

EDIT: Drivers collection included in XP2ESD v1.6 already contains compiled ntoskrn8.sys with these sources. I still haven't tried new SD/MMC driver on real HW. Probably will see in few days when I reformat my Windows 7 Dell laptop that have SD card reader that match Generic HWID.

LatestChanges.7z

Edited by George King
Link to comment
Share on other sites

On 7/11/2022 at 7:59 PM, George King said:

Many thanks for that. I have added it to my source tree. Here are also modded drivers, that needs new extender with mentioned functions. Old ntoskrn8.sys for XP target is included, so needs to be recompiled with your new implementations.

Generic_SD+MMC_6.2.8056.0.7z 207.09 kB · 10 downloads

I tried the driver on qemu sd card,the sd bus driver can work but the mmc driver can't work

Link to comment
Share on other sites

2 hours ago, wyf180 said:

I tried the driver on qemu sd card,the sd bus driver can work but the mmc driver can't work

Have you added newly compiled ntoskrn8.sys from latest sources mentioned after that? Or have you tried these ported drivers from latest XP2ESD which already have it?

Edited by George King
Link to comment
Share on other sites

On 7/17/2022 at 9:47 PM, Andalu said:

Where can I get the latest master? I'm still using the extender from February 2021 with included 80 functions and now I read that the one with 81 functions is old 

Feb 2021 is last master, i didnt added new functions because theres is no new ported *chance to run on XP* drivers with missing imports. @George King  try to port SecureDigital PCI driver, only one new IoSynchronousCallDriver function was posted on prev page, no more changes

Link to comment
Share on other sites

23 hours ago, Mov AX, 0xDEAD said:

Feb 2021 is last master, i didnt added new functions because theres is no new ported *chance to run on XP* drivers with missing imports. @George King  try to port SecureDigital PCI driver, only one new IoSynchronousCallDriver function was posted on prev page, no more changes

So there is no possibility to get other drivers to use in XP via emu_extender?

 

I also have one more question :D

To get the win8_uaspstor.sys driver to work properly with win7_storport.sys v6.1.7601.25735 I applied a modification to storpor8.sys at offsets 3BE2 and 3BF8 by changing respectively

'ScsiPortMoveMemory'  to  'StorPortMoveMemory' 

and

'ScsiPortNotification'  to  'StorPortNotification'.

To avoid conflicts with drivers already in the system, I renamed stoport.sys and storpor8.sys to something else and also the hexadecimal value referring to storport.sys within storpor8.sys itself.

This mod also avoids system crashes when you reboot or shutdown the system with a UAS device still connected to the USB port as already reported some time ago by @pappyN4.

I have tried the UAS driver on two intel systems for two months using all my UAS devices with no "apparent" problems detected.

 

Here is the question: what can I test to be sure that the driver thus modded can be safely applied and that it is not instead an insane modification (and wasted time)?

Thanks ;)

Edited by Andalu
Link to comment
Share on other sites

On 7/21/2022 at 8:25 PM, George King said:

Have you added newly compiled ntoskrn8.sys from latest sources mentioned after that? Or have you tried these ported drivers from latest XP2ESD which already have it?

I found the problem today:the mmc device was not emulated by qemu😁

Link to comment
Share on other sites

  • 3 weeks later...
On 6/17/2020 at 1:26 PM, Mov AX, 0xDEAD said:

NTOSKRNL Emu_Extender
If XXX.sys is driver made for Windows 8, change security_cookie to random value, security_cookie is constant 0x4EE640BB(x32) / 0x32A2DF2D992B(x64) inside file, change only first match !

I forgot on how to do this. :o I cannot find any of those entries with my Hex Editor (XVI32). :blink:

Edited by Outbreaker
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...