Jump to content

NTOSKRNL Emu_Extender for Windows XP/2003


Recommended Posts


5 hours ago, Brickedandroid said:

@win32, the specialist of Windows Vista Extended Kernel, also should be here, and contribute this topic...

I have been extremely ill for the past two days, and there is more to the extended kernel than issues with the user mode part of a driver (either that, or there are deficiencies in the DirectX graphics kernel which are causing this).

We are already dealing with the nightmare that is the NVIDIA 39x drivers, where it seems that success is very random, as many users are already booting up to the "orb" and getting stuck on it.

Link to comment
Share on other sites

 

6 hours ago, win32 said:

I have been extremely ill for the past two days, and there is more to the extended kernel than issues with the user mode part of a driver (either that, or there are deficiencies in the DirectX graphics kernel which are causing this).

We are already dealing with the nightmare that is the NVIDIA 39x drivers, where it seems that success is very random, as many users are already booting up to the "orb" and getting stuck on it.

So, if the user mode files on all video drivers (GeForce, Radeon, Iris, Intel HD/UHD, GMA, etc.) that are causing system problems such as program crash or BSOD, is it right if the problems are probably caused by DirectX files?

Edited by Brickedandroid
Link to comment
Share on other sites

  • 4 weeks later...
On 10/15/2022 at 4:58 PM, Damnation said:

@ArtP2000

I think @George King has a version that has this function implemented.

I have updated my fork of NTOSKRNL_Emu by @Mov AX, 0xDEAD repository on GitHub to v12, I hope it can work without issues.

https://github.com/GeorgeK1ng/NTOSKRNL_Emu

 

ChangeLog

v11 changes

1) Added Windows 7 ntoskrnl.exe v6.1.7601.25920 (win7sp1_ldr_escrow.220316-1740) exports
      x64
        EtwSetInformation
        FsRtlPrepareToReuseEcp
        FsRtlRegisterUncProviderEx2
        IoEnumerateRegisteredFiltersListEx
        IoRegisterFsRegistrationChangeMountAwareEx
        KeConnectInterruptForHal
        KeFlushCurrentTbImmediately
        PsDereferenceKernelStack
        PsReferenceKernelStack
        RtlIsSandboxedToken
        SeGetLogonSessionToken
        
	x86
        EtwSetInformation
        FsRtlPrepareToReuseEcp
        FsRtlRegisterUncProviderEx2
        IoEnumerateRegisteredFiltersListEx
        IoRegisterFsRegistrationChangeMountAwareEx
        KeConnectInterruptForHal
        KiMcaExceptionHandlerWrapper
        PsDereferenceKernelStack
        PsReferenceKernelStack
        RtlIsSandboxedToken
        SeGetLogonSessionToken
        
2) Added Windows Vista ntoskrnl.exe v6.0.6003.21442 (vistasp2_ldr_escrow.220307-1719) exports
	x64
        FsRtlInitializeExtraCreateParameter
        FsRtlInitializeExtraCreateParameterList
        FsRtlPrepareToReuseEcp
        FsRtlRegisterUncProviderEx2
        IoRegisterFsRegistrationChangeMountAware
        KeConnectInterruptForHal
        KeFlushCurrentTbImmediately
        PsDereferenceKernelStack
        PsReferenceKernelStack
        RtlIsSandboxedToken
        
	x86
        FsRtlInitializeExtraCreateParameter
        FsRtlInitializeExtraCreateParameterList
        FsRtlPrepareToReuseEcp
        FsRtlRegisterUncProviderEx2
        IoRegisterFsRegistrationChangeMountAware
        KeConnectInterruptForHal
        KiMcaExceptionHandlerWrapper
        PsDereferenceKernelStack
        PsReferenceKernelStack
        RtlIsSandboxedToken

3) Added IoSynchronousCallDriver by Mov AX, 0xDEAD, https://msfn.org/board/topic/181615-ntoskrnl-emu_extender-for-windows-xp2003/?do=findComment&comment=1221893

4) Added blank stubs (to fix missing imports) to allow porting Windows 8.0 Build 8056 Generic SD+MMC driver run under XP - 7. Proper code needs to be added, but currently driver starts and work without issues
    PoFxRegisterDevice
    PoFxUnregisterDevice
    PoFxSetComponentLatency
    PoFxSetComponentResidency
    PoFxStartDevicePowerManagement
    PoFxCompleteIdleState
    PoFxCompleteIdleCondition
    PoFxReportDevicePoweredOn
    PoFxCompleteDevicePowerNotRequired
    PoFxActivateComponent
    PoFxIdleComponent

5) Added changes from pappyN4 repository, https://github.com/pappyN4/NTOSKRNL_Emu
Added RtlInitAnsiStringEx, RtlInitUnicodeStringEx. Updated Readme

v12 changes
1) Added memcmp to be able to port AMD RCRAID driver. Source code comes from https://stackoverflow.com/questions/5017659/implementing-memcmp
2) Added MmMapIoSpaceEx which return MmMapIoSpace, according to MS documentation it should work
    https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-mmmapiospaceex
    https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-mmmapiospace

3) Added RtlDowncaseUnicodeChar
	
Edited by George King
Link to comment
Share on other sites

  • 2 weeks later...

@George King

You would be able to add support for edit boot order in NVRAM UEFI from WinXP 64-bit - access to table efi_boot_services

EFI_BOOT_SERVICES

You can do it under Linux with efibootmgr:

root #efibootmgr -v

BootCurrent: 0002
Timeout: 3 seconds
BootOrder: 0003,0003,0002,0000,0004
Boot0000* CD/DVD Drive  BIOS(3,0,00)
Boot0001* Hard Drive    BIOS(2,0,00)
Boot0002* Gentoo        HD(1,800,61800,6d98f360-cb3e-4727-8fed-5ce0c040365d)File(\EFI\boot\bootx64.efi)
Boot0003* Hard Drive    BIOS(2,0,00)P0: ST1500DM003-9YN16G

Under UEFI Shell: dmpstore Boot*

Dump Variable Boot*
Variable NV+RT+BS 'Efi:Boot0002' DataSize = 5F
  00000000: 01 00 00 40 41 00 45 00-46 00 49 00 20 00 4E 00  *...@A.E.F.I. .N.*
  00000010: 65 00 74 00 77 00 6F 00-72 00 6B 00 00 00 02 01  *e.t.w.o.r.k.....*
  00000020: 0C 00 D0 41 03 0A 00 00-00 00 01 01 06 00 00 11  *...A............*
  00000030: 01 01 06 00 00 00 03 0B-25 00 00 0C 29 80 4C 58  *........%...).LX*
  00000040: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  *................*
  00000050: 00 00 00 00 00 00 00 00-00 00 00 7F FF 04 00     *...............*
Variable NV+RT+BS 'Efi:Boot0003' DataSize = 3E
  00000000: 01 00 00 40 22 00 45 00-46 00 49 00 20 00 46 00  *...@".E.F.I. .F.*
  00000010: 6C 00 6F 00 70 00 70 00-79 00 00 00 02 01 0C 00  *l.o.p.p.y.......*
  00000020: D0 41 03 0A 00 00 00 00-01 01 06 00 00 07 02 01  *.A..............*
  00000030: 0C 00 D0 41 04 06 00 00-00 00 7F FF 04 00        *...A..........*
Variable NV+RT+BS 'Efi:Boot0000' DataSize = 7C
  00000000: 01 00 00 40 24 00 45 00-46 00 49 00 20 00 56 00  *...@$.E.F.I. .V.*
  00000010: 4D 00 77 00 61 00 72 00-65 00 20 00 56 00 69 00  *M.w.a.r.e. .V.i.*
  00000020: 72 00 74 00 75 00 61 00-6C 00 20 00 53 00 43 00  *r.t.u.a.l. .S.C.*
  00000030: 53 00 49 00 20 00 48 00-61 00 72 00 64 00 20 00  *S.I. .H.a.r.d. .*
  00000040: 44 00 72 00 69 00 76 00-65 00 20 00 28 00 30 00  *D.r.i.v.e. .(.0.*
  00000050: 2E 00 30 00 29 00 00 00-02 01 0C 00 D0 41 03 0A  *..0.)........A..*
  00000060: 00 00 00 00 01 01 06 00-00 15 01 01 06 00 00 00  *................*
  00000070: 03 02 08 00 00 00 00 00-7F FF 04 00              *............*
Variable NV+RT+BS 'Efi:Boot0004' DataSize = 7E
  00000000: 01 00 00 40 1E 00 45 00-46 00 49 00 20 00 56 00  *...@..E.F.I. .V.*
  00000010: 4D 00 77 00 61 00 72 00-65 00 20 00 56 00 69 00  *M.w.a.r.e. .V.i.*
  00000020: 72 00 74 00 75 00 61 00-6C 00 20 00 49 00 44 00  *r.t.u.a.l. .I.D.*
  00000030: 45 00 20 00 43 00 44 00-52 00 4F 00 4D 00 20 00  *E. .C.D.R.O.M. .*
  00000040: 44 00 72 00 69 00 76 00-65 00 20 00 28 00 49 00  *D.r.i.v.e. .(.I.*
  00000050: 44 00 45 00 20 00 30 00-3A 00 30 00 29 00 00 00  *D.E. .0.:.0.)...*
  00000060: 02 01 0C 00 D0 41 03 0A-00 00 00 00 01 01 06 00  *.....A..........*
  00000070: 01 07 03 01 08 00 00 00-00 00 7F FF 04 00        *..............*
Variable NV+RT+BS 'Efi:Boot0005' DataSize = 86
  00000000: 01 00 00 40 30 00 45 00-46 00 49 00 20 00 49 00  *...@0.E.F.I. .I.*
  00000010: 6E 00 74 00 65 00 72 00-6E 00 61 00 6C 00 20 00  *n.t.e.r.n.a.l. .*
  00000020: 53 00 68 00 65 00 6C 00-6C 00 20 00 28 00 55 00  *S.h.e.l.l. .(.U.*
  00000030: 6E 00 73 00 75 00 70 00-70 00 6F 00 72 00 74 00  *n.s.u.p.p.o.r.t.*
  00000040: 65 00 64 00 20 00 6F 00-70 00 74 00 69 00 6F 00  *e.d. .o.p.t.i.o.*
  00000050: 6E 00 29 00 00 00 01 03-18 00 0B 00 00 00 00 B0  *n.).............*
  00000060: 73 1E 00 00 00 00 FF 8F-BA 1E 00 00 00 00 04 06  *s...............*
  00000070: 14 00 B7 D6 7A C5 15 05-A8 40 9D 21 55 16 52 85  *....z....@.!U.R.*
  00000080: 4E 37 7F FF 04 00                                *N7....*
Variable RT+BS 'Efi:BootOptionSupport' DataSize = 4
  00000000: 03 03 00 00                                      *....*
Variable NV+RT+BS 'Efi:BootOrder' DataSize = A
  00000000: 02 00 03 00 00 00 04 00-05 00                    *..........*
Variable RT+BS 'Efi:BootCurrent' DataSize = 2
  00000000: 05 00                                            *..*

Under Win7 or newer with BootICE 1.3.3.2 > UEFI tab:

http://reboot.pro/uploads/monthly_12_2019/post-62763-0-92463200-1576988228.png

If we follow mem command in UEFI Shell, it shows the addresses of Runtime Services, Boot Services:

Valid EFI Header at Address 000000001FB77018
  --------------------------------------------
  System: Table Structure size 00000078 revision 0002001F
  ConIn (1F061298) ConOut (1DE10C18) StdErr (1F05CD98)
 Console Out on PciRoot(0x0)/Pci(0x7,0x0)/Floppy(0x0)/\/mem.log
  Runtime Services     000000001FB77B98
  Boot Services        000000001FFD4410
  ACPI 2.0 Table       000000001DDDC000
  SMBIOS Table         000000001FB95000

After boot WinXP 64-bit under UEFI, these tables are still in memory, only the system has no access to them.

Edited by reboot12
Link to comment
Share on other sites

  • 1 month later...
On 9/16/2022 at 2:01 PM, George King said:

I have updated it today to v12 with @pappyN4 changes, new functons for XP, RtlInitAnsiStringEx + RtlInitUnicodeStringEx

I have also addd two new functions memcmp (XP / 2003 x86) + MmMapIoSpaceEx (XP - 7). These functions are added accoding to googled source code :)

@Mov AX, 0xDEAD Can you please review our changes?

https://github.com/GeorgeK1ng/NTOSKRNL_Emu

Hi George King

Sorry for looong response

1) memcmp for x32 already done by MS in one of .lib, i think in storport.lib, to enable add new section:

Quote

#endif //    Win7 x64 ntoskrnl export

/////////////////////////////////////////////////////
//          < Win8 x32 Extender                    //
#if (NTDDI_VERSION < NTDDI_WIN8) && defined(_X86_) //
extlib( memcmp )
#endif //   < Win8 x32 Extender


////////////////////////////////////////////
//         < Win8 x32/x64 Extender        //
#if (NTDDI_VERSION < NTDDI_WIN8)          //

2) MmMapIoSpaceEx - OK

3) RtlInitAnsiStringEx - OK if it is w2003/xp copypaste

4) RtlInitUnicodeStringEx  - OK if it is w2003/xp copypaste

5) RtlDowncaseUnicodeChar - Wrong,  use w2003/xp copypaste, require copy of macros and probably static tables Nls844UnicodeUpcaseTable/Nls844UnicodeLowercaseTable

p.s. may be towlower() is alternative, there is argument type mismath

6) PoFx* - as i wrote before, stubs is OK, but not enough, driver still waits for callbacks from kernel

Edited by Mov AX, 0xDEAD
Link to comment
Share on other sites

  • 4 weeks later...
On 6/17/2020 at 7:26 AM, Mov AX, 0xDEAD said:

3) Choose Target OS (XP, 2003, Vista or WIndows 7) for which OS Emu_Extender will be compiled.

Keep in mind that depending on the target operating system the way of exporting the functions changes, if a function already exists in the kernel it will be simply redirected without injecting emulation code

 

How do I do that? How do I integrate it into Vista? I am trying to use this to install Vista on a Surface Pro 1, and want to use Intel HD 4000 Graphics, so how do I make this work with graphics drivers?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...