NTOSKRNL Emu_Extender for Windows XP/2003

[Mov AX, 0xDEAD]

On 1/2/2021 at 10:41 PM, Hunterw said:

And no GetNumaModeProcessorMaskEx

No need to implement every function, only functs really used in working drivers.
This mean "vista video" and some rare drivers (like intel raid drivers for server chipsets) still have missed imports because they not working anyway or no one use it

[TrevMUN]

Oh hey, I haven't given compiling this for XP64 a shot yet, but there was something I was curious about before I do attempt it:

Is this compatible with the other compatibility projects like OneCore API and XomPie?

[Mov AX, 0xDEAD]

On 1/31/2021 at 6:27 PM, TrevMUN said:

Oh hey, I haven't given compiling this for XP64 a shot yet, but there was something I was curious about before I do attempt it:

Is this compatible with the other compatibility projects like OneCore API and XomPie?

Hi

ntoskrnl_extender compilable and usable on xp64 too, usb3/storage drivers works (but not tested widely)

"OneCore API and XomPie" - read carefully what these and this projects do, they live in different words "ring3 vs ring0" and no way to say hello to companion :)

[Jakob99]

I have an Acer Aspire A315-21 with AMD Radeon R4 98E4 Stoney graphics card. Windows Vista can be installed, but graphics do not install. The graphics card has support for 7, 8.1, and 10. Would this method work in getting the graphics driver (and subsequently Aero) working under Vista? I will attach the 7355312.inf (NOTE: There is a 6.0 section at the very bottom that is blank. Filling this in with the graphics card info from the Windows 7 section and manually installing the file with Have Disk does not work)

C7355312.inf

[Jakob99]

2 hours ago, k24a1 said:

Have you tried to get more modern video drivers to work with XP (e.g. Pascal NVIDIA cards)?

That is probably trivial right now. I'm waiting for the AMD Radeon R4 98E4 Stoney to work with Vista, which again is probably trivial. Also, I have a question. How do I apply these steps to Windows Vista x64 with @win32's Extended Kernel? Also, could someone make either a video or a picture tutorial on what to do? Some of the steps are a tad confusing and I feel having one of those to accompany this would help greatly.

[Jakob99]

3 hours ago, k24a1 said:

Win32 has not worked on adding hardware support from Windows 7 just yet. That will probably come later on.

For now, your hardware appears to be too new for Windows Vista.

Ah. Hopefully that comes soon.

[Jakob99]

Is there a video detailing this, or is someone willing to make one? Most of the directions are hard to follow.

[Club Sportif Sfaxien 1912]

On 6/17/2020 at 1:26 PM, Mov AX, 0xDEAD said:

NTOSKRNL Emu_Extender
Library of missing functions for Windows XP/2003/Vista/7 NTOSKRNL.EXE

Project is intended to help in porting drivers from Windows 7/8/8.1/10 for work with Windows XP/2003/Vista/7

How-To:
1) Compile sources to make ntoskrn8.sys
2) Make corrections to xxx.sys so that it loads ntoskrn8.sys instead of the original ntoskrnl.exe
3) Place ntoskrn8.sys to X:/Windows/sytem32/drivers/ folder

Compiling:
1) Install Windows 7 DDK v7.1.0 (download from Microsoft site)

1a) Original DDK header files has mistake with definintion of MmAllocateContiguousMemorySpecifyCacheNode, apply fix:
\WinDDK\Win7\inc\ddk\ntddk.h:
\WinDDK\Win7\inc\ddk\wdm.h:

#if (NTDDI_VERSION >= NTDDI_WIN2K)
typedef ULONG NODE_REQUIREMENT;

to:

#if (NTDDI_VERSION >= NTDDI_VISTA)
typedef ULONG NODE_REQUIREMENT;

2) Download project files to any local folder
       git clone https://github.com/MovAX0xDEAD/NTOSKRNL_Emu

3) Select Target OS
Keep in mind that depending on the target operating system the way of exporting the functions changes,
if a function already exists in the kernel it will be simply redirected without injecting emulation code

4) Run shell Start Menu\Programs\Windows Driver Kits\Win7 7600.16385.1\Build Environments\Windows XXX\YYY Free Build Environment
XXX - target OS, YYY - target CPU,

5) In shell change current directory to local project folder

6) Use shell command BLD to compile project

7) Compiled ntoskrn8.sys will be in ntoskrn8/objfre_XXX_x86/YYY folder
 

STORPORT Windows 7 Emu_Extender

This is Library of missing functions for Windows 7 STORPORT.SYS to emulate Windows 8 STORPORT.SYS

How-To:
1) Compile ntoskrnl Emu_Extender
2) Place storpor8.sys to X:/Windows/system32/drivers/ folder
3) Make corrections to target xxx.sys so that it loads storpor8.sys instead of the original storport.sys

Ported drivers:

WDF 1.11 for Windows XP/2003 x32
Last version for Windows XP/2003 is 1.9, but possible to backport 1.11 version:
1) Get files from Windows 7 Updates:

   WDF01000.SYS v 1.11.9200.20755
   WdfLdr.sys v 1.11.9200.16384

2) In WDF01000.SYS replace string ntoskrnl.exe to ntoskrn8.sys in import section,
now WDF01000.SYS will import all kernel functions only from Emu_Extender
3) Recalc checksum

If need coexist with original WDF1.9 drivers:

4) Rename WDF01000.SYS->WDF01_W8.SYS, WdfLdr.sys->WdfLdr8.sys
5) In WDF01_W8.SYS replace string WdfLdr.sys to WdfLdr8.sys in import section
6) In WdfLdr8.sys replace unicode string \Registry\Machine\System\CurrentControlSet\Services\Wdf%02d000 to \Registry\Machine\System\CurrentControlSet\Services\Wdf%02d_w8
7) In WdfLdr8.sys replace hex pattern **F6 78 1B F6** to **F6 EB 1B F6**
8) In ported driver xxx.sys replace string WdfLdr.sys to WdfLdr8.sys in import section
9) In .INF of ported driver add creating new service:
       AddService=WDF01_W8,,  WDF.AddService
....
       [WDF.AddService]
       DisplayName    = "Windows Driver Framework v1.11 for XP/2003"
       ServiceType    = 1                  ; SERVICE_KERNEL_DRIVER
       StartType      = 3                  ; SERVICE_DEMAND_START
       ErrorControl   = 1                  ; SERVICE_ERROR_NORMAL
       ServiceBinary  = %12%\WDF01_W8.SYS
       LoadOrderGroup = Base

Windows 7's Storport.sys for Windows XP x32
Storport was released only for Windows 2003, but possible to backport Windows 7 version:
1) Get files from Windows 7 Updates (KB3125574):
      storport.sys    v 6.1.7600.23403

2) In storport.sys replace string ntoskrnl.exe to ntoskrn8.sys in import section,
now storport.sys will import all kernel functions only from Emu_Extender

3) Storport uses MSI interrupts, need to force use only legacy/compatible interrupts
replace hex pattern **8B 8E 3C 01 00** to **B9 00 00 00 90**

4) Recalc checksum

Windows 7's NVMe driver for Windows XP x32
1) Get files from Windows 7 Updates (KB3125574):
       stornvme.sys    v 6.1.7600.23403
2) MS Win7 NVMe driver require Win7 Storport.sys, use backported one

Windows 8's USB3 driver for Windows XP x32
1) Get required files from Windows 8:
       ucx01000.sys
       usbhub3.sys
       usbxhci.sys
       wpprecorder.sys
       usbd.sys

from Vista Beta/Longhorn 5456.5:
      ksecdd.sys

2) In files ucx01000.sys, usbhub3.sys, usbxhci.sys, wpprecorder.sys, usbd.sys change security_cookie to random value
3) In files ucx01000.sys, usbhub3.sys, usbxhci.sys, ksecdd.sys replace string name "ntoskrnl.exe" to "ntoskrn8.sys' in import section,
now *.sys will import kernel functions only from Emu_Extender
4) Rename ksecdd.sys->ksecd8.sys, usbd.sys->usbd_w8.sys
5) In usbhub3.sys replace string name "ksecdd.sys" to "ksecd8.sys' in import section
6) In usbhub3.sys replace string name "usbd.sys" to "usbd_w8.sys' in import section,
7) recalc checksum
 

Windows 8’s STORAHCI driver for Windows XP x32
STORAHCI driver requires storport.sys from Windows 8, but possible to use storport.sys from Windows 7
storport.sys from Windows 7 more compatible with Windows Xp/2003 because it still call required PoStartNextPowerIrp when processing power IRPs. MS removed calls to PoStartNextPowerIrp in Windows 8’s storport.sys, without this call Windows XP/2003 kernel cannot finish current power IRP and start next IRP, also it generate BSOD (0x0000009F)

Take attention:
Win8’s STORAHCI + Win7’s STORPORT have significal performance drop and high CPU usage, there is no fix yet

1) Get files from Windows 8 ():

   storahci.sys v 6.2.9200.16384 

2) In storahci.sys replace string storport.sys to ntoskrn8.sys in import section,
now storahci.sys will import all storport functions only from Emu_Extender

3) storahci.sys was compiled with Windows 8 DDK’s storport.h and writes to new fields of _PORTCONFIGURATION_INFORMATION, these fields not exist in Windows 7’s storport.sys

Need to skip these writes to avoid damaging structures in memory:
replace hex pattern 83 A6 C8 00 00 00 00 to 90 90 90 90 90 90 90
replace hex pattern 83 8E CC 00 00 00 03 to 90 90 90 90 90 90 90

If you compile storahci from sources (from Windows 8 DDK Samples), comment two lines:

   ConfigInfo->BusResetHoldTime = 0;
   ConfigInfo->FeatureSupport |= STOR_ADAPTER_FEATURE_STOP_UNIT_DURING_POWER_DOWN; 

4) In storahci.sys change security_cookie to random value

5) Recalc checksum


Windows 7’s MSAHCI driver for Windows XP x32

1) Get files from Windows 7 Updates(KB3125574):

   atapi.sys    v 6.1.7600.23403
   ataport.sys  v 6.1.7600.23403
   msahci.sys   v 6.1.7600.23403
   pciidex.sys  v 6.1.7600.23403 

2) In ataport.sys, pciidex.sys replace string ntoskrnl.exe to ntoskrn8.sys in import section,
now these *.sys will import all kernel functions only from Emu_Extender

3) pciidex.sys uses MS Internal/Undocumented HalDispatchTable way to call functions from Kernel/HAL,

For Windows XP/2003 x32 need to use compatible variant:
replace hex pattern FF 50 3C to FF 50 40

same in asm code:

   mov     eax, ds:HalDispatchTable
   ...
   call    dword ptr [eax+3Ch] => call    dword ptr [eax+40h] 

4) Recalc checksum

5) MSHDC.INF from Windows 7 may conflict with original mshdc.inf from Windows XP/2003
For example msahci enumerates IDE/SATA channels as InternalIDEChannel and compatible ID as *PNP0600. Original mshdc.inf for *PNP0600 will install wrong Standard IDE/ESDI Hard Disk Controller driver

 

Intel RSTe (Enterprise/Premium) AHCI/RAID driver 4.7.0.1098 for Windows XP/2003
Intel RST AHCI/RAID drivers (any version, last compatible is 15.9.8.1050) for Windows XP/2003

These drivers require storport.sys from Windows 7, use backported version.

1) In file iaStorA.sys or iaStorAC.sys replace string “ntoskrnl.exe” to “ntoskrn8.sys” in import section (do not change second string “NTOSKRNL.exe”)
now these *.sys will import kernel functions only from Emu_Extender

3) Recalc checksum

Implemented Func List v6:

_chkstk
_i64toa_s
_i64tow_s
_itoa_s
_itow_s
_makepath_s
_snprintf_s
_snscanf_s
_snwprintf_s
_snwscanf_s
_splitpath_s
_strnset_s
_strset_s
_strtoui64
_swprintf
_ui64toa_s
_ui64tow_s
_ultoa_s
_ultow_s
_vsnprintf_s
_vsnwprintf_s
_vswprintf
_wcsnset_s
_wcsset_s
_wmakepath_s
_wsplitpath_s
_wtoi
_wtol
DllInitialize
DllUnload
EmClientQueryRuleState
EtwActivityIdControl
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwUnregister
EtwWrite
EtwWriteString
EtwWriteTransfer
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAllocateCacheAwareRundownProtection
ExEnterCriticalRegionAndAcquireResourceExclusive
ExFreeCacheAwareRundownProtection
ExGetFirmwareEnvironmentVariable
ExInitializeRundownProtectionCacheAware
ExReInitializeRundownProtectionCacheAware
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExRundownCompletedCacheAware
ExSetFirmwareEnvironmentVariable
ExSizeOfRundownProtectionCacheAware
ExWaitForRundownProtectionReleaseCacheAware
IoAllocateSfioStreamIdentifier
IoConnectInterruptEx
IoDisconnectInterruptEx
IoFreeSfioStreamIdentifier
IoFreeWorkItem
IoGetActivityIdIrp
IoGetAffinityInterrupt
IoGetDevicePropertyData
IoGetIoPriorityHint
IoGetSfioStreamIdentifier
IoInitializeWorkItem
IoQueueWorkItemEx
IoSetActivityIdIrp
IoSetDevicePropertyData
IoSizeofWorkItem
IoUninitializeWorkItem
IoUnregisterPlugPlayNotificationEx
KdRefreshDebuggerNotPresent
KeAcquireGuardedMutex
KeAcquireGuardedMutexUnsafe
KeEnterGuardedRegion
KeGetCurrentNodeNumber
KeGetCurrentProcessorNumberEx
KeGetProcessorIndexFromNumber
KeGetProcessorNumberFromIndex
KeInitializeGuardedMutex
KeLeaveGuardedRegion
KeQueryActiveGroupCount
KeQueryActiveProcessorCount
KeQueryActiveProcessorCountEx
KeQueryDpcWatchdogInformation
KeQueryGroupAffinity
KeQueryHighestNodeNumber
KeQueryLogicalProcessorRelationship
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCount
KeQueryMaximumProcessorCountEx
KeQueryNodeActiveAffinity
KeReleaseGuardedMutex
KeReleaseGuardedMutexUnsafe
KeRevertToUserAffinityThreadEx
KeRevertToUserGroupAffinityThread
KeSetCoalescableTimer
KeSetSystemAffinityThreadEx
KeSetSystemGroupAffinityThread
KeSetTargetProcessorDpcEx
KeTryToAcquireGuardedMutex
LpcReplyWaitReplyPort
LpcSendWaitReceivePort
memcpy_s
memmove_s
MmAllocateContiguousMemorySpecifyCacheNode
MmAllocateContiguousNodeMemory
MmGetSystemRoutineAddress
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
PcwAddInstance
PcwCloseInstance
PcwCreateInstance
PcwRegister
PcwUnregister
PoDisableSleepStates
PoEndDeviceBusy
PoGetSystemWake
PoRegisterPowerSettingCallback
PoSetDeviceBusyEx
PoSetSystemWake
PoStartDeviceBusy
PoUnregisterPowerSettingCallback
PsSetCreateProcessNotifyRoutineEx
RtlCheckPortableOperatingSystem
RtlIsNtDdiVersionAvailable
RtlQueryRegistryValuesEx
RtlSetPortableOperatingSystem
SeReportSecurityEventWithSubCategory
SeSetAuditParameter
SeSetAuthorizationCallbacks
sprintf_s
sscanf_s
strcat_s
strcpy_s
strncat_s
strncpy_s
strnlen
strtok_s
swprintf_s
swscanf_s
vsprintf_s
vswprintf_s
wcscat_s
wcscpy_s
wcsncat_s
wcsncpy_s
wcsnlen
wcstoul
ZwAlpcConnectPort
ZwAlpcSendWaitReceivePort

 

Download Binaries
https://github.com/MovAX0xDEAD/NTOSKRNL_Emu/releases
Download Sources
https://github.com/MovAX0xDEAD/NTOSKRNL_Emu

 

Why was Windows 2000 not included in the update ?

As far as I know, there is not much difference with XP 

[Dibya]

On 3/3/2022 at 1:42 AM, Club Sportif Sfaxien 1912 said:

Why was Windows 2000 not included in the update ?

As far as I know, there is not much difference with XP 

Their are huge difference , significant restructuring , its like comparing Vista and 10 , telling they are similar , yes they are but not direct code compatible. Syscalls are entirely different unlike server 2003 and xp where are almost same. User Api are same but Kernel mode is not, their huge difference.

Edited March 6, 2022 by Dibya

[Club Sportif Sfaxien 1912]

On 3/6/2022 at 12:12 PM, Dibya said:

Their are huge difference , significant restructuring , its like comparing Vista and 10 , telling they are similar , yes they are but not direct code compatible. Syscalls are entirely different unlike server 2003 and XP where are almost same. User Api are same but Kernel mode is not, their huge difference.

Is this comparison really correct?

How does Windows XP and 2000 compare to 10 and vista ! Windows 2000 is (5.0), XP (5.1) and Vista (6.0) and 10 (10.0). The affinity between 2000 and XP is much greater than that of Vista with 10.

If the difference is too big, previously Microsoft had to release XP version 6.0 .

What I also know is that Windows 5.x is similar in the way programs run with the dll request, and from Windows Vista to the latest Windows the load method is different with 5.x , I saw this in one of the articles of blackwingcat.

So you mean the difference between 2000 and XP is in Syscalls , so maybe this is a reason, but is this a big problem with the work of ntoskrnl extendeder for Windows 2000 ?

[user57]

i dont see a reason to not add functions that can be added

with xp its a longer story, there was dos-> win3.11 -> win95 -> 98 -> winme those where also dos based and in part 16 bit

this suppose to leave with windows NT then nt versions apeared nt 4.0 wasnt good so most accepted nt 5.0 

nt 5.0 then was updated and called windows 2000

then there was xp sp1 aka 5.1 

then there was server 2003 was is windows xp but was called nt v 5.2

but then xp recieved a lot of upgrades it surpassed server 2003 and even got the updates from windows pos ready what also was based on xp and upgraded up to 2019

 

so most likely xp is the sucessor of all nt versions in 3-5

then vista apeared v 6.0 but it had many bugs and a lot things didnt even work, so people actually avoided it xp still was the better choose

then microsoft made a good decition they brought back compatibility and tryed to fix the errors they made with vista aka windows 7 apeared, based on version it was nt 6.1

windows 8 suppose to be nt 6.2, but it brought not many new things direct12 ? that was moved to windows 7 too (world of warcraft for example use directx12 on windows 7)

the problem with 8 was in my opinion that it didnt brought anything new rather incompatibilities what are not wanted 

it was a bad seller and begun with the spyware component another reason to avoid it

with windows 10 what is at best nt 6.3 was called 10 or internal nt 10.0 for no reason 

windows 10 also was free to have just upgrade and use it, a lot of people then came up there must be something wrong with this deal 

and yes so it does it try to get rid of the user as owner of the computer and software, it has spyware components, it can stream updates if it wants to, it take more cpu power on will, it can patch whatever it wants against the users will

windows 11 does the same thing but the TPM chip now also take place 

 

the user itself had not that many choose options because now time has passed it was time to get a new software having new hardware too

a lot of users still use windows 7 for that reason 

 

but back to xp why would you go to windows 2000 when you got everything you actually need in windows xp(as successor of all nt ~5 versions), it is very compatible backwards and even upwards 

a other problem with win2000 and xp is that xp recieved a lot of upgrades that win2000 dont directly have some even from vista

this leave open questions you dont have a real advantage going back to win2000 from xp 

you might have a adventage if you go back from xp to windows 98

[Club Sportif Sfaxien 1912]

25 minutes ago, user57 said:

but back to xp why would you go to windows 2000 when you got everything you actually need in windows xp(as successor of all nt ~5 versions), it is very compatible backwards and even upwards 

a other problem with win2000 and xp is that xp recieved a lot of upgrades that win2000 dont directly have some even from vista

this leave open questions you dont have a real advantage going back to win2000 from xp 

you might have a adventage if you go back from xp to windows 98

Windows 2000 did not receive updates like XP because Windows XP is a Windows 2000 with more functions, so Microsoft had to allocate a big budget for development the both or XP alone, so the choice fell on XP because it was more decorative and people loved it, despite that in the first ten years there was no significant difference between XP and 2000, the difference started to appear when programs and modern machines appeared from 2010 to present, and with the efforts of blackwingcat  it was able to add the missing functions in cores of Windows 2000 at compatibility of software and hardware so Windows 2000 restored its compliance with programs, most programs that run on XP can be run on 2000 with experience, even at the hardware level with the blackwingcat Extended core Windows 2000 can work on modern devices, unlike 98.

Microsoft has made many updates for Windows XP, but most of them are security updates, and blackwingcat made some of them work with Windows 2000.

[Club Sportif Sfaxien 1912]

40 minutes ago, user57 said:

this leave open questions you dont have a real advantage going back to win2000 from xp 

Why 2000 and not XP, I use both, as an old hardware vendor I own many of my machines and have a dedicated lab for them and can run all operating systems. And 2000 goes back to the past with its classic graphics with the ability to run modern software and hardware.

[user57]

microsoft released the source code of windows xp/2003

having the source code gives a big adventage in speed, analyze speed, quicker understanding, code can be copy pasted, assembly analyze is very reduced

the source code release from microsoft was for students but then quickly gone viral public

i do not really understand why vista code doesnt get released, students have to work with a old code of xp

vista would be old too, but at least some code could be made use of, so why not ? it would be possible for microsoft doing that

the windows 2000 vs windows xp rather remembers the fight between vista and windows 7

with one diffrense win 2000 didnt have bad things so directly

so you could use vista instead of 7 that could be done but i rather would use windows 7 over vista

many used windows 98 se because when windows nt apeared a lot of compatibility was lost and a lot of older apps didnt work anymore

in other directions to have some fun with modding or code or creating coding stuff you could choose all of operating systems

 

[Mov AX, 0xDEAD]

On 3/3/2022 at 1:12 AM, Club Sportif Sfaxien 1912 said:

Why was Windows 2000 not included in the update ?

First made for XP only,  then added W2003, at end added XP/W2003 x64 and little Vista/W7 support. i just dont had motivation to support W2000,  too much similar systems -  W2000/XP/W2003...

Edited March 19, 2022 by Mov AX, 0xDEAD