Damnation Posted March 20, 2022 Posted March 20, 2022 @Mov AX, 0xDEAD If not 2000 then ME? I think Windows 2000 and Windows ME are on par to each other in terms of WDM driver model support. As in Windows ME's NTKERN.VXD has the same functionality implemented as 2000, unless I'm mistaken. I think it'd be cool to have storport/ahci/nvme and usb3 support in ME. But then I doubt you're that interested in supporting any of Windows 9x/ME 1
windows2 Posted March 20, 2022 Posted March 20, 2022 1 hour ago, Damnation said: @Mov AX, 0xDEAD If not 2000 then ME? I think Windows 2000 and Windows ME are on par to each other in terms of WDM driver model support. As in Windows ME's NTKERN.VXD has the same functionality implemented as 2000, unless I'm mistaken. I think it'd be cool to have storport/ahci/nvme and usb3 support in ME. But then I doubt you're that interested in supporting any of Windows 9x/ME I think the 2000 supporting would be better because 2000/XP is much better than ME/9x in terms of compatibility with hardware and software
WinWord2000 Posted March 26, 2022 Posted March 26, 2022 On 3/20/2022 at 12:03 PM, Damnation said: @Mov AX, 0xDEAD If not 2000 then ME? I think Windows 2000 and Windows ME are on par to each other in terms of WDM driver model support. As in Windows ME's NTKERN.VXD has the same functionality implemented as 2000, unless I'm mistaken. I think it'd be cool to have storport/ahci/nvme and usb3 support in ME. But then I doubt you're that interested in supporting any of Windows 9x/ME It is impossible to run WDF 1.11 in Windows 98 and Me, so it would be impossible for this extender to work in them maybe it works in 2000 because it's similar to XP and 2003. WinWord2000 Grazie a tutti !
George King Posted May 5, 2022 Posted May 5, 2022 @Mov AX, 0xDEAD I just compiled as Windows 7 x64 target and after that I modded driver to fix missing exports using ntoskrn8.sys. After using it new missing export appeared. In ntoskrnl_edirects.h I have added this line under Windows 7 x86/x64 exports bypass(EtwSetInformation) Now it's compiled again and no missing exports for my driver test
jmeno Posted May 7, 2022 Posted May 7, 2022 (edited) Well, 2000 are more a artifact that boots until dies. More im interested in /bit OT/ w10 stuff, replacing the window manager or recompile an ui as app. Drivers are hopefully still possible force unsigned. Unfortunately HW support is the issue. Dll stuff was easy solve by fake stubs and or even replace IAT of unsupported calls often by something similar. Jst HiDPI is awful... Edited May 7, 2022 by jmeno
George King Posted May 7, 2022 Posted May 7, 2022 (edited) @Mov AX, 0xDEAD I have checked Windows 7 ntoskrnl.exe v6.1.7601.25920 (win7sp1_ldr_escrow.220316-1740) exports vs compiled ntoskrn8.sys This is full list of missing kernel functions that needs to be bypassed. x64 missing EtwSetInformation FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoEnumerateRegisteredFiltersListEx IoRegisterFsRegistrationChangeMountAwareEx KeConnectInterruptForHal KeFlushCurrentTbImmediately PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken SeGetLogonSessionToken x86 missing EtwSetInformation FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoEnumerateRegisteredFiltersListEx IoRegisterFsRegistrationChangeMountAwareEx KeConnectInterruptForHal KiMcaExceptionHandlerWrapper PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken SeGetLogonSessionToken Next I will check Vista kernel exports to see if there are some forgotten exports too. Edited May 8, 2022 by George King
George King Posted May 8, 2022 Posted May 8, 2022 (edited) @Mov AX, 0xDEADAnd here is same check with Vista ntoskrnl.exe v6.0.6003.21442 (vistasp2_ldr_escrow.220307-1719) vs compiled ntoskrn8.sys x64 missing FsRtlInitializeExtraCreateParameter FsRtlInitializeExtraCreateParameterList FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoRegisterFsRegistrationChangeMountAware KeConnectInterruptForHal KeFlushCurrentTbImmediately PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken x86 missing FsRtlInitializeExtraCreateParameter FsRtlInitializeExtraCreateParameterList FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoRegisterFsRegistrationChangeMountAware KeConnectInterruptForHal KiMcaExceptionHandlerWrapper PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken Should I create merge request on GitHub project? Edited May 8, 2022 by George King
jmeno Posted May 8, 2022 Posted May 8, 2022 On 5/7/2022 at 9:23 PM, George King said: @Mov AX, 0xDEAD I have checked Windows 7 ntoskrnl.exe v6.1.7601.25920 (win7sp1_ldr_escrow.220316-1740) exports vs compiled ntoskrn8.sys This is full list of missing kernel functions that needs to be bypassed. x64 missing EtwSetInformation FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoEnumerateRegisteredFiltersListEx IoRegisterFsRegistrationChangeMountAwareEx KeConnectInterruptForHal KeFlushCurrentTbImmediately PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken SeGetLogonSessionToken x86 missing EtwSetInformation FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoEnumerateRegisteredFiltersListEx IoRegisterFsRegistrationChangeMountAwareEx KeConnectInterruptForHal KiMcaExceptionHandlerWrapper PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken SeGetLogonSessionToken Next I will check Vista kernel exports to see if there are some forgotten exports too. Thats less than i thought. But it can lead to many other dependencies, I think x64 should get priority. Good work. Never used 8 so this idea didnt came on my mind
George King Posted June 14, 2022 Posted June 14, 2022 (edited) @Mov AX, 0xDEAD I have created Pull request on GitHub with latest Vista / 7 kernel redirect changes. Plus I have added new missing function IoSynchronousCallDriver as it's needed to get Windows 8.0 build 8056 Generic MMC / SD work under XP in future. Edited June 14, 2022 by George King
Mov AX, 0xDEAD Posted July 11, 2022 Author Posted July 11, 2022 On 6/14/2022 at 11:42 PM, George King said: @Mov AX, 0xDEAD I have created Pull request on GitHub with latest Vista / 7 kernel redirect changes. Plus I have added new missing function IoSynchronousCallDriver as it's needed to get Windows 8.0 build 8056 Generic MMC / SD work under XP in future. @George King IoSynchronousCallDriver is a fake, it works as usual ASYNC IofCallDriver Right SYNC implementation based on win8.1 decompiled code: Quote NTSTATUS SmKmGenericCompletion( PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context) { KeSetEvent((PRKEVENT) Context, 0, FALSE); return STATUS_MORE_PROCESSING_REQUIRED; } NTSTATUS IoSynchronousCallDriver_k8( PDEVICE_OBJECT DeviceObject, PIRP Irp ) { PIO_STACK_LOCATION IrpSp; NTSTATUS Status; KEVENT Event; KeInitializeEvent(&Event, NotificationEvent, FALSE); IrpSp = IoGetNextIrpStackLocation(Irp); IrpSp->Context = &Event; IrpSp->CompletionRoutine = (PIO_COMPLETION_ROUTINE) SmKmGenericCompletion; IrpSp->Control = SL_INVOKE_ON_ERROR | SL_INVOKE_ON_SUCCESS | SL_INVOKE_ON_CANCEL; // 0xE0 Status = IofCallDriver(DeviceObject, Irp); if (Status == STATUS_PENDING) { KeWaitForSingleObject(&Event, Suspended, KernelMode, FALSE, NULL); Status = Irp->IoStatus.Status; } return Status; } Quote // < Win8 x32/x64 Extender // #if (NTDDI_VERSION < NTDDI_WIN8) // ... k8_win8( IoSynchronousCallDriver, 8) #endif // < Win8 x32/x64 Extender 1
Mov AX, 0xDEAD Posted July 11, 2022 Author Posted July 11, 2022 On 5/8/2022 at 12:23 AM, George King said: @Mov AX, 0xDEAD I have checked Windows 7 ntoskrnl.exe v6.1.7601.25920 (win7sp1_ldr_escrow.220316-1740) exports vs compiled ntoskrn8.sys This is full list of missing kernel functions that needs to be bypassed. x64 missing EtwSetInformation FsRtlPrepareToReuseEcp ... x86 missing EtwSetInformation FsRtlPrepareToReuseEcp ... @George King I feel these functions don't used in real drivers, so it is not necessary to add every new function from updated kernel
George King Posted July 11, 2022 Posted July 11, 2022 (edited) 23 minutes ago, Mov AX, 0xDEAD said: @George King I feel these functions don't used in real drivers, so it is not necessary to add every new function from updated kernel I just tried to port sdbus.sys + sdstor.sys from Windows 8 build 8056 (first true Generic SD/MMC driver) to Windows 7 and XP and on Windows 7 are these functions needed to add into extender, otherwise there will be missing imports. Sad is there are more functions needed to get it work properly on XP or 7. These functions are needed for 8056. For RTM there are much more missing imports. PoFxIdleComponent IoSynchronousCallDriver PoFxSetDeviceIdleTimeout PoFxUnregisterDevice PoFxStartDevicePowerManagement PoUnregisterPowerSettingCallback PoFxActivateComponent KeLeaveGuardedRegion KeEnterGuardedRegion PoFxCompleteIdleCondition PoFxCompleteIdleState PoFxReportDevicePoweredOn PoFxCompleteDevicePowerNotRequired PoFxRegisterDevice IoGetActivityIdIrp RtlQueryRegistryValuesEx It would be really nice if we can get this SD/MMC Generic driver under XP and 7. EDIT: I have only prepared template for code. //////////////////////////////////////////// // < Win8 x32/x64 Extender // #if (NTDDI_VERSION < NTDDI_WIN8) // k8_win8( ExGetFirmwareEnvironmentVariable, 20) k8_win8( ExSetFirmwareEnvironmentVariable, 20) k8_win8( IoGetActivityIdIrp, 8) k8_win8( IoSetActivityIdIrp, 8) k8_win8( MmAllocateContiguousNodeMemory, 36) k8_win8( RtlCheckPortableOperatingSystem, 4) k8_win8( RtlQueryRegistryValuesEx, 20) k8_win8( RtlSetPortableOperatingSystem, 4) k8_win8( IoSynchronousCallDriver, 8) k8_win8( PoFxRegisterDevice, 12) k8_win8( PoFxUnregisterDevice, 4) k8_win8( PoFxSetComponentLatency, 16) k8_win8( PoFxSetComponentResidency, 16) k8_win8( PoFxStartDevicePowerManagement, 4) k8_win8( PoFxCompleteIdleState, 8) k8_win8( PoFxCompleteIdleCondition, 8) k8_win8( PoFxReportDevicePoweredOn, 4) k8_win8( PoFxCompleteDevicePowerNotRequired, 4) k8_win8( PoFxActivateComponent, 12) k8_win8( PoFxIdleComponent, 12) #endif // < Win8 x32/x64 Extender and typedef PO_FX_DEVICE, *PPO_FX_DEVICE; DECLARE_HANDLE(POHANDLE); /* 8.0 8056 */ NTSTATUS PoFxRegisterDevice_k8 ( PDEVICE_OBJECT Pdo, PPO_FX_DEVICE Device, POHANDLE *Handle ) { return STATUS_SUCCESS; } VOID PoFxUnregisterDevice_k8 ( POHANDLE Handle ){ } VOID PoFxSetComponentLatency_k8 ( POHANDLE Handle, ULONG Component, ULONGLONG Latency ){ } VOID PoFxSetComponentResidency_k8 ( POHANDLE Handle, ULONG Component, ULONGLONG Residency ){ } VOID PoFxStartDevicePowerManagement_k8 ( POHANDLE Handle ){ } VOID PoFxCompleteIdleState_k8 ( POHANDLE Handle, ULONG Component ){ } VOID PoFxCompleteIdleCondition_k8 ( POHANDLE Handle, ULONG Component ){ } VOID PoFxReportDevicePoweredOn_k8 ( POHANDLE Handle ){ } VOID PoFxCompleteDevicePowerNotRequired_k8 ( POHANDLE Handle ){ } VOID PoFxActivateComponent_k8 ( POHANDLE Handle, ULONG Component, ULONG Flags ){ } VOID PoFxIdleComponent_k8 ( POHANDLE Handle, ULONG Component, ULONG Flags ){ } Edited July 11, 2022 by George King
Mov AX, 0xDEAD Posted July 11, 2022 Author Posted July 11, 2022 9 minutes ago, George King said: I just tried to port sdbus.sys + sdstor.sys from Windows 8 build 8056 (first true Generic SD/MMC driver) to Windows 7 and XP and on Windows 7 are these functions needed to add into extender, otherwise there will be missing imports. If user still uses Win7 RTM/SP1 without last updates, this Win7 kernel doesnt have for example new EtwSetInformation from your list, what is point to redirect non-exist function ? Depend Walker will still shows missed imports "driver->ntoskr8->ntoskrnl.exe"
George King Posted July 11, 2022 Posted July 11, 2022 Just now, Mov AX, 0xDEAD said: If user still uses Win7 RTM/SP1 without last updates, this Win7 kernel doesnt have for example new EtwSetInformation from your list, what is point to redirect non-exist function ? Depend Walker will still shows missed imports "driver->ntoskr8->ntoskrnl.exe" Oh yes, I have fully updated Windows 7. Then I see missing import after redirecting driver to use ntoskrn8.sys. I can take screenshot in late evening when I boot Windows 7 laptop.
George King Posted July 11, 2022 Posted July 11, 2022 29 minutes ago, Mov AX, 0xDEAD said: @George King IoSynchronousCallDriver is a fake, it works as usual ASYNC IofCallDriver Right SYNC implementation based on win8.1 decompiled code: Many thanks for that. I have added it to my source tree. Here are also modded drivers, that needs new extender with mentioned functions. Old ntoskrn8.sys for XP target is included, so needs to be recompiled with your new implementations. Generic_SD+MMC_6.2.8056.0.7z
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now