NTOSKRNL Emu_Extender for Windows XP/2003

[George King]

Just now, Mov AX, 0xDEAD said:

If user still uses Win7 RTM/SP1 without last updates, this Win7 kernel doesnt have for example new EtwSetInformation from your list, what is point to redirect non-exist function ? Depend  Walker will still shows missed imports "driver->ntoskr8->ntoskrnl.exe"

Oh yes, I have fully updated Windows 7. Then I see missing import after redirecting driver to use ntoskrn8.sys. I can take screenshot in late evening when I boot Windows 7 laptop.

[George King]

29 minutes ago, Mov AX, 0xDEAD said:

@George King

IoSynchronousCallDriver is a fake, it works as usual ASYNC IofCallDriver

Right SYNC implementation based on win8.1 decompiled code:

 

Many thanks for that. I have added it to my source tree. Here are also modded drivers, that needs new extender with mentioned functions. Old ntoskrn8.sys for XP target is included, so needs to be recompiled with your new implementations.

Generic_SD+MMC_6.2.8056.0.7z

[Mov AX, 0xDEAD]

19 minutes ago, George King said:

I just tried to port sdbus.sys + sdstor.sys from Windows 8 build 8056 (first true Generic SD/MMC driver) to Windows 7 and XP and on Windows 7 are these functions needed to add into extender, otherwise there will be missing imports.

        PoFxIdleComponent
	IoSynchronousCallDriver
	PoFxSetDeviceIdleTimeout
	PoFxUnregisterDevice
	PoFxStartDevicePowerManagement
	PoUnregisterPowerSettingCallback
	PoFxActivateComponent
	KeLeaveGuardedRegion
	KeEnterGuardedRegion
	PoFxCompleteIdleCondition
	PoFxCompleteIdleState
	PoFxReportDevicePoweredOn
	PoFxCompleteDevicePowerNotRequired
	PoFxRegisterDevice
	IoGetActivityIdIrp
	RtlQueryRegistryValuesEx

Most important is Win8 new Power Framework embeded to ntoskrnl

it is complicated code with callbacks to user code(not sure 100%), it is hard to emulate it properly, you can try replace most of functions to dummy stubs, but do it just as a fun, no any guarantee

[George King]

11 minutes ago, Mov AX, 0xDEAD said:

Most important is Win8 new Power Framework embeded to ntoskrnl

it is complicated code with callbacks to user code(not sure 100%), it is hard to emulate it properly, you can try replace most of functions to dummy stubs, but do it just as a fun, no any guarantee

I tried it, but without success. This is what I used to add blank exports. I think there must be added real code for that.

[Mov AX, 0xDEAD]

PoFxRegisterDevice - CALLBACKs

Quote

 

NTSTATUS PoFxRegisterDevice(
  _In_   PDEVICE_OBJECT Pdo,
  _In_   PPO_FX_DEVICE Device,
  _Out_  POHANDLE *Handle
);

Device

A pointer to a caller-allocated PO_FX_DEVICE structure that contains the registration information for the device. This structure contains pointers to a set of callback routines that are implemented by the device driver. PoFx calls these routines to communicate with the driver.

 

PoFxIdleComponent - NO CALLBACKs

PoFxSetDeviceIdleTimeout - NO CALLBACKs

PoFxUnregisterDevice - NO CALLBACKs   PoFxStartDevicePowerManagement - NO CALLBACKs
PoRegisterPowerSettingCallback + PoUnregisterPowerSettingCallback - CALLBACKs, Vista+ new feature, not used in  sdbus
PoFxActivateComponent - NO CALLBACKs
PoFxCompleteIdleCondition - NO CALLBACKs
PoFxCompleteIdleState - NO CALLBACKs
PoFxReportDevicePoweredOn - NO CALLBACKs
PoFxCompleteDevicePowerNotRequired - NO CALLBACKs

[George King]

On 7/11/2022 at 2:26 PM, Mov AX, 0xDEAD said:

PoFxRegisterDevice - CALLBACKs

 

PoFxIdleComponent - NO CALLBACKs

PoFxSetDeviceIdleTimeout - NO CALLBACKs

PoFxUnregisterDevice - NO CALLBACKs   PoFxStartDevicePowerManagement - NO CALLBACKs
PoRegisterPowerSettingCallback + PoUnregisterPowerSettingCallback - CALLBACKs, Vista+ new feature, not used in  sdbus
PoFxActivateComponent - NO CALLBACKs
PoFxCompleteIdleCondition - NO CALLBACKs
PoFxCompleteIdleState - NO CALLBACKs
PoFxReportDevicePoweredOn - NO CALLBACKs
PoFxCompleteDevicePowerNotRequired - NO CALLBACKs

 

I just looked into wdm.h. This is what I can add and compile. It's far from my know how and it probably can't work.

	    
typedef PO_FX_COMPONENT_ACTIVE_CONDITION_CALLBACK, *PPO_FX_COMPONENT_ACTIVE_CONDITION_CALLBACK;
typedef PO_FX_COMPONENT_IDLE_CONDITION_CALLBACK, *PPO_FX_COMPONENT_IDLE_CONDITION_CALLBACK;
typedef PO_FX_COMPONENT_IDLE_STATE_CALLBACK, *PPO_FX_COMPONENT_IDLE_STATE_CALLBACK;
typedef PO_FX_DEVICE_POWER_REQUIRED_CALLBACK, *PPO_FX_DEVICE_POWER_REQUIRED_CALLBACK;
typedef PO_FX_DEVICE_POWER_NOT_REQUIRED_CALLBACK, *PPO_FX_DEVICE_POWER_NOT_REQUIRED_CALLBACK;
typedef PO_FX_POWER_CONTROL_CALLBACK, *PPO_FX_POWER_CONTROL_CALLBACK;

typedef struct _PO_FX_COMPONENT_IDLE_STATE {
    ULONGLONG TransitionLatency;
    ULONGLONG ResidencyRequirement;
    ULONG NominalPower;
} PO_FX_COMPONENT_IDLE_STATE, *PPO_FX_COMPONENT_IDLE_STATE;

typedef struct _PO_FX_COMPONENT_V1 {
    GUID Id;
    ULONG IdleStateCount;
    ULONG DeepestWakeableIdleState;
    PPO_FX_COMPONENT_IDLE_STATE IdleStates;
} PO_FX_COMPONENT_V1, *PPO_FX_COMPONENT_V1;

typedef struct _PO_FX_DEVICE_V1 {
  ULONG                                      Version;
  ULONG                                      ComponentCount;
  PPO_FX_COMPONENT_ACTIVE_CONDITION_CALLBACK ComponentActiveConditionCallback;
  PPO_FX_COMPONENT_IDLE_CONDITION_CALLBACK   ComponentIdleConditionCallback;
  PPO_FX_COMPONENT_IDLE_STATE_CALLBACK       ComponentIdleStateCallback;
  PPO_FX_DEVICE_POWER_REQUIRED_CALLBACK      DevicePowerRequiredCallback;
  PPO_FX_DEVICE_POWER_NOT_REQUIRED_CALLBACK  DevicePowerNotRequiredCallback;
  PPO_FX_POWER_CONTROL_CALLBACK              PowerControlCallback;
  PVOID                                      DeviceContext;
  PO_FX_COMPONENT_V1                         Components[ANYSIZE_ARRAY];
} PO_FX_DEVICE, *PPO_FX_DEVICE;
	

Edited July 12, 2022 by George King

[Mov AX, 0xDEAD]

18 hours ago, George King said:

I just looked into wdm.h. This is what I can add and compile. It's far from my know how and it probably can't work.

@George King

Ignore callback logic, let driver registers calbacks, but currenlty no way to call driver code from kernel.

You can try sdbus driver with your simple stabs, they are OK, if you'l get error 10, you are unlucky, this means some condition fail in code driver, you never discover it without steb-by-step debugging

[Andalu]

Where can I get the latest master? I'm still using the extender from February 2021 with included 80 functions and now I read that the one with 81 functions is old

 

 

[George King]

16 hours ago, Andalu said:

Where can I get the latest master? I'm still using the extender from February 2021 with included 80 functions and now I read that the one with 81 functions is old

 

 

Download project from GitHub and these files to get latest discussed sources with added missing exports for latest 6.0 and 6.1 kernels targets and new functions for porting Generic SD/MMC driver from Windows 8.0 build 8056

 

EDIT: Drivers collection included in XP2ESD v1.6 already contains compiled ntoskrn8.sys with these sources. I still haven't tried new SD/MMC driver on real HW. Probably will see in few days when I reformat my Windows 7 Dell laptop that have SD card reader that match Generic HWID.

LatestChanges.7z

Edited July 18, 2022 by George King

[Andalu]

@George King

Thanks

 

Edit: I tried the Generic SD/MMC driver from Windows 8.0 build 8056 and it installs without issues on my old laptop (intel core2 duo):

https://ibb.co/fdTYdCN

Edited July 19, 2022 by Andalu

[wyf180]

On 7/11/2022 at 7:59 PM, George King said:

Many thanks for that. I have added it to my source tree. Here are also modded drivers, that needs new extender with mentioned functions. Old ntoskrn8.sys for XP target is included, so needs to be recompiled with your new implementations.

Generic_SD+MMC_6.2.8056.0.7z 207.09 kB · 10 downloads

I tried the driver on qemu sd card,the sd bus driver can work but the mmc driver can't work

[George King]

2 hours ago, wyf180 said:

I tried the driver on qemu sd card,the sd bus driver can work but the mmc driver can't work

Have you added newly compiled ntoskrn8.sys from latest sources mentioned after that? Or have you tried these ported drivers from latest XP2ESD which already have it?

Edited July 21, 2022 by George King

[Mov AX, 0xDEAD]

On 7/17/2022 at 9:47 PM, Andalu said:

Where can I get the latest master? I'm still using the extender from February 2021 with included 80 functions and now I read that the one with 81 functions is old 

Feb 2021 is last master, i didnt added new functions because theres is no new ported *chance to run on XP* drivers with missing imports. @George King  try to port SecureDigital PCI driver, only one new IoSynchronousCallDriver function was posted on prev page, no more changes

[Andalu]

23 hours ago, Mov AX, 0xDEAD said:

Feb 2021 is last master, i didnt added new functions because theres is no new ported *chance to run on XP* drivers with missing imports. @George King  try to port SecureDigital PCI driver, only one new IoSynchronousCallDriver function was posted on prev page, no more changes

So there is no possibility to get other drivers to use in XP via emu_extender?

 

I also have one more question

To get the win8_uaspstor.sys driver to work properly with win7_storport.sys v6.1.7601.25735 I applied a modification to storpor8.sys at offsets 3BE2 and 3BF8 by changing respectively

'ScsiPortMoveMemory'  to  'StorPortMoveMemory' 

and

'ScsiPortNotification'  to  'StorPortNotification'.

To avoid conflicts with drivers already in the system, I renamed stoport.sys and storpor8.sys to something else and also the hexadecimal value referring to storport.sys within storpor8.sys itself.

This mod also avoids system crashes when you reboot or shutdown the system with a UAS device still connected to the USB port as already reported some time ago by @pappyN4.

I have tried the UAS driver on two intel systems for two months using all my UAS devices with no "apparent" problems detected.

 

Here is the question: what can I test to be sure that the driver thus modded can be safely applied and that it is not instead an insane modification (and wasted time)?

Thanks

Edited July 23, 2022 by Andalu

[wyf180]

On 7/21/2022 at 8:25 PM, George King said:

Have you added newly compiled ntoskrn8.sys from latest sources mentioned after that? Or have you tried these ported drivers from latest XP2ESD which already have it?

I found the problem today:the mmc device was not emulated by qemu😁