NTOSKRNL Emu_Extender for Windows XP/2003

[GD 2W10]

On 6/17/2020 at 7:26 AM, Mov AX, 0xDEAD said:

 

1. Make corrections to target driver XXX.sys so that it loads ntoskrn8.sys instead of the original ntoskrnl.exe
2. If XXX.sys is driver made for Windows 8, change security_cookie to random value, security_cookie is constant 0x4EE640BB(x32) / 0x32A2DF2D992B(x64) inside file, change only first match !

How do I do that?

[UsefulAGKHelper]

On 1/8/2023 at 12:58 AM, GD 2W10 said:

How do I do that?

Using CFF explorer.

To make the driver use the kernel extender, in the import section, rename ntoskrnl.exe to ntoskrn8.sys (obviously ntoskrn8.sys needs to be in the same directory as the driver so it works).

If driver is designed for only windows 8 and newer os, Security_cookie (4EE640BB on 32-bit file, 32A2DF2D992B on 64-bit file) can be changed on hex editor to random value (first match only).

Save the respective file, re-open the same file and refresh checksum and save again.

To check the dependencies of the file, use Depedency Walker to check for missing imports.

If there are problems, please post screenshots.

Edited January 12, 2023 by UsefulAGKHelper

[265993303]

I have dual boot with Windows Vista Ultimate 32-bit on Dell Precision M3800, I'm trying to install the driver for Intel(R) Dual Band Wireless-AC 7260, I did the compiling of ntoskrn8.sys and the renaming of import as well as update checksum, and yet it still won't detect the driver in there.

[UsefulAGKHelper]

On 4/22/2023 at 4:25 PM, 265993303 said:

I have dual boot with Windows Vista Ultimate 32-bit on Dell Precision M3800, I'm trying to install the driver for Intel(R) Dual Band Wireless-AC 7260, I did the compiling of ntoskrn8.sys and the renaming of import as well as update checksum, and yet it still won't detect the driver in there.

Check this driver with Dependency Walker to ensure that there aren't any missing imports on ntoskrn8.sys.

[George King]

On 4/22/2023 at 3:25 PM, 265993303 said:

I have dual boot with Windows Vista Ultimate 32-bit on Dell Precision M3800, I'm trying to install the driver for Intel(R) Dual Band Wireless-AC 7260, I did the compiling of ntoskrn8.sys and the renaming of import as well as update checksum, and yet it still won't detect the driver in there.

Check your INF, it's probably system locked (6.1) and needs to be modded too.

[265993303]

After lowering system restriction, a lonely NDIS.SYS dependency is left.

On 4/24/2023 at 12:11 PM, UsefulAGKHelper said:

Check this driver with Dependency Walker to ensure that there aren't any missing imports on ntoskrn8.sys.

 

1 hour ago, George King said:

Check your INF, it's probably system locked (6.1) and needs to be modded too.

 

[R1600]

3 hours ago, 265993303 said:

After lowering system restriction, a lonely NDIS.SYS dependency is left.

There's no known way to solve NDIS dependency problem. In theory, it is possible to fix NDIS dependency in a similar way to ntoskrnl_emu, but only a few people, including @Mov AX, 0xDEAD, can do it.

Masters in the field tried to do something similar for Windows XP, but without success.

[Mov AX, 0xDEAD]

8 hours ago, R1600 said:

There's no known way to solve NDIS dependency problem. In theory, it is possible to fix NDIS dependency in a similar way to ntoskrnl_emu, but only a few people, including @Mov AX, 0xDEAD, can do it.

NDIS 6 is new framework, that's problem, if think it is not easy to make it compatible with XP kernel even all missed import will be solved. Another way is emulation NDIS6 features based on NDIS5 source code, but it requires a lot(?) of programming

[George King]

17 hours ago, 265993303 said:

After lowering system restriction, a lonely NDIS.SYS dependency is left.

 

 

You have not lowered it. Just locked it to 5.1. Vista is 6.0..

[R1600]

9 hours ago, Mov AX, 0xDEAD said:

NDIS 6 is new framework, that's problem, if think it is not easy to make it compatible with XP kernel even all missed import will be solved. Another way is emulation NDIS6 features based on NDIS5 source code, but it requires a lot(?) of programming

I agree. But it would be technically much simpler to extend NDIS 6.x beyond Vista, right?

[Dietmar]

@Mov AX, 0xDEAD

The Vista Longhorn version 5048 has ndis6.

I tested lan driver from XP bit32 for i210 and i217. Both work with 5048 ndis6.

But the i219 win7 bit32 lan driver has one missing dependency to the ndis6 from Longhorn 5048

Dietmar

[Mov AX, 0xDEAD]

4 hours ago, Dietmar said:

@Mov AX, 0xDEAD

The Vista Longhorn version 5048 has ndis6.

I tested lan driver from XP bit32 for i210 and i217. Both work with 5048 ndis6.

But the i219 win7 bit32 lan driver has one missing dependency to the ndis6 from Longhorn 5048

@Dietmar

Thanks for info, i will check how it is stable

[Mov AX, 0xDEAD]

@Dietmar,

https://msfn.org/board/topic/183528-ndis6-support-for-xp/?do=findComment&comment=1244341

[265993303]

The NDIS.SYS dependencies are the following:

 

002BED00	002BED00	017D	NdisMSynchronizeWithInterruptEx
002BED22	002BED22	014D	NdisMMapIoSpace
002BE360	002BE360	0175	NdisMSetMiniportAttributes
002BE37E	002BE37E	0147	NdisMIndicateStatusEx
002BE396	002BE396	017A	NdisMSleep
002BE3A4	002BE3A4	0165	NdisMRegisterMiniportDriver
002BECF0	002BECF0	01E3	NdisUnmapFile
002BECE2	002BECE2	0187	NdisMapFile
002BECD2	002BECD2	0040	NdisCloseFile
002BECC2	002BECC2	019B	NdisOpenFile
002BECA8	002BECA8	013A	NdisMGetDeviceProperty
002BEC96	002BEC96	0173	NdisMSetBusData
002BEC84	002BEC84	0139	NdisMGetBusData
002BEC6E	002BEC6E	009D	NdisFreeIoWorkItem
002BEC58	002BEC58	01AC	NdisQueueIoWorkItem
002BEC3E	002BEC3E	0012	NdisAllocateIoWorkItem
002BEC22	002BEC22	0136	NdisMFreeNetBufferSGList
002BEC02	002BEC02	010D	NdisMAllocateNetBufferSGList
002BEBF4	002BEBF4	009E	NdisFreeMdl
002BEBE2	002BEBE2	0013	NdisAllocateMdl
002BEBBE	002BEBBE	006B	NdisCopyFromNetBufferToNetBuffer
002BEB96	002BEB96	0018	NdisAllocateNetBufferAndNetBufferList
002BEB7E	002BEB7E	00A3	NdisFreeNetBufferList
002BEB62	002BEB62	00A5	NdisFreeNetBufferListPool
002BEB42	002BEB42	001B	NdisAllocateNetBufferListPool
002BED34	002BED34	0180	NdisMUnmapIoSpace
002BEB0A	002BEB0A	00CA	NdisGetSystemUpTimeEx
002BEAF4	002BEAF4	00AE	NdisFreeTimerObject
002BEADC	002BEADC	002F	NdisCancelTimerObject
002BEAC2	002BEAC2	0025	NdisAllocateTimerObject
002BEAA8	002BEAA8	01B2	NdisReadNetworkAddress
002BEA8E	002BEA8E	01F7	NdisWriteConfiguration
002BEA6C	002BEA6C	019A	NdisOpenConfigurationKeyByName
002BEA56	002BEA56	016B	NdisMResetComplete
002BEA46	002BEA46	01E7	NdisWaitEvent
002BEA34	002BEA34	01C0	NdisResetEvent
002BEA24	002BEA24	01CB	NdisSetEvent
002BEA0E	002BEA0E	00FB	NdisInitializeEvent
002BE9F6	002BE9F6	016D	NdisMRestartComplete
002BE9E0	002BE9E0	0151	NdisMPauseComplete
002BE9C0	002BE9C0	012F	NdisMDeregisterMiniportDriver
002BE99A	002BE99A	0144	NdisMIndicateReceiveNetBufferLists
002BE978	002BE978	016F	NdisMSendNetBufferListsComplete
002BE95E	002BE95E	0198	NdisOpenConfigurationEx
002BE946	002BE946	00FD	NdisInitializeString
002BE92C	002BE92C	003F	NdisCloseConfiguration
002BE914	002BE914	01AE	NdisReadConfiguration
002BE904	002BE904	0137	NdisMFreePort
002BE8F0	002BE8F0	010E	NdisMAllocatePort
002BE8DC	002BE8DC	014E	NdisMNetPnPEvent
002BE8C2	002BE8C2	0150	NdisMOidRequestComplete
002BE8A8	002BE8A8	01F8	NdisWriteErrorLogEntry
002BE890	002BE890	0138	NdisMFreeSharedMemory
002BE874	002BE874	010F	NdisMAllocateSharedMemory
002BE850	002BE850	0016	NdisAllocateMemoryWithTagPriority
002BE83E	002BE83E	009F	NdisFreeMemory
002BED48	002BED48	0166	NdisMRegisterScatterGatherDma
002BED68	002BED68	0130	NdisMDeregisterScatterGatherDma
002BED8A	002BED8A	0162	NdisMRegisterInterruptEx
002BEDA6	002BEDA6	012D	NdisMDeregisterInterruptEx
002BEB22	002BEB22	01CA	NdisSetCoalescableTimerObject

 

[Brickedandroid]

One more missing function that isn't added yet in ntoskrn8.sys