Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Ximonite

KernelXE - My Unofficial Windows 2000 Kernel

Recommended Posts

Posted (edited)

Summary:

KernelXE is based on kernel32 from WildBill's KB2479629-v3 and includes all of the functions present find in BlackWingCat's kernel32. KernelXE also includes a few functions not found in either kernel32 from WildBill's KB2479629-v3 or BlackWingCat's Extended Kernel. Some full functions have been used in KernelXE instead of the stubs in BlackWingCat's Extended Kernel.

Download

Functions:

New in KernelXE:

BaseSetLastNTError (from One Core API)
CreateRemoteThreadEx (from One Core API)
RestoreLastError (redirected to RtlRestoreLastError from ntdll)
EncodeSystemPointer (redirected to RtlEncodeSystemPointer from ntdll)
DecodeSystemPointer (redirected to RtlDecodeSystemPointer from ntdll)

Full functions that are stubs in BWC's kernel32:

GetSystemDEPPolicy
SetProcessDEPPolicy
GetProcessDEPPolicy
GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableA
SetFirmwareEnvironmentVariableA
CancelIoEx
CancelSynchronousIo
CheckForReadOnlyResource
CheckRemoteDebuggerPresent
SetSearchPathMode
PowerClearRequest
PowerCreateRequest
PowerSetRequest

Known Issues:

A Microsoft Visual C++ Runtime Library error appears when running VMware Tools. (Solution)

Some other dlls from BWC's Extended Kernel might behave erratically because of the fact that KernelXE is based on WildBill's kernel32.

Note: VMware Tools must be installed before KernelXE.

Edited by Ximonite
Minor changes to summary
  • Like 2

Share this post


Link to post
Share on other sites

So I tried this together with your ntdllx4 and BWC's v30e.

and sorry dude, things aren't working very well. :(

-system clipboard is broken - no drag-and-drop and pasting possible

-New Moon still doesn't start (access violation at 77F8F281 in ntdll.dll) and then an invalid window handle error.

-WinMgmt, SoundMAX helper components and Dependency Walker fail to load. IDA Pro 4.5 gives off an error at 0x70873baf when closing.

-Parts of web view used for Control Panel and the page that appears when opening the WINNT folder are broken.

-Add/Remove Programs is broken.

But these problems go away when BWC is taken out of the picture and WildBill's KB2479629-v3 is used instead of the extended kernel. The only problem present in such a configuration is that New Moon now is missing a function or two each in dbghelp.dll, user32.dll, advapi32.dll, iphlpapi.dll and ws2_32.dll (as well as the whole of uxtheme.dll). I used a .local file and copied over some of BWC's applicable files to deal with those dependencies, but that didn't help for the ones called by xul.dll, which are user32.GetWindowRgnBox and advapi32.SystemFunction036. After seeing the horrors of extreme file mixing, perhaps I could help with the auxiliary files ;)

Share this post


Link to post
Share on other sites
Posted (edited)
On 8/6/2020 at 11:56 PM, win32 said:

So I tried this together with your ntdllx4 and BWC's v30e.

and sorry dude, things aren't working very well. :(

-system clipboard is broken - no drag-and-drop and pasting possible

-New Moon still doesn't start (access violation at 77F8F281 in ntdll.dll) and then an invalid window handle error.

-WinMgmt, SoundMAX helper components and Dependency Walker fail to load. IDA Pro 4.5 gives off an error at 0x70873baf when closing.

-Parts of web view used for Control Panel and the page that appears when opening the WINNT folder are broken.

-Add/Remove Programs is broken.

But these problems go away when BWC is taken out of the picture and WildBill's KB2479629-v3 is used instead of the extended kernel. The only problem present in such a configuration is that New Moon now is missing a function or two each in dbghelp.dll, user32.dll, advapi32.dll, iphlpapi.dll and ws2_32.dll (as well as the whole of uxtheme.dll). I used a .local file and copied over some of BWC's applicable files to deal with those dependencies, but that didn't help for the ones called by xul.dll, which are user32.GetWindowRgnBox and advapi32.SystemFunction036. After seeing the horrors of extreme file mixing, perhaps I could help with the auxiliary files ;)

I'm pretty sure the broken behavior is because of other BWC files being made with the expectation that certain functions in kernel32 are stubs. In KERNEL32-XEC, some of these stubs have been replaced with full functions, which explains why the broken behavior disappears when no BWC files are present.

I added my files and the new prerequisites to KB2479629-v3 and felt like it was enough of a change to change the v3 to a v4. The update can be found here.

I noticed that the Microsoft Visual C++ Runtime Library errors related to VMware Tools are still there. Honestly, I have no idea what's causing them.

Edited by Ximonite
Updated link
  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, Ximonite said:

I noticed that the Microsoft Visual C++ Runtime Library errors related to VMware Tools are still there. Honestly, I have no idea what's causing them.

What version of msvcrt.dll are you using?

 

Share this post


Link to post
Share on other sites
Posted (edited)
14 hours ago, win32 said:

What version of msvcrt.dll are you using?

 

6.1.9848.0

I also tried version 7.0.3790.4341 and it didn't get rid of the errors.

Edited by Ximonite

Share this post


Link to post
Share on other sites
Posted (edited)
On 8/7/2020 at 12:54 PM, Ximonite said:

I also tried version 7.0.3790.4341 and it didn't get rid of the errors.

I just realized that the MS C++ Library falls under msvcirt.dll as opposed to the C Runtime library. So you may want to try BWC's version of that.

And there are extended versions of comctl32/dbghelp/advapi32/etc. in KB2508429-v17, which have resolved most of the New Moon/Serpent dependency issues.

Edited by win32

Share this post


Link to post
Share on other sites
6 minutes ago, win32 said:

I just realized that the MS C++ Library falls under msvcirt.dll as opposed to the C Runtime library. So you may want to try BWC's version of that.

And there are extended versions of comctl32/dbghelp/advapi32/etc. in KB2508429, which have resolved most of the New Moon/Serpent dependency issues.

BWC's version of msvcirt.dll also doesn't change anything. I also decided to try making msvcr90.dll use the Microsoft kernel32.dll (named kernel2k.dll) and that also didn't work.

Share this post


Link to post
Share on other sites

What do you get when you run it through dependency walker? Or ollydbg or IDA's debugger?

Share this post


Link to post
Share on other sites
1 hour ago, win32 said:

What do you get when you run it through dependency walker? Or ollydbg or IDA's debugger?

Here is what I get from Dependency Walker.

Share this post


Link to post
Share on other sites
Posted (edited)

I decided to try the vmware tools executable from version 15, and it's even worse. It calls WakeAllConditionVariable then it starts leaking memory like crazy and hogging up the CPU.

I checked your kernel32 in PE Tool and noticed that there doesn't seem to be any relocs in your part of the code. As I've read today in WildBill's patch thread, they do seem to be quite important. PE Tool seems to be quite helpful in terms of recommending reloc placement.

Also, these vmware tools installers should not be calling all of these XP/Vista API functions since they run fine on vanilla Windows 2000. This is the same trap the vmware installers were running into with my Vista extended kernel. The fix was to have the installer use the MS kernel32.dll in that case, but I'm struggling with how to enable local DLL redirection in Windows 2000. Various sources say it's possible, but the reg key that worked in Vista changes nothing in Windows 2000.

Edited by win32

Share this post


Link to post
Share on other sites
4 hours ago, win32 said:

I decided to try the vmware tools executable from version 15, and it's even worse. It calls WakeAllConditionVariable then it starts leaking memory like crazy and hogging up the CPU.

I checked your kernel32 in PE Tool and noticed that there doesn't seem to be any relocs in your part of the code. As I've read today in WildBill's patch thread, they do seem to be quite important. PE Tool seems to be quite helpful in terms of recommending reloc placement.

Also, these vmware tools installers should not be calling all of these XP/Vista API functions since they run fine on vanilla Windows 2000. This is the same trap the vmware installers were running into with my Vista extended kernel. The fix was to have the installer use the MS kernel32.dll in that case, but I'm struggling with how to enable local DLL redirection in Windows 2000. Various sources say it's possible, but the reg key that worked in Vista changes nothing in Windows 2000.

I tried changing all the module names from kernel32 to kernelms in the import tables of every file applicable and that didn't solve anything.

Also, I am working on adding all the needed relocations to .reloc

I haven't even been able to get past the Visual C++ Runtime Library error, so I would like to know the solution if you got past it. I assume that you did because I haven't experienced the memory leak and CPU hogging.

Share this post


Link to post
Share on other sites
Posted (edited)

I've found out that MSDN's documentation was lying to us: http://web.archive.org/web/20080919081500/http://msdn.microsoft.com/en-us/library/ms682600(VS.85).aspx :realmad:

Quote

Windows 2000:  Known DLLs can be redirected in this OS.

No, they can't.

But you can go into HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs and delete most entries (except for the DllDirectory one or else you will get a BSOD on bootup), including the one for kernel32. Then create a vmtoolsd.exe.local file in its directory and copy over the MS kernel32.dll. I just did and I stopped getting the VC++ runtime error, but I didn't get anything else (though I'm actually running on real hardware, a ThinkPad T41).

And my own bug was related to the vmware tools installer (yours is the "toolbox") for Vista and up. It gets past that function with BWC's kernel, though again he has the relocs (two or three in that particular function). In fact, my own ignorance of relocs seems to be responsible for many of the issues with my Vista x86 kernel32 (doesn't seem to be as important in x64)!

Edited by win32

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...