Jump to content

KernelXE - My Unofficial Windows 2000 Kernel


Recommended Posts

Summary:

For a long time, there have been 2 choices for extended kernels and both of them have their exclusives that aren't present in the other extended kernel. WildBill's extended kernel has many exclusive ntdll functions, SxS support, and a few exclusive functions in other files. BlackWingCat's extended kernel has many exclusive kernel32 functions (and some in other files). The big issue is that ntdll and kernel32 cannot be mixed, forcing people to choose between a better kernel32 or a better ntdll. The main goal of KernelXE is to eliminate this issue.

Downloads:

KernelXE v0.2.4.2

WildBill Update Collection

XMNTCert (Installer that works on Windows 2000 W.I.P.)

Info:

Make sure to install the WildBill Update Collection BEFORE KernelXE. It is required and your system will be unbootable if you install KernelXE first. (This will change with KernelXE v0.2.5 because it will include it's own win32k.sys)
XMNTCert will not be needed for any KernelXE v0.2.x version. It will become required starting with KernelXE v0.3.0.

Changelog:

Public Beta 1:
Initial Public Release

Public Beta 1 rv2:
Added relocations to kernel32 and ntdll (messed up other parts of file)

Public Beta 2:
Exported real CreateActCtxW as CreateActCtxB to prevent explorer.exe crashing.
Added CreateActCtxW stub to take care of programs that call it while fixing the real function.
Moved QueryUnbiasedInterruptTime, SetThreadStackGuarantee, K32EmptyWorkingSet, and GetNativeSystemInfo to .text
Added idndl.dll, normaliz.dll, and the nls files normaliz.dll uses to the update package.

v0.2.3:
First version of KernelXE with new versioning system
Full changelog inside update installer.

v0.2.3.1:
Added updated DirectSound library
Added updated hotplug.dll and stobject.dll
Added Windows Server 2003 msvcrt.dll
Added BlackWingCat's Reiwa compatible locale.nls

v0.2.4:
Added PAE
Added this HAL Timer fix
Added Windows Vista msvcrt.dll
Added KeAcquireInStackQueuedSpinLockRaiseToSynch and HalConvertIdtToIrql to all HALs
Added KernelXE branded bootscreens
Added some ntoskrnl functions (list in full changelog)

v0.2.4-rv1:
Added exFAT stuff (even though exFAT is broken, it's the only way I can make KernelXE install at all for some reason idk)

v0.2.4.1:
Removed exFAT stuff
Replaced Vista msvcrt with Server 2003 msvcrt (Vista msvcrt causes a BSOD related to winsrv in a VMware virtual machine)
Added Kernel Mode Driver Framework
Added WinUSB

v0.2.4.2:
Added some user32 stubs requested by piotrhn
Added a missing piece of code in CreateActCtxB
Updated msvcrt to 7.0.6002.22755
Changed version block to check if the NT major version is 5 and removed NT minor version checking.
Fixed loading bar not appearing in bootsceen
Lots of new files

Info about future additions:

UMDF:
Priority: Semi-high
Needs WinUSB
Needed functions:
setupapi.SetupDiGetActualSectionToInstallExW
ntoskrnl.RtlVerifyVersionInfo
ntoskrnl.VerSetConditionMask

exFAT:
Priority: Moderate
ifsutil.dll needs replacement or big modification
shell32.dll needs modification (W.I.P.)

NVMe:
Priority: Low
Needed functions (storport):
ntoskrnl.WmiQueryTraceInformation
ntoskrnl.WmiTraceMessage
ntoskrnl.WmiTraceMessageVa

Other information:

Programs I use:

Relocation Section Editor - Only one that handles huge relocation tables like the one in ntoskrnl.
Executable | Source Code

Beyond Compare - Super useful and feature rich comparison tool. Paid software.

CFF Explorer - Useful for editing headers.

PEMaker - Good import and export table editor. Also expands sections.

Usenti - Only bitmap editor I can find that doesn't recreate the color palette. Important for bootscreens.

Information:

Expanding .patch in ntoskrnl:
Since .patch is not directly above .rsrc and .reloc, it cannot directly be expanded.
The only section in between is .skin, which is empty space used for boot skin data.
It can be expanded, then the header can be changed to make .patch bigger and .skin the original size.

Staying consistent when modifying all 4 ntos files:
Since there are 4 ntos files, any changes must be made 4 times, and it may be hard to remember everything done.
I write instructions for every modification I make as I do them, so I know exactly what I did. This also helps when writing documentation.

Edited by Ximonite
KernelXE v0.2.4.2 release
  • Like 5
Link to post
Share on other sites

30 minutes ago, Mov AX, 0xDEAD said:

Hi Ximonite,

any source code available ? or all functions was ripped as disassembly ?

Almost all of the code was taken from other files, and the code that wasn't was written in IDA.
Yes, I actually wrote code in IDA.

Link to post
Share on other sites
58 minutes ago, windows2 said:

Sir, did you find a solution to match umdf 1.0 with windows 2000?

I have not tested UMDF 1.0 on Windows 2000, but it is something I plan to test at some point.

The next thing planned after KernelXE R2 is a feature pack update for Windows 2000. UMDF 1.0 is one of these components I plan to add to this feature pack update. For Windows 2000 updates, my main priority right now is KernelXE R2 and that will be my main priority until sometime (hopefully) early next year.

  • Like 1
Link to post
Share on other sites
Just now, Ximonite said:

I have not tested UMDF 1.0 on Windows 2000, but it is something I plan to test at some point.

The next thing planned after KernelXE R2 is a feature pack update for Windows 2000. UMDF 1.0 is one of these components I plan to add to this feature pack update. For Windows 2000 updates, my main priority right now is KernelXE R2 and that will be my main priority until sometime (hopefully) early next year.

Please tell me when you are solving this problem. Thank you 

Link to post
Share on other sites
10 minutes ago, Ximonite said:

I have not tested UMDF 1.0 on Windows 2000, but it is something I plan to test at some point.

The next thing planned after KernelXE R2 is a feature pack update for Windows 2000. UMDF 1.0 is one of these components I plan to add to this feature pack update. For Windows 2000 updates, my main priority right now is KernelXE R2 and that will be my main priority until sometime (hopefully) early next year.

Hi,

Please make KERNEL UPDATE for Windows NT 4.0, junior600 started but his project is dead... ;/ https://msfn.org/board/topic/176748-windows-nt-40-api-wrapper/

Edited by piotrhn
Link to post
Share on other sites
2 minutes ago, piotrhn said:

Hi,

Please make KERNEL UPDATE for Windows NT 4.0, junior600 started but his project is dead... ;/ https://msfn.org/board/topic/176748-windows-nt-40-api-wrapper/

This is something I have thought of doing in the future. I may spend a bit of time on it now and see what I can do.

Link to post
Share on other sites
16 hours ago, Ximonite said:

This is something I have thought of doing in the future. I may spend a bit of time on it now and see what I can do.

i have programmed some functions for NT4.0 in old KEX by xeno86 engine: look & see attached asm file. You can copy these and manually put to kernel DLL, ofcourse you must add new import to NTDLL ;/, new functions in my asm:

GetConsoleWindow
GetFileSizeEx
GetProcessHandleCount
GetProcessId
GetProcessIoCounters
OpenThread
ProcessIdToSessionId
SetFilePointerEx
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32FirstW
Process32First
Process32NextW
Process32Next
Thread32First
Thread32Next
Module32FirstW
Module32First
Module32NextW
Module32Next

 

*My asm file is based on KERNEL version 4.0.1381.7227

kernel_nt4.asm

Edited by piotrhn
  • Upvote 1
Link to post
Share on other sites
16 hours ago, Sergiaws said:

Guys. What is exactly this? As far as I know. There's an extended kernel for Win2K created by Blackwingcat.

It's my own Windows 2000 extended kernel. Since there are already 2 different extended kernels for Windows 2000 (not including mine) which have their own exclusive functions not found in the other, I made my own that includes everything from both existing extended kernels and a few extras.

The main goal of KernelXE is to remove the problem of losing any exclusive functions of one extended kernel by choosing the other one.

What I'm working on right now is the second release of KernelXE. The original KernelXE thread has information on what it is and this one will too once KernelXE R2 is released.

Edited by Ximonite
Link to post
Share on other sites

Status Update:

The first public beta of KernelXE R2 is out.

I have been experiencing a very weird issue on my bare metal test system.

Once KernelXE R2 is installed, explorer refuses to launch, but almost every program works completely fine. I also experience the same issue with Dependency Walker "generating errors" that win32 found in the original KernelXE with BWC files present, but there aren't BWC files present in my test machine. I have no idea what causes this kind of stuff to happen and I don't know if anyone else here on MSFN does either. Also, the .idata section that displays in IDA but isn't actually a section appears in the initial Public Beta 1, but not rv2. :unsure:

Link to post
Share on other sites

@Ximonite @win32 I have now tried Windows2000-KernelXE-x86-ENU.exe with newly installed Windows 2000 without any update BWC and the BsoD appeared. Even when I install a program Windows2000-KB2508429-v10-x86-ENU.exe and Windows2000-KB2479629-v3-x86-ENU.exe the same error occurs 

but sorry I noticed having a windows 2000 extended kernel option v30e (BWC) integrated with a Windows CD installed. Maybe that is why the blue screen appeared

Edited by windows2
Link to post
Share on other sites
1 hour ago, windows2 said:

I have now tried Windows2000-KernelXE-x86-ENU.exe with newly installed Windows 2000 without any update BWC and the BsoD appeared.

You should install WildBill's updates before installing kernelxe as it's based on those files.

http://www.mediafire.com/download/vdbwx67dx34jezj/Windows2000-KB2479629-v3-x86-ENU.exe

http://www.mediafire.com/download/1agd8icjjbu5s4n/Windows2000-KB2508429-v17-x86-ENU.exe

I'm so excited just to have full raw input support. :) Just waiting for school stuff to quiet down and I will have an SSE-only test box.

Edited by win32
A rookie mistake.
  • Upvote 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...