piotrhn Posted November 17, 2020 Share Posted November 17, 2020 (edited) I have big request. Please update these DLLS to port ADMINTOOLS from 2k3 to 2k SERVER version DCPROMO.EXE (Active Directory) NETAPI32: DsRoleIfmHandleFree NetValidatePasswordPolicy DsRoleGetDatabaseFacts ADPROP.DLL advapi32: LsaQueryForestTrustInformation LsaSetForestTrustInformation netapi32: DsMergeForestTrustInformationW DsGetForestTrustInformationW dsprop: ADsPropShowErrorDialog ADsPropSendErrorMessage ADsPropSetHwndWithTitle FindSheet CERTADM.DLL CERTCLI: ORDINALS 249, 251, 254, 256, 260 CERTMMC.DLL CERTCLI: ORDINALS 247, 253, 254, 255, 256, 260 CERTPDEF.DLL CERTCLI: ORDINALS 253, 256, 260 CACertTypeQuery CACertTypeUnregisterQuery CACertTypeRegisterQuery CAGetCertTypeFlagsEx CAGetCertTypePropertyEx CERTREQ.EXE CERTCLI: ORDINALS 256, 260 CAGetCertTypePropertyEx CERTTMPL.DLL CERTCLI: CAIsCertTypeCurrent CAOIDFreeProperty CAInstallDefaultCertType CAOIDGetProperty CAOIDAdd CAOIDSetProperty CASetCertTypeFlagsEx CAGetCertTypePropertyEx CASetCertTypePropertyEx CAGetCertTypeFlagsEx CACloneCertType CAOIDDelete CAOIDCreateNew DNSMGR.DLL dnsapi: DnsQueryConfigAllocEx DSADMIN.DLL ADVAPI32: ConvertStringSDToSDDomainW MPRSNAP.DLL MPRAPI: MprAdminServerGetCredentials MprAdminServerSetCredentials NTDSBSRV.DLL NTDSA: DBDsReplBackupUpdate THGetErrorString DBUpdateBackupTimeStamps WINSMON.DLL NETSH.EXE: RegisterContext MatchToken RegisterHelper PrintMessageFromModule MatchCmdLine Edited November 17, 2020 by piotrhn Link to comment Share on other sites More sharing options...
Ximonite Posted November 17, 2020 Author Share Posted November 17, 2020 8 hours ago, piotrhn said: I have big request. Please update these DLLS to port ADMINTOOLS from 2k3 to 2k SERVER version DCPROMO.EXE (Active Directory) NETAPI32: DsRoleIfmHandleFree NetValidatePasswordPolicy DsRoleGetDatabaseFacts ADPROP.DLL advapi32: LsaQueryForestTrustInformation LsaSetForestTrustInformation netapi32: DsMergeForestTrustInformationW DsGetForestTrustInformationW dsprop: ADsPropShowErrorDialog ADsPropSendErrorMessage ADsPropSetHwndWithTitle FindSheet CERTADM.DLL CERTCLI: ORDINALS 249, 251, 254, 256, 260 CERTMMC.DLL CERTCLI: ORDINALS 247, 253, 254, 255, 256, 260 CERTPDEF.DLL CERTCLI: ORDINALS 253, 256, 260 CACertTypeQuery CACertTypeUnregisterQuery CACertTypeRegisterQuery CAGetCertTypeFlagsEx CAGetCertTypePropertyEx CERTREQ.EXE CERTCLI: ORDINALS 256, 260 CAGetCertTypePropertyEx CERTTMPL.DLL CERTCLI: CAIsCertTypeCurrent CAOIDFreeProperty CAInstallDefaultCertType CAOIDGetProperty CAOIDAdd CAOIDSetProperty CASetCertTypeFlagsEx CAGetCertTypePropertyEx CASetCertTypePropertyEx CAGetCertTypeFlagsEx CACloneCertType CAOIDDelete CAOIDCreateNew DNSMGR.DLL dnsapi: DnsQueryConfigAllocEx DSADMIN.DLL ADVAPI32: ConvertStringSDToSDDomainW MPRSNAP.DLL MPRAPI: MprAdminServerGetCredentials MprAdminServerSetCredentials NTDSBSRV.DLL NTDSA: DBDsReplBackupUpdate THGetErrorString DBUpdateBackupTimeStamps WINSMON.DLL NETSH.EXE: RegisterContext MatchToken RegisterHelper PrintMessageFromModule MatchCmdLine I will keep this in mind, but I want to spend all my time on kernel32 right now, since I need to fix CreateActCtxW, which is an important function that lots of programs use. I also want to figure out the generated errors messages when trying to open CFF Explorer and Dependency Walker. When using IDA 5.0, I found the errors they generated. CFF Explorer: The instruction at 0x0 referenced memory at 0x0. The memory could not be read (0x00000000 -> 0x00000000) Dependency Walker: The instruction at 0x893 referenced memory at 0x893. The memory could not be read (0x00000893 -> 0x00000893) Link to comment Share on other sites More sharing options...
win32 Posted November 18, 2020 Share Posted November 18, 2020 (edited) 34 minutes ago, Ximonite said: I also want to figure out the generated errors messages when trying to open CFF Explorer and Dependency Walker. When using IDA 5.0, I found the errors they generated. CFF Explorer: The instruction at 0x0 referenced memory at 0x0. The memory could not be read (0x00000000 -> 0x00000000) Dependency Walker: The instruction at 0x893 referenced memory at 0x893. The memory could not be read (0x00000893 -> 0x00000893) When that dialog appears, dump files are erratically written. You can view them in Dr Watson (drwtsn32.exe). They can be helpful, but in this case they're just as useless as those. As we have no idea what is causing these issues based on dumps and dialogs, we can use local redirection to help us. Go to HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs and delete most entries (except for the DllDirectory one or else you will get a BSOD on bootup), including the one for kernel32, reboot and then copy/paste the stable kernel32 to the CFF explorer folder, make a file named CFF Explorer.exe.local, so you will be able to use it. Then find a known broken program, copy the unstable kernel32 to its folder and do the .local thingy again. Comment out its calls in the same way using CFF or similar utility until you can get it to launch again. I've had this red herring crash problem before. Chromium 73+ was shown to have crashed on an import call to RtlOemUnicodeString or something like that on Vista originally, but it turned out to be a few incorrect call near ptrs (those can only be done if calling a routine within the same section, when they were indeed calling routines in other sections). Edited November 18, 2020 by win32 1 Link to comment Share on other sites More sharing options...
Ximonite Posted November 18, 2020 Author Share Posted November 18, 2020 (edited) 22 hours ago, win32 said: When that dialog appears, dump files are erratically written. You can view them in Dr Watson (drwtsn32.exe). They can be helpful, but in this case they're just as useless as those. As we have no idea what is causing these issues based on dumps and dialogs, we can use local redirection to help us. Go to HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs and delete most entries (except for the DllDirectory one or else you will get a BSOD on bootup), including the one for kernel32, reboot and then copy/paste the stable kernel32 to the CFF explorer folder, make a file named CFF Explorer.exe.local, so you will be able to use it. Then find a known broken program, copy the unstable kernel32 to its folder and do the .local thingy again. Comment out its calls in the same way using CFF or similar utility until you can get it to launch again. I've had this red herring crash problem before. Chromium 73+ was shown to have crashed on an import call to RtlOemUnicodeString or something like that on Vista originally, but it turned out to be a few incorrect call near ptrs (those can only be done if calling a routine within the same section, when they were indeed calling routines in other sections). I used your advice and discovered what could be the problem. I found that GetSystemInfo and QueryPeformanceCounter are called by functions in a different section in my kernel32, but not BlackWingCat's kernel32, and every program that crashes calls these functions. I tried moving GetSystemInfo to .patch and QueryUnbiasedInterruptTime to .text and see if that fixes the issue, and now some new programs generate these errors. One of them happens to be winlogon.exe Then, I found an empty area in .text so I put everything that calls GetSystemInfo in this blank space. This fixed the winlogon.exe error, but not the original errors with Dependency Walker and CFF Explorer. Edited November 18, 2020 by Ximonite Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted November 20, 2020 Share Posted November 20, 2020 On 11/18/2020 at 4:58 AM, Ximonite said: CFF Explorer: The instruction at 0x0 referenced memory at 0x0. The memory could not be read (0x00000000 -> 0x00000000) Dependency Walker: The instruction at 0x893 referenced memory at 0x893. The memory could not be read (0x00000893 -> 0x00000893) Hi, Seems you are messed with arguments/stack at return, "ret x" must take return adress to parent, but it take from stack random arg and jump to it :) Link to comment Share on other sites More sharing options...
Ximonite Posted November 29, 2020 Author Share Posted November 29, 2020 (edited) Status Update: I am mostly ready to release Beta 3 of KernelXE. Here is what I have done so far: kernel32: Removed "mov edi, edi" from the beginning of some functions. ntdll: I reset development for ntdll and started from "scratch" (WildBill's ntdll). Added exports for: NtLockProductActivationKeys RtlLogStackBackTrace _swprintf Added functions: NtDeleteBootEntry NtModifyBootEntry NtAddBootEntry NtEnumerateBootEntries NtQueryBootEntryOrder NtQueryBootOptions NtSetBootEntryOrder NtSetBootOptions NtEnumerateSystemEnvironmentValuesEx NtTranslateFilePath NtQuerySystemEnvironmentValueEx NtSetSystemEnvironmentValueEx RtlDllShutdownInProgress RtlInterlockedCompareExchange64 RtlInterlockedPushListSList RtlIsCriticalSectionLockedByThread RtlNewSecurityObjectWithMultipleInheritance RtlGetLastNtStatus RtlGetLastWin32Error EtwEventRegister EtwpCreateEtwThread RtlRunOnceComplete Nt/ZwReleaseKeyedEvent (Code redirection to ntoskrnl) RtlInitializeConditionVariable RtlInitializeSRWLock RtlRunOnceInitialize RtlWakeAllConditionVariable RtlWakeConditionVariable _CIcos _CIlog _CIsin _CIsqrt _alloca_probe_16 _alloca_probe_8 ntoskrnl: Added functions: Nt/ZwReleaseKeyedEvent (Not exported, added to KiServiceTable) ExfAcquirePushLockExclusive ExfAcquirePushLockShared ExfReleasePushLock Added exports for: ObSetSecurityObjectByPointer SeTokenObjectType NtAssignProcessToJobObject NtCreateJobObject NtOpenJobObject NtQueryFullAttributesFile NtQueryInformationJobObject NtQueryInformationThread NtSetInformationJobObject NtTerminateJobObject ZwAssignProcessToJobObject ZwCreateJobObject ZwOpenJobObject ZwQueryFullAttributesFile ZwQueryInformationJobObject ZwSetInformationJobObject ZwTerminateJobObject NtOpenThread To-do before release: kernel32: Try a few things to maybe fix CreateActCtxW ntkrnlmp, ntkrnlpa, ntkrpamp: Everything done to ntoskrnl Plans for future: Fix Dependency Walker and CFF Explorer crashes (this one has been around since the original KernelXE and I still haven't figured out why they happen) Add PAE through "/PAE" in boot.ini Edited November 29, 2020 by Ximonite 2 Link to comment Share on other sites More sharing options...
piotrhn Posted November 29, 2020 Share Posted November 29, 2020 (edited) 2 hours ago, Ximonite said: Status Update: I am mostly ready to release Beta 3 of KernelXE. Here is what I have done so far: kernel32: Removed "mov edi, edi" from the beginning of some functions. ntdll: I reset development for ntdll and started from "scratch" (WildBill's ntdll). Added exports for: NtLockProductActivationKeys RtlLogStackBackTrace _swprintf Added functions: NtDeleteBootEntry NtModifyBootEntry NtAddBootEntry NtEnumerateBootEntries NtQueryBootEntryOrder NtQueryBootOptions NtSetBootEntryOrder NtSetBootOptions NtEnumerateSystemEnvironmentValuesEx NtTranslateFilePath NtQuerySystemEnvironmentValueEx NtSetSystemEnvironmentValueEx RtlDllShutdownInProgress RtlInterlockedCompareExchange64 RtlInterlockedPushListSList RtlIsCriticalSectionLockedByThread RtlNewSecurityObjectWithMultipleInheritance RtlGetLastNtStatus RtlGetLastWin32Error EtwEventRegister EtwpCreateEtwThread RtlRunOnceComplete Nt/ZwReleaseKeyedEvent (Code redirection to ntoskrnl) RtlInitializeConditionVariable RtlInitializeSRWLock RtlRunOnceInitialize RtlWakeAllConditionVariable RtlWakeConditionVariable _CIcos _CIlog _CIsin _CIsqrt _alloca_probe_16 _alloca_probe_8 ntoskrnl: Added functions: Nt/ZwReleaseKeyedEvent (Not exported, added to KiServiceTable) ExfAcquirePushLockExclusive ExfAcquirePushLockShared ExfReleasePushLock Added exports for: ObSetSecurityObjectByPointer SeTokenObjectType NtAssignProcessToJobObject NtCreateJobObject NtOpenJobObject NtQueryFullAttributesFile NtQueryInformationJobObject NtQueryInformationThread NtSetInformationJobObject NtTerminateJobObject ZwAssignProcessToJobObject ZwCreateJobObject ZwOpenJobObject ZwQueryFullAttributesFile ZwQueryInformationJobObject ZwSetInformationJobObject ZwTerminateJobObject NtOpenThread To-do before release: kernel32: Try a few things to maybe fix CreateActCtxW ntkrnlmp, ntkrnlpa, ntkrpamp: Everything done to ntoskrnl Plans for future: Fix Dependency Walker and CFF Explorer crashes (this one has been around since the original KernelXE and I still haven't figured out why they happen) Add PAE through "/PAE" in boot.ini add to KERNEL32: SetUserGeoID EnumSystemGeoID Edited November 29, 2020 by piotrhn Link to comment Share on other sites More sharing options...
piotrhn Posted December 2, 2020 Share Posted December 2, 2020 (edited) add to: Quote KERNEL32 (2k3 SP2 blackwingcat): CheckNameLegalDOS8Dot3A CheckNameLegalDOS8Dot3W ConvertThreadToFiberEx CreateJobSet DebugActiveProcessStop DebugBreakProcess DebugSetProcessKillOnExit EnumSystemFirmwareTables FindFirstStreamW FindNextStreamW GetComPlusPackageInstallStatus GetConsoleProcessList GetConsoleSelectionInfo GetLargePageMinimum GetNLSVersion GetProcessIdOfThread GetProcessWorkingSetSizeEx GetSystemFileCacheSize GetSystemFirmwareTable IsNLSDefinedString IsTimeZoneRedirectionEnabled NeedCurrentDirectoryForExePatchA NeedCurrentDirectoryForExePatchW ReOpenFile SetComPlusPackageInstallStatus SetEnvironmentStringsA SetEnvironmentStringsW SetFileCompletionNotificationModes SetFileShortNameA SetFileShortNameW SetFileValidData SetProcessWorkingSetSizeEx SetSearchPathMode SetSystemFileCacheSize Wow64DisableWow64FsRedirection Wow64EnableWow64FsRedirection Wow64RevertWow64FsRedirection Quote NTDLL / NTOSKRNL (2k3 SP2 blackwingcat): DbgQueryDebugFilterState DbgSetDebugFilterState DbgUiConvertStateChangeStructure DbgUiDebugActiveProcess DbgUiGetThreadDebugObject DbgUiIssueRemoteBreakin DbgUiRemoteBreakin DbgUiSetThreadDebugObject DbgUiStopDebugging ExpInterlockedPopEntrySListEnd ExpInterlockedPopEntrySListFault ExpInterlockedPopEntrySListResume KiFastSystemCall KiFastSystemCallRet KiIntSystemCall LdrFindResourceEx_U LdrHotPatchRoutine LdrOpenImageFileOptionsKey LdrQueryImageFileExecutionOptionsEx LdrQueryImageFileKeyOption NtAddDriverEntry NtApphelpCacheControl NtCompactKeys NtCompressKey NtCreateDebugObject NtCreateJobSet NtCreateKeyedEvent NtCreateProcessEx NtDebugActiveProcess NtDebugContinue NtDeleteDriverEntry NtEnumerateDriverEntries NtGetCurrentProcessorNumber NtLoadKeyEx NtLockRegistryKey NtMakePermanentObject NtModifyDriverEntry NtOpenKeyedEvent NtQueryDriverEntryOrder NtQueryOpenSubKeysEx NtQueryPortInformationProcess NtReleaseKeyedEvent NtRemoveProcessDebug NtRenameKey NtResumeProcess NtSetDriverEntryOrder NtSetEventBoostPriority NtSetInformationDebugObject NtSuspendProcess NtUnloadKey2 NtUnloadKeyEx NtWaitForDebugEvent NtWaitForKeyedEvent NtWaitForMultipleObjects32 RtlAcquirePrivilege RtlAddVectoredContinueHandler RtlAllocateActivationContextStack RtlCaptureStackContext RtlCheckProcessParameters RtlComputeImportTableHash RtlCopyMappedMemory RtlCreateServiceSid RtlCreateSystemVolumeInformationFolder RtlDosPathNameToNtPathName_U_WithStatus RtlDosPathNameToRelativeNtPathName_U RtlDosPathNameToRelativeNtPathName_U_WithStatus RtlExitUserThread RtlFindClearRuns RtlFormatMessageEx RtlFreeActivationContextStack RtlGetCriticalSectionRecursionCount RtlGetCurrentPeb RtlGetCurrentProcessorNumber RtlGetFullPathName_UstrEx RtlGetNativeSystemInformation RtlGetThreadErrorMode RtlGetUnloadEventTrace RtlImageNtHeaderEx RtlInitAnsiStringEx RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl RtlIsCriticalSectionLocked RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl RtlMapSecurityErrorToNtStatus RtlMultipleAllocateHeap RtlMultipleFreeHeap RtlQueueApcWow64Thread RtlReleasePrivilege RtlReleaseRelativeName RtlRemoveVectoredContinueHandler RtlSetEnvironmentStrings RtlSetProcessIsCritical RtlSetThreadErrorMode RtlSetThreadIsCritical RtlSetUnhandledExceptionFilter RtlWow64EnableFsRedirection RtlWow64EnableFsRedirectionEx _vscwprintf _wcstoui64 ZwAddBootEntry ZwAddDriverEntry ZwApphelpCacheControl ZwCompactKeys ZwCompareTokens ZwCompressKey ZwCreateDebugObject ZwCreateJobSet ZwCreateKeyedEvent ZwCreateProcessEx ZwDebugActiveProcess ZwDebugContinue ZwDeleteBootEntry ZwDeleteDriverEntry ZwEnumerateBootEntries ZwEnumerateDriverEntries ZwEnumerateSystemEnvironmentValuesEx ZwGetCurrentProcessorNumber ZwLoadKeyEx ZwLockProductActivationKeys ZwLockRegistryKey ZwMakePermanentObject ZwModifyBootEntry ZwModifyDriverEntry ZwOpenKeyedEvent ZwQueryBootEntryOrder ZwQueryBootOptions ZwQueryDriverEntryOrder ZwQueryOpenSubKeysEx ZwQueryPortInformationProcess ZwQuerySystemEnvironmentValueEx ZwReleaseKeyedEvent ZwRemoveProcessDebug ZwRenameKey ZwResumeProcess ZwSetBootEntryOrder ZwSetBootOptions ZwSetDriverEntryOrder ZwSetEventBoostPriority ZwSetInformationDebugObject ZwSetSystemEnvironmentValueEx ZwSuspendProcess ZwTraceEvent ZwTranslateFilePath ZwUnloadKey2 ZwUnloadKeyEx ZwWaitForDebugEvent ZwWaitForKeyedEvent ZwWaitForMultipleObjects32 Edited December 2, 2020 by piotrhn ntdll/ntoskrnl Link to comment Share on other sites More sharing options...
dencorso Posted December 2, 2020 Share Posted December 2, 2020 On 11/29/2020 at 10:48 AM, Ximonite said: Plans for future: Fix Dependency Walker and CFF Explorer crashes (this one has been around since the original KernelXE and I still haven't figured out why they happen) Add PAE through "/PAE" in boot.ini If I'm not mistaken, @Mov AX, 0xDEAD was addressing precisely those DepWalker and CFFExp issues, when he said: On 11/20/2020 at 8:35 AM, Mov AX, 0xDEAD said: Seems you are messed with arguments/stack at return, "ret x" must take return adress to parent, but it take from stack random arg and jump to it So, please, double-check the clean-ups at return time (= the value of x at the RET x instructions), on the functions/procedures you've added. Link to comment Share on other sites More sharing options...
Ximonite Posted December 2, 2020 Author Share Posted December 2, 2020 (edited) 36 minutes ago, dencorso said: If I'm not mistaken, @Mov AX, 0xDEAD was addressing precisely those DepWalker and CFFExp issues, when he said: So, please, double-check the clean-ups at return time (= the value of x at the RET x instructions), on the functions/procedures you've added. I am currently checking to see if this is the issue, which I have a feeling it is, since this sounds like something that could cause these kinds of issues. In my other post, I am just saying that I haven't confirmed anything as definitely causing the issue. Edited December 2, 2020 by Ximonite 1 Link to comment Share on other sites More sharing options...
Ximonite Posted December 3, 2020 Author Share Posted December 3, 2020 PAE Update: I have decided that I will add PAE support to KernelXE v0.2.3 instead of saving it for v0.2.4. This means the expected release of KernelXE will be pushed back, but I think PAE is worth the wait. Here is some decompiled code for one of the modifications I have already made to try to add PAE support: Original: LessThan16Mb = 1; for ( i = *(_UNICODE_STRING **)&RegistryPath[1].Length; i != &RegistryPath[1]; i = *(_UNICODE_STRING **)&i->Length ) { v10 = *(_DWORD *)&i[1].Length; if ( v10 != 6 && v10 != 22 && (unsigned int)i[1].Buffer + *(_DWORD *)&i[2].Length > 0x1000 ) { LessThan16Mb = 0; break; } } dword_8001A4E4 = 0x40; v11 = 0x10000; v12 = HalpAllocPhysicalMemory(RegistryPath, 0x1000000, 0x10, 1); if ( !v12 ) v11 = 0; PhysicalAddress.QuadPart = v12; dword_8001A4F4 = 0; NumberOfBytes = v11; if ( MEMORY[0xFFDF027D] ) { dword_8001A504 = 0x4000; v13 = 0x30000; v14 = HalpAllocPhysicalMemory(RegistryPath, 0xFFFFFFFF, 0x30, 1); if ( !v14 ) v13 = 0; dword_8001A510 = v14; dword_8001A514 = 0; dword_8001A508 = v13; } HalpCallbackRecord.State = 0; KeRegisterBugCheckCallback(&HalpCallbackRecord, HalpBugCheckCallback, 0, 0, "ACPI 1.0 - APIC platform MP"); } result = HalpInitMP(DriverObject, RegistryPath); if ( DriverObject == (PDRIVER_OBJECT)1 ) result = HalpEnableNMI(); LOBYTE(result) = 1; return result; } Modified: LessThan16Mb = 1; for ( i = *(_UNICODE_STRING **)&RegistryPath[1].Length; i != &RegistryPath[1]; i = *(_UNICODE_STRING **)&i->Length ) { v10 = *(_DWORD *)&i[1].Length; if ( v10 != 6 && v10 != 22 && (unsigned int)i[1].Buffer + *(_DWORD *)&i[2].Length > 0x1000 ) { LessThan16Mb = 0; break; } } dword_8001A4E4 = 0x4000; v11 = 0x30000; v12 = HalpAllocPhysicalMemory(RegistryPath, 0xFFFFFFFF, 0x30, 1); if ( !v12 ) v11 = 0; PhysicalAddress.QuadPart = v12; dword_8001A4F4 = 0; NumberOfBytes = v11; HalpCallbackRecord.State = 0; KeRegisterBugCheckCallback(&HalpCallbackRecord, HalpBugCheckCallback, 0, 0, "ACPI 1.0 - APIC platform MP"); } result = HalpInitMP(DriverObject, RegistryPath); if ( DriverObject == (PDRIVER_OBJECT)1 ) result = HalpEnableNMI(); LOBYTE(result) = 1; return result; } 2 Link to comment Share on other sites More sharing options...
windows2 Posted December 4, 2020 Share Posted December 4, 2020 Hello sir, If in the future you want to introduce the umdf feature in Windows 2000. Here is the link for the umdf 1.0 file : https://mega.nz/file/Y581BIqK#rHuL93SAeQ-5iURYBj3iwB-aynhN_JdmXx7j_zDrgH8 You can also find it with Windows Media Player 11. Be careful when trying it. Because it immediately causes BSoD, for unknown reasons Link to comment Share on other sites More sharing options...
Ximonite Posted December 5, 2020 Author Share Posted December 5, 2020 5 hours ago, windows2 said: Hello sir, If in the future you want to introduce the umdf feature in Windows 2000. Here is the link for the umdf 1.0 file : https://mega.nz/file/Y581BIqK#rHuL93SAeQ-5iURYBj3iwB-aynhN_JdmXx7j_zDrgH8 You can also find it with Windows Media Player 11. Be careful when trying it. Because it immediately causes BSoD, for unknown reasons I have already looked at what functions it needs and there were only a few missing in ntoskrnl. I also noticed that it requires WinUSB. Both of these will be added to KernelXE when they are confirmed working. 2 Link to comment Share on other sites More sharing options...
windows2 Posted December 5, 2020 Share Posted December 5, 2020 12 hours ago, Ximonite said: I have already looked at what functions it needs and there were only a few missing in ntoskrnl. I also noticed that it requires WinUSB. Both of these will be added to KernelXE when they are confirmed working. Thank you sir. Regarding WinUSB, I found that (BWC) modified it this year. See this link http://blog.livedoor.jp/blackwingcat/archives/1996953.html The changes he made : Improvements to the WinUSB 1.0 installer included in WinUSBCoInstaller.dll Improvements to the WinUSB 2.0 installer included in WinUSBCoInstaller2.dll Here is the update link http://win2k.org/wlu/wluen.htm (Update for Windows 2000 WinUSB 2.0(v3a)) Link to comment Share on other sites More sharing options...
windows2 Posted December 22, 2020 Share Posted December 22, 2020 On 11/4/2020 at 11:45 PM, Ximonite said: The big issue is that ntdll and kernel32 cannot be mixed, forcing people to choose between a better kernel32 or a better ntdll. The main goal of KernelXE is to eliminate this issue. Downloads: KernelXE v0.2.3 WildBill Update Collection XMNTCert Hi sir, now can I confuse BlackWinCat Extended kernel with KernelXE v0.2.3? Or do I have to reinstall Windows 2000 again ? Because I have BlackWinCat Extended kernel installed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now