Jump to content

KernelEx for Windows XP?

Joaquim

By Joaquim
in Windows XP

 Share

Recommended Posts

Zorba the Geek

Zorba the Geek

Posted
Posted (edited)
On 17 May 2024 at 12:27 AM, jumper said:

Write your own code. Look at the function documentation and start with a failure stub. Only spend more time when necessary.

 

Even if I was capable of writing my own code this would be reinventing the wheel because Wine and Reactos have already done this.  I still think that disassembling BWCs extended W2K kernel is a problematic way of going about this when it would be more logical to create an extension DLL by compiling the C code provided by Wine.  If someone could tell me how to modify Wine code so that it is compatible with Windows XP I might have a go at doing it myself.

Edited by Zorba the Geek

Zorba the Geek

Zorba the Geek

Posted
Posted (edited)

i have been experimenting with adding a new section to XP's kernel32.dll which will be the location for an enlarged export table including lots of new NT6 functions. 

The tool for doing this seems to be limited to WildBill's PE Tool.  CF Explorer will enable you to create a new section, but it is located below the .reloc section and you cannot move it up to where it should be which is above the .rsrc section.  BWC's PE Maker has a section for editing section tables, but I cannot find a way to create a new section using it.  Are there any other alternatives?

Below is a summary of the section tables for BWC's kernel32.dll version 5.0.2195.7273.

.text
virtual address = 00001000
virtual size = 00059FF8
virtual end = 0005AFF8

slack = 8

.data
virtual beginning = 0005B000
virtual size = 0000375C
virtual end = 0005E75C

slack = 8A4

.code
virtual beginning = 0005F000
virtual size = 00007E00
virtual end = 00066E00

slack = 200

.rsrc
virtual beginning = 00067000
virtual size = 00057754
virtual end = 000BE754

slack = 8AC

.reloc
virtual beginning = 000BF000
virtual size = 00003FD2
virtual end = 000C2FD2

slack = 2E

Below is data for the export table as reported by dumppe:

Directory Name                          VirtAddr        VirtSize      VirtEnd
--------------------------------------   --------           --------        -------
Export                                         0005F800    0000757F  00066D7F

As you can see the export table has been relocated to the new .code section which is big enough to accommodate it.

Below is a summary of the section tables for an unmodified kernel32.dll version 5.1.2600.7682.  The slack between sections is where I would expect new sections to be loacated:

.text
virtual address = 00001000
virtual size = 00008413D
virtual end = 0008513D

slack = EC3

.data
virtual beginning = 00086000
virtual siz = 00004440
virtual end = 0008A440

slack = BC0

.rsrc
virtual beginning = 0008B000
virtual size = 00065EF8
virtual end = 000F0EF8

slack = 108

.reloc
virtual beginning = 000F1000
virtual size = 5CF4
virtual end = 000F6CF4

slack = 30C

Below is data for the export table as reported by dumppe:

Directory Name                          VirtAddr      VirtSize      VirtEnd
--------------------------------------  -----------      ---------       ---------
Export                                        0000274C  00006D19  00009465

Using PE Tool I found that I could only designate a maximum size of 800h for a new section below .data.  By consuming the slack below my new section this was enlarged to 1000h.  As you can see this is inadequate to accommodate the export directory with a size of 6D19.  Can someone explain to me how BWC managed to create his new .code section with a size of 7E00?

Edited by Zorba the Geek
Dibya

Dibya

Posted
Posted (edited)

Here i am attaching some SRW LOck C++ Implementation,  try to convert it to DLL.

It uses YieldProcessor so u need a SSE2 Capable cpu for mm_pause SSE2 primitives inside that macro. My advise will be just forward it using pemaker,

doing codecave is fun but it is unnecessary work

Regards Dibya

srwlock.cpp

Edited by Dibya
Dibya

Dibya

Posted
Posted 
/* Simply u can use it */ 
VOID
WINAPI
AcquireSRWLockExclusive(PSRWLOCK Lock)
{   /*:: is for scope assigment to retrive function call from within srwlockxp, add this your DLL def file, it will export it*/
	srwlockxp::RtlAcquireSRWLockExclusive((PRTL_SRWLOCK)Lock);
}

Get a Copy of Visual Studio 2017 , if u are on XP with VS2010, it might need Clang Mod or some changes with code.

  • 2 weeks later...
LordGarfio

LordGarfio

Posted
Posted

@Zorba the Geek

Microsoft Visual C++ 2015-2019 v16.7 Redistributable v14.27.29114 for Windows XP

Windows XP Support
The last version of the Visual C++ Redistributable that works on Windows XP shipped in Visual Studio 2019 version 16.7 (file versions starting with 14.27).

docs.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170

 

Configuring Programs for Windows XP

Visual Studio supports multiple platform toolsets...

learn.microsoft.com/en-us/cpp/build/configuring-programs-for-windows-xp?view=msvc-170

 

Cheers.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...