XP running on a 486 cpu

[pappyN4]

@Dietmar Did you not make patch in .TEXT? 

I do not have file open, but from other two, do search for "align 80h" .  Other two had a little spot between TEXT and DATA.  Just enough for one patch i would think.

 

Or maybe just patch all files with same style and add 512byte TEXT at end of all?

Edited April 7 by pappyN4

[Dietmar]

@pappyN4

I make the same as yesterday: Just reserve 500 Bytes, adding space for a new .TXT

Dietmar

PS: No free space at all in .TEXT in original duser.dll

Edited April 7 by Dietmar

[Dietmar]

@pappyN4

Just now I swap my system32 folder against that system32 folder from before last reboot (which I saved from the same installation),

but now with ntoskrnl.exe, ntdll.dll and modded duser.dll

Lets see,

Dietmar

[pappyN4]

3 hours ago, Dietmar said:

All calls to such a relocated function use the new address, where I put it to.

This has the big advantage, that no extra jump at all has to be done,

Ah, I see what you did now.  You patched other functions in ntdll that call 5 old functions to codecave location.  I think cleaner would be just patch only the 5 old function + codecave and leaving all other functions as original.

@DietmarConsider.  I have program/driver/etc...  Driver imports ntdll or ntoskrnl.  Driver then tries to use one of old function from file, since old function all NOP, driver now error/BSOD. 

Maybe all old functions Private and not used by anything else and no problem.  But what if not?

[Dietmar]

@pappyN4 No no,

the function is the same as before. Only this sub_function has a new address,

nobody from outside will see any change

Dietmar

PS: Also on the fresh installation before last reboot it asks me now for password, just hit enter.

It is not a real problem and I think, that it can be solved with a registry setting.

I use always my Asrock z370 k6 compi, with "486-cpu" Standard XP SP3 install and /ONECPU switch in Bios.

Now the duser.dll is also ready. The functions, that you mentioned, are cleared out by Ida Pro, because nobody calls them.

Edited April 7 by Dietmar

[pappyN4]

15 minutes ago, Dietmar said:

PS: Also on the fresh installation before last reboot it asks me now for password, just hit enter.

It is not a real problem and I think, that it can be solved with a registry setting.

Weird. 

In duser.dll EN for cmpxchg8b I see ExInterlockedFlushSList, ExpInterlockedPopEntrySListEnd, InterlockedPushEntrySList, InterlockedPushListSList, RTLInterlockedCompareExchange64

If you replace duser.dll on computer that is not 486 computer, same password issue?

[Dietmar]

@pappyN4

here is ready

duser.dll for 486 compi, meaning without any cmpxchg8b

Deleted, because error. New files see post downwards

Now fun can start with real 486 compi..

Edited April 7 by Dietmar

[Dietmar]

With this duser.dll something is not ok.

With this modd comes always the password question and now I notice,

that I cant open Device Manager.

With modded ntoskrnl.exe and ntdll.dll all was ok before.

Now I put the original duser.dll back,

and voila, no password question and the Device Manager works again

Dietmar

EDIT: I find free space in .TEXT at .text:6C6B1818                 dd 7Ah dup(0)

Edited April 7 by Dietmar

[Dietmar]

@pappyN4

Yesssa, after first modd, no longer for password asking and Device Manager works.

So, to enlarge a file with CFF Explorer seems not always to work.

Just test always the best

Dietmar

[Dietmar]

Here are the from me tested files for XP SP3 486 cpu. Now, all is ok with duser.dll

Dietmar

https://ufile.io/b2sb8ouu

[pappyN4]

@Dietmar

Looking over.

In ntoskrnl,  KeInterlockedSwapPte emulation not needed?  I see its all zero out.

 

For ExpInterlockedPopEntrySList.  You have F0, should be EF?

 

[Dietmar]

@pappyN4

When a function has no call, nobody needs it.

Yes, you are correct with this jump. I think it works, because the mark is shown correct.

Anyway I will make a 486 version for English VL XP SP3 version.

Now I have the second case, that to make an enlarge of free space via CFF can be a nice or bad idea.

dpvoice.dll modd with CFF, now no sound..

I am sure, that I did everything correct, because I have my Opcodes from first try, they are identic.

Now I am looking for free space in dpvoice.dll

Dietmar

[pappyN4]

@DietmarI will try a EN duser.dll  But I will do a little differently and maybe you can test later if it still does the password problem you had.

 

 

[Dietmar]

Here is working dpvoice.dll for XP SP3 on a 486 cpu, now I have sound in Moorhuhn

Dietmar

https://ufile.io/rvo4cmdv

[mina7601]

14 minutes ago, Dietmar said:

Moorhuhn

Off-topic: This game is 1 of my childhood games that I have played. It was very fun.

Edited April 7 by mina7601