NTOSKRNL_Emu icon indicating copy to clipboard operation
NTOSKRNL_Emu copied to clipboard

Published 20 hours ago verified publisher icon MovAX0xDEAD

Latest changes

Open GeorgeK1ng opened this issue 2 years ago • 12 comments

Hi,

I have updated repository with latest changes.

v11 changes.

  1. Added Windows 7 ntoskrnl.exe v6.1.7601.25920 (win7sp1_ldr_escrow.220316-1740) exports x64 EtwSetInformation FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoEnumerateRegisteredFiltersListEx IoRegisterFsRegistrationChangeMountAwareEx KeConnectInterruptForHal KeFlushCurrentTbImmediately PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken SeGetLogonSessionToken

    x86 EtwSetInformation FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoEnumerateRegisteredFiltersListEx IoRegisterFsRegistrationChangeMountAwareEx KeConnectInterruptForHal KiMcaExceptionHandlerWrapper PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken SeGetLogonSessionToken

  2. Added Windows Vista ntoskrnl.exe v6.0.6003.21442 (vistasp2_ldr_escrow.220307-1719) exports x64 FsRtlInitializeExtraCreateParameter FsRtlInitializeExtraCreateParameterList FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoRegisterFsRegistrationChangeMountAware KeConnectInterruptForHal KeFlushCurrentTbImmediately PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken

    x86 FsRtlInitializeExtraCreateParameter FsRtlInitializeExtraCreateParameterList FsRtlPrepareToReuseEcp FsRtlRegisterUncProviderEx2 IoRegisterFsRegistrationChangeMountAware KeConnectInterruptForHal KiMcaExceptionHandlerWrapper PsDereferenceKernelStack PsReferenceKernelStack RtlIsSandboxedToken

  3. Added IoSynchronousCallDriver by Mov AX, 0xDEAD, https://msfn.org/board/topic/181615-ntoskrnl-emu_extender-for-windows-xp2003/?do=findComment&comment=1221893

  4. Added blank stubs (to fix missing imports) to allow porting Windows 8.0 Build 8056 Generic SD+MMC driver run under XP - 7. Proper code needs to be added, but currently driver starts and work without issues PoFxRegisterDevice PoFxUnregisterDevice PoFxSetComponentLatency PoFxSetComponentResidency PoFxStartDevicePowerManagement PoFxCompleteIdleState PoFxCompleteIdleCondition PoFxReportDevicePoweredOn PoFxCompleteDevicePowerNotRequired PoFxActivateComponent PoFxIdleComponent

  5. Added changes from pappyN4 repository, https://github.com/pappyN4/NTOSKRNL_Emu Added RtlInitAnsiStringEx, RtlInitUnicodeStringEx. Updated Readme

v12 changes

  1. Added memcmp to be able to port AMD RCRAID driver. Source code comes from https://stackoverflow.com/questions/5017659/implementing-memcmp

  2. Added MmMapIoSpaceEx which return MmMapIoSpace, according to MS documentation it should work https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-mmmapiospaceex https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-mmmapiospace

  3. Added RtlDowncaseUnicodeChar

GeorgeK1ng avatar Sep 15 '22 21:09 GeorgeK1ng

I noticed the redirects file has RTLDowncaseUnicodeChar, but when built for Vista, the ntoskrn8.sys doesn't have the function. I need RTLDowncaseUnicodeChar please.

K4sum1 avatar Sep 19 '22 23:09 K4sum1

I noticed the redirects file has RTLDowncaseUnicodeChar, but when built for Vista, the ntoskrn8.sys doesn't have the function. I need RTLDowncaseUnicodeChar please.

This means it needs to be coded for older systems. This function is only redirected in Windows 7 from it's native kernel

GeorgeK1ng avatar Sep 20 '22 10:09 GeorgeK1ng

I noticed the redirects file has RTLDowncaseUnicodeChar, but when built for Vista, the ntoskrn8.sys doesn't have the function. I need RTLDowncaseUnicodeChar please.

This means it needs to be coded for older systems. This function is only redirected in Windows 7 from it's native kernel

It exists in ntdll since XP, so it just needs to be redirected to ntoskrn8.sys.

K4sum1 avatar Sep 20 '22 11:09 K4sum1

I noticed the redirects file has RTLDowncaseUnicodeChar, but when built for Vista, the ntoskrn8.sys doesn't have the function. I need RTLDowncaseUnicodeChar please.

This means it needs to be coded for older systems. This function is only redirected in Windows 7 from it's native kernel

It exists in ntdll since XP, so it just needs to be redirected to ntoskrn8.sys.

What driver exactly require that? Can you link it? I need to check it before adding proper code

GeorgeK1ng avatar Sep 26 '22 13:09 GeorgeK1ng

What driver exactly require that? Can you link it? I need to check it before adding proper code

AMD GPU drivers starting with 15.12. I can get up to 15.11.x working by changing a few functions to their Vista compatible counterparts, but 15.12 adds RTLDowncaseUnicodeChar, and no matter what I do, I always get a BSOD after boot.

https://www.guru3d.com/files-details/amd-radeon-software-crimson-15-12-driver-download.html

K4sum1 avatar Sep 26 '22 13:09 K4sum1

What driver exactly require that? Can you link it? I need to check it before adding proper code

AMD GPU drivers starting with 15.12. I can get up to 15.11.x working by changing a few functions to their Vista compatible counterparts, but 15.12 adds RTLDowncaseUnicodeChar, and no matter what I do, I always get a BSOD after boot.

https://www.guru3d.com/files-details/amd-radeon-software-crimson-15-12-driver-download.html

Can you list also other functions that needs to be redirected?

IncompatibleFunction -> CompatibleOne

I can probably do that in extender too

GeorgeK1ng avatar Sep 27 '22 13:09 GeorgeK1ng

Sorry for the late response, I've been busy. I can't really test anything currently until next week. Also on top of changing the functions, I have to use the extended kernel as there's more stuffs without it that is a bit of a wall, so it won't really be accurate what I say.

K4sum1 avatar Sep 28 '22 18:09 K4sum1

Sorry for the late response, I've been busy. I can't really test anything currently until next week. Also on top of changing the functions, I have to use the extended kernel as there's more stuffs without it that is a bit of a wall, so it won't really be accurate what I say.

Hi I will update this project soon, I have added RTLDowncaseUnicodeChar as it's really easy function

GeorgeK1ng avatar Oct 07 '22 13:10 GeorgeK1ng

Can't wait

K4sum1 avatar Oct 08 '22 19:10 K4sum1

Sorry for the late response, I've been busy. I can't really test anything currently until next week. Also on top of changing the functions, I have to use the extended kernel as there's more stuffs without it that is a bit of a wall, so it won't really be accurate what I say.

Hi I will update this project soon, I have added RTLDowncaseUnicodeChar as it's really easy function :)

Hey, it's been over a week, and I really want to try this.

K4sum1 avatar Oct 17 '22 06:10 K4sum1

Sorry for the late response, I've been busy. I can't really test anything currently until next week. Also on top of changing the functions, I have to use the extended kernel as there's more stuffs without it that is a bit of a wall, so it won't really be accurate what I say.

Hi I will update this project soon, I have added RTLDowncaseUnicodeChar as it's really easy function :)

Hey, it's been over a week, and I really want to try this.

Project files updated

GeorgeK1ng avatar Oct 17 '22 08:10 GeorgeK1ng

Thank you, I have been able to get up to 18.3.4 working on my test machine with this. Currently trying out pro drivers to see what's the newest there I can get working.

K4sum1 avatar Oct 18 '22 04:10 K4sum1