W
Windows 2000/2003/NT4 Latest Topics
Happy new year.
I planed to customize Windows 2000 kernel32.dll.
Download site(Japanese)
v2
kernel is only prevent from appear ".exe is not a valid Win32 application".
v5
kernel extends some functions.
v10b
kernel extends more functions and add customized wtsapi32.dll.
* English version released on 1st Feb(v10/a has bug. please download v10b).
* Italian version released on 26th Jun.
* Traditional Chinese version has problem( v10b3 Fixed Jun 26th)
v11e
Added RtlCaptureStackBackTrace, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW and GetHandleContext in kernel32.dll.
Advapi32.dll supported SystemFunction036 and TraceMessage(stub),fixed SetServiceStatus.
Packed with ntdll.dll and setupapi.dll
v12b
Added WTSGetActiveConsoleSessionId, in kernel32,
Fixed user32.dll null pointer problem.
v13i
Added FreeAddrInfoW, freeaddrinfo, getaddrinfo, getnameinfo in ws2_32.dll.
Added RemoveVectoredExceptionHandler, AddVectoredExceptionHandler in kernel32.
v15
Added WSANSPIoctl in ws2_32.dll.
Added RtlCaptureContext, GetGeoInfoW, GetUserGeoID in kernel32.
Added GetAdaptersAddresses, Icmp6CreateFile, Icmp6ParseReplies, Icmp6SendEcho2, IcmpCloseHandle, IcmpCreateFile, IcmpParseReplies, IcmpSendEcho2, IcmpSendEcho, CancelIPChangeNotify in iphlpapi.
Added CryptStringToBinaryA, CryptStringToBinaryW, CryptBinaryToStringA, CryptBinaryToStringW int CRYPT32.
Added IsUserAnAdmin, SHParseDisplayName, SHGetFolderPathAndSubDirW, SHOpenFolderAndSelectItems in Shell32.
Expanded SHFolder My Music, My Video, CDBurn, OEMLink Folder.
Added IsWindowInDestroy, DefRawInputProc, GetRawInputBuffer, GetRegisteredRawInputDevices, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetRawInputData, RegisterRawInputDevicesGetWindowRgnBox, MessageBoxTimeout in user32.
Added FlushTraceW in advapi32.dll
v15l
Added rpcrt4.dll (based on WildBill's hotix)
Added GetGeoInfoA in kernel32.
Added DnsFree in dnsapi.
Added A_SHAFinal, A_SHAInit, A_SHAUpdate, MD5Update, MD5Final, MD5Init in advapi32.dll
v15p2
Added SHSetUnreadMailCountW and SHEnumerateUnreadMailAccountsW in Shell32
Added MD4Init, MD4Final, MD4Update, CredFree, CredWriteW, CredEnumerateW, CredDeleteW, CredReadW in advapi32.
Fixed SystemFunction036 compatibility in advapi32.
Added GetProcessImageFileNameA/W in psapi
Added GetSystemTimes in Kernel32
Added GetAddrInfoW in ws2_32
Fixed SystemLink Class in User32.dll
v15q
Added RpcServerInqCallAttributesW in rpcrt4
Added SHGetFolderPathAndSubDirA in shell32
Added GetVolumePathNamesForVolumeNameA/W in kernel32
Supported NoStrCmpLogical
v15r
Added IsProcessInJob in kernel32
v17c
Added Customized Userenv
Added AES128/192/256 support.
Added esent(XP)/esent97(XP) for migrated for Win2000.
add stubbed CoInternetIsFeatureEnabled, CoInternetSetFeatureEnabled urlmon.dll
add EngIsSemaphoreOwned and EngBugCheckEx in win32k.sys
Add dblhelp.dll
v17h
Add the following functions in setupapi.dll
pSetupFree
pSetupMalloc
pSetupRealloc
pSetupIsUserAdmin
pSetupUnicodeToMultiByte
pSetupMultiByteToUnicode
pSetupAcquireSCMLock
pSetupAddMiniIconToList
pSetupAddTagToGroupOrderListEntry
pSetupAppendStringToMultiSz
pSetupCaptureAndConvertAnsiArg
pSetupCenterWindowRelativeToParent
pSetupConcatenatePaths
pSetupDoesUserHavePrivilege
pSetupDuplicateString
pSetupEnablePrivilege
pSetupFreeStringArray
pSetupGetCurrentDriverSigningPolicy
pSetupGetVersionInfoFromImage
pSetupHandleFailedVerification
pSetupInfIsFromOemLocation
pSetupInstallCatalog
pSetupInstallStopEx
pSetupOpenAndMapFileForRead
pSetupOutOfMemory
pSetupQueryMultiSzValueToArray
pSetupRegistryDelnode
pSetupRetrieveServiceConfig
pSetupSetArrayToMultiSzValue
pSetupShouldDeviceBeExcluded
pSetupStringTableAddString
pSetupStringTableAddStringEx
pSetupStringTableDestroy
pSetupStringTableDuplicate
pSetupStringTableEnum
pSetupStringTableGetExtraData
pSetupStringTableInitialize
pSetupStringTableInitializeEx
pSetupStringTableLookUpString
pSetupStringTableLookUpStringEx
pSetupStringTableSetExtraData
pSetupStringTableStringFromId
pSetupStringTableStringFromIdEx
pSetupUnmapAndCloseFile
pSetupVerifyCatalogFile
pSetupVerifyFile
Add the following functions in iphlpapi.dll
DisableMediaSense
GetBestInterfaceEx
GetExtendedTcpTable
GetExtendedUdpTable
RestoreMediaSense
GetIpErrorString
v15y/v17n
added the following functions in ntdll
RtlInitUnicodeStringEx
NtDeleteBootEntry
NtModifyBootEntry
NtAddBootEntry
NtEnumerateBootEntries
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetBootEntryOrder
NtSetBootOptions
NtEnumerateSystemEnvironmentValuesEx
NtTranslateFilePath
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
RtlCaptureContext
vDbgPrintExWithPrefix
vDbgPrintEx
DbgPrintEx
RtlInterlockedPushListSList
RtlFirstEntrySList
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlQueryDepthSList
RtlInterlockedPushEntrySList
fixed the problem of GetExtendedTcpTable and GetExtendedUdpTable.
and added GetUdpExTable2FromStack and GetTcpExTable2FromStack in iphlpapi
Added RpcServerUnregisterIfEx in rpcrt4
Added in advapi32 the following functions
SaferiChangeRegistryScope
SaferComputeTokenFromLevel
SaferGetLevelInformation
SaferCloseLevel
SaferCreateLevel
SaferIdentifyLevel
SaferSetPolicyInformation
SaferGetPolicyInformation
SaferRecordEventLogEntry
SaferSetLevelInformation
FlushTraceA
UpdateTraceW
UpdateTraceA
StopTraceW
StopTraceA
QueryTraceW
QueryTraceA
IsTokenUntrusted
EnumerateTraceGuids
GetInheritanceSourceA
TreeResetNamedSecurityInfoW
FreeInheritedFromArray
GetInheritanceSourceW
CredWriteDomainCredentialsW
CredpDecodeCredential
CredpEncodeCredential
CredIsMarshaledCredentialW
CredpConvertCredential
CredpConvertTargetInfo
Added SHGetImageList and SHCreateShellItem in shell32
Added the following functions in kernel32
GetVolumePathNamesForVolumeNameW
GetVolumePathNamesForVolumeNameA
IsProcessInJob
GetCurrentActCtx
GetThreadId
GetDllDirectoryW
v2.0a
added CoRevokeInitializeSpy and CoRegisterInitializeSpy in ole32.dll
* Sorry , v16 is still Japanese only.
English and Traditional Chinese and japanese version v15y and v2.0a are released.
But I can't debug English version.
Will anybody check if they work ?
(Don't install different language patch !)
Although I think there is no problem in v2 kernel, not sure about v5 kernel
Because of the risk, I hope that you install it on VMWare.
* The following is Action when BSoD appears,
- Enter Edit mode the Virtual Machine.
- Select target Hard disk.
- Select Map in Utility.
- Uncheck Readonly
- Copy kernel32.dll from Z:\Windows\$NtUninstallKB935839-v5$\ to to Z:\Windows\system32\ (Perhaps not Windows but Winnt).
- Close Z Drive
- Unmap Drive
Following functions. are extended on v5 kernel.
- DecodePointer
- EncodePointer
- GetNativeSystemInfo
- GetProcessHandleCount
- SetDllDirectoryW
- IsWow64Process
Following functions. are also extended on v6/7 kernel.
- IsWow64Message
- CheckRemoteDebuggerPresent
- SetDllDirectoryA
- GetModuleHandleExW
- InterlockedPopEntrySList
- InterlockedPushEntrySList
- InitializeSListHead
- InterlockedFlushSList
- QueryDepthSList
Following functions. are also extended on v8 kernel.
(You must use customized msvcr80.dll and msvcr90.dll in v8 package)
- FindActCtxSectionStringA
- FindActCtxSectionStringW
If v5 kernel has no problem, some programs which compiled on VS2010 work on Windows 2000.
And Kernel Core Project.
added the following functions
videoprt.sys
VideoPortUnlockBuffer
VideoPortLockBuffer
VideoPortFlushRegistry
ntoskrnl/ntkrnlpa
_alldvrm
_alloca_probe
_aulldvrm
_vsnwprintf
DbgPrintEx
ExfInterlockedCompareExchange64
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveIrp
IoCsqRemoveNextIrp
IoSetCompletionRoutineEx
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeDeregisterBugCheckReasonCallback
KeFlushQueuedDpcs
KeRegisterBugCheckReasonCallback
KeReleaseInStackQueuedSpinLockFromDpcLevel
RtlGetVersion
RtlRandomEx
InterlockedPopEntrySList
InterlockedPushEntrySList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
KeGetRecommendedSharedDataAlignment
PsGetThreadId
PsGetThreadProcessId
PsGetCurrentThread
PsGetCurrentThreadStackLimit
PsGetCurrentThreadStackBase
PsGetCurrentProcess
ObSetSecurityObjectByPointer
SeTokenObjectType
KeAreApcsDisabled
hal.dll
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
Kernel Core project English / German / Italian / Japanese / Traditional Chinese /English are available.
Pinned for importance - Tommy
Continue reading...
I planed to customize Windows 2000 kernel32.dll.
Download site(Japanese)
v2
kernel is only prevent from appear ".exe is not a valid Win32 application".
v5
kernel extends some functions.
v10b
kernel extends more functions and add customized wtsapi32.dll.
* English version released on 1st Feb(v10/a has bug. please download v10b).
* Italian version released on 26th Jun.
* Traditional Chinese version has problem( v10b3 Fixed Jun 26th)
v11e
Added RtlCaptureStackBackTrace, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW and GetHandleContext in kernel32.dll.
Advapi32.dll supported SystemFunction036 and TraceMessage(stub),fixed SetServiceStatus.
Packed with ntdll.dll and setupapi.dll
v12b
Added WTSGetActiveConsoleSessionId, in kernel32,
Fixed user32.dll null pointer problem.
v13i
Added FreeAddrInfoW, freeaddrinfo, getaddrinfo, getnameinfo in ws2_32.dll.
Added RemoveVectoredExceptionHandler, AddVectoredExceptionHandler in kernel32.
v15
Added WSANSPIoctl in ws2_32.dll.
Added RtlCaptureContext, GetGeoInfoW, GetUserGeoID in kernel32.
Added GetAdaptersAddresses, Icmp6CreateFile, Icmp6ParseReplies, Icmp6SendEcho2, IcmpCloseHandle, IcmpCreateFile, IcmpParseReplies, IcmpSendEcho2, IcmpSendEcho, CancelIPChangeNotify in iphlpapi.
Added CryptStringToBinaryA, CryptStringToBinaryW, CryptBinaryToStringA, CryptBinaryToStringW int CRYPT32.
Added IsUserAnAdmin, SHParseDisplayName, SHGetFolderPathAndSubDirW, SHOpenFolderAndSelectItems in Shell32.
Expanded SHFolder My Music, My Video, CDBurn, OEMLink Folder.
Added IsWindowInDestroy, DefRawInputProc, GetRawInputBuffer, GetRegisteredRawInputDevices, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetRawInputData, RegisterRawInputDevicesGetWindowRgnBox, MessageBoxTimeout in user32.
Added FlushTraceW in advapi32.dll
v15l
Added rpcrt4.dll (based on WildBill's hotix)
Added GetGeoInfoA in kernel32.
Added DnsFree in dnsapi.
Added A_SHAFinal, A_SHAInit, A_SHAUpdate, MD5Update, MD5Final, MD5Init in advapi32.dll
v15p2
Added SHSetUnreadMailCountW and SHEnumerateUnreadMailAccountsW in Shell32
Added MD4Init, MD4Final, MD4Update, CredFree, CredWriteW, CredEnumerateW, CredDeleteW, CredReadW in advapi32.
Fixed SystemFunction036 compatibility in advapi32.
Added GetProcessImageFileNameA/W in psapi
Added GetSystemTimes in Kernel32
Added GetAddrInfoW in ws2_32
Fixed SystemLink Class in User32.dll
v15q
Added RpcServerInqCallAttributesW in rpcrt4
Added SHGetFolderPathAndSubDirA in shell32
Added GetVolumePathNamesForVolumeNameA/W in kernel32
Supported NoStrCmpLogical
v15r
Added IsProcessInJob in kernel32
v17c
Added Customized Userenv
Added AES128/192/256 support.
Added esent(XP)/esent97(XP) for migrated for Win2000.
add stubbed CoInternetIsFeatureEnabled, CoInternetSetFeatureEnabled urlmon.dll
add EngIsSemaphoreOwned and EngBugCheckEx in win32k.sys
Add dblhelp.dll
v17h
Add the following functions in setupapi.dll
pSetupFree
pSetupMalloc
pSetupRealloc
pSetupIsUserAdmin
pSetupUnicodeToMultiByte
pSetupMultiByteToUnicode
pSetupAcquireSCMLock
pSetupAddMiniIconToList
pSetupAddTagToGroupOrderListEntry
pSetupAppendStringToMultiSz
pSetupCaptureAndConvertAnsiArg
pSetupCenterWindowRelativeToParent
pSetupConcatenatePaths
pSetupDoesUserHavePrivilege
pSetupDuplicateString
pSetupEnablePrivilege
pSetupFreeStringArray
pSetupGetCurrentDriverSigningPolicy
pSetupGetVersionInfoFromImage
pSetupHandleFailedVerification
pSetupInfIsFromOemLocation
pSetupInstallCatalog
pSetupInstallStopEx
pSetupOpenAndMapFileForRead
pSetupOutOfMemory
pSetupQueryMultiSzValueToArray
pSetupRegistryDelnode
pSetupRetrieveServiceConfig
pSetupSetArrayToMultiSzValue
pSetupShouldDeviceBeExcluded
pSetupStringTableAddString
pSetupStringTableAddStringEx
pSetupStringTableDestroy
pSetupStringTableDuplicate
pSetupStringTableEnum
pSetupStringTableGetExtraData
pSetupStringTableInitialize
pSetupStringTableInitializeEx
pSetupStringTableLookUpString
pSetupStringTableLookUpStringEx
pSetupStringTableSetExtraData
pSetupStringTableStringFromId
pSetupStringTableStringFromIdEx
pSetupUnmapAndCloseFile
pSetupVerifyCatalogFile
pSetupVerifyFile
Add the following functions in iphlpapi.dll
DisableMediaSense
GetBestInterfaceEx
GetExtendedTcpTable
GetExtendedUdpTable
RestoreMediaSense
GetIpErrorString
v15y/v17n
added the following functions in ntdll
RtlInitUnicodeStringEx
NtDeleteBootEntry
NtModifyBootEntry
NtAddBootEntry
NtEnumerateBootEntries
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetBootEntryOrder
NtSetBootOptions
NtEnumerateSystemEnvironmentValuesEx
NtTranslateFilePath
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
RtlCaptureContext
vDbgPrintExWithPrefix
vDbgPrintEx
DbgPrintEx
RtlInterlockedPushListSList
RtlFirstEntrySList
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlQueryDepthSList
RtlInterlockedPushEntrySList
fixed the problem of GetExtendedTcpTable and GetExtendedUdpTable.
and added GetUdpExTable2FromStack and GetTcpExTable2FromStack in iphlpapi
Added RpcServerUnregisterIfEx in rpcrt4
Added in advapi32 the following functions
SaferiChangeRegistryScope
SaferComputeTokenFromLevel
SaferGetLevelInformation
SaferCloseLevel
SaferCreateLevel
SaferIdentifyLevel
SaferSetPolicyInformation
SaferGetPolicyInformation
SaferRecordEventLogEntry
SaferSetLevelInformation
FlushTraceA
UpdateTraceW
UpdateTraceA
StopTraceW
StopTraceA
QueryTraceW
QueryTraceA
IsTokenUntrusted
EnumerateTraceGuids
GetInheritanceSourceA
TreeResetNamedSecurityInfoW
FreeInheritedFromArray
GetInheritanceSourceW
CredWriteDomainCredentialsW
CredpDecodeCredential
CredpEncodeCredential
CredIsMarshaledCredentialW
CredpConvertCredential
CredpConvertTargetInfo
Added SHGetImageList and SHCreateShellItem in shell32
Added the following functions in kernel32
GetVolumePathNamesForVolumeNameW
GetVolumePathNamesForVolumeNameA
IsProcessInJob
GetCurrentActCtx
GetThreadId
GetDllDirectoryW
v2.0a
added CoRevokeInitializeSpy and CoRegisterInitializeSpy in ole32.dll
* Sorry , v16 is still Japanese only.
English and Traditional Chinese and japanese version v15y and v2.0a are released.
But I can't debug English version.
Will anybody check if they work ?
(Don't install different language patch !)
Although I think there is no problem in v2 kernel, not sure about v5 kernel
Because of the risk, I hope that you install it on VMWare.
* The following is Action when BSoD appears,
- Enter Edit mode the Virtual Machine.
- Select target Hard disk.
- Select Map in Utility.
- Uncheck Readonly
- Copy kernel32.dll from Z:\Windows\$NtUninstallKB935839-v5$\ to to Z:\Windows\system32\ (Perhaps not Windows but Winnt).
- Close Z Drive
- Unmap Drive
Following functions. are extended on v5 kernel.
- DecodePointer
- EncodePointer
- GetNativeSystemInfo
- GetProcessHandleCount
- SetDllDirectoryW
- IsWow64Process
Following functions. are also extended on v6/7 kernel.
- IsWow64Message
- CheckRemoteDebuggerPresent
- SetDllDirectoryA
- GetModuleHandleExW
- InterlockedPopEntrySList
- InterlockedPushEntrySList
- InitializeSListHead
- InterlockedFlushSList
- QueryDepthSList
Following functions. are also extended on v8 kernel.
(You must use customized msvcr80.dll and msvcr90.dll in v8 package)
- FindActCtxSectionStringA
- FindActCtxSectionStringW
If v5 kernel has no problem, some programs which compiled on VS2010 work on Windows 2000.
And Kernel Core Project.
added the following functions
videoprt.sys
VideoPortUnlockBuffer
VideoPortLockBuffer
VideoPortFlushRegistry
ntoskrnl/ntkrnlpa
_alldvrm
_alloca_probe
_aulldvrm
_vsnwprintf
DbgPrintEx
ExfInterlockedCompareExchange64
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveIrp
IoCsqRemoveNextIrp
IoSetCompletionRoutineEx
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeDeregisterBugCheckReasonCallback
KeFlushQueuedDpcs
KeRegisterBugCheckReasonCallback
KeReleaseInStackQueuedSpinLockFromDpcLevel
RtlGetVersion
RtlRandomEx
InterlockedPopEntrySList
InterlockedPushEntrySList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
KeGetRecommendedSharedDataAlignment
PsGetThreadId
PsGetThreadProcessId
PsGetCurrentThread
PsGetCurrentThreadStackLimit
PsGetCurrentThreadStackBase
PsGetCurrentProcess
ObSetSecurityObjectByPointer
SeTokenObjectType
KeAreApcsDisabled
hal.dll
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
Kernel Core project English / German / Italian / Japanese / Traditional Chinese /English are available.
Pinned for importance - Tommy
Continue reading...