Page 3 of 5 FirstFirst 12345 LastLast
Results 31 to 45 of 64

Thread: XP on modern systems

  1. #31
    Quote Originally Posted by WaxfordSqueers View Post
    VEN_8086&DEV_15BC for an Intel 1219-v LAN chip.
    maybe i shot into the dark, i just try to make it quick

    but looking at the intel website for:
    "Intel® Ethernet Connection I219-V"

    the I219-V is listed as "os independed" supported (Date: 11/4/2019)
    https://downloadcenter.intel.com/download/22283/Intel-Ethernet-Adapter-Complete-Driver-Pack

    can i have the motherboard name and identifier ?

    im not certain what is searched anymore: lan driver, chipset, usb 3.0 driver, grafics card driver or for softice functionality (joke) :-)
    they installed as single drivers or procedure

    for a big update to kernelbase.dll and kernel32.dll and maybe ntoskrnl we would need some people to call together
    in this case maybe there is some room from different websites too
    a similiar idea exited in the thread kayaker posted
    if the people come together there might be a solution to that question

    the export if is made by either supervisor mode or user mode is given by windows to the searching module (executable,dll ect.) it does this over the pe header/structure by reading out the exports/imports, what follows a norm in the pe header
    system driver do have a pe header/structure too
    the identifiers are the name of the exporting module "like kernel32.dll"
    then the name of the function in that module like "GetProcAddress"

  2. #32
    Quote Originally Posted by Elenil View Post
    "Intel® Ethernet Connection I219-V"...can i have the motherboard name and identifier ?
    The mobo is an Asus B360M-C/CSM. It's a 300-series mobo and there is the problem with the LAN driver being declared OS-independent by Intel. It's their chipset and they have not issued a mobo since 2014, or so. Any specifications I have seen from them is in reference to the 200-series mobos. They seem to be supporting Micro$oft's boycott off XP and W7 on mobo's after the 200-series.

    The current driver for W7 on this mobo is e1d62x64.sys. My XP driver is e1e5132.sys. I am a bit foggy on this since I have not looked at it closely for a while, due to other commitments, but when I run Depends on the current XP driver with the current ntoskrnl and NDIS version 5.1, I get no missing exports. Naturally, that is to be expected but it raises the question as to what exactly am I looking for?

    My experience with other XP drivers that 'should not' work with 300-series mobo is that they work fine. Therefore, should I try to somehow upgrade the current XP Intel LAN driver, since it is rated in the INF file for version 6.0 (W7) as well as 5.1 (XP) or try to adapt a W7 x86 driver which has many exports missing in ntoskrnl and ndis.sys?

    missing exports....

    If I use the x86 e1d6232.sys driver in Depends, aimed at a W7 NTx86.6.1.1 OS, I get about 12 errors in ntoskrnl and about 30 errors in ndis.sys.

    ntoskrnl exports...

    *** marks missing

    ***EtwWrite
    ExAllocatePoolWithTag
    ExFreePoolWithTag
    IoAllocateErrorLogEntry
    ***IoGetAffinityInterrupt
    IoGetDeviceProperty
    IoWMIRegistrationControl
    IoWriteErrorLogEntry
    IofCompleteRequest
    KeAcquireInStackQueuedSpinLockAtDpcLevel
    KeBugCheckEx
    ***KeGetProcessorIndexFromNumber
    ***KeGetProcessorNumberFromIndex
    KeInitializeMutex
    ***KeQueryHighestNodeNumber
    KeQuerySystemTime
    KeReleaseInStackQueuedSpinLockFromDpcLevel
    KeReleaseMutex
    KeWaitForSingleObject
    KefAcquireSpinLockAtDpcLevel
    KefReleaseSpinLockFromDpcLevel
    MmGetSystemRoutineAddress
    MmMapLockedPagesSpecifyCache
    ***PoRegisterPowerSettingCallback
    ***PoUnregisterPowerSettingCallback
    RtlAppendUnicodeStringToString
    RtlCompareMemory
    RtlCopyUnicodeString
    RtlGetVersion
    RtlInitUnicodeString
    ZwClose
    ZwOpenFile
    _alldiv
    _allmul
    _allshl
    _aulldiv
    _aullshr
    _purecall
    _vsnwprintf
    memcpy
    ***memcpy_s
    memset
    ***sprintf_s
    ***strcpy_s
    ***vsprintf_s

    ndis exports...

    NdisAcquireReadWriteLock
    ***NdisAllocateIoWorkItem
    ***NdisAllocateMdl
    NdisAllocateMemoryWithTag
    ***NdisAllocateMemoryWithTagPriority
    ***NdisAllocateNetBufferAndNetBufferList
    ***NdisAllocateNetBufferListPool
    NdisCloseConfiguration
    ***NdisDeregisterDeviceEx
    ***NdisFreeIoWorkItem
    ***NdisFreeMdl
    NdisFreeMemory
    ***NdisFreeNetBufferList
    ***NdisFreeNetBufferListPool
    NdisGetRoutineAddress
    NdisGetVersion
    ***NdisGroupActiveProcessorCount
    NdisInitializeEvent
    NdisInitializeReadWriteLock
    NdisInitializeString
    ***NdisMAllocateNetBufferSGList
    NdisMAllocateSharedMemory
    NdisMCancelTimer
    ***NdisMDeregisterInterruptEx
    ***NdisMDeregisterMiniportDriver
    ***NdisMDeregisterScatterGatherDma
    ***NdisMFreeNetBufferSGList
    NdisMFreeSharedMemory
    ***NdisMGetBusData
    NdisMGetDeviceProperty
    ***NdisMIndicateReceiveNetBufferLists
    ***NdisMIndicateStatusEx
    NdisMInitializeTimer
    NdisMMapIoSpace
    NdisMQueryAdapterInstanceName
    ***NdisMRegisterInterruptEx
    ***NdisMRegisterMiniportDriver
    ***NdisMRegisterScatterGatherDma
    NdisMRemoveMiniport
    NdisMResetComplete
    ***NdisMSendNetBufferListsComplete
    ***NdisMSetBusData
    ***NdisMSetMiniportAttributes
    NdisMSetPeriodicTimer
    NdisMSleep
    NdisMUnmapIoSpace
    ***NdisOpenConfigurationEx
    ***NdisQueueIoWorkItem
    NdisReadConfiguration
    NdisReadNetworkAddress
    ***NdisRegisterDeviceEx
    NdisReleaseReadWriteLock
    NdisResetEvent
    NdisSetEvent
    ***NdisSetOptionalHandlers
    NdisSetTimer
    NdisWaitEvent

  3. #33
    you probaly right
    there any kinds of drivers even for ms-dos
    so microsoft really trying to take out any kind of the nt-series 4.0 - vista
    even tho microsoft is saying those are os independed supported

    but at least you found the e1e5132.sys you can use
    that might fixed the problem? or did that cause a different problem?

    it looks like kernelbase was invented with windows 7 instead of vista and therefore got version 6.1

    the problem here looks not very big when you look the missing functions in ntosrkl
    ***sprintf_s
    ***strcpy_s
    ***vsprintf_s
    ***memcpy_s
    for example those would be a childsplay


    if we load a newer ndis.sys like 6.1 that would cause more missing functions to ntoskrnl
    so in this case we would have to add many missing functions to ntoskrnl


    the other road maybe leads to write the missing exports to both ntoskrnl and ndis.sys (instead of using a newer ndis.sys and only going for ntoskrnl)
    then only that single driver will work since it found those functions on ndis and ntoskrnl


    since microsoft wrote a ms-dos useable driver there certainly got os independed solutions but do not offer them

  4. #34
    Quote Originally Posted by Elenil View Post
    ...but at least you found the e1e5132.sys you can use
    that might fixed the problem? or did that cause a different problem?
    That's the stock XP LAN driver and it does not have the B360 300-series device code in the INF file. I might add it to see what happens but the W7 INF file has many more registry entries in the INF file and uses a co-installer.

    Quote Originally Posted by Elenil View Post
    ...if we load a newer ndis.sys like 6.1 that would cause more missing functions to ntoskrnl so in this case we would have to add many missing functions to ntoskrnl ...
    I have tried ndis 6.2 in Depends with the equivalent ntoskrnl from W7 x86 and it creates more problems. It is looking for missing exports in another driver used by W7 that XP does not use.

    Quote Originally Posted by Elenil View Post
    ...the other road maybe leads to write the missing exports to both ntoskrnl and ndis.sys (instead of using a newer ndis.sys and only going for ntoskrnl) then only that single driver will work since it found those functions on ndis and ntoskrnl
    Yeah...I think that might be the best way.

  5. #35
    Quote Originally Posted by WaxfordSqueers View Post
    That's the stock XP LAN driver and it does not have the B360 300-series device code in the INF file. I might add it to see what happens but the W7 INF file has many more registry entries in the INF file and uses a co-installer.

    I have tried ndis 6.2 in Depends with the equivalent ntoskrnl from W7 x86 and it creates more problems. It is looking for missing exports in another driver used by W7 that XP does not use.

    Yeah...I think that might be the best way.
    the network card being a simple i/o device

    i not really understand why so many of functions in ndis.sys are used (im not familiar with ndis)
    the harddrive for example has normed i/o command where it communicates with a company driver
    this driver then go through windows system drivers where windows calls the companys driver (over IRP for example)
    at the end its bond with low level functions

    a big proof that this is not needed is the use from ms-dos, linux, freebsd and windows ce

    with the information we gothered now we could go to the microsoft support forum and ask for help

    they certainly can write a driver that is not bond to to this version of ndis the proof as i sayed is the use of ms-dos, linux,freebsd , and windowx greater then 6.1

    what the company (in this case intel) do is write a driver what solve the i/o process
    it would be hard to rewrite that entire driver to solve this problem
    but intel actually 100 % certain can do this (i think you might be right again about the boycott again)
    we should open a thread in the intel forum


    i might have a idea for a easier solution
    the "windows ce driver" "e1e51ce5.dll" comes with a ndis version 5.1
    we actually can rewrite the driver to a system driver
    there only 11 usermode functions that have to be changed to system based antivalents
    for example KernelIoControl (DeviceIoControl->ZwDeviceIoControl)
    or the GetTickCount function antivalents are KtQueryTickCount (internal KeTickCount) or ZwQueryPerformanceCounter
    those access the same values

    to switch them over is very doable even for 1 person

  6. #36
    Quote Originally Posted by Elenil View Post
    the network card being a simple i/o device ....i not really understand why so many of functions in ndis.sys are used...
    That's one thing I plan to do, go through each ndis function and see what it does. Some of the functions seem to be related to multicore processors and I don't know the significance of memcopy_s over memcopy. Whereas memcopy copies data from one memory location to another, memcopy_s only copies between buffers. That may be related to the special needs of buffer-related data transport between the LAN card and the system.

    Quote Originally Posted by Elenil View Post
    ...with the information we gothered now we could go to the microsoft support forum and ask for help.......we should open a thread in the intel forum
    I had not thought of that because I imagined forums related to M$oft or Intel would look down on reversers. Or query the sanity of anyone trying to upgrade XP. I'm open to anything, worth a try. If we could get some of the old reversers back to RCE, they could likely do it as well. I have seen some mind-boggling reversing done here over the years.

    Mind you, Kayaker and Blabberer could likely do it on their own. When it comes to writing code for Msoft/Intel, those forums likely have a leg up. When it comes to reversing, you'd be hard-pressed to beat the guys who inhabited this forum.

    If we get something happening and get stuck, I'm sure Kayaker or Blabs will chip in.

    Quote Originally Posted by Elenil View Post
    ...what the company (in this case intel) do is write a driver what solve the i/o process it would be hard to rewrite that entire driver to solve this problem
    but intel actually 100 % certain can do this
    I may be repeating myself here, and I am totally open to your suggestions, but the following are possible alternatives.

    I have been in touch with the guys at win-raid who are currently working on such problems with XP. Their approach has been to mod existing drivers, so far with good success. They have modded an ACPI driver to work on XP and a storport/iaStor driver miniport drivers so XP can load. I used both of those drivers to get XP running on my 300-series mobo. They have even modded a USB 3 driver to run on XP with a 300-series chipset and an advanced multicore processor.

    I also tried the unofficial SP4 upgrade which is based here:

    https://ryanvm.net/forum/viewtopic.php?p=133918#133918

    It has scads of drivers in packages that you have to download via a torrent. There was one driver on there from win-raid, a SATA driver, that got me going. The initial error you receive when plugging an existing XP installation into a SATA port with a 300-series chipset is an 0xA5 ACPI error. The error complains that the current BIOS can't handle ACPI which is amusing to the point of hilarious. My current BIOS has the latest ACPI standard. There is a temporary way past that error by pressing F7 when the installation disk offers the F6 prompt to load storage drivers. However, if you hit F7, it let's the 0xA5 error pass then slaps you with an 0x7B error the moment windows tries to start.

    That error is related to inadequate SATA miniport drivers required by windows to start. Even if you load the required drivers using F6 the installer accepts them then ignores them. So, you have to load them directly, either by integrating them into the install disk or by modding the registry externally to include the relevant data from the INF file in the registry and inserting the driver iaStor right into the sys32\drivers directory. If you do it externally while the XP disk is offline, the system file checker seems to be happy. It doesn't replace them.

    Here's a neat offline registry trick you may already know. If you have W7 or W10 setup. you start either then hotplug a drive with an XP installation (I set mine for hotplugging in BIOS). The XP drive on mine shows up as drive K:. So I start regedit, highlight the HKLM hive...vital) in W7 and select 'Load Hive' from the File menu tab. A window opens asking for the hive location and I go to the windows directory on drive k: and select the hive I need from %windir%/system32/config.

    If I pick the system hive, which is the one to use for adding driver info, I select it, enter OK, and it asks me for a name. I might call it XP sys. When I hit OK. When I look under the HKLM hive, there is new key called XP sys. I can open it and add any info I want. When finished, I go back to File tab and close the hive. That hive in the XP directory is now changed.

    Quote Originally Posted by Elenil View Post
    i might have a idea for a easier solution the "windows ce driver" "e1e51ce5.dll" comes with a ndis version 5.1 we actually can rewrite the driver to a system driver
    I wonder how that would work with the LAN portion of the chipset?

  7. #37
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,130
    Blog Entries
    5
    Quote Originally Posted by WaxfordSqueers View Post
    The mobo is an Asus B360M-C/CSM. It's a 300-series mobo and there is the problem with the LAN driver being declared OS-independent by Intel.

    Therefore, should I try to somehow upgrade the current XP Intel LAN driver, since it is rated in the INF file for version 6.0 (W7) as well as 5.1 (XP) or try to adapt a W7 x86 driver which has many exports missing in ntoskrnl and ndis.sys?
    What does that mean about OS-independent?

    If you can avoid modifying ntoskrnl, do it. ndis has other xp/win7 differences as well importing HAL and NETIO.sys, so the spider web of problems could continue.

    What do you think the XP LAN driver requires to be compatible with your mobo, in terms of functionality.

  8. #38
    Quote Originally Posted by Kayaker View Post
    What do you think the XP LAN driver requires to be compatible with your mobo, in terms of functionality.
    Don't know what OS-independent means, it came from Elenil and I think he claimed Intel said that.

    With regard to what is required by my mobo for the LAN, I have gone through the missing ntoskrnl exports and they all seem to be related to event reporting, processor core index, and power monitoring. One of the descriptions for a missing function claimed that if you don't use it, set a certain value to null. I'm going to look further into this and maybe there's a way to fix a lot of them with something like a ret and adjusting the value returned. I don't know how much XP x86 cares about which processor core is which and which one is accessing interrupts.

    The others in ntoskrnl are related to the difference between funcs like memcpy and memcpy_s. Need to look further into that.

    Have not started on ndis yet but scanned it briefly. There are missing functions like NdisRegisterDeviceEx which XP may never call simply because it doesn't know about it. Might be better to use windbg on a running system to see what is called and what is not called. That means setting up my kernel debugging setup for XP, if that's possible. I have seen one method at Github claiming it can be done.

    I have not even tried the KISS principle. Maybe the stock XP LAN driver will do the trick if the INF file is adjusted. The other XP drivers except, acpi, SATA, and USB seem to be running fine. ACPI and SATA are now solved to my satisfaction and I even have USB running through a peripheral USB card. It seems a little flaky at times but I have yet to look into that.

    I am curious as to whether Elenil sees other advantages in making XP more stable on modern chipsets. If so, I'll be glad to do my part to help out. It would be easier just to buy a LAN card but that kind of takes the reversing fun out of it. I started this thread because I saw it as a challenge. However, if it comes down to rewriting a good portion of the driver it's not really worth it. Also, it's not fair to drag others into this if they lack the interest in XP running on a modern mobo.

  9. #39
    if its a processor number function xp should have KeNumberProcessors/KeQueryActiveProcessors
    if those are antivalents function they gets the number of cores that is present in windows xp
    just about to find the differens if those function even have
    sometimes you can skip functions too

    the coredll.dll functions are usermode functions
    https://www.pinvoke.net/default.aspx/coredll/_ContentBaseDefinition.html
    there not many used i think since they only a few that will be a relativ easy task

    the memcopy_s only got 1 parameter more
    the good with those functions is that they can be copied from the new dlls
    they have no dependencies to system functions they just classical memcpy functions
    if they small like this you also can redef in a compiler
    ida does a good job in that case, you can reconstruct the exiting function very well

    the hard part here might be knowing the functions, if you dont you have a road to read up what they should do and normally do

    that begin sayed it seems a kernelex have not been made for windows xp just "yet"
    but with the recent end of support in 2019 that might change?
    there is only 1 ntoskrnl/pa now
    there was a try to do this:
    https://msfn.org/board/topic/176757-cancelled-by-the-author-extended-kernel-for-xp-extendedxp/
    there is 1 for windows 2000 where it says it make .net 4.5 to work on window 2000 (that is some project to solve such questions we have here at the moment)
    he has quite a list of functions that he added you might gonna take a short look

    you got me with the question about the chipset (b360 300-series chipset driver name is?)
    from what i remember the lan driver works without that(Intel® Ethernet Connection I219 = e1e5132.sys)? at least i often did not install the chipset driver
    (from what i remember the chipset has no driver then shown in device manager)
    the usb being directly on the chipset im not certain here either
    but right the most new motherboards got a own sound device and lan
    even the grafic-card, blu ray/dvd/cd go through the chipset

    so it might be a chipset question that has to be solved

    os-independent means that a program works for any operating system
    a device such as a lan card works via i/o , it are commands the device understands
    if that is blocked from the operating system for example the road that was tooken for the protected mode
    the operating system blocks that
    but thats only half of the story if not less
    as soon you got ring0 rights you can communicate with your device
    that code being always the same and is "os-independed"
    thats why it is possible to make a ms-dos driver, linux and windows 6.2+

    the problem now is that they (intel) didnt made a version for ndis below 6.2
    the reason for this might be a compiler problem where some1 didnt care about using ndis functions like this
    and going for a windows driver model for 6.2 or newer


    the lan driver is listed os-independent at intels website (11.4.2019)
    https://downloadcenter.intel.com/download/22283/Intel-Ethernet-Adapter-Complete-Driver-Pack
    but wax might be right there is only a ndis 6.2+ driver and a ce driver for ndis 5.1

    the b360 300 is a chipset not the lan driver
    this chipset driver does not have the "os independed" mark
    https://downloadcenter.intel.com/download/28680/Intel-Management-Engine-Driver-for-Windows-7-?product=133332

    kayaker being right about a next driver problem
    hard to say what questions apear to solve the problems

    having an existing driver what might could be done is to add the hardware based functions that are missing
    you can add the chipset to a older driver over the inf file, then the driver loads for that chipset
    do you might have an existing older driver for the b360 chipset that worked on windows xp ? (lan you seems to have, if not that ce driver can be rewritten
    from the 2019 version)
    -
    in other direction i thought about the softice problem i think i cant cause the "video crash" on a classical vm at least i know it useally doesnt happen in a vm
    since they have a own display driver


    -
    if kayaker and you join i will also join the kernelex project
    being united in fuse of knowlegue and having force of 3 or more poeple that work for 1 goal that might work out
    the work could be split up so the questions would be solved by more people at the same time


    time for some more discussion :-)

  10. #40
    Quote Originally Posted by Elenil View Post
    if kayaker and you join i will also join the kernelex project
    being united in fuse of knowlegue and having force of 3 or more poeple that work for 1 goal that might work out the work could be split up so the questions would be solved by more people at the same time
    time for some more discussion :-)
    At this point, I don't know what you mean by 'the kernelex project'. Could you give a more definite description of what you have in mind?

    At this point I'm just looking to get my feet wet with exports. I've done work with import tables successfully but that was a long time ago. I'd like to inject missing exports to get used to the process.

    I have been looking at an alternative. I called this thread "XP on modern systems' and by that I meant XP won't run on newer motherboards with the Intel 300-series motherboards. Of course, that's nothing new, Win 7 requires mods to work with those chipsets but it has adequate ACPI and SATA miniport drivers to let it reach the desktop, provided a PS/2 mouse/kbd is available to allow it to logon. At this time, I have W7 running in a stable condition with full USB3, LAN, and an internet connection. I have full Nvidia driver support and sound card support. Same on XP but the USB is via a plug-in card and there is no LAN.

    XP can't even run on this chipsets without inserting an ACPI driver and a SATA miniport driver and it has the same issues with USB and LAN drivers. Recently, I have been talking about the LAN driver but it has an issue where 7 or 8 exports are missing from ntoskrnl with a W7-based x86 LAN driver, and about 30 missing from ndis.sys.

    I decided to try the XHCI driver for USB 3 in Depends and it only has a few exports missing in ntoskrnl and none elsewhere. The hub driver, is about the same for ntoskrnl but it has an issue in a security driver with all exports missing. The third driver, the switch driver, shows no exports missing.

    I'll post the missing exports to see if working on the USB 3 driver might be an easier approach than working on the LAN driver at this point. Furthermore, they already have a working USB 3 driver over at win-raid, which did not work with my Asus mobo last time I tried. I am interested in looking at their USB driver mod to see if we could spot the overall issue with respect to what Depends shows. I know the guy responsible for the USB driver, daniel_k, is not a reverser per se, in that he does cold code reads in IDA. He is a pretty smart dude, however, in that he can piece it together via trial and error and he digs into the Intel manual to read PCI specs, etc. I have no interest in upstaging daniel, I'd like to help him out by using the tools and talent we have available from the reversing POV.

  11. #41
    Not finished with this thread, on hiatus while I study related matters.

    I have XP running at this point, on a 300-series Asus B360M (Intel B360 chipset) in a very stable manner. The only missing major component, except maybe, a serial port driver, is a LAN driver. Working on that still but recently got a fully-functional USB driver thanks to daniel_k over at win-raid forum. Thanks, Daniel. I already had about 10 USB ports with an extender running on a Vantec USB add-on card using a VIA chipset with XP drivers. With my 22 USB ports now enabled on my new mobo, that gives me over 30 USB ports. Overkill, yes, but lot's of fun.

    Right now, XP is running so well on the 300-series board that I am having trouble seeing much of a difference between XP and W7 on the same setup. Of course, W7 is running as well as W10....for me. Ergo, all the talk about XP being dead is bs.

    Of course, I would not use XP as my primary system because it is an x86 Home edition. However, I have old adventure games that won't run on W7 but they run like a charm on XP. For example, Riven, written in the 1990s for W95 runs rock-solid on my new setup on XP. I recall when I played it first that I had a rather primitive setup for a computer and the game struggled with certain features like graphics, making it nearly impossible to solve puzzles in certain cases. With this mobo and an Nvidia GT-730 video card, those problems are long gone. The sound is great too, through a Creative XFi card.

    Of course, this is a reversing forum and ultimately my goal is to get certain reversing tools working on XP x86. That's after I get windbg working remotely in kernel mode with W7 as the host and XP as the target.

    Many a good tune can still be played on an old fiddle.

  12. #42
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,130
    Blog Entries
    5
    Well that's pretty damn cool actually if you've got XP running on a current system and outside of a VM.

    Geez, as much as the graphics would be archaic, I could revisit my old copies of Myst, Quake and Doom

  13. #43
    Quote Originally Posted by Kayaker View Post
    ...as much as the graphics would be archaic, I could revisit my old copies of Myst, Quake and Doom
    I did not expect XP to run at all but when I saw W7 running as well as it did I reasoned that XP 'might' run too. It was a lot tougher to get going, partly because I'd had it running on a D:\ drive, dual-booted with W98 on partition C:\. Of course, W98 was running on a FAT32 partition and the newer mobo wanted nothing to do with that.

    I had to delete the W98 partition and move XP to C:\, no mean feat since every reference to D:\ in the registry had to be changed to C:\. There were thousands of them and it seemed daunting to do it by hand. I learned a few registry tricks, like loading each hive in a text editor with search/replace and changing D:\ to C:\. However, it wasn't that simply with unicode, where I had to do a S&R with 44 00 3A 00 5C 00 and change it to 43 00 3A 00 5C 00. And there were issues with names like created:, with a d:. That's when I added the 5C 00.

    And you can't do that on a live system. So, I had to do it from W7 by booting the system then hot-plugging the XP drive after boot. I also learned how to load a hive from XP into the W7 registry. Very handy if you want to add a driver that is loaded in W7 and you want to transfer it's settings to XP. You can do it manually or by export/import on the same registry, as long as you point the reg file to the loaded hive, making sure the required names are correct.

    Changing all that got me to the boot menu but the minute the 'Windows is loading...' message appeared, either in normal boot or via an install disk, the system would crash with an 0X7b. The solution to that was loading the correct miniport driver that Windows requires to interface with a SATA driver (iaStor.sys). Found one on the unofficial XP SP4 install disk, signed by Fernando from win-raid. The other main issue was adding an ahci driver which is easy to do if you have the right driver. It's simply a matter of dropping one into system32/drivers from W7.

    If you have a PS/2 i/p for the mouse and keyboard, you are now set for getting XP to the desktop. Or, you can add all those drivers to the install disk using ntlite, thanks to the USB driver from daniel_k. There's a catch. Ntlite must be the XP version running on an XP machine, either on disk or a VM. Once it gets to the desktop it is surprisingly stable.


    The cool part is that Riven is running in 640 x 480 on a 21" screen and the graphics look really good from 3 feet back, where I usually slouch in my easy chair. Some are grainy but the overall picture quality is surprisingly good on that size screen, not what I'd expect from an expanded 640 x 480 . Maybe it's my eyes. Have not tried Myst yet but I expect it would be just as good.

    The game uses realplayer, I guess for motion, but it seems like the older type of game where the screens are stills and mouse driven from screen to screen.
    Last edited by WaxfordSqueers; January 13th, 2020 at 19:17.

  14. #44
    Just an aside. After all the years I have spent on XP, I never knew that permissions for files in XP Home directories can be changed in Safe Mode. If you log on to an admin account in safe mode, right-click the file in question, the properties box opens with a security tab that is not available in XP Home in normal mode.

    Doh!!!

  15. #45
    Getting back to the LAN driver for XP on the Intel B360 - 300 series chipset, I just started looking at ntoskrnl in IDA to get a feel for things. To refresh, the LAN driver that is available needs exports that are missing in ntoskrnl and ndis.sys. I have run depends on the driver and I know what functions are missing from both but I am looking at ntoskrnl right now.

    Loaded it in IDA with its symbols and all the exports are quite neatly named. So, I picked a simple export, _memcpy, to see what it looked like. Found it in IDA and marked the beginning address and the end address. Took some bytes from both ends and plugged them into a hex editor so I could locate them in the binary.

    Found the code in the binary and it extends from offset 3082 to 3204, a total of 0x182 bytes (386 decimal). I even added them in hex and decimal to make sure. Then I compared the code to the code addresses in IDA and they are different. IDA goes from 403A82 to 403DC4 = 0x342 bytes (834 decimal). I'll double check this tomorrow, a but bleary eyed right now. Maybe I missed the end of the code in the binary.

    Anyway, IDA lists _memcpy as export entry 1450. I am wondering if that is an ordinal number or just an arbitrary number added by IDA. Unfortunately, I am writing this on a different computer and cannot give the version of ntoskrnl at this time.

    Have a lot more reading to do and more tools to check out.

Similar Threads

  1. Embembeded systems
    By tazBRC in forum Off Topic
    Replies: 2
    Last Post: April 26th, 2010, 21:29
  2. dr7.gd on mp systems running sice
    By deroko in forum Blogs Forum
    Replies: 5
    Last Post: February 11th, 2008, 10:16
  3. Realtime systems and OS dependency
    By Hero in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: September 17th, 2006, 12:34
  4. keyboard problem with SoftICE on NT systems
    By quasar in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: March 31st, 2004, 03:40
  5. Replies: 6
    Last Post: August 25th, 2003, 13:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •