Skip to content

Win7 SP1 winload.exe revision 23569 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Feb 4, 2018
Merged

Win7 SP1 winload.exe revision 23569 #4

merged 5 commits into from
Feb 4, 2018
+157 −7

Conversation

jeremitu
Copy link

@jeremitu jeremitu commented Dec 2, 2017

Tested and working. Partly based on https://github.com/Elbandi/PatchPae2. Provided exe and Visual Studio 2017 build.

@krombel
Copy link

krombel commented Feb 1, 2018
edited
Loading

@jeremitu Your patch is not working (at least in my env).
I see the "Starting Windows" screen with the animation and then the screens turns and stays black.
But interestingly I can boot to "Safe Mode" without issues with this patch so I can validate that it uses all of my RAM.

Have you tested with bitlocker enabled? Or any commands to debug that?

@jeremitu
Copy link
Author

jeremitu commented Feb 1, 2018

Never used bitlocker. I suppose you have issues with the graphic card, see comments under original wj32 patch I enhanced.
What graphic card are you using? "Intel HD and Nvidia graphics are known issues."
These driver problems were the main reasons Microsoft has named when forbidding 4GB+ for 32 bit Windows.

@krombel
Copy link

krombel commented Feb 1, 2018

Ohh. I have "Intel HD"...
Thanks for you fast answer though

@jeremitu
Copy link
Author

jeremitu commented Feb 1, 2018

You might try older video drivers. Good luck!

@wj32 wj32 merged commit 026e346 into wj32:master Feb 4, 2018
@Satoshi64
Copy link

KB4056897 updated winload to 6.1.7601.23992 breaking it again.

@jeremitu
Copy link
Author

Actually the same patch worked. I opened up the version check.
The source code is on Github, the full story and an exe to test on my website.

@Satoshi64
Copy link

It worked greatly, thank you!
Just had to rollback my video drivers to 332.21 as nvidia refuses to support pae on the newest. Didn't check at exactly which version they stopped.

@Satoshi64
Copy link

Microsoft has released a new security update, September 11, 2018—KB4457145, which fixes a severe flaw on the way windows handles images. This update has changed:
Ntkrnlpa.exe,6.1.7601.24231,"4,054,192",10-Aug-18,15:45
Ntoskrnl.exe,6.1.7601.24231,"3,961,440",10-Aug-18,15:44
Winload.exe,6.1.7601.24149,"535,616",30-May-18,13:04
Edit: Patch seems to still work.

@cnrat
Copy link

cnrat commented Dec 25, 2018

Microsoft has released a new security update, September 11, 2018—KB4457145, which fixes a severe flaw on the way windows handles images. This update has changed:
Ntkrnlpa.exe,6.1.7601.24231,"4,054,192",10-Aug-18,15:45
Ntoskrnl.exe,6.1.7601.24231,"3,961,440",10-Aug-18,15:44
Winload.exe,6.1.7601.24149,"535,616",30-May-18,13:04
Edit: Patch seems to still work.

Start failed with: MissingOsLoader. It seems MS add verification to winload.exe.

Elbandi
Elbandi reviewed Oct 20, 2019
View reviewed changes
PatchPae2/main.c
.text:004295F7
.text:004295FF
.text:004295FF loc_4295FF : ; CODE XREF : ImgpValidateImageHash(x, x, x, x, x) + 1Dj
.text:004295FF; ImgpValidateImageHash(x, x, x, x, x) + A6j ...
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added an "invalid" char (utf8?) to source code

@Satoshi64
Copy link

Hello again, i hope this might be useful to anybody still using this in the future.

The last Windows 7 normal & ESU updates since have changed both ntkrnlpa.exe and winload.exe over the years. Right now the updated patch by jeremitu is able to patch all winloads until version 24538, any winload.exe above that will instantly fail. Stick to that one.
The tool is also still able to patch all ntkrnlpa.exe kernels until the latest version, 26220. But there is a trap: You will get bsods with error 0x00000100-something while booting on anything above 26174, so stick with that kernel.

@anonymoususer16
Copy link

Hello again, i hope this might be useful to anybody still using this in the future.

The last Windows 7 normal & ESU updates since have changed both ntkrnlpa.exe and winload.exe over the years. Right now the updated patch by jeremitu is able to patch all winloads until version 24538, any winload.exe above that will instantly fail. Stick to that one. The tool is also still able to patch all ntkrnlpa.exe kernels until the latest version, 26220. But there is a trap: You will get bsods with error 0x00000100-something while booting on anything above 26174, so stick with that kernel.

Version 26909 (2023/12):
edit winloadp.exe (or winload.exe)
Patch region 1
00 04 00 00 22 d8 08 00 10 00 -> 00 04 00 00 1a eb 08 00 10 00

Patch region 2
7c 24 14 8b 44 24 14 5f 5e 5b -> 7c 24 14 31 c0 90 90 5f 5e 5b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Elbandi Elbandi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@jeremitu @krombel @Satoshi64 @cnrat @anonymoususer16 @Elbandi @real4root @wj32