I decided to make a tutorial as a proof of concept, because I would really like to see more people
reversing the Windows kernel and maybe fix the USB issues I had in the past. Always keep in mind if
it does not work simply use Windows 2003 Server to support more than 4 GB RAM.
- VMWare Workstation Version 9.0.0 build-812388
- Microsoft XP SP3 with the following kernel:
File Name: "C:\Windows\system32\ntkrnlpa.exe"
File Version: 5.1.2600.5512 (xpsp.080413-2111)
Internal Name: ntkrpamp.exe
- Microsoft XP SP1 with the following hal:
File Name: hal.dll
File Version: 5.1.2600.1106 (xpsp1.020828-1920)
Internal Name: halmacpi.dll
- Microsoft Driver Development Kit Version 7600.16385.1
- Microsoft Debugging Symbols for Windows XP SP3
- IDA Version 22.214.171.1248
- 010 Editor Version 3.1.3
- LordPE Deluxe b by yoda
- Create a new VMWare machine with at least 2 processors and 5 GB of RAM. We need at least 2 CPUs,
otherwise XP will not use the multi processor kernel file. The 5 GB RAM are optional to check if
the RAM patch is working at the end. Install Windows XP SP3 on this virtual machine.
- Install Microsoft Driver Development Kit Version 7600.16385.1 to "C:\WinDDK\7600.16385.1".
- Install Debugging Symbols to "C:\Symbols_XP_SP3".