4 replies to this topic

[mikeserv]

Great. Now you've got me doing it...

 

Look, I've got a reboot question for you. I've got this catch-22 situation with Windows 8 and DEP. I know I'm not the first to run into this, and this is maybe the 3rd or 4th time in the past 6 or 8 months that I've really bent my Google skills (which are not to be sniffed at) to the task, but I can't seem to make headway.

 

With a simple bcdedit /set {default} nx AlwaysOff and bcdedit /set {default} PAE ForceDisable Windows 8 will happily cast aside its new mandatory requirements for NX and PAE making the only requirement difference between 8 and 7 the SSE2 processor extension. HOWEVER, it will only do so on an established image. By which I mean, a new install on any machine will not accept such a change and will fail to boot the first time. It's such a headache. 

 

I've tried installing without SETUP.EXE using dism /apply-image /imagefile:[DRIVE]\sources\install.wim /index:1 /applydir:[NEWDRIVE]\ without success.

 

This Geoff Chappell guy went to some pretty extraordinary lengths debugging the bootloader and Windows kernel in early Vista days, but I'm afraid much of that is over my head. And this maddog fellow delivers unsubstantiated reports that the Windows kernel NX and PAE check can be fooled by editing the processor's reported config flags in BIOS, but, again, that's pretty much entirely outside of my experience. 

 

Probably I'm only misguided here, but I'm convinced that the mostly undocumented (as far as I can find) bcdedit /set {default} configflags [WHAT?!?] function could be of use in this case. 

 

Thoughts?

 

-Mike

 

P.S. Discussion begun (apologies for it being off-topic) here: http://reboot.pro/to...e-author/page-2

 

So far:

 

Wonko: 

 

Maybe, just maybe, the issue that you are having is connected with this:

http://www.geoffchap...sloader/pae.htm

 

 

Quote

The loader expects different kernels for when PAE is and isn’t enabled. The default name for the kernel is NTKRNLPA.EXE when PAE is enabled, else NTOSKRNL.EXE, but note that the default can (usually) be overridden by the kernel option. Whatever the name, the loader insists that the PAE kernel has the IMAGE_FILE_LARGE_ADDRESS_AWARE (0x0020) bit set in the Characteristics field of its IMAGE_FILE_HEADER, and that the ordinary kernel has this same bit cleared. A mismatch is fatal to starting Windows.

 

It is possible that the "standard" install you did either has the "wrong" kernel or has it not the flag bit correctly set (or cleared)  .

 

 

mikeserv: 

 

Yeah, I've read through that (like 8 times) and I'm pretty sure that IS the issue. The PAE extension is required for Windows Data Execution Prevention to use the NX extension because (to my limited understanding) it has to monitor all memory addresses to ensure that non-executable code is not being executed from addresses not explicitly permitted. Immediately previous to your quote block Geoff says:

 

Quote

Although the ForceEnable and ForceDisable values of the pae option are reported in the Edit Boot Options Menu, as /PAE and /NOPAE respectively, and can be edited or added, changes made at this menu are too late to be acted on and are not respected.

 

I believe he also mentions elsewhere (I could be wrong - he's got a lot to say) that any setting to BCD will not necessarily be respected regarding PAE if other settings require it because it happens so soon in the bootloader process (BOOTMGR maps to memory, too). So basically if NX is required, PAE will fail regardless of any other settings. The key is to disable NX AND PAE, I think.

 

And yes, the problem definitely lies with the kernel. Maybe I should back up some and try to get a feel for a couple other mysteries surrounding this:

 

What exactly is the difference between a new (or is it called sysprepped?) image and one already established? What's the difference between the WinPE kernel and the regular kernel? What goes into sysprepping an image anyway? I'm afraid I don't fully understand the fundamentals there. Maybe you could give me a brief walkthrough?

 

So you say maybe I should clear (or set) a bit on my image-file. I'm sorry, Wonko, but I really wouldn't know how to begin to do that. Any further advice?

 

-Mike

 

P.S. This NX issue with Win8 should really be hacked by now, or so I believe. I think (hope?) it can be done.

Edited by mikeserv, 25 May 2013 - 08:24 PM.

[als1956]

Hi,

 

I too am trying to install Windows 8 on an old centrino laptop with a pentium m "banias" cpu - the one without pae and nx support. Like you my Google skills are pretty good but I still haven't found a solution to the problem.

 

I did find some promising information on the My Digital Life forum. A poster there had done some hacking of the kernel, but from my understanding this was to workaround the nx problem. Added to which I was a little confused on how to implement his solution. I think I'll have to register there and ask for more details.

 

I can install Win 8 cp but on the first boot I'm getting the error 0xc0000260 blue screen.

 

Have you been able to make any progress at all with this?

 

-Alex

[Wonko the Sane]

I am not sure to understand where/why the tests have been interrupted. 

 

IF the reason is the one pointed out before, it should be not that difficult to check NTKRNLPA.EXE and/or NTOSKRNL.EXE for the IMAGE_FILE_LARGE_ADDRESS_AWARE flag status and/or try different combinations.

 

Get CFF Explorer:

http://www.ntcore.com/exsuite.php

Open the NTKRNLPA.EXE and/or NTOSKRNL.EXE wih it.

Select on the left NT headers->File Header.

Click where there is written "Click here" on the "Characterstics" line on the right.

On the popup window verify that the checkbox for "App can handle >2 gb address space" is set (or not set).

The checkboxes should be correspondent to:

http://msdn.microsof...3(v=vs.85).aspx

Or, maybe more clear:

 

 

#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set
#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses
#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net,  copy and run from the swap file.
#define IMAGE_FILE_SYSTEM 0x1000 // System File.
#define IMAGE_FILE_DLL 0x2000 // File is a DLL.
#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. 

 

Wonko

[joakim]

I did find some promising information on the My Digital Life forum. A poster there had done some hacking of the kernel, but from my understanding this was to workaround the nx problem. Added to which I was a little confused on how to implement his solution. I think I'll have to register there and ask for more details.

Here it is; http://forums.mydigi...E-NX-SSE2-check Better read all of it to get an understanding.

[Wonko the Sane]

Here it is; http://forums.mydigi...E-NX-SSE2-check Better read all of it to get an understanding.

Which basically resolves to these two posts, right?:

http://forums.mydigi...ll=1#post763651

http://forums.mydigi...ll=1#post764154

 

Wonko