此文章由原博客迁移而来。

原文地址:https://blog.betaworld.cn/161

原作者:BetaRookie

以下为本文正文部分。

默认情况下,无法在 VMware 中启用 Windows Vista(Longhorn)版本 5098 和 5112 的 DWM。微软强制用户在这些版本中使用 LDDM 驱动程序,遗憾的是,不存在 VMware 的 LDDM 驱动程序。这意味着启用 DWM 和 Aero Glass 需要真正的硬件。

161-1-Longhorn-5098-Aero.png

对于上一个泄漏版本(5048)和下一个泄漏版本(5212),可以通过将注册表项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DWM 下的 EnableMachineCheck 设置为 0 来轻松启用 DWM。当 EnableMachineCheck 设置为 FALSE0)时,它将跳过对 LDDM 驱动程序的检查。不用说,在 5098 和 5112 中这样做是行不通的。为什么?因为 EnableMachineCheck 是微软内部使用的后门,但是 5098 和 5112 是为公众编译的。

uxss.exe(UX 子系统)负责驱动程序和注册表检查,让我们来看看它。很明显,当使用 XPDM 驱动程序时,5098 和 5112 的 uxss.exe 中的这个额外 if 语句会导致 CDwmAppHost::VerifyDisplayModes() 失败。

161-2-5098-and-5112-LDDM-Check-Code.png

删除该 if 语句后,您应该能够使用 XPDM 驱动程序和 EnableMachineCheck 后门启用 DWM。需要 4 字节(条件跳转)补丁将代码转换为:

161-3-5098-and-5112-LDDM-Check-Removed.png

5098 和 5112 的 uxss.exe 补丁:

161-4-Patched-UXSS.zip

要在 VMware 中启用 5098 或 5112 的 DWM,请使用修补的 uxss.exe 替换原始的 uxss.exe,安装兼容的 VMware SVGA 驱动程序并将 EnableMachineCheck 设置为 0。确保在完成所有步骤后重新启动虚拟机。

一些截图:

161-5-Vista-5112-VMware-Aero-Demo-01.png

161-6-Vista-5112-VMware-Aero-Demo-02.png

感谢桃花和我同事的翻译,下页是英文原文 :

Windows Vista (Longhorn) builds 5098 and 5112’s DWM cannot be enabled in VMware by default. Microsoft forced users to use LDDM drivers for these builds, and sadly one does not exist for VMware. This means real hardware is required to enable DWM and Aero Glass.

161-1-Longhorn-5098-Aero.png

For the previous leaked build (5048) and the next leaked build (5212), DWM can be enabled easily by setting the registry entry EnableMachineCheck under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DWM to 0. When EnableMachineCheck is set to FALSE (0), it skips the check for LDDM driver. Needless to say, doing so in 5098 and 5112 does not work. Why? Because EnableMachineCheck was a backdoor Microsoft used internally, but 5098 and 5112 were compiled for the public.

uxss.exe (UX sub-system) is responsible for the driver and registry checks, so let us take a look at it. It is quite obvious that this extra if statement present in 5098 and 5112’s uxss.exe causes CDwmAppHost::VerifyDisplayModes() to fail when XPDM drivers are used.

161-2-5098-and-5112-LDDM-Check-Code.png

With that if statement removed, you should be able to enable DWM with XPDM drivers and the EnableMachineCheck backdoor. A 4 byte (conditional jump) patch is required to turn the code into:

161-3-5098-and-5112-LDDM-Check-Removed.png

uxss.exe patch for 5098 and 5112:

161-4-Patched-UXSS.zip

To enable 5098 or 5112’s DWM in VMware, replace uxss.exe with the patched one, install a compatible VMware SVGA driver and set EnableMachineCheck to 0. Make sure you restart your virtual machine after finishing all the steps.

Some screenshots:

161-5-Vista-5112-VMware-Aero-Demo-01.png

161-6-Vista-5112-VMware-Aero-Demo-02.png

标签: Longhorn, Aero, DWM, Patch, Vista, VMware