Windows 11 IoT Enterprise LTSC 24H2

[cgfoed]

first of all, this project is amazing! thanks for all the work

I suceccfully compiled and installed using autobuild-all-chk and everything works in my Win10 64bit VM
on my Win 11 IoT Enterprise LTSC 24H2 device i tried the same but nothing is opened. No errors, no warnings, just a spinning wheel for 2 seconds and thats it.

Could you check my dbgview output?

WORKING in VM:

00000001 0.00000000 [3016] NtCreateUserProcess(ThreadHandle=0, CommandLine="C:\Users\admin\Desktop\TFREMOTE.EXE" ) failed with C0000131
00000002 0.00012880 [3016] LDNTVDM: BasepProcessInvalidImage(C0000130,'??\C:\Users\admin\Desktop\TFREMOTE.EXE');
00000003 0.00017300 [3016] LDNTVDM: Launching Win16 application
00000004 0.00425670 [3016] LDNTVDM: BasepProcessInvalidImage = 1
00000005 0.08453010 [3520] LDNTVDM is running inside conhost.exe
00000006 0.08460650 [3520] Hook_IAT_x64(7CDC0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 7C5B3D3C)
00000007 0.08467380 [3520] Hooked 7D08B598: 7D1E9D00 -> 7C5B3D3C
00000008 0.08470660 [3520] LDNTVDM: BasepProcessInvalidImageReal = 7D1E9D00
00000009 0.08474160 [3520] LDNTVDM: BaseIsDosApplication = 7D211490
00000010 0.08481380 [3520] Hook_IAT_x64_IAT(7CDC0000, ntdll.dll, NtCreateUserProcess, 7C5B3C1C, 7C5C4020)
00000011 0.08484910 [3520] Hooked 7CFA5830: 7F1EE960 -> 7C5B3C1C
00000012 0.08490570 [3520] LDNTVDM is running inside ConHost.exe
00000013 0.08494310 [3520] Hook_IAT_x64_IAT(734E0000, ntdll.dll, RtlAllocateHeap, 7C5B1304, 7C5C4058)
00000014 0.08498430 [3520] Hooked 735203B0: 7F17A9A0 -> 7C5B1304
00000015 0.08502290 [3520] Hook_IAT_x64_IAT(734E0000, user32.dll, NotifyWinEvent, 7C5B5FBC, 7C5C3FD0)
00000016 0.08506570 [3520] Hooked 7351FDD0: 7D744AA0 -> 7C5B5FBC
00000017 0.08510340 [3520] Hook_Inline(7ffc7d75ba40, 7ffc7c5b2378, PrivateExtractIconsWHook)
00000018 0.08518890 [3520] dwOrigSize detected: 7
00000019 0.08522110 [3520] Hook_Inline context=7ffc7d7cecb0
00000020 0.08525370 [3520] Hook_IAT_x64_IAT(7D740000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 7C5B2294, 7C5C4048)
00000021 0.08528520 [3520] Hooking failed (-1)
00000022 0.08531860 [3520] Hook_IAT_x64_IAT(7D740000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 7C5B2294, 7C5C4048)
00000023 0.08535990 [3520] Hooked 7D7D0110: 7CDF5710 -> 7C5B2294
00000024 0.08539310 [3520] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000025 0.09214810 [3520] PrivateExtractIconsWHook(ntvdm.exe)
00000026 0.10948660 [4744] LDNTVDM is running inside ntvdm.exe
00000027 0.10954680 [4744] Hook_IAT_x64(75730000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 756038D0)
00000028 0.10960910 [4744] Hooked 759362CC: 776B30C0 -> 756038D0
00000029 0.10965040 [4744] LDNTVDM: BasepProcessInvalidImageReal = 776B30C0
00000030 0.10969180 [4744] LDNTVDM: BaseIsDosApplication = 776D8EF0
00000031 0.10977030 [4744] Hook_IAT_x64_IAT(75730000, ntdll.dll, NtCreateUserProcess, 75603840, 7560E398)
00000032 0.10983830 [4744] Hooked 759309E4: 777F3710 -> 75603840
00000033 0.10988550 [4744] Hook_IAT_x64_IAT(77680000, ntdll.dll, CsrClientCallServer, 75602300, 7560A000)
00000034 0.10997640 [4744] Hooked 77701BC4: 7783EA10 -> 75602300
00000035 0.11002910 [4744] Hook_IAT_x64_IAT(77680000, ntdll.dll, CsrAllocateMessagePointer, 75602470, 00000000)
00000036 0.11007710 [4744] Hooked 77701BBC: 7783E8E0 -> 75602470
00000037 0.11015350 [4744] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 756011D0, 7560E3AC)
00000038 0.11019860 [4744] IAT entry is not bound yet
00000039 0.11024790 [4744] Hooking failed (-3)
00000040 0.11030310 [4744] Hook_IAT_x64_IAT(77680000, ntdll.dll, NtQueryInformationProcess, 75601000, 00000000)
00000041 0.11034860 [4744] Hooked 77701CC8: 777F2BF0 -> 75601000
00000042 0.11042610 [4744] Hook_IAT_x64_IAT(75730000, ntdll.dll, NtQueryInformationProcess, 75601000, 00000000)
00000043 0.11048500 [4744] Hooked 75930308: 777F2BF0 -> 75601000
00000044 0.11054690 [4744] Hook_Inline(75a70550, 75603240, PrivateExtractIconsWHook)
00000045 0.11058790 [4744] Hook_Inline did hotpatch -> context=75a70552
00000046 0.11063300 [4744] Hook_IAT_x64_IAT(75A50000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 756031C0, 7560E3A8)
00000047 0.11067390 [4744] Hooking failed (-1)
00000048 0.11071670 [4744] Hook_IAT_x64_IAT(75A50000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 756031C0, 7560E3A8)
00000049 0.11076220 [4744] Hooked 75AF92A0: 75848850 -> 756031C0
00000050 0.11081370 [4744] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000051 0.11301900 [4744] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 756011D0, 7560E3AC)
00000052 0.11333060 [4744] Hooked 0F001348: 776E18F0 -> 756011D0
00000053 0.11707460 [4744] BaseGetNextVDMCommand: ConsoleHandle=00000DC0, iTask=0000000C
00000054 0.11730580 [4744] BaseGetNextVDMCommand(268500999) = 00000000, fComingFromBat=96
00000055 0.11943330 [4744] NTVDM: 32768K Memory: 15360K XMS, 0K EMS, 16384K DPMI
00000056 0.12141120 [4744] BaseIsFirstVDM(65545) = C0000022
00000057 0.12286200 [4744] YODA debug event handler installed
00000058 0.12291280 [4744] Loading [C:\Windows\system32\ntio.sys]
00000059 0.12298140 [4744] VDM ModLoad: C:\Windows\system32\ntio.sys => segment 8e05, len=8430
00000060 0.12418040 [4744] VDM SegMove: C:\Windows\system32\ntio.sys (1) 8e05 => 70, len = 8430
00000061 0.12592490 [4744] VDM SegMove: C:\Windows\system32\ntdos.sys (2) 9386 => a7, len = 8f29
00000062 0.13149589 [4744] Loading [C:\WINDOWS\SYSTEM32\HIMEM.SYS]
00000063 0.13257830 [4744] VDM ModLoad: C:\WINDOWS\SYSTEM32\HIMEM.SYS => segment 0, len=12a0
00000064 0.13902260 [4744] VDM SegMove: C:\Windows\system32\ntdos.sys (1) 9386 => fe2e, len = 793f
00000065 0.29549649 [4744] BaseGetNextVDMCommand: ConsoleHandle=00000000, iTask=FFFFFFFF
00000066 0.29560220 [4744] BaseGetNextVDMCommand(268500999) = 00000000, fComingFromBat=0
00000067 0.37419119 [4744] BaseRegisterWowExex(268501009) = 00000000
00000068 0.48445359 [4744] BaseGetNextVDMCommand: ConsoleHandle=00000DC0, iTask=00000000
00000069 0.48455051 [4744] BaseGetNextVDMCommand(268500999) = 00000000, fComingFromBat=0
00000070 0.48586509 [4744] WOWEXEC: CommandLine = <
00000071 0.48595729 [4744] C:\Users\admin\Desktop\TFREMOTE.EXE:
00000072 0.48602051 [4744] >
00000073 0.52393597 [4744] BaseGetNextVDMCommand: ConsoleHandle=00000000, iTask=0000000C
00000074 0.52405012 [4744] BaseGetNextVDMCommand(268500999) = 00000000, fComingFromBat=0
00000075 2.21058607 [4744] BaseGetNextVDMCommand: ConsoleHandle=00000DC0, iTask=00000000
00000076 2.21070910 [4744] BaseGetNextVDMCommand(268500999) = 00000000, fComingFromBat=127
00000077 24.65054321 [3368] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)
00000078 24.65469933 [4744] BaseExitVDM(268501000) = 00000000
00000079 24.95524406 [3368] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)
00000080 25.47192955 [3368] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)
00000081 25.48282051 [3368] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)
00000082 25.48854446 [3368] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)

NOT WORKING Win 11 machine:

00000001 0.00000000 [5112] NtCreateUserProcess(ThreadHandle=0, CommandLine="C:\Users\Admin\Desktop\MCA10\Prog\TFREMOTE.EXE" ) failed with C0000131
00000002 0.00005160 [5112] LDNTVDM: BasepProcessInvalidImage(C0000130,'??\C:\Users\Admin\Desktop\MCA10\Prog\TFREMOTE.EXE');
00000003 0.00008050 [5112] LDNTVDM: Launching Win16 application
00000004 0.00449690 [5112] LDNTVDM: BasepProcessInvalidImage = 1
00000005 0.09482760 [5112] Injecting into WOW64 Process? 1
00000006 0.09512720 [5112] Hook_Inline(77a93bd0, e0000, code)
00000007 0.09516920 [5112] dwOrigSize detected: 10
00000008 0.09716190 [5112] About to alloc page @779cf000
00000009 0.09727330 [5112] Hook_Inline context=779c0000
00000010 0.09736680 [5112] Hook_Inline(7ffa21221514, f0000, code)
00000011 0.09739750 [5112] dwOrigSize detected: 7
00000012 0.09894110 [5112] About to alloc page @7ffa211af000
00000013 0.09902480 [5112] Hook_Inline context=7ffa211a0000
00000014 0.09908320 [5112] APPCERT_IMAGE_OK_TO_RUN
00000015 0.09910760 [5112] APPCERT_CREATION_ALLOWED
00000016 0.17050549 [5556] LDNTVDM is running inside ntvdm.exe
00000017 0.17077820 [5556] Hook_IAT_x64(77620000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 75674120)
00000018 0.17083441 [5556] Hooked 7786A354: 76BCD4C0 -> 75674120
00000019 0.17088120 [5556] LDNTVDM: BasepProcessInvalidImageReal = 76BCD4C0
00000020 0.17092250 [5556] LDNTVDM: BaseIsDosApplication = 76BFBE70
00000021 0.17096320 [5556] Hook_IAT_x64_IAT(77620000, ntdll.dll, NtCreateUserProcess, 75674050, 75681EF0)
00000022 0.17106649 [5556] Hooked 77864A58: 77A48CF0 -> 75674050
00000023 0.17118441 [5556] Hook_IAT_x64_IAT(76BA0000, ntdll.dll, CsrClientCallServer, 75672780, 7567C000)
00000024 0.17123920 [5556] Hooked 76C21E00: 77A9F450 -> 75672780
00000025 0.17129479 [5556] Hook_IAT_x64_IAT(76BA0000, ntdll.dll, CsrAllocateMessagePointer, 756728F0, 00000000)
00000026 0.17134491 [5556] Hooked 76C21E04: 77A9F310 -> 756728F0
00000027 0.17139240 [5556] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 75671250, 75681F04)
00000028 0.17146400 [5556] Hooked 0F001340: 76C06790 -> 75671250
00000029 0.17151999 [5556] Hook_IAT_x64_IAT(76BA0000, ntdll.dll, NtQueryInformationProcess, 75671080, 00000000)
00000030 0.17157650 [5556] Hooked 76C21F1C: 77A48150 -> 75671080
00000031 0.17162360 [5556] Hook_IAT_x64_IAT(77620000, ntdll.dll, NtQueryInformationProcess, 75671080, 00000000)
00000032 0.17168400 [5556] Hooked 77864350: 77A48150 -> 75671080
00000033 0.17174950 [5556] Hook_Inline(76481670, 756736b0, PrivateExtractIconsWHook)
00000034 0.17183889 [5556] Hook_Inline did hotpatch -> context=76481672
00000035 0.17188080 [5556] Hook_IAT_x64_IAT(76410000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 75673630, 75681F00)
00000036 0.17192170 [5556] Hooking failed (-1)
00000037 0.17196190 [5556] Hook_IAT_x64_IAT(76410000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 75673630, 75681F00)
00000038 0.17200530 [5556] Hooked 764C82A0: 7776ECB0 -> 75673630
00000039 0.18868850 [5556] Process has child with PID 8612
00000040 0.24493250 [5556] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)
00000041 0.24894500 [5556] Injecting into WOW64 Process? 0
00000042 0.25385141 [5556] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000043 0.25853851 [8612] LDNTVDM is running inside conhost.exe
00000044 0.27606991 [5556] BaseGetNextVDMCommand: ConsoleHandle=000021A4, iTask=00000001
00000045 0.28111839 [8612] Hook_IAT_x64(1EB70000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 1CDF42E4)
00000046 0.28714520 [5556] BaseGetNextVDMCommand(268500999) = 00000000, fComingFromBat=1
00000047 0.29207861 [8612] Hooked 1EEDA6A8: 20049FC0 -> 1CDF42E4
00000048 0.29827040 [8612] LDNTVDM: BasepProcessInvalidImageReal = 20049FC0
00000049 0.30483201 [8612] LDNTVDM: BaseIsDosApplication = 2005C660
00000050 0.30989349 [8612] Hook_IAT_x64_IAT(1EB70000, ntdll.dll, NtCreateUserProcess, 1CDF41A0, 1CE04970)
00000051 0.31443840 [8612] Hooked 1EDD1D38: 213038C0 -> 1CDF41A0
00000052 0.32158941 [8612] LDNTVDM is running inside ConHost.exe
00000053 0.32668301 [8612] Hook_IAT_x64_IAT(D0310000, ntdll.dll, RtlAllocateHeap, 1CDF1354, 1CE049A8)
00000054 0.33182961 [8612] Hooked D0352360: 211E9060 -> 1CDF1354
00000055 0.34576571 [5556] BaseIsFirstVDM(65545) = C0000022
00000056 0.35262471 [8612] OEMCP_FixNLSTable enter
00000057 0.35751140 [8612] Peb->OemCodePageData set to 9DF80000
00000058 0.36359680 [8612] OEMCP_CallInitializeCustomCP
00000059 0.37234429 [8612] SymCache_GetDLLKey(conhostV1.dll) found, but update failed
00000060 0.38129270 [8612] failed: nt=D0310000, fnInitializeCustomCP=0
00000061 0.38775349 [8612] Hook_Inline(7ffa2049a830, 7ffa1cdf2950, PrivateExtractIconsWHook)
00000062 0.39530280 [8612] dwOrigSize detected: 7
00000063 0.40035480 [8612] Hook_Inline context=7ffa205249b6
00000064 0.40793610 [8612] Hook_IAT_x64_IAT(20480000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 1CDF286C, 1CE04998)
00000065 0.41709429 [8612] Hooking failed (-1)
00000066 0.42744109 [8612] Hook_IAT_x64_IAT(20480000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 1CDF286C, 1CE04998)
00000067 0.43381631 [8612] Hooked 205271F8: 1EBBAC10 -> 1CDF286C
00000068 0.45518681 [8612] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000069 1.08281493 [8408] LDNTVDM is running inside WerFault.exe
00000070 1.08304238 [8408] Hook_IAT_x64(77620000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 75674120)
00000071 1.08309972 [8408] Hooked 7786A354: 76BCD4C0 -> 75674120
00000072 1.08314812 [8408] LDNTVDM: BasepProcessInvalidImageReal = 76BCD4C0
00000073 1.08319139 [8408] LDNTVDM: BaseIsDosApplication = 76BFBE70
00000074 1.08323312 [8408] Hook_IAT_x64_IAT(77620000, ntdll.dll, NtCreateUserProcess, 75674050, 75681EF0)
00000075 1.08334196 [8408] Hooked 77864A58: 77A48CF0 -> 75674050
00000076 1.08340442 [8408] Hook_IAT_x64_IAT(76BA0000, ntdll.dll, CsrClientCallServer, 75672780, 7567C000)
00000077 1.08345723 [8408] Hooked 76C21E00: 77A9F450 -> 75672780
00000078 1.08351409 [8408] Hook_IAT_x64_IAT(76BA0000, ntdll.dll, CsrAllocateMessagePointer, 756728F0, 00000000)
00000079 1.08356535 [8408] Hooked 76C21E04: 77A9F310 -> 756728F0
00000080 1.08361244 [8408] Hook_IAT_x64_IAT(F90000, KERNEL32.DLL, SetConsolePalette, 75671250, 75681F04)
00000081 1.08365512 [8408] Hooking failed (-1)
00000082 1.08369577 [8408] Hook_IAT_x64_IAT(76BA0000, ntdll.dll, NtQueryInformationProcess, 75671080, 00000000)
00000083 1.08375227 [8408] Hooked 76C21F1C: 77A48150 -> 75671080
00000084 1.08379686 [8408] Hook_IAT_x64_IAT(77620000, ntdll.dll, NtQueryInformationProcess, 75671080, 00000000)
00000085 1.08385766 [8408] Hooked 77864350: 77A48150 -> 75671080
00000086 1.10101831 [8408] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000087 86.88732910 [2772] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)

[cgfoed]

I switched off windows security for compiling, installing and running.

[leecher1337]

Hi,

I see you are not running a DOS-Application but a Win16 application. Unfortunately, Microsoft removed crucial functions from Windows 11 so that Win16 execution is no longer working and is dead on Windows 11 as of Windows 11 22H2.
See this ticket: #227
I will write the info to the README for clearification. You can upvote MS Feedback hub entry to get Microsoft to address the issue, but I don't think they will care.

So for Win16 applications, please use WineVDM , it can coexist with NTVDMx64 so that you can use NTVDMx64 for DOS and WineVDM for Win16.

[cracyc]

They went even further in 24H2 by removing pretty much all the user 3.1 style compatibility code (otya128/winevdm#1469) which should even affect nt31/win32s programs. I'd expect the basesrv vdm stuff is on the chopping block too. Is there workarounds for that or would that halt the project?

[cgfoed]

Hi,

I see you are not running a DOS-Application but a Win16 application. Unfortunately, Microsoft removed crucial functions from Windows 11 so that Win16 execution is no longer working and is dead on Windows 11 as of Windows 11 22H2. See this ticket: #227 I will write the info to the README for clearification. You can upvote MS Feedback hub entry to get Microsoft to address the issue, but I don't think they will care.

So for Win16 applications, please use WineVDM , it can coexist with NTVDMx64 so that you can use NTVDMx64 for DOS and WineVDM for Win16.

thanks for your input! i switched to otvdm. this issue can be closed if you like

[leecher1337]

They went even further in 24H2 by removing pretty much all the user 3.1 style compatibility code (otya128/winevdm#1469) which should even affect nt31/win32s programs. I'd expect the basesrv vdm stuff is on the chopping block too. Is there workarounds for that or would that halt the project?

What a shame! Any idea how to contact them and make them aware that there are applications relying on this? The removal of the code doesn't help anyone. I had contact with the Console team over github and at least convinced them to keep ConhostV1 as an optional component, but they are just the console team, so no influence on GDI and USER32 teams, I guess.

Unfortunately, a former Microsoft employee told me that if an issue doesn't affect a big amount of paying enterprise customers, sadly they simply don't care at all.

Regarding basesrv stuff, this would be very hard to work around, as its tightly integrated into the OS and if the whole mechanism falls apart, there would be the need of heavy patching and depends on how they do it, if it's repairable or not.
Certainly, it would need a lot of effort to repair it and I most likely wouldn't have time for it, so it may indeed be a show-stopper then. Windows is becoming worse and worse, so the best is to stick with an older version (like I do with Windows 7) where things weren't as bad as they are now and maybe think about switching to other operating systems on the long term.
Dosemu on Linux for instance works excellently and is the fastest DOS-emulation I've seen so far.