Process Hacker Discussion Forum

 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Native shell

23 Mar 2011 21:54

Windows command prompt which can start before Winlogon and Win32 subsystem

Native shell is a program for experiments with a Native API mode of Windows. Native mode is a mode, where chkdsk starts at the boot time before login screen appears. It is used by chkdsk utility to check and correct errors in the system partition. The Native mode itself is a blue screen (it is blue in Windows XP, another color in other versions of Windows), which appears before the Windows login screen.

It can perform some basic operations with Windows files and directories. Program runs before starting of main Windows components, so we have access to the entire file system and registry without many restrictions. All operations are implemented through the Native API (ntdll.dll).

Features:
  • Starting another process (native processes only, win32 not supported)
  • Read keyboard input and process commands. To display a list of commands type "help" in the console.
  • Navigate through the file system.
  • Copy, move and delete files.
  • Create directories.
  • Turn off and restart the computer.
  • Show list of running processes.
  • Show device tree and system information
  • Displays a list of files in a directory on the screen. Shows file names, short names (in 8.3 format) and file size.
  • Leave native mode and start Windows.
  • Shutdown and reboot PC.
http://hex.pp.ua/nt-native-applications-shell-eng.php
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Contact:

Re: Native shell

24 Mar 2011 03:10

Of course, what most people don't realize is that you don't need to start native executables at boot time. This lie all started with Mark Russinovich's article on the Native API.
 
wfunction
Member
Posts: 147
Joined: 19 Mar 2011 20:17

Re: Native shell

26 Mar 2011 06:56

wj32 wrote:
Of course, what most people don't realize is that you don't need to start native executables at boot time. This lie all started with Mark Russinovich's article on the Native API.
This is a somewhat unrelated question, but is there any API that can be used to switch to the pre-Win32-boot native text-mode?

(Windows does seem to go through some text mode when the display adapter is disabled, so I'm guessing it's possible.)
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Contact:

Re: Native shell

26 Mar 2011 07:08

wfunction wrote:
This is a somewhat unrelated question, but is there any API that can be used to switch to the pre-Win32-boot native text-mode?
I have no idea.