Determining which XP kernel is being run....

[Dougiefresh]

Ok, I've got a problem I hope that someone can help me with. I've written a program that modifies a copy of the XP kernel to create a new bootscreen. Right now, it always assumes that NTOSKRNL.EXE is the kernel that we want to modify. But on a multi-processor system, it would be NTKRNLMP.EXE instead of NTOSKRNL.EXE. Now I can determine if there is more than one processor/core by using this statement in AutoIt:

Msgbox(0, "Number of Cores", EnvGet("NUMBER_OF_PROCESSORS"))

This should be able to tell me whether I need to use NTOSKRNL.EXE because there is only one processor/core, OR NTKRNLMP.EXE because there is more than one.

But WikiPedia's page about NTOSKRNL.EXE says that there are two more kernels: NTKRNLPA.EXE (single processor/core w/ PAE enabled) and NTKRPAMP.EXE (multi-processor w/ PAE enabled). Any idea how to tell if PAE is enabled?

BTW, in case anybody is interested: I have tried to patch the kernels themselves and replace them while the system was running. The file replacement works maybe half the time, so patching the kernels isn't exactly an option until I can find a fool-proof way to replace the kernels without resorting to booting into Safe Mode.... It would also have to be done during the program execution because it cannot be replaced at boot-time.....

I'd appreciate any assistance that people can give me! Thanks!

Edited January 5, 2011 by Dougiefresh

[Dougiefresh]

Found something at osronline.com. Evidentally PAE mode can be enabled with a /PAE switch in boot.ini. Assuming that no /kernel= switches were present in the Boot.ini, would that be sufficient to decide to use a PAE-version of the kernels?