KernelEx for Win2000

[blackwingcat]

I released Extended kernel v2.3g3 and game support version.

nProtect which is wellknown Korea protect from game cheat solution has critical bug.

So I must create another version extended kernel to avoid its bug.

The differences are kernel32 and rpcrt4.dll

I stripped some functions from them and changed a little bit on Procedure call routine.

Edited October 1, 2013 by blackwingcat

[leonidij]

Hello blackwingcat.

v23f is JPN and I'm on ENU machine and user. What is the difference between those, and can it be installed on english machine? Maybe not very wise. But if user32.dll is basicly the same as ENU version could I just try to replace it in let say ver 18g. In short to put user32.dll from v23f in v18g and then isntall v18g or they are not compatible?

And I ave read in your blog that versions 2X use more faking of XP things while version 1X more like update win2k (add support). So I'm willing to stuck with 1X way.

Is that fix in v23f also available in v23g3 (your last release) because v23g have ENU version while v23f have not.

I'm not sure what exaclty you changed but I think if add check before of each call of that function of yours for first parameter if it is zero would solve the problem (or maybe not?) and make it more universal fix in case of other similar bugs? (or maybe this is not that easy as how it looks?)

Ah I just saw you actually have aditional v23f ENU releases under field of v23e - are they the ENU of v23f and what is the difference between v23f and v23f3?

v23f is removed so only v23f3 remains. Is it v23f ENU or is mistake?

Hmmm the file size of v23f3 is just 1kb less than v23e - it maybe is mistake or not?

I will wait for replay from you and then will test it.

Edited October 2, 2013 by leonidij

[blackwingcat]

Hi.

Different language version are imcompatible in kernel32 and user32 cause of relocation address problem.

Because English version 23f/f2/3 is made by me with emergency basis, I has many problems, so I think they should delete.

Although I don't know why you use version 1.8g, If it is reason that some games don't work on version 2.x, plz try to install Game supported version 2.3g3.

Hello blackwingcat.

v23f is JPN and I'm on ENU machine and user. What is the difference between those, and can it be installed on english machine? Maybe not very wise. But if user32.dll is basicly the same as ENU version could I just try to replace it in let say ver 18g. In short to put user32.dll from v23f in v18g and then isntall v18g or they are not compatible?

And I ave read in your blog that versions 2X use more faking of XP things while version 1X more like update win2k (add support). So I'm willing to stuck with 1X way.

Is that fix in v23f also available in v23g3 (your last release) because v23g have ENU version while v23f have not.

I'm not sure what exaclty you changed but I think if add check before of each call of that function of yours for first parameter if it is zero would solve the problem (or maybe not?) and make it more universal fix in case of other similar bugs? (or maybe this is not that easy as how it looks?)

Ah I just saw you actually have aditional v23f ENU releases under field of v23e - are they the ENU of v23f and what is the difference between v23f and v23f3?

v23f is removed so only v23f3 remains. Is it v23f ENU or is mistake?

Hmmm the file size of v23f3 is just 1kb less than v23e - it maybe is mistake or not?

I will wait for replay from you and then will test it.

[leonidij]

So in short v23g3 have that fix in user32.dll and I better try that instead of v23f3 and I shold test v23g3 instead to see of it is working?

And the reason I prefer 1.8g is that win2k lack some core things like vectored exception handling (VEH) and others (I'm not usre if you implement this), but some programs do check if this is available and if not they just dont uses it in case of win2k. But, If I'm not wrong, version 2X maybe try to fake version of window$ those programs detect and so they try to use some still unsupposrted things because they are confused. This is maybe the cause of gameguard problem. And maybe some other drivers or driver level programs which uses things like that. So I think is not bad idea to continue version 1X in paralel with 2X, if I understand it correctly. In short some programs better be fully aware that this is not XP. Some of them have anything that support win2k but just the compiller of this programs add some non needed stuff as addon which is not supported by win2k or just few non so important functions, while they kept support for complicated functions and routine. The developers of those programs maybe just didnt check if it still works on win2k after they change the compiller to vc10 or vc11.

And besides I like the "Stable" after some 1X versions . Because this is also work pc of someone else and I want to be able to relay on things and dont want to wonder what causes certian problem. If there is bug in 1.8 versions why not fix it and make them even more close to stable? They are btw working pretty stable indeed as far as I tested some long period of time and had no problems except this problem I posted above. And btw after I use recovery error with "CrashDoctor" program on gameranger after it crashes on your routine. then gameranger continues working. Crash doctor just handles internally (as far as I understand some exceptions and try to redirect execution code to other rutine. And I think it means only that trying to read from 0 address is the problem because first parameter is 0. If it was internal bug shold the program will not be able to continue or shold it be crashing on standart win2k?

Edited October 3, 2013 by leonidij

[blackwingcat]

Hi.

Well, I think Gameguard Problem fixed on "avoid Game Guard Bug version(Game Support version)" Extended kernel.

Although I said before, I think It is Gameguard bug which reference nullpointer crash.

So in short v23g3 have that fix in user32.dll and I better try that instead of v23f3 and I shold test v23g3 instead to see of it is working?

And the reason I prefer 1.8g is that win2k lack some core things like vectored exception handling (VEH) and others (I'm not usre if you implement this), but some programs do check if this is available and if not they just dont uses it in case of win2k. But, If I'm not wrong, version 2X maybe try to fake version of window$ those programs detect and so they try to use some still unsupposrted things because they are confused. This is maybe the cause of gameguard problem. And maybe some other drivers or driver level programs which uses things like that. So I think is not bad idea to continue version 1X in paralel with 2X, if I understand it correctly. In short some programs better be fully aware that this is not XP. Some of them have anything that support win2k but just the compiller of this programs add some non needed stuff as addon which is not supported by win2k or just few non so important functions, while they kept support for complicated functions and routine. The developers of those programs maybe just didnt check if it still works on win2k after they change the compiller to vc10 or vc11.

And besides I like the "Stable" after some 1X versions . Because this is also work pc of someone else and I want to be able to relay on things and dont want to wonder what causes certian problem. If there is bug in 1.8 versions why not fix it and make them even more close to stable? They are btw working pretty stable indeed as far as I tested some long period of time and had no problems except this problem I posted above. And btw after I use recovery error with "CrashDoctor" program on gameranger after it crashes on your routine. then gameranger continues working. Crash doctor just handles internally (as far as I understand some exceptions and try to redirect execution code to other rutine. And I think it means only that trying to read from 0 address is the problem because first parameter is 0. If it was internal bug shold the program will not be able to continue or shold it be crashing on standart win2k?

[leonidij]

Hello.

And you misunderstood it. It is not GmeGuard but it is GameRanger.

They are totally different things. Gameguard you know what it is already, but gameranger is program for online multiplayer of many local games.

www.gameranger.com

Here you can download and try it yourself if you want. But it needs some tweaking because is downloading some dlls which do requare xp.

Seems you are very obsessed with Gameguard fixing lately and tough of it but it have nothing to do.

It is one MFC & MSVCRT based application. It have no much internal code nor drivers or etc. The problem is caused before initalizing main window. So it have something to do with creating interface as you can see from stack back treace.

Edited October 3, 2013 by leonidij

[blackwingcat]

Umm.....

Does it correct the following ?

+------------+------+----------------+-----+--------------------+

| ExKernel | 1.8x |1.8+Fixed User32|2.3g3|2.3g3 gamefixversion|

+------------+------+----------------+-----+--------------------+

| GameGuard | Ok | Ok | Bad | Ok |

+------------+------+----------------+-----+--------------------+

| GameRanger | Bad | Ok | Ok | Ok |

+------------+------+----------------+-----+--------------------+

| Any Game | Ok | Ok | Bad?| Bad? |

|InGameRanger| | | | |

+------------+------+----------------+-----+--------------------+

Hello.

And you misunderstood it. It is not GmeGuard but it is GameRanger.

They are totally different things. Gameguard you know what it is already, but gameranger is program for online multiplayer of many local games.

www.gameranger.com

Here you can download and try it yourself if you want. But it needs some tweaking because is downloading some dlls which do requare xp.

Seems you are very obsessed with Gameguard fixing lately and tough of it but it have nothing to do.

It is one MFC & MSVCRT based application. It have no much internal code nor drivers or etc. The problem is caused before initalizing main window. So it have something to do with creating interface as you can see from stack back treace.

Edited October 4, 2013 by blackwingcat

[leonidij]

GameRanger nor the ancient game I play with it uses Gameguard. Gameranger just launches the game and redirect its online servers to Gameranger server using dll injection. From there on Gameranger have nothing to do with game except to wait it to close. NO GAMEGUARD so it is not at fault at all. I do not have gameguard on my pc in anyway nor something which could ses it. So the deal is only between gameranger.exe and user32.dll, and i can not even test it vs gameguard.

How to get this "1.8+Fixed User32"? To copy user32.dll from v23g3 ENU to installation package of v1.8x ENU? If that is so I cand do it. And v23g3 have that fixed user32.dll? I could try both variants. Just didnt got where that so called fixed user32.dll is located (in v23g3 by my last nderstanding).

EDIT:

Ok I did tested it with 1.8g + fixed user32 and it do work! Thank you. Wanted to test first 2.3g3 but it wanted one update for IE6 which I probably have locally but do not want to install it right now, but it shold work too.

We can consider this solved!

EDIT2:

I forgot to tell you that I got that fixed user32.dll from 2.3g3 in case there are more variants.

Edited October 7, 2013 by leonidij

[leonidij]

Another program that have some trouble this time with BOTH normal win2k and with kernel ex is this one:

http://www.manhunter.ru/releases/108_32_bit_asm_calculator_1_5.html

This is awesome asm programmer calculator, but its tool tips make program crash before show on win2k.

Otherwise the program is woking fine if the tool tip creation routine is patched and avoided (as I did). But not tool tips then.

Ok it is not about the tool tips of this program (I dont actually need them) but this seems is general flaw of win2k (not sure that exactly is the problem), But it may appear on other soft which uses similar way to create tool tips.

If you are interested may see what is going on if not leave it be. THIS IS NOT A REQUEST. As I said I do not need this particular tool tips that much. This is just a notice because this thing looks more general problem.

So if you have time and and interest can look at it if not so be it.

[blackwingcat]

I find Windows 2000 bug.

http://blog.livedoor.jp/blackwingcat/archives/1816967.html

I will release fixed version extended kernel user32. on 5.00.2195.7160

Thx.

Another program that have some trouble this time with BOTH normal win2k and with kernel ex is this one:

http://www.manhunter.ru/releases/108_32_bit_asm_calculator_1_5.html

This is awesome asm programmer calculator, but its tool tips make program crash before show on win2k.

Otherwise the program is woking fine if the tool tip creation routine is patched and avoided (as I did). But not tool tips then.

Ok it is not about the tool tips of this program (I dont actually need them) but this seems is general flaw of win2k (not sure that exactly is the problem), But it may appear on other soft which uses similar way to create tool tips.

If you are interested may see what is going on if not leave it be. THIS IS NOT A REQUEST. As I said I do not need this particular tool tips that much. This is just a notice because this thing looks more general problem.

So if you have time and and interest can look at it if not so be it.

[leonidij]

Hello and awesome work blackwingcat.

Here is another thing which I know is bug in win2k.

Some programs (mostly oll ones) when started try to initialize its main dialog but freeze at some point. If you click X (close) they do exit, but if click any other button they get into not responding state. Note this bug maybe closely related to previews one if not the same. I have seen totally 3 programs like that so it is rare, but those programs do work fine on win 9X and probably on XP. I'm sending you an example of one tool from year 2000 which task is to add physical and/or virtual space/sections in PE files. Is rare to find that program now days. In archive is both original version and fixed version (not fixed by me) that WORKS on win2k. You can see how the fix is done and where the problem is without fully debuging - just by compare dissasm of both files. Note this too may be considered as malware tool by "super clever" AVs, but it by itself have nothing malware or destructive in it. Its main aim is to easy and fast add space in PE file for extra code when you do not have enough physical space in file for this task.

ToPo.rar

Edited October 8, 2013 by leonidij

[blackwingcat]

Will you guess me the any programs ?

If it is simple application as calc32.exe , I may be able to resolve it.

What is oll ?

Similar problems are had by GDK softwares.and Java 7 and Google Chrome.

They resolve to replace gdk library file.

But if it is Java application we only should use Java 6 u51/60.

Hello and awsome work blackwingcat.

Here is another thing whch I know is bug in win2k.

Some programs (mostly oll ones) when started try to initalize its main dialog but freeze at some point. If you click X (close) they do exit, but if click any other button they get into not responding state. Note this bug maybe closely related to previews one if not the same. I have seen totally 3 programs like that so it is rare, but those programs do work fine on win 9X and probably on XP. I'm sending you an example of one tool from year 2000 which task is to add phisical and/or virtual space/sections in PE files. Is rare to find that nowdays. In archive is both original version and fixed version (not fixed by me) that WORKS on win2k. You can see how the fix is done and where the problem is without fully debuging - just by compare disasm of both files. Note this too may be considered as malware tool by "super claver" AVs, but it by itself have nothing malware or destructive in it. Its main aim is to easy and fast add space in PE file for extra code when you do not have enough phisical space in file for this task.

Edited October 8, 2013 by blackwingcat

[leonidij]

See the attached file in my previews post for what causes the problem and how it must be fixed.

The fixes are very similar to fixes you use but already done by someone else in this case.

This is also General problem and as I understood it it exist in modern applications too.

Attachment in previews post give you both the problem and the resolve .

_fixed.exe is the fixed file in there which works on win2k and the other exe is the original which do have the problem described above. It is again not saved registers and again is related to SendMessage function but I think not only this time.

Edited October 8, 2013 by leonidij

[blackwingcat]

It detected two Trojan as you said.

So, I'll create new standalone WIndows 2000 environment and test it.

but it by itself have nothing malware or destructive in it. Its main aim is to easy and fast add space in PE file for extra code when you do not have enough phisical space in file for this task.

_fixed.exe is the fixed file in there which works on win2k and the other exe is the original which do have the problem described above. It is again not saved registers and again is related to SendMessage function but I think not only this time.

And then...

I tested them.

On my new environment both programs seem to work fine.

Does topo12.exe have any problems on typical Windows 2000 environment ?

Edited October 9, 2013 by blackwingcat

[leonidij]

Yes as what I described above. You can debug both in ollydbg or in any other debugger/dissassembler and see the difference between both. You can use also Cmpdisasm tool for this task. This program can be used to add extra code into exe and thats why AVs think oo it is very bad think to do, but as you know very well not only bad things can be added into existing program. The program itself have nothing malware, but you are free to be extra cautions. I think I remember one more program which have same problem. Will try to find it. It was one Opcode tool. Oh I think I remeber even one more program with that problem. Will search for them.

Here is one more program, called OpGen with that problem and it is OPENSOURCE! I found it in my collection and have the same problem. It is an Opcode Generator tool. The source is written in tasm32 and compiles flawlessly (I tested).

OPGEN.ZIP

Edited October 9, 2013 by leonidij