[blackwingcat]

Did you check SHFolderExReg with KDLLinst ?

What version do you use the VMWare Tool?
I use 8.8.1 build-528969

piotrhn, on 23 February 2012 - 12:43 AM, said:

I replaced to ver 6.0.3790.3959 and:
Vmware 8 --> works fine
Vmware Player --> Vmware error

kdw's erors on: Vmware Player 8 & Vm Workstation 8

Original ver 6.0.2800. --> works ok

[piotrhn]

My mistake.
I not select SHFolderExReg in KDLLinst, now works ok.
Vmware tools version is: 8.8.2, build-590212

Thank you for help.

This post has been edited by piotrhn: 23 February 2012 - 03:38 AM

[piotrhn]

blackwingcat,

This problem exists when i suspend and resume VM.

This post has been edited by piotrhn: 27 February 2012 - 11:39 AM

[blackwingcat]

How is the problem ?
Did you install any KDW file with system mode ?

piotrhn, on 27 February 2012 - 11:39 AM, said:

blackwingcat,

This problem exists when i suspend and resume VM.

[piotrhn]

Yes this problem exist when i install advapi32.dll

[Yffffonz]

ppgrainbow, on 20 February 2012 - 01:58 PM, said:

blackwingcat, on 17 February 2012 - 08:59 PM, said:

Followup article

Did you ezinstall ? do you check Ez KD Reg ? you must ez install to same folder as flashplayerinstaller.exe.
After install, you also set ez install kernel32 to %systemroot%\system32\Macromed\Flash

ppgrainbow, on 17 February 2012 - 07:07 PM, said:

I fixed it.

To install Adobe Flash 11.1.102.62, I get the SetDllDirectoryW not being found in KERNEL32.DLL. How can I patch the latest Flash Player files to make it work?

I tried that and it was no help. I'm currently trying to get Flash Player to work with KernelEx 13a2 and the Flash Player installer even failed to initialise properly returning the error code 0xc0000005.

Did you ever find the proper way to install 11.1.102.62 (now 11.1.102.63 released) with KDW ?

EDIT: Ok... I have Flash Player 11.1.102.63 installed on W2KSP4 using BWC KDW .96k EZinstall
The method I used is as follows:

Create a Temp folder and place the "install_flash_player_32bit.exe" and/or "install_flash_player_ax_32bit.exe" in there (I will probably leave it around as I am thinking when updates come out I can just drop the new install files in there and run the update.)

Run kdllinst from the KDW package. Choose your Temp folder as the EZINstall folder, choose kernal32 from the main installer, and check EZ KD registry from the right hand side.

REBOOT the machine.

Go into the Temp folder and install the update(s).

I believe the SetDllDirectoryW call is only an issue for the installer to run. (Someone can correct me if this is not the case).

Hope this helps anyone who is having this same problem.

EDIT2...

And of course if you have something installed that protects registry changes like spybot or webroot then you will have to allow the changes or disable before doing the EZinstall to allow the EZ KD registry patch to complete.


@blackwingcat.. what exactly is checking the EZ KD registry option doing? Creating a registry entry that programs run from the installed folder will use the updated dlls from the EZInstall folder? Or creating a registry entry that ANY programs that are run from ANYWHERE will use the updated dlls from the EZInstall folder? Is it safe to leave the files in the temp folder, is it safe to delete the temp folder.. or should kdllinst be used in "Uninstall" mode before deleting the folder.
Is there a comprehensive posting somewhere that explains the options in kdllinst and/or a general guide for someone new to using it?

And mostly thank you for creating and sharing this.

This post has been edited by Yffffonz: 07 March 2012 - 07:53 AM

[blackwingcat]

How about using InstallFlashPlayer.exe created when you execute "FlashUtil1**_plugin.exe /update plugin" or "FlashUtil1**_activex.exe /update activex " ?

And I released English version kernel v13i.

[Yffffonz]

"FlashUtil11*_plugin.exe" and "FlashUtil11*_activex.exe" also have the SetDllDirectoryW dependency. Thanks for the suggestion, but it will not work without the wrapper.

blackwingcat, one last question. If you re-run the EzInstall with all the same options as the first install but check "uninstall mode" will that reverse the registry changes and remove the files from the EZInstall folder? I guess I am asking what is the correct procedure for using the "uninstall mode" option.

Thanks again. and thanks for the post about the English v13i update.

[blackwingcat]

Uninstall mode effects to system install mode.
Because you can easyly delete kdw files on Ez install mode.

Yffffonz, on 09 March 2012 - 10:21 PM, said:

"FlashUtil11*_plugin.exe" and "FlashUtil11*_activex.exe" also have the SetDllDirectoryW dependency. Thanks for the suggestion, but it will not work without the wrapper.

blackwingcat, one last question. If you re-run the EzInstall with all the same options as the first install but check "uninstall mode" will that reverse the registry changes and remove the files from the EZInstall folder? I guess I am asking what is the correct procedure for using the "uninstall mode" option.

Thanks again. and thanks for the post about the English v13i update.

[danny111]

Hi.
Is there anyone who ever tried Kapsersky Internet Security 2012 with KDW?
I am wondering if Kaspersky's product can be run smooth on Win2K which has been dropped from their suppor list....

[tomasz86]

I think I checked Kaspersky some time ago but some drivers installed by it were incompatible with W2K. Those can't really be fixed by KDW.

I'm not 100% sure about it though. I think I'll check Kasperky once again

On the other hand, the driver incompatiblity thing is true for Comodo for sure.

This post has been edited by tomasz86: 11 March 2012 - 12:29 PM

[Yffffonz]

blackwingcat:
Is there some method to reverse the changes made with the EZ KD Registy option checked when doing EZInstall? Are there any other registry changes made with the EZ KD Registry option besides the additions to the ExcludeFromKnownDlls entry?

Thanks again for your help.

[blackwingcat]

Ez KD Registry and IE Registry change the ExcludeFromKnownDlls entry.

If you check on it adds several dlls in ExcludeFromKnownDlls entry.
and when you check off it delete these.

Yffffonz, on 11 March 2012 - 09:15 PM, said:

blackwingcat:
Is there some method to reverse the changes made with the EZ KD Registy option checked when doing EZInstall? Are there any other registry changes made with the EZ KD Registry option besides the additions to the ExcludeFromKnownDlls entry?

Thanks again for your help.

[piotrhn]

WildBill,

Can you add to KDW, library secur32.dll and function: SetContextAttributesW

It's necessary for ProcessExplorer because it needs credui.dll (XP\2003 version).

[tomasz86]

piotrhn, on 19 March 2012 - 03:29 PM, said:

WildBill,

Can you add to KDW, library secur32.dll and function: SetContextAttributesW

It's necessary for ProcessExplorer because it needs credui.dll (XP\2003 version).

You can run Process Explorer (15.13) without fixing this dependency. I haven't seen any errors because of it You only need to fix the one related to credui.dll & advapi32.dll.

This post has been edited by tomasz86: 19 March 2012 - 07:28 PM

[blackwingcat]

ProcessExplorer 15.13 also calls ObCloseHandle in ntoskrnl.exe.
So, it doesn't work.

tomasz86, on 19 March 2012 - 07:27 PM, said:

piotrhn, on 19 March 2012 - 03:29 PM, said:

WildBill,

Can you add to KDW, library secur32.dll and function: SetContextAttributesW

It's necessary for ProcessExplorer because it needs credui.dll (XP\2003 version).

You can run Process Explorer (15.13) without fixing this dependency. I haven't seen any errors because of it You only need to fix the one related to credui.dll & advapi32.dll.

[piotrhn]

blackwingcat, on 19 March 2012 - 09:35 PM, said:

ProcessExplorer 15.13 also calls ObCloseHandle in ntoskrnl.exe.
So, it doesn't work.

tomasz86, on 19 March 2012 - 07:27 PM, said:

piotrhn, on 19 March 2012 - 03:29 PM, said:

WildBill,

Can you add to KDW, library secur32.dll and function: SetContextAttributesW

It's necessary for ProcessExplorer because it needs credui.dll (XP\2003 version).

You can run Process Explorer (15.13) without fixing this dependency. I haven't seen any errors because of it You only need to fix the one related to credui.dll & advapi32.dll.

ProcessExplorer v15.13 doesn't work.
drtwsn32 Log:


Microsoft ® Windows 2000 ™ version 5.00 DrWtsn32
Copyright © 1985-1999 Microsoft Corp. Wszelkie prawa zastrzeżone.

Application exception occurred:
Apl: (pid=896)
When: 2012-03-20 @ 08:10:11.187
exception number: c0000005 (access violation)

*----> System Info <----*
Nazwa komputera: V-C46A18FBBE2D4
Nazwa użytkownika: test
Liczba procesorów: 1
Typ procesora: x86 Family 15 Model 11 Stepping 2
Wersja systemu Windows 2000: 5.0
Bieżąca kompilacja: 2195
Dodatek Service Pack: 4.
Bieżący typ: Uniprocessor Free
Zarejestrowana organizacja:
Zarejestrowany właściciel: vmpc

*----> Lista zadań <----*
0 Idle.exe
8 System.exe
152 smss.exe
180 csrss.exe
200 winlogon.exe
228 services.exe
240 lsass.exe
408 svchost.exe
440 spoolsv.exe
476 svchost.exe
512 regsvc.exe
532 mstask.exe
580 uphclean.exe
592 winmgmt.exe
604 svchost.exe
640 vmtoolsd.exe
880 explorer.exe
1016 TPAutoConnSvc.e.exe
1104 VMwareTray.exe
1156 mobsync.exe
1184 ACDSeeProInTouc.exe
1160 LWS.exe
1204 internat.exe
1216 wmpnscfg.exe
1248 E_FATIGDE.exe
872 msmgr.exe
1368 TPAutoConnect.e.exe
1380 CameraHelperShe.exe
1148 COCIManager.exe
976 wuauclt.exe
1292 pexplorer.exe
300 Depends.exe
896 procexp.exe
744 drwtsn32.exe
0 _Total.exe

(00400000 - 008C2000)
(77F80000 - 78007000)
(75030000 - 75046000)
(77B40000 - 77B9A000)
(77C50000 - 77C7C000)
(7C570000 - 7C631000)
(79400000 - 79419000)
(7C2D0000 - 7C338000)
(78800000 - 7880E000)
(770F0000 - 7715F000)
(74FB0000 - 74FB8000)
(794A0000 - 794B1000)
(77D20000 - 77D5C000)
(77E10000 - 77E8F000)
(77F40000 - 77F7D000)
(71710000 - 7179A000)
(6B1D0000 - 6B1D5000)
(777F0000 - 777F7000)
(75950000 - 75956000)
(76BF0000 - 76C1E000)
(73980000 - 73CFD000)
(7CF30000 - 7D2FA000)
(70980000 - 7098E000)
(70A70000 - 70AD6000)
(77880000 - 77916000)
(78E00000 - 78E64000)
(76AE0000 - 76B1E000)
(00230000 - 0023C000)
(7CD70000 - 7CE5F000)
(779B0000 - 77A4C000)
(00D20000 - 00DCE000)
(7CD10000 - 7CD60000)
(790E0000 - 790EE000)
(77BF0000 - 77C01000)
(77980000 - 779A6000)
(74FE0000 - 74FE9000)
(77950000 - 7797C000)
(75150000 - 75156000)
(750E0000 - 750F0000)
(58730000 - 58738000)
(6F7F0000 - 6F861000)
(74E70000 - 74E86000)
(77340000 - 77357000)
(774D0000 - 774D5000)
(772D0000 - 772E7000)
(77360000 - 77390000)
(01410000 - 01433000)
(77800000 - 7780E000)
(77490000 - 774C4000)
(77470000 - 77481000)
(774E0000 - 77502000)
(77310000 - 77329000)
(76A90000 - 76A9B000)
(76F40000 - 76F48000)
(76330000 - 76340000)
(77920000 - 77943000)
(79000000 - 79046000)
(60310000 - 60327000)
(78130000 - 781CB000)
(6FFB0000 - 6FFB5000)
(68B10000 - 68B16000)
(684A0000 - 684A6000)
(66D50000 - 66D55000)
(691B0000 - 691BD000)
(6E380000 - 6E386000)
(75E00000 - 75E1A000)
(79FD0000 - 79FD8000)
(640D0000 - 640E6000)
(691D0000 - 691F8000)
(01860000 - 01DF0000)
(768D0000 - 768FB000)
(77A70000 - 77B06000)
(773E0000 - 773F1000)
(76690000 - 76697000)
(7CB60000 - 7CBEF000)
(63E90000 - 63EDB000)

Dump the state for the thread ID 0x290

eax=00001290 ebx=00493388 ecx=00000318 edx=00130178 esi=001665b8 edi=0012b884
eip=77c51ee2 esp=0012b868 ebp=0012c09c iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297


function: d_IsProcessInJob
77c51ec6 56 push esi
77c51ec7 6a03 push 0x3
77c51ec9 50 push eax
77c51eca ff15bc60c577 call dword ptr [77c560bc] ds:77c560bc=7c5a889d
77c51ed0 33c0 xor eax,eax
77c51ed2 a35459c777 mov [77c75954],eax ds:77c75954=00001290
77c51ed7 8b4e04 mov ecx,[esi+0x4] ds:010e049e=????????
77c51eda 85c9 test ecx,ecx
77c51edc 7622 jbe 77c5aa00
77c51ede 8b4c240c mov ecx,[esp+0xc] ss:010a574f=????????
Error->77c51ee2 394c8608 cmp [esi+eax*4+0x8],ecx ds:00f7b177=????????
77c51ee6 750b jnz 77c5e5f3
77c51ee8 c70701000000 mov dword ptr [edi],0x1 ds:0012b884=00000000
77c51eee a15459c777 mov eax,[77c75954] ds:77c75954=00001290
77c51ef3 40 inc eax
77c51ef4 a35459c777 mov [77c75954],eax ds:77c75954=00001290
77c51ef9 8b5604 mov edx,[esi+0x4] ds:010e049e=????????
77c51efc 3bc2 cmp eax,edx
77c51efe 72e2 jb 77c5aae2
77c51f00 8b0f mov ecx,[edi] ds:0012b884=00000000
77c51f02 b801000000 mov eax,0x1
77c51f07 5f pop edi

*----> Mirror stack trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012C09C 00449EA0 00000318 00000008 00000000 00000000 !d_IsProcessInJob
0012EE94 00432685 000401A2 00000001 0012FC28 00000000 !<nosymbols>
0012FB6C 0040DD02 0009007E 00000001 00000000 0012FC50 !<nosymbols>
0012FB90 0043094D 004A6460 0009007E 00000001 00000000 !<nosymbols>
0012FBAC 77E3A454 0009007E 00000001 00000000 0012FC50 !<nosymbols>
0012FBCC 77E14750 00430920 0009007E 00000001 00000000 !SetWindowPlacement
0012FBE8 77E1CF77 00A53D40 00000001 00000000 0012FC50 !TranslateMessageEx
0012FC18 77F91BAF 0012FC28 000000D0 000000D0 0000006C !SetScrollPos
0012FDA0 77E23CD3 00000000 004AA840 00493388 0012FD8C !KiUserCallbackDispatcher
0012FDDC 00413CD2 00000000 004AA840 00493388 00CF0000 !CreateWindowExW
0012FE54 00477AE7 00400000 00000001 77FCD168 011F0000 !<nosymbols>
0012FF30 0047DCCC 00400000 00000000 00020694 00000001 !<nosymbols>
0012FFC0 7C5989D5 00000000 00000000 7FFDF000 C0000005 !<nosymbols>
0012FFF0 00000000 0047DD37 00000000 000000C8 00000100 !ProcessIdToSessionId

*----> stack Dump <----*
0012b868 00 00 00 00 28 fc 12 00 - 9d 21 44 00 18 03 00 00 ....(....!D.....
0012b878 00 00 00 00 84 b8 12 00 - 00 00 1f 01 00 00 00 00 ................
0012b888 28 00 00 00 00 00 00 c0 - 00 00 00 00 90 29 a3 00 (............)..
0012b898 90 29 a3 00 bc b8 12 00 - e6 42 e1 77 90 29 a3 00 .).......B.w.)..
0012b8a8 f4 ff ff ff 00 00 00 00 - 00 00 00 c0 01 20 00 00 ............. ..
0012b8b8 90 29 a3 00 01 01 04 00 - 4c 6e e1 77 90 29 a3 00 .)......Ln.w.)..
0012b8c8 00 00 00 c0 01 20 00 00 - 90 29 a3 00 01 20 00 00 ..... ...)... ..
0012b8d8 90 29 a3 00 40 3d a5 00 - c8 b8 12 00 98 fa 1f 01 .)..@=..........
0012b8e8 7c be 12 00 f4 c8 e5 77 - 30 34 e1 77 d8 af 1f 01 |......w04.w....
0012b8f8 28 b9 12 00 94 fe 46 00 - 7e 00 09 00 0c b9 12 00 (.....F.~.......
0012b908 98 fa 1f 01 a2 01 04 00 - 65 00 00 00 d1 07 00 00 ........e.......
0012b918 00 00 00 00 c8 2f 1f 01 - 00 00 00 00 00 00 00 00 ...../..........
0012b928 c8 2f 1f 01 40 b9 12 00 - b1 eb 46 00 c8 2f 1f 01 ./..@.....F../..
0012b938 00 00 00 00 00 00 00 00 - 68 b9 12 00 5f 01 47 00 ........h..._.G.
0012b948 6c be 12 00 98 fa 1f 01 - ff ff ff ff 78 be 12 00 l...........x...
0012b958 00 00 00 00 00 00 00 00 - 00 00 00 00 98 fa 1f 00 ................
0012b968 88 be 12 00 3c 3a 47 00 - c8 2f 1f 01 01 00 00 00 ....<:G../......
0012b978 e3 53 47 00 98 fa 1f 01 - a0 be 12 00 1b 3a 47 00 .SG..........:G.
0012b988 c8 2f 1f 01 00 00 00 00 - e3 53 47 00 a2 01 04 00 ./.......SG.....
0012b998 0b 00 00 00 01 00 00 00 - 98 fa 1f 01 98 fa 1f 01 ................

Dump the state for the thread ID 0x30c

eax=00000000 ebx=00000102 ecx=00000101 edx=00000000 esi=00000000 edi=00000000
eip=77f88f03 esp=016dff78 ebp=016dffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286


function: ZwWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4] ss:02659e5f=????????
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Mirror stack trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
016DFFB4 7C57B3BC 00000000 00132A58 0013E998 00000000 !ZwWaitForMultipleObjects
016DFFEC 00000000 7C2D65C0 00000000 00000000 000000C8 !lstrcmpiW

*----> stack Dump <----*
016dff78 f8 65 2d 7c 02 00 00 00 - 60 c0 32 7c 01 00 00 00 .e-|....`.2|....
016dff88 00 00 00 00 a4 ff 6d 01 - 58 2a 13 00 98 e9 13 00 ......m.X*......
016dff98 00 00 00 00 20 00 a0 81 - ff ff ff ff 00 5d 1e ee .... ........]..
016dffa8 ff ff ff ff 01 00 00 00 - 00 00 00 00 ec ff 6d 01 ..............m.
016dffb8 bc b3 57 7c 00 00 00 00 - 58 2a 13 00 98 e9 13 00 ..W|....X*......
016dffc8 00 00 00 00 00 d0 fd 7f - 00 00 00 00 c0 ff 6d 01 ..............m.
016dffd8 00 00 00 00 ff ff ff ff - 60 21 5c 7c 08 2b 57 7c ........`!\|.+W|
016dffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 c0 65 2d 7c .............e-|
016dfff8 00 00 00 00 00 00 00 00 - c8 00 00 00 00 01 00 00 ................
016e0008 ff ee ff ee 02 10 00 00 - 00 00 00 00 00 fe 00 00 ................
016e0018 00 00 10 00 00 20 00 00 - 00 02 00 00 00 20 00 00 ..... ....... ..
016e0028 90 00 00 00 ff ef fd 7f - 0d 00 08 06 00 00 00 00 ................
016e0038 00 00 00 00 00 00 00 00 - 00 00 00 00 98 05 6e 01 ..............n.
016e0048 0f 00 00 00 f8 ff ff ff - 50 00 6e 01 50 00 6e 01 ........P.n.P.n.
016e0058 40 06 6e 01 00 00 00 00 - 00 00 00 00 00 00 00 00 @.n.............
016e0068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
016e0078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
016e0088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
016e0098 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
016e00a8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

Dump the state for the thread ID 0x38c

eax=6031c988 ebx=00000002 ecx=77fcae15 edx=00000000 esi=77f88ef8 edi=00000002
eip=77f88f03 esp=017efdec ebp=017efe38 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


function: ZwWaitForMultipleObjects
77f88ef8 b8e9000000 mov eax,0xe9
77f88efd 8d542404 lea edx,[esp+0x4] ss:02769cd3=????????
77f88f01 cd2e int 2e
77f88f03 c21400 ret 0x14
77f88f06 8bff mov edi,edi

*----> Mirror stack trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
017EFE38 7C59A180 017EFE10 00000001 00000000 00000000 !ZwWaitForMultipleObjects
017EFFB4 7C57B3BC 60322364 7FFDE000 77F83148 60322364 !WaitForMultipleObjects
017EFFEC 00000000 6031C988 60322364 00000000 00000000 !lstrcmpiW

*----> stack Dump <----*
017efdec 6d a2 59 7c 02 00 00 00 - 10 fe 7e 01 01 00 00 00 m.Y|......~.....
017efdfc 00 00 00 00 00 00 00 00 - 64 23 32 60 22 47 c5 77 ........d#2`"G.w
017efe0c 00 00 00 00 0c 02 00 00 - 08 02 00 00 38 3b 13 bb ............8;..
017efe1c 78 6e eb e2 68 de bc 81 - 00 00 00 00 ac 55 01 00 xn..h........U..
017efe2c e3 b8 01 00 48 85 35 82 - 00 07 00 00 b4 ff 7e 01 ....H.5.......~.
017efe3c 80 a1 59 7c 10 fe 7e 01 - 01 00 00 00 00 00 00 00 ..Y|..~.........
017efe4c 00 00 00 00 00 00 00 00 - e7 c9 31 60 02 00 00 00 ..........1`....
017efe5c 78 fe 7e 01 00 00 00 00 - ff ff ff ff 5b 3f 1f 9d x.~.........[?..
017efe6c 00 e0 fd 7f 48 31 f8 77 - 64 23 32 60 0c 02 00 00 ....H1.wd#2`....
017efe7c 08 02 00 00 00 00 00 00 - af 3b 31 60 64 23 32 60 .........;1`d#2`
017efe8c 00 00 00 00 00 00 00 00 - 00 80 fa 7f 00 00 00 00 ................
017efe9c 00 00 00 00 00 80 fa 7f - 88 65 9c 81 01 b8 a5 81 .........e......
017efeac 00 00 00 00 a0 fe 1f c0 - 00 00 00 00 ac 09 00 00 ................
017efebc 6d 08 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 m...............
017efecc 00 00 00 00 00 00 29 05 - 50 00 30 c0 80 3c 13 bb ......).P.0..<..
017efedc ef cb 44 80 00 f0 28 05 - 00 00 00 00 00 00 00 00 ..D...(.........
017efeec 00 80 fa 7f ff ff 28 05 - 01 40 0a 82 00 00 00 00 ......(..@......
017efefc 40 25 db 81 01 00 00 00 - b0 07 ee 81 c0 a2 ff 81 @%..............
017eff0c be 49 45 80 48 82 95 e2 - 60 b7 a5 81 00 00 00 82 .IE.H...`.......
017eff1c 00 00 00 02 60 3c 13 bb - c4 f2 48 80 a8 a5 0b 82 ....`<....H.....

Dump the state for the thread ID 0x34c

eax=0047aace ebx=00000000 ecx=77fb7e64 edx=00000000 esi=77f88f08 edi=0000025c
eip=77f88f13 esp=01eeff28 ebp=01eeff4c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


function: ZwWaitForSingleObject
77f88f08 b8ea000000 mov eax,0xea
77f88f0d 8d542404 lea edx,[esp+0x4] ss:02e69e0f=????????
77f88f11 cd2e int 2e
77f88f13 c20c00 ret 0xc
77f88f16 8bff mov edi,edi

*----> Mirror stack trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
01EEFF4C 7C57B40F 0000025C FFFFFFFF 00000000 004407E2 !ZwWaitForSingleObject
01EEFF70 0047AAA8 00000000 9DB9F3AF 01DADF18 011F2D78 !WaitForSingleObject
01EEFFA8 0047AB50 0012D5F0 01EEFFEC 7C57B3BC 011F2D78 !<nosymbols>
01EEFFB4 7C57B3BC 011F2D78 01DADF18 0012D5F0 011F2D78 !<nosymbols>
01EEFFEC 00000000 00000000 00000000 00000000 00000000 !lstrcmpiW

Dump the state for the thread ID 0x4ec

eax=770f7dd0 ebx=00160db0 ecx=0012b1c0 edx=00000000 esi=00160c68 edi=00000100
eip=77f88b37 esp=0218fe28 ebp=0218ff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


fenction: NtReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4] ss:03109d0f=????????
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi

*----> Mirror stack trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0218FF74 77118E4A 770FAEED 00160C68 77110101 00130000 !NtReplyWaitReceivePortEx
0218FFA8 770F7DE8 00160B08 0218FFEC 7C57B3BC 00160DB0 rpcrt4!TowerConstruct
0218FFB4 7C57B3BC 00160DB0 77110101 00130000 00160DB0 rpcrt4!I_RpcConnectionInqSockBuffSize2
0218FFEC 00000000 00000000 00000000 00000000 00000000 !lstrcmpiW

Dump the state for the thread ID 0x394

eax=7cdd5b03 ebx=00000102 ecx=00000000 edx=00000000 esi=77f88398 edi=0228ff74
eip=77f883a3 esp=0228ff60 ebp=0228ff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


function: ZwDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4] ss:03209e47=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi

*----> Mirror stack trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0228FF7C 7C59A2CC 0000EA60 00000000 7CDD9AEA 0000EA60 !ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 !Sleep


procexp.exe:
advapi32.dll: FlushTraceW

Credui.dll:
advapi32.dll: CredFree, CredIsMarshaledCredentialW, CredReadW, CredWriteW, CredpConvertCredential, CredpConvertTargetInfo, CredpDecodeCredential, ,
secur32.dll: SetContextAttributesW

Procexp.sys:
NTOSKRNL.EXE->ObCloseHandle

I use kernel32,user32,advapi32,shell32 from KDW installed

So, maybe WildBill can add ObCloseHandle to ntoskrnl.exe.

This post has been edited by piotrhn: 20 March 2012 - 01:25 AM

[piotrhn]

After uninstall kernel32.dll from KDW ProcessExplorer works

[erpdude8]

@blackwingcat,

how to run Realplayer SP (12), 14 or 15 under Win2000 using KDW / FCWIN2K (if possible)?

[danny111]

Hi

What kind of AntiVirus SW are you guys using for best protection of Win2K system?
I've been using KIS 2009, but Kaspersky stopped update service for this product and of course, the newer version of KIS cannot be run in Win2K.
I've heard that the latest ESET Smart Security supports Win2K, but also heard that ESET is positioned in rather lower rank in capability of protection.
Any helpful suggestion?