Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

PE Tool for creating patches

- - - - -

  • Please log in to reply
675 replies to this topic

#551
Dubby

Dubby

    Newbie

  • Member
  • 17 posts
  • Joined 24-July 08
  • OS:Windows 7 x64
  • Country: Country Flag
hello...
Actually I have take a look on it.. but unfortunately I have no win2k system ATM (its still being repaired..),, and I have only vc2010 express MASM32 package..

so I just tried to recompile them..
the first is csrsrv... I got it succeed..
but when I tried to recompile basesrv...
it complain that I'm missing for some import from csrsrv, I have copied the produced LIB from csrsrv... but still did not succeed....
because the basesrv need functions from csrsrv as Stdcall...

because of curiosity I open up the csrsrv .lib with Hex editor then tried to search the missing export..

And I don't know is it right or not but adding extern "C" before exported function solve my problem... --> the produced lib contain correct export lists...

since I have not programming in C/C++ for a long time, I almost forgot the languages.. :blushing: (I'm still trying to starting over)

well I don't know its help or not... anyway you have done such a great job... :thumbup


How to remove advertisement from MSFN

#552
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag

It's the same file either way. I don't think I've ever had a separate one for uniproc in that patch.

The file is same but M$ always puts it in uniproc too. And it's required for slipstreaming...
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#553
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
@WildBill

There seem to be some problems with the newest version of ntdll.dll. Please have a look at this topic. I used ntdll.dll 5.0.2195.7084 in UURollup-v10 which caused all the issues which are now gone in UURollup-v11 where the older version of ntdll.dll (5.0.2195.7083) is used.
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#554
ppgrainbow

ppgrainbow

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 04-October 11
  • OS:Vista Ultimate x64
  • Country: Country Flag

@WildBill

There seem to be some problems with the newest version of ntdll.dll. Please have a look at this topic. I used ntdll.dll 5.0.2195.7084 in UURollup-v10 which caused all the issues which are now gone in UURollup-v11 where the older version of ntdll.dll (5.0.2195.7083) is used.


The issues regarding the ntdll.dll are gone in UURollup-v10a. I'm wondering if version 5.0.2195.7085 of ntdll.dll will fix the issues that I experienced for a while. :)

AVA Direct FX AM3+ specs: Zalman ZM Z9-U3 Black Mid-Tower case / ASUS M5A97 R2.0 / AMD FX-4300 3.8 GHz quad-core processor / Fractal Design Integra R2 500W PSU/ Hyper 212 EVO CPU cooler / Western Digital BLACK SERIES 1 TB (WD1003FZEX) SATA III 7200 RPM / Lite-On iHas124 Black 24x DVD-RW / 8 GB Crucual (2 x 4GB) Ballistix Sport PC3-12800 DDR3 RAM / EVGA GeForce 8400 GS 520 MHz 1 GB GDDR3 / Microsoft Windows Vista Ultimate SP2 x64


#555
blackwingcat

blackwingcat

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 777 posts
  • Joined 31-May 08
  • OS:Windows 2000 Professional
  • Country: Country Flag
Hi, WildBill.
Is there your extended kernel function table such as http://j00ru.vexillium.org/ntapi/
I want to extend Kernel Core wirth Your Kernel.

It's the same file either way. I don't think I've ever had a separate one for uniproc in that patch.

I guess no one has taken a look at the v9e sources :(


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BlackWingCat =^^=
http://blog.livedoor.jp/blackwingcat/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

#556
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag

Hi, WildBill.
Is there your extended kernel function table such as http://j00ru.vexillium.org/ntapi/
I want to extend Kernel Core wirth Your Kernel.


It's the same file either way. I don't think I've ever had a separate one for uniproc in that patch.

I guess no one has taken a look at the v9e sources :(


This is what's in my kernel32.def file at present, which lists all of the exported functions currently implemented in C. I still have about 180 more to do before it contains everything in the latest V10 kernel. Also, until I have the first 830 or so all implemented I can't test or debug them, so crashes are likely until that point. Once I get everything working I can then put it through the hardening passes that I did for csrsrv and basesrv.

http://www.mediafire...1966gy8kokutq6p

I could post the full sources to my kernel32 project, but while it compiles it won't do anyone any good until it's complete enough to run in a 2k environment.

#557
blackwingcat

blackwingcat

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 777 posts
  • Joined 31-May 08
  • OS:Windows 2000 Professional
  • Country: Country Flag
Hi.

I don't think that it is important kernel32.dll function's order very much.
I want not to look Kernel32 function table but win32k.sys and ntoskrnl.exe System Call Table . :whistle:

This is what's in my kernel32.def file at present, which lists all of the exported functions currently implemented in C. I still have about 180 more to do before it contains everything in the latest V10 kernel. Also, until I have the first 830 or so all implemented I can't test or debug them, so crashes are likely until that point. Once I get everything working I can then put it through the hardening passes that I did for csrsrv and basesrv.

http://www.mediafire...1966gy8kokutq6p

I could post the full sources to my kernel32 project, but while it compiles it won't do anyone any good until it's complete enough to run in a 2k environment.


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BlackWingCat =^^=
http://blog.livedoor.jp/blackwingcat/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

#558
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag
I don't have a handy list of the functions in those files, though a tool like Ida could probably generate one. I'd love to eventually rewrite those in C as well, but first things first--rewriting kernel32 has already proven to be a much larger endeavor than I had envisioned...

Edited by WildBill, 16 July 2012 - 01:04 AM.


#559
blackwingcat

blackwingcat

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 777 posts
  • Joined 31-May 08
  • OS:Windows 2000 Professional
  • Country: Country Flag
Hi.
I found your code miss. ntdll.dll (5.0.2195.7084)
77FD4A02  68F10000C0                		push	C00000F1h <- 
 77FD4A07  E84C7BFDFF                		call	RtlRaiseStatus
 77FD4A0C                           L77FD4A0C:
 77FD4A0C  BEF00000C0                		mov	esi,C00000F0h
 77FD4A11  EBCF                      		jmp	L77FD49E2

Edited by blackwingcat, 21 July 2012 - 11:13 AM.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BlackWingCat =^^=
http://blog.livedoor.jp/blackwingcat/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

#560
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
@WildBill

There seems to be a bug in atmfd.dll from KB2507618:

http://www.msfn.org/board/topic/157390-cant-use-otf-fonts-in-win2k/
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#561
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag

Hi.
I found your code miss. ntdll.dll (5.0.2195.7084)

77FD4A02  68F10000C0                		push	C00000F1h <- 
 77FD4A07  E84C7BFDFF                		call	RtlRaiseStatus
 77FD4A0C                           L77FD4A0C:
 77FD4A0C  BEF00000C0                		mov	esi,C00000F0h
 77FD4A11  EBCF                      		jmp	L77FD49E2


Thanks! I found a separate issue in ntdll so I was going to release a new one anyway, so I'll put this fix in also.

Edited by WildBill, 23 July 2012 - 02:19 AM.


#562
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag

@WildBill

There seems to be a bug in atmfd.dll from KB2507618:

http://www.msfn.org/...fonts-in-win2k/


I can't begin to describe how much I hate that DLL. There is no symbol info available for it, and it's hopelessly complicated. Do you know if the problem goes away with an earlier version of my patched DLL? That would help me narrow the problem down.

#563
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
The problem happens both in the older and the newer version. Can't just the XP file be used as it is? OTF fonts open properly with the XP atmfd.dll from KB2507618 installed.
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#564
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag

The problem happens both in the older and the newer version. Can't just the XP file be used as it is? OTF fonts open properly with the XP atmfd.dll from KB2507618 installed.


I tried it once and it refused to let any fonts show up in the Control Panel. I haven't tried it since...

#565
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag

I tried it once and it refused to let any fonts show up in the Control Panel. I haven't tried it since...

I'm using it right now and all fonts are shown correctly.

The file is atmfd.dll 5.1.2.232.
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#566
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag
I've got a couple of updates posted:

Windows2000-KB2393802-v11-x86-ENU.exe

- A couple of ntdll bugfixes, and it should now be friendlier for slipstreaming.


Windows2000-KB2508429-v7-x86-ENU.exe

- Some new API functions added:

dnsapi.dll

NetInfo_Free
DnsFree
DnsFreeConfigStructure


iphlpapi.dll

GetTcpStatsFromStackEx
GetIpStatsFromStackEx
GetUdpStatsFromStackEx
GetIcmpStatsFromStackEx
GetTcpExTable2FromStack
GetUdpExTable2FromStack
GetExtendedTcpTable
GetExtendedUdpTable
GetBestInterfaceEx


The 2k iphlpapi only supports ipv4, so while the calls above will work for ipv4, they'll properly report an error code if called for ipv6.


My kernel32.dll rewrite is still proceeding apace...765 exported routines and counting.

Edited by WildBill, 23 July 2012 - 09:11 PM.


#567
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
Thanks WildBill :)

Is the ntdll.dll version same as in v10?

Edit: Something seems to be wrong in the new ntdll.dll :( Explorer.exe restarts itself each time when trying to open a folder.

Edited by tomasz86, 23 July 2012 - 10:03 PM.

Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#568
blackwingcat

blackwingcat

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 777 posts
  • Joined 31-May 08
  • OS:Windows 2000 Professional
  • Country: Country Flag
Does Nirsoft Currport work ?
Our iphlpapi.dll seems problem on GetUdpExTable2FromStack/GetTcpExTable2FromStack

I found iphlpapi v5.0.2195.7097 requires KB957579(Minimum require is KB951798)

I've got a couple of updates posted:
iphlpapi.dll

GetTcpStatsFromStackEx
GetIpStatsFromStackEx
GetUdpStatsFromStackEx
GetIcmpStatsFromStackEx
GetTcpExTable2FromStack
GetUdpExTable2FromStack
GetExtendedTcpTable
GetExtendedUdpTable
GetBestInterfaceEx


Edited by blackwingcat, 24 July 2012 - 11:55 PM.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BlackWingCat =^^=
http://blog.livedoor.jp/blackwingcat/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

#569
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag

Thanks WildBill :)

Is the ntdll.dll version same as in v10?

Edit: Something seems to be wrong in the new ntdll.dll :( Explorer.exe restarts itself each time when trying to open a folder.


Really? There were only two extremely minor changes. One was to correct the error code that blackwingcat pointed out and the other was to fix a bug when initializing a process -- the location of a particular field is different in 2k vs. XP. The thing is, though, the code that's affected should never actually run since it only gets invoked if a process was using an activation context, and that functionality isn't active in my kernel yet. I'm not having any problems here...can you provide any more info?

#570
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
I've just done more tests and actually the same problem happens with both v10 and v11. The test machine is a VM (uses uniproc non-PAE kernel) with all official updates installed. I just added KB2479628 and KB2393802.
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#571
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag

I've just done more tests and actually the same problem happens with both v10 and v11. The test machine is a VM (uses uniproc non-PAE kernel) with all official updates installed. I just added KB2479628 and KB2393802.


Now that's interesting. I'm seeing the same thing in my VM, but not on real hardware. It must date back to v9, since the ntdll in v9 and v10 are the same. v9 was where I added a bunch of SxS API's to ntdll. I guess I'll have to look at it closely to see if I broke anything.

#572
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
Well, I had problems with the ntdll.dll starting from v9, on real hardware too (check #533).
Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#573
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag
I've been crawling through the code, double-checking and triple-checking everything, and I can't find anything wrong with the code. I tried backing some changes out and eventually replaced v9 ntdll with v8 ntdll and I still see occasional problems in a VM (though never on real hardware). From looking at the exceptions it looks like something is corrupting the heap, and subsequent heap operations are throwing exceptions. Mixing v8 ntdll with v9 kernel definitely isn't preventing the problem. What happens if you try a pure v8 install on a VM?

#574
tomasz86

tomasz86

    www.windows2000.tk

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,520 posts
  • Joined 27-November 10
  • OS:XP Pro x86
  • Country: Country Flag
More test results:

1. After installing v11 folders don't open / Explorer is restarted... but they open in Safe Mode. On the other hand, IE doesn't open neither in "normal" mode nor in Safe Mode (Add/Remove programs don't open either as they depend on IE).

2. No problems occur when v8 is installed.

3. I found a bug in update.inf. There should be no ntdll.dll and win32k.sys in [System32.Files].

4. Replacing ntdll.dll v7084 from v11 with ntdll.dll v.7083 from v8 fixes all issues.

Edited by tomasz86, 30 July 2012 - 09:21 PM.

Posted Image
Unofficial Service Pack 5.2 for MS Windows 2000 <- use this topic if you need help with UURollup, Update Rollup 2 and other unofficial packages

#575
WildBill

WildBill

    Senior Member

  • Developer
  • 697 posts
  • Joined 09-August 05
  • OS:none specified
  • Country: Country Flag
There's something screwy going on...I backed up all the way to v3 and I still get the same occasional errors when accessing a network share from within a VM. I then tried a clean install of 2kSP4 and it still happens. I wonder if it's a VM thing. I'm using Virtual PC 2007.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users