[jumper]

ImportPatcher
Enable a new executable to load with old DLLs or on an older OS.
latest beta:  ImportPatcher.34.exe (7K)
Number of downloads: 28
debugging DLL:  IPstub.zip (2.49K)
Number of downloads: 25
New in  IPstub.zip (2.49K)
Number of downloads: 25:

• Jan 19, 2012
  
• stub library for replacing missing DLLs
  
• debug build with C source

New in  ImportPatcher.34.exe (7K)
Number of downloads: 28:

• Jan 19, 2012
  
• If no LookupTable (ILT), use AddressTable (IAT) instead
  
• When unbinding, reinitialize IAT to match ILT

 ImportPatcher.33.exe (7K)
Number of downloads: 12:

• Jan 18, 2012
  
• Full support for VC6-style delay-load imports (va and rva types)!
  
• Improved log file format
  
• Protection from redundant and looping dependencies
  
• 'Unbind broken bindings' reintroduced (default=N)
  
• 'Link to copies' non-functional

Features:

• Analyzes a program's OS subsystem and Import requirements
  
• Walks (recurses through) all dependencies (optional)
  
• Creates #.log file with detailed results
  
• Creates #.ini file for controlling patching step
  
  
• Patches OS subsystem if needed
  
• Substitutes for any import modules and functions, missing or not
  
• Patches hints for better performance (optional)
  Hint and unbinding support disabled pending design review
  
  
• Supports all Portable Executable (PE) files (apps, dll's, ...)

Works in two passes:

• Invoke once to Analyze
  Edit the #.ini file
  
• Retry at prompt (or invoke again) to Patch

Suggested usage:

Create a shortcut to ImportPatcher in your Windows SendTo
folder and send files to it using the right-click context menu.

---

Notes:

• All file patching is done on copies.
  
• Filenames containing '=' are incompatible with the use of an .ini file. Please rename.
  
• If module MSVC*#*.DLL is reported missing, try replacing it with 'MSVC*71*.DLL.

History:

Spoiler
•  ImportPatcher.32.exe (7.5K)
  Number of downloads: 18
  • Jan 10, 2012
    
  • Much more robust when analyzing:
    • small, truncated, or empty files
      
    • old 16-bit executables
      
    • PE32+ (64-bit) files--detected and rejected
  • Reworked error reporting including GetLastError
    
  • Even-length string names can grow by one when substituting
    
  • Glitch: still reports as .31
  
  
•  ImportPatcher.31.exe (7.5K)
  Number of downloads: 14
  • Jan 7, 2012
    
  • Retry multiple passes without exiting
    • every pass does full analysis
      
    • every pass also patches once .ini section [Patch list] exists
      
    • prompt after every pass to Retry or Cancel (quit)
  • Simplified .ini format
    • Mode parameter removed
      
    • target OS now in Parameters
      
    • hint and binding parameters removed
  • Better XP compatibility
    
  • GetLastError invoked for better debugging
  
  
• ImportPatcher.30.exe
  • Jan 3, 2012
    
  • remove 'intructions' [sic] from main section name!
    
  • check hints even if bound
    
  • unbind broken bindings
    
  • truncate replacement name at space
    
  • move OS to parameters
  
  
•  ImportPatcher.29.exe (7.5K)
  Number of downloads: 22
  • Dec 28, 2011
    
  • Clearer prompts at beginning and end of each pass
    
  • Simpler .ini file with instructions
    
  • Redirection of any function within a module
    
  • Redirection of any module to another
    
  • Supports endless trial-and-error
  
  
•  ImportPatcher.28.exe (7K)
  Number of downloads: 23
  • Dec 24, 2011
    
  • Initial public release
  
  
• ImportPatcher.27.exe
  • Nov 10, 2011
    
  • Sneak previewed on Dec 19, 2011
    
  • Produced an analysis log file

This post has been edited by jumper: 19 January 2012 - 06:56 PM

[loblo]

This is one very cool tool which makes it so much easier and faster for replacing functions than using an hex editor.

[jumper]

jds, on 26 December 2011 - 07:11 AM, said:

...I've just tried the Import Patcher on the "signtool.exe" utility from http://www.microsoft...ls.aspx?id=8442 (Microsoft Windows SDK for Windows 7 and .NET Framework 4). Image file = GRMSDK_EN_DVD.iso, Path = \Setup\WinSDKTools\cab1.cab, Extract file = WinSDK_signtool_exe_B2E1011D_2F14_488D_A056_C5BD55106409_x86.

Executing 'signtool.exe' by itself (with KernelEx 4.5.2) produces the error :

The SIGNTOOL.EXE file is
linked to missing export MSVCRT.DLL:__uncaught_exception.

Executing with Import Patcher gives a bunch of "Importing from module ..." messages, but not the above message. It also produces a file "signtoo#.exe" which has patches but seems to behave the same as "signtool.exe".

In addition, a log file is produced, from which the following is an extract :

    Importing from module: 'msvcrt.dll'
        __wgetmainargs: 225 != 142 #
        _cexit: 276 != 173 #
        _exit: 354 != 215 #
        _XcptFilter: 106 != 75 #
        exit: 1167 != 607 #
        _initterm: 469 != 282 #
        _amsg_exit: 257 != 162 #
        fgetpos: 1175 != 615 #
        __p__commode: 185 != 109 #
        __p__fmode: 190 != 114 #
        __set_app_type: 210 != 132 #
        ??1type_info@@UAE@XZ: 17 != 14 #
        msvcrt.dll: __uncaught_exception (db) * No match
        memmove: 1260 != 686 #
        _unlock: 934 != 495 #
        __dllonexit: 141 != 88 #
        _lock: 578 != 329 #
        _onexit: 747 != 403 #
        ?terminate@@YAXXZ: 55 != 48 #
        _controlfp: 295 != 186 #
        isleadbyte: 1218 != 651 #
        isupper: 1223 != 656 #
        _itoa: 561 != 319 #
        islower: 1219 != 652 #
        __badioinfo: 133 != 84 #
        __pioinfo: 207 != 130 #
        _fileno: 367 != 226 #
        _lseeki64: 587 != 337 #
        _write: 1096 != 555 #
        _isatty: 478 != 287 #
        ??0exception@@QAE@ABQBD@Z: 9 != 7 #
        ?what@exception@@UBEPBDXZ: 57 != 50 #
        ??1exception@@UAE@XZ: 16 != 13 #
        fwrite: 1201 != 636 #
        setvbuf: 1287 != 708 #
        fflush: 1173 != 613 #
        ungetc: 1341 != 749 #
        fputc: 1185 != 623 #
        fgetc: 1174 != 614 #
        malloc: 1246 != 679 #
        _callnewh: 274 != 172 #
        setlocale: 1286 != 707 #
        msvcrt.dll: ___lc_handle_func (7f) * No match
        msvcrt.dll: ___lc_codepage_func (7d) * No match
        msvcrt.dll: ___mb_cur_max_func (80) * No match
        abort: 1142 != 586 #
        ungetwc: 1342 != 750 #
        msvcrt.dll: __pctype_func (ce) * No match
        __crtLCMapStringA: 138 != 87 #
        msvcrt.dll: __iob_func (93) * No match
        __mb_cur_max: 176 != 100 #
        msvcrt.dll: __crtLCMapStringW (8b) * No match
        wctomb: 1390 != 778 #

Now two questions come to mind :

1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

2. Should the "signtoo#.exe" application run OK (not exhibit the same missing import/export message)?

Joe.

---

Quote

 
The SIGNTOOL.EXE file is
linked to missing export MSVCRT.DLL:__uncaught_exception. 

Looks like MS has added a new function to a venerable support file. Substituting another function or stub for '__uncaught_exception' might not be acceptable to the calling app. If not, try locating a version of MSVCRT.DLL that includes this function.

Quote

Executing with Import Patcher gives a bunch of "Importing from module ..." messages, but not the above message. It also produces a file "signtoo#.exe" which has patches but seems to behave the same as "signtool.exe".

ImportPatcher.27 was my last internal build back on Nov 10, 2011, before development took a break. Those are debug messages--I never expected to release that build as a sneak-preview.

IP.27 patches the OS version and creates a dependency log that is somewhat readable. The resulting #.exe file will only be loadable if the OS version was the only load error. Also, a *#.* copy of every file that is walked is created, including system DLLs (only useful if you're trying to fragment your HDD!).

Try again with IP.28; or better yet, with IP.29 later tonight.

Quote

1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

IP.28 reads parameters from an .ini file that can be edited between passes.

Quote

2. Should the "signtoo#.exe" application run OK (not exhibit the same missing import/export message)?

That is the goal. If you supply valid replacement functions, the patched copy should get past the system loader.

This post has been edited by jumper: 26 December 2011 - 09:39 PM

[jumper]

loblo, on 26 December 2011 - 11:19 AM, said:

Joe, it's the ini file that matters the most. You should find in it a section per dependency listing the missing functions as follows:

missingfunction=Y

Then you just need to replace the Y by whatever function you want to replace it and rerun the tool which will patch accordingly. (If you want no change for a missing function which is best for what KernelEx already caters for then replace Y by the missing function such as: missingfunction=missingfunction).

Good idea, loblo! Upcoming beta29 will now do that for us:

[KERNEL32.dll]
DecodePointer=DecodePointer
EncodePointer=EncodePointer

[Missing modules]
MSVCR100.dll=MSVCR100.dll

It also adds a similar option for missing modules.

For example, this works quite well:

[Missing modules]
MSVCR100.dll=MSVCR90.dll

[slhk]

Hi jumper

Your program is very useful, but it is not easy for newbie to understand how to use it

Could you provide a step-by-step successful example?

Many thanks

[jumper]

Sorry for the delay, slhk. I've been looking for and finally found a good example.

Back on 5/5/2003, I installed Microsoft Active Accessibility which updated COMCTL32.DLL from version 5.00.2614.3500 to 5.00.2614.3600.

Version 5.00.2614.3500 is part of IE5.0 and imports bound links from other IE5.0 DLLs.
Version 5.00.2614.3600 is part of IE5.0.1 and is bound to other DLLs that didn't get updated, causing loading delays.

I copied v3500 to my temp folder and named it COMCTL32aa.DLL.
I copied v3600 to my temp folder and named it COMCTL32bb.DLL.
I analyzed each of these files in ImportPatcher.29 (by dragging them to a shortcut on my desktop).

The .ini file for v3500 shows an empty list under "[Need patching? (do not edit)]" -- this indicates no errors found:

COMCTL32a#.ini

[ImportPatcher.29 - Intructions]
;Edit parameters and replacement strings and run ImportPatcher again. <=

[Parameters]
Mode: (A)nalyze or (P)atch=A
Walk dependencies=N
Link to copies=Y
Fix function hints=Y

[Need patching? (do not edit)]

The .log file for v3500 shows good binds with KERNEL32.dll and ADVAPI32.dll, but bad binds with GDI32.dll and USER32.dll. This indicates GDI32.dll and USER32.dll were build to match a different KERNEL32.dll and also need to be fixed.

COMCTL32a#.log

Spoiler

 
ImportPatcher.29
Portable Executable: 'R:\COMCTL32aa.DLL'
    TimeDateStamp: 3720a1cd
    SubsystemVersion: 4.0 <= 4.10  
    Importing from module: 'GDI32.dll'
        TimeDateStamp: 3ab81436
        SubsystemVersion: 4.0 <= 4.10  
        Old Bind timestamps: 353ec272 != 3ab81436
    Importing from module: 'KERNEL32.dll'
        TimeDateStamp: 371fc2b3
        SubsystemVersion: 4.0 <= 4.10  
        Old Bind timestamps: 371fc2b3 == 371fc2b3
    Importing from module: 'USER32.dll'
        TimeDateStamp: 3adf0611
        SubsystemVersion: 4.0 <= 4.10  
        Old Bind timestamps: 3720a1cd != 3adf0611
    Importing from module: 'ADVAPI32.dll'
        TimeDateStamp: 3720a1cd
        SubsystemVersion: 4.0 <= 4.10  
        Old Bind timestamps: 3720a1cd == 3720a1cd
 

The .ini file for v3600 shows "R:\COMCTL32bb.DLL=Y (function hint)" under "[Need patching? (do not edit)]" -- this indicates that some ordinal link hints need fixing:

COMCTL32b#.ini

[ImportPatcher.29 - Intructions]
;Edit parameters and replacement strings and run ImportPatcher again. <=

[Parameters]
Mode: (A)nalyze or (P)atch=A
Walk dependencies=N
Link to copies=N
Fix function hints=Y

[Need patching? (do not edit)]
R:\COMCTL32bb.DLL=Y (function hint)

I edited the Mode parameter to read "Mode: (A)nalyze or (P)atch=P" and reprocessed in ImportPatcher.
The .log file then confirmed lots of patched mismatched function ordinal hints:

COMCTL32b#.log

Spoiler

 
ImportPatcher.29
Portable Executable: 'R:\COMCTL32bb.DLL'
    TimeDateStamp: 372a5251
    SubsystemVersion: 4.0 <= 4.10  
    Importing from module: 'GDI32.dll'
        TimeDateStamp: 3ab81436
        SubsystemVersion: 4.0 <= 4.10  
        CreateDIBSection: 36 != 142 #
        GetStockObject: 188 != 297 #
        StretchDIBits: 313 != 424 #
        CreateRectRgn: 59 != 165 #
        SetWindowOrgEx: 307 != 418 #
        OffsetWindowOrgEx: 224 != 333 #
        GetDeviceCaps: 142 != 250 #
        PatBlt: 226 != 335 #
        SetBkMode: 269 != 378 #
        RealizePalette: 246 != 355 #
        SelectPalette: 263 != 372 #
        CreatePatternBrush: 54 != 160 #
        CreateBitmap: 25 != 131 #
        RestoreDC: 255 != 364 #
        SelectClipRgn: 261 != 370 #
        SaveDC: 257 != 366 #
        CombineRgn: 19 != 125 #
        CreateRectRgnIndirect: 60 != 166 #
        GetTextColor: 196 != 305 #
        SetObjectOwner: 289 != 400 #
        GetPaletteEntries: 178 != 287 #
        CreateHalftonePalette: 47 != 153 #
        SetPixelV: 293 != 404 #
        SetPixel: 291 != 402 #
        CreateSolidBrush: 64 != 170 #
        SetDIBColorTable: 274 != 383 #
        GetDIBColorTable: 140 != 248 #
        GetBitmapBits: 115 != 223 #
        SetBrushOrgEx: 271 != 380 #
        GetDIBits: 141 != 249 #
        SetDIBits: 275 != 384 #
        OffsetRgn: 222 != 331 #
        GetCurrentObject: 137 != 245 #
        ExcludeClipRect: 93 != 200 #
        RectVisible: 248 != 357 #
        IntersectClipRect: 213 != 322 #
        GetClipRgn: 134 != 242 #
        GetDCOrgEx: 139 != 247 #
        BitBlt: 9 != 114 #
        MoveToEx: 220 != 329 #
        CreatePen: 55 != 161 #
        Arc: 6 != 111 #
        Rectangle: 249 != 358 #
        Ellipse: 76 != 182 #
        CreatePalette: 53 != 159 #
        UnrealizeObject: 320 != 431 #
        StretchBlt: 312 != 423 #
        TranslateCharsetInfo: 319 != 430 #
        Polyline: 242 != 351 #
        CreateBitmapIndirect: 26 != 132 #
        CreatePolygonRgn: 58 != 164 #
        CreateRoundRectRgn: 61 != 167 #
        FrameRgn: 106 != 213 #
        FillRgn: 102 != 209 #
        GetCharWidthW: 130 != 238 #
        GetCharWidthA: 127 != 235 #
        GetTextExtentPoint32W: 200 != 309 #
        GetTextCharsetInfo: 195 != 304 #
        GetTextExtentPointA: 201 != 310 #
        ExtTextOutW: 100 != 207 #
        ExtTextOutA: 99 != 206 #
        GetWindowExtEx: 210 != 319 #
        GetViewportExtEx: 207 != 316 #
        ExtSelectClipRgn: 98 != 205 #
        CreateFontA: 43 != 149 #
        CreateFontIndirectA: 44 != 150 #
        EnumFontFamiliesExA: 82 != 189 #
        GetObjectA: 173 != 282 #
        GetTextMetricsA: 205 != 314 #
        GetTextAlign: 192 != 301 #
        SetTextAlign: 299 != 410 #
        SetBkColor: 268 != 377 #
        SetTextColor: 301 != 412 #
        GetClipBox: 133 != 241 #
        CreateCompatibleDC: 31 != 137 #
        CreateCompatibleBitmap: 30 != 136 #
        SelectObject: 262 != 371 #
        LineTo: 217 != 326 #
        GetNearestColor: 171 != 280 #
        DeleteDC: 67 != 173 #
        GetPixel: 180 != 289 #
        DeleteObject: 70 != 176 #
        GetBkColor: 117 != 225 #
    Importing from module: 'KERNEL32.dll'
        TimeDateStamp: 371fc2b3
        SubsystemVersion: 4.0 <= 4.10  
        EnterCriticalSection: 100 != 225 #
        LeaveCriticalSection: 403 != 552 #
        SetEvent: 556 != 714 #
        Sleep: 593 != 758 #
        InitializeCriticalSection: 379 != 522 #
        DeleteCriticalSection: 89 != 214 #
        CreateThread: 80 != 205 #
        MultiByteToWideChar: 443 != 594 #
        lstrlenA: 694 != 864 #
        GetProcAddress: 279 != 419 #
        ReinitializeCriticalSection: 493 != 644 #
        GetACP: 181 != 312 #
        DisableThreadLibraryCalls: 94 != 219 #
        GetCurrentProcessId: 212 != 347 #
        GetVersionExA: 335 != 477 #
        FreeResource: 178 != 309 #
        GlobalFree: 350 != 493 #
        GlobalAlloc: 343 != 486 #
        LockResource: 423 != 574 #
        LoadResource: 409 != 558 #
        GetTickCount: 328 != 470 #
        LocalReAlloc: 417 != 568 #
        IsBadWritePtr: 392 != 536 #
        lstrcpyA: 688 != 858 #
        FreeLibrary: 176 != 307 #
        MulDiv: 442 != 593 #
        HeapAlloc: 366 != 509 #
        HeapFree: 370 != 513 #
        HeapReAlloc: 372 != 515 #
        IsBadCodePtr: 386 != 530 #
        InterlockedExchange: 382 != 526 #
        lstrcpynA: 691 != 861 #
        GetThreadLocale: 324 != 465 #
        GetProcessHeap: 282 != 422 #
        HeapDestroy: 369 != 512 #
        HeapCreate: 368 != 511 #
        HeapSize: 374 != 517 #
        GetUserDefaultLangID: 333 != 475 #
        lstrcmpiA: 685 != 855 #
        GetLocalTime: 248 != 386 #
        GlobalUnlock: 360 != 503 #
        GlobalHandle: 353 != 496 #
        GetUserDefaultLCID: 332 != 474 #
        lstrcmpA: 682 != 852 #
        @12
        EnumResourceLanguagesW: 106 != 235 #
        SizeofResource: 592 != 757 #
        UnMapSLFixArray: 616 != 783 #
        MapSLFix: 433 != 584 #
        LocalSize: 419 != 570 #
        InterlockedDecrement: 381 != 525 #
        @24
        UnhandledExceptionFilter: 617 != 784 #
        FindResourceA: 160 != 291 #
        InterlockedIncrement: 384 != 528 #
        IsDBCSLeadByte: 393 != 537 #
        WaitForSingleObject: 638 != 807 #
        CompareStringA: 43 != 166 #
        GetCurrentThreadId: 214 != 349 #
        GetLastError: 247 != 385 #
        IsBadReadPtr: 389 != 533 #
        MapViewOfFile: 434 != 585 #
        GetFileSize: 237 != 375 #
        UnmapViewOfFile: 621 != 788 #
        IsValidCodePage: 397 != 544 #
        CreateEventA: 57 != 182 #
        CreateFileA: 60 != 185 #
        CreateFileMappingA: 61 != 186 #
        FindResourceExA: 161 != 292 #
        GetDateFormatA: 215 != 350 #
        GetLocaleInfoA: 249 != 387 #
        GetNumberFormatA: 262 != 402 #
        GetModuleHandleA: 257 != 397 #
        GetStringTypeExA: 304 != 445 #
        GetProfileIntA: 289 != 430 #
        GetTimeFormatA: 329 != 471 #
        GlobalAddAtomA: 341 != 484 #
        LoadLibraryA: 404 != 553 #
        GlobalReAlloc: 356 != 499 #
        RtlUnwind: 502 != 657 #
        CloseHandle: 37 != 160 #
        GetLocaleInfoW: 250 != 388 #
        GetSystemDefaultLCID: 307 != 448 #
        LocalFree: 414 != 565 #
        LocalAlloc: 410 != 560 #
        ThunkConnect32: 603 != 769 #
        SUnMapLS_IP_EBP_12: 515 != 670 #
        SMapLS_IP_EBP_12: 505 != 660 #
        SUnMapLS: 514 != 669 #
        SMapLS: 504 != 659 #
        FT_Exit24: 127 != 256 #
        FT_Exit20: 126 != 255 #
        FT_Thunk: 139 != 268 #
        lstrlenW: 695 != 865 #
        WideCharToMultiByte: 642 != 811 #
    Importing from module: 'USER32.dll'
        TimeDateStamp: 3adf0611
        SubsystemVersion: 4.0 <= 4.10  
        TrackPopupMenu: 559 != 600 #
        PtInRect: 436 != 468 #
        GetFocus: 240 != 257 #
        GetSysColor: 294 != 316 #
        RedrawWindow: 438 != 471 #
        DrawFocusRect: 156 != 164 #
        IsWindowEnabled: 360 != 392 #
        EqualRect: 193 != 207 #
        MapWindowPoints: 394 != 426 #
        GetParent: 282 != 303 #
        GetWindowRect: 315 != 339 #
        EnableWindow: 172 != 181 #
        SendMessageA: 465 != 503 #
        GetSystemMetrics: 297 != 319 #
        SystemParametersInfoA: 549 != 589 #
        IntersectRect: 337 != 369 #
        ClientToScreen: 53 != 61 #
        ReleaseCapture: 452 != 487 #
        GetCapture: 207 != 223 #
        WaitMessage: 586 != 635 #
        TranslateMessage: 565 != 606 #
        SetCapture: 474 != 512 #
        GetSysColorBrush: 295 != 317 #
        GetMessageTime: 274 != 294 #
        MessageBeep: 396 != 428 #
        UnionRect: 568 != 610 #
        ScrollWindowEx: 462 != 497 #
        GetDoubleClickTime: 239 != 256 #
        SetRectEmpty: 511 != 550 #
        ScreenToClient: 459 != 494 #
        GetMessagePos: 273 != 293 #
        GetDlgItem: 235 != 252 #
        CopyRect: 63 != 71 #
        SetCursor: 482 != 520 #
        DrawIcon: 159 != 167 #
        EnableScrollBar: 171 != 180 #
        SetScrollInfo: 512 != 551 #
        GetScrollInfo: 289 != 311 #
        GetWindowDC: 310 != 332 #
        GetCursorPos: 229 != 246 #
        DrawFrameControl: 158 != 166 #
        InvertRect: 340 != 372 #
        IsRectEmpty: 358 != 390 #
        GetScrollPos: 290 != 312 #
        GetScrollRange: 291 != 313 #
        ShowScrollBar: 541 != 581 #
        IsWindowVisible: 362 != 394 #
        SetScrollPos: 513 != 552 #
        SetScrollRange: 514 != 553 #
        IsZoomed: 363 != 395 #
        GetDesktopWindow: 232 != 249 #
        GetAsyncKeyState: 206 != 222 #
        DrawEdge: 155 != 163 #
        DestroyWindow: 134 != 142 #
        ShowCaret: 538 != 578 #
        SetCaretPos: 476 != 514 #
        HideCaret: 325 != 350 #
        GetKeyState: 250 != 268 #
        DestroyCaret: 130 != 138 #
        CreateCaret: 67 != 75 #
        DestroyIcon: 132 != 140 #
        GetIconInfo: 243 != 261 #
        CreateIconIndirect: 78 != 86 #
        DrawIconEx: 160 != 168 #
        CopyImage: 62 != 70 #
        CopyIcon: 61 != 69 #
        GetDCEx: 231 != 248 #
        wsprintfA: 595 != 645 #
        ShowWindow: 542 != 582 #
        SetWindowRgn: 530 != 570 #
        IsChild: 349 != 381 #
        GetShellWindow: 292 != 314 #
        GetKeyboardLayout: 251 != 269 #
        SetKeyboardState: 494 != 532 #
        GetKeyboardState: 255 != 273 #
        DestroyCursor: 131 != 139 #
        GetUpdateRgn: 304 != 326 #
        GetUpdateRect: 303 != 325 #
        GetWindowRgn: 316 != 340 #
        ValidateRect: 578 != 624 #
        SetCursorPos: 483 != 521 #
        LockWindowUpdate: 386 != 418 #
        GetMenuItemID: 264 != 284 #
        GetMenuItemCount: 263 != 283 #
        GetSubMenu: 293 != 315 #
        GetSystemMenu: 296 != 318 #
        CheckMenuItem: 47 != 55 #
        SetMenu: 497 != 535 #
        GetMenuState: 268 != 288 #
        SubtractRect: 544 != 584 #
        CreatePopupMenu: 82 != 90 #
        DestroyMenu: 133 != 141 #
        AdjustWindowRect: 1 != 2 #
        IsWindow: 359 != 391 #
        MoveWindow: 409 != 441 #
        GetWindowThreadProcessId: 321 != 345 #
        GetWindow: 308 != 330 #
        MapDialogRect: 389 != 421 #
        SetForegroundWindow: 492 != 530 #
        GetNextDlgTabItem: 279 != 300 #
        DeferWindowPos: 127 != 135 #
        EndDeferWindowPos: 173 != 182 #
        BeginDeferWindowPos: 8 != 11 #
        SetWindowTextA: 531 != 571 #
        SetActiveWindow: 473 != 511 #
        GetActiveWindow: 204 != 219 #
        PostQuitMessage: 433 != 465 #
        CreateDialogIndirectParamA: 71 != 79 #
        SetParent: 506 != 544 #
        CreateWindowExA: 83 != 91 #
        CharNextA: 30 != 38 #
        FrameRect: 202 != 217 #
        ChildWindowFromPoint: 50 != 58 #
        EndDialog: 174 != 183 #
        EnumChildWindows: 177 != 187 #
        GetWindowLongA: 312 != 334 #
        GetCursor: 227 != 244 #
        GetForegroundWindow: 241 != 258 #
        GetMenu: 258 != 277 #
        InvalidateRgn: 339 != 371 #
        WindowFromPoint: 591 != 640 #
        DrawTextExA: 165 != 174 #
        AppendMenuA: 4 != 7 #
        CallMsgFilterA: 14 != 20 #
        CallWindowProcA: 17 != 23 #
        DefWindowProcA: 125 != 133 #
        DispatchMessageA: 139 != 147 #
        FindWindowA: 197 != 211 #
        GetClassInfoA: 210 != 226 #
        GetClassNameA: 216 != 232 #
        GetKeyNameTextA: 248 != 266 #
        GetMenuItemInfoA: 265 != 285 #
        GetMessageA: 271 != 291 #
        GetPropA: 285 != 307 #
        GetWindowTextA: 317 != 341 #
        GrayStringA: 323 != 347 #
        IsDialogMessageA: 352 != 384 #
        LoadCursorA: 369 != 401 #
        LoadIconA: 373 != 405 #
        LoadImageA: 375 != 407 #
        MapVirtualKeyA: 390 != 422 #
        PeekMessageA: 428 != 460 #
        PostMessageA: 431 != 463 #
        RegisterClassA: 439 != 472 #
        RegisterWindowMessageA: 450 != 485 #
        RemovePropA: 455 != 490 #
        GetWindowTextLengthA: 318 != 342 #
        SendNotifyMessageA: 471 != 509 #
        SetDlgItemTextA: 488 != 526 #
        SetPropA: 508 != 547 #
        SetWindowLongA: 526 != 566 #
        WinHelpA: 587 != 636 #
        DialogBoxIndirectParamA: 135 != 143 #
        SetFocus: 491 != 529 #
        GetDlgCtrlID: 234 != 251 #
        InflateRect: 329 != 361 #
        BeginPaint: 9 != 12 #
        EndPaint: 175 != 185 #
        FillRect: 196 != 210 #
        UpdateWindow: 575 != 618 #
        SetTimer: 520 != 559 #
        KillTimer: 364 != 396 #
        SetRect: 510 != 549 #
        GetDC: 230 != 247 #
        ReleaseDC: 453 != 488 #
        GetClientRect: 219 != 235 #
        InvalidateRect: 338 != 370 #
        SetWindowPos: 529 != 569 #
        AdjustWindowRectEx: 2 != 3 #
        OffsetRect: 418 != 450 #
    Importing from module: 'ADVAPI32.dll'
        TimeDateStamp: 3720a1cd
        SubsystemVersion: 4.0 <= 4.10  
        RegCreateKeyA: 153 != 219 #
        RegCreateKeyExA: 154 != 220 #
        RegCloseKey: 150 != 216 #
        RegSetValueExA: 193 != 259 #
        RegQueryValueExA: 181 != 247 #
        RegQueryValueA: 180 != 246 #
        RegOpenKeyExA: 173 != 239 #
        RegOpenKeyA: 172 != 238 #
 

To confirm the problems had been fixed, I renamed to COMCTL32b#.DLL file to COMCTL32.DLL and reanalyzed:

COMCTL3#.ini

[ImportPatcher.29 - Intructions]
;Edit parameters and replacement strings and run ImportPatcher again. <=

[Parameters]
Mode: (A)nalyze or (P)atch=A
Walk dependencies=N
Link to copies=Y
Fix function hints=Y

[Need patching? (do not edit)]

Nothing needs patching and:

COMCTL3#.log

Spoiler

 
ImportPatcher.29
Portable Executable: 'R:\COMCTL32.DLL'
    TimeDateStamp: 372a5251
    SubsystemVersion: 4.0 <= 4.10  
    Importing from module: 'GDI32.dll'
        TimeDateStamp: 3ab81436
        SubsystemVersion: 4.0 <= 4.10  
        CreateDIBSection: 142  = 142  
        GetStockObject: 297  = 297  
        StretchDIBits: 424  = 424  
        CreateRectRgn: 165  = 165  
        SetWindowOrgEx: 418  = 418  
        OffsetWindowOrgEx: 333  = 333  
        GetDeviceCaps: 250  = 250  
        PatBlt: 335  = 335  
        SetBkMode: 378  = 378  
        RealizePalette: 355  = 355  
        SelectPalette: 372  = 372  
        CreatePatternBrush: 160  = 160  
        CreateBitmap: 131  = 131  
        RestoreDC: 364  = 364  
        SelectClipRgn: 370  = 370  
        SaveDC: 366  = 366  
        CombineRgn: 125  = 125  
        CreateRectRgnIndirect: 166  = 166  
        GetTextColor: 305  = 305  
        SetObjectOwner: 400  = 400  
        GetPaletteEntries: 287  = 287  
        CreateHalftonePalette: 153  = 153  
        SetPixelV: 404  = 404  
        SetPixel: 402  = 402  
        CreateSolidBrush: 170  = 170  
        SetDIBColorTable: 383  = 383  
        GetDIBColorTable: 248  = 248  
        GetBitmapBits: 223  = 223  
        SetBrushOrgEx: 380  = 380  
        GetDIBits: 249  = 249  
        SetDIBits: 384  = 384  
        OffsetRgn: 331  = 331  
        GetCurrentObject: 245  = 245  
        ExcludeClipRect: 200  = 200  
        RectVisible: 357  = 357  
        IntersectClipRect: 322  = 322  
        GetClipRgn: 242  = 242  
        GetDCOrgEx: 247  = 247  
        BitBlt: 114  = 114  
        MoveToEx: 329  = 329  
        CreatePen: 161  = 161  
        Arc: 111  = 111  
        Rectangle: 358  = 358  
        Ellipse: 182  = 182  
        CreatePalette: 159  = 159  
        UnrealizeObject: 431  = 431  
        StretchBlt: 423  = 423  
        TranslateCharsetInfo: 430  = 430  
        Polyline: 351  = 351  
        CreateBitmapIndirect: 132  = 132  
        CreatePolygonRgn: 164  = 164  
        CreateRoundRectRgn: 167  = 167  
        FrameRgn: 213  = 213  
        FillRgn: 209  = 209  
        GetCharWidthW: 238  = 238  
        GetCharWidthA: 235  = 235  
        GetTextExtentPoint32W: 309  = 309  
        GetTextCharsetInfo: 304  = 304  
        GetTextExtentPointA: 310  = 310  
        ExtTextOutW: 207  = 207  
        ExtTextOutA: 206  = 206  
        GetWindowExtEx: 319  = 319  
        GetViewportExtEx: 316  = 316  
        ExtSelectClipRgn: 205  = 205  
        CreateFontA: 149  = 149  
        CreateFontIndirectA: 150  = 150  
        EnumFontFamiliesExA: 189  = 189  
        GetObjectA: 282  = 282  
        GetTextMetricsA: 314  = 314  
        GetTextAlign: 301  = 301  
        SetTextAlign: 410  = 410  
        SetBkColor: 377  = 377  
        SetTextColor: 412  = 412  
        GetClipBox: 241  = 241  
        CreateCompatibleDC: 137  = 137  
        CreateCompatibleBitmap: 136  = 136  
        SelectObject: 371  = 371  
        LineTo: 326  = 326  
        GetNearestColor: 280  = 280  
        DeleteDC: 173  = 173  
        GetPixel: 289  = 289  
        DeleteObject: 176  = 176  
        GetBkColor: 225  = 225  
    Importing from module: 'KERNEL32.dll'
        TimeDateStamp: 371fc2b3
        SubsystemVersion: 4.0 <= 4.10  
        EnterCriticalSection: 225  = 225  
        LeaveCriticalSection: 552  = 552  
        SetEvent: 714  = 714  
        Sleep: 758  = 758  
        InitializeCriticalSection: 522  = 522  
        DeleteCriticalSection: 214  = 214  
        CreateThread: 205  = 205  
        MultiByteToWideChar: 594  = 594  
        lstrlenA: 864  = 864  
        GetProcAddress: 419  = 419  
        ReinitializeCriticalSection: 644  = 644  
        GetACP: 312  = 312  
        DisableThreadLibraryCalls: 219  = 219  
        GetCurrentProcessId: 347  = 347  
        GetVersionExA: 477  = 477  
        FreeResource: 309  = 309  
        GlobalFree: 493  = 493  
        GlobalAlloc: 486  = 486  
        LockResource: 574  = 574  
        LoadResource: 558  = 558  
        GetTickCount: 470  = 470  
        LocalReAlloc: 568  = 568  
        IsBadWritePtr: 536  = 536  
        lstrcpyA: 858  = 858  
        FreeLibrary: 307  = 307  
        MulDiv: 593  = 593  
        HeapAlloc: 509  = 509  
        HeapFree: 513  = 513  
        HeapReAlloc: 515  = 515  
        IsBadCodePtr: 530  = 530  
        InterlockedExchange: 526  = 526  
        lstrcpynA: 861  = 861  
        GetThreadLocale: 465  = 465  
        GetProcessHeap: 422  = 422  
        HeapDestroy: 512  = 512  
        HeapCreate: 511  = 511  
        HeapSize: 517  = 517  
        GetUserDefaultLangID: 475  = 475  
        lstrcmpiA: 855  = 855  
        GetLocalTime: 386  = 386  
        GlobalUnlock: 503  = 503  
        GlobalHandle: 496  = 496  
        GetUserDefaultLCID: 474  = 474  
        lstrcmpA: 852  = 852  
        @12
        EnumResourceLanguagesW: 235  = 235  
        SizeofResource: 757  = 757  
        UnMapSLFixArray: 783  = 783  
        MapSLFix: 584  = 584  
        LocalSize: 570  = 570  
        InterlockedDecrement: 525  = 525  
        @24
        UnhandledExceptionFilter: 784  = 784  
        FindResourceA: 291  = 291  
        InterlockedIncrement: 528  = 528  
        IsDBCSLeadByte: 537  = 537  
        WaitForSingleObject: 807  = 807  
        CompareStringA: 166  = 166  
        GetCurrentThreadId: 349  = 349  
        GetLastError: 385  = 385  
        IsBadReadPtr: 533  = 533  
        MapViewOfFile: 585  = 585  
        GetFileSize: 375  = 375  
        UnmapViewOfFile: 788  = 788  
        IsValidCodePage: 544  = 544  
        CreateEventA: 182  = 182  
        CreateFileA: 185  = 185  
        CreateFileMappingA: 186  = 186  
        FindResourceExA: 292  = 292  
        GetDateFormatA: 350  = 350  
        GetLocaleInfoA: 387  = 387  
        GetNumberFormatA: 402  = 402  
        GetModuleHandleA: 397  = 397  
        GetStringTypeExA: 445  = 445  
        GetProfileIntA: 430  = 430  
        GetTimeFormatA: 471  = 471  
        GlobalAddAtomA: 484  = 484  
        LoadLibraryA: 553  = 553  
        GlobalReAlloc: 499  = 499  
        RtlUnwind: 657  = 657  
        CloseHandle: 160  = 160  
        GetLocaleInfoW: 388  = 388  
        GetSystemDefaultLCID: 448  = 448  
        LocalFree: 565  = 565  
        LocalAlloc: 560  = 560  
        ThunkConnect32: 769  = 769  
        SUnMapLS_IP_EBP_12: 670  = 670  
        SMapLS_IP_EBP_12: 660  = 660  
        SUnMapLS: 669  = 669  
        SMapLS: 659  = 659  
        FT_Exit24: 256  = 256  
        FT_Exit20: 255  = 255  
        FT_Thunk: 268  = 268  
        lstrlenW: 865  = 865  
        WideCharToMultiByte: 811  = 811  
    Importing from module: 'USER32.dll'
        TimeDateStamp: 3adf0611
        SubsystemVersion: 4.0 <= 4.10  
        TrackPopupMenu: 600  = 600  
        PtInRect: 468  = 468  
        GetFocus: 257  = 257  
        GetSysColor: 316  = 316  
        RedrawWindow: 471  = 471  
        DrawFocusRect: 164  = 164  
        IsWindowEnabled: 392  = 392  
        EqualRect: 207  = 207  
        MapWindowPoints: 426  = 426  
        GetParent: 303  = 303  
        GetWindowRect: 339  = 339  
        EnableWindow: 181  = 181  
        SendMessageA: 503  = 503  
        GetSystemMetrics: 319  = 319  
        SystemParametersInfoA: 589  = 589  
        IntersectRect: 369  = 369  
        ClientToScreen: 61  = 61  
        ReleaseCapture: 487  = 487  
        GetCapture: 223  = 223  
        WaitMessage: 635  = 635  
        TranslateMessage: 606  = 606  
        SetCapture: 512  = 512  
        GetSysColorBrush: 317  = 317  
        GetMessageTime: 294  = 294  
        MessageBeep: 428  = 428  
        UnionRect: 610  = 610  
        ScrollWindowEx: 497  = 497  
        GetDoubleClickTime: 256  = 256  
        SetRectEmpty: 550  = 550  
        ScreenToClient: 494  = 494  
        GetMessagePos: 293  = 293  
        GetDlgItem: 252  = 252  
        CopyRect: 71  = 71  
        SetCursor: 520  = 520  
        DrawIcon: 167  = 167  
        EnableScrollBar: 180  = 180  
        SetScrollInfo: 551  = 551  
        GetScrollInfo: 311  = 311  
        GetWindowDC: 332  = 332  
        GetCursorPos: 246  = 246  
        DrawFrameControl: 166  = 166  
        InvertRect: 372  = 372  
        IsRectEmpty: 390  = 390  
        GetScrollPos: 312  = 312  
        GetScrollRange: 313  = 313  
        ShowScrollBar: 581  = 581  
        IsWindowVisible: 394  = 394  
        SetScrollPos: 552  = 552  
        SetScrollRange: 553  = 553  
        IsZoomed: 395  = 395  
        GetDesktopWindow: 249  = 249  
        GetAsyncKeyState: 222  = 222  
        DrawEdge: 163  = 163  
        DestroyWindow: 142  = 142  
        ShowCaret: 578  = 578  
        SetCaretPos: 514  = 514  
        HideCaret: 350  = 350  
        GetKeyState: 268  = 268  
        DestroyCaret: 138  = 138  
        CreateCaret: 75  = 75  
        DestroyIcon: 140  = 140  
        GetIconInfo: 261  = 261  
        CreateIconIndirect: 86  = 86  
        DrawIconEx: 168  = 168  
        CopyImage: 70  = 70  
        CopyIcon: 69  = 69  
        GetDCEx: 248  = 248  
        wsprintfA: 645  = 645  
        ShowWindow: 582  = 582  
        SetWindowRgn: 570  = 570  
        IsChild: 381  = 381  
        GetShellWindow: 314  = 314  
        GetKeyboardLayout: 269  = 269  
        SetKeyboardState: 532  = 532  
        GetKeyboardState: 273  = 273  
        DestroyCursor: 139  = 139  
        GetUpdateRgn: 326  = 326  
        GetUpdateRect: 325  = 325  
        GetWindowRgn: 340  = 340  
        ValidateRect: 624  = 624  
        SetCursorPos: 521  = 521  
        LockWindowUpdate: 418  = 418  
        GetMenuItemID: 284  = 284  
        GetMenuItemCount: 283  = 283  
        GetSubMenu: 315  = 315  
        GetSystemMenu: 318  = 318  
        CheckMenuItem: 55  = 55  
        SetMenu: 535  = 535  
        GetMenuState: 288  = 288  
        SubtractRect: 584  = 584  
        CreatePopupMenu: 90  = 90  
        DestroyMenu: 141  = 141  
        AdjustWindowRect: 2  = 2  
        IsWindow: 391  = 391  
        MoveWindow: 441  = 441  
        GetWindowThreadProcessId: 345  = 345  
        GetWindow: 330  = 330  
        MapDialogRect: 421  = 421  
        SetForegroundWindow: 530  = 530  
        GetNextDlgTabItem: 300  = 300  
        DeferWindowPos: 135  = 135  
        EndDeferWindowPos: 182  = 182  
        BeginDeferWindowPos: 11  = 11  
        SetWindowTextA: 571  = 571  
        SetActiveWindow: 511  = 511  
        GetActiveWindow: 219  = 219  
        PostQuitMessage: 465  = 465  
        CreateDialogIndirectParamA: 79  = 79  
        SetParent: 544  = 544  
        CreateWindowExA: 91  = 91  
        CharNextA: 38  = 38  
        FrameRect: 217  = 217  
        ChildWindowFromPoint: 58  = 58  
        EndDialog: 183  = 183  
        EnumChildWindows: 187  = 187  
        GetWindowLongA: 334  = 334  
        GetCursor: 244  = 244  
        GetForegroundWindow: 258  = 258  
        GetMenu: 277  = 277  
        InvalidateRgn: 371  = 371  
        WindowFromPoint: 640  = 640  
        DrawTextExA: 174  = 174  
        AppendMenuA: 7  = 7  
        CallMsgFilterA: 20  = 20  
        CallWindowProcA: 23  = 23  
        DefWindowProcA: 133  = 133  
        DispatchMessageA: 147  = 147  
        FindWindowA: 211  = 211  
        GetClassInfoA: 226  = 226  
        GetClassNameA: 232  = 232  
        GetKeyNameTextA: 266  = 266  
        GetMenuItemInfoA: 285  = 285  
        GetMessageA: 291  = 291  
        GetPropA: 307  = 307  
        GetWindowTextA: 341  = 341  
        GrayStringA: 347  = 347  
        IsDialogMessageA: 384  = 384  
        LoadCursorA: 401  = 401  
        LoadIconA: 405  = 405  
        LoadImageA: 407  = 407  
        MapVirtualKeyA: 422  = 422  
        PeekMessageA: 460  = 460  
        PostMessageA: 463  = 463  
        RegisterClassA: 472  = 472  
        RegisterWindowMessageA: 485  = 485  
        RemovePropA: 490  = 490  
        GetWindowTextLengthA: 342  = 342  
        SendNotifyMessageA: 509  = 509  
        SetDlgItemTextA: 526  = 526  
        SetPropA: 547  = 547  
        SetWindowLongA: 566  = 566  
        WinHelpA: 636  = 636  
        DialogBoxIndirectParamA: 143  = 143  
        SetFocus: 529  = 529  
        GetDlgCtrlID: 251  = 251  
        InflateRect: 361  = 361  
        BeginPaint: 12  = 12  
        EndPaint: 185  = 185  
        FillRect: 210  = 210  
        UpdateWindow: 618  = 618  
        SetTimer: 559  = 559  
        KillTimer: 396  = 396  
        SetRect: 549  = 549  
        GetDC: 247  = 247  
        ReleaseDC: 488  = 488  
        GetClientRect: 235  = 235  
        InvalidateRect: 370  = 370  
        SetWindowPos: 569  = 569  
        AdjustWindowRectEx: 3  = 3  
        OffsetRect: 450  = 450  
    Importing from module: 'ADVAPI32.dll'
        TimeDateStamp: 3720a1cd
        SubsystemVersion: 4.0 <= 4.10  
        RegCreateKeyA: 219  = 219  
        RegCreateKeyExA: 220  = 220  
        RegCloseKey: 216  = 216  
        RegSetValueExA: 259  = 259  
        RegQueryValueExA: 247  = 247  
        RegQueryValueA: 246  = 246  
        RegOpenKeyExA: 239  = 239  
        RegOpenKeyA: 238  = 238  
 

all ordinal hints match actual function ordinals!

The last step was to backup the original v3600 in Windows\System and replace it with the newly patched COMCTL32.DLL.

[slhk]

jumper, thanks for the detailed explanation. All is clear now

[jds]

loblo, on 26 December 2011 - 11:23 AM, said:

This is one very cool tool which makes it so much easier and faster for replacing functions than using an hex editor.

It's quite amazing, really!

jumper, on 26 December 2011 - 07:58 PM, said:

Looks like MS has added a new function to a venerable support file. Substituting another function or stub for '__uncaught_exception' might {not} be acceptable to the calling app. If not, try locating a version of MSVCRT.DLL that includes this function.

Well, I found a version "7.0.6002.18005 (lh_sp2rtm.090410-1830)" on a Vista machine, dated 2009/4/11. However, although this version only reported "[Need patching? ... msvcrt.dll=Y (OS subsystem)" in ImportPatcher (with 'Walk dependencies=N'), after being patched for the OS subsystem, it looked like a descent into DLL dependency hell.

Quote

Also, a *#.* copy of every file that is walked is created, including system DLLs (only useful if you're trying to fragment your HDD!).

Does this relate to the "Link to copies=Y/N" option in the INI file? Would this also require "Walk dependencies=Y"?

Quote

Quote

1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

IP.28 reads parameters from an .ini file that can be edited between passes.

I think that ImportPatcher.27 gave the impression that it would load and execute a file, while satisfying missing dependencies. Since that doesn't seem to be the case, my earlier question was null and void.

Joe.

[jumper]

Since writing the COMCTL32.DLL example the other day, the patched COMCTL32.DLL has been running on my system with no problems.

>It's quite amazing, really!

Thanks, but it's really just an exercise in learning how to parse the various header structures in the Portable Executable file format. Documentation and guides are hard to find and incomplete, but I keep stumbling onto more of them each week!

IP.30 is undergoing final testing and includes unbinding of broken links.

On the drawing board for function substitution is redirection to another module:

[USER32.dll]
_missing=KERNEL32.SetLastError

and possibly module insertion:

[USER32.dll]
_missing=stubs.T16

>Substituting another function or stub for '__uncaught_exception' might {not} be acceptable to the calling app. If not, ...

I could have written "might or might not be", but chose to simplify and wrote "might be". When dealing in fuzzy logic, "not" sometimes becomes optional or even meaningless!


>>Also, a *#.* copy of every file that is walked is created, including system DLLs (only useful if you're trying to fragment your HDD!).
>Does this relate to the "Link to copies=Y/N" option in the INI file? Would this also require "Walk dependencies=Y"?

No and Yes! IP.27 would open for R/W a copy of every file it analyzed (whether walking dep's or not) so that it could analyze and patch in one pass. Unfortunately, it didn't delete unneeded copies. Copying every file also made it slow (and loud).

"Link to copies=Y/N" determines whether an app or dll references the original or patched dependency. Naming this option to something understandable has been problematic!

Y = patch reference to refer to patched copy of dependency
needed if dependencies are patched and the (patched) app is to be directly executable

N = continue to refer to original
needed if patched files are intended to be installed over originals

For patched system files an installer is needed (or the file must be copies by hand in DOS). Creation of an .inf will also be tied to this option some time soon!


>>>1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?
>>IP.28 reads parameters from an .ini file that can be edited between passes.
>I think that ImportPatcher.27 gave the impression that it would load and execute a file, while satisfying missing dependencies. Since that doesn't seem to be the case, my earlier question was null and void.

I misread the question about command line parameters, but now understand. Executing the patched app is a possible future feature and parameter passing would be an important design issue. Perhaps a "[Parameters] App command line parameters=" line in the .ini?

[jumper]

jds, on 03 January 2012 - 10:11 PM, said:

jumper, on 26 December 2011 - 07:58 PM, said:

Looks like MS has added a new function to a venerable support file. Substituting another function or stub for '__uncaught_exception' might {not} be acceptable to the calling app. If not, try locating a version of MSVCRT.DLL that includes this function.

Well, I found a version "7.0.6002.18005 (lh_sp2rtm.090410-1830)" on a Vista machine, dated 2009/4/11. However, although this version only reported "[Need patching? ... msvcrt.dll=Y (OS subsystem)" in ImportPatcher (with 'Walk dependencies=N'), after being patched for the OS subsystem, it looked like a descent into DLL dependency hell.

jds, on 26 December 2011 - 07:11 AM, said:

...I've just tried the Import Patcher on the "signtool.exe" utility from http://www.microsoft...ls.aspx?id=8442 (Microsoft Windows SDK for Windows 7 and .NET Framework 4). Image file = GRMSDK_EN_DVD.iso, Path = \Setup\WinSDKTools\cab1.cab, Extract file = WinSDK_signtool_exe_B2E1011D_2F14_488D_A056_C5BD55106409_x86.
...
Executing 'signtool.exe' by itself (with KernelEx 4.5.2) produces the error :

The SIGNTOOL.EXE file is
linked to missing export MSVCRT.DLL:__uncaught_exception.
...
    Importing from module: 'msvcrt.dll'
        msvcrt.dll: __uncaught_exception (db) * No match
        msvcrt.dll: ___lc_handle_func (7f) * No match
        msvcrt.dll: ___lc_codepage_func (7d) * No match
        msvcrt.dll: ___mb_cur_max_func (80) * No match
        msvcrt.dll: __pctype_func (ce) * No match
        msvcrt.dll: __iob_func (93) * No match
        msvcrt.dll: __crtLCMapStringW (8b) * No match

All seven of those functions are supported in MSVCR90.dll in the package VC_R_9X.EXE at MDGX.

If (anyone is) not running KernelEx, patch MSVCR90.dll with this function replacement:

[KERNEL32.dll]
GetSystemWindowsDirectoryW=GetWindowsDirectoryW

Put MSVCR90.dll in the same folder as signtool.exe or in <windows> or <system>.
Then add to signtoo#.ini:

[Missing modules]
msvcrt.dll=MSVCR90.dll
msvcrt.dll=MSVCR9#.dll ;or this if you don't rename after patching

This should fix the MSVCRT.DLL issues. If signtool has futher dependency problems, post the full .ini file this time (in a 'spoiler' box if large).

* Note: ImportPatcher.29 and .30 syntax (may change in other versions) *

[dencorso]

jumper, would you be so kind as to make ImportPatcher compatible also with XP and 2k?
I can envisage many uses for it on these two OSes, too.

However, it always hangs and never finishes, when I try to use it on XP SP3.
If set to Analyse, it hangs silently, after producing the ini and the log (I have to kill it, to terminate it).
If set to Patch, it hangs before actually patching anything, and I get a box with an exclamation point saying: "Debug: CreateFileMapping"... my only option is to click OK, and whe I do it, the box closes, then reappears, keeping on this forever (so I have to kill it, to terminate it).
If run from Dependency Walker with the problem file as the only command-line argument, it analyses the file (for a real lonng time), then, after producing the ini and the log, terminates with failure. The last lines of DW profiling are the following:

00:55:39.171: First chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.187: Second chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.234: Exited "n:\IMPORTPATCHER.29.EXE" (process 0xA8C) with code -1073741571 (0xC00000FD) by thread 1.
00:00:00.062: Entrypoint reached. All implicit modules have been loaded.

BTW, you rock! Thanks a lot for ImportPatcher!

[jds]

jumper, on 04 January 2012 - 10:27 PM, said:

If (anyone is) not running KernelEx, patch MSVCR90.dll with this function replacement ...

Well, I'm kinda dependent on KernelEx these days ...

Anyway, I managed to get another (fairly recent) version of "signtool.exe" that doesn't have strange requirements for 'msvcrt.dll'. It's version "4.00 (longhorn_rtm.080108-2300)", obtained from the W2008 & dotNet3.5 SDK (6.0.6001.18000.367-KRMSDK_EN.iso). The file is "\Setup\WinSDKTools-WinSDKTools-common.0.cab", from which is extracted the file "signtool_exe.B68FF751_0B1A_4F33_B044_1871CB4B13CC". Also required is the "capicom.dll" file, extracted as "capicom_dll.970E4F94_546F_49F3_BF1F_18BE6B938B02".

This version of "signtool.exe" seems to run OK with KernelEx. (ImportPatcher shows mismatched hints for many DLL functions, but performance isn't important for this application.)

Joe.

[jumper]

dencorso, on 05 January 2012 - 05:52 PM, said:

jumper, would you be so kind as to make ImportPatcher compatible also with XP and 2k?
I can envisage many uses for it on these two OSes, too.

I'll try, but I don't have any OS later than SE to test on. Good error reporting like you provided here will be important.

Quote

However, it always hangs and never finishes, when I try to use it on XP SP3.
If set to Analyse, it hangs silently, after producing the ini and the log (I have to kill it, to terminate it).

My WinMainCRTStartup function simply returned without calling exit or ExitProcess. This works in SE; apparently not in 2K+. I've added ExitProcess now.

Quote

If set to Patch, it hangs before actually patching anything, and I get a box with an exclamation point saying: "Debug: CreateFileMapping"... my only option is to click OK, and whe I do it, the box closes, then reappears, keeping on this forever (so I have to kill it, to terminate it).

The Debug message is mine and indicates that CreateFileMapping (part of the file-mapping sequence of calls) failed. I have located and fixed a minor (SE didn't mind) error in one of the protection flags. I'll also add GetLastCall support to the error reporting.

Despite forcing CreateFileMapping to fail when in patch mode, I was unable to reproduce the error loop. I'm testing IP.31 builds now and much code has been cleaned up since IP.29. I'll trace the old code in my best simulator (sleep on it) in a few minutes....

Quote

If run from Dependency Walker with the problem file as the only command-line argument, it analyses the file (for a real lonng time), then, after producing the ini and the log, terminates with failure. The last lines of DW profiling are the following:

00:55:39.171: First chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.187: Second chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.234: Exited "n:\IMPORTPATCHER.29.EXE" (process 0xA8C) with code -1073741571 (0xC00000FD) by thread 1.
00:00:00.062: Entrypoint reached. All implicit modules have been loaded.

BTW, you rock! Thanks a lot for ImportPatcher!

ImportPatcher is currently designed to function recursively. A stack overflow is the expected result of a runaway loop. The slow speed is likely the result of DW managing a huge amount of text in the log window.

A (hitherto) undocumented feature of ImportPatcher is that the text of all message boxes, log file entries, and any error messages are also passed to OutputDebugMessage(). Running IP in a debug environment such as DW allows viewing of these messages. If IP is looping endlessly (until the stack overflows) the DW log window should be filling will huge amounts of text.

[jumper]

jds, on 05 January 2012 - 10:04 PM, said:

Anyway, I managed to get another (fairly recent) version of "signtool.exe" that doesn't have strange requirements for 'msvcrt.dll'. It's version "4.00 (longhorn_rtm.080108-2300)", obtained from the W2008 & dotNet3.5 SDK (6.0.6001.18000.367-KRMSDK_EN.iso).
...
This version of "signtool.exe" seems to run OK with KernelEx. (ImportPatcher shows mismatched hints for many DLL functions, but performance isn't important for this application.)

The previous version was dotNet4.0--even more recent. Because KernelEx won't always be up-to-date with the latest demands of new software, it would be nice to know if ImportPatcher can help fill the void. To that end, it would be great if you could test the dotNet4.0 version with the msvcrt->msvcr90 replacement I proposed. This might also really help out those who don't use KernelEx.

TIA, jumper.

[jds]

jumper, on 06 January 2012 - 06:00 AM, said:

jds, on 05 January 2012 - 10:04 PM, said:

Anyway, I managed to get another (fairly recent) version of "signtool.exe" that doesn't have strange requirements for 'msvcrt.dll'. It's version "4.00 (longhorn_rtm.080108-2300)", obtained from the W2008 & dotNet3.5 SDK (6.0.6001.18000.367-KRMSDK_EN.iso).
...
This version of "signtool.exe" seems to run OK with KernelEx. (ImportPatcher shows mismatched hints for many DLL functions, but performance isn't important for this application.)

The previous version was dotNet4.0--even more recent. Because KernelEx won't always be up-to-date with the latest demands of new software, it would be nice to know if ImportPatcher can help fill the void. To that end, it would be great if you could test the dotNet4.0 version with the msvcrt->msvcr90 replacement I proposed. This might also really help out those who don't use KernelEx.

TIA, jumper.

Sure, but I won't get a chance to try this until Monday.

Since I do use/rely on KernelEx, for the purposes of this experiment, I presume the following will be sufficient :

* In "signtoo#.ini", I'll add :

[Missing modules]
msvcrt.dll=MSVCR90.dll

Joe.

[jumper]

ImportPatcher.31 is now posted.

It has the fixes I promised dencorso.

I've found enough discrepancies concerning function hints between the documentation, various guides, and what Dependency Walker reports that I've decided to disable the hints and binds features as a needless distraction at this time. The code is still in there, so it'll come back in time.

The [Missing modules] section that only appeared if a module couldn't be found is now named [Module substitutions] and is always present. Substitutions for module and function names are now made before the dependency is checked, allowing for more creative patching options. There is still a constraint, however, that substituted names must not be longer than the name they replace.

As for a more compelling new feature, I was able to alter the ending message box to provide a 'Retry' option. Now we can check the log file, edit the ini file, then click on 'Retry' to start another pass without having to reinvoke IP. (We can still click 'Cancel' to exit and then reinvoke later if we want.)

The next step is now obvious: a dialog box interface with checkboxes for the Yes/No parameters and edit boxes for the text fields, and buttons that can be labelled beyond MessageBox contraints. No more hunting for the ini or log files!

After that, I'll fully parse the headers and essentially relink much of the file if necessary to allow substitution of longer names and even additional modules. This will allow individual function calls to be redirected to stub libraries or even custom DLL's.

[jds]

The future of Import Patcher looks very promising!

Anyway, I recently encountered what appears to be a bug/quirk with IP.29. I wanted to try the RW utility here : http://rweverything.myweb.hinet.net/

What I found was that, for versions 1.4.5 and newer of RW, there is a missing dependency on 'dwmapi.dll', a Vista DLL. However, IP didn't detect this missing dependency.

Joe.

[jumper]

jds, on 07 January 2012 - 07:42 AM, said:

...for versions 1.4.5 and newer of RW, there is a missing dependency on 'dwmapi.dll', a Vista DLL. However, IP didn't detect this missing dependency.

Probably a delay-load import. IP doesn't handle those yet. Try Dependency Walker--it should find it and report if it is a standard or delay load type.

Sounds like a wide-char mapi library. Try doing a preemptive module substitution with mapi32.dll or tmapi.dll; then look at what functions are reported missing.

[jds]

jds, on 06 January 2012 - 08:19 AM, said:

jumper, on 06 January 2012 - 06:00 AM, said:

The previous version was dotNet4.0--even more recent. Because KernelEx won't always be up-to-date with the latest demands of new software, it would be nice to know if ImportPatcher can help fill the void. To that end, it would be great if you could test the dotNet4.0 version with the msvcrt->msvcr90 replacement I proposed. This might also really help out those who don't use KernelEx.

TIA, jumper.

Sure, but I won't get a chance to try this until Monday.

Since I do use/rely on KernelEx, for the purposes of this experiment, I presume the following will be sufficient :

* In "signtoo#.ini", I'll add :

[Missing modules]
msvcrt.dll=MSVCR90.dll

Joe.

Well, my first attempt was thwarted because the name "MSVCR90.dll" was longer than the original "msvcrt.dll". So I copied "MSVCR90.dll" locally as "MSVCR9.dll" and did the module substitution using that name.

However, I can't get this to work. Here are the generated INI files in chronological sequence (the initial one generated by IP, my modified version, the subsequent one generated by IP) :

[ImportPatcher.31]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Walk dependencies=N
Link to copies=N
Target OS=4.10

[Module substitutions]

[KERNEL32.dll]
HeapSetInformation=

[msvcrt.dll]
__uncaught_exception=
___lc_handle_func=
___lc_codepage_func=
___mb_cur_max_func=
__pctype_func=
__iob_func=
__crtLCMapStringW=
__crtGetStringTypeW=

[Patch list]
E:\Winstall\Development\Vista\710_buildtools_signtool\SignTool.exe=OS subsystem, function names

[ImportPatcher.31]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Walk dependencies=N
Link to copies=N
Target OS=4.10

[Module substitutions]
msvcrt.dll=msvcr9.dll

[KERNEL32.dll]
HeapSetInformation=HeapSetInformation

[Patch list]
E:\Winstall\Development\Vista\710_buildtools_signtool\SignTool.exe=OS subsystem, function names

[ImportPatcher.31]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Walk dependencies=N
Link to copies=N
Target OS=4.10

[Module substitutions]
msvcrt.dll=msvcr9.dll

[KERNEL32.dll]
HeapSetInformation=HeapSetInformation  * not found

[Patch list]
E:\Winstall\Development\Vista\710_buildtools_signtool\SignTool.exe=OS subsystem, function names, submodule names
msvcr9.dll=OS subsystem

[msvcr9.dll]
??0exception@@QAE@ABQBD@Z=
?what@exception@@UBEPBDXZ=
??1exception@@UAE@XZ=
mktime=
??0exception@@QAE@ABV0@@Z=
??0exception@@QAE@XZ=
??1bad_cast@@UAE@XZ=
??0bad_cast@@QAE@ABV0@@Z=

jumper, on 07 January 2012 - 12:56 PM, said:

jds, on 07 January 2012 - 07:42 AM, said:

...for versions 1.4.5 and newer of RW, there is a missing dependency on 'dwmapi.dll', a Vista DLL. However, IP didn't detect this missing dependency.

Probably a delay-load import. IP doesn't handle those yet. Try Dependency Walker--it should find it and report if it is a standard or delay load type.

Sounds like a wide-char mapi library. Try doing a preemptive module substitution with mapi32.dll or tmapi.dll; then look at what functions are reported missing.

Well, the good news is that substituting "mapi32.dll" for "dwmapi.dll" fixes that particular dependency.

Unfortunately, after that there's a dependency on "WindowsCodecs.dll" that's more intractable. I can get this DLL online or from the dotNet 3 package, however, this has many missing function dependencies, from several other DLL's.

Joe.

[loblo]

Give it any dll that you rename to windowscodecs.dll. For as long as the application that requires this dll doesn't actually need it for loading and saving image files, this should be OK (succesfully tested on RW build 1.4.9.7)

And btw I think I have just nicely solved the problem of the missing dnsapi.dll required by recent versions of libgio-2.0-0.dll used by GTK apps by making a dummy dnsapi.dll from the sample dll project in VC6 plus a bit of hexing. More about that later after testing a bit more, only (succesfully) tried it on a couple of unofficial Gimp 2.7.4 so far.