Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

ImportPatcher - Find and fix dependency problems

- - - - - IP.38_(3/29/2013) IP.39_(7/06/2013)

  • Please log in to reply
128 replies to this topic

#51
divad

divad
  • Member
  • 5 posts
  • Joined 25-November 08
now we have a crash.Attached File  1.jpg   44.35KB   6 downloads


How to remove advertisement from MSFN

#52
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

now we have a crash.Attached File  1.jpg   44.35KB   6 downloads

The ini and log files would have been nice to see, but looking at what we have:
Image base is $400000
Code base is $401000
Map file says:
 0001:0000038a       _PatchFile                 0040138a f   ImportPatcher.obj
so error is at b91 - 38a = 807 in PatchFile()

Cod file says:
; 682  :             wsprintf (szBuff, "%s\t(%d)\t* not found", pSearch, ByName->Hint);

  00804	8b 45 e8	 mov	 eax, DWORD PTR _ByName$17417[ebp]
  00807	0f b7 00	 movzx	 eax, WORD PTR [eax]
A function search by name has just failed. Eax appears just a tad high, so must be pointing past end of file mapping.

From the information here, it looks like the file is truncated. Or maybe it was produced by an early Borland linker without an ILT:

// if ILT null, set to IAT

Such files can't be bound, so evidence of binding in the log file would discount this theory.

If the file works in IP.32, it is likely a problem with the delay-import data stuctures. A DW test would also be a good idea.

Please post the text of the .ini and .log files (in spoilers if large).

Thank you for testing! :yes:

Edited by jumper, 18 January 2012 - 04:13 PM.

Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#53
divad

divad
  • Member
  • 5 posts
  • Joined 25-November 08
I am sending here the files.

Attached Files


Edited by divad, 18 January 2012 - 04:18 PM.


#54
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

I am sending here the files.

It looks like either your overclocked memory glitched or your copy of shell32.dll has been corrupted.

...
    Importing from module: 'SHELL32.dll'
        TimeDateStamp: 3c106ecb
        Target OS:     4.0  
        (300) Shell_NotifyIconA	
        (288) ShellExecuteExA	
        (224) SHGetSpecialFolderPathA	
        Importing from module: 'KERNEL32.DLL'
            TimeDateStamp: 3caba233
            Target OS:     4.0  
Clues:
  • These TimeDateStamps for Shell32 and Kernel32 match those in SP3.
  • Kernel32 is processed higher in the log with no problems.
  • I can successfully walk Shell32 directly with IP.33 and also indirectly via Explorer.
  • Shell32 should be importing from GDI32 first, not Kernel32 (confirmed with DW and other sources).
Please try analyzing Shell32 directly, with and without walking dependencies. Also see if you can analyze coretemp10rc2_1236.exe (Walk=N), then try to reproduce the error with Walk=Y.

Meanwhile, I'll continue to investigate the twelve trailing spaces that don't seem to jive with the rest of the clues....
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#55
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 761 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
Don't waste your time trying to run the coretemp installer divad, as 1) there is a zipped no-install download and 2) Coretemp doesn't work on 9x/ME as it relies on NT drivers. If you want a CPU voltage/temperature/fan speed monitor that works, get the latest 9x/ME compatible version of HWMonitor here: http://www.cpuid.com.../1.17-win98.zip

Edited by loblo, 19 January 2012 - 02:35 AM.


#56
divad

divad
  • Member
  • 5 posts
  • Joined 25-November 08
I do not know why, it works now but it works.
thanks

#57
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

I do not know why, it works now but it works.
thanks

After modding PEfinder to search for local files without ILTs, I discovered it's not just a few files from old linkers (as mentioned in one of the classic '90s PE guides). Many new apps (including a .NET installer!) suffer from this malady.

So I quickly added support for missing ILTs and a related unbinding issue last night and posted IP.34 a few minutes ago. I don't think this was the problem, but uninitialized variables and bad pointers are leading causes of sporadic program behavior.

In the course of this investigation, I also noticed that DW reports that COMCTL32.DLL and USER32.DLL both want to load at the same preferred base! That means every time the second one loads, there is a performance hit as it is relocated. :(
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#58
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag
IPstub.dll is a library of 42 small functions that can be used to plug holes left by missing imports. There are four basic stub families and three debugging stubs.

Basic stub families:
  • n = 0..9 (0 to 9 32-bit parameters)
  • pn (p1..p9): return <parameter 1>
  • fn (f0..f9): return flast / 0
  • on (o0..o9): return one / 1
  • tn (t0..t9): return true / -1 Ordinal assignment (@1..@39): 4*n + { pn:0 | fn:1 | on:2 | tn:3 }
    (There is no p0: can't return 1 of 0 parameters, ordinals start at 1)
Debugging stubs:
  • yn @ 40 : Yes/No/Cancel messagebox
    [ Yes ] returns true
    [ No ] returns false
    [ Cancel ] calls ExitProcess(-1)
    - zero parameters
  • op @ 41 : Cascading Yes/No/Cancel messageboxes
    [ Yes ] returns true
    [ No ] returns false
    [ Cancel ] invokes 2nd messagebox
    • [ Yes ] returns <param1>
      [ No ] returns 1
      [ Cancel ] calls ExitProcess(-1)
    - one parameter
  • bp @ 42 : calls MessageBeep (MB_ICONHAND), returns 0, zero parameters

Tested with IP.7 (first to display usage MessageBox):
[ImportPatcher.34]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Walk dependencies=N
Link to copies=N
Unbind broken bindings=N
Target OS=4.10

[DLL substitutions]
USER32.dll=IPstub.dll

[IPstub.dll]
MessageBoxA=op
wsprintfA=yn

[Patch list]
ip7.exe=DLLs, Functions

Fun, fun! Did I mention it comes with source code? :boring:
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#59
rloew

rloew

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,096 posts
  • Joined 30-May 05
  • OS:98SE
  • Country: Country Flag

IPstub.dll is a library of 42 small functions that can be used to plug holes left by missing imports. There are four basic stub families and three debugging stubs.

Basic stub families:

  • n = 0..9 (0 to 9 32-bit parameters)
  • pn (p1..p9): return <parameter 1>
  • fn (f0..f9): return flast / 0
  • on (o0..o9): return one / 1
  • tn (t0..t9): return true / -1 Ordinal assignment (@1..@39): 4*n + { pn:0 | fn:1 | on:2 | tn:3 }
    (There is no p0: can't return 1 of 0 parameters, ordinals start at 1)

You will need to cover more than 9 parameters. CreateFontA uses 14 parameters. There probably are larger ones elsewhere.
Ye who enter my domain. Beware! Lest you become educated in the mysteries of the universe and suffer forever from the desire to know more.

#60
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

You will need to cover more than 9 parameters. CreateFontA uses 14 parameters. There probably are larger ones elsewhere.

Fortunately CreateFontA has been in GDI32 since Win32s so we don't need a stub for it. We can cross other bridges when we come to them.

Do you know of any recent comprehensive lists of functions similar to the old WIN32API.CSV? I may need to bite the bullet and download a recent platform SDK, then look at the header files.
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#61
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 761 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
Jumper, as it's a bit complex, please post any working example you might have for use of ipstub.dll.

And btw I prefer that importpatcher does not link to copies of dependencies anymore.

#62
rloew

rloew

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,096 posts
  • Joined 30-May 05
  • OS:98SE
  • Country: Country Flag


You will need to cover more than 9 parameters. CreateFontA uses 14 parameters. There probably are larger ones elsewhere.

Fortunately CreateFontA has been in GDI32 since Win32s so we don't need a stub for it. We can cross other bridges when we come to them.

i knew it didn't need a stub. It was an example of what is out there. I had redirected USER32.DLL and GDI.DLL through a logging DLL I was experimenting with, so I had a list of the APIs and their parameter counts. It was the largest.

Do you know of any recent comprehensive lists of functions similar to the old WIN32API.CSV? I may need to bite the bullet and download a recent platform SDK, then look at the header files.

I don't have a list. I wrote a tool that extracts the APIs from the header files and helps build source code for the loggers I mentioned above.
Ye who enter my domain. Beware! Lest you become educated in the mysteries of the universe and suffer forever from the desire to know more.

#63
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

I don't have a list. I wrote a tool that extracts the APIs from the header files and helps build source code for the loggers I mentioned above.

Searching for "windows api parameter count" lead me to these header resources: Expanding WIN32A.ZIP, I found WIN32P.INC and the following:
  • _LocalEnroll() requires 23 arguments.
  • _LocalEnrollNoDS() requires 23 arguments.
These seem to be from CRYPTUI.dll

I've used DOS FIND to extract the lines containing 'requires' and then the DevStudio '97 text replace function to create an .ini file with 17986 18300 API parameter counts:
[ParameterCounts]
CreateSecurityPage=1
EditSecurity=2
IID_ISecurityInformation=1
ADsBuildEnumerator=2
...

Edited by jumper, 20 January 2012 - 09:17 PM.


#64
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

By doing a substitution of msvcrt.dll for msvcr70.dll (renamed and substituted as msvcr7.dll), msvcr90 or 80 wouldn't work, on two dlls and using my dummy dnsapi.dll, I could get the latest svn build of Inkscape (uploaded just 15 hours ago at the time of this post) to run perfectly. :thumbup

https://skydrive.liv...D11303FA52A!128

Attached are the blank stub.dll with 4 blank export functions and the dnsapi.dll dummy made from it for GTK apps. :hello:

As it turns out, the loader will append '.dll' to an import DLL name as needed, so 'msvrt.dll' can be replaced with 'msvcr70' without needing to rename it to 'msvcr7.dll'.


Jumper, as it's a bit complex, please post any working example you might have for use of ipstub.dll.
...

Ignore the mention of ordinals for now. IP won't support replacement-by-ordinal until the next version.

If you modify your Inkscape patch to use IPstub.dll, it should work. Otherwise try patching a copy of IP itself as I showed.

IPstub.dll works the same as your dnsapi.dll/stub.dll, but with a wider variety of stubs and diagnostics functions to choose from. Function names are all two characters to ensure they're not too long:
   p1 p2 p3 p4 p5 p6 p7 p8 p9
f0 f1 f2 f3 f4 f5 f6 f7 f8 f9
o0 o1 o2 o3 o4 o5 o6 o7 o8 o9
t0 t1 t2 t3 t4 t5 t6 t7 t8 t9
yn op bp
If the functions aren't being called, any function will work (just like in your dnsapi.dll). Otherwise choose a stub with the desired return code and parameter count. (A quick search of MSDN should yield these.)

If you run IP.34 on Inkscape you should be able to make this replacement in the .ini file:
[DLL substitutions]
dnsapi.dll=IPstub.dll
Then [ Retry ] and:
[IPstub.dll]
DnsQuery_A=f6
DnsRecordListFree=f2
[ Retry ] again to patch. IPstub.dll can be in the app folder, <system>, <windows>, or anywhere in the normal PATH.


...
And btw I prefer that importpatcher does not link to copies of dependencies anymore.

:wub: Just the type of feedback I love to hear! :wub:
It was always optional (editable in .ini), but defaulted to 'Y' if walking and 'N' if not.
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#65
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 761 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
Thanks for the heads up Jumper.

#66
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

Meanwhile, I'll continue to investigate the twelve trailing spaces that don't seem to jive with the rest of the clues....

The trailing spaces are an indentation for a missing log message. This only happens when wsprintf encounters an error (usually an access violation in one of the parameters) and emits no text.

I was able to reproduce this condition in a way that resembled divad's log file by intentionally using an invalid pointer for the delay-import ILT address. I then modified my PEfinder test app to search my local drives for apps with invalid delay-import ILT addresses. I found five. All had been UPX'ed.

UPX compression abbreviates the import tables and corrupts the delay-import table (if any). This works because the system loader doesn't check the delay-import table and the UPX decompressor restores it for normal use later. Tools like Dependency Walker can only report that the address is invalid. Other compressors may also corrupt the delay-import table, but I found no such examples on my local drives.

PEfinder also uncovered one app that stored the parallel ILT and IAT tables in different sections. In this case it wasn't a problem, but theoretically it could be. So I rewrote the rva-to-pointer routine to lookup every address in the section tables without making any assuptions, no matter how reasonable they might seem to be!

Well, PEfinder only opens one file at a time, while ImportPatcher opens two (or more if walking) at a time. So the new rva-to-pointer routine was difficult to port and required lots of extra support code and modifications. However, IP.35 now seems to be working and will be released as soon I finish regression testing it.
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#67
jds

jds

    -DOS+

  • Member
  • PipPipPipPip
  • 603 posts
  • Joined 03-June 08
  • OS:98SE
  • Country: Country Flag


Do you know of any recent comprehensive lists of functions similar to the old WIN32API.CSV? I may need to bite the bullet and download a recent platform SDK, then look at the header files.

I don't have a list. I wrote a tool that extracts the APIs from the header files and helps build source code for the loggers I mentioned above.

Jumper, is this something that could be implemented (without too much pain) in a future version of IP?

Joe.

#68
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

Jumper, is this something that could be implemented (without too much pain) in a future version of IP?

Here is the aforementioned INI file with 18301 API parameters counts: Attached File  APIParameterCounts.zip   93.23KB   18 downloads

Last week I did try accessing it from IP using GetPrivateProfileString and it worked great--the first 64KB that is. The other 406KB - 64KB can't be accessed that way.

I converted it to a REG file, hoping to be able to access it from the transient portion of the registry with RegQueryValue, but REG files can only add to the on-disk keys and that also takes several minutes.

The current plan is to do a quick 27-bit hash or crc on the function names to reduce the data size (27+5 for the [0..23] count = 32). Or I might just split the data over seven INI files. :sneaky:
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#69
jds

jds

    -DOS+

  • Member
  • PipPipPipPip
  • 603 posts
  • Joined 03-June 08
  • OS:98SE
  • Country: Country Flag


Jumper, is this something that could be implemented (without too much pain) in a future version of IP?

Here is the aforementioned INI file with 18301 API parameters counts: Attached File  APIParameterCounts.zip   93.23KB   18 downloads

Last week I did try accessing it from IP using GetPrivateProfileString and it worked great--the first 64KB that is. The other 406KB - 64KB can't be accessed that way.

I converted it to a REG file, hoping to be able to access it from the transient portion of the registry with RegQueryValue, but REG files can only add to the on-disk keys and that also takes several minutes.

The current plan is to do a quick 27-bit hash or crc on the function names to reduce the data size (27+5 for the [0..23] count = 32). Or I might just split the data over seven INI files. :sneaky:

If I understand you correctly, the 27-bit hash will shrink the INI file down to 73K at best, so that's not going to do the trick (by itself). However, seven or more INI files would work, and be easier to edit :

NtQueryInformationProcess=5 (from 'ntdll.dll') --- now it's 18302 entries!

Joe.

#70
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag

If I understand you correctly, the 27-bit hash will shrink the INI file down to 73K at best, so that's not going to do the trick (by itself).

I would open the file and map it as an array of dwords (using an existing function). If the data was presorted, a simple binary search would quickly find the count.

Otherwise you're right, 73KB would still be too big for the PrivateProflle functions:

Each line in an INI file would need one byte for the '=', one byte for the count, and one byte for the EOL marker. That leaves less than one byte for the name/hash/crc string!

We might be able to get to 24 bits if we can:
  • get below 16k functions by removing those with the most common count (1 or 2 maybe?); that count would become the default for functions not found
  • group functions into sections and reclaim the '=' and <count> bytes.

However, seven or more INI files would work, and be easier to edit :

Early versions of ImportPatcher could batch process multiple files. When I added INI support, I found SE wasn't letting me access multiple PrivateProfile INI files. Once I picked one, I had to stick with it. So I dropped batch processing. Unless I can figure out how to easily work around this issue, even a single INI (in addition to the main #.ini) might not be an option. :(


NtQueryInformationProcess=5 (from 'ntdll.dll') --- now it's 18302 entries!

I don't think NtQueryInformationProcess can be static linked to--no import library for it. Though for completeness, a good idea to add it. Thanks. :thumbup
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#71
jds

jds

    -DOS+

  • Member
  • PipPipPipPip
  • 603 posts
  • Joined 03-June 08
  • OS:98SE
  • Country: Country Flag


If I understand you correctly, the 27-bit hash will shrink the INI file down to 73K at best, so that's not going to do the trick (by itself).

I would open the file and map it as an array of dwords (using an existing function). If the data was presorted, a simple binary search would quickly find the count.

Otherwise you're right, 73KB would still be too big for the PrivateProflle functions:

Each line in an INI file would need one byte for the '=', one byte for the count, and one byte for the EOL marker. That leaves less than one byte for the name/hash/crc string!

We might be able to get to 24 bits if we can:
  • get below 16k functions by removing those with the most common count (1 or 2 maybe?); that count would become the default for functions not found
  • group functions into sections and reclaim the '=' and <count> bytes.

However, seven or more INI files would work, and be easier to edit :

Early versions of ImportPatcher could batch process multiple files. When I added INI support, I found SE wasn't letting me access multiple PrivateProfile INI files. Once I picked one, I had to stick with it. So I dropped batch processing. Unless I can figure out how to easily work around this issue, even a single INI (in addition to the main #.ini) might not be an option. :(

Perhaps this is the point at which this potential feature exceeds the pain threshold? Since we have a nice big list for reference, we can look this up ourselves anyway, no big deal.

The only other idea I've had, is that for IP's purposes, only those functions that don't exist in W9X are needed. So we can have a full list for reference, and an abridged list used by IP.


NtQueryInformationProcess=5 (from 'ntdll.dll') --- now it's 18302 entries!

I don't think NtQueryInformationProcess can be static linked to--no import library for it. Though for completeness, a good idea to add it. Thanks. :thumbup

OK, now I'm confused. Here's the INI file for 'msi.dll' version 3.0.3790.2180 :

[ImportPatcher.34]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Walk dependencies=Y
Link to copies=N
Unbind broken bindings=N
Target OS=4.10

[DLL substitutions]
USERENV.dll=

[ntdll.dll]
NtQueryInformationProcess=

[ADVAPI32.dll]
ConvertSidToStringSidW=

[KERNEL32.dll]
GetFileSizeEx=

[Patch list]
msi.dll=DLLs, Functions, Unbind

There's obviously something here I'm not quite understanding.

Joe.

#72
jumper

jumper

    2014 All-American Masters HJ'er

  • Member
  • PipPipPip
  • 487 posts
  • Joined 21-January 11
  • OS:98SE
  • Country: Country Flag
MS intended NtQueryInformationProcess to be an internal function for OS use only. Their tools don't let us static link to it, but they do.

NtQueryInformationProcess provides process and thread details that cannot all be obtained through other APIs. As NtQueryInformationProcess is not available on 9x (and can't be simulated) any DLLs (or apps) that call it should be avoided! :ph34r:

In your case it appears to be the version of ntdll.dll you are using that is the one to be avoided. If you really must use this version for a given app, unregister it from "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs" and put a copy of the dangerous version directly into the folder of any app that really needs it. The version in <system> should be a 9x-safe version!

Also, KernelEx comes with a version of USERENV.dll; try copying it from <windir>\KernelEx to <system> to resolve that missing dependency issue.
Design feedback requested:
IHAtool - IpHlpApi tester; call various functions and report results
--status-> framework is solid; 22 api's fully supported; preview release coming soon
ComDlg32 wrapper - ComDlgEx meets IpHlpApi wrapper
--status-> PrintDlgExW working in latest SumatraPDF 8^)
Future projects: ImportPatcher40 - dialog interface; Kexter - IP40+Ktree+Kexstubs

#73
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 761 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
KernelEx's got its own KnownDlls key at HKEY_LOCAL_MACHINE\SOFTWARE\KernelEx\KnownDLLs. It works the same way the MS one does and Userenv.dll should get loaded from there if the executable that needs it has KernelEx enabled.

In previous versions KernelEx used the MS KnownDlls key for the files now listed under its own key btw.

#74
jds

jds

    -DOS+

  • Member
  • PipPipPipPip
  • 603 posts
  • Joined 03-June 08
  • OS:98SE
  • Country: Country Flag
jumper, loblo,

Thanks for the input, I do need to understand KernelEx in more detail when looking into practical use of IP.

As regards 'msi.dll', I was just checking to see if this could be adapted to W9X, for the purpose of processing the main MSI file from LibreOffice 3.4.5. However, from what I've learnt from Joe of JSWare, the problem may be more fundamental than 'msi.dll'. Apparently MSI files are structured like a file system, known as Microsoft Compound Document File Format and, unlike every other MSI file I've got lying around, the LibreOffice one uses 4K sectors instead of 512 byte sectors.

Now as far as the NtQueryInformationProcess function used by the v3 'msi.dll', frankly this doesn't sound like a legitimate need of 'msi.dll', especially as v2 doesn't need such a thing. Hence, a dummy function may be sufficient, IMHO. But it's all too hard at the moment. I'll have to look at some way to convert 4K-sector MSI files into 512-byte sectors, if/when time permits.

Joe.

#75
jds

jds

    -DOS+

  • Member
  • PipPipPipPip
  • 603 posts
  • Joined 03-June 08
  • OS:98SE
  • Country: Country Flag
Next experiment ...

Well, I've just tried to apply "ImportPatcher.34" with "IPStub.dll" to the Altium Designer Viewer : http://downloads.alt...9.3.0.19153.zip

After downloading and extracting the ZIP file, it is necessary to edit 'Setup\Setup.msi' in Orca and delete the "NOT Version9X" row in "LaunchCondition", then "Save" it (avoid using "Save As").

Running 'Setup.exe' stalls during the "Deleting backup files" phase. However, running it again and selecting "Repair" is successful.

Now that Altium Viewer is installed, it is necessary to patch 'dxp.exe' for two dependencies from 'Netapi32.dll'. Since nothing else is used from the W9X version of 'Netapi32.dll', we substitute the DLL with 'IPStub.dll' and select the 'o1' and 'o3' functions, per the following 'dx#.ini' file :

[ImportPatcher.34]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Walk dependencies=N
Link to copies=N
Unbind broken bindings=N
Target OS=4.10

[DLL substitutions]
Netapi32.dll=IPStub.dll

[user32.dll]
UpdateLayeredWindow=

[IPStub.dll]
NetApiBufferFree=o1
NetWkstaGetInfo=o3

[Patch list]
dxp.exe=DLLs, Functions

[Need patching? (do not edit)]
C:\Program Files\Altium Designer S09 Viewer\dxp.exe=Y (function name)

So far, so good. With the additional assistance of KernelEx 4.5.2 (default setting is fine), we are able to launch Altium Viewer.

Unfortunately however, for me, it crashes :

DXP caused an invalid page fault in
module KERNEL32.DLL at 0187:bff9e0b7.
Registers:
EAX=00000000 CS=0187 EIP=bff9e0b7 EFLGS=00000a83
EBX=81db5144 SS=018f ESP=00ccf910 EBP=00000000
ECX=0000018f DS=018f ESI=00000001 FS=276f
EDX=00ccfab0 ES=018f EDI=bffce060 GS=0000
Bytes at CS:EIP:
cc a1 e0 dc fc bf 8b 00 66 64 f7 05 1c 00 00 00
Stack dump:
08c10000 81db5188 81deba2c 81deb998 81deb9ac e242f970 00000000 8348200c 83528e30 bff7a3bc 00ccf978 00057f90 8352902c 00000048 bff7a3a0 83482000


DXP caused an invalid page fault in
module KERNEL32.DLL at 0187:bff9e0b7.
Registers:
EAX=00000000 CS=0187 EIP=bff9e0b7 EFLGS=00000a83
EBX=81db5144 SS=018f ESP=00ccf8b0 EBP=00000000
ECX=0000018f DS=018f ESI=00000001 FS=276f
EDX=00ccfa50 ES=018f EDI=bffce060 GS=0000
Bytes at CS:EIP:
cc a1 e0 dc fc bf 8b 00 66 64 f7 05 1c 00 00 00
Stack dump:
08c10000 81db5188 81deba60 81deb9cc 81deb9e0 e242f970 00000000 8348200c 83528e30 bff7a3bc 00ccf918 00057f90 8352902c 00000048 bff7a3a0 83482000


Substituting the 'IPStub.dll' debugging functions for 'Netapi32.dll' (instead of 'o1' and 'o3') did not produce any pop-ups, so the crash occurs before either of the substituted functions is called. In other words, the import patching doesn't seem responsible for the crash.

So ... Is some KernelEx code failing? If this software works on XP or whatever, and all its required functions (AFAIK) are being supplied on W98, why should it crash in this way? Any ideas?

Joe.

Edited by jds, 08 March 2012 - 02:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users