jumper

ImportPatcher.41 - Find and fix dependency problems

142 posts in this topic

ImportPatcher
Enable a new executable to load with old DLLs or on an older OS.

ImportPatcher.41.7z
debugging DLL: IPstub.zip
Drugwash's API Parameter Count v1.0.1.0

Features:
  • Analyzes a program's OS subsystem and Import requirements
  • Walks (recurses through) all dependencies (optional)
  • Creates #.log file with detailed results
  • Creates #.ini file for controlling patching step
  • Patches OS subsystem if needed
  • Substitutes for any import modules and functions, missing or not
  • Patches hints for better performance (optional)
    Hint support disabled pending design review
  • Supports all Portable Executable (PE) files (apps, dll's, ...)

Works in four steps:
  • Set parameters
  • [ Analyze ]
  • Edit DLL filename and API strings
  • [ Patch ]

Suggested usage:
  • Create a shortcut to ImportPatcher in your Windows SendTo folder
  • Send files to it using the right-click context menu.

Notes:
  • All file patching is done on copies.
  • Filenames containing '=' are incompatible with the use of an .ini file. Please rename.
  • If module MSVC*#*.DLL is reported missing, try replacing it with 'MSVC*71*.DLL.

History:

New in ImportPatcher.41.7z:
New in ImportPatcher.40.7z:
New in ImportPatcher.39.7z (preview alpha):
  • July 6, 2013
  • Expanded first MessageBox into fuller DialogBox
  • Added export forward patching

New in ImportPatcher.38.7z:
  • March 29, 2013
  • Delay-load processing made optional
  • Added file and data alignment checking
  • Ordinal import fields reversed in log (to match strings)

New in IPstub.zip:
  • Jan 19, 2012
  • stub library for replacing missing DLLs
  • debug build with C source :)

ImportPatcher.37.zip
  • Sep 19, 2012
  • default option to test for API's with LoadLibrary/GetProcAddress if any DLL or API is missing
  • iterate needed imports even if DLL is missing or has no exports
  • "Target OS" -> "OS Subsystem Version [Ceiling]"
  • nicer formatting of TimeDateStamps and ordinals in log

ImportPatcher.35.7z
  • Mar 21, 2012
  • More robust header parsing
  • UPX compression detection
  • CheckSum zeroed

ImportPatcher.34.exe
  • Jan 19, 2012
  • If no LookupTable (ILT), use AddressTable (IAT) instead
  • When unbinding, reinitialize IAT to match ILT

ImportPatcher.33.exe
  • Jan 18, 2012
  • Full support for VC6-style delay-load imports (va and rva types)!
  • Improved log file format
  • Protection from redundant and looping dependencies
  • 'Unbind broken bindings' reintroduced (default=N)
  • 'Link to copies' non-functional

ImportPatcher.32.exe
  • Jan 10, 2012
  • Much more robust when analyzing:
  • small, truncated, or empty files
  • old 16-bit executables
  • PE32+ (64-bit) files--detected and rejected
  • Reworked error reporting including GetLastError
  • Even-length string names can grow by one when substituting
  • Glitch: still reports as .31

ImportPatcher.31.exe
  • Jan 7, 2012
  • Retry multiple passes without exiting
    • every pass does full analysis
    • every pass also patches once .ini section [Patch list] exists
    • prompt after every pass to Retry or Cancel (quit)

  • Simplified .ini format
    • Mode parameter removed
    • target OS now in Parameters
    • hint and binding parameters removed

  • Better XP compatibility
  • GetLastError invoked for better debugging

ImportPatcher.30.exe
  • Jan 3, 2012
  • remove 'intructions' [sic] from main section name!
  • check hints even if bound
  • unbind broken bindings
  • truncate replacement name at space
  • move OS to parameters

ImportPatcher.29.exe
  • Dec 28, 2011
  • Clearer prompts at beginning and end of each pass
  • Simpler .ini file with instructions
  • Redirection of any function within a module
  • Redirection of any module to another
  • Supports endless trial-and-error :)

ImportPatcher.28.exe
  • Dec 24, 2011
  • Initial public release

ImportPatcher.27.exe
  • Nov 10, 2011
  • Sneak previewed on Dec 19, 2011
  • Produced an analysis log file
Edited by jumper
Unmangle after last two IPB "upgrades"
0

Share this post


Link to post
Share on other sites

This is one very cool tool which makes it so much easier and faster for replacing functions than using an hex editor.

:thumbup

0

Share this post


Link to post
Share on other sites

...I've just tried the Import Patcher on the "signtool.exe" utility from http://www.microsoft.com/download/en/details.aspx?id=8442 (Microsoft Windows SDK for Windows 7 and .NET Framework 4). Image file = GRMSDK_EN_DVD.iso, Path = \Setup\WinSDKTools\cab1.cab, Extract file = WinSDK_signtool_exe_B2E1011D_2F14_488D_A056_C5BD55106409_x86.

Executing 'signtool.exe' by itself (with KernelEx 4.5.2) produces the error :


The SIGNTOOL.EXE file is
linked to missing export MSVCRT.DLL:__uncaught_exception.

Executing with Import Patcher gives a bunch of "Importing from module ..." messages, but not the above message. It also produces a file "signtoo#.exe" which has patches but seems to behave the same as "signtool.exe".

In addition, a log file is produced, from which the following is an extract :


Importing from module: 'msvcrt.dll'
__wgetmainargs: 225 != 142 #
_cexit: 276 != 173 #
_exit: 354 != 215 #
_XcptFilter: 106 != 75 #
exit: 1167 != 607 #
_initterm: 469 != 282 #
_amsg_exit: 257 != 162 #
fgetpos: 1175 != 615 #
__p__commode: 185 != 109 #
__p__fmode: 190 != 114 #
__set_app_type: 210 != 132 #
??1type_info@@UAE@XZ: 17 != 14 #
msvcrt.dll: __uncaught_exception (db) * No match
memmove: 1260 != 686 #
_unlock: 934 != 495 #
__dllonexit: 141 != 88 #
_lock: 578 != 329 #
_onexit: 747 != 403 #
?terminate@@YAXXZ: 55 != 48 #
_controlfp: 295 != 186 #
isleadbyte: 1218 != 651 #
isupper: 1223 != 656 #
_itoa: 561 != 319 #
islower: 1219 != 652 #
__badioinfo: 133 != 84 #
__pioinfo: 207 != 130 #
_fileno: 367 != 226 #
_lseeki64: 587 != 337 #
_write: 1096 != 555 #
_isatty: 478 != 287 #
??0exception@@QAE@ABQBD@Z: 9 != 7 #
?what@exception@@UBEPBDXZ: 57 != 50 #
??1exception@@UAE@XZ: 16 != 13 #
fwrite: 1201 != 636 #
setvbuf: 1287 != 708 #
fflush: 1173 != 613 #
ungetc: 1341 != 749 #
fputc: 1185 != 623 #
fgetc: 1174 != 614 #
malloc: 1246 != 679 #
_callnewh: 274 != 172 #
setlocale: 1286 != 707 #
msvcrt.dll: ___lc_handle_func (7f) * No match
msvcrt.dll: ___lc_codepage_func (7d) * No match
msvcrt.dll: ___mb_cur_max_func (80) * No match
abort: 1142 != 586 #
ungetwc: 1342 != 750 #
msvcrt.dll: __pctype_func (ce) * No match
__crtLCMapStringA: 138 != 87 #
msvcrt.dll: __iob_func (93) * No match
__mb_cur_max: 176 != 100 #
msvcrt.dll: __crtLCMapStringW (8b) * No match
wctomb: 1390 != 778 #

Now two questions come to mind :

1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

2. Should the "signtoo#.exe" application run OK (not exhibit the same missing import/export message)?

Joe.


The SIGNTOOL.EXE file is
linked to missing export MSVCRT.DLL:__uncaught_exception.

Looks like MS has added a new function to a venerable support file. Substituting another function or stub for '__uncaught_exception' might not be acceptable to the calling app. If not, try locating a version of MSVCRT.DLL that includes this function.

Executing with Import Patcher gives a bunch of "Importing from module ..." messages, but not the above message. It also produces a file "signtoo#.exe" which has patches but seems to behave the same as "signtool.exe".

ImportPatcher.27 was my last internal build back on Nov 10, 2011, before development took a break. Those are debug messages--I never expected to release that build as a sneak-preview.

IP.27 patches the OS version and creates a dependency log that is somewhat readable. The resulting #.exe file will only be loadable if the OS version was the only load error. Also, a *#.* copy of every file that is walked is created, including system DLLs (only useful if you're trying to fragment your HDD!).

Try again with IP.28; or better yet, with IP.29 later tonight.

1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

IP.28 reads parameters from an .ini file that can be edited between passes.

2. Should the "signtoo#.exe" application run OK (not exhibit the same missing import/export message)?

That is the goal. If you supply valid replacement functions, the patched copy should get past the system loader.

Edited by jumper
0

Share this post


Link to post
Share on other sites

Joe, it's the ini file that matters the most. You should find in it a section per dependency listing the missing functions as follows:

missingfunction=Y

Then you just need to replace the Y by whatever function you want to replace it and rerun the tool which will patch accordingly. (If you want no change for a missing function which is best for what KernelEx already caters for then replace Y by the missing function such as: missingfunction=missingfunction).

:yes: Good idea, loblo! Upcoming beta29 will now do that for us:


[KERNEL32.dll]
DecodePointer=DecodePointer
EncodePointer=EncodePointer

[Missing modules]
MSVCR100.dll=MSVCR100.dll

It also adds a similar option for missing modules.

For example, this works quite well:


[Missing modules]
MSVCR100.dll=MSVCR90.dll

0

Share this post


Link to post
Share on other sites

Hi jumper

Your program is very useful, but it is not easy for newbie to understand how to use it

Could you provide a step-by-step successful example?

Many thanks

0

Share this post


Link to post
Share on other sites

Sorry for the delay, slhk. I've been looking for and finally found a good example.

Back on 5/5/2003, I installed Microsoft Active Accessibility which updated COMCTL32.DLL from version 5.00.2614.3500 to 5.00.2614.3600.

Version 5.00.2614.3500 is part of IE5.0 and imports bound links from other IE5.0 DLLs.

Version 5.00.2614.3600 is part of IE5.0.1 and is bound to other DLLs that didn't get updated, causing loading delays.

I copied v3500 to my temp folder and named it COMCTL32aa.DLL.

I copied v3600 to my temp folder and named it COMCTL32bb.DLL.

I analyzed each of these files in ImportPatcher.29 (by dragging them to a shortcut on my desktop).

The .ini file for v3500 shows an empty list under "[Need patching? (do not edit)]" -- this indicates no errors found:

COMCTL32a#.ini


[ImportPatcher.29 - Intructions]
;Edit parameters and replacement strings and run ImportPatcher again. <=

[Parameters]
Mode: (A)nalyze or (P)atch=A
Walk dependencies=N
Link to copies=Y
Fix function hints=Y

[Need patching? (do not edit)]


The .log file for v3500 shows good binds with KERNEL32.dll and ADVAPI32.dll, but bad binds with GDI32.dll and USER32.dll. This indicates GDI32.dll and USER32.dll were build to match a different KERNEL32.dll and also need to be fixed.
COMCTL32a#.log

ImportPatcher.29
Portable Executable: 'R:\COMCTL32aa.DLL'
TimeDateStamp: 3720a1cd
SubsystemVersion: 4.0 <= 4.10
Importing from module: 'GDI32.dll'
TimeDateStamp: 3ab81436
SubsystemVersion: 4.0 <= 4.10
Old Bind timestamps: 353ec272 != 3ab81436
Importing from module: 'KERNEL32.dll'
TimeDateStamp: 371fc2b3
SubsystemVersion: 4.0 <= 4.10
Old Bind timestamps: 371fc2b3 == 371fc2b3
Importing from module: 'USER32.dll'
TimeDateStamp: 3adf0611
SubsystemVersion: 4.0 <= 4.10
Old Bind timestamps: 3720a1cd != 3adf0611
Importing from module: 'ADVAPI32.dll'
TimeDateStamp: 3720a1cd
SubsystemVersion: 4.0 <= 4.10
Old Bind timestamps: 3720a1cd == 3720a1cd

The .ini file for v3600 shows "R:\COMCTL32bb.DLL=Y (function hint)" under "[Need patching? (do not edit)]" -- this indicates that some ordinal link hints need fixing:

COMCTL32b#.ini


[ImportPatcher.29 - Intructions]
;Edit parameters and replacement strings and run ImportPatcher again. <=

[Parameters]
Mode: (A)nalyze or (P)atch=A
Walk dependencies=N
Link to copies=N
Fix function hints=Y

[Need patching? (do not edit)]
R:\COMCTL32bb.DLL=Y (function hint)


I edited the Mode parameter to read "Mode: (A)nalyze or (P)atch=P" and reprocessed in ImportPatcher.
The .log file then confirmed lots of patched mismatched function ordinal hints:
COMCTL32b#.log

ImportPatcher.29
Portable Executable: 'R:\COMCTL32bb.DLL'
TimeDateStamp: 372a5251
SubsystemVersion: 4.0 <= 4.10
Importing from module: 'GDI32.dll'
TimeDateStamp: 3ab81436
SubsystemVersion: 4.0 <= 4.10
CreateDIBSection: 36 != 142 #
GetStockObject: 188 != 297 #
StretchDIBits: 313 != 424 #
CreateRectRgn: 59 != 165 #
SetWindowOrgEx: 307 != 418 #
OffsetWindowOrgEx: 224 != 333 #
GetDeviceCaps: 142 != 250 #
PatBlt: 226 != 335 #
SetBkMode: 269 != 378 #
RealizePalette: 246 != 355 #
SelectPalette: 263 != 372 #
CreatePatternBrush: 54 != 160 #
CreateBitmap: 25 != 131 #
RestoreDC: 255 != 364 #
SelectClipRgn: 261 != 370 #
SaveDC: 257 != 366 #
CombineRgn: 19 != 125 #
CreateRectRgnIndirect: 60 != 166 #
GetTextColor: 196 != 305 #
SetObjectOwner: 289 != 400 #
GetPaletteEntries: 178 != 287 #
CreateHalftonePalette: 47 != 153 #
SetPixelV: 293 != 404 #
SetPixel: 291 != 402 #
CreateSolidBrush: 64 != 170 #
SetDIBColorTable: 274 != 383 #
GetDIBColorTable: 140 != 248 #
GetBitmapBits: 115 != 223 #
SetBrushOrgEx: 271 != 380 #
GetDIBits: 141 != 249 #
SetDIBits: 275 != 384 #
OffsetRgn: 222 != 331 #
GetCurrentObject: 137 != 245 #
ExcludeClipRect: 93 != 200 #
RectVisible: 248 != 357 #
IntersectClipRect: 213 != 322 #
GetClipRgn: 134 != 242 #
GetDCOrgEx: 139 != 247 #
BitBlt: 9 != 114 #
MoveToEx: 220 != 329 #
CreatePen: 55 != 161 #
Arc: 6 != 111 #
Rectangle: 249 != 358 #
Ellipse: 76 != 182 #
CreatePalette: 53 != 159 #
UnrealizeObject: 320 != 431 #
StretchBlt: 312 != 423 #
TranslateCharsetInfo: 319 != 430 #
Polyline: 242 != 351 #
CreateBitmapIndirect: 26 != 132 #
CreatePolygonRgn: 58 != 164 #
CreateRoundRectRgn: 61 != 167 #
FrameRgn: 106 != 213 #
FillRgn: 102 != 209 #
GetCharWidthW: 130 != 238 #
GetCharWidthA: 127 != 235 #
GetTextExtentPoint32W: 200 != 309 #
GetTextCharsetInfo: 195 != 304 #
GetTextExtentPointA: 201 != 310 #
ExtTextOutW: 100 != 207 #
ExtTextOutA: 99 != 206 #
GetWindowExtEx: 210 != 319 #
GetViewportExtEx: 207 != 316 #
ExtSelectClipRgn: 98 != 205 #
CreateFontA: 43 != 149 #
CreateFontIndirectA: 44 != 150 #
EnumFontFamiliesExA: 82 != 189 #
GetObjectA: 173 != 282 #
GetTextMetricsA: 205 != 314 #
GetTextAlign: 192 != 301 #
SetTextAlign: 299 != 410 #
SetBkColor: 268 != 377 #
SetTextColor: 301 != 412 #
GetClipBox: 133 != 241 #
CreateCompatibleDC: 31 != 137 #
CreateCompatibleBitmap: 30 != 136 #
SelectObject: 262 != 371 #
LineTo: 217 != 326 #
GetNearestColor: 171 != 280 #
DeleteDC: 67 != 173 #
GetPixel: 180 != 289 #
DeleteObject: 70 != 176 #
GetBkColor: 117 != 225 #
Importing from module: 'KERNEL32.dll'
TimeDateStamp: 371fc2b3
SubsystemVersion: 4.0 <= 4.10
EnterCriticalSection: 100 != 225 #
LeaveCriticalSection: 403 != 552 #
SetEvent: 556 != 714 #
Sleep: 593 != 758 #
InitializeCriticalSection: 379 != 522 #
DeleteCriticalSection: 89 != 214 #
CreateThread: 80 != 205 #
MultiByteToWideChar: 443 != 594 #
lstrlenA: 694 != 864 #
GetProcAddress: 279 != 419 #
ReinitializeCriticalSection: 493 != 644 #
GetACP: 181 != 312 #
DisableThreadLibraryCalls: 94 != 219 #
GetCurrentProcessId: 212 != 347 #
GetVersionExA: 335 != 477 #
FreeResource: 178 != 309 #
GlobalFree: 350 != 493 #
GlobalAlloc: 343 != 486 #
LockResource: 423 != 574 #
LoadResource: 409 != 558 #
GetTickCount: 328 != 470 #
LocalReAlloc: 417 != 568 #
IsBadWritePtr: 392 != 536 #
lstrcpyA: 688 != 858 #
FreeLibrary: 176 != 307 #
MulDiv: 442 != 593 #
HeapAlloc: 366 != 509 #
HeapFree: 370 != 513 #
HeapReAlloc: 372 != 515 #
IsBadCodePtr: 386 != 530 #
InterlockedExchange: 382 != 526 #
lstrcpynA: 691 != 861 #
GetThreadLocale: 324 != 465 #
GetProcessHeap: 282 != 422 #
HeapDestroy: 369 != 512 #
HeapCreate: 368 != 511 #
HeapSize: 374 != 517 #
GetUserDefaultLangID: 333 != 475 #
lstrcmpiA: 685 != 855 #
GetLocalTime: 248 != 386 #
GlobalUnlock: 360 != 503 #
GlobalHandle: 353 != 496 #
GetUserDefaultLCID: 332 != 474 #
lstrcmpA: 682 != 852 #
@12
EnumResourceLanguagesW: 106 != 235 #
SizeofResource: 592 != 757 #
UnMapSLFixArray: 616 != 783 #
MapSLFix: 433 != 584 #
LocalSize: 419 != 570 #
InterlockedDecrement: 381 != 525 #
@24
UnhandledExceptionFilter: 617 != 784 #
FindResourceA: 160 != 291 #
InterlockedIncrement: 384 != 528 #
IsDBCSLeadByte: 393 != 537 #
WaitForSingleObject: 638 != 807 #
CompareStringA: 43 != 166 #
GetCurrentThreadId: 214 != 349 #
GetLastError: 247 != 385 #
IsBadReadPtr: 389 != 533 #
MapViewOfFile: 434 != 585 #
GetFileSize: 237 != 375 #
UnmapViewOfFile: 621 != 788 #
IsValidCodePage: 397 != 544 #
CreateEventA: 57 != 182 #
CreateFileA: 60 != 185 #
CreateFileMappingA: 61 != 186 #
FindResourceExA: 161 != 292 #
GetDateFormatA: 215 != 350 #
GetLocaleInfoA: 249 != 387 #
GetNumberFormatA: 262 != 402 #
GetModuleHandleA: 257 != 397 #
GetStringTypeExA: 304 != 445 #
GetProfileIntA: 289 != 430 #
GetTimeFormatA: 329 != 471 #
GlobalAddAtomA: 341 != 484 #
LoadLibraryA: 404 != 553 #
GlobalReAlloc: 356 != 499 #
RtlUnwind: 502 != 657 #
CloseHandle: 37 != 160 #
GetLocaleInfoW: 250 != 388 #
GetSystemDefaultLCID: 307 != 448 #
LocalFree: 414 != 565 #
LocalAlloc: 410 != 560 #
ThunkConnect32: 603 != 769 #
SUnMapLS_IP_EBP_12: 515 != 670 #
SMapLS_IP_EBP_12: 505 != 660 #
SUnMapLS: 514 != 669 #
SMapLS: 504 != 659 #
FT_Exit24: 127 != 256 #
FT_Exit20: 126 != 255 #
FT_Thunk: 139 != 268 #
lstrlenW: 695 != 865 #
WideCharToMultiByte: 642 != 811 #
Importing from module: 'USER32.dll'
TimeDateStamp: 3adf0611
SubsystemVersion: 4.0 <= 4.10
TrackPopupMenu: 559 != 600 #
PtInRect: 436 != 468 #
GetFocus: 240 != 257 #
GetSysColor: 294 != 316 #
RedrawWindow: 438 != 471 #
DrawFocusRect: 156 != 164 #
IsWindowEnabled: 360 != 392 #
EqualRect: 193 != 207 #
MapWindowPoints: 394 != 426 #
GetParent: 282 != 303 #
GetWindowRect: 315 != 339 #
EnableWindow: 172 != 181 #
SendMessageA: 465 != 503 #
GetSystemMetrics: 297 != 319 #
SystemParametersInfoA: 549 != 589 #
IntersectRect: 337 != 369 #
ClientToScreen: 53 != 61 #
ReleaseCapture: 452 != 487 #
GetCapture: 207 != 223 #
WaitMessage: 586 != 635 #
TranslateMessage: 565 != 606 #
SetCapture: 474 != 512 #
GetSysColorBrush: 295 != 317 #
GetMessageTime: 274 != 294 #
MessageBeep: 396 != 428 #
UnionRect: 568 != 610 #
ScrollWindowEx: 462 != 497 #
GetDoubleClickTime: 239 != 256 #
SetRectEmpty: 511 != 550 #
ScreenToClient: 459 != 494 #
GetMessagePos: 273 != 293 #
GetDlgItem: 235 != 252 #
CopyRect: 63 != 71 #
SetCursor: 482 != 520 #
DrawIcon: 159 != 167 #
EnableScrollBar: 171 != 180 #
SetScrollInfo: 512 != 551 #
GetScrollInfo: 289 != 311 #
GetWindowDC: 310 != 332 #
GetCursorPos: 229 != 246 #
DrawFrameControl: 158 != 166 #
InvertRect: 340 != 372 #
IsRectEmpty: 358 != 390 #
GetScrollPos: 290 != 312 #
GetScrollRange: 291 != 313 #
ShowScrollBar: 541 != 581 #
IsWindowVisible: 362 != 394 #
SetScrollPos: 513 != 552 #
SetScrollRange: 514 != 553 #
IsZoomed: 363 != 395 #
GetDesktopWindow: 232 != 249 #
GetAsyncKeyState: 206 != 222 #
DrawEdge: 155 != 163 #
DestroyWindow: 134 != 142 #
ShowCaret: 538 != 578 #
SetCaretPos: 476 != 514 #
HideCaret: 325 != 350 #
GetKeyState: 250 != 268 #
DestroyCaret: 130 != 138 #
CreateCaret: 67 != 75 #
DestroyIcon: 132 != 140 #
GetIconInfo: 243 != 261 #
CreateIconIndirect: 78 != 86 #
DrawIconEx: 160 != 168 #
CopyImage: 62 != 70 #
CopyIcon: 61 != 69 #
GetDCEx: 231 != 248 #
wsprintfA: 595 != 645 #
ShowWindow: 542 != 582 #
SetWindowRgn: 530 != 570 #
IsChild: 349 != 381 #
GetShellWindow: 292 != 314 #
GetKeyboardLayout: 251 != 269 #
SetKeyboardState: 494 != 532 #
GetKeyboardState: 255 != 273 #
DestroyCursor: 131 != 139 #
GetUpdateRgn: 304 != 326 #
GetUpdateRect: 303 != 325 #
GetWindowRgn: 316 != 340 #
ValidateRect: 578 != 624 #
SetCursorPos: 483 != 521 #
LockWindowUpdate: 386 != 418 #
GetMenuItemID: 264 != 284 #
GetMenuItemCount: 263 != 283 #
GetSubMenu: 293 != 315 #
GetSystemMenu: 296 != 318 #
CheckMenuItem: 47 != 55 #
SetMenu: 497 != 535 #
GetMenuState: 268 != 288 #
SubtractRect: 544 != 584 #
CreatePopupMenu: 82 != 90 #
DestroyMenu: 133 != 141 #
AdjustWindowRect: 1 != 2 #
IsWindow: 359 != 391 #
MoveWindow: 409 != 441 #
GetWindowThreadProcessId: 321 != 345 #
GetWindow: 308 != 330 #
MapDialogRect: 389 != 421 #
SetForegroundWindow: 492 != 530 #
GetNextDlgTabItem: 279 != 300 #
DeferWindowPos: 127 != 135 #
EndDeferWindowPos: 173 != 182 #
BeginDeferWindowPos: 8 != 11 #
SetWindowTextA: 531 != 571 #
SetActiveWindow: 473 != 511 #
GetActiveWindow: 204 != 219 #
PostQuitMessage: 433 != 465 #
CreateDialogIndirectParamA: 71 != 79 #
SetParent: 506 != 544 #
CreateWindowExA: 83 != 91 #
CharNextA: 30 != 38 #
FrameRect: 202 != 217 #
ChildWindowFromPoint: 50 != 58 #
EndDialog: 174 != 183 #
EnumChildWindows: 177 != 187 #
GetWindowLongA: 312 != 334 #
GetCursor: 227 != 244 #
GetForegroundWindow: 241 != 258 #
GetMenu: 258 != 277 #
InvalidateRgn: 339 != 371 #
WindowFromPoint: 591 != 640 #
DrawTextExA: 165 != 174 #
AppendMenuA: 4 != 7 #
CallMsgFilterA: 14 != 20 #
CallWindowProcA: 17 != 23 #
DefWindowProcA: 125 != 133 #
DispatchMessageA: 139 != 147 #
FindWindowA: 197 != 211 #
GetClassInfoA: 210 != 226 #
GetClassNameA: 216 != 232 #
GetKeyNameTextA: 248 != 266 #
GetMenuItemInfoA: 265 != 285 #
GetMessageA: 271 != 291 #
GetPropA: 285 != 307 #
GetWindowTextA: 317 != 341 #
GrayStringA: 323 != 347 #
IsDialogMessageA: 352 != 384 #
LoadCursorA: 369 != 401 #
LoadIconA: 373 != 405 #
LoadImageA: 375 != 407 #
MapVirtualKeyA: 390 != 422 #
PeekMessageA: 428 != 460 #
PostMessageA: 431 != 463 #
RegisterClassA: 439 != 472 #
RegisterWindowMessageA: 450 != 485 #
RemovePropA: 455 != 490 #
GetWindowTextLengthA: 318 != 342 #
SendNotifyMessageA: 471 != 509 #
SetDlgItemTextA: 488 != 526 #
SetPropA: 508 != 547 #
SetWindowLongA: 526 != 566 #
WinHelpA: 587 != 636 #
DialogBoxIndirectParamA: 135 != 143 #
SetFocus: 491 != 529 #
GetDlgCtrlID: 234 != 251 #
InflateRect: 329 != 361 #
BeginPaint: 9 != 12 #
EndPaint: 175 != 185 #
FillRect: 196 != 210 #
UpdateWindow: 575 != 618 #
SetTimer: 520 != 559 #
KillTimer: 364 != 396 #
SetRect: 510 != 549 #
GetDC: 230 != 247 #
ReleaseDC: 453 != 488 #
GetClientRect: 219 != 235 #
InvalidateRect: 338 != 370 #
SetWindowPos: 529 != 569 #
AdjustWindowRectEx: 2 != 3 #
OffsetRect: 418 != 450 #
Importing from module: 'ADVAPI32.dll'
TimeDateStamp: 3720a1cd
SubsystemVersion: 4.0 <= 4.10
RegCreateKeyA: 153 != 219 #
RegCreateKeyExA: 154 != 220 #
RegCloseKey: 150 != 216 #
RegSetValueExA: 193 != 259 #
RegQueryValueExA: 181 != 247 #
RegQueryValueA: 180 != 246 #
RegOpenKeyExA: 173 != 239 #
RegOpenKeyA: 172 != 238 #

To confirm the problems had been fixed, I renamed to COMCTL32b#.DLL file to COMCTL32.DLL and reanalyzed:

COMCTL3#.ini


[ImportPatcher.29 - Intructions]
;Edit parameters and replacement strings and run ImportPatcher again. <=

[Parameters]
Mode: (A)nalyze or (P)atch=A
Walk dependencies=N
Link to copies=Y
Fix function hints=Y

[Need patching? (do not edit)]


Nothing needs patching and:
COMCTL3#.log

ImportPatcher.29
Portable Executable: 'R:\COMCTL32.DLL'
TimeDateStamp: 372a5251
SubsystemVersion: 4.0 <= 4.10
Importing from module: 'GDI32.dll'
TimeDateStamp: 3ab81436
SubsystemVersion: 4.0 <= 4.10
CreateDIBSection: 142 = 142
GetStockObject: 297 = 297
StretchDIBits: 424 = 424
CreateRectRgn: 165 = 165
SetWindowOrgEx: 418 = 418
OffsetWindowOrgEx: 333 = 333
GetDeviceCaps: 250 = 250
PatBlt: 335 = 335
SetBkMode: 378 = 378
RealizePalette: 355 = 355
SelectPalette: 372 = 372
CreatePatternBrush: 160 = 160
CreateBitmap: 131 = 131
RestoreDC: 364 = 364
SelectClipRgn: 370 = 370
SaveDC: 366 = 366
CombineRgn: 125 = 125
CreateRectRgnIndirect: 166 = 166
GetTextColor: 305 = 305
SetObjectOwner: 400 = 400
GetPaletteEntries: 287 = 287
CreateHalftonePalette: 153 = 153
SetPixelV: 404 = 404
SetPixel: 402 = 402
CreateSolidBrush: 170 = 170
SetDIBColorTable: 383 = 383
GetDIBColorTable: 248 = 248
GetBitmapBits: 223 = 223
SetBrushOrgEx: 380 = 380
GetDIBits: 249 = 249
SetDIBits: 384 = 384
OffsetRgn: 331 = 331
GetCurrentObject: 245 = 245
ExcludeClipRect: 200 = 200
RectVisible: 357 = 357
IntersectClipRect: 322 = 322
GetClipRgn: 242 = 242
GetDCOrgEx: 247 = 247
BitBlt: 114 = 114
MoveToEx: 329 = 329
CreatePen: 161 = 161
Arc: 111 = 111
Rectangle: 358 = 358
Ellipse: 182 = 182
CreatePalette: 159 = 159
UnrealizeObject: 431 = 431
StretchBlt: 423 = 423
TranslateCharsetInfo: 430 = 430
Polyline: 351 = 351
CreateBitmapIndirect: 132 = 132
CreatePolygonRgn: 164 = 164
CreateRoundRectRgn: 167 = 167
FrameRgn: 213 = 213
FillRgn: 209 = 209
GetCharWidthW: 238 = 238
GetCharWidthA: 235 = 235
GetTextExtentPoint32W: 309 = 309
GetTextCharsetInfo: 304 = 304
GetTextExtentPointA: 310 = 310
ExtTextOutW: 207 = 207
ExtTextOutA: 206 = 206
GetWindowExtEx: 319 = 319
GetViewportExtEx: 316 = 316
ExtSelectClipRgn: 205 = 205
CreateFontA: 149 = 149
CreateFontIndirectA: 150 = 150
EnumFontFamiliesExA: 189 = 189
GetObjectA: 282 = 282
GetTextMetricsA: 314 = 314
GetTextAlign: 301 = 301
SetTextAlign: 410 = 410
SetBkColor: 377 = 377
SetTextColor: 412 = 412
GetClipBox: 241 = 241
CreateCompatibleDC: 137 = 137
CreateCompatibleBitmap: 136 = 136
SelectObject: 371 = 371
LineTo: 326 = 326
GetNearestColor: 280 = 280
DeleteDC: 173 = 173
GetPixel: 289 = 289
DeleteObject: 176 = 176
GetBkColor: 225 = 225
Importing from module: 'KERNEL32.dll'
TimeDateStamp: 371fc2b3
SubsystemVersion: 4.0 <= 4.10
EnterCriticalSection: 225 = 225
LeaveCriticalSection: 552 = 552
SetEvent: 714 = 714
Sleep: 758 = 758
InitializeCriticalSection: 522 = 522
DeleteCriticalSection: 214 = 214
CreateThread: 205 = 205
MultiByteToWideChar: 594 = 594
lstrlenA: 864 = 864
GetProcAddress: 419 = 419
ReinitializeCriticalSection: 644 = 644
GetACP: 312 = 312
DisableThreadLibraryCalls: 219 = 219
GetCurrentProcessId: 347 = 347
GetVersionExA: 477 = 477
FreeResource: 309 = 309
GlobalFree: 493 = 493
GlobalAlloc: 486 = 486
LockResource: 574 = 574
LoadResource: 558 = 558
GetTickCount: 470 = 470
LocalReAlloc: 568 = 568
IsBadWritePtr: 536 = 536
lstrcpyA: 858 = 858
FreeLibrary: 307 = 307
MulDiv: 593 = 593
HeapAlloc: 509 = 509
HeapFree: 513 = 513
HeapReAlloc: 515 = 515
IsBadCodePtr: 530 = 530
InterlockedExchange: 526 = 526
lstrcpynA: 861 = 861
GetThreadLocale: 465 = 465
GetProcessHeap: 422 = 422
HeapDestroy: 512 = 512
HeapCreate: 511 = 511
HeapSize: 517 = 517
GetUserDefaultLangID: 475 = 475
lstrcmpiA: 855 = 855
GetLocalTime: 386 = 386
GlobalUnlock: 503 = 503
GlobalHandle: 496 = 496
GetUserDefaultLCID: 474 = 474
lstrcmpA: 852 = 852
@12
EnumResourceLanguagesW: 235 = 235
SizeofResource: 757 = 757
UnMapSLFixArray: 783 = 783
MapSLFix: 584 = 584
LocalSize: 570 = 570
InterlockedDecrement: 525 = 525
@24
UnhandledExceptionFilter: 784 = 784
FindResourceA: 291 = 291
InterlockedIncrement: 528 = 528
IsDBCSLeadByte: 537 = 537
WaitForSingleObject: 807 = 807
CompareStringA: 166 = 166
GetCurrentThreadId: 349 = 349
GetLastError: 385 = 385
IsBadReadPtr: 533 = 533
MapViewOfFile: 585 = 585
GetFileSize: 375 = 375
UnmapViewOfFile: 788 = 788
IsValidCodePage: 544 = 544
CreateEventA: 182 = 182
CreateFileA: 185 = 185
CreateFileMappingA: 186 = 186
FindResourceExA: 292 = 292
GetDateFormatA: 350 = 350
GetLocaleInfoA: 387 = 387
GetNumberFormatA: 402 = 402
GetModuleHandleA: 397 = 397
GetStringTypeExA: 445 = 445
GetProfileIntA: 430 = 430
GetTimeFormatA: 471 = 471
GlobalAddAtomA: 484 = 484
LoadLibraryA: 553 = 553
GlobalReAlloc: 499 = 499
RtlUnwind: 657 = 657
CloseHandle: 160 = 160
GetLocaleInfoW: 388 = 388
GetSystemDefaultLCID: 448 = 448
LocalFree: 565 = 565
LocalAlloc: 560 = 560
ThunkConnect32: 769 = 769
SUnMapLS_IP_EBP_12: 670 = 670
SMapLS_IP_EBP_12: 660 = 660
SUnMapLS: 669 = 669
SMapLS: 659 = 659
FT_Exit24: 256 = 256
FT_Exit20: 255 = 255
FT_Thunk: 268 = 268
lstrlenW: 865 = 865
WideCharToMultiByte: 811 = 811
Importing from module: 'USER32.dll'
TimeDateStamp: 3adf0611
SubsystemVersion: 4.0 <= 4.10
TrackPopupMenu: 600 = 600
PtInRect: 468 = 468
GetFocus: 257 = 257
GetSysColor: 316 = 316
RedrawWindow: 471 = 471
DrawFocusRect: 164 = 164
IsWindowEnabled: 392 = 392
EqualRect: 207 = 207
MapWindowPoints: 426 = 426
GetParent: 303 = 303
GetWindowRect: 339 = 339
EnableWindow: 181 = 181
SendMessageA: 503 = 503
GetSystemMetrics: 319 = 319
SystemParametersInfoA: 589 = 589
IntersectRect: 369 = 369
ClientToScreen: 61 = 61
ReleaseCapture: 487 = 487
GetCapture: 223 = 223
WaitMessage: 635 = 635
TranslateMessage: 606 = 606
SetCapture: 512 = 512
GetSysColorBrush: 317 = 317
GetMessageTime: 294 = 294
MessageBeep: 428 = 428
UnionRect: 610 = 610
ScrollWindowEx: 497 = 497
GetDoubleClickTime: 256 = 256
SetRectEmpty: 550 = 550
ScreenToClient: 494 = 494
GetMessagePos: 293 = 293
GetDlgItem: 252 = 252
CopyRect: 71 = 71
SetCursor: 520 = 520
DrawIcon: 167 = 167
EnableScrollBar: 180 = 180
SetScrollInfo: 551 = 551
GetScrollInfo: 311 = 311
GetWindowDC: 332 = 332
GetCursorPos: 246 = 246
DrawFrameControl: 166 = 166
InvertRect: 372 = 372
IsRectEmpty: 390 = 390
GetScrollPos: 312 = 312
GetScrollRange: 313 = 313
ShowScrollBar: 581 = 581
IsWindowVisible: 394 = 394
SetScrollPos: 552 = 552
SetScrollRange: 553 = 553
IsZoomed: 395 = 395
GetDesktopWindow: 249 = 249
GetAsyncKeyState: 222 = 222
DrawEdge: 163 = 163
DestroyWindow: 142 = 142
ShowCaret: 578 = 578
SetCaretPos: 514 = 514
HideCaret: 350 = 350
GetKeyState: 268 = 268
DestroyCaret: 138 = 138
CreateCaret: 75 = 75
DestroyIcon: 140 = 140
GetIconInfo: 261 = 261
CreateIconIndirect: 86 = 86
DrawIconEx: 168 = 168
CopyImage: 70 = 70
CopyIcon: 69 = 69
GetDCEx: 248 = 248
wsprintfA: 645 = 645
ShowWindow: 582 = 582
SetWindowRgn: 570 = 570
IsChild: 381 = 381
GetShellWindow: 314 = 314
GetKeyboardLayout: 269 = 269
SetKeyboardState: 532 = 532
GetKeyboardState: 273 = 273
DestroyCursor: 139 = 139
GetUpdateRgn: 326 = 326
GetUpdateRect: 325 = 325
GetWindowRgn: 340 = 340
ValidateRect: 624 = 624
SetCursorPos: 521 = 521
LockWindowUpdate: 418 = 418
GetMenuItemID: 284 = 284
GetMenuItemCount: 283 = 283
GetSubMenu: 315 = 315
GetSystemMenu: 318 = 318
CheckMenuItem: 55 = 55
SetMenu: 535 = 535
GetMenuState: 288 = 288
SubtractRect: 584 = 584
CreatePopupMenu: 90 = 90
DestroyMenu: 141 = 141
AdjustWindowRect: 2 = 2
IsWindow: 391 = 391
MoveWindow: 441 = 441
GetWindowThreadProcessId: 345 = 345
GetWindow: 330 = 330
MapDialogRect: 421 = 421
SetForegroundWindow: 530 = 530
GetNextDlgTabItem: 300 = 300
DeferWindowPos: 135 = 135
EndDeferWindowPos: 182 = 182
BeginDeferWindowPos: 11 = 11
SetWindowTextA: 571 = 571
SetActiveWindow: 511 = 511
GetActiveWindow: 219 = 219
PostQuitMessage: 465 = 465
CreateDialogIndirectParamA: 79 = 79
SetParent: 544 = 544
CreateWindowExA: 91 = 91
CharNextA: 38 = 38
FrameRect: 217 = 217
ChildWindowFromPoint: 58 = 58
EndDialog: 183 = 183
EnumChildWindows: 187 = 187
GetWindowLongA: 334 = 334
GetCursor: 244 = 244
GetForegroundWindow: 258 = 258
GetMenu: 277 = 277
InvalidateRgn: 371 = 371
WindowFromPoint: 640 = 640
DrawTextExA: 174 = 174
AppendMenuA: 7 = 7
CallMsgFilterA: 20 = 20
CallWindowProcA: 23 = 23
DefWindowProcA: 133 = 133
DispatchMessageA: 147 = 147
FindWindowA: 211 = 211
GetClassInfoA: 226 = 226
GetClassNameA: 232 = 232
GetKeyNameTextA: 266 = 266
GetMenuItemInfoA: 285 = 285
GetMessageA: 291 = 291
GetPropA: 307 = 307
GetWindowTextA: 341 = 341
GrayStringA: 347 = 347
IsDialogMessageA: 384 = 384
LoadCursorA: 401 = 401
LoadIconA: 405 = 405
LoadImageA: 407 = 407
MapVirtualKeyA: 422 = 422
PeekMessageA: 460 = 460
PostMessageA: 463 = 463
RegisterClassA: 472 = 472
RegisterWindowMessageA: 485 = 485
RemovePropA: 490 = 490
GetWindowTextLengthA: 342 = 342
SendNotifyMessageA: 509 = 509
SetDlgItemTextA: 526 = 526
SetPropA: 547 = 547
SetWindowLongA: 566 = 566
WinHelpA: 636 = 636
DialogBoxIndirectParamA: 143 = 143
SetFocus: 529 = 529
GetDlgCtrlID: 251 = 251
InflateRect: 361 = 361
BeginPaint: 12 = 12
EndPaint: 185 = 185
FillRect: 210 = 210
UpdateWindow: 618 = 618
SetTimer: 559 = 559
KillTimer: 396 = 396
SetRect: 549 = 549
GetDC: 247 = 247
ReleaseDC: 488 = 488
GetClientRect: 235 = 235
InvalidateRect: 370 = 370
SetWindowPos: 569 = 569
AdjustWindowRectEx: 3 = 3
OffsetRect: 450 = 450
Importing from module: 'ADVAPI32.dll'
TimeDateStamp: 3720a1cd
SubsystemVersion: 4.0 <= 4.10
RegCreateKeyA: 219 = 219
RegCreateKeyExA: 220 = 220
RegCloseKey: 216 = 216
RegSetValueExA: 259 = 259
RegQueryValueExA: 247 = 247
RegQueryValueA: 246 = 246
RegOpenKeyExA: 239 = 239
RegOpenKeyA: 238 = 238

all ordinal hints match actual function ordinals!

The last step was to backup the original v3600 in Windows\System and replace it with the newly patched COMCTL32.DLL.

0

Share this post


Link to post
Share on other sites

jumper, thanks for the detailed explanation. All is clear now :)

0

Share this post


Link to post
Share on other sites

This is one very cool tool which makes it so much easier and faster for replacing functions than using an hex editor.

:thumbup

It's quite amazing, really! :thumbup

Looks like MS has added a new function to a venerable support file. Substituting another function or stub for '__uncaught_exception' might {not} be acceptable to the calling app. If not, try locating a version of MSVCRT.DLL that includes this function.

Well, I found a version "7.0.6002.18005 (lh_sp2rtm.090410-1830)" on a Vista machine, dated 2009/4/11. However, although this version only reported "[Need patching? ... msvcrt.dll=Y (OS subsystem)" in ImportPatcher (with 'Walk dependencies=N'), after being patched for the OS subsystem, it looked like a descent into DLL dependency hell.

Also, a *#.* copy of every file that is walked is created, including system DLLs (only useful if you're trying to fragment your HDD!).

Does this relate to the "Link to copies=Y/N" option in the INI file? Would this also require "Walk dependencies=Y"?

1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

IP.28 reads parameters from an .ini file that can be edited between passes.

I think that ImportPatcher.27 gave the impression that it would load and execute a file, while satisfying missing dependencies. Since that doesn't seem to be the case, my earlier question was null and void.

Joe.

0

Share this post


Link to post
Share on other sites

Since writing the COMCTL32.DLL example the other day, the patched COMCTL32.DLL has been running on my system with no problems.

>It's quite amazing, really!

Thanks, but it's really just an exercise in learning how to parse the various header structures in the Portable Executable file format. Documentation and guides are hard to find and incomplete, but I keep stumbling onto more of them each week!

IP.30 is undergoing final testing and includes unbinding of broken links.

On the drawing board for function substitution is redirection to another module:


  • [uSER32.dll]
    _missing=KERNEL32.SetLastError

and possibly module insertion:


  • [uSER32.dll]
    _missing=stubs.T16

>Substituting another function or stub for '__uncaught_exception' might {not} be acceptable to the calling app. If not, ...

I could have written "might or might not be", but chose to simplify and wrote "might be". When dealing in fuzzy logic, "not" sometimes becomes optional or even meaningless! :wacko::lol:

>>Also, a *#.* copy of every file that is walked is created, including system DLLs (only useful if you're trying to fragment your HDD!).

>Does this relate to the "Link to copies=Y/N" option in the INI file? Would this also require "Walk dependencies=Y"?

No and Yes! IP.27 would open for R/W a copy of every file it analyzed (whether walking dep's or not) so that it could analyze and patch in one pass. Unfortunately, it didn't delete unneeded copies. Copying every file also made it slow (and loud).

"Link to copies=Y/N" determines whether an app or dll references the original or patched dependency. Naming this option to something understandable has been problematic!


  • Y = patch reference to refer to patched copy of dependency

    • needed if dependencies are patched and the (patched) app is to be directly executable

N = continue to refer to original


  • needed if patched files are intended to be installed over originals

For patched system files an installer is needed (or the file must be copies by hand in DOS). Creation of an .inf will also be tied to this option some time soon!

>>>1. Is there a way to pass command line parameters to "signtool.exe" when using the Import Patcher?

>>IP.28 reads parameters from an .ini file that can be edited between passes.

>I think that ImportPatcher.27 gave the impression that it would load and execute a file, while satisfying missing dependencies. Since that doesn't seem to be the case, my earlier question was null and void.

I misread the question about command line parameters, but now understand. Executing the patched app is a possible future feature and parameter passing would be an important design issue. Perhaps a "[Parameters] App command line parameters=" line in the .ini?

0

Share this post


Link to post
Share on other sites

Looks like MS has added a new function to a venerable support file. Substituting another function or stub for '__uncaught_exception' might {not} be acceptable to the calling app. If not, try locating a version of MSVCRT.DLL that includes this function.

Well, I found a version "7.0.6002.18005 (lh_sp2rtm.090410-1830)" on a Vista machine, dated 2009/4/11. However, although this version only reported "[Need patching? ... msvcrt.dll=Y (OS subsystem)" in ImportPatcher (with 'Walk dependencies=N'), after being patched for the OS subsystem, it looked like a descent into DLL dependency hell.

...I've just tried the Import Patcher on the "signtool.exe" utility from http://www.microsoft.com/download/en/details.aspx?id=8442 (Microsoft Windows SDK for Windows 7 and .NET Framework 4). Image file = GRMSDK_EN_DVD.iso, Path = \Setup\WinSDKTools\cab1.cab, Extract file = WinSDK_signtool_exe_B2E1011D_2F14_488D_A056_C5BD55106409_x86.

...

Executing 'signtool.exe' by itself (with KernelEx 4.5.2) produces the error :


The SIGNTOOL.EXE file is
linked to missing export MSVCRT.DLL:__uncaught_exception.
...
Importing from module: 'msvcrt.dll'
msvcrt.dll: __uncaught_exception (db) * No match
msvcrt.dll: ___lc_handle_func (7f) * No match
msvcrt.dll: ___lc_codepage_func (7d) * No match
msvcrt.dll: ___mb_cur_max_func (80) * No match
msvcrt.dll: __pctype_func (ce) * No match
msvcrt.dll: __iob_func (93) * No match
msvcrt.dll: __crtLCMapStringW (8b) * No match

All seven of those functions are supported in MSVCR90.dll in the package VC_R_9X.EXE at MDGX.

If (anyone is) not running KernelEx, patch MSVCR90.dll with this function replacement:


[KERNEL32.dll]
GetSystemWindowsDirectoryW=GetWindowsDirectoryW

Put MSVCR90.dll in the same folder as signtool.exe or in <windows> or <system>.

Then add to signtoo#.ini:


[Missing modules]
msvcrt.dll=MSVCR90.dll
msvcrt.dll=MSVCR9#.dll ;or this if you don't rename after patching

This should fix the MSVCRT.DLL issues. If signtool has futher dependency problems, post the full .ini file this time (in a 'spoiler' box if large).

* Note: ImportPatcher.29 and .30 syntax (may change in other versions) *

0

Share this post


Link to post
Share on other sites

jumper, would you be so kind as to make ImportPatcher compatible also with XP and 2k?

I can envisage many uses for it on these two OSes, too.

However, it always hangs and never finishes, when I try to use it on XP SP3.

If set to Analyse, it hangs silently, after producing the ini and the log (I have to kill it, to terminate it).

If set to Patch, it hangs before actually patching anything, and I get a box with an exclamation point saying: "Debug: CreateFileMapping"... my only option is to click OK, and whe I do it, the box closes, then reappears, keeping on this forever (so I have to kill it, to terminate it).

If run from Dependency Walker with the problem file as the only command-line argument, it analyses the file (for a real lonng time), then, after producing the ini and the log, terminates with failure. The last lines of DW profiling are the following:

00:55:39.171: First chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.187: Second chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.234: Exited "n:\IMPORTPATCHER.29.EXE" (process 0xA8C) with code -1073741571 (0xC00000FD) by thread 1.
00:00:00.062: Entrypoint reached. All implicit modules have been loaded.

BTW, you rock! Thanks a lot for ImportPatcher! :thumbup

0

Share this post


Link to post
Share on other sites

If (anyone is) not running KernelEx, patch MSVCR90.dll with this function replacement ...

Well, I'm kinda dependent on KernelEx these days ...

Anyway, I managed to get another (fairly recent) version of "signtool.exe" that doesn't have strange requirements for 'msvcrt.dll'. It's version "4.00 (longhorn_rtm.080108-2300)", obtained from the W2008 & dotNet3.5 SDK (6.0.6001.18000.367-KRMSDK_EN.iso). The file is "\Setup\WinSDKTools-WinSDKTools-common.0.cab", from which is extracted the file "signtool_exe.B68FF751_0B1A_4F33_B044_1871CB4B13CC". Also required is the "capicom.dll" file, extracted as "capicom_dll.970E4F94_546F_49F3_BF1F_18BE6B938B02".

This version of "signtool.exe" seems to run OK with KernelEx. (ImportPatcher shows mismatched hints for many DLL functions, but performance isn't important for this application.)

Joe.

0

Share this post


Link to post
Share on other sites

jumper, would you be so kind as to make ImportPatcher compatible also with XP and 2k?

I can envisage many uses for it on these two OSes, too.

I'll try, but I don't have any OS later than SE to test on. Good error reporting like you provided here will be important.

However, it always hangs and never finishes, when I try to use it on XP SP3.

If set to Analyse, it hangs silently, after producing the ini and the log (I have to kill it, to terminate it).

My WinMainCRTStartup function simply returned without calling exit or ExitProcess. This works in SE; apparently not in 2K+. I've added ExitProcess now.

If set to Patch, it hangs before actually patching anything, and I get a box with an exclamation point saying: "Debug: CreateFileMapping"... my only option is to click OK, and whe I do it, the box closes, then reappears, keeping on this forever (so I have to kill it, to terminate it).

The Debug message is mine and indicates that CreateFileMapping (part of the file-mapping sequence of calls) failed. I have located and fixed a minor (SE didn't mind) error in one of the protection flags. I'll also add GetLastCall support to the error reporting.

Despite forcing CreateFileMapping to fail when in patch mode, I was unable to reproduce the error loop. I'm testing IP.31 builds now and much code has been cleaned up since IP.29. I'll trace the old code in my best simulator (sleep on it) in a few minutes....

If run from Dependency Walker with the problem file as the only command-line argument, it analyses the file (for a real lonng time), then, after producing the ini and the log, terminates with failure. The last lines of DW profiling are the following:

00:55:39.171: First chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.187: Second chance exception 0xC00000FD (Stack Overflow) occurred in "n:\IMPORTPATCHER.29.EXE" at address 0x00401009 by thread 1.
00:55:39.234: Exited "n:\IMPORTPATCHER.29.EXE" (process 0xA8C) with code -1073741571 (0xC00000FD) by thread 1.
00:00:00.062: Entrypoint reached. All implicit modules have been loaded.

BTW, you rock! Thanks a lot for ImportPatcher! :thumbup

ImportPatcher is currently designed to function recursively. A stack overflow is the expected result of a runaway loop. The slow speed is likely the result of DW managing a huge amount of text in the log window.

A (hitherto) undocumented feature of ImportPatcher is that the text of all message boxes, log file entries, and any error messages are also passed to OutputDebugMessage(). Running IP in a debug environment such as DW allows viewing of these messages. If IP is looping endlessly (until the stack overflows) the DW log window should be filling will huge amounts of text.

0

Share this post


Link to post
Share on other sites

Anyway, I managed to get another (fairly recent) version of "signtool.exe" that doesn't have strange requirements for 'msvcrt.dll'. It's version "4.00 (longhorn_rtm.080108-2300)", obtained from the W2008 & dotNet3.5 SDK (6.0.6001.18000.367-KRMSDK_EN.iso).

...

This version of "signtool.exe" seems to run OK with KernelEx. (ImportPatcher shows mismatched hints for many DLL functions, but performance isn't important for this application.)

The previous version was dotNet4.0--even more recent. Because KernelEx won't always be up-to-date with the latest demands of new software, it would be nice to know if ImportPatcher can help fill the void. To that end, it would be great if you could test the dotNet4.0 version with the msvcrt->msvcr90 replacement I proposed. This might also really help out those who don't use KernelEx.

TIA, jumper.

0

Share this post


Link to post
Share on other sites

Anyway, I managed to get another (fairly recent) version of "signtool.exe" that doesn't have strange requirements for 'msvcrt.dll'. It's version "4.00 (longhorn_rtm.080108-2300)", obtained from the W2008 & dotNet3.5 SDK (6.0.6001.18000.367-KRMSDK_EN.iso).

...

This version of "signtool.exe" seems to run OK with KernelEx. (ImportPatcher shows mismatched hints for many DLL functions, but performance isn't important for this application.)

The previous version was dotNet4.0--even more recent. Because KernelEx won't always be up-to-date with the latest demands of new software, it would be nice to know if ImportPatcher can help fill the void. To that end, it would be great if you could test the dotNet4.0 version with the msvcrt->msvcr90 replacement I proposed. This might also really help out those who don't use KernelEx.

TIA, jumper.

Sure, but I won't get a chance to try this until Monday.

Since I do use/rely on KernelEx, for the purposes of this experiment, I presume the following will be sufficient :

* In "signtoo#.ini", I'll add :


[Missing modules]
msvcrt.dll=MSVCR90.dll

Joe.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.