Jump to content

Kext: DIY KernelEx extensions


Recommended Posts

Joe, now that you've found two problems with the Activation Context (ActCtx) family of functions, we're likely to have trouble with the rest:


[Kernel32.dll]
;ActivateActCtx=f2e // buggy!
CreateActCtxA=t1e
CreateActCtxW=t1e
DeactivateActCtx=f2e
FindActCtxSectionStringA=f5e
;FindActCtxSectionStringW=f5e // buggy!
...
ReleaseActCtx=f1

Perhaps we should disable all of them, and then only reenabled them as needed....

MSDN - Activation Context Reference


Function Description
ActivateActCtx Activates the specified activation context.
AddRefActCtx Increments the reference count of the specified activation context.
CreateActCtx Creates an activation context.
DeactivateActCtx Deactivates the specified activation context.
FindActCtxSectionGuid Returns data contained in the ACTCTX_SECTION_KEYED_DATA structure that corresponds to the specified GUID.
FindActCtxSectionString Returns data contained in the ACTCTX_SECTION_KEYED_DATA structure that corresponds to the specified string.
GetCurrentActCtx Returns the current activation context.
IsolationAwareCleanup Ensures that memory is freed when a manifest is loaded, unloaded, and reloaded.
QueryActCtxW Queries the activation context for information about an assembly or file.
QueryActCtxSettingsW Specifies the namespace and attribute name of the attribute that is to be queried.
ReleaseActCtx Decrements the reference count of the specified activation context.
ZombifyActCtx Deactivates the specified activation context, but does not deallocate it.

Link to comment
Share on other sites



[ole32.dll]
CoWaitForMultipleHandles=t5

Isn't CoWaitForMultipleHandles already handled by KernelEx, and emulated at that?

Sorry I cannot add more to the discussion as I have yet to install Kext, lazy me...

Link to comment
Share on other sites

Hey Jumper I had to add

[Winspool.drv]

GetPrinterDataExW=t7

[ole32.dll]

CoWaitForMultipleHandles=t5

to stubs.ini, but what means t7 and how do you know you have to add t7, same question with t7.

Seems to me that each addition can be different for every other person. Because for instance

one program will run for me maybe, but not for everybody else. Otherwise people should use

the same dll's and other system files.

Link to comment
Share on other sites

>Isn't CoWaitForMultipleHandles already handled by KernelEx, and emulated at that?

Good catch, loblo. Indeed, kexbasen contains a robust implementation of CoWaitForMultipleHandles. That is why stubs.ini doesn't already have a definition for it.

This bring up two issues:

1. Dependency Walker doesn't know about KernelEx

2. What happens when a definition is added to stubs.ini that is covered elsewhere

Until there is a DW-like tool that is Kex-aware, it's probably best to only add stubs for missing exports reported by the loader. ImportPatcher was designed to help non-KernelEx users and doesn't currently know about KernelEx, but that can easily be fixed.

The beauty of "contents=Kstub626,std,kexbases,kexbasen" is that if kex already supports a function, the stubs.ini definition will be ignored. Also, if a standard (std) system dll is updated and now includes support for a function (think msvcrt*.dll), it will override any definition in stubs.ini.

Link to comment
Share on other sites

Until there is a DW-like tool that is Kex-aware, it's probably best to only add stubs for missing exports reported by the loader.

Actually, it seems that fileinfo plugin for Total Commander does the job, and it shows which dependencies are delay-loaded.

Link to comment
Share on other sites

FileInfo 2.21 for Total Commander:

DLL dependencies are tested and missing functions are shown.

This does look very promising. The server at physio-a.univ-tours.fr is currently not responding, however, so I can't test it yet.

Remember to set the KernelEx compatibility mode on FileInfo to the same as the module you are testing--KernelEx API support varies by mode!

The ideal KernelEx-aware dependency tester would test against each of the compatibility modes and recommend the best one to use.

Link to comment
Share on other sites

FileInfo 2.21 is available here but it doesn't seem to work at all. :(

FileInfo 2.10 is included in the proTC pack but it lists all functions as missing. :(

FileInfo 2.07 is included in Total Commander PowerPack 1.7 and works as expected. :D

I don't have Total commander so they have been tested in both Lister and Universal Viewer Free with identical results.

:)

Link to comment
Share on other sites

Another problem child from the update @ post #10 :

;ActivateActCtx=f2e // buggy!

This one prevented Dependency Walker from running (unless I disabled KernelEx for it).

Joe.

Confirmed!

According to Wikipedia, the current stable version is 2.2.6000. I run that version and have had no problems.

What version has problems with ActivateActCtx?

Link to comment
Share on other sites

Another problem child from the update @ post #10 :

;ActivateActCtx=f2e // buggy!

This one prevented Dependency Walker from running (unless I disabled KernelEx for it).

Joe.

Confirmed!

According to Wikipedia, the current stable version is 2.2.6000. I run that version and have had no problems.

What version has problems with ActivateActCtx?

Hi jumper,

Mine says it's 2.2.6000 (MD5 of EXE = b6051fdab7dc811a2d6be64a1579c735, MD5 of DLL = e72eff1b793fe064f068e715efb1b5cd).

Joe.

Link to comment
Share on other sites

How to install Opera 12.5 alpha for testing.

I added these API's to [secur32.dll]: Please jumper correct them, I'm not sure.

LsaEnumerateLogonSessions=z2e

LsaFreeReturnBuffer=z1e

LsaGetLogonSessionData=z2e

InitSecurityInterfaceW=

It doesn't work stable and of course the plugins don't run and I can't add buttons to the toolbars. The comp. mode must be Win2000SP4 for installation and running (the default mode isn't possible anymore).

[NTDLL.DLL] vsprintf=z3e for latest Sumatra PDF

Edited by schwups
Link to comment
Share on other sites

How to install Opera 12.5 alpha for testing.

I added these API's to [secur32.dll]: Please jumper correct them, I'm not sure.

LsaEnumerateLogonSessions=z2e

LsaFreeReturnBuffer=z1e

LsaGetLogonSessionData=z2e

InitSecurityInterfaceW=

The Lsa functions need to return a negative value to indicate failure, so our only option for now is 'true'. They don't SetLastError, so no 'e'.

InitSecurityInterface[A/W] returns zero on failure, takes no parameters, and doesn't SetLastError.

Sorted and merged:


[Secur32.dll]
GetUserNameExA=z3e
GetUserNameExW=z3e
InitSecurityInterfaceW=z0
LsaEnumerateLogonSessions=t2
LsaFreeReturnBuffer=t1
LsaGetLogonSessionData=t2

It doesn't work stable and of course the plugins don't run and I can't add buttons to the toolbars. The comp. mode must be Win2000SP4 for installation and running (the default mode isn't possible anymore).

What is your default mode set to? It can be enabled or disabled (registry setting); and any compatibility mode (core.ini setting). I highly recommend Disabled or Enabled/Win98se (for the improved heap management). Only use a higher mode when required, or the app might try to take liberties....

[NTDLL.DLL] vsprintf=z3e for latest Sumatra PDF


[NTDLL.DLL] vsprintf=z0

'z' because no characters are outputted (hopefully the buffer is already zero-terminated, because we can't do that!)

'0' because of the "C" calling convention (__cdecl).

No 'e' because this function doesn't SetLastError.

Edit: As of 822, we can use any of these definitions to forward vsprintf to be handled by Msvcrt.dll:


[NTDLL.DLL]
vsprintf=>Msvcrt.dll:vsprintf
vsprintf=>Msvcrt:vsprintf
vsprintf=>Msvcrt.dll:
vsprintf=>Msvcrt:
vsprintf=>

Edited by jumper
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...