Jump to content

Kext: DIY KernelEx extensions


Recommended Posts

Kext: DIY KernelEx extensions

A collection of tools for extending KernelEx

Core.ini (in Post #144)

Ktree9.7z

iphlpapi4.7z

Kstub822.zip

Other recommended updates

!Please post recommendations!

Msvcrt.dll <- Msvcr70.dll / Msvcr71.dll

Msvcr90.dll 9.00.21022.8

Msimg32.dll 5.00.2218.1 (Lab06_N(PRAVINSDEV).000328-1149)

Winhttp.dll 5.1.2600.1557 (xpsp2_gdr.040517-1325)

MsXML 4.0 SP2+fix / SP3

:D:whistle:

Ktree - KernelEx API viewer (Tree view control for core.ini and KernelEx\KnownDLLs)

Ktree9.7z - (9Jan13):

  • lists extension modules invoked by "contents=" of Core.ini
  • lists DLLs supported via HKLM\Software\KernelEx\KnownDLLs
  • lists all extensions by DLL
  • lists all extensions by API

Click below to see older updates:

Spoiler

Ktree8.zip:

  • lists DLLs supported via HKLM\Software\KernelEx\KnownDLLs

Ktree.zip:

  • tree-view list of APIs supported by KernelEx
  • lists extension modules invoked by "contents=" of Core.ini
  • lists by DLL all APIs supported by each module

Iphlpapi.dll - Iphlpapi extension wrapper

iphlpapi4.7z - (7Jan13):

  • For use with or without KernelEx / Kexstubs
  • see Post #116 for details and usage

New in this version:

  • Better GetAdaptersAddresses
  • 10 new stubs

Click below to see older updates:

Spoiler

Iphlpapi3.zip:

  • Adds: GetAdaptersAddresses, GetPerAdapterInfo, GetTcpTable2 (stub)
  • For use with or without KernelEx
  • see Post #101 for details and usage

Kexstubs - better forwarding, better definitions

Kstub822.zip - Kstub822.dll, Kstub822.ini

  • Latest definitions for all stubbed functions!
  • Fixes two bugs introduced in 816 related to comment processing

New in 816:

  • Forward definitions can now be abbreviated and commented
  • Many new forward definitions providing full function support
  • Stepload support removed

Click below to see older updates:

Spoiler

Kexstubs - Add new function stubs just by editing a preference file!

Kstub730.zip - Kstub730.dll, Kstub730.ini, ComDlgKs.dll

  • Edit definitions with just an app restart
  • API logging
  • API forwarding
  • SetLastError (unsigned32)
  • Pop from stack {unsigned32}
  • Return {int64 | parameter64}

Installation:

  • extract Kstub730.dll, Kstub730.ini, ComDlgKs.dll to KernelEx folder (C:\WINDOWS\KernelEx)
  • modify contents= line in Core.ini to read:

    • contents=std,kexbases,kexbasen,Kstub730

    - upon reboot, will take effect at highest priority (for ComDlg32:PrintDlgExA/W overrides)

Kstub730.ini Usage:

  • Edit stub definitions as needed, and restart apps
  • Add, Delete, Comment out definitions as needed, and restart Windows
  • Set StepLoad=0 for silent loading
  • Set Log=0 to disable logging

Kexstubs - Add new function stubs just by editing a preference file!


  • - default definitions add dozens of new function stubs to Kernel 4.5x
    - based on KextSamp sample (see below)
    - define up to 1600 new function stubs for 100 DLL's

Kstub626.zip

Installation:


  • - extract Kstub626.dll and stubs.ini to KernelEx folder (C:\WINDOWS\KernelEx)
    - modify contents= line in Core.ini to read:

    • contents=Kstub626,std,kexbases,kexbasen

- upon reboot, will take effect at lowest priority

Usage:


  • - LoadTest will show what stubs.ini functions are available.

    • It parses stubs.ini and calls LoadLibrary and GetProcAddress on each DLL/function pair.
      First hex value is the DLL base address (0 if not found)
      Second is the function address (in address space of provider, use any process viewer to learn more)
      Third is reserved (always zero)
      The function addresses should mainly be 0 without Kexstubs loaded, 10001xxx with it.

- In stubs.ini, set StepLoad=0 for silent loading

- Add or edit stub definitions as needed.

- Restart Windows (or reboot system) for KernelEx to reload definitions.


Source code available upon request:

Spoiler

KextSamp - Sample source code in C for adding new functions to KernelEx.


  • - based on the KernelEx Core SDK defined in kexcoresdk.h
    - simplified to encourage developers of all levels to contribute
    - KernelEx source not required

NetApiEx - Example for adding new functions to KernelEx.


  • - based on KextSamp
    - with source code in C
    - as seen on MSFN in April!
Edited by jumper
Pruning
Link to comment
Share on other sites


Excellent question, PROBLEMCHYLD. :)

Previously, when users trying out new software were confronted with a "missing export" load failure, they had only two options:


  • 1. Wait for someone else to update KernelEx,
    2. Update KernelEx themselves.

With Kexstubs installed, now there is is third option:


  • 3. Edit a configuration file and reboot!

And once I get the kinks worked out of the Kext examples, there will be a fourth option:


  • 4. Add or upgrade specific API's by developing a custom module, without needing to rebuild the entire KernelEx core.

  • Option 3 is the best for normal users (and great for developers as well), and is here right now.
  • Option 4 will be the best for developers, and I expect will be the avenue for most new KernelEx development.

Contributed results from options 3 and 4 can be rolled into the core KernelEx package if and when it is next updated.

Link to comment
Share on other sites

1. The msi (windows installer) of Adobe Flash Player (Opera/Firefox) 11.3 works fine without error message.

The player only works, if Opera runs with Win2000 mode! It doesn't, if Opera runs with default mode.

Error fixed: missing Export Advapi32.dll:ChangeServiceConfig2W (ChangeServiceConfig2W=z3e)

2. Foxit Reader versions 5.0.x and 5.1.x now start ([secur32.dll] GetUserNameExW=z3e solves the error). The versions 5.0.x have some graphical issues.

All versions of the Reader work.

3. Stubs.ini "[Kernel32.dll] GetSystemWow64DirectoryA=z3e" entry works for Java updates 33 and 34 (next release). Tested with the msi.

:thumbup

Edited by schwups
Link to comment
Share on other sites

This looks like a great addition to KernelEx but despite I haven't tried it yet there is something I don't quite like about it and that is the need to reboot/restart windows for changes in the ini file to apply. Do you think you could do something about it?

Link to comment
Share on other sites

2. Foxit Reader versions 5.0.x and 5.1.x now start ([secur32.dll] GetUserNameExW=z3e solves the error). The versions 5.0.x have some graphical issues.

Not all 5.x.x versions of Foxit reader have a dependency in secur32.dll, however I just post this to say that KernelEx in 2K compat mode eliminates the graphical issues here. I am still using version 4 as I don't really like the new skinned interface and I have found no way to not use skins in the options unfortunately.

Link to comment
Share on other sites

@jds

>Does this now supersede the previous 'NetApiEx' stuff?

Temporarily, yes. At the moment, Kexstubs has stub support for more Netapi32 functions than NetApiEx. And additional stubs can easily be added as needs arise.

But stubs are only a first step--they allow a program to load, but not to fully function. The next step is to write code that actually does what the calling program expects of it. That will be the role of NetApiEx in the future: to provide working API's rather than simple stubs.

If we keep things open source with the right licensing, we should be able to borrow code from Wine and ReactOS as well as from the excellent work of our own WildBill and blackwingcat.

Link to comment
Share on other sites

Excellent testing and reporting, schwups. :thumbup

During development, I searched the web for references to "missing export" to find needed API's and then added stub definitions. Naturally, I missed some that were right under my nose. Here is an update based largely upon loblo's work:thumbup that can be manually added to stubs.ini to complete MSVC2010 (non-.NET) support. Definitions will take effect after next Windows restart:

[edit]

* Warning: Read posts #15-17 before applying these definitions. Insert definitions one at a time and only as needed. *

[/edit]


[Kernel32.dll]
ActivateActCtx=f2e
CreateActCtxA=t1e
CreateActCtxW=t1e
DeactivateActCtx=f2e
FindActCtxSectionStringA=f5e
FindActCtxSectionStringW=f5e
GetGeoInfoA=z5e
GetGeoInfoW=z5e
GetUserGeoID=t1
GetVolumeNameForVolumeMountPointA=z3e
GetVolumeNameForVolumeMountPointW=z3e
HeapQueryInformation=f5e
InitializeSListHead=f1
InterlockedFlushSList=f1
InterlockedPopEntrySList=f1
InterlockedPushEntrySList=f2
QueryDepthSList=f1
ReleaseActCtx=f1

By the way, sections don't need to be in alphabetical order but there should be no duplicates.

Function definitions should be sorted, but Kexstubs will bubble-sort them (then reorder the strings) if they are not.

Edited by jumper
Link to comment
Share on other sites

This looks like a great addition to KernelEx but despite I haven't tried it yet there is something I don't quite like about it and that is the need to reboot/restart windows for changes in the ini file to apply. Do you think you could do something about it?

I didn't like the idea of needing to restart, either, but trying to avoid it delayed the release by weeks.

I was unable to avoid the fact that KernelEx only loads support DLL's at startup. Even if it were possible to unload and then reload KernelEx like a USB device driver, unloading it would require the termination of all clients and that would pretty much shut down Windows anyway. :(

The next version of Kexstubs, however, will allow for the redefinition of stubs with just the restart of any app that needs the new definition. This will allow for experimentation with various return values and LastError codes without a system restart. :)

Link to comment
Share on other sites

3. Stubs.ini "[Kernel32.dll] GetSystemWow64DirectoryA=z3e" entry works for Java updates 33 and 34 (next release). Tested with the msi.

:thumbup

Hi Schwups and Jumper,

thanks for the above ! So far I just started with only update 32.

It seem to have installed fine on my win98se but I noticed that the control panel where one should deactivate the next generation plug-in is gone. Is it the same on your system ?

Jumper, can you please have a look on OpenOffice !? I have version 3.2 installed and with kstub running it unfortunately won't start. There was an error message about runtime and msvcr90.dll.

Best,

Mikl

Edited by MiKl
Link to comment
Share on other sites

4. SuperAntiSpyware version 4.56 : The folderselection for custom scan now works.

I've managed to start  version 5.0 with Win 2kSP4 mode (XP mode should do it, too). New entry in stubs.ini: [Netapi32.dll] NetUseEnum=04 > rather guessed not known

First start: The folderselection for custom scan works. After the definitions update has finished the system crashed.

Link to comment
Share on other sites

3. Stubs.ini "[Kernel32.dll] GetSystemWow64DirectoryA=z3e" entry works for Java updates 33 and 34 (next release). Tested with the msi.

:thumbup

Hi Schwups and Jumper,

thanks for the above ! So far I just started with only update 32.

It seem to have installed fine on my win98se but I noticed that the control panel where one should deactivate the next generation plug-in is gone. Is it the same on your system ?

Jumper, can you please have a look on OpenOffice !? I have version 3.2 installed and with kstub running it unfortunately won't start. There was an error message about runtime and msvcr90.dll.

Best,

Mikl

Copy "javacpl.cpl" (C:\Programme\Java\jre6\bin) in your system folder and it should appear in your control panel.

OpenOffice 3.2.1: You must copy the VisualC++ red 2008 files (MSVCM90.DLL; MSVCP90.DLL; MSVCR90.DLL) of the system folder in your system32 folder.

Edited by schwups
Link to comment
Share on other sites

Yes there seem to be a problem with the update - post 10. I couldn't install OO 3.2.1. Message: The I/O operation has been aborted, because either a thread exit or an application request. After I had deleted the update the setup has worked fine and OO has started.

Edited by schwups
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...