• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
jumper

Kext: DIY KernelEx extensions

338 posts in this topic

Yes I can confirm FindActCtxSectionStringW is a culprit. OO starts successfully and runs fine.

But I have a problem with the Foxit Reader 5.x. It refused to start, if I try to start it from the desktop shortcut.

Error starting program 

The IPHLPAPI.dll file canot start. Check the file to determine the problem. 

It starts from the start menu shortcut or from foxit.exe in the program folder.

0

Share this post


Link to post
Share on other sites

I have the portable version off Foxit Reader 5.x running here IPHLPAPI.dll does not give a problem here.

I checked it with dependency walker. Maybe you could also check it.

0

Share this post


Link to post
Share on other sites

Another problem child from the update @ post #10 :

;ActivateActCtx=f2e // buggy!

This one prevented Dependency Walker from running (unless I disabled KernelEx for it).

Joe.

0

Share this post


Link to post
Share on other sites

I have the portable version from foxit reader 5x. running. I checked foxit reader.exe I did not get a problem running it.

I checked it with dependency walker,

Winspool.drv = GetPrinterDataExW seems to be a problem

ole32.dll = CoWaitForMultipleHandles seems to be a problem

and there are more. But how can I use this with stubs.ini

0

Share this post


Link to post
Share on other sites

I have the portable version from foxit reader 5x. running. I checked foxit reader.exe I did not get a problem running it.

That's good new. :)

I checked it with dependency walker,

Winspool.drv = GetPrinterDataExW seems to be a problem

ole32.dll = CoWaitForMultipleHandles seems to be a problem

and there are more.

These must be delay-load dependencies that are loaded later, as needed. If the load fails, the operation that triggered it will fail. This appears to include printing.

But how can I use this with stubs.ini

1. Locate or create sections in stubs.ini for each module:


[Winspool.drv]

[ole32.dll]

2. Add blank definition keys for each missing export function:


[Winspool.drv]
GetPrinterDataExW

[ole32.dll]
CoWaitForMultipleHandles

If we stop here, Kexstubs will prompt you at run-time for a return value if the function is ever invoked.

3. Add definition values for each function as per Post #21:


[Winspool.drv]
GetPrinterDataExW=t7

[ole32.dll]
CoWaitForMultipleHandles=t5

4. Restart Windows to apply changes.

Edited by jumper
0

Share this post


Link to post
Share on other sites

Joe, now that you've found two problems with the Activation Context (ActCtx) family of functions, we're likely to have trouble with the rest:


[Kernel32.dll]
;ActivateActCtx=f2e // buggy!
CreateActCtxA=t1e
CreateActCtxW=t1e
DeactivateActCtx=f2e
FindActCtxSectionStringA=f5e
;FindActCtxSectionStringW=f5e // buggy!
...
ReleaseActCtx=f1

Perhaps we should disable all of them, and then only reenabled them as needed....

MSDN - Activation Context Reference


Function Description
ActivateActCtx Activates the specified activation context.
AddRefActCtx Increments the reference count of the specified activation context.
CreateActCtx Creates an activation context.
DeactivateActCtx Deactivates the specified activation context.
FindActCtxSectionGuid Returns data contained in the ACTCTX_SECTION_KEYED_DATA structure that corresponds to the specified GUID.
FindActCtxSectionString Returns data contained in the ACTCTX_SECTION_KEYED_DATA structure that corresponds to the specified string.
GetCurrentActCtx Returns the current activation context.
IsolationAwareCleanup Ensures that memory is freed when a manifest is loaded, unloaded, and reloaded.
QueryActCtxW Queries the activation context for information about an assembly or file.
QueryActCtxSettingsW Specifies the namespace and attribute name of the attribute that is to be queried.
ReleaseActCtx Decrements the reference count of the specified activation context.
ZombifyActCtx Deactivates the specified activation context, but does not deallocate it.

0

Share this post


Link to post
Share on other sites


[ole32.dll]
CoWaitForMultipleHandles=t5

Isn't CoWaitForMultipleHandles already handled by KernelEx, and emulated at that?

Sorry I cannot add more to the discussion as I have yet to install Kext, lazy me...

0

Share this post


Link to post
Share on other sites

Hey Jumper I had to add

[Winspool.drv]

GetPrinterDataExW=t7

[ole32.dll]

CoWaitForMultipleHandles=t5

to stubs.ini, but what means t7 and how do you know you have to add t7, same question with t7.

Seems to me that each addition can be different for every other person. Because for instance

one program will run for me maybe, but not for everybody else. Otherwise people should use

the same dll's and other system files.

0

Share this post


Link to post
Share on other sites

I saw I made a mistake: It must be same question with t 5

And different users use different version of dll files or system files. So it will be different for each user.

0

Share this post


Link to post
Share on other sites

>Isn't CoWaitForMultipleHandles already handled by KernelEx, and emulated at that?

Good catch, loblo. Indeed, kexbasen contains a robust implementation of CoWaitForMultipleHandles. That is why stubs.ini doesn't already have a definition for it.

This bring up two issues:

1. Dependency Walker doesn't know about KernelEx

2. What happens when a definition is added to stubs.ini that is covered elsewhere

Until there is a DW-like tool that is Kex-aware, it's probably best to only add stubs for missing exports reported by the loader. ImportPatcher was designed to help non-KernelEx users and doesn't currently know about KernelEx, but that can easily be fixed.

The beauty of "contents=Kstub626,std,kexbases,kexbasen" is that if kex already supports a function, the stubs.ini definition will be ignored. Also, if a standard (std) system dll is updated and now includes support for a function (think msvcrt*.dll), it will override any definition in stubs.ini.

0

Share this post


Link to post
Share on other sites

Another problem child from the update @ post #10 :

;ActivateActCtx=f2e // buggy!

This one prevented Dependency Walker from running (unless I disabled KernelEx for it).

Joe.

Confirmed!

0

Share this post


Link to post
Share on other sites

Until there is a DW-like tool that is Kex-aware, it's probably best to only add stubs for missing exports reported by the loader.

Actually, it seems that fileinfo plugin for Total Commander does the job, and it shows which dependencies are delay-loaded.

0

Share this post


Link to post
Share on other sites

FileInfo 2.21 for Total Commander:

DLL dependencies are tested and missing functions are shown.

This does look very promising. The server at physio-a.univ-tours.fr is currently not responding, however, so I can't test it yet.

Remember to set the KernelEx compatibility mode on FileInfo to the same as the module you are testing--KernelEx API support varies by mode!

The ideal KernelEx-aware dependency tester would test against each of the compatibility modes and recommend the best one to use.

0

Share this post


Link to post
Share on other sites

Another problem child from the update @ post #10 :

;ActivateActCtx=f2e // buggy!

This one prevented Dependency Walker from running (unless I disabled KernelEx for it).

Joe.

Confirmed!

According to Wikipedia, the current stable version is 2.2.6000. I run that version and have had no problems.

What version has problems with ActivateActCtx?

0

Share this post


Link to post
Share on other sites

Another problem child from the update @ post #10 :

;ActivateActCtx=f2e // buggy!

This one prevented Dependency Walker from running (unless I disabled KernelEx for it).

Joe.

Confirmed!

According to Wikipedia, the current stable version is 2.2.6000. I run that version and have had no problems.

What version has problems with ActivateActCtx?

Hi jumper,

Mine says it's 2.2.6000 (MD5 of EXE = b6051fdab7dc811a2d6be64a1579c735, MD5 of DLL = e72eff1b793fe064f068e715efb1b5cd).

Joe.

0

Share this post


Link to post
Share on other sites

same version - same checksums

0

Share this post


Link to post
Share on other sites

How to install Opera 12.5 alpha for testing.

I added these API's to [secur32.dll]: Please jumper correct them, I'm not sure.

LsaEnumerateLogonSessions=z2e

LsaFreeReturnBuffer=z1e

LsaGetLogonSessionData=z2e

InitSecurityInterfaceW=

It doesn't work stable and of course the plugins don't run and I can't add buttons to the toolbars. The comp. mode must be Win2000SP4 for installation and running (the default mode isn't possible anymore).

[NTDLL.DLL] vsprintf=z3e for latest Sumatra PDF

Edited by schwups
0

Share this post


Link to post
Share on other sites

How to install Opera 12.5 alpha for testing.

I added these API's to [secur32.dll]: Please jumper correct them, I'm not sure.

LsaEnumerateLogonSessions=z2e

LsaFreeReturnBuffer=z1e

LsaGetLogonSessionData=z2e

InitSecurityInterfaceW=

The Lsa functions need to return a negative value to indicate failure, so our only option for now is 'true'. They don't SetLastError, so no 'e'.

InitSecurityInterface[A/W] returns zero on failure, takes no parameters, and doesn't SetLastError.

Sorted and merged:


[Secur32.dll]
GetUserNameExA=z3e
GetUserNameExW=z3e
InitSecurityInterfaceW=z0
LsaEnumerateLogonSessions=t2
LsaFreeReturnBuffer=t1
LsaGetLogonSessionData=t2

It doesn't work stable and of course the plugins don't run and I can't add buttons to the toolbars. The comp. mode must be Win2000SP4 for installation and running (the default mode isn't possible anymore).

What is your default mode set to? It can be enabled or disabled (registry setting); and any compatibility mode (core.ini setting). I highly recommend Disabled or Enabled/Win98se (for the improved heap management). Only use a higher mode when required, or the app might try to take liberties....

[NTDLL.DLL] vsprintf=z3e for latest Sumatra PDF


[NTDLL.DLL] vsprintf=z0

'z' because no characters are outputted (hopefully the buffer is already zero-terminated, because we can't do that!)

'0' because of the "C" calling convention (__cdecl).

No 'e' because this function doesn't SetLastError.

Edit: As of 822, we can use any of these definitions to forward vsprintf to be handled by Msvcrt.dll:


[NTDLL.DLL]
vsprintf=>Msvcrt.dll:vsprintf
vsprintf=>Msvcrt:vsprintf
vsprintf=>Msvcrt.dll:
vsprintf=>Msvcrt:
vsprintf=>

Edited by jumper
0

Share this post


Link to post
Share on other sites

My default mode: KernelEx is enabled. HKEY_LOCAL_MACHINE\SOFTWARE\KernelEx  "DisableExtensions"=dword:0x00000000 (0). 

Thanks for corrections and explanations. 

0

Share this post


Link to post
Share on other sites

My default mode: KernelEx is enabled. HKEY_LOCAL_MACHINE\SOFTWARE\KernelEx  "DisableExtensions"=dword:0x00000000 (0). 

Thanks for corrections and explanations. 

Me too.

That explains why jumper didn't see the Dependency Walker problem ...

Joe.

0

Share this post


Link to post
Share on other sites

Kstub730.ini:

[ComDlg32.dll]

PrintDlgExA=>ComDlgKs.dll:PrintDlgExA

PrintDlgExW=>ComDlgKs:PrintDlgExW

I think it should be PrintDlgExW=>ComDlgKs.dll:PrintDlgExW !?

0

Share this post


Link to post
Share on other sites

>I think it should be PrintDlgExW=>ComDlgKs.dll:PrintDlgExW !?

Good eye, I hoped it would be noticed. :)

This was an intentional example of how the '.dll' extension is optional:

; =>[[drive:]path]library[.ext]:function

SumatraPDF 2.11 was my test case for this forwarding definition.

0

Share this post


Link to post
Share on other sites

After updating to 730 an IE script error occured in windows\web\controlp.htt, if I tried open the control panel. This happened on two of three machines.

Run => regsvr32 webvw.dll doesn't work. Downgrading to 626 fixed the error.

Edited by schwups
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.