• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
jumper

Kext: DIY KernelEx extensions

338 posts in this topic

Ktree8.zip:

  • tree-view list of APIs supported by KernelEx
  • lists extension modules invoked by "contents=" of Core.ini
  • lists by DLL all APIs supported by each module
  • lists DLLs supported via HKLM\Software\KernelEx\KnownDLLs

A minor, but important, step forward to also include extensions via KernelEx\KnownDLLs.

Edited by jumper
0

Share this post


Link to post
Share on other sites

With "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" in the ini file µTorrent 2.0 crashes on start. 

0

Share this post


Link to post
Share on other sites

With "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" in the ini file µTorrent 2.0 crashes on start.

Does µTorrent 2.0 start or even load without the stub?

What is the nature of the crash (is it silent or is there a message)?

You can also try using the GetAdaptersAddresses (or whole IPHLPAPI.DLL) from 2K, XP, ReactOS, Wine, WildBill, or blackwingcat.

Edited by jumper
0

Share this post


Link to post
Share on other sites

With "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" in the ini file µTorrent 2.0 crashes on start.

Does µTorrent 2.0 start or even load without the stub?

What is the nature of the crash (is it silent or is there a message)?

You can also try using the GetAdaptersAddresses (or whole IPHLPAPI.DLL) from 2K, XP, ReactOS, Wine, WildBill, or blackwingcat.

Kstub822.log: = IPHLPAPI.DLL:GetAdaptersAddresses =

1. Without  "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" µTorrent 2.0.4 works fine. 

Prompt: No combination works. (GetAdaptersAddresses=)

2. Message: screenshot

The crash dump dmp file is empty.

3. Whole IPHLPAPI.DLL of Wild Bill in the system folder: µTorrent starts and runs.

post-266873-0-49685900-1349612715_thumb.

0

Share this post


Link to post
Share on other sites

µTorrent:

Uninstalling of the Fritz Firewall (SARAH.DLL) doesn't work and the crash dump file is still empty.

Opera (comp. mode Win 2000):

Opera 12.5 build 1513 is the latest version that works for me, of course without plugins.

If I add "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" in the ini file, Opera build 1546 starts, but I get the internal connection error.

Build 1577 and higher versions crash on start. I didn't download every build.

Crashlog of build 12.10 1615:

crash.zip

0

Share this post


Link to post
Share on other sites

With "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" in the ini file µTorrent 2.0 crashes on start. 

µTorrent doesn't crash with  "GetAdaptersAddresses=t5"

0

Share this post


Link to post
Share on other sites


[IpHlpApi.dll]
GetPerAdapterInfo=r50s3e50 ; Error_Not_Supported, 3 Params

Enables HoverIP v1.0b to work with "iphlpapi.dll" version 5.0.1717.2 (newer versions I've found, such as 5.0.2173.2, have the required function but unfortunately also a whole bunch of dependencies).

Joe.

0

Share this post


Link to post
Share on other sites

According to MSDN, GetPerAdapterInfo doesn't set the last error via SetLastError(). So without the "e50" that should be:


[IpHlpApi.dll]
GetPerAdapterInfo=r50s3 ; Error_Not_Supported, 3 Params

0

Share this post


Link to post
Share on other sites

According to MSDN, GetPerAdapterInfo doesn't set the last error via SetLastError(). So without the "e50" that should be:


[IpHlpApi.dll]
GetPerAdapterInfo=r50s3 ; Error_Not_Supported, 3 Params

Thanks, jumper. I've confirmed that HoverIP works just fine without the SetLastError option.

Looking at the MSDN information, I suppose if it doesn't mention anything about a function setting the "last error" code, it means it isn't set.

Joe.

Edited by jds
0

Share this post


Link to post
Share on other sites

With "[iPHLPAPI.DLL]GetAdaptersAddresses=r120s5" in the ini file µTorrent 2.0 crashes on start. 

µTorrent doesn't crash with  "GetAdaptersAddresses=t5"

I've just tried this 't5' setting and it produces this problem with SAP GUI for Java 7.10r3 when connecting to the server :

Error: internal error

Mon Nov 26 17:06:05 2012

Release 710

Component NI (network interface), version 39

rc = -1, module ninti.c, line 214

Detail NiPGetNodeAddrList03

System Call GetAdaptersAddresses

Error No -1

However, the following (undocumented return code for this function?) works OK for SAP GUI (no Kstub entry also works) :

GetAdaptersAddresses=r50s5

Joe.

0

Share this post


Link to post
Share on other sites

[iPHLPAPI.DLL]

GetAdaptersAddresses=t5  works for µTorrent 2.0. => Kstub822.log: " = IPHLPAPI.DLL:GetAdaptersAddresses=t5 ="

GetAdaptersAddresses=r50s5 or r120s5 doesn't work for it. => Kstub822.log: "= IPHLPAPI.DLL:GetAdaptersAddresses=r50s5 =" or "= IPHLPAPI.DLL:GetAdaptersAddresses=r120s5 ="

0

Share this post


Link to post
Share on other sites

[iPHLPAPI.DLL]

GetAdaptersAddresses=t5  works for µTorrent 2.0. => Kstub822.log: " = IPHLPAPI.DLL:GetAdaptersAddresses=t5 ="

GetAdaptersAddresses=r50s5 or r120s5 doesn't work for it. => Kstub822.log: "= IPHLPAPI.DLL:GetAdaptersAddresses=r50s5 =" or "= IPHLPAPI.DLL:GetAdaptersAddresses=r120s5 ="

Hmmm ... So the only setting so far that is compatible between µTorrent and SAP GUI for Java 7.10r3 is no setting. Too bad the latest Opera doesn't agree with that.

For completeness, these are the documented return codes that SAP GUI for Java likes : 8, 87, 111, 232, 1228. It also likes undocumented return codes : 1, 50, 120. It doesn't like -1 and I don't dare try 0 (too risky).

Joe.

0

Share this post


Link to post
Share on other sites

>Hmmm ... So the only setting so far that is compatible between µTorrent and SAP GUI for Java 7.10r3 is no setting. Too bad the latest Opera doesn't agree with that.

For Opera and any other apps that won't load without GetAdaptersAddresses, we'll create two definitions in Kexstubs.ini:


[IPHLPAPI.DLL]
GetAdaptersAddresses=r50s5 ;.0
GetAdaptersAddresses=t5 ;.1

Then we'll disable them by default in Core.ini:


[DCFG1.names.98]
IPHLPAPI.GetAdaptersAddresses=none

[DCFG1.names.Me]
IPHLPAPI.GetAdaptersAddresses=none

Then add new profiles in Core.ini to support them:


[ApiConfigurations]
default=0
0=DCFG1
...
11=W2KGAA0
12=W2KGAA1

[W2KGAA0]
inherit=NT2K
desc=Win2K+GetAdaptersAddresses.r50s5

[W2KGAA0.names]
IPHLPAPI.GetAdaptersAddresses=Kexstubs.0

[W2KGAA1]
inherit=NT2K
desc=Win2K+GetAdaptersAddresses.t5

[W2KGAA1.names]
IPHLPAPI.GetAdaptersAddresses=Kexstubs.1

As needed:

  • Replace "Kexstubs" with "Kstub822"
  • These new profiles can inherit from any other profile

Edit: struck Kex from stubs.ini

Edited by jumper
0

Share this post


Link to post
Share on other sites

>Hmmm ... So the only setting so far that is compatible between µTorrent and SAP GUI for Java 7.10r3 is no setting. Too bad the latest Opera doesn't agree with that.

For Opera and any other apps that won't load without GetAdaptersAddresses, we'll create two definitions in Kexstubs.ini:


[IPHLPAPI.DLL]
GetAdaptersAddresses=r50s5 ;.0
GetAdaptersAddresses=t5 ;.1

Then we'll disable them by default in Core.ini

Well, SAPGUI is happy with GetAdaptersAddresses disabled, so perhaps only the 't5' setting is required, for Opera.

Also, it would be good to know if another setting such as 'r232s5' may work with µTorrent or even Opera. The return code 50 was one that I'd copied from another IpHlpApi function (GetPerAdapterInfo) for HoverIP, and isn't actually documented for GetAdaptersAddresses. SAPGUI accepted it and indeed, seems to except many other return codes, but not -1.

Joe.

Edited by jds
0

Share this post


Link to post
Share on other sites

>Hmmm ... So the only setting so far that is compatible between µTorrent and SAP GUI for Java 7.10r3 is no setting. Too bad the latest Opera doesn't agree with that.

For Opera and any other apps that won't load without GetAdaptersAddresses, we'll create two definitions in Kexstubs.ini:


[IPHLPAPI.DLL]
GetAdaptersAddresses=r50s5 ;.0
GetAdaptersAddresses=t5 ;.1

Then we'll disable them by default in Core.ini:


[DCFG1.names.98]
IPHLPAPI.GetAdaptersAddresses=none

[DCFG1.names.Me]
IPHLPAPI.GetAdaptersAddresses=none

Then add new profiles in Core.ini to support them:


[ApiConfigurations]
default=0
0=DCFG1
...
11=W2KGAA0
12=W2KGAA1

[W2KGAA0]
inherit=NT2K
desc=Win2K+GetAdaptersAddresses.r50s5

[W2KGAA0.names]
IPHLPAPI.GetAdaptersAddresses=Kexstubs.0

[W2KGAA1]
inherit=NT2K
desc=Win2K+GetAdaptersAddresses.t5

[W2KGAA1.names]
IPHLPAPI.GetAdaptersAddresses=Kexstubs.1

As needed:

  • Replace "Kexstubs" with "Kstub822"
  • These new profiles can inherit from any other profile

My first try failed.

I couldn't start Opera 12.5 builds 1513 and higher, except build 1578 (12.02). Message: "Opera Error - Failed to load Opera.dll because: A device attached to the system is not functioning." The setting W2k+t5 wasn't kept. The comp mode window changed to default mode. I'll try it again.

Edited by schwups
0

Share this post


Link to post
Share on other sites

opera 12.50.1497 starts on my computer the plugin wrapper gives a problem though. I have windows 98 SE and kernelex 4.5.2

0

Share this post


Link to post
Share on other sites

My first try failed.

I couldn't start Opera 12.5 builds 1513 and higher, except build 1578 (12.02). Message: "Opera Error - Failed to load Opera.dll because: A device attached to the system is not functioning." The setting W2k+t5 wasn't kept. The comp mode window changed to default mode. I'll try it again.

I've been having trouble with core.ini processing, also. It doesn't always work they way it appears it should. Even cloning existing profiles isn't reliable. :(

One thing I learned about core.ini mods several months ago is that a full system reboot is necessary between every change--restarting Windows isn't enough. Naturally this greatly slows down the trial-and-error testing!

I looked in the source code at how the property sheet changes the mode and think I can write a utility to test each and all profiles to see which will stick if selected after modification (and reboot). Kex changes the mode to default if it doesn't like something about the selected mode.

It's been a few months since I looked at the source code for the Core.ini loader. Until I do that again, instead of using a new profile we'll have to stick to modifying the Kexstubs.ini definition on-demand:

icon11.gif GetAdaptersAddresses can be changed between r50s5 and t5 immediately before launching an app that needs the other definition.

Edit: struck Kex from stubs.ini

Edited by jumper
0

Share this post


Link to post
Share on other sites

iphlpapi.zip

  • Unzip iphlpapi.dll into app folder
  • remove HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs\IPHLPAPI entry
  • remove definitions for GetAdaptersAddresses and/or GetPerAdapterInfo from Kexstubs.ini
  • stubs returning E_NOTIMP (0x80004001) for GetAdaptersAddresses and GetPerAdapterInfo will be added to IPHLPAPI in sysdir for just this app.

Edit: struck Kex from stubs.ini

Edited by jumper
0

Share this post


Link to post
Share on other sites

It's been a few months since I looked at the source code for the Core.ini loader. Until I do that again, instead of using a new profile we'll have to stick to modifying the Kexstubs.ini definition on-demand:

icon11.gif GetAdaptersAddresses can be changed between r50s5 and t5 immediately before launching an app that needs the other definition.

I wish now that I'd not suggested the 50 return code for GetAdaptersAddresses before checking what was documented. Sure, it works fine for SAPGUI, but perhaps the 232 return code would be more appropriate for other applications (and it works fine too for SAPGUI).

iphlpapi.zip

  • Unzip iphlpapi.dll into app folder
  • remove HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs\IPHLPAPI entry
  • remove definitions for GetAdaptersAddresses and/or GetPerAdapterInfo from Kexstubs.ini
  • stubs returning E_NOTIMP (0x80004001) for GetAdaptersAddresses and GetPerAdapterInfo will be added to IPHLPAPI in sysdir for just this app.

Hi jumper,

I notice that all but three functions in this DLL have the same entry point. Given that different functions will have different stack fix-up requirements, I presume that these other functions don't actually do this (properly). So, if any of these other functions are called (eg. HoverIP uses a bunch of functions from IpHlpApi), this DLL would be unsafe. Is that correct?

Joe.

0

Share this post


Link to post
Share on other sites

>I wish now that I'd not suggested the 50 return code for GetAdaptersAddresses before checking what was documented. Sure, it works fine for SAPGUI, but perhaps the 232 return code would be more appropriate for other applications (and it works fine too for SAPGUI).


//
// MessageId: ERROR_NO_DATA
//
// MessageText:
//
// The pipe is being closed.
//
#define ERROR_NO_DATA 232L

A pipe error probably won't work universally, either. If you have a solution for your apps, don't worry about others--this is just temporary anyway. I'm working on a real implementation derived from the Wine sources.

>I notice that all but three functions in this DLL have the same entry point. Given that different functions will have different stack fix-up requirements, I presume that these other functions don't actually do this (properly). So, if any of these other functions are called (eg. HoverIP uses a bunch of functions from IpHlpApi), this DLL would be unsafe. Is that correct?

:sneaky: No! :sneaky::lol:

You may also have noticed that it doesn't require that the original DLL be copied to another name. It also doesn't require KnownDLL tricks (another way to access the system DLL of the same name). :angel

What it does is rewrite its export table at load time to redirect the standard functions to the originals in sysdir. :yes:

In addition to the stubs (currently) for GetAdaptersAddresses and GetPerAdapterInfo, it also exports a KernelEx-compatible get_api_table. This make it a hybrid Kext DLL that can also be used by KernelEx non-users.

I now have a partial implementation of GetPerAdapterInfo working and hope to release it soon. The test plan is to build the MSDN sample code for each API and run it on various platforms, with and without my extension DLL, comparing results.

0

Share this post


Link to post
Share on other sites

What it does is rewrite its export table at load time to redirect the standard functions to the originals in sysdir. :yes:

Neat! Thanks for the clarification, jumper.

Joe.

0

Share this post


Link to post
Share on other sites

iphlpapi.zip

  • Unzip iphlpapi.dll into app folder
  • remove HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs\IPHLPAPI entry
  • remove definitions for GetAdaptersAddresses and/or GetPerAdapterInfo from Kexstubs.ini
  • stubs returning E_NOTIMP (0x80004001) for GetAdaptersAddresses and GetPerAdapterInfo will be added to IPHLPAPI in sysdir for just this app.

Hi jumper,

FYI, here are the results of testing the 2012/12/04 edition :

HoverIP produces the following error message, then seems to work normally :

HoverIP v1.0

Une fonction de l'API Win32 a échoué.

SAPGUI produces the following error when trying to connect to the server, doesn't work :

Connection failed

Error: internal error

Tue Dec 11 14:26:27 2012

Release 710

Component NI (network interface), version 39

rc = -1, module ninti.c, line 214

Detail NiPGetNodeAddrList03

System Call GetAdaptersAddresses

Error No -2147467263

'E_NOTIMPL: Not implemented'

Joe.

0

Share this post


Link to post
Share on other sites

> A function of the Win32 API failed

This could be a general failure message, or it could mean that HoverIP v1.0 is import-table-linked to iphlpapi.dll.

> Error No -2147467263

> 'E_NOTIMPL: Not implemented'

SAPGUI is definitely delay-loading iphlpapi.dll via LoadLibrary / GetProcAddress.

Let me explain.... :blushing:

The technique of rewriting the DLL export tables at load time works great when the DLL is delay loaded: LoadLibrary loads the DLL into memory and activates the export-table rewriting code; then GetProcAddress reads from the rewritten export table. :)

The normal loader merges these steps and accesses the DLL's export table before executing the entry function. Why? Because it's still checking dependencies and hasn't decided yet whether to execute the parent app! :unsure:

What this means: This technique can be used to implement two different functions with the same name based upon how the DLL is linked or loaded by an app! :thumbup

...It also means it won't work for our purposes at this time. :(

Stay tuned for the exciting backup plan. :sneaky:

0

Share this post


Link to post
Share on other sites

> Error No -2147467263

> 'E_NOTIMPL: Not implemented'

SAPGUI is definitely delay-loading iphlpapi.dll via LoadLibrary / GetProcAddress.

Agreed. Also, evidence to date is that SAPGUI doesn't accept any negative return values for this function.

Joe.

0

Share this post


Link to post
Share on other sites

An HRESULT is a long int. Using t/-1 is a convenient way of setting the "error" (most sig.) bit. Perhaps SAPGUI treats >0 as recoverable errors and <0 as fatal errors? :unsure:


I was able to add a 6-byte stub (jump to address in jump-table) for each API in my wrapper, so it now can be imported in the standard way. The extra jump table is trivial to create in the loader, and still allows this wrapper implementation to access the original sysdir DLL without needing any file renaming/duplication, etc. :)

iphlpapi.zip

  • GetAdaptersAddresses returns ERROR_NOT_SUPPORTED.
  • GetPerAdapterInfo attempts to function, but probably just returns SUCCESS and an empty list. (see below)
  • GetTcpTable2 returns ERROR_NOT_SUPPORTED.


I've been studying the Wine 2003 and 2006 sources for iphlpapi as well as the ReactOS fork (off Wine 2003). With the help of some Wine header files plus a winetypes.h of my own creation, I've been able to extend my VC++5 build environment to handle the Winsock2 and IP Helper API's. I couldn't find an iphlpapi.lib to link with, so I created my own.

I've built the MSDN examples for the following seven iphlpapi.dll functions:

  • GetAdaptersAddresses
  • GetAdaptersInfo
  • GetIpAddrTable
  • GetIpForwardTable
  • GetTcpStatistics
  • GetTcpTable
  • GetTcpTable2

Yesterday I searched Google for "getadaptersaddresses sample output" and found a webpage that has the same MSDN GetAdaptersAddresses example along with the (XP?) output.

Unfortunately, this site doesn't contain any GetPerAdapterInfo info. I already have a partial implementation for GetPerAdapterInfo, but the Wine/ReactOS sources call upon their own system internals that I had to stub. As a result there is no meaningful data returned yet.... :(

But now I can get to crafting a GetAdaptersAddresses replacement. :)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.