• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
jumper

Kext: DIY KernelEx extensions

338 posts in this topic

Post 144 - method 4:

My confiurations:

Core.ini

[ApiConfigurations]

default=0

Renamed both files ini and dll to Kexstubs

Kexstubs.ini:

[iphlpapi.dll]

GetAdaptersAdresses=t5  (no wrapper)

Result:

µTorrent and OpenOffice runs and for the moment I can't see a problem.

New setting "Win2000 SP4, no ACTCTX  doesn't persist. The setting jumps to base enhancements.

BTW Fresh Diagnose works up to the latest version 8.66. With October 7, 2010 - Release of Fresh Diagnose 8.46

a new windows user rights module was introduced.

Kext supports NetApi32.dll:NetApiBufferFree

0

Share this post


Link to post
Share on other sites

Excellent feedback, schwups! :thumbup

It has highlighted several problems that I need to fix....

>Renamed both files ini and dll to Kexstubs

:blushing: Oops, please undo that! In a number of posts I have incorrectly :wacko: referred to "stubs.ini" as "Kexstubs.ini" and this has probably caused many of our testing problems. :ph34r:

"Kexstubs" has become in practice just the family name.

+ Each version of Kstubnnn.dll (e.g. Kstub822.dll) should be used as is, without renaming.

+ The stable definitions file should be named stubs.ini.

+ The test definitions file(s) should be named Kstubnnn.ini (e.g. Kstub822.ini, Kstub626.ini, etc.) and will override stubs.ini.

This allows overriding of the stable definitions while testing. This also allows the use of multiple versions of Kexstubs simultaneously with different definitions/logging options.

I will edit the erroneous posts, but will also need to release a new version of Kexstubs that makes the search order: Kstubnnn.ini, Kexstubs.ini, stubs.ini. For testing at this time, please use the names Kstub822.dll and Kstub822.ini .

@Everyone: Suggestions for KstubE05 (E=14th month of 2012) upgrades requested!

>New setting "Win2000 SP4, no ACTCTX doesn't persist. The setting jumps to base enhancements.

KernelEx is rejecting this profile probably because the ActCtx functions aren't getting created by Kexstubs, so can't be uncreated in Core.ini!

You can use Ktree to confirm whether or not Kexstubs is creating stubs for the KERNEL32:*ActCtx* functions.

0

Share this post


Link to post
Share on other sites

Hi Jumper, using Method 4 I could activate 6 of the 7 ActCtx and Open Office worked as it should.

After activating FindActCtxSectionStringW=f5e it crashes on start.

But unfortunately with even one ActCtx running MultiPlayerClassic6491 do not start at all. So I again had to take these out.

0

Share this post


Link to post
Share on other sites

>Hi Jumper, using Method 4 I could activate 6 of the 7 ActCtx and Open Office worked as it should.

After activating FindActCtxSectionStringW=f5e it crashes on start.

What version of OO and what all ActCtx functions does it use?

Please test return codes other than false for FindActCtxSectionStringW [edit]such as f5e120 and t5[/edit].

[Edit]

Here's a custom profile for Core.ini to disable just FindActCtxSectionStringW:


[ApiConfigurations]
10=NOFACSS

[NOFACSS]
inherit=NT2K
desc=Win2000 SP4 (for OpenOffice)

[NOFACSS.names]
KERNEL32.FindActCtxSectionStringW=none

[/Edit]

>But unfortunately with even one ActCtx running MultiPlayerClassic6491 do not start at all. So I again had to take these out.

Did you try the new "no ActCtx" mode?

Edited by jumper
0

Share this post


Link to post
Share on other sites
>New setting "Win2000 SP4, no ACTCTX doesn't persist. The setting jumps to base enhancements.

KernelEx is rejecting this profile probably because the ActCtx functions aren't getting created by Kexstubs, so can't be uncreated in Core.ini! You can use Ktree to confirm whether or not Kexstubs is creating stubs for the KERNEL32:*ActCtx* functions.

Ktree doesn't list stubs for the KERNEL32:*ActCtx* functions. So Kexstubs hasn't created them.

I will rename the files back to Kexstub822.

0

Share this post


Link to post
Share on other sites
>Renamed both files ini and dll to Kexstubs

Oops, please undo that! In a number of posts I have incorrectly referred to "stubs.ini" as "Kexstubs.ini" and this has probably caused many of our testing problems.

"Kexstubs" has become in practice just the family name.

+ Each version of Kstubnnn.dll (e.g. Kstub822.dll) should be used as is, without renaming.

+ The stable definitions file should be named stubs.ini.

+ The test definitions file(s) should be named Kstubnnn.ini (e.g. Kstub822.ini, Kstub626.ini, etc.) and will override stubs.ini.

This allows overriding of the stable definitions while testing. This also allows the use of multiple versions of Kexstubs simultaneously with different definitions/logging options.

I will edit the erroneous posts, but will also need to release a new version of Kexstubs that makes the search order: Kstubnnn.ini, Kexstubs.ini, stubs.ini. For testing at this time, please use the names Kstub822.dll and Kstub822.ini .

OK,

method 4

my cofigurations now:

Core.ini:

[ApiConfigurations]

default=0

0=DCFG1

|

|

9=NOHEAP

10=NOFACSS

[DCFG1]

contents=Kstub822,std,kexbases,kexbasen

desc=Base enhancements

|

......

|

[NOFACSS]

inherit=NT2K

desc=Win2000 SP4 (for OpenOffice)

[NOFACSS.names]

KERNEL32.FindActCtxSectionStringW=none

Kstub822.ini:

The seven ActCtx api's in Kstub822.ini

Kstub822 and stable stubs.ini now in the KernelEX folder

Result:

Now Ktree lists the stubs for the KERNEL32:*ActCtx* functions.

The Explorer is unusable: => Runtime Error.... Program: C:....Explorer => later a message "Explorer caused an error in WEBVW.dll"

Can't run OpenOffice: default mode KernelEX enabled => Runtime Error.... Program: C:....swriter.exe ... R6034...and then "Error starting program - The msvcr90.dll file cannot start"

Mode Win 2000 SP4 (for OpenOffice) => doesn't persist => changes to base enhancements => Runtime Error.... Program: C:....swriter.exe and then "Error starting program - The the msvcr90.dll file cannot start"

Kstub822.log: = Kernel32.dll:CreateActCtxW=t1e =

Edited by schwups
0

Share this post


Link to post
Share on other sites

>The seven ActCtx api's in Kstub822.ini

Good. Make sure you reboot after adding (including uncommenting!) definitions.

>Now Ktree lists the stubs for the KERNEL32:*ActCtx* functions.

Only valid if you rebooted after adding definitions.

>The Explorer is unusable: => Runtime Error.... Program: C:....Explorer => later a message "Explorer caused an error in WEBVW.dll"

As I recall, you use an extension that requires KernelEx. Find that extension and set it to "no ActCtx". Or try setting Explorer.exe.

>Can't run OpenOffice: default mode KernelEX enabled => Runtime Error.... Program: C:....swriter.exe ... R6034...and then "Error starting program - The msvcr90.dll file cannot start"

We keep referring to "OpenOffice" but it is actually a suite and individual apps/dll's might need to have their modes set individually.

>Mode Win 2000 SP4 (for OpenOffice) => doesn't persist

If your Core.ini contains all the following and "Win2000 SP4 (for OpenOffice)" won't stick, Kexstubs isn't providing KERNEL32.FindActCtxSectionStringW. Make sure the definition is enabled in Kstub822.ini and you reboot after enabling it.


[ApiConfigurations]
default=0
0=DCFG1
1=WIN95
2=WIN98
3=WINME
4=NT40
5=NT2K
6=NOAC
7=WINXP
8=VISTA
9=NOHEAP
10=NOFACSS

[NOFACSS]
inherit=NT2K
desc=Win2000 SP4 (for OpenOffice)

[NOFACSS.names]
KERNEL32.FindActCtxSectionStringW=none

Reminder to everyone: Kexstubs allows for modifying existing definitions with just an app restart, but additions and/or deletions of definitions requires an Immediate reboot! Changes to Core.ini don't take effect until after the next reboot, but it does not have to happen immediately.

Edited by jumper
0

Share this post


Link to post
Share on other sites

I confirm that iphlpapi4 doesn't work with the Windows Me version of iphlpapi.

I have now replaced the ME version (4.90.3000) in the sysdir with the 98SE one (5.0.1717.2) and it works OK which is cool. :thumbup

Successfully tested with the program Zulu btw: http://www.nch.com.au/dj/index.html

0

Share this post


Link to post
Share on other sites

If you have an NT2K mode that sticks and supports KERNEL32.FindActCtxSectionStringW, NOFACSS should also stick--those are the only two dependencies:

  • [NOFACSS]
    inherit=NT2K
    desc=Win2000 SP4 (for OpenOffice)
    [NOFACSS.names]
    KERNEL32.FindActCtxSectionStringW=none

Perhaps the KernelEx bug that limits the number of modes that stick to 11 (0..10) limits ME to something even lower. Try renumbering the modes like this:


[ApiConfigurations]
default=0
0=DCFG1
1=WIN95
2=WIN98
3=WINME
4=NT40
5=NT2K
6=NOFACSS
7=NOAC
8=WINXP
9=VISTA
10=NOHEAP

If this works, check to see if NOHEAP and VISTA will stick.

You can also drop from the numbering sequence any modes you don't use (e.g. NOHEAP, NT40, etc.), just make sure to leave the sections for inheritance purposes.

0

Share this post


Link to post
Share on other sites
Perhaps the KernelEx bug that limits the number of modes that stick to 11 (0..10) limits ME to something even lower.

Hmmm, wouldn't it be a good idea if you and Leyok may work together to improve KernelEx altogether ??

0

Share this post


Link to post
Share on other sites

If you have an NT2K mode that sticks and supports KERNEL32.FindActCtxSectionStringW, NOFACSS should also stick--those are the only two dependencies:

  • [NOFACSS]
    inherit=NT2K
    desc=Win2000 SP4 (for OpenOffice)
    [NOFACSS.names]
    KERNEL32.FindActCtxSectionStringW=none

Perhaps the KernelEx bug that limits the number of modes that stick to 11 (0..10) limits ME to something even lower. Try renumbering the modes like this:


[ApiConfigurations]
default=0
0=DCFG1
1=WIN95
2=WIN98
3=WINME
4=NT40
5=NT2K
6=NOFACSS
7=NOAC
8=WINXP
9=VISTA
10=NOHEAP

If this works, check to see if NOHEAP and VISTA will stick.

You can also drop from the numbering sequence any modes you don't use (e.g. NOHEAP, NT40, etc.), just make sure to leave the sections for inheritance purposes.

>The Explorer is unusable: => Runtime Error.... Program: C:....Explorer => later a message "Explorer caused an error in WEBVW.dll"

As I recall, you use an extension that requires KernelEx. Find that extension and set it to "no ActCtx". Or try setting Explorer.exe.

All the attempts don't work. All the specfic compatibility modes don't stick! It's possible to disable KernelEX. Also for the Explorer, but that doesn't solve the problem, it only makes the explorer usable again.

Ktree lists the stubs for the KERNEL32:*ActCtx* functions.

Edited by schwups
0

Share this post


Link to post
Share on other sites

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty. 

Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822  - *ActCtx* functions commented out

0

Share this post


Link to post
Share on other sites

> > If you have an NT2K mode that sticks [...]

> All the attempts don't work. All the specfic compatibility modes don't stick!

If you are saying NT2K mode won't stick, and that even Win95 mode won't stick, check that the Kstub822 module names match:


  • [DCFG1]
    contents=Kstub822,std,kexbases,kexbasen
    [WIN95.names]
    ComDlg32.PrintDlgExA=Kstub822.0
    ComDlg32.PrintDlgExW=Kstub822.0

0

Share this post


Link to post
Share on other sites

I read your unedited post yesterday and choose to do the above as the safest, most foolproof and almost 100% guaranteed to work immediately method.

At the end, I got an almost 100% fix for all the crashing programs I had after hexing out actctx strings in the following dlls [....]

After doing this I had only 2 progs out of around 200 that still wouldn't run including K-Meleon 1.6. It turned out that they had those actctx strings in themselves, probably statically linked at compile with one of the above dlls, and hexing the strings out of the programs fixed them too.

So I have a perfect 100% fix for all the issues I had and can run my VST plugins relying on actctx functions.

:thumbup

I'll be reading up the rest you've written now.

Cheers.

I was pretty sure I could bait you into tackling Method 3 by using the verb "hex"! :w00t:

Now that we have one method that we know works, I'll continue pursuing the other three. I'm sure Method 4 works, but it's proving difficult to set up reliably; I think a profile that enables ActCtx rather than disabling it will work better. I'm still hoping for a Method 2 solution (e120 or e127, perhaps) that will make the other methods unnecessary.

I didn't have any apps that look for ActCtx functions, so hadn't been able to test myself. Now I've downloaded K-Meleon 1.6 and will begin testing.

Thanks you, loblo, for providing us with the first working solution to the ActCtx conundrum! :thumbup

0

Share this post


Link to post
Share on other sites

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty. 

Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822  - *ActCtx* functions commented out

Supplement:

The ImportPatcher generats this ini µTorren#3.0.0 26473.zip file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.

The difference:

[ntdll.dll]

NtStopProfile=

RtlUnicodeToOemN=

_chkstk=

RtlAdjustPrivilege=

NtSetIntervalProfile=

NtStartProfile=

NtSetInformationProcess=

[Patches needed]

PSAPI.DLL=Functions, Unbind

0

Share this post


Link to post
Share on other sites

> > If you have an NT2K mode that sticks [...]

> All the attempts don't work. All the specfic compatibility modes don't stick!

If you are saying NT2K mode won't stick, and that even Win95 mode won't stick, check that the Kstub822 module names match:


  • [DCFG1]
    contents=Kstub822,std,kexbases,kexbasen
    [WIN95.names]
    ComDlg32.PrintDlgExA=Kstub822.0
    ComDlg32.PrintDlgExW=Kstub822.0

[DCFG1]

contents=Kstub822,std,kexbases,kexbasen

desc=Base enhancements

[WIN95.names]

ComDlg32.PrintDlgExA=Kexstubs.0

ComDlg32.PrintDlgExW=Kexstubs.0

KERNEL32.GetVersion=kexbases.0

KERNEL32.GetVersionExA=kexbases.1

KERNEL32.GetVersionExW=kexbases.1

I'll test method 4 on a second machine. 

Edited by schwups
0

Share this post


Link to post
Share on other sites
If you have an NT2K mode that sticks and supports KERNEL32.FindActCtxSectionStringW, NOFACSS should also stick--those are the only two dependencies:

[NOFACSS]

inherit=NT2K

desc=Win2000 SP4 (for OpenOffice)

[NOFACSS.names]

KERNEL32.FindActCtxSectionStringW=none

OpenOffice can't run with Win2K mode! :no: It starts with default (KernelEX is enabled) mode only.

-------------------------------------------------------------------------------------------------------

New test of method four on the first machine with corected entries:

[WIN95.names]

ComDlg32.PrintDlgExA=Kstub822.0

ComDlg32.PrintDlgExW=Kstub822.0

The specfic compatibility modes stick. Explorer set to "Win2000 SP4, no ActCtx (for MSVCRT 8+)":)

Unfortunately the test led to new problems. First some things have failed on Win startup (ClamTray.exe, NVCPL.dll, AVM IGD Service...). When opening a new window the Explorer caused a not further explained error in Kernel32.dll, but afterwards the window has opened. Sometimes I've got the runtime error by moving the mouse over the start menu. :}

Explorer set to mode "disabled" solves these errors, but it seems not a good idea. For example OpenOffice reports "The ...swriter.exe file expects a newer version of windows". I think this applies to some KernelEX dependant apps.

A mode "default (KernelEX is enabled) or base Base enhancements, no ActCtx (for MSVCRT 8+)" could work as compromise solution.

Edited by schwups
0

Share this post


Link to post
Share on other sites

OK, I changed the core.ini:

[NOAC]

inherit=DCFG1

desc=Base enhancements, no ActCtx (for MSVCRT 8+)

[NOAC.names]

KERNEL32.ActivateActCtx=none

KERNEL32.CreateActCtxA=none

KERNEL32.CreateActCtxW=none

KERNEL32.DeactivateActCtx=none

KERNEL32.FindActCtxSectionStringA=none

KERNEL32.FindActCtxSectionStringW=none

KERNEL32.ReleaseActCtx=none

After I've set the Explorer to the new mode, Windows seems to run fine. OpenOffice starts, too. Reboot required.

Edited by schwups
0

Share this post


Link to post
Share on other sites

OK, I changed the core.ini:

[NOAC]

inherit=DCFG1

desc=Base enhancements, no ActCtx (for MSVCRT 8+)

[NOAC.names]

KERNEL32.ActivateActCtx=none

KERNEL32.CreateActCtxA=none

KERNEL32.CreateActCtxW=none

KERNEL32.DeactivateActCtx=none

KERNEL32.FindActCtxSectionStringA=none

KERNEL32.FindActCtxSectionStringW=none

KERNEL32.ReleaseActCtx=none

After I've set the Explorer to the new mode, Windows seems to run fine. OpenOffice starts, too. Reboot required.

Isn't that the same as if you would commenting these entries out in the stubs.ini ??

Jumper mentioned K-Meleon a few posts up - maybe you can try if it works.

Edited by MiKl
0

Share this post


Link to post
Share on other sites
Thanks you, loblo, for providing us with the first working solution to the ActCtx conundrum! :thumbup

I just followed your instructions. ;)

0

Share this post


Link to post
Share on other sites

Good news: I'm posting this from K-Meleon 1.6.0 Beta2 using new Method 2 definitions. :yes:

Obstacles:


  1. 1. FindActCtxSectionStringW
    To avoid the R6034 error, previously this function needed to be undefined. I found that declaring success also works:
    FindActCtxSectionStringW=o5e0
    2. CreateActCtxW
    Neither T nor F worked, but returning the first parameter (pointer to ACTCTX struct) works:
    CreateActCtxW=p1e0
    3. ActivateActCtx
    Once again, declaring success instead of failure was the key:
    ActivateActCtx=t2e0

After redefining each function, I relaunched KM and then checked Kstub822.log to monitor the progress.

In all three cases, the 'e0' (ERROR_SUCCESS) is probably not needed, but MSDN states "This function sets errors that can be retrieved by calling GetLastError" without limiting the scope to failure cases.

Additionally, I've deleted the two ANSI functions as they don't seem to be needed.

In summary, the new ActCtx definition set is:


[Kernel32.dll]
ActivateActCtx=t2e0
CreateActCtxW=p1e0
DeactivateActCtx=f2e
FindActCtxSectionStringW=o5e0
ReleaseActCtx=f1

I haven't exit KM yet, but will update if DeactivateActCtx or ReleaseActCtx also need to report success.

0

Share this post


Link to post
Share on other sites

Even better, the VST plugins built with recent versions of Synthedit which didn't run at all without KexStub and which I had reported running but without an useable UI with the old actctx definitions... Guess what now, they now display their UI which is fully functional!!!!

:thumbup

0

Share this post


Link to post
Share on other sites

Good news: I'm posting this from K-Meleon 1.6.0 Beta2 using new Method 2 definitions. :yes:

Obstacles:


  1. 1. FindActCtxSectionStringW
    To avoid the R6034 error, previously this function needed to be undefined. I found that declaring success also works:
    FindActCtxSectionStringW=o5e0
    2. CreateActCtxW
    Neither T nor F worked, but returning the first parameter (pointer to ACTCTX struct) works:
    CreateActCtxW=p1e0
    3. ActivateActCtx
    Once again, declaring success instead of failure was the key:
    ActivateActCtx=t2e0

After redefining each function, I relaunched KM and then checked Kstub822.log to monitor the progress.

In all three cases, the 'e0' (ERROR_SUCCESS) is probably not needed, but MSDN states "This function sets errors that can be retrieved by calling GetLastError" without limiting the scope to failure cases.

Additionally, I've deleted the two ANSI functions as they don't seem to be needed.

In summary, the new ActCtx definition set is:


[Kernel32.dll]
ActivateActCtx=t2e0
CreateActCtxW=p1e0
DeactivateActCtx=f2e
FindActCtxSectionStringW=o5e0
ReleaseActCtx=f1

I haven't exit KM yet, but will update if DeactivateActCtx or ReleaseActCtx also need to report success.

Hi jumper,

I've just tried these ActCtx definitions in 'Kstub822.ini' and "contents=Kstub822,std,kexbases,kexbasen" in 'core.ini'.

Starting Open Office 3.2.1 'SCALC.EXE' produced an error R6034 and the follow-on error about 'MSVCR90.DLL' not starting. I expect the solutions from post #144 would be able to resolve this.

I then tried 'HoverIP' - worked fine.

However, when I tried SAP GUI for Java, I got the following error :

JAVAW caused an exception 03H in module KERNEL32.DLL at 016f:bff768a1.

Registers:

EAX=c0030900 CS=016f EIP=bff768a1 EFLGS=00000246

EBX=00000000 SS=0177 ESP=1845e5c8 EBP=1845e5fc

ECX=ffffff64 DS=0177 ESI=7813220d FS=1b2f

EDX=00000000 ES=0177 EDI=00000000 GS=0000

Bytes at CS:EIP:

c3 cc cc 55 8b ec 56 57 68 c0 d4 fc bf e8 01 d9

Stack dump:

78132225 3fcdce11 00000000 78130000 81d55e8c 0000000a 00000004 1845e5cc 1845e3e0 1845e7c4 78138ad1 5f9360b5 fffffffe 1845e7d4 78132337 78130000

Joe.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.