• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
jumper

Kext: DIY KernelEx extensions

338 posts in this topic

Joe, it's the FindActCtxSectionStringW definition which appears to be not good enough. You may want to hex that string in msvcr90 to something else as to fix your problem for now.

I am now also able to run the excellent GraphStudioNext: https://code.google.com/p/graph-studio-next/

0

Share this post


Link to post
Share on other sites

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty.

Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822 - *ActCtx* functions commented out

Shame on µTorrent 3.0. NTAllocateVirtualMemory is a Windows Native System Services routine; apps should be calling VirtualAlloc instead.

You can try using some of the other return codes as documented at MSDN, but I think this function will require a full Wine implementation.

0

Share this post


Link to post
Share on other sites

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty. 

By now I have come across a few apps who don't appear to be able to read or write or both. There is implementation of new file I/O APIs in KernelEx as well as fixes for file I/O APIs already present in 98/ME but I think something might still not be complete there. And I suspect that the well known Firefox issue missing History and Bookmarks might be related.

0

Share this post


Link to post
Share on other sites

After much definition testing, I was unable to find one for FindActCtxSectionStringW that would appease Msvcrt90.

The ActCtx definitions were introduced way back in post #10 and schwups first reported problems with it in post #15. Joe traced the main problem to FindActCtxSectionStringW in post #25. Clearly including FindActCtxSectionStringW was a big mistake (mine!), as no app is known to need it.

Removing FindActCtxSectionStringW, retaining the other new definitions, and adding similar new definitions for the rest of the (non-Find*) ActCtx clan, we get:


[Kernel32.dll]
ActivateActCtx=o2e0
AddRefActCtx=z1
CreateActCtxA=p1e0
CreateActCtxW=p1e0
DeactivateActCtx=o2e0
GetCurrentActCtx=f1e ; needs code for success
IsolationAwareCleanup=z0 ; for ActCtx/manifest
QueryActCtxSettingsW=o7e0
QueryActCtxW=o7e0
ReleaseActCtx=z1
ZombifyActCtx=o1e0

Using these "Method 2" definitions, we shouldn't need method 4 (or 3). So here is a Core.ini that reverts nearly back to the original:

[ApiConfigurations]

default=0

0=DCFG1

1=WIN95

2=WIN98

3=WINME

4=NT40

5=NT2K

6=WINXP

7=WIN2K3

8=VISTA

9=WIN2K8

10=NOHEAP

[DCFG1]

contents=Kstub822,std,kexbases,kexbasen

desc=Base enhancements

[DCFG1.names.98]

ComDlg32.PrintDlgExA=Kstub822

ComDlg32.PrintDlgExW=Kstub822

KERNEL32.GetVersion=std

GDI32.SetWorldTransform=kexbases.0

GDI32.GetRandomRgn=std

GDI32.SetGraphicsMode=std

GDI32.GetTextMetricsA=std

GDI32.GetWorldTransform=std

GDI32.ModifyWorldTransform=std

GDI32.SetMapMode=std

KERNEL32.VerSetConditionMask=none

KERNEL32.VerifyVersionInfoA=none

KERNEL32.VerifyVersionInfoW=none

KERNEL32.CreateIoCompletionPort=std

SHELL32.SHParseDisplayName=none

[DCFG1.names.Me]

ComDlg32.PrintDlgExA=Kstub822

ComDlg32.PrintDlgExW=Kstub822

KERNEL32.GetVersion=std

GDI32.SetWorldTransform=kexbases.0

GDI32.GetRandomRgn=std

GDI32.SetGraphicsMode=std

GDI32.GetTextMetricsA=std

GDI32.GetWorldTransform=std

GDI32.ModifyWorldTransform=std

GDI32.SetMapMode=std

KERNEL32.VerSetConditionMask=none

KERNEL32.VerifyVersionInfoA=none

KERNEL32.VerifyVersionInfoW=none

KERNEL32.CreateIoCompletionPort=std

USER32.AllowSetForegroundWindow=std

USER32.LockSetForegroundWindow=std

USER32.GetMouseMovePointsEx=std

SHELL32.SHParseDisplayName=none

[WIN95]

inherit=DCFG1

desc=Windows 95

[WIN95.names]

KERNEL32.GetVersion=kexbases.0

KERNEL32.GetVersionExA=kexbases.1

KERNEL32.GetVersionExW=kexbases.1

[WIN98]

inherit=WIN95

desc=Windows 98 SE

[WIN98.names]

KERNEL32.GetVersion=kexbases.1

KERNEL32.GetVersionExA=kexbases.2

KERNEL32.GetVersionExW=kexbases.2

[WINME]

inherit=WIN98

desc=Windows Millennium

[WINME.names]

KERNEL32.GetVersion=kexbases.2

KERNEL32.GetVersionExA=kexbases.3

KERNEL32.GetVersionExW=kexbases.3

[NT40]

inherit=WIN95

desc=Windows NT 4.0 SP6

[NT40.names]

KERNEL32.GetVersion=kexbases.3

KERNEL32.GetVersionExA=kexbases.4

KERNEL32.GetVersionExW=kexbases.4

KERNEL32.CreateIoCompletionPort=kexbases.0

GDI32.GetRandomRgn=kexbases.0

GDI32.SetGraphicsMode=kexbases.0

GDI32.GetTextMetricsA=kexbases.0

GDI32.GetWorldTransform=kexbases.0

GDI32.ModifyWorldTransform=kexbases.0

GDI32.SetMapMode=kexbases.0

GDI32.SetWorldTransform=kexbases.1

[NT2K]

inherit=NT40

desc=Windows 2000 SP4

[NT2K.names]

KERNEL32.GetVersion=kexbases.4

KERNEL32.GetVersionExA=kexbases.5

KERNEL32.GetVersionExW=kexbases.5

KERNEL32.VerSetConditionMask=kexbases.0

KERNEL32.VerifyVersionInfoA=kexbases.0

KERNEL32.VerifyVersionInfoW=kexbases.0

[WINXP]

inherit=NT2K

desc=Windows XP SP2

[WINXP.names]

KERNEL32.GetVersion=kexbases.5

KERNEL32.GetVersionExA=kexbases.6

KERNEL32.GetVersionExW=kexbases.6

KERNEL32.VerifyVersionInfoA=kexbases.1

KERNEL32.VerifyVersionInfoW=kexbases.1

SHELL32.SHParseDisplayName=kexbasen.0

[WIN2K3]

inherit=WINXP

desc=Windows 2003 SP1

[WIN2K3.names]

KERNEL32.GetVersion=kexbases.6

KERNEL32.GetVersionExA=kexbases.7

KERNEL32.GetVersionExW=kexbases.7

KERNEL32.VerifyVersionInfoA=kexbases.2

KERNEL32.VerifyVersionInfoW=kexbases.2

[VISTA]

inherit=WIN2K3

desc=Windows Vista

[VISTA.names]

KERNEL32.GetVersion=kexbases.7

KERNEL32.GetVersionExA=kexbases.8

KERNEL32.GetVersionExW=kexbases.8

KERNEL32.VerifyVersionInfoA=kexbases.3

KERNEL32.VerifyVersionInfoW=kexbases.3

[WIN2K8]

inherit=VISTA

desc=Windows 2008 SP1

[WIN2K8.names]

KERNEL32.GetVersion=kexbases.8

KERNEL32.GetVersionExA=kexbases.9

KERNEL32.GetVersionExW=kexbases.9

KERNEL32.VerifyVersionInfoA=kexbases.4

KERNEL32.VerifyVersionInfoW=kexbases.4

[NOHEAP]

inherit=DCFG1

desc=Disable custom heap

[NOHEAP.names]

KERNEL32.HeapCreate=std

KERNEL32.HeapDestroy=std

KERNEL32.HeapAlloc=std

KERNEL32.HeapFree=std

KERNEL32.HeapSize=std

KERNEL32.HeapReAlloc=std

The only differences are:


[ApiConfigurations]
default=0

[DCFG1]
contents=Kstub822,std,kexbases,kexbasen
desc=Base enhancements

[DCFG1.names.98]
ComDlg32.PrintDlgExA=Kstub822
ComDlg32.PrintDlgExW=Kstub822

[DCFG1.names.Me]
ComDlg32.PrintDlgExA=Kstub822
ComDlg32.PrintDlgExW=Kstub822

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! :yes:

0

Share this post


Link to post
Share on other sites

By now I have come across a few apps who don't appear to be able to read or write or both. There is implementation of new file I/O APIs in KernelEx as well as fixes for file I/O APIs already present in 98/ME but I think something might still not be complete there.

A while back I assembled a set of stub definitions to duplicate the KernelEx functions that are pure stubs (so no lost functionality). I'll package them with a special version of Kstub822 so we can log what functions are being used and might need better definitions or actual implementations.

0

Share this post


Link to post
Share on other sites

Using the new 'method 2' OpenOffice 3.2.1 and MediaplayerClassic 6.4.9.1 seem to work fine but now SeaMonkey 2.0.14 crashes immediately when I try to print :wacko:

Update. The new defs seem to work fine but 'something' in the new core.ini seem to cause the crashes !! So I am back using my old core.ini.

Edited by MiKl
0

Share this post


Link to post
Share on other sites

> ...SeaMonkey 2.0.14 crashes immediately when I try to print ...

What was in the log file? Perhaps one of the new ActCtx definitions?

What modes are you using (with old and new core.ini)? Please try to step through the few core.ini differences and debug this for us.

0

Share this post


Link to post
Share on other sites

After much definition testing, I was unable to find one for FindActCtxSectionStringW that would appease Msvcrt90.

The ActCtx definitions were introduced way back in post #10 and schwups first reported problems with it in post #15. Joe traced the main problem to FindActCtxSectionStringW in post #25. Clearly including FindActCtxSectionStringW was a big mistake (mine!), as no app is known to need it.

Removing FindActCtxSectionStringW, retaining the other new definitions, and adding similar new definitions for the rest of the (non-Find*) ActCtx clan, we get:


[Kernel32.dll]
ActivateActCtx=o2e0
AddRefActCtx=z1
CreateActCtxA=p1e0
CreateActCtxW=p1e0
DeactivateActCtx=o2e0
GetCurrentActCtx=f1e ; needs code for success
IsolationAwareCleanup=z0 ; for ActCtx/manifest
QueryActCtxSettingsW=o7e0
QueryActCtxW=o7e0
ReleaseActCtx=z1
ZombifyActCtx=o1e0

Hi jumper,

I can confirm that HoverIP, SAPGUI for Java, Open Office 3.2.1 and Dependency Walker all seem happy with this set of definitions. :)

Joe.

0

Share this post


Link to post
Share on other sites

4. SuperAntiSpyware version 4.56 : The folderselection for custom scan now works.

I've managed to start version 5.0 with Win 2kSP4 mode (XP mode should do it, too). New entry in stubs.ini: [Netapi32.dll] NetUseEnum=04 > rather guessed not known

First start: The folderselection for custom scan works. After the definitions update has finished the system crashed.

Improvement with SuperAntiSpyware:

I made it to install the latest version 5.6.1014. Kext already supports [secur32.dll] GetUserNameExW=z3e and [Netapi32.dll] NetUseEnum=o7. To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss. SAS (SASCore.exe) doesn't start after the installation. First I have to set 2K or XP mode! This versions starts very fast. Problem with XP mode: Ugly or missing icons and missing fonts on the buttons. It looks good with 2k mode. The updater works, but the window seem to be a little incomplete. Error on start scanning, but it primarily runs by ignoring the message. Abort scanning isn't possible. I successfully scanned Memory, Registry and Cookies. When trying to scan longer and files it seems to hang during scan. And don't click the help button in preferences. The system crashes immediately!

All in all, it is not yet stable or really usable.

Edited by schwups
0

Share this post


Link to post
Share on other sites

> To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss.

Check the log. If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.

0

Share this post


Link to post
Share on other sites

> To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss.

Check the log.  If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.

RegOpenUserClassesRoot isn't called anymore. 

0

Share this post


Link to post
Share on other sites

Investigation of Opera 12.5 and 12.12 - perhaps useful  :)

I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first. 

Listed functions of the ImportPatcher - Opera version 12.12:

[importPatcher.37]

;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]

Test by loading=Y

Walk dependencies=Y

Link to copies=N

Unbind broken bindings=N

OS Subsystem Version Ceiling=4.90

[DLL replacements]

[GDI32.dll]

GdiGradientFill=

GdiDrawStream=

ClearBitmapAttributes=

[ntdll.dll]

NtConnectPort=

NtRequestWaitReplyPort=

RtlUnhandledExceptionFilter=

RtlCreateUserThread=

NtQueryInformationProcess=

NtOpenFile=

RtlTimeToTimeFields=

RtlQueryEnvironmentVariable_U=

NtMapViewOfSection=

NtCreateSection=

NtQueryInformationFile=

NtUnmapViewOfSection=

NtProtectVirtualMemory=

NtFreeVirtualMemory=

NtQuerySystemInformation=

NtQueryVirtualMemory=

RtlxAnsiStringToUnicodeSize=

NlsMbCodePageTag=

RtlInitString=

RtlDoesFileExists_U=

RtlGetFullPathName_U=

RtlUnicodeStringToInteger=

NtWriteFile=

NtQueryAttributesFile=

RtlGetVersion=

NtSetInformationFile=

strpbrk=

strspn=

NtQueryDirectoryFile=

RtlGUIDFromString=

NtEnumerateValueKey=

NtQueryKey=

NtCreateKey=

NtSetValueKey=

NtSetInformationKey=

NtDeleteKey=

NtDeleteValueKey=

_wcsnicmp=

wcsspn=

strncpy=

atol=

isdigit=

wcscmp=

RtlSecondsSince1970ToTime=

RtlUpcaseUnicodeChar=

RtlUpcaseUnicodeString=

RtlCopyUnicodeString=

RtlUpcaseUnicodeToMultiByteN=

LdrAccessResource=

LdrFindResource_U=

wcsncpy=

RtlFormatCurrentUserKeyPath=

RtlAppendUnicodeStringToString=

RtlAppendUnicodeToString=

_alloca_probe=

_chkstk=

_snwprintf=

swprintf=

RtlDuplicateUnicodeString=

LdrGetDllHandle=

RtlDosPathNameToNtPathName_U=

RtlpEnsureBufferSize=

RtlNtPathNameToDosPathName=

RtlStringFromGUID=

RtlExpandEnvironmentStrings_U=

NtOpenKey=

NtQueryValueKey=

NtClose=

RtlFreeAnsiString=

qsort=

[uSER32.dll]

RegisterUserApiHook=

UnregisterUserApiHook=

IsServerSideWindow=

PaintMenuBar=

CalcMenuBar=

IsWindowInDestroy=

GetWindowRgnBox=

[Patches needed]

UxTheme.dll=Functions, Unbind

appHelp.dll=Functions, Unbind

SHLWAPI.dll=DLLs

opera.dll=Subsystem, DLLs

[KERNEL32.dll]

BaseDumpAppcompatCache=

BaseFlushAppcompatCache=

BaseCheckAppcompatCache=

BaseUpdateAppcompatCache=

First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?"

1. The setup of version 12.12 1707

The setup exit silently.

2. Try to start 12.12 / 12.10 (runs in the backround only)

3. Attempt start and run 12.5 1546 (first version with the internal communications error)

In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.

The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.

The Explorer don't like "NtOpenKey=?"!  :thumbdown

0

Share this post


Link to post
Share on other sites

According to MSDN - RegOpenUserClassesRoot function (Windows), these definitions should all work well:


[Advapi32.dll]
RegOpenUserClassesRoot=r120s4
RegOpenUserClassesRoot=t4
RegOpenUserClassesRoot=o4

The 'e0' isn't needed as the LastError isn't set.

"r120s4" would provide the best desciption of the failure.

Edited by jumper
0

Share this post


Link to post
Share on other sites

Investigation of Opera 12.5 and 12.12 - perhaps useful :)

I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first.

Listed functions of the ImportPatcher - Opera version 12.12:

[importPatcher.37]

;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]

Test by loading=Y

Walk dependencies=Y

Link to copies=N

Unbind broken bindings=N

OS Subsystem Version Ceiling=4.90

[DLL replacements]

[GDI32.dll]

GdiGradientFill=

GdiDrawStream=

ClearBitmapAttributes=

[ntdll.dll]

NtConnectPort=

NtRequestWaitReplyPort=

RtlUnhandledExceptionFilter=

RtlCreateUserThread=

NtQueryInformationProcess=

NtOpenFile=

RtlTimeToTimeFields=

RtlQueryEnvironmentVariable_U=

NtMapViewOfSection=

NtCreateSection=

NtQueryInformationFile=

NtUnmapViewOfSection=

NtProtectVirtualMemory=

NtFreeVirtualMemory=

NtQuerySystemInformation=

NtQueryVirtualMemory=

RtlxAnsiStringToUnicodeSize=

NlsMbCodePageTag=

RtlInitString=

RtlDoesFileExists_U=

RtlGetFullPathName_U=

RtlUnicodeStringToInteger=

NtWriteFile=

NtQueryAttributesFile=

RtlGetVersion=

NtSetInformationFile=

strpbrk=

strspn=

NtQueryDirectoryFile=

RtlGUIDFromString=

NtEnumerateValueKey=

NtQueryKey=

NtCreateKey=

NtSetValueKey=

NtSetInformationKey=

NtDeleteKey=

NtDeleteValueKey=

_wcsnicmp=

wcsspn=

strncpy=

atol=

isdigit=

wcscmp=

RtlSecondsSince1970ToTime=

RtlUpcaseUnicodeChar=

RtlUpcaseUnicodeString=

RtlCopyUnicodeString=

RtlUpcaseUnicodeToMultiByteN=

LdrAccessResource=

LdrFindResource_U=

wcsncpy=

RtlFormatCurrentUserKeyPath=

RtlAppendUnicodeStringToString=

RtlAppendUnicodeToString=

_alloca_probe=

_chkstk=

_snwprintf=

swprintf=

RtlDuplicateUnicodeString=

LdrGetDllHandle=

RtlDosPathNameToNtPathName_U=

RtlpEnsureBufferSize=

RtlNtPathNameToDosPathName=

RtlStringFromGUID=

RtlExpandEnvironmentStrings_U=

NtOpenKey=

NtQueryValueKey=

NtClose=

RtlFreeAnsiString=

qsort=

[uSER32.dll]

RegisterUserApiHook=

UnregisterUserApiHook=

IsServerSideWindow=

PaintMenuBar=

CalcMenuBar=

IsWindowInDestroy=

GetWindowRgnBox=

[Patches needed]

UxTheme.dll=Functions, Unbind

appHelp.dll=Functions, Unbind

SHLWAPI.dll=DLLs

opera.dll=Subsystem, DLLs

[KERNEL32.dll]

BaseDumpAppcompatCache=

BaseFlushAppcompatCache=

BaseCheckAppcompatCache=

BaseUpdateAppcompatCache=

First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?"

1. The setup of version 12.12 1707

The setup exit silently.

2. Try to start 12.12 / 12.10 (runs in the backround only)

3. Attempt start and run 12.5 1546 (first version with the internal communications error)

In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.

The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.

The Explorer don't like "NtOpenKey=?"! :thumbdown

I tried running current Opera 12.14 yesterday with iphlpapi4 and it almost starts, it creates a bunch of files in the appdata folder as it should, connects with Opera website and exchanges a bit of data with it and then an error message pops that says:

'Autoupdate' failed init: -2

When I click OK, Opera exits without having initialized a GUI.

I also tried with a dummy iphlpapi I made and the same happens except that Opera crashes before I have the time to click OK on the error dialog.

I get the same results as with iphlpapi4 by using kexstub ini like that:

[iphlpapi.dll]

CancelIPChangeNotify=

GetAdaptersAddresses=t5e0

Other values also work but I don't remember which now and other crash Opera as with the dummy iphlpapi.

Opera's going to change a lot dependencywise I guess btw as it's going to be using chrome as its rendering engine in the near future. (from bad to worse) :}

Edit: There doesn't appear to be a plugin wrapper executable either in this version btw.

Edited by loblo
0

Share this post


Link to post
Share on other sites

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty.

Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822 - *ActCtx* functions commented out

Supplement:

The ImportPatcher generats this ini µTorren#3.0.0 26473.zip file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.

The difference:

[ntdll.dll]

NtStopProfile=

RtlUnicodeToOemN=

_chkstk=

RtlAdjustPrivilege=

NtSetIntervalProfile=

NtStartProfile=

NtSetInformationProcess=

[Patches needed]

PSAPI.DLL=Functions, Unbind

This appears to be a debug build (_chkstk and profiling apis). Perhaps it's a beta???

0

Share this post


Link to post
Share on other sites

I confirm that iphlpapi4 doesn't work with the Windows Me version of iphlpapi.

I have now replaced the ME version (4.90.3000) in the sysdir with the 98SE one (5.0.1717.2) and it works OK which is cool. :thumbup

Successfully tested with the program Zulu btw: http://www.nch.com.au/dj/index.html

According to Depends, 98SE contain the following 86 exports in Iphlpapi.dll:

AddIPAddress

AllocateAndGetArpEntTableFromStack

AllocateAndGetIfTableFromStack

AllocateAndGetIpAddrTableFromStack

AllocateAndGetIpForwardTableFromStack

AllocateAndGetIpNetTableFromStack

AllocateAndGetTcpTableFromStack

AllocateAndGetUdpTableFromStack

CreateIpForwardEntry

CreateIpNetEntry

CreateProxyArpEntry

DeleteIPAddress

DeleteIpForwardEntry

DeleteIpNetEntry

DeleteProxyArpEntry

GetAdapterIndex

GetAdaptersInfo

GetBestInterface

GetBestInterfaceFromStack

GetBestRoute

GetBestRouteFromStack

GetFriendlyIfIndex

GetIcmpStatistics

GetIcmpStatsFromStack

GetIfEntry

GetIfEntryFromStack

GetIfTable

GetIfTableFromStack

GetInterfaceInfo

GetIpAddrTable

GetIpAddrTableFromStack

GetIpForwardTable

GetIpForwardTableFromStack

GetIpNetTable

GetIpNetTableFromStack

GetIpStatistics

GetIpStatsFromStack

GetNetworkParams

GetNumberOfInterfaces

GetRTTAndHopCount

GetTcpStatistics

GetTcpStatsFromStack

GetTcpTable

GetTcpTableFromStack

GetUdpStatistics

GetUdpStatsFromStack

GetUdpTable

GetUdpTableFromStack

GetUniDirectionalAdapterInfo

InternalCreateIpForwardEntry

InternalCreateIpNetEntry

InternalDeleteIpForwardEntry

InternalDeleteIpNetEntry

InternalGetIfTable

InternalGetIpAddrTable

InternalGetIpForwardTable

InternalGetIpNetTable

InternalGetTcpTable

InternalGetUdpTable

InternalSetIfEntry

InternalSetIpForwardEntry

InternalSetIpNetEntry

InternalSetIpStats

InternalSetTcpEntry

IpHlpDllEntry

IpReleaseAddress

IpRenewAddress

IsLocalAddress

NotifyAddrChange

NotifyRouteChange

NTPTimeToNTFileTime

NTTimeToNTPTime

SendARP

SetIfEntry

SetIfEntryToStack

SetIpForwardEntry

SetIpForwardEntryToStack

SetIpNetEntry

SetIpNetEntryToStack

SetIpRouteEntryToStack

SetIpStatistics

SetIpStatsToStack

SetIpTTL

SetProxyArpEntryToStack

SetTcpEntry

SetTcpEntryToStack

What's the count and list for the ME version? I should be able to make the wrapper compatible with both.

0

Share this post


Link to post
Share on other sites

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! :yes:

Hi jumper,

I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :


[KERNEL32.DLL]
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
"SetProcessDEPPolicy"
"LocaleNameToLCID"
"LCIDToLocaleName"

[OLE32.DLL]
"DcomChannelSetHResult"
"CoGetClassInfo"
"CLSIDFromProgIDEx"

[USER32.DLL]
"SetProcessDPIAware"
"GetGestureInfo"
"CloseGestureInfoHandle"
"GetGestureExtraArgs"
"SetGestureConfig"
"GetGestureConfig"

[NTDLL.DLL]
"LdrUnloadDll"
"LdrLoadDll"

[MSVCRT.DLL]
"_get_terminate"

[SHELL32.DLL]
"SHGetKnownFolderPath"

[GDI32.DLL]
"GdiRealizationInfo"
"FontIsLinked"

[USERENV.DLL]
"EnterCriticalPolicySection"
"LeaveCriticalPolicySection"

The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.

Joe.

Edit 1 : Deleted some functions that shouldn't have been listed.

Edit 2 : Added 'userenv.dll' functions.

Edited by jds
0

Share this post


Link to post
Share on other sites

I've two versions of IPHlpApi.dll (4.90.3000 47KB and 4.90.3001 39KB), but the Dependency Walker lists for both the same 117 functions in the export list.

AddIPAddress

AllocateAndGetArpEntTableFromStack

AllocateAndGetIfTableFromStack

AllocateAndGetIpAddrTableFromStack

AllocateAndGetIpForwardTableFromStack

AllocateAndGetIpNetTableFromStack

AllocateAndGetTcpTableFromStack

AllocateAndGetUdpTableFromStack

CreateIpForwardEntry

CreateIpNetEntry

CreateProxyArpEntry

DeleteIPAddress

DeleteIpForwardEntry

DeleteIpNetEntry

DeleteProxyArpEntry

EnableRouter

FlushIpNetTable

FlushIpNetTableFromStack

GetAdapterIndex

GetAdapterOrderMap

GetAdaptersInfo

GetBestInterface

GetBestInterfaceFromStack

GetBestRoute

GetBestRouteFromStack

GetFriendlyIfIndex

GetIcmpStatistics

GetIcmpStatsFromStack

GetIfEntry

GetIfEntryFromStack

GetIfTable

GetIfTableFromStack

GetIgmpList

GetInterfaceInfo

GetIpAddrTable

GetIpAddrTableFromStack

GetIpForwardTable

GetIpForwardTableFromStack

GetIpNetTable

GetIpNetTableFromStack

GetIpStatistics

GetIpStatsFromStack

GetNetworkParams

GetNumberOfInterfaces

GetPerAdapterInfo

GetRTTAndHopCount

GetTcpStatistics

GetTcpStatsFromStack

GetTcpTable

GetTcpTableFromStack

GetUdpStatistics

GetUdpStatsFromStack

GetUdpTable

GetUdpTableFromStack

GetUniDirectionalAdapterInfo

InternalCreateIpForwardEntry

InternalCreateIpNetEntry

InternalDeleteIpForwardEntry

InternalDeleteIpNetEntry

InternalGetIfTable

InternalGetIpAddrTable

InternalGetIpForwardTable

InternalGetIpNetTable

InternalGetTcpTable

InternalGetUdpTable

InternalSetIfEntry

InternalSetIpForwardEntry

InternalSetIpNetEntry

InternalSetIpStats

InternalSetTcpEntry

IpReleaseAddress

IpRenewAddress

IsLocalAddress

NTPTimeToNTFileTime

NTTimeToNTPTime

NhGetGuidFromInterfaceName

NhGetInterfaceNameFromGuid

NhpAllocateAndGetInterfaceInfoFromStack

NhpGetInterfaceIndexFromStack

NotifyAddrChange

NotifyRouteChange

NotifyRouteChangeEx

_PfAddFiltersToInterface@24

_PfAddGlobalFilterToInterface@8

_PfBindInterfaceToIPAddress@12

_PfBindInterfaceToIndex@16

_PfCreateInterface@24

_PfDeleteInterface@4

_PfDeleteLog@0

_PfGetInterfaceStatistics@16

_PfMakeLog@4

_PfRebindFilters@8

_PfRemoveFilterHandles@12

_PfRemoveFiltersFromInterface@20

_PfRemoveGlobalFilterFromInterface@8

_PfSetLogBuffer@28

_PfTestPacket@20

_PfUnBindInterface@4

SendARP

SetAdapterIpAddress

SetBlockRoutes

SetIfEntry

SetIfEntryToStack

SetIpForwardEntry

SetIpForwardEntryToStack

SetIpMultihopRouteEntryToStack

SetIpNetEntry

SetIpNetEntryToStack

SetIpRouteEntryToStack

SetIpStatistics

SetIpStatsToStack

SetIpTTL

SetProxyArpEntryToStack

SetRouteWithRef

SetTcpEntry

SetTcpEntryToStack

UnenableRouter

I wasn't aware that Xeno86 set  the KernelEX mode by default for the dll to disabled. :blink: 

0

Share this post


Link to post
Share on other sites

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! :yes:

Hi jumper,

I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :


[KERNEL32.DLL]
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
"GetUserDefaultUILanguage"
"GetModuleHandleExA"
"VerSetConditionMask"
"VerifyVersionInfoA"
"DecodePointer"
"EncodePointer"
"SetProcessDEPPolicy"
"LocaleNameToLCID"
"LCIDToLocaleName"

[OLE32.DLL]
"DcomChannelSetHResult"
"CoGetClassInfo"
"CLSIDFromProgIDEx"
"DcomChannelSetHResult"

[USER32.DLL]
"AllowSetForegroundWindow"
"SetProcessDPIAware"
"GetGestureInfo"
"CloseGestureInfoHandle"
"GetGestureExtraArgs"
"SetGestureConfig"
"GetGestureConfig"

[NTDLL.DLL]
"LdrUnloadDll"
"LdrLoadDll"

[MSVCRT.DLL]
"_get_terminate"

[SHELL32.DLL]
"SHGetKnownFolderPath"

[GDI32.DLL]
"GdiRealizationInfo"
"FontIsLinked"

The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.

Joe.

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

0

Share this post


Link to post
Share on other sites

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty.

Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822  - *ActCtx* functions commented out

Supplement:

The ImportPatcher generats this ini µTorren#3.0.0 26473.zip file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.

The difference:

[ntdll.dll]

NtStopProfile=

RtlUnicodeToOemN=

_chkstk=

RtlAdjustPrivilege=

NtSetIntervalProfile=

NtStartProfile=

NtSetInformationProcess=

[Patches needed]

PSAPI.DLL=Functions, Unbind

This appears to be a debug build (_chkstk and profiling apis). Perhaps it's a beta???

µTorrent 3.0.0 build 26473 - According to Filehippo/horse is it no beta.

0

Share this post


Link to post
Share on other sites

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

Hi loblo,

If that's true, then something's wrong with my system (hey, that's a distinct possibility!). I checked them all with 'ktree9'.

Joe.

0

Share this post


Link to post
Share on other sites

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

Hi loblo,

If that's true, then something's wrong with my system (hey, that's a distinct possibility!). I checked them all with 'ktree9'.

Joe.

There must be something wrong then as:

DecodePointer

EncodePointer

VerifyVersionInfoA

VerSetConditionMask

and perhaps others as those are only those I immediately spotted by looking at your list. I've just checked the 4 of them in Ktree and they all appear here.

0

Share this post


Link to post
Share on other sites

There must be something wrong then as:

DecodePointer

EncodePointer

VerifyVersionInfoA

VerSetConditionMask

and perhaps others as those are only those I immediately spotted by looking at your list. I've just checked the 4 of them in Ktree and they all appear here.

Hi loblo,

Yes, you're right! I've just deleted "GetUserDefaultUILanguage", "GetModuleHandleExA", VerSetConditionMask", "VerifyVersionInfoA", "DecodePointer", "EncodePointer" and "AllowSetForegroundWindow" from the list. I don't know why they weren't showing up last night, but they do today ("VerifyVersionInfoA" even shows multiple times). I might miss one or two, but not that many. Perhaps some subtle stability issue, even though shutdown was uneventful?

Joe.

0

Share this post


Link to post
Share on other sites

Ktree reads the KernelEx install folder from the registry, reads Core.ini to get the [DCFG1] content= DLL list, then loads each DLL from within the install folder and calls get_api_table() on it. Any errors are reported in the Core.ini section (too late to check now!).

Assuming you had KernelEx installed, Core.ini was not open in some app that read-locks it, and you weren't booted with an experimental Core.ini, I don't see why kexbases (DecodePointer, etc.) wouldn't be included in the report. Renaming the DCFG1 section to BASE like I tried several days ago breaks that part of Ktree; I had to hex a special version of Ktree to get it to work. Also, modifying the contents= line itself could interfere if there was a typo on the names of standard files.

> "VerifyVersionInfoA" even shows multiple times

KernelEx provides a custom version for each profile / OS.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.