[jumper]

loblo, on 14 February 2013 - 03:04 PM, said:

By now I have come across a few apps who don't appear to be able to read or write or both. There is implementation of new file I/O APIs in KernelEx as well as fixes for file I/O APIs already present in 98/ME but I think something might still not be complete there.

A while back I assembled a set of stub definitions to duplicate the KernelEx functions that are pure stubs (so no lost functionality). I'll package them with a special version of Kstub822 so we can log what functions are being used and might need better definitions or actual implementations.

[MiKl]

Using the new 'method 2' OpenOffice 3.2.1 and MediaplayerClassic 6.4.9.1 seem to work fine but now SeaMonkey 2.0.14 crashes immediately when I try to print

Update. The new defs seem to work fine but 'something' in the new core.ini seem to cause the crashes !! So I am back using my old core.ini.

This post has been edited by MiKl: 17 February 2013 - 02:37 PM

[jumper]

> ...SeaMonkey 2.0.14 crashes immediately when I try to print ...

What was in the log file? Perhaps one of the new ActCtx definitions?

What modes are you using (with old and new core.ini)? Please try to step through the few core.ini differences and debug this for us.

[jds]

jumper, on 15 February 2013 - 11:42 PM, said:

After much definition testing, I was unable to find one for FindActCtxSectionStringW that would appease Msvcrt90.

The ActCtx definitions were introduced way back in post #10 and schwups first reported problems with it in post #15. Joe traced the main problem to FindActCtxSectionStringW in post #25. Clearly including FindActCtxSectionStringW was a big mistake (mine!), as no app is known to need it.

Removing FindActCtxSectionStringW, retaining the other new definitions, and adding similar new definitions for the rest of the (non-Find*) ActCtx clan, we get:

[Kernel32.dll]
ActivateActCtx=o2e0
AddRefActCtx=z1
CreateActCtxA=p1e0
CreateActCtxW=p1e0
DeactivateActCtx=o2e0
GetCurrentActCtx=f1e ; needs code for success
IsolationAwareCleanup=z0 ; for ActCtx/manifest
QueryActCtxSettingsW=o7e0
QueryActCtxW=o7e0
ReleaseActCtx=z1
ZombifyActCtx=o1e0 

Hi jumper,

I can confirm that HoverIP, SAPGUI for Java, Open Office 3.2.1 and Dependency Walker all seem happy with this set of definitions.

Joe.

[schwups]

schwups, on 10 July 2012 - 09:22 AM, said:

4. SuperAntiSpyware version 4.56 : The folderselection for custom scan now works.

I've managed to start  version 5.0 with Win 2kSP4 mode (XP mode should do it, too). New entry in stubs.ini: [Netapi32.dll] NetUseEnum=04 > rather guessed not known

First start: The folderselection for custom scan works. After the definitions update has finished the system crashed.

Improvement with SuperAntiSpyware:

I made it to install the latest version 5.6.1014. Kext already supports [Secur32.dll] GetUserNameExW=z3e and [Netapi32.dll] NetUseEnum=o7. To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss. SAS (SASCore.exe) doesn't start after the installation. First I have to set 2K or XP mode! This versions starts very fast. Problem with XP mode: Ugly or missing icons and missing fonts on the buttons. It looks good with 2k mode. The updater works, but the window seem to be a little incomplete. Error on start scanning, but it primarily runs by ignoring the message. Abort scanning isn't possible. I successfully scanned Memory, Registry and Cookies. When trying to scan longer and files it seems to hang during scan. And don't click the help button in preferences. The system crashes immediately!

All in all, it is not yet stable or really usable.

This post has been edited by schwups: 18 February 2013 - 08:31 AM

[jumper]

> To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss.

Check the log. If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.

[schwups]

jumper, on 18 February 2013 - 01:46 PM, said:

> To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss.

Check the log.  If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.

RegOpenUserClassesRoot isn't called anymore. 

[schwups]

Investigation of Opera 12.5 and 12.12 - perhaps useful 

I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first. 

Listed functions of the ImportPatcher - Opera version 12.12:

Spoiler

[ImportPatcher.37]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Test by loading=Y
Walk dependencies=Y
Link to copies=N
Unbind broken bindings=N
OS Subsystem Version Ceiling=4.90

[DLL replacements]

[GDI32.dll]
GdiGradientFill=
GdiDrawStream=
ClearBitmapAttributes=

[ntdll.dll]
NtConnectPort=
NtRequestWaitReplyPort=
RtlUnhandledExceptionFilter=
RtlCreateUserThread=
NtQueryInformationProcess=
NtOpenFile=
RtlTimeToTimeFields=
RtlQueryEnvironmentVariable_U=
NtMapViewOfSection=
NtCreateSection=
NtQueryInformationFile=
NtUnmapViewOfSection=
NtProtectVirtualMemory=
NtFreeVirtualMemory=
NtQuerySystemInformation=
NtQueryVirtualMemory=
RtlxAnsiStringToUnicodeSize=
NlsMbCodePageTag=
RtlInitString=
RtlDoesFileExists_U=
RtlGetFullPathName_U=
RtlUnicodeStringToInteger=
NtWriteFile=
NtQueryAttributesFile=
RtlGetVersion=
NtSetInformationFile=
strpbrk=
strspn=
NtQueryDirectoryFile=
RtlGUIDFromString=
NtEnumerateValueKey=
NtQueryKey=
NtCreateKey=
NtSetValueKey=
NtSetInformationKey=
NtDeleteKey=
NtDeleteValueKey=
_wcsnicmp=
wcsspn=
strncpy=
atol=
isdigit=
wcscmp=
RtlSecondsSince1970ToTime=
RtlUpcaseUnicodeChar=
RtlUpcaseUnicodeString=
RtlCopyUnicodeString=
RtlUpcaseUnicodeToMultiByteN=
LdrAccessResource=
LdrFindResource_U=
wcsncpy=
RtlFormatCurrentUserKeyPath=
RtlAppendUnicodeStringToString=
RtlAppendUnicodeToString=
_alloca_probe=
_chkstk=
_snwprintf=
swprintf=
RtlDuplicateUnicodeString=
LdrGetDllHandle=
RtlDosPathNameToNtPathName_U=
RtlpEnsureBufferSize=
RtlNtPathNameToDosPathName=
RtlStringFromGUID=
RtlExpandEnvironmentStrings_U=
NtOpenKey=
NtQueryValueKey=
NtClose=
RtlFreeAnsiString=
qsort=

[USER32.dll]
RegisterUserApiHook=
UnregisterUserApiHook=
IsServerSideWindow=
PaintMenuBar=
CalcMenuBar=
IsWindowInDestroy=
GetWindowRgnBox=

[Patches needed]
UxTheme.dll=Functions, Unbind
appHelp.dll=Functions, Unbind
SHLWAPI.dll=DLLs
opera.dll=Subsystem, DLLs

[KERNEL32.dll]
BaseDumpAppcompatCache=
BaseFlushAppcompatCache=
BaseCheckAppcompatCache=
BaseUpdateAppcompatCache=

First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?"



1. The setup of version 12.12 1707
The setup exit silently.

2. Try to start 12.12 / 12.10 (runs in the backround only)

3. Attempt start and run 12.5 1546 (first version with the internal communications error)

In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.

The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.


The Explorer don't like "NtOpenKey=?"! 

[jumper]

According to MSDN - RegOpenUserClassesRoot function (Windows), these definitions should all work well:

[Advapi32.dll]
RegOpenUserClassesRoot=r120s4
RegOpenUserClassesRoot=t4
RegOpenUserClassesRoot=o4 

The 'e0' isn't needed as the LastError isn't set.

"r120s4" would provide the best desciption of the failure.

This post has been edited by jumper: 19 February 2013 - 01:54 PM

[loblo]

schwups, on 19 February 2013 - 01:15 PM, said:

Investigation of Opera 12.5 and 12.12 - perhaps useful 

I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first. 

Listed functions of the ImportPatcher - Opera version 12.12:

Spoiler

[ImportPatcher.37]
;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]
Test by loading=Y
Walk dependencies=Y
Link to copies=N
Unbind broken bindings=N
OS Subsystem Version Ceiling=4.90

[DLL replacements]

[GDI32.dll]
GdiGradientFill=
GdiDrawStream=
ClearBitmapAttributes=

[ntdll.dll]
NtConnectPort=
NtRequestWaitReplyPort=
RtlUnhandledExceptionFilter=
RtlCreateUserThread=
NtQueryInformationProcess=
NtOpenFile=
RtlTimeToTimeFields=
RtlQueryEnvironmentVariable_U=
NtMapViewOfSection=
NtCreateSection=
NtQueryInformationFile=
NtUnmapViewOfSection=
NtProtectVirtualMemory=
NtFreeVirtualMemory=
NtQuerySystemInformation=
NtQueryVirtualMemory=
RtlxAnsiStringToUnicodeSize=
NlsMbCodePageTag=
RtlInitString=
RtlDoesFileExists_U=
RtlGetFullPathName_U=
RtlUnicodeStringToInteger=
NtWriteFile=
NtQueryAttributesFile=
RtlGetVersion=
NtSetInformationFile=
strpbrk=
strspn=
NtQueryDirectoryFile=
RtlGUIDFromString=
NtEnumerateValueKey=
NtQueryKey=
NtCreateKey=
NtSetValueKey=
NtSetInformationKey=
NtDeleteKey=
NtDeleteValueKey=
_wcsnicmp=
wcsspn=
strncpy=
atol=
isdigit=
wcscmp=
RtlSecondsSince1970ToTime=
RtlUpcaseUnicodeChar=
RtlUpcaseUnicodeString=
RtlCopyUnicodeString=
RtlUpcaseUnicodeToMultiByteN=
LdrAccessResource=
LdrFindResource_U=
wcsncpy=
RtlFormatCurrentUserKeyPath=
RtlAppendUnicodeStringToString=
RtlAppendUnicodeToString=
_alloca_probe=
_chkstk=
_snwprintf=
swprintf=
RtlDuplicateUnicodeString=
LdrGetDllHandle=
RtlDosPathNameToNtPathName_U=
RtlpEnsureBufferSize=
RtlNtPathNameToDosPathName=
RtlStringFromGUID=
RtlExpandEnvironmentStrings_U=
NtOpenKey=
NtQueryValueKey=
NtClose=
RtlFreeAnsiString=
qsort=

[USER32.dll]
RegisterUserApiHook=
UnregisterUserApiHook=
IsServerSideWindow=
PaintMenuBar=
CalcMenuBar=
IsWindowInDestroy=
GetWindowRgnBox=

[Patches needed]
UxTheme.dll=Functions, Unbind
appHelp.dll=Functions, Unbind
SHLWAPI.dll=DLLs
opera.dll=Subsystem, DLLs

[KERNEL32.dll]
BaseDumpAppcompatCache=
BaseFlushAppcompatCache=
BaseCheckAppcompatCache=
BaseUpdateAppcompatCache=

First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?"



1. The setup of version 12.12 1707
The setup exit silently.

2. Try to start 12.12 / 12.10 (runs in the backround only)

3. Attempt start and run 12.5 1546 (first version with the internal communications error)

In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.

The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.


The Explorer don't like "NtOpenKey=?"! 

I tried running current Opera 12.14 yesterday with iphlpapi4 and it almost starts, it creates a bunch of files in the appdata folder as it should, connects with Opera website and exchanges a bit of data with it and then an error message pops that says:

Quote

'Autoupdate' failed init: -2

When I click OK, Opera exits without having initialized a GUI.

I also tried with a dummy iphlpapi I made and the same happens except that Opera crashes before I have the time to click OK on the error dialog.

I get the same results as with iphlpapi4 by using kexstub ini like that:

Quote

[iphlpapi.dll]
CancelIPChangeNotify=
GetAdaptersAddresses=t5e0

Other values also work but I don't remember which now and other crash Opera as with the dummy iphlpapi.

Opera's going to change a lot dependencywise I guess btw as it's going to be using chrome as its rendering engine in the near future. (from bad to worse)

Edit: There doesn't appear to be a plugin wrapper executable either in this version btw.

This post has been edited by loblo: 19 February 2013 - 04:16 PM

[jumper]

schwups, on 12 February 2013 - 03:58 AM, said:

schwups, on 10 February 2013 - 11:49 AM, said:

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty.


Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822 - *ActCtx* functions commented out

Supplement:


The ImportPatcher generats this ini file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.

The difference:


[ntdll.dll]

NtStopProfile=
RtlUnicodeToOemN=
_chkstk=
RtlAdjustPrivilege=
NtSetIntervalProfile=
NtStartProfile=
NtSetInformationProcess=

[Patches needed]
PSAPI.DLL=Functions, Unbind

This appears to be a debug build (_chkstk and profiling apis). Perhaps it's a beta???

[jumper]

loblo, on 06 February 2013 - 02:23 AM, said:

I confirm that iphlpapi4 doesn't work with the Windows Me version of iphlpapi.

I have now replaced the ME version (4.90.3000) in the sysdir with the 98SE one (5.0.1717.2) and it works OK which is cool.

Successfully tested with the program Zulu btw: http://www.nch.com.au/dj/index.html

According to Depends, 98SE contain the following 86 exports in Iphlpapi.dll:

Spoiler

AddIPAddress
AllocateAndGetArpEntTableFromStack
AllocateAndGetIfTableFromStack
AllocateAndGetIpAddrTableFromStack
AllocateAndGetIpForwardTableFromStack
AllocateAndGetIpNetTableFromStack
AllocateAndGetTcpTableFromStack
AllocateAndGetUdpTableFromStack
CreateIpForwardEntry
CreateIpNetEntry
CreateProxyArpEntry
DeleteIPAddress
DeleteIpForwardEntry
DeleteIpNetEntry
DeleteProxyArpEntry
GetAdapterIndex
GetAdaptersInfo
GetBestInterface
GetBestInterfaceFromStack
GetBestRoute
GetBestRouteFromStack
GetFriendlyIfIndex
GetIcmpStatistics
GetIcmpStatsFromStack
GetIfEntry
GetIfEntryFromStack
GetIfTable
GetIfTableFromStack
GetInterfaceInfo
GetIpAddrTable
GetIpAddrTableFromStack
GetIpForwardTable
GetIpForwardTableFromStack
GetIpNetTable
GetIpNetTableFromStack
GetIpStatistics
GetIpStatsFromStack
GetNetworkParams
GetNumberOfInterfaces
GetRTTAndHopCount
GetTcpStatistics
GetTcpStatsFromStack
GetTcpTable
GetTcpTableFromStack
GetUdpStatistics
GetUdpStatsFromStack
GetUdpTable
GetUdpTableFromStack
GetUniDirectionalAdapterInfo
InternalCreateIpForwardEntry
InternalCreateIpNetEntry
InternalDeleteIpForwardEntry
InternalDeleteIpNetEntry
InternalGetIfTable
InternalGetIpAddrTable
InternalGetIpForwardTable
InternalGetIpNetTable
InternalGetTcpTable
InternalGetUdpTable
InternalSetIfEntry
InternalSetIpForwardEntry
InternalSetIpNetEntry
InternalSetIpStats
InternalSetTcpEntry
IpHlpDllEntry
IpReleaseAddress
IpRenewAddress
IsLocalAddress
NotifyAddrChange
NotifyRouteChange
NTPTimeToNTFileTime
NTTimeToNTPTime
SendARP
SetIfEntry
SetIfEntryToStack
SetIpForwardEntry
SetIpForwardEntryToStack
SetIpNetEntry
SetIpNetEntryToStack
SetIpRouteEntryToStack
SetIpStatistics
SetIpStatsToStack
SetIpTTL
SetProxyArpEntryToStack
SetTcpEntry
SetTcpEntryToStack

What's the count and list for the ME version? I should be able to make the wrapper compatible with both.

[jds]

jumper, on 15 February 2013 - 11:42 PM, said:

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome!

Hi jumper,

I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :

[KERNEL32.DLL]
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
"SetProcessDEPPolicy"
"LocaleNameToLCID"
"LCIDToLocaleName"

[OLE32.DLL]
"DcomChannelSetHResult"
"CoGetClassInfo"
"CLSIDFromProgIDEx"

[USER32.DLL]
"SetProcessDPIAware"
"GetGestureInfo"
"CloseGestureInfoHandle"
"GetGestureExtraArgs"
"SetGestureConfig"
"GetGestureConfig"

[NTDLL.DLL]
"LdrUnloadDll"
"LdrLoadDll"

[MSVCRT.DLL]
"_get_terminate"

[SHELL32.DLL]
"SHGetKnownFolderPath"

[GDI32.DLL]
"GdiRealizationInfo"
"FontIsLinked"

[USERENV.DLL]
"EnterCriticalPolicySection"
"LeaveCriticalPolicySection"

The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.

Joe.

Edit 1 : Deleted some functions that shouldn't have been listed.
Edit 2 : Added 'userenv.dll' functions.

This post has been edited by jds: 02 March 2013 - 05:26 AM

[schwups]

I've two versions of IPHlpApi.dll (4.90.3000 47KB and 4.90.3001 39KB), but the Dependency Walker lists for both the same 117 functions in the export list.

Spoiler

AddIPAddress
AllocateAndGetArpEntTableFromStack
AllocateAndGetIfTableFromStack
AllocateAndGetIpAddrTableFromStack
AllocateAndGetIpForwardTableFromStack
AllocateAndGetIpNetTableFromStack
AllocateAndGetTcpTableFromStack
AllocateAndGetUdpTableFromStack
CreateIpForwardEntry
CreateIpNetEntry
CreateProxyArpEntry
DeleteIPAddress
DeleteIpForwardEntry
DeleteIpNetEntry
DeleteProxyArpEntry
EnableRouter
FlushIpNetTable
FlushIpNetTableFromStack
GetAdapterIndex
GetAdapterOrderMap
GetAdaptersInfo
GetBestInterface
GetBestInterfaceFromStack
GetBestRoute
GetBestRouteFromStack
GetFriendlyIfIndex
GetIcmpStatistics
GetIcmpStatsFromStack
GetIfEntry
GetIfEntryFromStack
GetIfTable
GetIfTableFromStack
GetIgmpList
GetInterfaceInfo
GetIpAddrTable
GetIpAddrTableFromStack
GetIpForwardTable
GetIpForwardTableFromStack
GetIpNetTable
GetIpNetTableFromStack
GetIpStatistics
GetIpStatsFromStack
GetNetworkParams
GetNumberOfInterfaces
GetPerAdapterInfo
GetRTTAndHopCount
GetTcpStatistics
GetTcpStatsFromStack
GetTcpTable
GetTcpTableFromStack
GetUdpStatistics
GetUdpStatsFromStack
GetUdpTable
GetUdpTableFromStack
GetUniDirectionalAdapterInfo
InternalCreateIpForwardEntry
InternalCreateIpNetEntry
InternalDeleteIpForwardEntry
InternalDeleteIpNetEntry
InternalGetIfTable
InternalGetIpAddrTable
InternalGetIpForwardTable
InternalGetIpNetTable
InternalGetTcpTable
InternalGetUdpTable
InternalSetIfEntry
InternalSetIpForwardEntry
InternalSetIpNetEntry
InternalSetIpStats
InternalSetTcpEntry
IpReleaseAddress
IpRenewAddress
IsLocalAddress
NTPTimeToNTFileTime
NTTimeToNTPTime
NhGetGuidFromInterfaceName
NhGetInterfaceNameFromGuid
NhpAllocateAndGetInterfaceInfoFromStack
NhpGetInterfaceIndexFromStack
NotifyAddrChange
NotifyRouteChange
NotifyRouteChangeEx
_PfAddFiltersToInterface@24
_PfAddGlobalFilterToInterface@8
_PfBindInterfaceToIPAddress@12
_PfBindInterfaceToIndex@16
_PfCreateInterface@24
_PfDeleteInterface@4
_PfDeleteLog@0
_PfGetInterfaceStatistics@16
_PfMakeLog@4
_PfRebindFilters@8
_PfRemoveFilterHandles@12
_PfRemoveFiltersFromInterface@20
_PfRemoveGlobalFilterFromInterface@8
_PfSetLogBuffer@28
_PfTestPacket@20
_PfUnBindInterface@4
SendARP
SetAdapterIpAddress
SetBlockRoutes
SetIfEntry
SetIfEntryToStack
SetIpForwardEntry
SetIpForwardEntryToStack
SetIpMultihopRouteEntryToStack
SetIpNetEntry
SetIpNetEntryToStack
SetIpRouteEntryToStack
SetIpStatistics
SetIpStatsToStack
SetIpTTL
SetProxyArpEntryToStack
SetRouteWithRef
SetTcpEntry
SetTcpEntryToStack
UnenableRouter

I wasn't aware that Xeno86 set  the KernelEX mode by default for the dll to disabled.  

[loblo]

jds, on 20 February 2013 - 03:22 AM, said:

jumper, on 15 February 2013 - 11:42 PM, said:

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome!

Hi jumper,

I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :

[KERNEL32.DLL]
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
"GetUserDefaultUILanguage"
"GetModuleHandleExA"
"VerSetConditionMask"
"VerifyVersionInfoA"
"DecodePointer"
"EncodePointer"
"SetProcessDEPPolicy"
"LocaleNameToLCID"
"LCIDToLocaleName"

[OLE32.DLL]
"DcomChannelSetHResult"
"CoGetClassInfo"
"CLSIDFromProgIDEx"
"DcomChannelSetHResult"

[USER32.DLL]
"AllowSetForegroundWindow"
"SetProcessDPIAware"
"GetGestureInfo"
"CloseGestureInfoHandle"
"GetGestureExtraArgs"
"SetGestureConfig"
"GetGestureConfig"

[NTDLL.DLL]
"LdrUnloadDll"
"LdrLoadDll"

[MSVCRT.DLL]
"_get_terminate"

[SHELL32.DLL]
"SHGetKnownFolderPath"

[GDI32.DLL]
"GdiRealizationInfo"
"FontIsLinked"

The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.

Joe.

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

[schwups]

jumper, on 19 February 2013 - 11:29 PM, said:

schwups, on 12 February 2013 - 03:58 AM, said:

schwups, on 10 February 2013 - 11:49 AM, said:

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty.


Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822  - *ActCtx* functions commented out

Supplement:


The ImportPatcher generats this ini file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.

The difference:


[ntdll.dll]

NtStopProfile=
RtlUnicodeToOemN=
_chkstk=
RtlAdjustPrivilege=
NtSetIntervalProfile=
NtStartProfile=
NtSetInformationProcess=

[Patches needed]
PSAPI.DLL=Functions, Unbind

This appears to be a debug build (_chkstk and profiling apis). Perhaps it's a beta???

µTorrent 3.0.0 build 26473 - According to Filehippo/horse is it no beta.

[jds]

loblo, on 20 February 2013 - 06:48 AM, said:

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

Hi loblo,

If that's true, then something's wrong with my system (hey, that's a distinct possibility!). I checked them all with 'ktree9'.

Joe.

[loblo]

jds, on 20 February 2013 - 08:24 AM, said:

loblo, on 20 February 2013 - 06:48 AM, said:

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

Hi loblo,

If that's true, then something's wrong with my system (hey, that's a distinct possibility!). I checked them all with 'ktree9'.

Joe.

There must be something wrong then as:

DecodePointer
EncodePointer
VerifyVersionInfoA
VerSetConditionMask

and perhaps others as those are only those I immediately spotted by looking at your list. I've just checked the 4 of them in Ktree and they all appear here.

[jds]

loblo, on 20 February 2013 - 08:56 AM, said:

There must be something wrong then as:

DecodePointer
EncodePointer
VerifyVersionInfoA
VerSetConditionMask

and perhaps others as those are only those I immediately spotted by looking at your list. I've just checked the 4 of them in Ktree and they all appear here.

Hi loblo,

Yes, you're right! I've just deleted "GetUserDefaultUILanguage", "GetModuleHandleExA", VerSetConditionMask", "VerifyVersionInfoA", "DecodePointer", "EncodePointer" and "AllowSetForegroundWindow" from the list. I don't know why they weren't showing up last night, but they do today ("VerifyVersionInfoA" even shows multiple times). I might miss one or two, but not that many. Perhaps some subtle stability issue, even though shutdown was uneventful?

Joe.

[jumper]

Ktree reads the KernelEx install folder from the registry, reads Core.ini to get the [DCFG1] content= DLL list, then loads each DLL from within the install folder and calls get_api_table() on it. Any errors are reported in the Core.ini section (too late to check now!).

Assuming you had KernelEx installed, Core.ini was not open in some app that read-locks it, and you weren't booted with an experimental Core.ini, I don't see why kexbases (DecodePointer, etc.) wouldn't be included in the report. Renaming the DCFG1 section to BASE like I tried several days ago breaks that part of Ktree; I had to hex a special version of Ktree to get it to work. Also, modifying the contents= line itself could interfere if there was a typo on the names of standard files.

> "VerifyVersionInfoA" even shows multiple times

KernelEx provides a custom version for each profile / OS.