Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
~♥Aiko♥Chan♥~

Hex Editor and Dependency Walker Newbie

Recommended Posts

I'm hoping to contribute expanding KernelEx one day (But I honestly have no idea how to code). I downloaded the Hex editor and Dependency Walker linked on Jumper's kernelex project page. So far I'm figuring out how to use this thing, could I remove parts of the code that prevent the program from installing on Windows 9x? Doing a little experiment with NanoBrowser and Sleipnir 3, so far these two are the only web browsers I've found without any missing dependencies that give errors in the program. I'm extremely new to this hex editor stuff and have no idea what grey means. Both refuse to open because of my windows version.

I also downloaded Microsoft's SDK for Win 9x as well (Never really used C++ before...)

snapshot 2.png

snapshot.png

Edited by ~♥Aiko♥Chan♥~

Share this post


Link to post
Share on other sites

schwups    7

A detailed description comes with the Dependency Walker (DEPENDS.CHM). The symbols are explained in "Understanding the Module Session". Be aware, that the Dependency Walker doesn't show any API functions supported by KernelEX.

The subject is very complex. I hope I'll have more time to learn in the future.:)
 

  • Upvote 1

Share this post


Link to post
Share on other sites
Dibya    229

You can directly put api in kernel like blackwingcat

Use following methods

*Expand Export table and add new section with pemaker.

*Trace out code ida pro or win32dasm

*Put  code somewhere in your newly added section

*Point the Real entry (RVA) with pemaker with the function name

*Adjust relocation with pemaker

I personally use MODEXP by Rloew  for most work also pemaker greatly helps.

You can use cff explorer for getting rva from file offset

Dependency of setup will not do anything try extracting setup then check extracted main exe dll files with dependency walker .

I have no idea how kernelex for 9x work . Any one can explain me?

  • Upvote 1

Share this post


Link to post
Share on other sites
On 12/22/2016 at 7:35 AM, Dibya said:

You can directly put api in kernel like blackwingcat

Use following methods

*Expand Export table and add new section with pemaker.

*Trace out code ida pro or win32dasm

*Put  code somewhere in your newly added section

*Point the Real entry (RVA) with pemaker with the function name

*Adjust relocation with pemaker

I personally use MODEXP by Rloew  for most work also pemaker greatly helps.

You can use cff explorer for getting rva from file offset

Dependency of setup will not do anything try extracting setup then check extracted main exe dll files with dependency walker .

I have no idea how kernelex for 9x work . Any one can explain me?

Now I just need to figure out where the dll's are located in Windows 98...I have no idea how to really code so I'm going to go through a bit of trial and error with making stubs. This is gonna be a lot of fun >.< (If I can even get started and figure out where the important things are)

What's MODEXP? Could you share it with me?

Edited by ~♥Aiko♥Chan♥~

Share this post


Link to post
Share on other sites
Dibya    229
13 minutes ago, ~♥Aiko♥Chan♥~ said:

Now I just need to figure out where the dll's are located in Windows 98...I have no idea how to really code so I'm going to go through a bit of trial and error with making stubs. This is gonna be a lot of fun >.< (If I can even get started and figure out where the important things are)

What's MODEXP? Could you share it with me?

You can ask Rloew it costs $11 .  You can do same with pemaker

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×