Jump to content

Hex Editor and Dependency Walker Newbie


Recommended Posts

I'm hoping to contribute expanding KernelEx one day (But I honestly have no idea how to code). I downloaded the Hex editor and Dependency Walker linked on Jumper's kernelex project page. So far I'm figuring out how to use this thing, could I remove parts of the code that prevent the program from installing on Windows 9x? Doing a little experiment with NanoBrowser and Sleipnir 3, so far these two are the only web browsers I've found without any missing dependencies that give errors in the program. I'm extremely new to this hex editor stuff and have no idea what grey means. Both refuse to open because of my windows version.

I also downloaded Microsoft's SDK for Win 9x as well (Never really used C++ before...)

snapshot 2.png

snapshot.png

Edited by ~♥Aiko♥Chan♥~
Link to comment
Share on other sites


A detailed description comes with the Dependency Walker (DEPENDS.CHM). The symbols are explained in "Understanding the Module Session". Be aware, that the Dependency Walker doesn't show any API functions supported by KernelEX.

The subject is very complex. I hope I'll have more time to learn in the future.:)
 

Link to comment
Share on other sites

You can directly put api in kernel like blackwingcat

Use following methods

*Expand Export table and add new section with pemaker.

*Trace out code ida pro or win32dasm

*Put  code somewhere in your newly added section

*Point the Real entry (RVA) with pemaker with the function name

*Adjust relocation with pemaker

I personally use MODEXP by Rloew  for most work also pemaker greatly helps.

You can use cff explorer for getting rva from file offset

Dependency of setup will not do anything try extracting setup then check extracted main exe dll files with dependency walker .

I have no idea how kernelex for 9x work . Any one can explain me?

Link to comment
Share on other sites

On 12/22/2016 at 7:35 AM, Dibya said:

You can directly put api in kernel like blackwingcat

Use following methods

*Expand Export table and add new section with pemaker.

*Trace out code ida pro or win32dasm

*Put  code somewhere in your newly added section

*Point the Real entry (RVA) with pemaker with the function name

*Adjust relocation with pemaker

I personally use MODEXP by Rloew  for most work also pemaker greatly helps.

You can use cff explorer for getting rva from file offset

Dependency of setup will not do anything try extracting setup then check extracted main exe dll files with dependency walker .

I have no idea how kernelex for 9x work . Any one can explain me?

Now I just need to figure out where the dll's are located in Windows 98...I have no idea how to really code so I'm going to go through a bit of trial and error with making stubs. This is gonna be a lot of fun >.< (If I can even get started and figure out where the important things are)

What's MODEXP? Could you share it with me?

Edited by ~♥Aiko♥Chan♥~
Link to comment
Share on other sites

13 minutes ago, ~♥Aiko♥Chan♥~ said:

Now I just need to figure out where the dll's are located in Windows 98...I have no idea how to really code so I'm going to go through a bit of trial and error with making stubs. This is gonna be a lot of fun >.< (If I can even get started and figure out where the important things are)

What's MODEXP? Could you share it with me?

You can ask Rloew it costs $11 .  You can do same with pemaker

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...