Leaderboard

Hi Just made an account here, I have been following threads on this forums ‘anonymously’ for quite some time now, and wanted to share a few words about this. Nothing makes him special, really. For what is worth, I do not like that he did not open source the project. I mean, I don’t know, from my philosophy and point of view, you shouldn’t charge for projects like this, but whatever, that does not matter, I myself ‘donated’ (read: paid) for this software a good few years back as well. Thing is, it takes a lot of time to research these kinds of projects, and yeah, it teaches you a lot, but there is no financial incentive to doing it. Not short term, not long term. So you need to have some spare time which a lot of people do not have much. Like, take security researchers, that do a similar thing, they play around looking with whatever tools they have available to the inner workings of various pieces of software. BigMuscle here did the same for DWM. Yet, security researchers have the incentive that if they find some critical vulnerability, they get paid by Google etc. Hacking DWM serves no one’s business interest, so... you get what I mean. Anyway, developing this kind of software is pretty hard and becomes tedious and boring easily. You work only with closed source code, you have access only to binaries you can disassemble to various degrees and fortunately, for Windows files, Microsoft offers you symbols, which are little pieces of information that augment the binary ‘code’. That’s it, from there on, you have to look and understand all their architecture, how things piece together and so on. This is tremendous work, and even with financial incentives, it takes time, sometimes you get it wrong etc. Also, the appeal to doing this gets even lower because once you publish it, you have to support it, people will like it and demand it gets ‘updated’ with every release of the Windows OS, and in a timely manner of course. And this complicates the initial problem: you have to find ways to patch it in a way that is less likely to break on newer versions, so that you minimize your work when a new update comes. That again, it consumes a few resources, and especially a lot of time. And also, what programmers try to do when they encounter projects like this, is try to reuse old dormant code that’s still in the binary from previous versions, by maybe also looking on binaries from older versions of the software that had what they wanted. It is pretty hard to develop new stuff for a closed source binary with hardly any public interfaces... Now, regarding DWM, it changed quite a bit in Windows 10 2004. A good couple of the methods BigMuscle hooked in pre-2004 are simply not there in the new DWM. Microsoft actually changed a lot of the underlying architecture. What exactly, for what purpose, what is the high level meaning behind it? I did not have time to look enough at it to figure it out. Also, I had a try at this myself as well. I disassembled BM’s Aero Glass a while ago and looked a bit on it a while ago and gathering a few ideas from there, I coded a utility that changed the title bar text in Windows 10 to be centered. “Version 1” was pretty future proof, but had some edge cases which were still problematic, plus it did not do it quite like Windows 8 did it. I researched a lot more and was able to now fix my main issue with it, namely centering the text between the window borders, not the icon and minimize button. But it took considerably more time and effort and hooking to achieve this minor effect. I looked on DWM a bit more (BigMuscle did the same, but probably on way more of it then I did until now) and could ‘easily’ do a lot of stuff. You know acrylic (aka blur behind)? I enabled that on all title bars via DWM, it looks pretty awesome, I’d daily drive that. Imo it looks even better than Aero Glass, but that’s not the point. Point is it can be done, I relatively easily have done it myself, there were some rough edges of course, but I played with it. Some other stuff came up, did not really had time to work on it anymore, at least for the moment. But maintaining the kind of hacks required for releasing a public version of this is insane. People want UIs, configuration etc, for a niche and specialized thing like this, even command line arguments are too much, I’d rather DEFINE some stuff and compile it for each user’s taste. And there also is not a community keen on developing this. A one man army on this is not feasible, but maybe a team, on a public Git could each member write small bits and get somewhere. That’s why I believe, for e.g., that BM better open sourced it. Even in its now broken state with a lot of the code not that useful on newer Windows builds, still, it is a starting point. In a closed binary, without even symbols, it is uselessly lost knowledge, unfortunately, as no one has the time and incentive, as I said, to take a look at it. There are brilliant programmers out there, but this does not pay off that much. Anyway, I write this on mobile. Maybe when I open the PC I could upload a screenshot of my ‘Aero Glass’, but I don’t want to needlessly tease. Because this probably will never ship. An optimistic plan is to integrate this with my previously mentioned tool, but in the state of mess (coding wise) it is at the moment, it may take a while, especially not having a lot of time to work on this. What I can do in the mean time, is leave you a link to WinCenterTitle (https://github.com/valinet/WinCenterTitle), this software I mentioned that centers your title bar text. If you go to releases to download binaries, the latest modifications are in a pre releas version situated there. So that’s the story of it, at least how I see it. Edit: Yeah, also, forgot to say, what is pathetic here is that DWM is closed source, especially considering that third parties cannot really do compositors for Windows. I mean, I blame Microsoft here, it would be so cool to have official, powerful mechanisms to hook into it and do cool stuff. With that, I tell you, in 2 weeks someone will implement, for e.g., the genie effect when minimizing windows and all sorts of crazy stuff. It is pretty much a shame they also have this mess lately (some stuff that should be in DWM is in Explorer for some reason, like Win Tab, Alt Tab, Snap Assist etc) and also do not realistically look forward to collaborating with the enthusiasts; DWM is actually a pretty decent compositor and window manager.

Summary: For a long time, there have been 2 choices for extended kernels and both of them have their exclusives that aren't present in the other extended kernel. WildBill's extended kernel has many exclusive ntdll functions, SxS support, and a few exclusive functions in other files. BlackWingCat's extended kernel has many exclusive kernel32 functions (and some in other files). The big issue is that ntdll and kernel32 cannot be mixed, forcing people to choose between a better kernel32 or a better ntdll. The main goal of KernelXE is to eliminate this issue. ⚠️ This is beta software. Don't expect it to be stable. ⚠️ KernelXE Lite: KernelXE Lite is a smaller and reduced version of KernelXE that only contains files that are stable and compatible with BlackWingCat's extended kernel. KernelXE Lite is not compatible with full KernelXE and is meant to be installed on top of BlackWingCat's extended kernel. rv1 changes: Added custom BlackWingCat ntdll.dll with RtlIpv6StringToAddressExW and RtlSetLastWin32Error. ⚠️ Make sure to install the WildBill Update Collection BEFORE KernelXE. It is required and your system will be unbootable if you install KernelXE first. ⚠️ Downloads: KernelXE v0.2.4.2 KernelXE v0.2.5-rv1 Lite WildBill Update Collection The future of KernelXE and what I have been doing: As kernel32 grew, problems started to occur, like blank spaces in code, bugged code, and not enough space to add certain things. I decided to re-extend kernel32. This means redoing the entirety of .patch, which is where all non-Microsoft code is stored. Specifically in kernel32, I haven't had enough space in .data to add the data needed for some LCID related functions that are extremely commonly used in programs. I have already re-extended gdi32, and I may re-extend some other file if I need to. There won't be a new release of KernelXE for a long time, but when it finally comes, KernelXE may actually be a suitable alternative to BlackWingCat's extended kernel. Changelog: Public Beta 1: Initial Public Release Public Beta 2: Exported real CreateActCtxW as CreateActCtxB to prevent explorer.exe crashing. Added CreateActCtxW stub to take care of programs that call it while fixing the real function. Moved QueryUnbiasedInterruptTime, SetThreadStackGuarantee, K32EmptyWorkingSet, and GetNativeSystemInfo to .text Added idndl.dll, normaliz.dll, and the nls files normaliz.dll uses to the update package. v0.2.3: First version of KernelXE with new versioning system Full changelog inside update installer. v0.2.3.1: Added updated DirectSound library Added updated hotplug.dll and stobject.dll Added Windows Server 2003 msvcrt.dll Added BlackWingCat's Reiwa compatible locale.nls v0.2.4: Added PAE Added this HAL Timer fix Added Windows Vista msvcrt.dll Added KeAcquireInStackQueuedSpinLockRaiseToSynch and HalConvertIdtToIrql to all HALs Added KernelXE branded bootscreens Added some ntoskrnl functions (list in full changelog) v0.2.4-rv1: Added exFAT stuff (update.inf was weird) v0.2.4.1: Removed exFAT stuff Fixed and cleaned up update.inf Replaced Vista msvcrt with Server 2003 msvcrt (Vista msvcrt causes a BSOD related to winsrv) Added Kernel Mode Driver Framework Added WinUSB v0.2.4.2: Added some user32 stubs requested by piotrhn Added a missing piece of code in CreateActCtxB Updated msvcrt to 7.0.6002.22755 (Vista) Changed version block to check if the NT major version is 5 and removed NT minor version checking. Fixed loading bar not appearing in bootscreen Lots of new files Programs: Relocation Section Editor - Only one that handles huge relocation tables like the one in ntoskrnl. Executable | Source Code

The question marks indicate that no memory is mapped at that address or it is otherwise not readable. ntdll!RtlpWaitOrTimerCallout+0x73 0x73 bytes into this function is the next instruction after a CALL instruction. Its address is the return address pushed onto the stack by the CALL. IP = instruction pointer 077444f6 seems to be the callback address of the executable code for an event handler. It was probably in a DLL that was prematurely unloaded.

Unfortunately very intermittent faults which cannot be triggered at will are always extremely difficult to pin down. I agree that ntdll.dll is extremely unlikely to be the culprit, it's recorded as having been involved in the crash, but it probably wouldn't have actually caused it. I think the only thing you can do is to uninstall the K-Lite Codec Pack and see if the problem goes away, as it seemed to appear after you installed it. I realise this isn't ideal, as it could be months before you can prove whether the problem has actually gone away or not! Incidentally, you said you installed K-Lite version 13.8.5. My understanding is that the last XP compatible version is 13.8.2, which is an update to the last compatible full version which is 13.8.0. It is just possible that 13.8.5 does in fact contain something which isn't actually XP compatible, and is causing the problem. I have had 13.8.2 installed for several years, and it has caused no problems, so perhaps trying that version might be an idea.

Authy is working with kernelex, thanks so much!

a workaround has been pushed to repo.

Well here's what I managed to pull out of it, FWIW - Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\Dump Folder\explorer crash.dmp] User Mini Dump File with Full Memory: Only application data is available Comment: '2nd_chance_AccessViolation_exception_in_EXPLORER.EXE_running_on_YOUR-7D8859AF69' Symbol search path is: srv*d:\programf\microsof\windowss.1\debuggin\symbols*http://msdl.microsoft.com/download/symbols;symsrv*symsrv.dll*d:\win-nt\localsymbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible Product: WinNt, suite: SingleUserTS Machine Name: Debug session time: Wed Jul 8 10:02:31.000 2020 (UTC + 0:00) System Uptime: 11 days 13:04:15.434 Process Uptime: 4 days 5:46:39.000 ................................................................ ................................................................ ................................. Loading unloaded module list .............. This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (f4c.454): Access violation - code c0000005 (first/second chance not available) eax=0174fc9c ebx=00000000 ecx=00000000 edx=00000000 esi=077444f6 edi=04d069f0 eip=077444f6 esp=0174fc84 ebp=0174fccc iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 077444f6 ?? ??? 0:003> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* Failed calling InternetOpenUrl, GLE=12029 FAULTING_IP: +73 077444f6 ?? ??? EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 077444f6 ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 077444f6 Attempt to read from address 077444f6 DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR PROCESS_NAME: explorer.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 077444f6 READ_ADDRESS: 077444f6 FOLLOWUP_IP: ntdll!RtlpWaitOrTimerCallout+73 7c927d39 834dfcff or dword ptr [ebp-4],0FFFFFFFFh FAILED_INSTRUCTION_ADDRESS: +1e22faf00fddf58 077444f6 ?? ??? MOD_LIST: <ANALYSIS/> NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 IP_ON_HEAP: 077444f6 IP_IN_FREE_BLOCK: 77444f6 FAULTING_THREAD: 00000454 PRIMARY_PROBLEM_CLASS: BAD_INSTRUCTION_PTR BUGCHECK_STR: APPLICATION_FAULT_BAD_INSTRUCTION_PTR_INVALID_POINTER_READ LAST_CONTROL_TRANSFER: from 7c927d39 to 077444f6 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 0174fc80 7c927d39 04d069f0 00000000 0014e800 0x77444f6 0174fccc 7c92a600 077444f6 04d069f0 00000000 ntdll!RtlpWaitOrTimerCallout+0x73 0174fcf8 7c92a54e 0014e800 00000004 00000020 ntdll!RtlpProcessWaitCompletion+0x112 0174ffb4 7c80b729 00000000 00000020 00f4fce4 ntdll!RtlpWaitThread+0x277 0174ffec 00000000 7c92a3f3 00000000 00000000 kernel32!BaseThreadStart+0x37 STACK_COMMAND: ~3s; .ecxr ; kb SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: ntdll!RtlpWaitOrTimerCallout+73 FOLLOWUP_NAME: MachineOwner MODULE_NAME: ntdll IMAGE_NAME: ntdll.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4d00f27d FAILURE_BUCKET_ID: BAD_INSTRUCTION_PTR_c0000005_ntdll.dll!RtlpWaitOrTimerCallout BUCKET_ID: APPLICATION_FAULT_BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_BAD_IP_ntdll!RtlpWaitOrTimerCallout+73 WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/explorer_exe/6_0_2900_5512/48025c30/unknown/0_0_0_0/bbbbbbb4/c0000005/077444f6.htm?Retriage=1 Followup: MachineOwner --------- Hope this helps. You could try searching on some of the entries. Nothing stood out to me as identifying the culprit here, but I'm not expert at interpreting debug logs either!

OK the youtube crash bug is fixed and commited by backing out a patch that is backed out in mozilla.

I have the ugly white corners with Aero7X Reset theme. Is there any way for a fix?

I'd rather recommend than listening to the FBI but to upgrade your very unique Brain.exe instead. It's the best anti-virus out there. The only downside is, that Brain.exe can't be bought for money and downloading it is impossible, too. It must be fed proper knowledge to grow. And then one day, you will be capable of using the old operating systems online without running into a wall. Would I recommend to average users who use their brain on other things than computers to use Windows XP and Windows 7 for example? No, because that would put them easily in danger. But if you know, what you are doing, then you'll be able to avoid the problems. Use a hardware firewall, that you can configure. Block unwanted Javascripts. Block everything, you didn't ask for. Don't click on everything that sounds like a promising help to your problems. Learn to read links before clicking on them. These things. Also consider that something like Windows XP got more secure over time, as less and less people were using it. Windows 7 is still a very attractive target for mean hackers with circa 15% market share (2020).

It's been a regular occurrence that someone new registers on the forum and asks questions about Aero Glass that have already been answered multiple times in old topics.

Sorry I was unable to relpy sooner. RLoew, You have done a great service keeping win ME(9X) alive with your ram patch, and various other programs. I think I speak for the community in general when I say, R.I.P, and your work will be sorely missed. Thank you for all your help, and rest well wherever you are now.

Too young, somehow. I know how it feels, sorta, too... my mum was affected by a heart attack around the same time last year, too. She's recovered mostly but isn't particularly in a good way either, there's still chances of it happening again... she's only 45, and I'd never want to lose her - my condolences go to Rudy's family, and everyone who had the chance to come across him some time in their lives. Even now, nine months late, and I just... I can't help but feel the need to say something, knowing how much he done for the community, and reading people's memoirs of him - not gonna lie, I'm dropping a few tears myself now... There's people who are dedicated in keeping the spirit of things alive, then he took it even further. And that's what will keep going on, we'll take it onwards and keep his legacy preserved until the end of time (or at least hopefully until the maximum year Windows 9x will be able to handle...) <3