Jump to content

jumper

Member
 View Profile  See their activity

  • Posts

    1,991

  • Joined

  • Last visited

  • Days Won

    8

  • Donations

    0.00 USD 

  • Country

    United States

 Content Type 

Everything posted by jumper

  1. jumper
    If it's a full driver, identify the subset of headers and link libraries needed. Include them directly into your source package. Once working, replace them with open-source versions from Wine or ReactOS. (Check for availability first!) If it's a mini-driver, the framework might not be available as open-source.
  2. jumper
    I found my complete FineSSE project from 2011 including a well-tested but unreleased version 30. It includes support for CC/Breakpoint and can be extended for other continuable exceptions. I also began a version 31 in 2013 that starts to add a process picker for easier attachment to any running process. For now, I'll create a version 32 from v30 that also handles exception 0x406D1388 (Name thread). I don't plan to support locales other than the system (maybe user) default at the app-level by either name or ID. There are name constants: LOCALE_NAME_INVARIANT LOCALE_NAME_SYSTEM_DEFAULT LOCALE_NAME_USER_DEFAULT and ID constants: LOCALE_INVARIANT LOCALE_SYSTEM_DEFAULT LOCALE_USER_DEFAULT that I can use to fake/minimally implement the locale API's. (See LOCALE_INVARIANT.) KernelEx already has LCMapStringW, GetLocaleInfoW, and CompareStringW so I'll see how those are handled. The InitOnce functions need more study, but can be redirected to ReactOS for now. My WinME system is SSE-only. Which browser should I try testing with?
  3. jumper
    Correct. "Exact Audio Copy is a so called audio grabber for audio CDs using standard CD and DVD-ROM drives." It only supports Redbook CD audio, but the drive can be any that reads audio CDs.
  4. jumper
    Aside from the heavy looping in ucrtbase and msvcp140, all looks good--v4 is doing its job. Did these runs exit silently?
  5. jumper
    Yes. The disc seems not to be compatible. Try it in a Blu-ray or DVD player to test the disc. ("Disc" is optical; "Disk" is magnetic)
  6. jumper
    I believe V4 is working and the Access Violation at 0xFFFFFFEA is just the next issue. Clear the Kstub log and run without DW. It won't launch, but we should see RaiseException (and hopefully more) in the new Kstub log and in the ApiLog window. Try with and without Kex debug mode. Meanwhile, I'm updating FineSSE to handle Continuable Exceptions and display a stack dump.
  7. jumper
    DW seems to be struggling. I used to recommend setting DW to the same mode as the app to be profiled. You can try that.
  8. jumper
    Dr.Watson seems to completely disagree with Dependency Walker: Trap 03 0000 - Breakpoint trap eax=61dd11ec ebx=bff66d80 ecx=00000028 edx=9344ecbc esi=00d08f60 edi=00000000 eip=620b1c4c esp=007cf9bc ebp=007cf9c8 -- -- -- nv up EI pl ZR na PE nc cs=016f ss=0177 ds=0177 es=0177 fs=234f gs=0000 XUL.DLL:.text+0x90c4c: >016f:620b1c4c cc int 3 Exception Code: 80000003 (hardcoded breakpoint) Exception Address: 620b1c4d (XUL.DLL:.text+0x90c4d) Depends.dll is not listed as a loaded module, but neither is Concrt140.dll. Does Dependency Walker show a handled Breakpoint Trap further up in its log (before the Concrt140 process attach)?
  9. jumper
    Yes: RaiseException(406d1388) again. Use =v4 and hope for additional debugging text from DebugBreak or OutputDebugString in the logs before the code -1 exit.
  10. jumper
    The log looks good until IP suddenly jumps to high system space. A crash dialog stack dump or Dr.Watson stack unwind would be helpful here to see where execution came from. What happened to the RaiseException error? That was the reason for trying in DW and Finesse. They don't all need to be redirected. Avoid API-MS-WIN dlls as much as possible, redirecting them to Kernel32.dll itself or other system dlls. See my API-MS-Win.reg file for details. Try using KernelEx XP-Debug mode for possibly more messages in AppLog. If already doing so, try changing IsDebuggerPresent to Kexbases.0 (0:False, 1:True) in Core.ini to possibly avoid the RaiseException errors when not profiling in DW.
  11. jumper
    The results are different: In 16 XUL does not load. In 17 it fails much later with thread 18 quitting after successfully loading WBEMSVC.dll. Were the symptoms the same? What versions of UCRTBASE.dll have you tried? Also try using KnownDLLs to redirect UCRTBASE to MSVCR140 or lower. The code at 406012 seems to just be checking for tampering in its own header, but makes no calls to UCRTBASE. 'First chance exception 0x406D1388 (Thread was named) occurred in "c:\program files\ff54_17\XUL.DLL" at address 0x0173AF59 by thread 10 "JS Helper".' -- This shows how a debugger can handle a RaiseException and continue without crashing. Mypal68 shouldn't be making that call when not running in a debugger. Try running Mypal68 in DW or Finesse.
  12. jumper
    From FF54_17.log: Shortly after XUL.dll successfully loads, Firefox.exe gets its own handle ([FIREFOX.EXE]00406012:<KERNEL32.DLL>GetModuleHandleW|400000) then makes a call into UCRTBASE.dll which tries to explicitly load another dll. That load fails ([UCRTBASE.DLL]00665edf:<KERNEL32.DLL>LoadLibraryExW|0) and so does an attempt to get a module handle (GetModuleHandleExW|0). UCRTBASE then quits by calling ExitProcess, probably after displaying the broker services error message. FF54_16.log is the same. I see no evidence of a crash--Firefox.exe appears to terminate normally. If you Profile Firefox.exe in DependencyWalker, it should show the name of the dll UCRTBASE fails to load. While the broker services error is still displayed, looking in Procwin16 at the Firefox.exe code after 00406012 might reveal what UCRTBASE api before 00669c2c was called. Also the string passed to LoadLibraryW should be findable. As for KSTUB825.log, it is full and no longer logging anything. Just delete it to start a new log.
  13. jumper
    A couple of commits in the Firefox 54.0a1 (2017-02-15) build caused crashes and were reverted in the next day or two. So try -16 and -17. And check the kexstubs log files to see which apis were called.
  14. jumper
    .
  15. jumper
    9.0.289 requires a CPU with SSE support. 9.0.47 and 10+ don't, but 10+ requires XP. FineSSE29 solves the SSE problem on Win9x, but hasn't been tested with NT4.
  16. jumper
    For FAT and NTFS drives, API wrappers could walk the path string and shorten each long folder or file name as needed. Network shares to other file systems could be a problem. Temporary environment variables and drive mappings might also be possible. I've considered these possibilities for KernelEx should the need arise, but haven't done any tests. For years I have been successfully using a function I wrote to walk a path string and lengthen each short folder or file name. Doing the opposite should be easy.
  17. jumper
    Ungoogled would be a fork, not a port. Please stay on-topic.
  18. jumper
    I'll look into it.
  19. jumper
    Haswell is not LGA775.
  20. jumper
    I replied: "Excellent. Do the same for Windows 2000."
  21. jumper
    More details from Gemini. Note at bottom: "Updates KB3034344, KB3013455, and KB2850851 specifically address critical vulnerabilities in how win32k.sys parses TrueType fonts...."
  22. jumper
    Third try by asking Google Gemini (Thinking):
  23. jumper
    Summary of first two trys asking Google Gemini (Fast): For the final updates, this number was in the high 7000s (e.g., 5.1.2600.7512 or higher). KB4500331 (May 2019): BlueKeep Remote Desktop Services vulnerability (CVE-2019-0708). KB4012598 (May 2017): Released to address the WannaCry vulnerability. Mar 2014: MS14-015 KB2939576 Critical EoP vulnerability in Win32k. (One of the final official patches) Dec 2013: MS13-101 KB2880430 Multiple EoP vulnerabilities in Windows Kernel-Mode Drivers (Win32k). Jul 2013: MS13-053 KB2850851 Remote Code Execution/EoP vulnerabilities in Win32k and TrueType Font handling. Jan 2013: MS13-005 KB2769369 EoP vulnerability in the Windows kernel-mode driver (Win32k).
  24. jumper
    Navigating from the link in post #1, FileHippo has versions 15, 12, 6 and many others.
  25. jumper
    No one suggested that change. An appropriate substitution would be FreeLibrary: it will see the parameter as invalid, set the last error, and return FALSE just as a GetNumaHighestNodeNumber stub would do. Please look up the two functions at learn.microsoft.com to see why.
×
×
  • Create New...