jumper

Right. The opcode is 59hex, the instruction is POP ECX. But we're not interested in that. Stay focused and tell me about the call.

Did you spot my typo? The address in the stack dump we are investigating is actually BFA01F2A. If that is (hopefully) a return address, we want to know what the call was. Run Winproc16 on any system. Select MPREXE in the process list on the left. If Kex is even partially running, you will see KernelEx.dll in the module list on the right. If not, select process PROCWIN; find and load KernelEx.dll with File>Load a Dll; move aside but do not dismiss any popups. Double-click on Kernelex.dll for module details. In the code tab, do we see what we were hoping for?

Install FineSSE or DrWatson so you get a Debug option in crash dialogs. I need you to identify the problem startup item. Disable all items individually or in batches until you can get to the desktop. Or disable them all, then run them manually from the desktop.

@Goodmaneuver - Take a deep breath. We are not going to debug. We are investigating. Please stay focused and respond with only the exact information I request. You know about load addresses. In what module is bfa01fa2? @schwups - Are you also using Nvidia apps? If so, disable their auto-start and see if you can get to the desktop.

KU211221.7z updated .25 refresh Kexbasen Kexbases fixed Kstub824 dll+ini KexVista Core.25h to fix some more issues Core.24a fallback example KernelEx.dll v.25 to match, but not new 3 additional files for IE9 and 360ee support Tools ImportPatcher 42 - Test and patch PE imports Ktree 11 - View KernelEx API's - New: choose and save font ProcWin 1.6 - View running process image detail w/disassembler Minisnap 5 - Displays module versions and KernelEx modes for each process Kexports/Exports 5 - List Exports as .ini or .def

My previous response was for schwups, but looking at your logs I see bfa01fa2. This is our best clue. Investigate.

> The installer of 4.5.2 doesn't register these files as Kex knowndll's. It registers them as shell and com extensions. On hang, is there a Debug option? Do you have a debugger installed? Try disabling auto-start apps. Try modding core.ini to use the NtClose alternates. (I'll do this in the update).

7d011b65 push ebp Stack overflow/frozen. Error message and stack dump would have been useful.

If that's the Rundll32 initial report, determine the command line and reproduce the error while profiling and logging. From the initial report, it appears to be a bad pointer in Kexbasen passed from jemalloc to EnterCriticalSection in Kernel32. Also a stack leak unless Kernel32 is somehow calling back into Kexbasen. Only Sheet and Kexcom need to be registered.

Only those three that are invoked need valid definitions. Save space and reduce typo risk by not repeating the function name after the colon. The last = is an artifact of using the private profile APIs for logging. The first = is put there to balance it. Ignore them. Split the definitions by using multiple copies of Kstub824. Right-click in ApiLog console window to modify settings.

Using numbers is a simple way for KernelEx.dll to enumerate all active modes and also for Sheet.dll to order the menu items. Yesterday I noticed setting a mode below the first gap didn't stick. If KernelEx.dll isn't recognizing modes below the gap, it will use the default instead. I'll debug it later, but eliminating gaps avoids problems for now. Filling them with <nn>=. works. Just checked: Core.20i has 0..46, no gaps.

Also include K*stub* in the Vista and other contents= if needed. Retest Xpcom.dll with ImportPatcher set to Vista. Also Xpcom_*.dll

Core.ini ApiConfigurations need to be renumbered without gaps in the sequence. This should reenable the legacy modes. I will refresh the package with that fix, a version-matching Kernelex.25, and also the Core.24 that got left out of the v24 package.

KernelEx v4.5.2016.25 updates.7z Readme's inside.

Start by doing a Google site search for "missing" to find previous detailed answers to this request.

Check again....

Black list dePo ApiLog messages are formatted so [ < ( = can be used in powerful case-sensitive filtering. Use Procwin16 to disassemble at EIP. What version of Msvcrt is failing to load? Make sure you have an appropriate mode set on it.

Well, yesterday I had to install Firefox as MSFN became completely unreadable in all other browsers on my Android 8 phone. So I'm glad Mozilla still exists.

> EAX=00000000 ... SP=03effd6c Endless retrying to call a function that fails could mean a thread that is spinning instead of yielding. If the instruction at IP accesses a stack variable, that would confirm a stack problem. Try increasing the stack commit value in the exe's pe header. Also use apihook to check for the last call handled by KernelEx. Profile in Depends to see failed module loads.

When posting screenshots make sure important details are readable. EAX, EBX, ECX = 00000000 often means the previous call failed. ESP = 02c8fc74 - the f often means stack overflow or failure of the virtual memory manager to grow the stack by paging in the next stack page.

Not helpful. Please reread and try again.

Nice to know, but not the same. Does declining load of all drivers still work? Remove the new NIC or disable it in BIOS. Also disable Wake on LAN. A device doing that might also try to sleep on no lan activity.

When having problems, don't install a newer DX9 than the video drivers were officially tested with. For 77.72 this means June 2005.

> Load all Windows drivers? [N] Uninstall all new drivers in reverse order going back several weeks before you noticed the problem. Alternately, restore a working registry.

System error at app load, or app error later? 64-bit Vista, app, and Dbghelp?