jumper

@wimb: Win98 can't run x64 apps.

> I have PowerDVD7 set to KEX disabled and I get KernelEx - Ntdll.DbgPrint error window occurring on startup and shut down. Disabling KernelEx on an app does not disable it on submodules that are set to use a specific mode. The app needs to also be set to Override settings of individual modules. You are seeing the DbgPrint error windows now because DbgPrint is no longer a stub! The stub is still there and you can reenable it by specifying NTDLL.DbgPrint=kexbases.1 in Core.ini. This is already fixed in the next version. On the other hand, it's good to finally be seeing the error message so we can fix the underlying problem(s). What is/are the error message(s)? > I noticed that I do not ... even need kstub any longer !! Neither do I. It is still useful for testing new definitions and for working around UPX incompatibilities. > But when using a newer version of core.ini notepad 7.6.6 does not work. The default mode has changed so you need to manually set it to Win2000 (or as needed). Lowering the default mode should reduce the number of problems for new users and incompatibilities with various unofficial service and update packs.

> don't work as expected on the newer compilations Have you tried comparing app process snapshots of each setup? Use something like NirSoft's CProcess.exe to save a list of an app's process modules including version of each file in use.

What is the make and model of your mouse? There is no "top" position on the wheel, only up and down directions. The wheel is also a button, so you may now have the button taped "down". In Vista, untape the wheel, click it a few times and retest. You may need a better mouse driver (or to reinstall the current one). Google "download mouse test tool" for more help.

Wheel is stuck in scroll-down mode. USB mouse? Add a second USB mouse to the system. The first mouse will probably still cause scroll down to be stuck on. Uninstall (in Device Manager?) the first mouse and reboot. If needed try again with PS/2 mouse and with as many mice and ports as possible. Avoid hubs. Once you get a working combo, uninstall all extra mice, reboot, then reinstall original (or preferred) mouse.

@schwups - There is no change regarding IsProcessorFeaturePresent. It continues to be deactivated in Core.ini for non-NT modes. Try NT4 or W2K mode for apps/modules that need it. I'll see about creating an ITO(*) version that can be safely enabled for all modes. (*) ITO - ImportTable-Only. A "little" implementation or stub that is only used when a module won't load without it (Implicit link). KernelEx ITO functions do not resolve when delay-loaded (Explicit link) by apps probing for functions they want/hope to find. @MiKl - Yes, that message box is the new vDbgPrintExWithPrefix I just added. Thanks for posting the image--this is the very first time I've seen it (I was unable to actually test it). I'll change the ComponentID to display as hex (4294967295 is 0xFFFFFFFF or -1) and correct the va_list parameter affecting the Message text (already done, but not tested!).

I'm still working on the .21 documentation, but here's Kexbases.22 (with some docs inside) anyway: delta.22.7z - 130KB Improved debug support is the focus. Also some additions from discussions in the DIY thread. Thanks to @schwups, @roytam1, and everyone continuing the discussion here.

I don't think it will make a difference, but try "=f3e" instead. This is a clean failure. Kernel32.InitializeCriticalSectionEx returns a BOOL: 1 for success, 0 for failure. Ntdll.RtlInitializeCriticalSectionEx return an NTSTATUS: 0 for success, or error code. The parameters and action are correct, but not the return value. If Reader or KM is checking the return code, they won't know the initialization succeeded. I have already added Kernel32.InitializeCriticalSectionEx to Kexbases.22 and will post it soon.

> "webkit.exe - Entry Point Not Found" Use DependencyWalker to check both webkit.exe and Msvcrt.dll for _resetstkoflw. (answers.microsoft.com)

I see a scrollbar that isn't disabled. If that is the complete call stack, OllyDbg has a broken user interface...and either the stack trace is incomplete or you neglected to mention (among many other things) that the exception occurs at app launch before any user code is reached (in which case there is nothing to debug!).

I've never used OllyDbg, but try scrolling the Call stack window down until Called from shows the most recent call from a non-system DLL. Maximizing the Call stack window would give the best big picture.

RtlInitializeCriticalSectionEx is in Kexbases.dll; it doesn't need to be in ntdll.dll. Make sure extensions are enabled on Kexstubs.dll (BASE is best).

Debuggers must attach after KernelEx has loaded the app or plugin: In Ollydbg: File > Attach In VC5/6: Build > Start Debug > Attach to Process..." In Ollydbg: Options > Just-in-time debugging In VC5/6: Tools > Options > Debug > Just-in-time debugging Debuggers can also be manually configured in Win.ini or HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion to attach upon crash: [AeDebug] Auto=0 Debugger=C:\OllyDbg\OLLYDBG.EXE -AEDEBUG %ld %ld ;Debugger=C:\DevStudio\SharedIDE\BIN\msdev.exe -p %ld -e %ld ;Debugger="C:\Program Files\finesse.exe" -v -p %u -e %u

[Kernel32.dll] InitializeCriticalSectionEx=>Ntdll:RtlInitializeCriticalSectionEx Requires Kexbases.Ley0k or Kexbases.11 or later.

Your system should be a fresh (or well cleaned) OS install with no previous sound drivers or USP, DirectX, or KernelEx upgrades. The instructions on page 1 should work for the CT4780. Also, please read this CT4780 success story back on page 6.

The OllyDbg screencap shows the NULL pointer in EAX came from the first parameter. The code wants to check the first two bytes (WORD) of the input string for the disk designator sequence: "\\" (5C5C). Location of crash is in LoadLibraryExA_fix because LoadLibraryA_fix is: return LoadLibraryExA_fix (pLibFileNameA, 0, 0); Also, this is the last line in KM_ApiLog.txt: 4 fff78645 [XUL.DLL]02c0323a:LoadLibraryA(bfa4bb8c) bfa4bb8c is in Kexbases.dll (version 4.5.2016.20), so Kex wrapper of LoadLibraryA is called from XUL.DLL with return address of 02c0323a. Crash happens before LoadLibraryA returns. Kexbases.dll (version 4.5.2016.21) now contains a NULL-pointer check to prevent such a crash. (Note: over-explained in places for the benefit of non-programmers trying to learn.)

Check the hardware requirements. What is the exception? Does it happen at reboot or TV launch?

KernelEx 4.5.2016.21 delta.7z - 173KB KEXBASES.DLL 553,752 05-28-19 3:34a 4.5.2016.21 * ...asap... KEXBASEN.DLL 274,920 05-27-19 4:23p 4.5.2016.21 * ...asap... sheet.dll 17,408 01-24-19 3:14a 4.5.2016.19 * jumper's current version. * Known bug: [Okay] after [Apply] acts like "Undo" * Tip: Match "Disable KernelEx..." with "Override settings..." for best disable CORE.20i 10,136 06-11-19 3:40a 4.5.2016.20i * core.ini for use with .20 and/or .21 DLLs * supports all legacy modes

Which MSFN theme and browser are you using? And what desktop resolution are you using? If 1600x1200, try windowing the browser to about 800x600 and then slowly enlarge it first horizontally, then vertically. You can also try switching themes and disabling javascript.

> MaxPhysPage=3E6FF (or change value accordingly If it already exists, do we use the higher or lower of the two values? (Are we trying to increase or limit this system setting?)

Did you try googling "ERD 2003"? Adding "site:msfn.org" finds many threads on that subject.

> I finally got to look at debugging. There is no errors with DW for AdvSplash.dll or any other file. How did you determine that SetLayeredWindowAttributes not exported from User32.dll and stubbed? by KEX was the problem? AdvSplash.dll can't be profiled directly in DW, it must be done indirectly by profiling KMPlayer.exe. Method 1 directly identifies SetLayeredWindowAttributes. SECUR32.DLL is missing some functions; Kexbasen forwards them to Unicows.dll, but some are just stubs. They seems to be present in DIGEST.DLL, MSAPSSPC.DLL, and MSNSSPC.DLL. Does everyone have all of these DLL's? Which DLL should we use and what functions should we forward to it? KTree and DW can be used for this investigation.

rtfreesoft.blogspot.com

Investigating... > ffox10_98SE.thumb.PNG Haven't seen results like this. I'll retry firefox-10.0.12esr-rayflood-win32-vc8e (it's been a few years). > ffox10_98FE.thumb.PNG Looks good--must be something in the SP 2.5.8 water. The missing ellipsis at the end of the first tab (should be: "in 201...") can probably be fixed with a font update. > kml74olly.thumb.PNG I think this is the first report of someone trying KG74 on 98fe. Unfortunately, OllyDbg didn't pick up the function names from the Kexbases debug info (GoBug does). The crash is because LoadLibraryA is called with a null pointer instead of a filename string, resulting in the page fault in LoadLibraryExA. I can update LoadLibraryExA_fix to check that parameter before using it, but that won't solve the underlying problem. Because of 52Ch bytes of local variables, the stack dump doesn't show the return address. It would be nice if the crash dialog also showed the call stack or even an [ebp] dump. (Dr Watson dumps do, but I always have trouble deciphering those or even getting DrW to capture the crash.) OllyDbg probably can display the call stack, but it isn't in the screenshot. > KM_ApiLog.7z Call to LoadLibraryA confirmed. Profiling in Depends might also confirm the NULL parameter.

In February 2018 I was able to surf simple websites with KG76 on 98se+Kex..19(pre). The main problem was all menu text truncated to one character (unicode strings not getting converted to ansi). After a few weeks it seemed to get stuck in offline mode--maybe a iphlpapi issue. Only this January (2019) did I start testing KG74. It works pretty well on older websites or with js disabled (and sometimes on newer sites with js enabled). Error console is okay. What are ExExceptions and "xul page"? Have you tried RoyTam's FF3.6+tls1.2 build?