jumper

ImportPatcher status update: IP.35 needed several rewrites before it became stable, but now the PE header parsing code is more robust than ever. It detects UPX-compressed files and doesn't attempt to parse the invalid delay-import entries. Three types of dependencies are still not supported: import forwarders, export forwarders, and dynamic delay-loads. I've been learning a lot about export forwarders lately and if import forwarders work the same way, both of these should be relatively simple to implement. Dependency Walker uses a profiling method to find dynamic delay-loads. A future IP could add a 'Profile' option to the summary MessageBox if there is a GetProcAddress dependency. If 'Profile' is selected, it would hook GetProcAddress and launch the app. Another possibility would be to search the code section for calls to GetProcAddress and grab the addresses of the function name strings. Search again for LoadLibrary and grab those DLL name strings, then cross reference functions and DLLs.

Boot Up Floppy Seek can be Disabled for a quieter boot. Memory Hole at 15M-16M can be Disabled. Auto Detect DIMM/PCI Clk should probably be Enabled for stability until you're ready to start tweaking. Spread Spectrum can be Enabled to reduce radio and television interference. The -5v supply is reading: -61.93v

Working solution: ComDlg32.7z Place ComDlg32.dll in app folder. In <winsysdir>, copy original COMDLG32.DLL to COMDLG00.DLL. Remove any COMDLG32 redirections in KnownDLLs. Should print to printer. Print to file not implemented yet in SumatraPDF 0.9. PrintDlgExA.c source:

Great job getting Altium Designer Viewer to install and launch. I see that you are leaving the user32.UpdateLayeredWindow replacement for KernelEx to handle: [user32.dll] UpdateLayeredWindow= KernelEx only provides full functionality for a few functions. Most of its support consists of error stubs and minimal functionality to address specific issues in this or that app in response to a direct request. There does appear to be a full implementation for UpdateLayeredWindow, however. Most apps (including mine ) don't check every last error code. When an app crashes, it generally means that something critical has already failed (before the actual crash) and the app isn't going to be able to proceed anyway. It could check return codes for errors and display a friendly failure message, or it can not check and then (possibly) crash. Ironically, the system crash dialog often contains much better debugging information than the friendly messages! Many an XP app that claimed 9x compatibility has crashed on me in a similar fashion. Getting many of these apps to actually run without crashing will probably require much debugging and discussion in a new topic thread....

I tried to do too much in one big step without enough testing. The good news is that I was able to reverse the direction and get the small DLL to forward exports to all the functions in the big DLL. This shows that DLL forwarding does work in Win9x and that fwd is indeed a viable project. I've compared binaries produced by the VC5 linker of a small DLL with and without a single forwarded export and think I can account for every changed bit. I will need to do some more small tests to determine what I am overlooking before progressing to larger tests and then to updating fwd.

Plan D: ComDlgEx.7z ComDlgEx.dll ComDlgEx.reg SumatraPDF 0.9 now loads without Kex, but run with Kex to get past ComCtl32 issues. ComDlgEx.reg REGEDIT4 ;Installation: ; 1) Place ComDlgEx.dll in <winsys> folder ; 2) Copy COMDLG32.DLL to COMDLG99.DLL ; 3) Merge this file into the registry ;Uninstallation: ; 1) Edit comments below and remerge ; 2) Delete COMDLG99.DLL and ComDlgEx.dll [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs] "COMDLG32"="ComDlgEx.DLL" ;"COMDLG32"="COMDLG32.DLL" ;"COMDLG32"=- ComDlgEx.def ;LIBRARY ComDlg32 EXPORTS xyz=COMDLG99.@100 @100 NONAME ChooseColorA=COMDLG99.ChooseColorA @101 ChooseColorW=COMDLG99.ChooseColorW @102 ChooseFontA=COMDLG99.ChooseFontA @103 ChooseFontW=COMDLG99.ChooseFontW @104 CommDlgExtendedError=COMDLG99.CommDlgExtendedError @105 FindTextA=COMDLG99.FindTextA @106 FindTextW=COMDLG99.FindTextW @107 GetFileTitleA=COMDLG99.GetFileTitleA @108 GetFileTitleW=COMDLG99.GetFileTitleW @109 GetOpenFileNameA=COMDLG99.GetOpenFileNameA @110 GetOpenFileNameW=COMDLG99.GetOpenFileNameW @111 GetSaveFileNameA=COMDLG99.GetSaveFileNameA @112 GetSaveFileNameW=COMDLG99.GetSaveFileNameW @113 LoadAlterBitmap=COMDLG99.LoadAlterBitmap @114 PageSetupDlgA=COMDLG99.PageSetupDlgA @115 PageSetupDlgW=COMDLG99.PageSetupDlgW @116 PrintDlgA=COMDLG99.PrintDlgA @117 PrintDlgW=COMDLG99.PrintDlgW @118 ReplaceTextA=COMDLG99.ReplaceTextA @119 ReplaceTextW=COMDLG99.ReplaceTextW @120 WantArrows=COMDLG99.WantArrows @121 dwLBSubclass=COMDLG99.dwLBSubclass @122 dwOKSubclass=COMDLG99.dwOKSubclass @123 PrintDlgExA @124 PrintDlgExA.c This version was stable (six days). It redirected PrintDlgExA to PrintDlgA and operated as expected if the dialog was cancelled, but did not print.

I downloaded SumatraPDF 0.9 to test with, but couldn't get past the "missing export COMDLG32.DLL:PrintDlgExA" message. My system also became unstable each time I tried the extended COMDLG32, so I've removed the attachment from the previous message pending a complete design review. If it turns out that export-forwarding is an NT-only DLL feature that isn't implemented in the 9x loader...then we'll just have to extend the 9x loader! Since this method was actually something like plan C, I can still go back to plan B (direct function injection). B)

Would you have a link to that version? Only one I can find is the newer version. Search for "rdsk98v5.zip"

For the brave, here is a COMDLG32.DLL with PrintDlgExA: <attachment removed> Extract COMDLG32.DLL and ComDlgEx.dll into <system>, or put them in a test app's local folder and remove COMDLG32.DLL from KnownDLLs. COMDLG32.DLL was extended with fwd.02 (now working, not posted yet). The PrintDlgExA sources (.c + .def) for ComDlgEx.dll are included. I have high confidence in the validity of the export forwarding in this COMDLG32.DLL (Dependency Walker and PEinfo both like it). The structure translation in PrintDlgExA should be good enough to yield positive results. There were seven downloads before I decided to remove the attachment--if anyone has any results at all, please give us all a report!

Manually repackaging drivers is not easy. Any tools to aid that process would be very useful. Perhaps a repository could contain original drivers along with repackaging instructions or a config file(s) for any tool(s) used. For now, anyone who has managed to get a non-9x hardware driver to work on their 9x system, please create a topic thread containing the details (including where to download the original driver).

For years, I've been using John Lajoie's RamDisk98 v0.5, the forerunner to Cenatek Win9xMe 1.5. When programming, I redirect all project intermediate files to ramdisk, greatly speeding the build process. From the readme.txt file: RamDisk98 is a Windows port driver that emulates as fully as possible the low-level functionality of a hard disk (up to 2GB!) or a 1.44MB or 2.88MB floppy drive. The boot sector of the disk is complete enough to permit the disk to be made bootable with the sys command. RamDisk98 is the only RAM disk driver for Windows that allows you to create a bootable disk image in RAM (that I know of anyway). RamDisk98 also supports much larger disks than Microsoft's ramdrive.sys (which is limited to 32MB). The RamDisk98 drive can also be compressed using Windows DriveSpace. For RAM disks configured as hard disks, RamDisk98 can be configured to allow the user to select the drive letter. In addition, RamDisk98 can be configured to automatically load a disk image at startup and save the image to disk at shutdown. This allows the RAM disk to function almost exactly like a hard disk - no data is lost when the power is turned off! In addition, it makes RamDisk98 an ideal tool for creating disk images for bootable CD- ROMs. ... The RAM disk driver core in RamDisk98 is based upon the source code provided with Walter Oney's excellent book Systems Programming for Windows 95 from Microsoft Press. What I did was to pick up where he left off by trying to improve the boot sector initialization of the disk (and fix a few of Walter's bugs) to properly emulate a hard disk or a 1.44MB or 2.88MB floppy drive.

SYS drivers are PE files and can be updated with fwd.01: WDMAUD.SYS imports from KS.SYS; just now I was able to use fwd.01 to add two new functions to KS.SYS. VXD drivers are LE files. I don't know how their imports work, but if they import from any PE files (others drivers or DLLs) they are also supported. Or vice versa, perhaps. Actually, it looks like the two methods will be complementary. (BTW, fwd does not patch drivers, it is a DLL extender.) Dependency Walker seems to think so for KS.SYS exports (imported by WDMAUD.SYS). Or maybe those are only standard exports. Where might I find documentation for "WDM Exports" so I can add support?

MSDOS.SYS Complete Reference Table MSDOS.SYS [Options] BootWarn=0

The number of export functions in a DLL is usually the same as the number of export names. Fwd.01 adjusts all the pointers correctly if this is true. Comdlg32.dll has one more function address pointer than name address and name address ordinal pointers, thus the current issue. Fwd.01 is also limited by the amount of slack space in the logical section following the existing export table. These two issues will be addressed in the next version. In addition to providing an API expansion solution that is complementary to KernelEx for applications, it should also be complementary to WDMSTUB for drivers.

fwd: DLL forwarder For inserting new exports into a primary DLL that forward to a secondary DLL Also: Correct the Link Checksum of any PE file fwd.03.zip Features: Displays Export Table and corrects Link Checksum of primary DLL or PE file. Adds forwarders to the primary DLL for all functions exported by name from the secondary DLL. Original primary file is backed up if changed. TimeDateStamp and MinorVersion fields of IMAGE_EXPORT_DIRECTORY are bumped by one per function added. Usage: fwd primary.dll [secondary.dll] Outputs:primary.dll, fwd.log, primary.<nnn> Notes: For drag-and-drop launching, select one or two DLLs and then drag the primary onto fwd.exe. For SendTo launching, select one or two DLLs and then right-click on the primary DLL. To do: Expand size of physical section containing export table when needed. Append ".DLL" to filenames when needed for easier command-line launching. Dialog box for interactive selection of functions by name or ordinal, with renaming option. Older versions:fwd.01.exe fwd.02.zip

I've been working hard on this problem and should have a major announcement by tonight (bigger than just PrintDlgEx). <edit>Today didn't go as planned and I've been away from my computer all day. So here's a sneak preview: fwd. </edit>

Perhaps we should consider a bi-level development effort that include a heavy-duty build environment for the maintainer(s) (or anyone wishing to do a full build), and a light-weight development system for contributors. Has anyone used LCC, Lcc-win32, or Pelles C? Actually, any language could be used for contributed modules. Any compiler/linker that can produce a PE32 DLL would do. The core would just need to be modified to scan all DLLs in the KernelEx folder for a function before using an internal stub or failing.

MSDN - Using Common Dialog Boxes Displaying the Print Dialog Box Using the Print Property Sheet HRESULT WINAPI PrintDlgExA (PRINTDLGEX *pPdex) { PRINTDLG pd; pd.lStructSize = sizeof(PRINTDLG); pd.hwndOwner = pPdex->hwndOwner; pd.hDevMode = pPdex->hDevMode; pd.hDevNames = pPdex->hDevNames; pd.hDC = pPdex->hDC; pd.Flags = PD_USEDEVMODECOPIESANDCOLLATE | PD_RETURNDC; // pPdex->Flags; pd.nCopies = 1; pd.nFromPage = 0xFFFF; pd.nToPage = 0xFFFF; pd.nMinPage = pPdex->nMinPage; pd.nMaxPage = pPdex->nMaxPage; pd.nCopies = pPdex->nCopies; pd.hInstance = pPdex->hInstance; pd.lCustData = 0; pd.lpfnPrintHook = NULL; pd.lpfnSetupHook = NULL; pd.lpPrintTemplateName = pPdex->lpPrintTemplateName; pd.lpSetupTemplateName = NULL; pd.hPrintTemplate = NULL; pd.hSetupTemplate = NULL; if (PrintDlgA (&pd)) { pPdex->dwResultAction = 1; // Print //pPdex->lStructSize; //pPdex->hwndOwner; pPdex->hDevMode = pd.hDevMode; pPdex->hDevNames = pd.hDevNames; pPdex->hDC = pd.hDC; //pPdex->Flags; //pPdex->Flags2; //pPdex->ExclusionFlags; pPdex->nPageRanges = 0; pPdex->nMaxPageRanges = 0; pPdex->lpPageRanges = NULL; pPdex->nMinPage = pd.nMinPage; pPdex->nMaxPage = pd.nMaxPage; pPdex->nCopies = pd.nCopies; //pPdex->hInstance; //pPdex->lpPrintTemplateName; //pPdex->lpCallback; //pPdex->nPropertyPages; //pPdex->*lphPropertyPages; //pPdex->nStartPage; } else { pPdex->dwResultAction = 0; // Cancel } return 0; // S_OK; } I haven't researched and doubled checked every field yet--some are guesses. What am I missing before I try to compile it? Does anyone know if PRINTDLG is packed? If so, all DWORDs after the five WORDs are misaligned!

As previously mentioned in the SP3 thread, six files in SP3 contain references to PrintDlgEx: - tweakui.cpl, hypertrm.dll, mfc70.dll, mfc70u.dll, mfc71.dll, mfc71u.dll Dependency Walker reports "Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module." in all but hypertrm.dll. I've searched all my local exe and dll files and can't find any meaningful references to PrintDlgEx other than in mfc7*. I'm searching now for references to mfc7--if I don't find much, it might not be much of an issue for apps that don't otherwise need Kex. mfc7 references found in: - video2smv.exe / smv.dll - SUPERsetup.exe - vdm_free.exe - avformat-52.dll (ffmpeg) I'm on my way out the door right now--I'll post translation code for review tonight.

I've removed NT Services from the wish list. If anyone wants it back on, they'll need to be very specific about what feature they want to see and very persuasive as to why it can only be implemented as a service.

Patching the KernelEx stub does nothing for those who don't use KernelEx. Having the KernelEx stub source is only useful if I do recompile it. The safest and most efficient strategy would be to recompile rather than patch KernelEx. Since I'm still working on getting KernelEx to compile, I should probably finish that step first.

Several weeks ago I was investigating this exact problem. PrintDlgEx uses a new PRINTDLGEX parameter structure that is incompatible with PrintDlg's new PRINTDLG. If we can implement an even semi-functional PrintDlgEx, it would probably go a long way towards solving printing issues in many new apps. KernelEx currently has a stub for PrintDlgEx that just returns an error. That stub could be rewritten to call PrintDlg, translating between parameter structures. I think I can patch comdlg32.dll to export PrintDlgEx instead of PrintDlg and inject the needed translation code into the existing function. This patched version would no longer export PrintDlg, so would have to be stored local to the app (not in <system>); or it could be renamed comdlgex.dll and apps would need to have their imports patched to access it. I have also been considering ways to inject the needed translation code directly into the calling app. Another possibility is to redirect the call, not to PrintDlg, but to the custom print dialog of another (MS?) app. If we can find one that uses the new PRINTDLGEX structure, that would be ideal. Research in this area would be very helpful MSDN: PRINTDLG typedef struct tagPD { DWORD lStructSize; HWND hwndOwner; HGLOBAL hDevMode; HGLOBAL hDevNames; HDC hDC; DWORD Flags; WORD nFromPage; WORD nToPage; WORD nMinPage; WORD nMaxPage; WORD nCopies; HINSTANCE hInstance; LPARAM lCustData; LPPRINTHOOKPROC lpfnPrintHook; LPSETUPHOOKPROC lpfnSetupHook; LPCTSTR lpPrintTemplateName; LPCTSTR lpSetupTemplateName; HGLOBAL hPrintTemplate; HGLOBAL hSetupTemplate; } PRINTDLG, *LPPRINTDLG; MSDN: PRINTDLGEX typedef struct tagPDEX { DWORD lStructSize; HWND hwndOwner; HGLOBAL hDevMode; HGLOBAL hDevNames; HDC hDC; DWORD Flags; DWORD Flags2; DWORD ExclusionFlags; DWORD nPageRanges; DWORD nMaxPageRanges; LPPRINTPAGERANGE lpPageRanges; DWORD nMinPage; DWORD nMaxPage; DWORD nCopies; HINSTANCE hInstance; LPCTSTR lpPrintTemplateName; LPUNKNOWN lpCallback; DWORD nPropertyPages; HPROPSHEETPAGE *lphPropertyPages; DWORD nStartPage; DWORD dwResultAction; } PRINTDLGEX, *LPPRINTDLGEX;

VidEdit (search for videdit.zip)

MS intended NtQueryInformationProcess to be an internal function for OS use only. Their tools don't let us static link to it, but they do. NtQueryInformationProcess provides process and thread details that cannot all be obtained through other APIs. As NtQueryInformationProcess is not available on 9x (and can't be simulated) any DLLs (or apps) that call it should be avoided! In your case it appears to be the version of ntdll.dll you are using that is the one to be avoided. If you really must use this version for a given app, unregister it from "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs" and put a copy of the dangerous version directly into the folder of any app that really needs it. The version in <system> should be a 9x-safe version! Also, KernelEx comes with a version of USERENV.dll; try copying it from <windir>\KernelEx to <system> to resolve that missing dependency issue.

I would open the file and map it as an array of dwords (using an existing function). If the data was presorted, a simple binary search would quickly find the count. Otherwise you're right, 73KB would still be too big for the PrivateProflle functions: Each line in an INI file would need one byte for the '=', one byte for the count, and one byte for the EOL marker. That leaves less than one byte for the name/hash/crc string! We might be able to get to 24 bits if we can: get below 16k functions by removing those with the most common count (1 or 2 maybe?); that count would become the default for functions not found group functions into sections and reclaim the '=' and <count> bytes. Early versions of ImportPatcher could batch process multiple files. When I added INI support, I found SE wasn't letting me access multiple PrivateProfile INI files. Once I picked one, I had to stick with it. So I dropped batch processing. Unless I can figure out how to easily work around this issue, even a single INI (in addition to the main #.ini) might not be an option. I don't think NtQueryInformationProcess can be static linked to--no import library for it. Though for completeness, a good idea to add it. Thanks.