Goodmaneuver

Kstub825 ordinal addressing only works up to 1008 for me. See picture.

Your inferred assumptions are incorrect. There is little or no benefit from using more than one Kstub then and it is not the sort that creates the issue. Having ordinal functioning in Kstub is a good improvement but I would like to see ordinals implemented into Kstub824 without the other changes that were implemented creating Kstub825. Assuming that you are talking about kstub modules only I understand. It seems ktree is only guessing where kstub loads the redirection of APIs or does kstub need a free range of memory just below its base address. Cisco Systems made a GINA module that is completely compatible with WinMe. It is called CSGINA.dll and a web search will find a download. Rename it MSGINA or tell registry that MSGINA is CSGINA in system KnownDlls. MSGINA will load every time the OS goes to restart or shutdown.

Bing home page has returned today. Occasionally the image is taken off it seems, I sort of forgot, it has happened before.

Kstub825 is good for use singularly ie one kstub.ini but when strung together with many kstub.inis the amount of kB of legitimate entries that can be placed in each kstub.ini has to be reduced. Roughly 8k each for 7 linked kstub.ini and gets less and less the more kstubs.ini that are in use. Kstub824 does this to a lesser degree and I am able to use 18kB with 8 x kstub.ini but it will stop KernelEx from functioning if using over 23kB roughly in each. Strung together or linked means using more than one kstub in core.ini. What do you think of the duplication of addressing in last post. The maximum address is close to the preferred base address of Kstub824 which is 0x19980000. That is an improvement to the sort but it still ignores the underscores. See picture. Excel places precedence of underscores over alphanumeric characters. Sorting will need to be done manually as no software that I know obey the question mark then numbers then uppercase then underscore then lowercase sort. Remember numbers come before question mark in ASCII character order. A special character is one that is not considered a number or letter.

I have duplication of addressing shown in Ktree. Is this a correct phenomenon? See picture for example. Has Kstubs got a limited range of memory it can allocate? Max address as shown in Ktree is 0x19881dc7 and Min is 0x02371bd8. I have Kstub825 in use with Kstub02 and Kstub08. If I use all Kstub824 modules I get 7x duplication of the same address shown in Ktree where as using the 2x Kstub825 modules I get only 4 duplicates. The duplication occurs at the maximum addresses. If I use all Kstub825 modules then KernelEx is broken and does not work as explained before :- the size limit of the INI files needs to be reduced with a stringed sequence of Kstub825s.

Over the last few months I have been experimenting with 4.5.2 with the emphasis on non-stubbing. Started with exact same OS build as I had for KernelEx25. Kstub825 behaves correctly with this arrangement as far as not mixing up User32 with Uxtheme. It came back again and only happens with UnregisterTouchWindow and Userenv module is named by Kstub825 log also as having UnregisterTouchWindow redirection. Using Kstub824 for months and it does not happen. The size limit of a stringed Kstub825 as mentioned before still remains. I have included a screen shot of address order of part of NTDLL. A simple Bubble sort did not use an algorithm that recognized special characters. This is what Dependency Walker uses to sort out the functions in order. It ignores the underscores. This is why I mentioned list string compare lstrcmpi as a sort method which uses a word sort. If your statement is 100% correct than I have the Kstub.ini not sorted correctly. Looking at my picture and the reverse address sort would be ZwWaitForsingleObject _Clpow __isascii __iscsym __iscsymf __toascii _alldiv So this is a correct sort as Ktree shows? I used to sort with MS Excel and have recently sorted having underscores precedence over uppercase and lowercase but Ktree says question mark then numerals then uppercase then underscore then lowercase. Sort orders can vary where numbers are before symbols for example?

Today the Bing home page background image download has stopped working with IE6. http://www.bing.com/?scope=web&FORM=Z9LH With IE6 Bing said it was here for life. Last night I had the baby Eurasian beaver displayed on my desktop and today there was a blank screen. Lets hope that it is just a problem with the image and the desktop Bing home page returns.

Using KernelEx Verify.exe make sure the message window says "KernelEx has been successfully installed and is now enabled for all applications". If not reinstall 4.5.2 with it enabled. The Singularly Listed functions do not need stubbing. Using 4.5.2 + Kstubs with later KernelEx.dll, these Kstub entries work. Do not confuse SL with LS, use entries as shown. GetSystemWow64DirectoryW=>KERNEL32:GetWindowsDirectoryW HeapQueryInformation=>KERNEL32:HeapSize InitializeSListHead=>KERNEL32:MapHModuleLS InterlockedFlushSList=>KERNEL32:UnMapLS InterlockedPopEntrySList=>KERNEL32:FreeLSCallback InterlockedPushEntrySList=>KERNEL32:AllocLSCallback QueryDepthSList=>KERNEL32:GetLSCallbackTemplate

Kstubs825 does not behave properly as it confuses User32 with Uxtheme as see in the Kstub07.zip. Evidence in upload zip and Ktree11 picture. As can be see in picture that there is no reference to Uxtheme for UnregisterTouchWindow and Kstub824 in the log zip redirects all 3 Touch Window functions from their rightful caller :- User32. KSTUB07.zip

Kstub825 is good for one INI but when strung together with many INIs the amount of kB that can be placed in each INI has to be reduced. Roughly 8k each for 7 linked INIs. To make more redirects possible I have used Kstub824 up to the last one which is Kstub825 so that I can use the ordinal redirection in the last one. Kstub823 was better in certain respects as well as at the time it allowed redirecting back to MSVCRT as I explained before. The new features are much preferred though. Perhaps a Word sort lstrcmpiW would be better than a Bubble sort because of the special characters like under scores _ .

It must be that Advapi32 redirects are not logging but when I redirected in system KnownDlls Advapi32 to Advapi86 then Advapi86 is logged. The redirects for Advapi32 are working though. (Tests done on DDR3 machine only.)

Once Kstub is set to not log then set to log again it does not log again. Going from logging [#prefs#] Log=1 to Log=0 rebooting then trying to reinstate the logging with Log=1, it does not reinstate the logging. Kstub01 never returned to logging but Kstub05 did after several reboots.

There is no trouble with the large total number of active - in RAM API functions when using new Kstub825 as I have tried it without making a mistake. Thank you. I am not sure as to what you mean? By making ExKernel available for programs that only work as seen below with MIN setting cover all of your statement? [MIN] contents=std desc=Minimal load help (subsystem + KnownDlls) [MIN.names] KERNEL32.K32_NtStatusToDosError=Kstub01 KERNEL32.NtCreateFile=Kstub01 KERNEL32.NtFsControlFile=Kstub01 KERNEL32.NtPowerInformation=Kstub01 KERNEL32.NtQueryInformationFile=Kstub01 KERNEL32.NtQueryInformationThread=Kstub01 SHELL32.ILFree=kexbases.0 SHELL32.SHCreateShellItem=kexbases.0 SHELL32.SHParseDisplayName=kexbasen.0

I thought I have explained it several times. SumatraPDF did not work with 2K settings. It needs at least a 2K setting because of VerSetConditionMask and VerifyVersioninfo APIs are called. With Core.ini 24 DCFG1 works for VerSetConditionMask and VerifyVersioninfo in Kernel32. I made up another mode so that SumatraPDF will work on eBooks as you asked. Remember you changed the naming of DCFG1 to that of 4.5.2 and your [DCFG1] behaves as explained above. The (Verify Version) comment in the sheet is named BASE in the registry from [BASE] in my CORE.ini. Important: the renaming of Core.ini modes from original 4.5.2 should not be done and their order should not be changed. If more modes are to be added they should be placed at the bottom of Core.ini. If not adhering to this and settings of these modes are changed your OS will change behavior in an unexpected unpreferred way.

Starting with this link https://msfn.org/board/topic/157173-kext-diy-kernelex-extensions/?do=findComment&comment=1228984 then you said to investigate why and place BASE names into DCFG1 but it should have been place from NT2K into DCFG1. What is the significance of five times max per issue by the way? It is the addition of KERNEL32.GetVersionExA=kexbases.5 that is the trouble. I assume you have downloaded CORE_8.zip. In this Core.ini the mode displayed by the sheet will be BASE (Verify Version) Verify Version I am using on Explorer and the addition of that one line KERNEL32.GetVersionExA=kexbases.5 not only stops the SPDF it also stops MSSQL server 7. I made Verify Version equivalent to 2K here GDI32.GetCharABCWidthsI=kexbasen.0 GDI32.GetRandomRgn=kexbases.0 GDI32.GetTextMetricsA=kexbases.0 GDI32.GetWorldTransform=kexbases.0 GDI32.ModifyWorldTransform=kexbases.0 GDI32.SetGraphicsMode=kexbases.0 GDI32.SetMapMode=kexbases.0 GDI32.SetWorldTransform=kexbases.1 KERNEL32.CreateIoCompletionPort=kexbases.0 NTDLL.LdrUnloadDll=kexbases.0 NTDLL.RtlGetVersion=kexbases.5 NTDLL.RtlVerifyVersionInfo=kexbases.0 KERNEL32.GetVersion=kexbases.4 KERNEL32.GetVersionExW=kexbases.5 KERNEL32.VerSetConditionMask=kexbases.0 KERNEL32.VerifyVersionInfoA=kexbases.0 KERNEL32.VerifyVersionInfoW=kexbases.0 and Explorer using Verify Version and MSSQL server is working and SumatraPDF3.2 is set to Verify Version and it still works with 2K settings but add KERNEL32.GetVersionExA=kexbases.5 and no good. I then just had KERNEL32.GetVersionExA=kexbases.5 by itself in Verify Version setting and I get Explorer made an error in unknown.

Verify Version is probably not worded real well but it was discussed in Kext: DIY KernelEx extensions where I first posted this info about DW but it was shifted here to a new topic.

I did not practice what I preached when making the proposed CORE.ini. Windows XP SP2 needs to be WINXP mode. Must be done and I will again upload a better CORE_8.zip. It is similar to latest CORE.ini but does not change original mode naming.

GetCharABCWidthsI was inherited from DCFG1 so it makes sense that GetCharABCWidthsI=kexbasen.0 needed to be added; I forgot again. If not added it made the green KEX initiating error in DW log when GetCharABCWidthsI was called and was missing. The green errors means that KEX was not working/initiating. It depends on the order of std,kexbasen,kexbases,kstub01,kstub02,kstub03,kstub04 what DW green initiating error comes first in the DW log.

It did not matter about that module, it was more of an experiment. It was MSXML from WIN8 and I am using latest WIN7 MSXML which registers no problems. I will send in a failure of an unexpectancy soon as I am working on the concept that because Verify Version needed GetCharABCWidthsI=kexbasen.0 added then perhaps kexbasen.0 and kexbases.0 is not default and will need to be added throughout where applicable. It might be a while though. I will do my best. .

After mentioning all this, if the sequence of the std,kexbasen,kexbases,kstub01,kstub02,kstub03,kstub04 in CORE.ini is altered then ADVAPI32 error returns and won't be good again if placing CORE.ini back as it was.

https://msfn.org/board/topic/183930-dw-has-trouble-hooking-advapi32-and-gdi32-on-ddr34-systems-with-many-kernelex2016-app-settings/?do=findComment&comment=1235306 This link is to the above post of mine. It turns out that it is quite specific I accidentally made a duplicate of [KERNEL32] RtlCaptureContext=>MEDLL: (MEDLL is my renamed RADMIN32. The MEDAL option). It is necessary to do this to stop the DW ADVAPI32 error. In [MEDLL] I have RtlCaptureContext=>KERNEL32:GetTreadContext. It is not necessary to have the the [MEDLL] redirect there to get the ADVAPI32 error to go away though. I tried for hours to see if ADVAPI32 error would go away but it did not. It went away when I placed in the duplicate of RtlCaptureContext redirected to MEDLL. It went away straight away after reboot. The GDI32 CRC read error is unrelated though and still occurring. The original fix did both fixes on 2 different builds at that time. Since then the build I am working on is a bit more complex.

I deleted many lines in Ksub01 at the top. They were only locale name to LCID and LCID to locale name functions. I then opened several programs but no new different APIs were listed in Kstubs. When you said we have to find definitions, is that really true, or can we use Kstubs for redirection like I am doing. KSTUBS.zip

The log file for Kstub01 has not updated since 8th January 23 so this is suspect. It is 64kB in size. The other ones have updated 13th January :- today.

It was early days with this and one other thing that has to be ensured. If redirecting to RADMIN32 from KERNEL32 then the redirects have to be redirected to a renamed RADMIN32 otherwise these DW errors come back. The MEDAL idea is discussed in DIY KernelEx extensions. I think this statement is correct but I was confused when a module would not pass the register test which prompted me to alter this post. I might as well print the register results from DW. KernelEx stopped working while registering.

No Kstub log does not show it.