Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country


Posts posted by Xeno86

  1. @dencorso: A patch would not work for eight character identifiers since the program cannot be patched if it cannot be compiled. It could only be used to fix the padding issue.

    With all due respect, of course it would: when the 8th character is a space, one patches 0x00 to 0x20. But if there are 8 characters, it's simply a question of using an incomplete 7 characters string at build time, and then patching the final 0x00, added by C++, with the right value for the 8th character. :w00t:

    Yes, but that would require generating a separate 7 Character string when the Identifier is 8 Characters. That would defeat the purpose of using the util.h Macro as is. It would also require specifying the eighth Character to the Patcher.

    VMM.H defines these Macros also, but Microsoft specifies a separate "quote_name" argument in addition to using a "name" argument.

    OMG. What is the problem? The driver works as is... so why patch, why bother?

  2. KernelEx does build properly under both Windows 98 SE and Windows 7 Pro x64.

    Just follow the instructions here:


    No virtual machine is needed.

    Autoexec.bat changes aren't needed. Just set up the paths correctly inside VC6!

    VC6 is 100% compatible with Windows 7 x64.

    The guide applies to vanilla v4.5.2 only, cannot warrant that it will work with 3rd party mods.

  3. Drugwash,

    While I've added these files to repository a couple of days ago to the repository I didn't update source code packages which I'm correcting now.

    I've just updated source code distribution on SourceForge to include the files in question.




    KernelEx.sdb is a special database containing Microsoft Installer (MSI) transform files. These files allow the system to modify the MSI files on the fly so you don't have to mess with Orca by hand, eg. remove VersionNT dependencies.

    Having that said, KernelEx.sdb needs to be recreated only if new transforms are added.

    Currently there are transforms for:

    • Google Earth 5.1
    • Google Earth 5.2
    • Google Earth 5.2.1
    • Google Earth 6 beta
    • Office 2007 File Format Converters
    • Word Viewer 2003
    • Excel Viewer 2003
    • Office 2003 Professional
    • Acrobat Reader 7

  4. This just ensures me that I did a good thing by leaving the 9x scene. People are so angry and disrespectful for your work that it's actually a pain to read all that stuff. You got all the system enhancements for free and open sourced and I never asked for money. What do I get in return? Swears, disrespect. And all that not for the first time...

    What I've learned is that people shouldn't receive anything for free because then they don't respect the stuff they get.

    Sad but true.

  5. You haven't been on the scene in a while. What do you expect, people to chase you down when you don't want to be found. You abandoned your project that was originally created by LLXX regardless if you rewrote it from scratch. She was and will always be the founder, like it or not. You chose to quit, now you want the praise. Sit your young @$$ down and develop for Win 7 and Win 8 because you are not worthy to speak on Win9x.

    Say hello to LLXX. Rule #7.b

    Just to clarify and clean my name. LLXX didn't influence my work. Ever. And I didn't base my code on any code originating from her.

    For those who don't remember, the original idea for KernelEX came in 2005 from a small Portuguese project called Win98updt0001 (http://rwinds.no-ip.org/file/win98updt0001.zip) which implemented three API functions in just a few lines of assembly and my urge to run Need For Speed Most Wanted under Windows 98. Based on the success I expanded the code into first Kernel Update Project, then early KernelEx and what evolved into current KernelEx series in 2009.

    All of the work was done by my and Tihiy's research, some parts were borrowed from Wine project.

    You have absolutely no right to insult me and call me a thief because you clearly don't know the history and basic facts!

    Having that said, share with us, Hu$tle, what was your contribution to Win9x scene?

  6. Thanks all for the welcome, but don't do false hopes, because I'm still not in the project, the author seems to be inactive, so I'm not able to publish my works over SVN.

    Well you haven't made a single attempt to contact me...

    Anyway, it's nice to see some developer actually interested in continuing the project.

    While I'm not actively developing the project myself anymore, I can help in getting started with the project.

    Just PM me.

  7. >It suggests that the breadth of KernelEx application compatibility can be usefully expanded with a few added stubs.

    Rebuilding all of KernelEx just to add a stub is overkill. There should be a way to just add a small expansion dll; perhaps this is what the undocumented api was meant to address.

    I would like to see an .ini file where users can add "<module name>, <function name>, <return value>, <SetLastError value>" lines that would be loaded by KernelEx and turned into new stubs on-the-fly. (Core.ini can almost do this now....)

    I haven't tried building KernelEx yet because I'm still using VC5. My response to loblo' s little hex hacks was to create a tool to automate import table patching. Unfortunately it mutated into a full-blown dependency walker before I could get it released. :(

    I'm almost done with minf, so I'll clean up and formally release ImportPatcher next, then get to work on KernelEx.


    There is a special mechanism added in KernelEx v4.5.1 that is exactly what you might want - that is extending system API on-the-fly.

    The thing to look for is 'KernelEx API Hook infrastructure'.

    I used it specifically build a DLL to log all API calls from a chosen application to a file but you can use it to test new system APIs before applying to KernelEx API Libraries.

    What you need to do build a DLL (HOOK DLL) and export two functions:

    int kexApiHook_initonce(void)

    PROC kexApiHook_register(const char* caller, const char* target, const char* api, PROC orig)

    kexApiHook_initonce is called before any DllMain to prepare the hooks.

    kexApiHook_register is called for any API imported by the application; you get information about requesting module name (caller), the library from which a function is requested (target), the function name that is requested (api) and previous function to chain if any (orig)

    So to add a stub or whatever function you just do strcmp on 'target' and 'api' and return it from _register if you get a match.

    What is important to keep in mind is that you HAVE TO disable extensions for your HOOK DLL.

    Also you have to put a check near "Enable API Hook" in advanced properties on KernelEx tab.

    And lastly, you have to compile KernelEx Core project in "Core - Win32 Release APIHOOK" configuration because this mechanism is very powerful, dangerous and useful for debugging only, it is not enabled in shipped KernelEx packages.

    When you have working stubs or functions just submit them to me for inclusion in KernelEx.

    I've no idea if you can compile KernelEx with VC5, you can compile a HOOK DLL however with any compiler you want. Use 'ApiLog' project as a reference (hope the code is documented well enough).

  8. This is great as it looks like you are working on a bug I'm having with a stupid LG DVD rewriter, it has securedisc on it and that may be why it isn't working so far.

    I got it for $12.00, so its not a big loss if it is a bad drive.

    I thought it was just a driver issue, and I got a question to LG support(I'm still waiting for a reply.).

    If its some securdisc problem then at least I'll know what it is.

    Its acting weird, as it recognizes a CD\DVD but won't read.

    Actually, I don't think we're talking about the same thing.

    What I wanted to tell in that post is that the new KernelEx v4.5.2 *COULD* possibly conflict with some copy protection engine, which does compare in-memory file image with what it can find on disk and notices a difference.

    On the other hand previous releases, including v4.5.1 were modifying a file on disk, so in-memory image would be the same as actual file on disk.

    As I have no possibility to check all copy protection engines, I bring this to public attention, so that we can find the problem quicker.

    Hope this clarifies my previous post a bit.

    If your drive wasn't working properly with previous versions, eg. v4.5.1 and especially without KernelEx then there are good chances that it's a faulty drive problem.

    Thanks for KernelEx its a great project!

    We need more people in the world who do things to help people.

    Plus I love keeping money out of microsofts greedy coffers.

    Thank you for kind words.

    Happy user keeps me motivated and more willing to put my effort!


  9. KernelEx v4.5.2

    Release announcement

    Hi there!

    This is a maintenance release to allow running the recently released official Mozilla Firefox 8.0 build.

    Greets to aceman and felicitas for discovering the nature of the problem which prevented it from working.

    What is not working yet: recently visited addresses, history and bookmarks.


    KernelEx enters the dark world of VMM and kernel drivers.

    In this release KernelEx doesn't make any modifications to system files on disk.

    Instead all patching is done on-the-fly in memory, while the system is performing the startup via a specialized driver.

    Please report if you find any problems with copy protection-engines - like SecuROM, SafeDisc etc. that you didn't have in v4.5.1.

    What's new:

    • Added KernelEx Virtual Device (VKrnlEx.vxd) project which makes modification of kernel32.dll file on disk unnecessary by patching the image directly in memory from kernel space before the shell starts
    • Implemented a fix for a crash occuring when accessing a locked file through file mapping object
    • Some programs shouldn't complain about not having admin privileges anymore
    • Various bugfixes

    Apps fixed / now working:

    • Now working: Mozilla Firefox 8.0

    KernelEx home page: http://kernelex.sourceforge.net/

    KernelEx Wiki: http://kernelex.sourceforge.net/wiki/

    Download: http://sourceforge.net/projects/kernelex/files/

  10. That doesn't mean that nobody should work on KernelEx anymore. In fact, the complete opposite is the case. But it has to get much easier to start hacking.

    Setting up the required tools to build KernelEx isn't easy enough I think. Many old-school developers may still have VS 6 somewhere in their shelves, but most new potential developers have not. Getting the right PSDK 2003 version may also get somewhat tricky. I'm not completely sure about how we can fix that though.

    Well it's not easy to choose a proper build environment for KernelEx.

    Why not GCC?

    No native delay-loading, no SEH (try/catch) support, no PDB symbol support (can't use kernel debuggers)

    Why not MSVC 2010 Express?

    Lots of dependencies upon various msvcr100.dll functions (and we can't use msvcrt, not even static in Core), resulting binaries require post-pocessing in order to be runnable under 9x (hint: platform = 5.0), IDE and compiler can't be run under 9x itself (no self-hosting), don't know what is the compatibility with kernel debuggers

    Why not MSVC 98?

    Antique, buggy, non-free, hard to obtain, requires hard to obtain PSDK version.

    While MSVC 98 has been already outdated while I started development of KernelEx, it was more than sufficient for KernelEx needs, was easy to hack upon and compatible with debuggers, which made it a perfect choice. But, you're right that it might be hard to obtain it nowadays. The most realistic replacement appears to be new MSVC 2010 Express, but it requires some research in order to separate resulting binaries from dependencies upon bundled C-runtime (KernelEx lives mostly in shared memory and standard CRT isn't designed to work properly under such scenario, I had a lot of problems with CRT under MSVC98 that's why we have a custom minimal CRT - borrowed from Linux ;) ). GCC is easier to set-up but lacks some major features which are required, so I don't consider it as an option. Do we have any other options to choose from?

    And finally, the biggest problem at the moment: We need much more documentation about KernelEx' internals. It's absolutely possible to get to the bottom if you read the code carefully, and maybe give your debugger a shot sometimes. But it's just unnecessary. It's so much work for new developers to get the big picture about how KernelEx is working, and where they have to change what to even do something without busting their whole system. It takes at least 1-2 days even for skilled developers to get used to the code. That's a lot of time that has to be spent before they can even do anything about the actual bug. It would be so much easier if there was a simple document somewhere in KernelEx' sourcecode archive explaining the general concepts and ideas, together with some details about the concrete implementation, as you suggested.

    Well you're completely right, but as there has always been little interest in KernelEx from developers, I preferred to spend more time on actual development rather than proper docs. I'll try to find some time to fix that.

  11. Hi! :hello:

    First of all, I'd like to appologize for the lack of any signs of life from me for such a long time.

    As you've propably already noticed, there is no development currently going on KernelEx.

    While it was fun to work on the project for all those years, the time has finally come to move on and focus on new challenges.

    I'm not going to dicuss why I decided to leave the project and not to continue further development.

    The decision has been already made and is irreversible. I don't care too much whether you accept it or not.

    It's enough to say that the work on this project has always been an extreme time-eater and now I have different priorities and no time to dedicate on the project any longer.

    However, KernelEx is my creation and I don't want to just let it die and disappear.

    So... KernelEx needs your developer skills in order to survive.

    This is a call for support.

    Without you KernelEx won't evolve any further and die eventually... :(

    If there will be someone interested in development, then I will write tutorials on how to set up development environment,

    how get started and how to write new / expand existing API calls, and also describe the architecture and inner workings of KernelEx.

    What you need to dig into the project:

    • Love Windows 9x platform :wub:
    • Stong WIN32 API knowledge
    • Extraordinary skills to deduce and solve problems on your own
    • Very good knowledge of C
    • Ability to read and understand x86 assembly
    • Ability to debug assembly
    • Patience
    • Lots of free time to spend

    Please try to write answers here and not via PMs.

  12. Well, I've managed to fix my printing problems with KernelEx (4.5.1), here's how ...

    Background : I'm using a networked printer, Canon model iR-ADV-C5045. This has no W9X drivers available, however, the "Canon iR C3220 PCL5c" W9X drivers do just fine.

    1. Install the 'wintop' utility from 'W95KRNLTOYS.EXE'.

    2. Configure 'notepad.exe' for KernelEx W2kSP4 compatibility mode.

    3. Start the 'wintop' utility.

    4. Start 'notepad', type some random junk, then try to print.

    5. See what program shows up in 'wintop' after 'notepad.exe' (eg. 'cpc10q.exe').

    6. Set the KernelEx compatibility mode for the above to "disabled".

    7. Close all apps, log-off or reboot.

    8. Optionally, reconfigure 'notepad.exe' back to KernelEx default mode.



    Nice to hear that you've found the culprit of the problems.

    I've added this workaround to the repository, so if there'll be new release the fix will be included.

    Apart from that I don't see anyone mentioning recently released Opera 11.50. I wonder what is your experience with it.

  13. Also I've noticed some of you (M()zart and Spunker88) started to add some new entries to the WIKI which is nice and welcomed by me. But I've also got some suggestions for you.


    Mind checking your dictionary "user interface is c...ped" doesn't look nice in the wiki ;)


    Try to be more descriptive (VLC) ;)


    When you add an entry, try filling all entires in the infobox - including a screenshot and an icon.

    I've fixed the Infobox today which was broken since I upgraded MediaWiki.

    The list of compatible applications (Compatibility database) should now automatically update when you add new entries.

  14. Xeno86 or Tihiy do you hear me ? :D

    In space no one can hear you scream. :D

    Yeah I hear ya :D

    I'd suggest finding out which DLLs are in use by PDF printer (lower pane in Process Explorer might help) and trying to disable KEx for just those DLLs. Opera is working in Win2k mode so by default all DLLs used by it also think Win2k system and if the driver has single DLL for both 9x and NT systems (switching depending on visible system version) then it's likely it won't work coz 9x has completely different printing subsystem.

    When you last checked Opera 10.63 did you leave it in Win2k mode or switched to default? :>

  15. What is the correct process when updating KernelEx?

    Do we just un-install reboot then install the newest?

    I don't know for sure, but I installed over 4.5, rebooted as prompted and it seems to be working OK.

    Glad it's still working, still be interested to know the correct method though.

    Both methods are correct

  16. KernelEx v4.5.1

    Release announcement

    Hi there!

    Sorry for long wait folks. Unfortunately I have to confirm what some of you might have already suspected. The development of KernelEx has stalled. The release you see here is an almost unmodified version from February. I have decided to finally release it so that the work which has been done is not completely lost and so that you could benefit from it.

    This is mainly a bug fix release with an addition of new feature for developers who want to hack around KernelEx and Windows APIs.

    The update brings mainly fixes for Opera 11 and GTK application users but as usual the fixes might also help other applications.

    Developers can now experiment with monitoring or filtering APIs on-the-fly in single applications without affecting the entire system.

    What's new:

    • New KernelEx API Hook infrastructure for developers
    • Various bugfixes

    Apps fixed / now working:

    • New Opera 11 non-MSI installer now works
    • Fixed download numbers in Opera 11 not being displayed properly
    • Fixed missing checkboxes in GTK applications – Pidgin and GIMP among others
    • Fixed Google Earth 5.2 installation on non-english systems

    Please note that Opera 11 auto-update doesn’t currently work, so you have to perform the updates manually.

    KernelEx home page: http://kernelex.sourceforge.net/

    KernelEx Wiki: http://kernelex.sourceforge.net/wiki/

    Download: http://sourceforge.net/projects/kernelex/files/

  17. So if I put a clean KERNEL32.DLL into the backup folder, I will not be getting uninstall errors etc. ? If so, lovely :D

    Well the only reason to do this by hand that would be a mysterious disappearance of the backup made automatically by the installer.

    Under normal circumstances you shouldn't worry about this. Also since KernelEx 4.5 Final the backup is now persistent - it won't be removed on uninstall and won't be stored in KernelEx dir.

  18. Sorry but I must report problem with installation of new KEx: when I've tried to do that, I've got message:

    "Error: Failed to open backup file C:\Windows\Sysbckup\Kernel32.dll.

    Possible causes: previous version not uninstalled correctly or file has been deleted.

    Restore C:\Windows\System\Kernel32.dll manually from install media".

    It doesn't matter if I have previous version of KEx installed or not.

    This basically means that the previous uninstallation of KernelEx wasn't 'clean' and kernel32.dll wasn't unpatched.

    The common cause is KERNEL32.BAK file being deleted. The uninstaller is designed to not complain if it can't revert kernel32.dll modifications.

    By previous uninstallation I mean any of KernelEx 4.5 RC1 through RC5 because al these releases shared the same patching scheme and they could detect that file has already had compatible patch applied and didn't complain, even when there was no original kernel32.dll.

    KernelEx 4.5 Final uses different patch because of changes made to the installer. The backup of kernel32.dll is no longer stored in KernelEx directory, instead it's now stored under C:\WINDOWS\SYSBCKUP\KERNEL32.DLL so it won't be accidentally deleted by cleanup tools or user. The file stored under SYSBCKUP is always original (unpatched) file.

    I've got the same message. After restoring kernel32.dll the setup runs.

    In my case installation was stopped (cancelled).

    When I've uploaded kernel32.dll to Sysbckup directory, I've got message:

    "Error: subsystem_check: pattern not found".

    This is not the way it works as you've already noticed :rolleyes:

    Don't try to outsmart the installer :sneaky:

    If it says it needs a file from install media it acutally means it.

    should I just un-install the old version then re-boot and install the new?

    I would say that you MUST uninstall KernelEx before installing the new version,

    because it is patching the KERNEL32.DLL and making first a backup of the original file in his folder (KERNEL32.BAK in directory %WINDIR%\KernelEx).

    If you do the new install 'on the top', the backup will be of the former patched file,

    and the original unpatched file would be lost (to be able to restore it, in case of problem).

    The installer has the ability to upgrade any version of KernelEx from 4.0 RC1 onwards, it will use the backup file wisely and nothing shall be lost.

    It is smart enough to not let you shoot yourself in the foot. Eg. it won't allow double install without reboot or uninstall and install without reboot.

    Acutally the only thing it can't do is downgrading.

  • Create New...