Jump to content

KernelEx 4.5.2


Recommended Posts

So far, I'm unable to duplicate the problem with SSM and KEX 4.5RC1 or RC4. Just to rule out one possibility, could you verify that you do have version 2.0.8.583 of SSM and not version 584? Version 584 was released for a short time but had stability issues, some of which were similar to what you're describing.

Thanks for looking into this. I am indeed running SSM 2.0.8.583 and just verified it. The referenced error occurred several times shortly after loading SSM for the first time and happened as I clicked the Start button. The error always was:

EXPLORER caused an invalid page fault in

module <unknown> at 0000:9eff049c.

with somewhat varying registers and stack dump data. It has not occurred again since I disabled all KernelEx extensions for SSM.

EDIT: Yes, I installed SSM after KernelEx 4.5 RC 1. I didn't see your earlier post until now.

Edited by Prozactive
Link to comment
Share on other sites


The referenced error occurred several times shortly after loading SSM for the first time and happened as I clicked the Start button.

Could you check a couple things?

1, What is the KernelEX compatibility setting for browseui.dll in the system folder?

2, Under SSM application rules, look for the rule for browseui.dll, advanced properties. What is the default action in the drop box? If not "allow injection" is explorer checked as an allowed source?

Were you also getting this error when using the menu on explorer?

Link to comment
Share on other sites

Could you check a couple things?

1, What is the KernelEX compatibility setting for browseui.dll in the system folder?

2, Under SSM application rules, look for the rule for browseui.dll, advanced properties. What is the default action in the drop box? If not "allow injection" is explorer checked as an allowed source?

Were you also getting this error when using the menu on explorer?

1. KernelEx extensions are disabled for Browseui.dll. Interesting, as I don't recall doing that manually. Now that I think of it, I should point out that I was using the KB982381 Win2000 IE 6.0 SP1 security update version of Browseui.dll at the time (6.00.2800.2006). I don't know if that makes a difference.

2. The default action for Browseui.dll is "Allow injection". And explorer.exe is not checked as a source.

I'm not sure I fully understand your last question. By "menu on Explorer", do you mean the Start menu? It was several months ago when all this occurred and my memory is a little fuzzy. But as I recall, I was not able to access the Start menu at all immediately after installing SSM, getting the errors I referenced earlier. And since I knew I just installed SSM, it had to be the cause of the errors. So I immediately disabled KernelEx extensions for all SSM files to see if that fixed the problem, which it did.

Thanks again for your time and effort looking into this issue. You are definitely the resident SSM expert and I appreciated the long technical discussions about it and other security measures in that "no antivirus software" thread.

Edited by Prozactive
Link to comment
Share on other sites

1. KernelEx extensions are disabled for Browseui.dll. Interesting, as I don't recall doing that manually. Now that I think of it, I should point out that I was using the KB982381 Win2000 IE 6.0 SP1 security update version of Browseui.dll at the time (6.00.2800.2006). I don't know if that makes a difference.

The KEX extensions is disabled for browseui.dll on mine as well. I never checked the KEX settings for that file before. Might be the normal setting for it. The file version might make a difference. That will take a bit longer to check. I've needed a 98-IE6 test unit a few times but have yet to build it. Regarding the file from the update, did you just substitute it for the original in DOS?

2. The default action for Browseui.dll is "Allow injection". And explorer.exe is not checked as a source.

That setting allows any application to use the file. Unless there's something different with the version you're using, SSM should not restrict it on that setting.

By menu, I meant the file menu on explorer windows. It probably applies to the file menu on Internet Explorer as well. Judging by the things you've described, I'm assuming that the SSM setting on the options tab for applications, under program behavior you have "block process creation" selected. If that's not the case, let me know. You mentioned that SSM seems to be working properly with KEX disabled for its components. I'm interested to find out why that should be necessary. I don't think that I'll be able to check thru this today. It looks like I'll be spending the day dealing with winter.

Link to comment
Share on other sites

Yes, from DOS essentially. Actually it's a dual-boot system so I did it from WinXP. I rename the older file with a different extension then replace it with the updated file. Currently I'm using the Browseui.dll from WildBill's KB2360131 IE 6.0 SP1 update but at the time of the errors I was using the KB982381 version.

I'm still VERY slowly learning how SSM works and how to configure and use it properly. It seems to be a very powerful tool albeit somewhat complex and confusing to use. Some of the menus, layout, and structures aren't intuitively user-friendly and obvious, at least to me, but I'm slowly getting familiar with them. I think you said in that other thread that you were working on some user guides for SSM. If you ever find the time to finish them, that would be a great help! Thanks again for all the help and excellent technical advice.

Oh okay about the File menus in Windows Explorer. Again, since it's been several months since all this occurred, my memory is a little fuzzy but I don't specifically recall any problems with those menus. However, I think the Start button errors occurred so quickly after installing SSM that I didn't have much time or opportunity to use the system before disabling those KernelEx extensions.

And yes, "block process creation" is checked in "Program behaviour\When user interface is not connected and no rules exist:" That must be the default setting as I don't really understand what that means. :)

Good luck with winter. It sounds nasty in the Midwest. We're just starting to get the big storm front blowing in here in the South.

Edited by Prozactive
Link to comment
Share on other sites

Thanks. Knowing exactly what files you've updated will make it easier to investigate. Just so I can set up a similar system, did you install any of the unofficial service packs? If so, which ones?

I'm still VERY slowly learning how SSM works and how to configure and use it properly. It seems to be a very powerful tool albeit somewhat complex and confusing to use. Some of the menus, layout, and structures aren't intuitively user-friendly and obvious, at least to me, but I'm slowly getting familiar with them.

Trying to come up with a user friendly interface that included all those options was a project in itself. Compared to the pro version of SSM, it's actually quite friendly. The pro version is much more convoluted, especially the registry rules. In some ways its behavior seems backwards in comparison. The interfaces definitely could have been better, but from the beginning it was clear that SSM would target a limited user base and that there was no real way to make it friendly to the more "typical" user (not referring to you). Several of us convinced the developer not to drop 9X support, but even the free version was designed with XP in mind. There was only a couple of us testing it on 98. Being one of the few remaining viable security applications for 98 wasn't planned for.

The help file did skip over the options for applications almost completely and is seriously lacking in detail for logging.

The short explanation for application options:

1, allow everything. Default permit. If the process or activity isn't specifically blocked, it's allowed.

2, block process creation. Only whitelisted applications (those with allowing rules) can run. Other activities such as DLL injection are not restricted. The default parent and child settings is "allow."

3, Block everything (paranoiac setting). All monitored activites not specifically allowed are intercepted. If the UI (user interface) is connected, you'll be prompted. If it's not connected, the activity is silently blocked. If this setting is chosen and rules for normal system activities aren't finished and the UI is disconnected, SSM can easily lock up the system.

Another thing the help file doesn't mention. If you set a password, the "Connect user interface at startup" no longer applies. SSM will automatically start with the UI disconnected. Do not set a password until the rules for all processes involved in startup are complete. I had hoped to have the web pages for SSM and 98 done long ago. I seriously underestimated what it would take to thoroughly address this subject. KEX and to a lesser extent RP9 have made it necessary to modify some of the material. Since these are very necessary to the continued viability of 98, they have to be accounted for and have to get along with SSM and each other. Snowstorms aside, I "should" have more time to finish them this winter. There's a lot I still need to examine and account for, especially in regards to external devices. Building web pages/sites is not something I'm good at. They won't be pretty or fancy. Hopefully they will be useful.

Edited by herbalist
Link to comment
Share on other sites

Now that I think of it, I should point out that I was using the KB982381 Win2000 IE 6.0 SP1 security update version of Browseui.dll at the time (6.00.2800.2006). I don't know if that makes a difference

This appears to be the same version that's contained in the Maximus Decim InternetExplorer 6.0sp1 Component Update 3.4. The copy of BrowseUI.dll on my system is that version. Could you verify the MD5 for that file?

The hash for my copy is 63ef369f829e36018180f7c67efc2957

Link to comment
Share on other sites

Thanks. Knowing exactly what files you've updated will make it easier to investigate. Just so I can set up a similar system, did you install any of the unofficial service packs? If so, which ones?

I'm back. My laptop has increasingly been more unstable recently with frequent Windows/apps crashes and BSoDs for some reason, some of which I described in the Revolutions Pack thread. I've wondered whether SSM is a contributor to this, but anyway.

Yes I understand. Unfortunately (?) I have not installed any of the unofficial service packs but I've updated the system piecemeal with just about all of the official Microsoft and unofficial MSFN/MDGx updates, including KernelEx (obviously) and Revolutions Pack fairly recently. At the time I installed SSM, I had installed KernelEx 4.5 RC 1 and Revolutions Pack 9.6.5.

HTH

Link to comment
Share on other sites

Sorry for double posting, but this subject is too different. :angel

Feature request: (if possible)

Autorun Eater is a very useful program that monitore drives (like USB keys) from autorun.inf.

The only AFAIK that can prevent infection by an unknown autorun-Worm on Win9x.

Previous version 2.5 beta is running fine, using KernelEx and compatibility mode set to Windows 2000 SP4 (or XP SP2). (I have uploaded it on this link: AutorunEater.rar, because it is no more available on the site).

It use 2 exe: 'oldmcdonald.exe' is the main application, and 'billy.exe' is actually monitoring.

Last version 2.5 is launching, but I have every few seconds a message telling that billy.exe "does not have a program associated with it for performing this action. Create an association in My Computer by clicking on Display and then Folder Options."

So, it doesn't seem to be linked with a missing export, and of course I have no problem with exe files association.

Could you please have a look into and see if it can be improved? :)

Link to comment
Share on other sites

1) Some symbols don't display properly in web pages (the arrow to navigate previous next page on this forum for example)

2) The About Opera page is not properly formatted.

Same thing here, but they are glitches.

I have a square in place of the arrow, but the button is working.

3) On saving files no extension is appended automatically to the filename.

That is the main problem.

I cannot save anything. By right-click, with the save button or Ctrl+S, the whole browser is crashing! :(

4) And of course the missing flashing cursor issue in edit fields affecting the 10.x builds remains.

What do you mean?

That: post-200646-0-85280500-1292566368_thumb. ?

Link to comment
Share on other sites

Prozactive,

I've tried several different combinations of official and unofficial updates with KEX, RP, and SSM installed in different orders. I haven't been able to duplicate the problem or cause any type of error message. Saw your post in the RP9 thread. I suspect that these problems have a common cause, and the first one that comes to mind is a RAM stick going bad. If you haven't already, could you test the RAM? Is there anything else that you've installed recently, possibly printer software?

Link to comment
Share on other sites

Prozactive,

I've tried several different combinations of official and unofficial updates with KEX, RP, and SSM installed in different orders. I haven't been able to duplicate the problem or cause any type of error message. Saw your post in the RP9 thread. I suspect that these problems have a common cause, and the first one that comes to mind is a RAM stick going bad. If you haven't already, could you test the RAM? Is there anything else that you've installed recently, possibly printer software?

Thanks herbalist for taking the time and effort to troubleshoot this issue. Sorry I was slow responding but your reply got buried in the recent deluge of posts about browsers, etc. Speaking of which, I wonder if this discussion could be moved to one of the SSM threads, even though it does involve KernelEx.

Anyway, that's puzzling you weren't able to replicate the errors. As I said, they occurred immediately after I installed SSM several months ago. I've also suspected possible RAM and/or other hardware problems were involved with my recent system instability but I've run several passes of Memtest86 and my system RAM passes with flying colors. I've also run Memtest86 and Prime95 several times in the past and I've never encountered any errors, so I'm very confident I don't have any hardware issues (at least in those areas). I also have not installed any new printer drivers.

My system has become much more stable again recently for some reason and I have not encountered those BSoDs again, thankfully. Also, these system stability problems were not an issue back when I installed SSM. And dw2108 apparently had similar issues with SSM and Explorer back in post #1040, which initiated my response and subsequently all this diagnostic work from you.

Edited by Prozactive
Link to comment
Share on other sites

That's unexpected :w00t:

Please someone reupload those bloody RC6 files. :thumbup

PS: Dave-H, they were only attached to a Tihiy post but he deleted them subsequently. I did download them but I deleted them from my machine after I decided I didn't want to install them. :no:

Edited by loblo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...