blackwingcat Posted July 15, 2012 Posted July 15, 2012 Hi.I don't think that it is important kernel32.dll function's order very much. I want not to look Kernel32 function table but win32k.sys and ntoskrnl.exe System Call Table . This is what's in my kernel32.def file at present, which lists all of the exported functions currently implemented in C. I still have about 180 more to do before it contains everything in the latest V10 kernel. Also, until I have the first 830 or so all implemented I can't test or debug them, so crashes are likely until that point. Once I get everything working I can then put it through the hardening passes that I did for csrsrv and basesrv.http://www.mediafire.com/download.php?1966gy8kokutq6pI could post the full sources to my kernel32 project, but while it compiles it won't do anyone any good until it's complete enough to run in a 2k environment.
WildBill Posted July 16, 2012 Author Posted July 16, 2012 (edited) I don't have a handy list of the functions in those files, though a tool like Ida could probably generate one. I'd love to eventually rewrite those in C as well, but first things first--rewriting kernel32 has already proven to be a much larger endeavor than I had envisioned... Edited July 16, 2012 by WildBill
blackwingcat Posted July 21, 2012 Posted July 21, 2012 (edited) Hi.I found your code miss. ntdll.dll (5.0.2195.7084) 77FD4A02 68F10000C0 push C00000F1h <- 77FD4A07 E84C7BFDFF call RtlRaiseStatus 77FD4A0C L77FD4A0C: 77FD4A0C BEF00000C0 mov esi,C00000F0h 77FD4A11 EBCF jmp L77FD49E2 Edited July 21, 2012 by blackwingcat
tomasz86 Posted July 23, 2012 Posted July 23, 2012 @WildBillThere seems to be a bug in atmfd.dll from KB2507618:
WildBill Posted July 23, 2012 Author Posted July 23, 2012 (edited) Hi.I found your code miss. ntdll.dll (5.0.2195.7084) 77FD4A02 68F10000C0 push C00000F1h <- 77FD4A07 E84C7BFDFF call RtlRaiseStatus 77FD4A0C L77FD4A0C: 77FD4A0C BEF00000C0 mov esi,C00000F0h 77FD4A11 EBCF jmp L77FD49E2Thanks! I found a separate issue in ntdll so I was going to release a new one anyway, so I'll put this fix in also. Edited July 23, 2012 by WildBill
WildBill Posted July 23, 2012 Author Posted July 23, 2012 @WildBillThere seems to be a bug in atmfd.dll from KB2507618:I can't begin to describe how much I hate that DLL. There is no symbol info available for it, and it's hopelessly complicated. Do you know if the problem goes away with an earlier version of my patched DLL? That would help me narrow the problem down.
tomasz86 Posted July 23, 2012 Posted July 23, 2012 The problem happens both in the older and the newer version. Can't just the XP file be used as it is? OTF fonts open properly with the XP atmfd.dll from KB2507618 installed.
WildBill Posted July 23, 2012 Author Posted July 23, 2012 The problem happens both in the older and the newer version. Can't just the XP file be used as it is? OTF fonts open properly with the XP atmfd.dll from KB2507618 installed.I tried it once and it refused to let any fonts show up in the Control Panel. I haven't tried it since...
tomasz86 Posted July 23, 2012 Posted July 23, 2012 I tried it once and it refused to let any fonts show up in the Control Panel. I haven't tried it since...I'm using it right now and all fonts are shown correctly.The file is atmfd.dll 5.1.2.232.
WildBill Posted July 24, 2012 Author Posted July 24, 2012 (edited) I've got a couple of updates posted:Windows2000-KB2393802-v11-x86-ENU.exe- A couple of ntdll bugfixes, and it should now be friendlier for slipstreaming.Windows2000-KB2508429-v7-x86-ENU.exe- Some new API functions added:dnsapi.dllNetInfo_FreeDnsFreeDnsFreeConfigStructureiphlpapi.dllGetTcpStatsFromStackExGetIpStatsFromStackExGetUdpStatsFromStackExGetIcmpStatsFromStackExGetTcpExTable2FromStackGetUdpExTable2FromStackGetExtendedTcpTableGetExtendedUdpTableGetBestInterfaceExThe 2k iphlpapi only supports ipv4, so while the calls above will work for ipv4, they'll properly report an error code if called for ipv6.My kernel32.dll rewrite is still proceeding apace...765 exported routines and counting. Edited July 24, 2012 by WildBill
tomasz86 Posted July 24, 2012 Posted July 24, 2012 (edited) Thanks WildBill Is the ntdll.dll version same as in v10?Edit: Something seems to be wrong in the new ntdll.dll Explorer.exe restarts itself each time when trying to open a folder. Edited July 24, 2012 by tomasz86
blackwingcat Posted July 24, 2012 Posted July 24, 2012 (edited) Does Nirsoft Currport work ?Our iphlpapi.dll seems problem on GetUdpExTable2FromStack/GetTcpExTable2FromStackI found iphlpapi v5.0.2195.7097 requires KB957579(Minimum require is KB951798)I've got a couple of updates posted:iphlpapi.dllGetTcpStatsFromStackExGetIpStatsFromStackExGetUdpStatsFromStackExGetIcmpStatsFromStackExGetTcpExTable2FromStackGetUdpExTable2FromStackGetExtendedTcpTableGetExtendedUdpTableGetBestInterfaceEx Edited July 25, 2012 by blackwingcat
WildBill Posted July 24, 2012 Author Posted July 24, 2012 Thanks WildBill Is the ntdll.dll version same as in v10?Edit: Something seems to be wrong in the new ntdll.dll Explorer.exe restarts itself each time when trying to open a folder.Really? There were only two extremely minor changes. One was to correct the error code that blackwingcat pointed out and the other was to fix a bug when initializing a process -- the location of a particular field is different in 2k vs. XP. The thing is, though, the code that's affected should never actually run since it only gets invoked if a process was using an activation context, and that functionality isn't active in my kernel yet. I'm not having any problems here...can you provide any more info?
tomasz86 Posted July 25, 2012 Posted July 25, 2012 I've just done more tests and actually the same problem happens with both v10 and v11. The test machine is a VM (uses uniproc non-PAE kernel) with all official updates installed. I just added KB2479628 and KB2393802.
WildBill Posted July 25, 2012 Author Posted July 25, 2012 I've just done more tests and actually the same problem happens with both v10 and v11. The test machine is a VM (uses uniproc non-PAE kernel) with all official updates installed. I just added KB2479628 and KB2393802.Now that's interesting. I'm seeing the same thing in my VM, but not on real hardware. It must date back to v9, since the ntdll in v9 and v10 are the same. v9 was where I added a bunch of SxS API's to ntdll. I guess I'll have to look at it closely to see if I broke anything.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now