Jump to content

PE Tool for creating patches


WildBill

Recommended Posts

It hasn't resolved yet.

It always occures when I click CCC menu with skins.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:

win32k+a3512

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 007c0605

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

PROCESS_NAME: CCC.exe

EXCEPTION_RECORD: ae8ab7a4 -- (.exr 0xffffffffae8ab7a4)

ExceptionAddress: a00a3512 (win32k+0x000a3512)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000000

Parameter[1]: 007c0605

Attempt to read from address 007c0605

TRAP_FRAME: ae8ab7f8 -- (.trap 0xffffffffae8ab7f8)

ErrCode = 00000000

eax=a0383210 ebx=ae8ab8b0 ecx=007c05e5 edx=00000000 esi=ae8ab8b4 edi=a0383530

eip=a00a3512 esp=ae8ab86c ebp=ae8ab878 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00050246

win32k+0xa3512:

BWC: I removed the v9e above and posted another one with an updated win32k.sys file (version 5.0.2195.7402). It explicitly sets ECX rather than relying on ValidateHmenu() to set it. If it works out for you, I can post a V10 on the main list.

The new v9e is here:

http://www.mediafire.com/download.php?7o1y5rbcr9eqxc0

For reference, this is what it looks like (a few other instructions above it changed to reflect the fact that some things moved up by 4 bytes):


.text:A00A34E4 loc_A00A34E4: ; CODE XREF: xxxGetMenuBarInfo(x,x,x,x)+187j
.text:A00A34E4 cmp [ebp+arg_4], 0FFFFFFFCh
.text:A00A34E8 jnz short loc_A00A3530
.text:A00A34EA mov edi, [ebp+arg_0]
.text:A00A34ED push edx ; int
.text:A00A34EE push edx ; UnicodeString
.text:A00A34EF push 1E1h ; MbString
.text:A00A34F4 push edi ; int
.text:A00A34F5 call _xxxSendMessage@16 ; int
.text:A00A34FA mov [ebp+arg_4], eax
.text:A00A34FD push eax
.text:A00A34FE call _ValidateHmenu@4 ; ValidateHmenu(x)
.text:A00A3503 test eax, eax
.text:A00A3505 jz short loc_A00A3530
.text:A00A3507 push [ebp+arg_4]
.text:A00A350A pop ecx
.text:A00A350B mov edx, [ebp+arg_8]
.text:A00A350E test edx, edx
.text:A00A3510 jl short loc_A00A3530
.text:A00A3512 cmp edx, [ecx+20h]
.text:A00A3515 ja short loc_A00A3530

Link to comment
Share on other sites


I finally have WideCharToMultiByte rewritten in kernel32 (it's pretty messy and probably buggy), but it's letting me make progress on a bunch of simpler functions that require it. I'm up to 565 exported functions rewritten out of about 902, and I expect progress to pick up now that most of the really tough NLS stuff is done (if nothing else, most of the .nls files will finally be documented).

In the meantime, I was wondering if anyone has had a chance to look over the sources for my rewritten basesrv and csrsrv.

Link to comment
Share on other sites

hello...

Actually I have take a look on it.. but unfortunately I have no win2k system ATM (its still being repaired..),, and I have only vc2010 express MASM32 package..

so I just tried to recompile them..

the first is csrsrv... I got it succeed..

but when I tried to recompile basesrv...

it complain that I'm missing for some import from csrsrv, I have copied the produced LIB from csrsrv... but still did not succeed....

because the basesrv need functions from csrsrv as Stdcall...

because of curiosity I open up the csrsrv .lib with Hex editor then tried to search the missing export..

And I don't know is it right or not but adding extern "C" before exported function solve my problem... --> the produced lib contain correct export lists...

since I have not programming in C/C++ for a long time, I almost forgot the languages.. :blushing: (I'm still trying to starting over)

well I don't know its help or not... anyway you have done such a great job... :thumbup

Link to comment
Share on other sites

It's the same file either way. I don't think I've ever had a separate one for uniproc in that patch.

The file is same but M$ always puts it in uniproc too. And it's required for slipstreaming...

Link to comment
Share on other sites

@WildBill

There seem to be some problems with the newest version of ntdll.dll. Please have a look at this topic. I used ntdll.dll 5.0.2195.7084 in UURollup-v10 which caused all the issues which are now gone in UURollup-v11 where the older version of ntdll.dll (5.0.2195.7083) is used.

Link to comment
Share on other sites

@WildBill

There seem to be some problems with the newest version of ntdll.dll. Please have a look at this topic. I used ntdll.dll 5.0.2195.7084 in UURollup-v10 which caused all the issues which are now gone in UURollup-v11 where the older version of ntdll.dll (5.0.2195.7083) is used.

The issues regarding the ntdll.dll are gone in UURollup-v10a. I'm wondering if version 5.0.2195.7085 of ntdll.dll will fix the issues that I experienced for a while. :)

Link to comment
Share on other sites

Hi, WildBill.

Is there your extended kernel function table such as http://j00ru.vexillium.org/ntapi/

I want to extend Kernel Core wirth Your Kernel.

It's the same file either way. I don't think I've ever had a separate one for uniproc in that patch.

I guess no one has taken a look at the v9e sources :(

This is what's in my kernel32.def file at present, which lists all of the exported functions currently implemented in C. I still have about 180 more to do before it contains everything in the latest V10 kernel. Also, until I have the first 830 or so all implemented I can't test or debug them, so crashes are likely until that point. Once I get everything working I can then put it through the hardening passes that I did for csrsrv and basesrv.

http://www.mediafire.com/download.php?1966gy8kokutq6p

I could post the full sources to my kernel32 project, but while it compiles it won't do anyone any good until it's complete enough to run in a 2k environment.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...