KernelEx for Win2000

[blackwingcat]

I disassembled it.

But I think it resolved user32.dll problem as I said.

It causes from same bug.

Yes as what I described above. You can debug both in ollydbg or in any other debugger/dissassembler and see the difference between both. You can use also Cmpdisasm tool for this task. This program can be used to add extra code into exe and thats why AVs think oo it is very bad think to do, but as you know very well not only bad things can be added into existing program. The program itself have nothing malware, but you are free to be extra cautions. I think I remember one more program which have same problem. Will try to find it. It was one Opcode tool. Oh I think I remeber even one more program with that problem. Will search for them.

[leonidij]

See above of my post for attached file for another program with same problem.

And here with v18g +fixed user32 from v23g3 this problem does still exist.

On which environment you test it japanese or english?

And which user32.dll exactly are you using for tests?

This Opgen tool have much simpler gui as functions and does not use send message at all.

0x0000 "SetDlgItemTextA"
0x0000 "CheckRadioButton"
0x0000 "DialogBoxParamA"
0x0000 "IsDlgButtonChecked"
0x0000 "wsprintfA"
0x0000 "GetDlgItemTextA"
0x0000 "MessageBoxA"
0x0000 "EndDialog"

are the only user32 functions it uses.

Edited October 9, 2013 by leonidij

[blackwingcat]

Fixed version user32.dll is 5.0.2195.7160(Oct 7th 4:23am GMT) in v23h

See above of my post for attached file for another program with same problem.

And here with v18g +fixed user32 from v23g3 this problem does still exist.

On which environment you test it japanese or english?

And which user32.dll exactly are you using for tests?

This Opgen tool have much simpler gui as functions and does not use send message at all.

0x0000 "SetDlgItemTextA"
0x0000 "CheckRadioButton"
0x0000 "DialogBoxParamA"
0x0000 "IsDlgButtonChecked"
0x0000 "wsprintfA"
0x0000 "GetDlgItemTextA"
0x0000 "MessageBoxA"
0x0000 "EndDialog"

are the only user32 functions it uses.

[leonidij]

Yes indeed it works with both original calc32.exe (with its tooltips) and topo.exe! I actually have user32.dll deleted from know dlls and just placed v23h into directory where calc32.exe and topo.exe are and they run fine indeed. Seems that was caused by same bug. (And this also means user32 v23h is compatible with v18g other files.)

BUT Opgen.exe still do not work. It fails to fully initialize and the problem looks very same as the problem in topo.exe, BUT seems is caused by other function. Maybe this same bug is also present in other functions than SendMessage?

Opgen.exe + its full source code is attached in post #480 (a little above).

Edited October 9, 2013 by leonidij

[piotrhn]

Hi blackwingcat, I found some bugs:

KB935839-23H

Windows doesn't work when install's comctl32 (5.2 Win2003 ver.), taskmgr crash and more.

sigverif.exe

When i run sigverif.exe it starts and scan files ok, but when i click button advanced program crashes

Edited October 9, 2013 by piotrhn

[blackwingcat]

It seems to have opgen general problem.

It does not also work on Windows XP.

You can download fixed newer version opgen from here.

http://www.reversing.be/forum/viewtopic.php?t=517

And what is runme.exe ?

Yes indeed it works with both original calc32.exe (with its tooltips) and topo.exe! I actually have user32.dll deleted from know dlls and just placed v23h into directory where calc32.exe and topo.exe are and they run fine indeed. Seems that was caused by same bug. (And this also means user32 v23h is compatible with v18g other files.)

BUT Opgen.exe still do not work. It fails to fully initialize and the problem looks very same as the problem in topo.exe, BUT seems is caused by other function. Maybe this same bug is also present in other functions than SendMessage?

Opgen.exe + its full source code is attached in post #480 (a little above).

Edited October 10, 2013 by blackwingcat

[blackwingcat]

Hi blackwingcat, I found some bugs:

KB935839-23H

Windows doesn't work when install's comctl32 (5.2 Win2003 ver.), taskmgr crash and more.

sigverif.exe

When i run sigverif.exe it starts and scan files ok, but when i click button advanced program crashes

I found Windows 2000 taskmgr.exe native bug.

Please wait.

You can see more information from here.

http://blog.livedoor.jp/blackwingcat/archives/1817851.html (Japanese)

I released kernel v2.3h2. (return 5.2 XP ver)

and released KB839726-v2 / 5.0.2195.6904 Taskmgr.exe

English / Japanese and FRA/ITA/DEU/TW/PTG version

Edited October 10, 2013 by blackwingcat

[piotrhn]

Hi,

I installed K-Lite Mega Codec Pack & in Media Player Classic 1.7.0.7805 buttons are invisible/broken.

Edited October 14, 2013 by piotrhn

[blackwingcat]

Which buttons did you mean ?

( does K-Lite basic codecpack have no problem ?)

Hi,

I installed K-Lite Mega Codec Pack & in Media Player Classic 1.7.0.7805 buttons are invisible/broken.

[blackwingcat]

I released Safari 6.0.5 for Windows 2000 with Extended Kernel.

http://blog.livedoor.jp/blackwingcat/archives/1819424.html

[leonidij]

Hello blackwingcat.

Thanks for info!

that runme.exe is logo program of site from which the program was downloaded from. That site "protools" no longer exist and this runme.exe have nothing to do with opgen nor matters in any way. It is just there in archive I have. That's all about it.

And what is the difference between v2.3h and v2.3h2?

Edited October 16, 2013 by leonidij

[blackwingcat]

Hi.

v2.3h2 is replaced back comctl32.dll from 2003version to xpversion cause of some problems.

And what is the difference between v2.3h and v2.3h2?

[blackwingcat]

http://blog.livedoor.jp/blackwingcat/archives/1821933.html

http://blog.livedoor.jp/blackwingcat/archives/1707344.html

I released .Net 4.0 for Windows 2000 Extended kernel. RC2.

You can easy construct Extended Kernel Environment with Extendede Kernel DVD Creator on hfslip Kit.

http://www.msfn.org/board/topic/156521-unofficial-sp-52-for-microsoft-windows-2000/page-25

Edited October 24, 2013 by blackwingcat

[leonidij]

Hello blackwingcat.

That bug you have fixed about SendMessage function in user32.dll seems was very Very VERY big flaw in win2k. I made that fix to user32.dll of SP5.1 (NON EXTENDED KERNEL) and now many programs, which gives trouble in past run flawlessly. Micro$oft seems forgot to fix this for full compatibility with win9X., but fixed it in XP. And the problem in Opgen.exe seems again was not fixed in 2k but also in XP and maybe all else versions (maybe it was too rare to be seen by developers). But this one in SendMessage is really important because without it many programs just can not work on win2k. I found many other programs which crashed before to work flawlessly now. So this really was MAJOR BUG (I think) reached in different ways by many programs.

One of many examples is FastScanner 3.0 from AT4RE.

Can be downloaded from:

http://www.woodmann.com/collaborative/tools/index.php/AT4RE_FastScanner

It still crashes when TotalScan button is clicked but before it was crashing right after launched.

Edited October 26, 2013 by leonidij

[blackwingcat]

Perhaps Recent version kernel32.dll(5.0.2195.7204) was fixed it.

Please try test again.

Sorry, I forget how It occures.

I can tell you that kernel32.dll contains some code specific to converting to and from the Korean locale. In several places throughout the NLS code it checks for the Korean locale and consults a special "KoreanWeights" table when it needs to. It was one of those things I had to reverse-engineer and have no way to test.