Jump to content

KernelEx for Win2000


Recommended Posts


I can tell you that kernel32.dll contains some code specific to converting to and from the Korean locale. In several places throughout the NLS code it checks for the Korean locale and consults a special "KoreanWeights" table when it needs to. It was one of those things I had to reverse-engineer and have no way to test.

Link to comment
Share on other sites

  • 1 month later...
  • 2 months later...

I was trying to apply the Extended Kernel update to install the recent nVidia Driver. But Extended Kernel failed to install due to missing "MS12-052 (KB2722913)". The download for this that I was able to find was 3.3 GB, which is excessive. Could you list links to all the required components part of the update in your first post?

Link to comment
Share on other sites

You can find it from http://w2k.flxsrv.org/wlu/wlu.htm

and you had better install [MS13-028]Cumulative Security Update for Windows 2000 Internet Explorer 6 SP1 (2817183) .You can also find it.

It also requires roots update 2012.

You can download from http://www.microsoft.com/en-us/download/details.aspx?id=35945

I was trying to apply the Extended Kernel update to install the recent nVidia Driver. But Extended Kernel failed to install due to missing "MS12-052 (KB2722913)". The download for this that I was able to find was 3.3 GB, which is excessive. Could you list links to all the required components part of the update in your first post?

Link to comment
Share on other sites

Is anyone else having a problem with the latest Firefox 24 nightly? It won't download anything anymore but it does work in XP. I'm still on ExKernal v2.2n9 so maybe blackwingcat's latest version fixes it? Everything else is going good so that's why I tend not to upgrade.

Edit: after more testing it will download if you go to the Tools/Download box and retry. It just won't do it automatically anymore as it does in XP. It seems to be a change they made in the last few days that's affecting W2k.

Edited by DanR20
Link to comment
Share on other sites

Hi blackwingcat, another new problem is that Oracle is no longer updating Java 6. I reinstalled Java 7 and while the present applets in the cache still work fine it's impossible to run new ones because they did away with low setting in the Security tab. That forces the Security permission box dialog to show every time. The problem is it's crashing and it won't permit the applet to run. Tested in XP and it's ok. Hopefully it can be fixed.

Link to comment
Share on other sites

Well.

I desire to fix this problem, But I don't know the cause of it.

I want any information for fix it.

Hi blackwingcat, another new problem is that Oracle is no longer updating Java 6. I reinstalled Java 7 and while the present applets in the cache still work fine it's impossible to run new ones because they did away with low setting in the Security tab. That forces the Security permission box dialog to show every time. The problem is it's crashing and it won't permit the applet to run. Tested in XP and it's ok. Hopefully it can be fixed.

Edited by blackwingcat
Link to comment
Share on other sites

Hi blackwingcat, wish there was something I could do, there's no error messages but it's the Permissions box that's crashing when pressing Run. As previously noted, java applets work smoothly if you copy the cache over from XP into W2k's with site permissions already granted. That way the Permissions box doesn't pop up. Are you able to reproduce the crash?

Link to comment
Share on other sites

I think Java 7 freeze on Windows 2000 whenever Application popup shows.

So, It is not that it has only securty dialog.

Hi blackwingcat, wish there was something I could do, there's no error messages but it's the Permissions box that's crashing when pressing Run. As previously noted, java applets work smoothly if you copy the cache over from XP into W2k's with site permissions already granted. That way the Permissions box doesn't pop up. Are you able to reproduce the crash?

Edited by blackwingcat
Link to comment
Share on other sites

If logging is turned on from the Control Pane\Java.cpl applet it creates a log file in C:\Sun\Java\Deployment\Logs. That tells you what's being loaded from the security end. This version wasn't a problem until they did away with the Low setting in the Security tab since that didn't force the Security Warning popup.

Link to comment
Share on other sites

  • 3 months later...

Hello, blackwingcat.

Thank you for your work on this first.

I have found one bug or error in user32.dll in version 18e, but it is also there in version 18e - I have checked it.

The problem appears in starting process of Gameranger program.

Here are some details:

Registers:

eax=00000013 ebx=00000000 ecx=00000087 edx=00000012 esi=000001a0 edi=006b7070
eip=77e16078 esp=0012ef68 ebp=0012ef78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

Code:

77e16059 64a118000000 mov eax,fs:[00000018] fs:00000018=????????
77e1605f 8b4040 mov eax,[eax+0x40] ds:00949ef9=????????
77e16062 c3 ret
77e16063 55 push ebp <== your function starts here
77e16064 8bec mov ebp,esp
77e16066 51 push ecx
77e16067 51 push ecx
77e16068 8065fe00 and byte ptr [ebp+0xfe],0x0 ss:00a78e5e=??
77e1606c 8065ff00 and byte ptr [ebp+0xff],0x0 ss:00a78e5e=??
77e16070 53 push ebx
77e16071 8b5d08 mov ebx,[ebp+0x8] ss:00a78e5e=????????
77e16074 56 push esi
77e16075 8b750c mov esi,[ebp+0xc] ss:00a78e5e=????????
FAULT ->77e16078 8b03 mov eax,[ebx] ds:00000000=????????
77e1607a 81fee0030000 cmp esi,0x3e0

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012EF78 77E1B894 00000000 000001A0 00000000 00000012 !IsWindowVisible [omap]
0012EFEC 77E1BA6B 000201BA 00000153 00000000 00000012 !GetWindowLongW [omap]
0012F010 77E3A454 000201BA 00000153 00000000 00000012 !GetWindowLongW [omap]
0012F030 77E14750 77E1BA04 000201BA 00000153 00000000 !SetWindowPlacement [omap]

Full details Report is atached!

I think the second first parameter of this function is 0 and 77e16071 - mov ebx,[ebp+0x8]

sets ebx to 0 where [ebp+0x8] is second parameter to this function is first parameter i think and then 77e16078 mov eax,[ebx] causes reading from 0x00000000 address.

I reversed abit user32 and saw you called this function often from many functions and usually check if first parameter is zero and if it is you skip this function calling. But however seems it is posible (in some rare cases) second parameter to be Zero too. But maybe is better to check always if first parameter is Zero.

I think you can easily fix it by add check for second parameter in this function before all calls. The other way is to figure out where this call was generated with second first parameter Zero, but I'm not curently using extended kernel, but I can install it and then debug Gameranger to see where the call is made with second first parameter Zero to your function. But I think you can see it in Stack back trace to figure out. It looks like some chain of calls which maybe do not produce this result always, because I have not seen this in any other program. Gameranger works fine without extended kernel (tuned a little bit to fit support :ph34r: ofcourse, but it works without crash).

Another , maybe more practical way to fix it to add check if secont parameter is zero before call of your function. I have seen you skipped some original code and instead of it you call your code - so I think you have some space for this check. This is what come to my mind lastly. There are 90+ calls to your function, I hope you figure out where exactly things go wrong if you dont chouse to change it in general. I think I can try to add check before all calls to see if it works fine because there is always some original code you skip with jump, so there is room for it.

And again this is for version 18e (the adresses may differ for other version of user32), but this crash hapans also in 18g (I have checked it).

Another clue for you is maybe esi=000001a0 which you use to check which function called your function and which is third second parameter of this funtion (by my view) - 77e16075 - mov esi,[ebp+0xc].

I got confused by stack frame which shifts stack with push ebp first to +4 to all things. So +0 is saved ebp, +4 is return adress +8 is first parameter and etc.

Report.zip

Edited by leonidij
Link to comment
Share on other sites

Hi, Thx for your report.

It seems to cause of Windows 2000 narive bug.

I try to fix it on v2.3f3.

Will you test it?

Hello, blackwingcat.

Thank you for your work on this first.

I have found one bug or error in user32.dll in version 18e, but it is also there in version 18e - I have checked it.

The problem appears in starting process of Gameranger program.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...