Jump to content

Kext: DIY KernelEx extensions


Recommended Posts

When new redirects happen it might be best to have a record and update this list.

= KERNEL32.DLL:GetLocaleInfoEx=>KERNEL32:GetLocaleInfoW =
= KERNEL32.DLL:LCIDToLocaleName=>NLSDL:DownlevelLCIDToLocaleName =
= KERNEL32.DLL:LocaleNameToLCID=>NLSDL:DownlevelLocaleNameToLCID =
= KERNEL32.DLL:LZStart=>LZ32: =
= MSVCRJ.DLL:_ftol2=>MSVCRS:_ftol2 =
= MSVCRJ.DLL:_ftol2_sse=>MSVCRS:_ftol2_sse =
= MSVCRJ.DLL:_get_output_format=>MSVCR80: =
= MSVCRJ.DLL:sscanf_s=>MSVCR80: =
= NTDLL.DLL:RtlEqualUnicodeString=>RADMIN32: =

Edited by Goodmaneuver
Link to comment
Share on other sites


When going from KEX 4.5.2 to latest Kexbase modules as per Core Update topic; ; NotePad++_ANSI vs 5.5 creates an error in unknown if left in follower mode. If I place it in Disabled it is alright and was in follower mode in 4.5.2. NotePad++_ANSI runs alright in follower mode when profiling with Process Walker and Dependency Walker. Explorer and Dependency Walker are also in follower mode. I thought this should be investigated. Heap Walker is sorted by module.

NOTEPAD++ caused an invalid page fault in
module <unknown> at ec30:fabadaf6.
Registers:
EAX=fabadaf6 CS=01b7 EIP=fabadaf6 EFLGS=00010286
EBX=00000000 SS=01bf ESP=007dfd50 EBP=007dfd80
ECX=fabadaf6 DS=01bf ESI=fabadaf6 FS=2f57
EDX=831213ac ES=01bf EDI=fabadaf6 GS=0000
Bytes at CS:EIP:

Stack dump:
004a9af2 00000004 00000000 00000314 00000000 bff641cf 831213ac 00000004 00000000 00000001 fabadaf6 00000000 004e50f8 0049f1ec 004e50f8 004bf328

HeapWalk_2.png

Edited by Goodmaneuver
Added FaultLog
Link to comment
Share on other sites

It is a race to load problem I believe with KernelEx. With Kexbases25, KernelEx did not hook Cmdninst.exe when I could check it and it was stalling there ; that is why every little bit matters when timing is tight. The answer could be more K824 function redirects instead of using Kexbase modules as it appears only the function is loaded, or is it? Would the functioning then be in the registry? How does Kstubs work?

I was able to get ApiLog to log NotePad++_ANSI by placing the mode on Default at the bottom top and selecting logging (Core.ini4.5.2). ApiLog picture may not help as KernelEx may not be working as it should at the top of the list. Let me know if you want any better information.

Edited by Goodmaneuver
strikethrough
Link to comment
Share on other sites

Even though Msgsrv32 is 16bit, KEX can be in use as seen in KEX24 picture. The top image is of the newer install with KEX25 prior to Volumouse and the bottom one is from a different build with KEX24. I have looked on a build with KEX12 and KEX is in use on Msgsrv32 also. It is because Volumouse (Vlmshlp) is hooking Msgsrv32 and dragging along KernelEx. Mmtask.tsk on KEX24 build is from an early Whistler release and is 32bit. EDIT mistake. These 2 builds of mine have System Monitor CPU usage of a certain percentage as can be seen. I think is accurate now and is something to do with 16bit and the registry. Some people have dismissed this as a false reading but I have had it zero on one build and that build had server buffers at zero at the time. It is to be noted that the registry is running top down in Win9x and bottom up in WinXP I think, from my memory of such. This is likened to Ntdll linking directly to Kernel32 and is loaded in Win9x where as NT OS versions Kernel32 loads calling Ntdll.

MSGSRV32_KEX25.png

MSGSRV32_KEX24.png

Edited by Goodmaneuver
Too many typos + strikethrough
Link to comment
Share on other sites

I have all K25 modules working bar Core.ini. I have found that the latest Core.ini causes problems and does not work. I am using Core.ini20. I have up loaded the CORE.ini to use and the AppSettings in reg format.

What to do to get KEX25 to work : - Boot into Safe Mode then place KEX25 modules in your KernelEx folder and the Core.ini I uploaded. Take the uploaded AppSettings Reg file and merge it then register Kexcom.dll18 while still in Safe Mode of-course. You can have a look at the Reg file but do not alter it in any way otherwise it probably will not work. Do not alter the Core.ini either it is slightly different to 20i and can be altered to add Kexstub824 later. Changes to AppSettings mainly are more multi-use system modules disabled. Once the AppSettings.reg is merged you can delete any double-ups for example; *\NV*.DLL being equivalent to C:\WINDOWS\NVOPENGL.DLL; by doing a search for \NV and search *NV if you did some that way and the modules name starts with NV, in this case. I do not think removing duplicates will be essential at first but if not done in Safe Mode then it must be done when booted into the OS properly. Most nVidia modules start with NV so I would not advise to do *NV*.DLL as *\NV*.DLL focuses the module target better. If you want you can start a fresh, just delete the AppSettings key only, of the registry, and register the upload; it will suffice for booting if applications boot through run-time without the need for a special KEX mode setting. If the full boot stalls, Ctrl+ Alt+ Del and see what is making the stall; it would be not responding. This may take a few seconds as it will be going 100% CPU usually. On first time boot Msgsrv32 may be stalling so terminate it. Sheet.dll19 can be registered when fully booted into the OS. I have made Msgsrv32 disabled even though it is 16bit in the chance that KernelEx is invoked by another App like Volumouse but this may not work. As far as going too far, perhaps some operating modules do not need disabling but there are only a few more. I was lucky that I disabled them at the time with the build I was working on with 4.5.2. I did not disable Cmdninst.exe and Runonce.exe but I think they should be. AppSettings.reg has 4.5.2 mode settings only, so it is compatible with 4.5.2.

AppSettings.zip

Edited by Goodmaneuver
better wording important
Link to comment
Share on other sites

Preamble : -@schwups @jumper and others; it works on builds that have had put on KernelEx prior to IE6. So do not use a good build as the scripting error could happen as described on top of page 51 in core updates topic or it does not work or not work fully. The *\MSVC* should be = NT2K not NOHEAP. See I did not change anything from my 4.5.2 build. I did not update the SP VXD's either this time in the VMM32 folder before the first machine restart but I believe if you do then it will not make any difference to the result as I have tested the reproduced Vmm32.xvd of updated versions and still OK. All VIA drivers and SYS files in System32\Drivers were copied over before reboot. You can update the Install cabs if you want as well, WinME is not fussy about that if copied onto the hard drive. The Quadro FX5500 went straight on after a standard PCI graphics driver. I know this as the screen refreshed before asking for the 82.69 files and upon reboot the standard PCI graphics driver was there not functioning so gets removed. You need to be able to access any modules that the setup may ask for that you may have forgotten. Skip any files that are in the System32\Drivers section that setup has trouble with, the files are already there. Vredir.vxd update is the one to indicate network drive size correctly residing in the system folder. Files need replacing in the SFP\Archive folder and the system just like an NT system. I have on one build SFCPL.cpl from 51.2451.1, SFC.dll from XP 2.2600.3264 and SFC_OS.dll from ROS 2017 and it brings up the Control Panel for SFC and indicates that it is turned off on that build but have not investigated it any further just yet.

Findings for KEX25 : - The new discoveries with KEX 25 is that it kills Dependency Walker from accessing Depends.dll export table; Depends.dll memory location 998. This only happen before if Depends was operated under a higher mode setting above about BASE. I cannot be more specific but WIN2000D definitely would create that Depends error in KEX24 and prior KEX's (precisely started when is ?). Depends and Process Walker cannot profile anything anymore. The programs I have used and OK so far are WinMerge 2.14 Unicode, CometBird9 and KMPlayer4.06. All programs installed fully under KEX25 with Core.ini20. These so far are InstMsiA2, 7-Zip 9.20, Internet Explorer up to Q982381, Visual C++2005 redist, Visual C++2008 redist 9.030729.17, NVIDIA PhysX (Legacy), Paragon NTFS for  Win98 and DirectX 9C official 2007. NVidia display panel indicates with this install; Processor NVIDIA (Unknown); Memory 1024MB; ForceWare version 82.69 and DirectX9.0 or better. System file protection can be a problem though and the files may need to be copied from the SFP\Archive folder to system folder for some IE6 files I found. Obviously off line for this. Perhaps MDIE6CU was unofficial but does a good job of the install apart from what was discussed last sentence.

The Debug Button : - To get the Debug button on the error window I had installed something and the settings reside in the System part of the registry. I believe that Visual Studio 6.0 Enterprise (6.00.8168) has this feature but it may say there is nothing that requires it so install visual-c-sharp-2005-express-edition-es-en first. That might work. I have them both installed on latter builds. Copy the full name of the programs and do a Google search. It is advisable to have it available to load on restart for VS6 (on CD hardware for example) as it may want to restart the machine. As a precaution then, have a copy of system modules that were upgrades from original ME modules. The Symbols may not be available from Microsoft so a debugger of your choice can be used instead.

Edited by Goodmaneuver
Forgot DirectX and InstMsiA2 they were not displayed in the installed program list. Added Quadro
Link to comment
Share on other sites

As can be seen in the Ktree11 picture, Unicows is a KnownDLL. If Unicows is used this way there will also be a need of a copy of it in the System folder if the KernelEx folder is not a mapped environmental directory. This is because if a program is KEX disabled or calls Unicows as an implicit then it will find Unicows in the System folder. Same goes with any other modules as a KernelEx KnownDlls. I have had both Unicows actively loaded in both directories at the same time. It is not necessary to have Unicows as a KernelEx KnownDll and I will probably remove it soon. The method of getting KEX25 to work works from a complete 4.5.2 install so the other KernelEx KnownDlls have been installed and the install method worked.

The SFC control panel looks like picture on a new build but looked different on old build and was disabled.

SFC.png

Edited by Goodmaneuver
Link to comment
Share on other sites

I have all modules working as Jumper wanted as far as functionality is concerned. In the process of fiddling with Corei25 I have considered a first 7 character sighting with SFN in the registry but this is probably not a problem. I believe it helps changing the order of the first few modes around. Uploaded Core.ini_2 in zip. WinME looks at the most significant bit in sorting order so 12 is sorted before 2 for example. If sorting numerals there should be zeros in front of the numbers to match the number of significant bits of the highest number.

CORE_2.zip

Edited by Goodmaneuver
Link to comment
Share on other sites

I have just got one of my recent builds working with KEX25. What I discovered was that the original SessionManager KnownDLLs from a fresh OS install need to be there with KEX25. I took them from the working KEX25. If you look at my KEX25 picture it will show 65 of them which were only System files which pointed to themselves.

What I did was to take my working new build SessionManager 32bit KnownDLLs and export them. I then booted up an advanced build in safe mode placed in the KEX25 modules except Core.ini and used the Core.ini in my last post then merged the new install SessionManager KnownDlls. Then I merged the AppSettings.zip I uploaded. This got an advanced build working and no scripting error occurred and should not happen just on a merge. The *\MSVC* then can be changed to suit a 2K like mode in the AppSettings and this includes DCFG1 in later KEX as I mentioned some while back and duplicates removed. If after removing duplicates and upon reboot problem returns, the merge procedure needs repeating again in Safe Mode and register KexCom again in Safe Mode. That is what I did as I removed *\MFC*U instead of removing *\MFC* but I did not do this intentional mistake second time. DCFG1 does not work if the application stipulates that a 2K or higher operating system is required though. Thank you for making changes to Kstub Jumper.

To make things easier I will upload new requirements soon.

Edited by Goodmaneuver
Link to comment
Share on other sites

Jumper, I hope I have usable log files now. Example: Firefox.exe

error in Kernel32.dll at :bff6bb07

- changed the machine

- KernelEx set to disabled

- started Firefox in XPSP2 mode

Logs

ProcWin - screenshots(undefined memory)/ Minisnap - txt/ DependencyWalker - log/ KexApiLog - log

 

 

 

Edited by schwups
Link to comment
Share on other sites

Preamble : - The advanced build that worked has Msvcrt vs from Win2K3SP2 as Msvcrt. Method to use this file is explained by myself in other posts. If I changed this version it would not work. I tried 6.1.9848 and Msvcr70 and Msvcr80 vs 8.0.40209.38. All should work without problems. So this is one of the necessary requirements for my advanced build. 

The Fix : - Most problems and especially the Dependency Walker issue can be fixed by removing *\MSVC*.DLL in Configs section and have MSVCRT*.DLL, MSVCR8*.DLL and MSVCR7*.DLL disabled. Flags section for example for MSVCRT and variants: *\MSVCRT*.DLL=1 Double Word value, then reboot. Dependency Walker then works good. Other MS visual common run-times may need a separate setting but in follower mode seems to be OK for now. Black Wing Cat's wrapper which I have named MSVCRS will still load disabled but not in Safe Mode so it is set disabled too. Method to use this file is explained by myself in other posts.

Edited by Goodmaneuver
Much like original post. I thought it needed editing from result of further fiddling with MSVCRT settings
Link to comment
Share on other sites

WinME conclusion so far. It might be best to rebuild again with KEX25 as everything seems to work out alright if following directions above. If trying to update an advanced build it probably will not work out too well if KEX was installed after IE6. For instance I got it all to work up until Kstubs. Kstub823 works but not really with Msvcrt of Win2K3 on my build which is the only Msvcrt version that worked. When trying Kstub824 the scripting error came in and when removing Kstubs824 there was no scripting error. This error showed as unspecified 30 as explained in Core updates topic top of page 51. It also might be best to have KernelEx set disabled from the install as Jumper requested. I agree with tyukok about the  leak ideaWhat ever the reason now with KEX25 going from Mozilla to PotPlayer does not interfere with DXVA playback. It depends on how much browsing is done and then it still knocks out anti-aliasing that is inherent with older nVidia drivers. (drivers modern for WinME though)

Edited by Goodmaneuver
Purple text
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...