Jump to content

Kext: DIY KernelEx extensions

jumper

By jumper
in Windows 9x Member Projects

 Share

Recommended Posts

  • 3 weeks later...

schwups

schwups

Posted
Posted
On 9/28/2022 at 11:33 PM, Goodmaneuver said:

Just map the KernelEx folder as a known environment and DW will work. That is all that is required. Add KernelEx folder path to AutoExec.bat line SET PATH=

I'd tried it and set the environment variable in the meantime, but I can't recognise any difference.  I also started DW from KernelEx folder. I don't see, that this solves any issues. What is improving?

Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted
On 10/16/2022 at 1:13 AM, schwups said:

I'd tried it and set the environment variable in the meantime, but I can't recognise any difference.  I also started DW from KernelEx folder. I don't see, that this solves any issues. What is improving?

Tell me what the issues are? Only use DW in BASE mode do not profile in NT or above modes. Leave the file to be profiled in what ever mode it needs. If a dynamic link library which has register server function registers it means that it loads into RAM prior to registering. I test with KernelEx disabled first and if it works then I usually leave the DLL in follower mode. There are the odd ones which need KernelEx disabled so testing again in follower mode will be necessary. Otherwise I step up the mode setting until it registers. Some will fail to register.

Link to comment
Share on other sites
schwups

schwups

Posted
Posted
On 10/16/2022 at 5:36 PM, Goodmaneuver said:

Only use DW in BASE mode do not profile in NT or above modes.

Sure I know - I tested all modes an yes profiling in NT and above doesn't work. DW cannot hook modules. What I said is as far as I can see, I get the same results no matter whether DWalker is in the KernelEx folder or not, as well as with environment variables set. It's just bad having all the red boxes in the List and Tree Views too, though there is API support by KernelEx. For example it's very time consuming to find missing API's.

 

Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted (edited)
On 10/18/2022 at 6:06 AM, schwups said:

I tested all modes an yes profiling in NT and above doesn't work. DW cannot hook modules.

If KernelEx redirects or has stubbed functions only then the original DLL for those functions will not be loaded. If the DLL cannot be loaded and is not an explicit then it will not be included in DW's profile log. DW indeed does not hook some modules with NT40 or above but having DW set to NT or higher mode does not stop the executable loading. The NT40 or above errors are found to be the same when profiling different executables. Here are 2 such errors.
Error writing a breakpoint at the entrypoint return of "c:\me\system\WOW32.DLL".  Entrypoint cannot be hooked. Invalid access to memory location (998).
Loaded "c:\me\system\WOW32.DLL" at address 0xBFDC0000 by thread 1.  Cannot hook module.
Note well that LegacyBaseEnhancements is OK for DW also.

On 10/18/2022 at 6:06 AM, schwups said:

It's just bad having all the red boxes in the List and Tree Views too,

DW indicating the red dependency function is DW doing its job correctly. It is once profiling that KernelEx then is operational and if all is OK there will be no red function call failures.

On 10/18/2022 at 6:06 AM, schwups said:

For example it's very time consuming to find missing API's.

Implicit API function calls and delay loaded calls are displayed just by dragging and dropping the module into DW. https://www.dependencywalker.com/help/html/dependency_types.htm

I find dependency Walker an extraordinary helpful program. For instance when profiling PotPlayer firstly there are no red instances. This is testimony for Jumpers KernelEx; a job well done. There are no failed explicit functions with Desktopdll.dll but if I disable DesktopHook.dll then DW stalls when it goes to load Desktophook.dll. If I make Desktopdll Kexbasen then PotPlayer finishes profiling but Desktopdll is not loaded. If I then make it Kexbases then Desktopdll loads but there was an exception in Kernel32. The next file to show in the DW log was Urlmon after Desktopdll and I had this one disabled. I then made Urlmon Kexbases and there was no exception created in Kernel32 and Urlmon did not show after Desktopdll in DW log.

Edited by Goodmaneuver
Had Implicet confused with explicet
Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted (edited)

In response to previous post. The executables that do not finish profiling like MPC-HC; DW shows that KernelEx stops working because of the Fls and Decode and Encode Pointer function calls are not dealt with. (My fault here as it only occurs on one build and normally not the case). I would say that DW in this case of profiling MPC-HC has pushed the OS to its limit some how. MPC-HC loads many ACM modules.

Edited by Goodmaneuver
Added in brackets
Link to comment
Share on other sites
  • 2 weeks later...
gfernval

gfernval

Posted
Posted

After installing https://www.dadisp.com/files/dsp67e.exe and kernelex 4.5.2019.24 in a Windows 98 SE machine

including the extension items (uncompressed the following files: K452stub.7z, Ktree9.7z, iphlpapi4.7z, Kstub822.zip and copied it to c:\windows\kernelex folder) from page

https://retrosystemsrevival.blogspot.com/2018/05/kernelex-45201617-updates.html and copying windowscodecs.dll to c:\windows\system of

the Windows 98 SE machine (I get windowscodecs.dll by uncompressing wic_x86_enu.exe version 1.0 from https://archive.org/details/wic_x86_enu)

Windows 98 SE shows the following error after running dadispnt.exe:

"D:\dsp67\dadispnt.exe A device attached to the system is not functioning"

and

"The WINDOWSCODECS.DLL file is linked to missing export NTDLL.DLL:RtlSetBits."

How to resolve the dependency? I know nothing about "kexstubs", c:\windows\kernelex contains amongst other files core.ini, kstub822.ini and k452stub.ini,

HKEY_LOCAL_MACHINE\Software\KernelEx\KnownDLLs contains the following lines:

 

MSIMG32 "MSIMG32.DLL"

PDH "PDH.DLL"

PSAPI "PSAPI.DLL"

USERENV "USERENV.DLL"

UXTHEME "UXTHEME.DLL"

WTSAPI23 "WTSAPI32.DLL"

Link to comment
Share on other sites
schwups

schwups

Posted
Posted
On 10/28/2022 at 4:57 PM, gfernval said:

How to resolve the dependency? I know nothing about "kexstubs"

Neither KernelEx 4.5.2 nor core update 25 support RtlSetBits yet. Read and learn how to use Kext (DoItYourself KernelEx Extensions) here.

Kstub.ini:

[ntdll.dll]

RtlSetBits=

Such a simple entry in the Kstub.ini file may or may not work.

Use the ImportPatcher to find missing dependencies.

Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted (edited)
On 11/2/2022 at 10:17 AM, gfernval said:

"The WINDOWSCODECS.DLL file is linked to missing export NTDLL.DLL:RtlSetBits."

There are several of us using Windowscodecs.dll of which I can speak of what I use. RtlSetBits came into being in Windowscodecs about LH5308 so any Windowscodecs up to LH5270 will work. The thing is that it was continually evolving and final versions may be required for some software. A solution is to use ReactOS version of the module of which SumatraPDF requires. ROS 4.2 year 2017 is what I am using and it is equivalent to Vista service pack3.

Edited by Goodmaneuver
Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted (edited)

Note If using Dibya's Exkernel.dll from my instructions, CancelSynchronousIo does not work so do not make a Kstub entry for this. It does work! Machine struggling to load ExKernel at times now I think. Reason to be investigated. Some reasons may be too many files in system directory, registry changes or hardware. CancelSynchronousIo=>Kernel32:CancelIo can be used too. It should not be a problem unless both CancelIo and CancelSynchronousIo are called at the same time and I do not know what happens then as I have not tested.

Edited by Goodmaneuver
Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted (edited)
On 9/27/2022 at 12:57 PM, Goodmaneuver said:

There seems a module total number of active - in RAM API functions limit that can be used in KernelEx and or the OS.

I had an instance of ==> in Kstubs instead of just => and it made a difference but there is still a limit and because it involves a module Jumper has shown discretion about, I think I might have to write about it in a separate topic.

Edited by Goodmaneuver
Was wrong
Link to comment
Share on other sites
Goodmaneuver

Goodmaneuver

Posted
Posted (edited)
On 11/4/2022 at 1:41 PM, Goodmaneuver said:

Machine struggling to load ExKernel at times now I think. Reason to be investigated.

SOLVED! ExKernel was not loading because Kstubs were not loading and there were several reasons. My build recognizes a file name change between uppercase and lowercase names in explorer. There is no need to rename the file with a different character at first. Uppercase and Lowercase is recognized straight away as a different name. I had to make the Kstub.ini name equal the Kstub.dll name exactly matching the case of which I did have but in WinMerge if a slow double chick occurs it makes the name comparison equaling the LHS name being case sensitive and that how the change came into being. The other reason in another build was that I had not sorted alphabetical some of Kstub entries and there were several duplicates and quadruplicates of the same API function.

Edited by Goodmaneuver
Typo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...