jumper Posted February 16, 2013 Author Posted February 16, 2013 By now I have come across a few apps who don't appear to be able to read or write or both. There is implementation of new file I/O APIs in KernelEx as well as fixes for file I/O APIs already present in 98/ME but I think something might still not be complete there. A while back I assembled a set of stub definitions to duplicate the KernelEx functions that are pure stubs (so no lost functionality). I'll package them with a special version of Kstub822 so we can log what functions are being used and might need better definitions or actual implementations.
MiKl Posted February 17, 2013 Posted February 17, 2013 (edited) Using the new 'method 2' OpenOffice 3.2.1 and MediaplayerClassic 6.4.9.1 seem to work fine but now SeaMonkey 2.0.14 crashes immediately when I try to print Update. The new defs seem to work fine but 'something' in the new core.ini seem to cause the crashes !! So I am back using my old core.ini. Edited February 17, 2013 by MiKl
jumper Posted February 18, 2013 Author Posted February 18, 2013 > ...SeaMonkey 2.0.14 crashes immediately when I try to print ...What was in the log file? Perhaps one of the new ActCtx definitions?What modes are you using (with old and new core.ini)? Please try to step through the few core.ini differences and debug this for us.
jds Posted February 18, 2013 Posted February 18, 2013 After much definition testing, I was unable to find one for FindActCtxSectionStringW that would appease Msvcrt90.The ActCtx definitions were introduced way back in post #10 and schwups first reported problems with it in post #15. Joe traced the main problem to FindActCtxSectionStringW in post #25. Clearly including FindActCtxSectionStringW was a big mistake (mine!), as no app is known to need it.Removing FindActCtxSectionStringW, retaining the other new definitions, and adding similar new definitions for the rest of the (non-Find*) ActCtx clan, we get: [Kernel32.dll]ActivateActCtx=o2e0AddRefActCtx=z1CreateActCtxA=p1e0CreateActCtxW=p1e0DeactivateActCtx=o2e0GetCurrentActCtx=f1e ; needs code for successIsolationAwareCleanup=z0 ; for ActCtx/manifestQueryActCtxSettingsW=o7e0QueryActCtxW=o7e0ReleaseActCtx=z1ZombifyActCtx=o1e0 Hi jumper,I can confirm that HoverIP, SAPGUI for Java, Open Office 3.2.1 and Dependency Walker all seem happy with this set of definitions. Joe.
schwups Posted February 18, 2013 Posted February 18, 2013 (edited) 4. SuperAntiSpyware version 4.56 : The folderselection for custom scan now works.I've managed to start version 5.0 with Win 2kSP4 mode (XP mode should do it, too). New entry in stubs.ini: [Netapi32.dll] NetUseEnum=04 > rather guessed not knownFirst start: The folderselection for custom scan works. After the definitions update has finished the system crashed.Improvement with SuperAntiSpyware:I made it to install the latest version 5.6.1014. Kext already supports [secur32.dll] GetUserNameExW=z3e and [Netapi32.dll] NetUseEnum=o7. To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss. SAS (SASCore.exe) doesn't start after the installation. First I have to set 2K or XP mode! This versions starts very fast. Problem with XP mode: Ugly or missing icons and missing fonts on the buttons. It looks good with 2k mode. The updater works, but the window seem to be a little incomplete. Error on start scanning, but it primarily runs by ignoring the message. Abort scanning isn't possible. I successfully scanned Memory, Registry and Cookies. When trying to scan longer and files it seems to hang during scan. And don't click the help button in preferences. The system crashes immediately!All in all, it is not yet stable or really usable. Edited February 18, 2013 by schwups
jumper Posted February 18, 2013 Author Posted February 18, 2013 > To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss. Check the log. If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.
schwups Posted February 19, 2013 Posted February 19, 2013 > To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss. Check the log. If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.RegOpenUserClassesRoot isn't called anymore.
schwups Posted February 19, 2013 Posted February 19, 2013 Investigation of Opera 12.5 and 12.12 - perhaps useful I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first. Listed functions of the ImportPatcher - Opera version 12.12:[importPatcher.37];Edit parameters and replacement strings, then Retry or run again to patch. <=[Parameters]Test by loading=YWalk dependencies=YLink to copies=NUnbind broken bindings=NOS Subsystem Version Ceiling=4.90[DLL replacements][GDI32.dll]GdiGradientFill=GdiDrawStream=ClearBitmapAttributes=[ntdll.dll]NtConnectPort=NtRequestWaitReplyPort=RtlUnhandledExceptionFilter=RtlCreateUserThread=NtQueryInformationProcess=NtOpenFile=RtlTimeToTimeFields=RtlQueryEnvironmentVariable_U=NtMapViewOfSection=NtCreateSection=NtQueryInformationFile=NtUnmapViewOfSection=NtProtectVirtualMemory=NtFreeVirtualMemory=NtQuerySystemInformation=NtQueryVirtualMemory=RtlxAnsiStringToUnicodeSize=NlsMbCodePageTag=RtlInitString=RtlDoesFileExists_U=RtlGetFullPathName_U=RtlUnicodeStringToInteger=NtWriteFile=NtQueryAttributesFile=RtlGetVersion=NtSetInformationFile=strpbrk=strspn=NtQueryDirectoryFile=RtlGUIDFromString=NtEnumerateValueKey=NtQueryKey=NtCreateKey=NtSetValueKey=NtSetInformationKey=NtDeleteKey=NtDeleteValueKey=_wcsnicmp=wcsspn=strncpy=atol=isdigit=wcscmp=RtlSecondsSince1970ToTime=RtlUpcaseUnicodeChar=RtlUpcaseUnicodeString=RtlCopyUnicodeString=RtlUpcaseUnicodeToMultiByteN=LdrAccessResource=LdrFindResource_U=wcsncpy=RtlFormatCurrentUserKeyPath=RtlAppendUnicodeStringToString=RtlAppendUnicodeToString=_alloca_probe=_chkstk=_snwprintf=swprintf=RtlDuplicateUnicodeString=LdrGetDllHandle=RtlDosPathNameToNtPathName_U=RtlpEnsureBufferSize=RtlNtPathNameToDosPathName=RtlStringFromGUID=RtlExpandEnvironmentStrings_U=NtOpenKey=NtQueryValueKey=NtClose=RtlFreeAnsiString=qsort=[uSER32.dll]RegisterUserApiHook=UnregisterUserApiHook=IsServerSideWindow=PaintMenuBar=CalcMenuBar=IsWindowInDestroy=GetWindowRgnBox=[Patches needed]UxTheme.dll=Functions, UnbindappHelp.dll=Functions, UnbindSHLWAPI.dll=DLLsopera.dll=Subsystem, DLLs[KERNEL32.dll]BaseDumpAppcompatCache=BaseFlushAppcompatCache=BaseCheckAppcompatCache=BaseUpdateAppcompatCache=First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?" 1. The setup of version 12.12 1707 The setup exit silently.2. Try to start 12.12 / 12.10 (runs in the backround only)3. Attempt start and run 12.5 1546 (first version with the internal communications error)In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.The Explorer don't like "NtOpenKey=?"!
jumper Posted February 19, 2013 Author Posted February 19, 2013 (edited) According to MSDN - RegOpenUserClassesRoot function (Windows), these definitions should all work well: [Advapi32.dll]RegOpenUserClassesRoot=r120s4RegOpenUserClassesRoot=t4RegOpenUserClassesRoot=o4 The 'e0' isn't needed as the LastError isn't set."r120s4" would provide the best desciption of the failure. Edited February 19, 2013 by jumper
loblo Posted February 19, 2013 Posted February 19, 2013 (edited) Investigation of Opera 12.5 and 12.12 - perhaps useful I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first. Listed functions of the ImportPatcher - Opera version 12.12:[importPatcher.37];Edit parameters and replacement strings, then Retry or run again to patch. <=[Parameters]Test by loading=YWalk dependencies=YLink to copies=NUnbind broken bindings=NOS Subsystem Version Ceiling=4.90[DLL replacements][GDI32.dll]GdiGradientFill=GdiDrawStream=ClearBitmapAttributes=[ntdll.dll]NtConnectPort=NtRequestWaitReplyPort=RtlUnhandledExceptionFilter=RtlCreateUserThread=NtQueryInformationProcess=NtOpenFile=RtlTimeToTimeFields=RtlQueryEnvironmentVariable_U=NtMapViewOfSection=NtCreateSection=NtQueryInformationFile=NtUnmapViewOfSection=NtProtectVirtualMemory=NtFreeVirtualMemory=NtQuerySystemInformation=NtQueryVirtualMemory=RtlxAnsiStringToUnicodeSize=NlsMbCodePageTag=RtlInitString=RtlDoesFileExists_U=RtlGetFullPathName_U=RtlUnicodeStringToInteger=NtWriteFile=NtQueryAttributesFile=RtlGetVersion=NtSetInformationFile=strpbrk=strspn=NtQueryDirectoryFile=RtlGUIDFromString=NtEnumerateValueKey=NtQueryKey=NtCreateKey=NtSetValueKey=NtSetInformationKey=NtDeleteKey=NtDeleteValueKey=_wcsnicmp=wcsspn=strncpy=atol=isdigit=wcscmp=RtlSecondsSince1970ToTime=RtlUpcaseUnicodeChar=RtlUpcaseUnicodeString=RtlCopyUnicodeString=RtlUpcaseUnicodeToMultiByteN=LdrAccessResource=LdrFindResource_U=wcsncpy=RtlFormatCurrentUserKeyPath=RtlAppendUnicodeStringToString=RtlAppendUnicodeToString=_alloca_probe=_chkstk=_snwprintf=swprintf=RtlDuplicateUnicodeString=LdrGetDllHandle=RtlDosPathNameToNtPathName_U=RtlpEnsureBufferSize=RtlNtPathNameToDosPathName=RtlStringFromGUID=RtlExpandEnvironmentStrings_U=NtOpenKey=NtQueryValueKey=NtClose=RtlFreeAnsiString=qsort=[uSER32.dll]RegisterUserApiHook=UnregisterUserApiHook=IsServerSideWindow=PaintMenuBar=CalcMenuBar=IsWindowInDestroy=GetWindowRgnBox=[Patches needed]UxTheme.dll=Functions, UnbindappHelp.dll=Functions, UnbindSHLWAPI.dll=DLLsopera.dll=Subsystem, DLLs[KERNEL32.dll]BaseDumpAppcompatCache=BaseFlushAppcompatCache=BaseCheckAppcompatCache=BaseUpdateAppcompatCache=First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?" 1. The setup of version 12.12 1707 The setup exit silently.2. Try to start 12.12 / 12.10 (runs in the backround only)3. Attempt start and run 12.5 1546 (first version with the internal communications error)In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.The Explorer don't like "NtOpenKey=?"! I tried running current Opera 12.14 yesterday with iphlpapi4 and it almost starts, it creates a bunch of files in the appdata folder as it should, connects with Opera website and exchanges a bit of data with it and then an error message pops that says: 'Autoupdate' failed init: -2When I click OK, Opera exits without having initialized a GUI.I also tried with a dummy iphlpapi I made and the same happens except that Opera crashes before I have the time to click OK on the error dialog.I get the same results as with iphlpapi4 by using kexstub ini like that:[iphlpapi.dll]CancelIPChangeNotify=GetAdaptersAddresses=t5e0Other values also work but I don't remember which now and other crash Opera as with the dummy iphlpapi.Opera's going to change a lot dependencywise I guess btw as it's going to be using chrome as its rendering engine in the near future. (from bad to worse) Edit: There doesn't appear to be a plugin wrapper executable either in this version btw. Edited February 19, 2013 by loblo
jumper Posted February 20, 2013 Author Posted February 20, 2013 Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty. Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=Configuration: stable Kstub822 - *ActCtx* functions commented outSupplement:The ImportPatcher generats this ini µTorren#3.0.0 26473.zip file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.The difference:[ntdll.dll]NtStopProfile=RtlUnicodeToOemN=_chkstk=RtlAdjustPrivilege=NtSetIntervalProfile=NtStartProfile=NtSetInformationProcess=[Patches needed]PSAPI.DLL=Functions, UnbindThis appears to be a debug build (_chkstk and profiling apis). Perhaps it's a beta???
jumper Posted February 20, 2013 Author Posted February 20, 2013 I confirm that iphlpapi4 doesn't work with the Windows Me version of iphlpapi.I have now replaced the ME version (4.90.3000) in the sysdir with the 98SE one (5.0.1717.2) and it works OK which is cool. Successfully tested with the program Zulu btw: http://www.nch.com.au/dj/index.htmlAccording to Depends, 98SE contain the following 86 exports in Iphlpapi.dll:AddIPAddressAllocateAndGetArpEntTableFromStackAllocateAndGetIfTableFromStackAllocateAndGetIpAddrTableFromStackAllocateAndGetIpForwardTableFromStackAllocateAndGetIpNetTableFromStackAllocateAndGetTcpTableFromStackAllocateAndGetUdpTableFromStackCreateIpForwardEntryCreateIpNetEntryCreateProxyArpEntryDeleteIPAddressDeleteIpForwardEntryDeleteIpNetEntryDeleteProxyArpEntryGetAdapterIndexGetAdaptersInfoGetBestInterfaceGetBestInterfaceFromStackGetBestRouteGetBestRouteFromStackGetFriendlyIfIndexGetIcmpStatisticsGetIcmpStatsFromStackGetIfEntryGetIfEntryFromStackGetIfTableGetIfTableFromStackGetInterfaceInfoGetIpAddrTableGetIpAddrTableFromStackGetIpForwardTableGetIpForwardTableFromStackGetIpNetTableGetIpNetTableFromStackGetIpStatisticsGetIpStatsFromStackGetNetworkParamsGetNumberOfInterfacesGetRTTAndHopCountGetTcpStatisticsGetTcpStatsFromStackGetTcpTableGetTcpTableFromStackGetUdpStatisticsGetUdpStatsFromStackGetUdpTableGetUdpTableFromStackGetUniDirectionalAdapterInfoInternalCreateIpForwardEntryInternalCreateIpNetEntryInternalDeleteIpForwardEntryInternalDeleteIpNetEntryInternalGetIfTableInternalGetIpAddrTableInternalGetIpForwardTableInternalGetIpNetTableInternalGetTcpTableInternalGetUdpTableInternalSetIfEntryInternalSetIpForwardEntryInternalSetIpNetEntryInternalSetIpStatsInternalSetTcpEntryIpHlpDllEntryIpReleaseAddressIpRenewAddressIsLocalAddressNotifyAddrChangeNotifyRouteChangeNTPTimeToNTFileTimeNTTimeToNTPTimeSendARPSetIfEntrySetIfEntryToStackSetIpForwardEntrySetIpForwardEntryToStackSetIpNetEntrySetIpNetEntryToStackSetIpRouteEntryToStackSetIpStatisticsSetIpStatsToStackSetIpTTLSetProxyArpEntryToStackSetTcpEntrySetTcpEntryToStackWhat's the count and list for the ME version? I should be able to make the wrapper compatible with both.
jds Posted February 20, 2013 Posted February 20, 2013 (edited) I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! Hi jumper,I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :[KERNEL32.DLL]"FlsAlloc""FlsGetValue""FlsSetValue""FlsFree""SetProcessDEPPolicy""LocaleNameToLCID""LCIDToLocaleName"[OLE32.DLL]"DcomChannelSetHResult""CoGetClassInfo""CLSIDFromProgIDEx"[USER32.DLL]"SetProcessDPIAware""GetGestureInfo""CloseGestureInfoHandle""GetGestureExtraArgs""SetGestureConfig""GetGestureConfig"[NTDLL.DLL]"LdrUnloadDll""LdrLoadDll"[MSVCRT.DLL]"_get_terminate"[SHELL32.DLL]"SHGetKnownFolderPath"[GDI32.DLL]"GdiRealizationInfo""FontIsLinked"[USERENV.DLL]"EnterCriticalPolicySection""LeaveCriticalPolicySection"The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.Joe.Edit 1 : Deleted some functions that shouldn't have been listed.Edit 2 : Added 'userenv.dll' functions. Edited March 2, 2013 by jds
schwups Posted February 20, 2013 Posted February 20, 2013 I've two versions of IPHlpApi.dll (4.90.3000 47KB and 4.90.3001 39KB), but the Dependency Walker lists for both the same 117 functions in the export list.AddIPAddressAllocateAndGetArpEntTableFromStackAllocateAndGetIfTableFromStackAllocateAndGetIpAddrTableFromStackAllocateAndGetIpForwardTableFromStackAllocateAndGetIpNetTableFromStackAllocateAndGetTcpTableFromStackAllocateAndGetUdpTableFromStackCreateIpForwardEntryCreateIpNetEntryCreateProxyArpEntryDeleteIPAddressDeleteIpForwardEntryDeleteIpNetEntryDeleteProxyArpEntryEnableRouterFlushIpNetTableFlushIpNetTableFromStackGetAdapterIndexGetAdapterOrderMapGetAdaptersInfoGetBestInterfaceGetBestInterfaceFromStackGetBestRouteGetBestRouteFromStackGetFriendlyIfIndexGetIcmpStatisticsGetIcmpStatsFromStackGetIfEntryGetIfEntryFromStackGetIfTableGetIfTableFromStackGetIgmpListGetInterfaceInfoGetIpAddrTableGetIpAddrTableFromStackGetIpForwardTableGetIpForwardTableFromStackGetIpNetTableGetIpNetTableFromStackGetIpStatisticsGetIpStatsFromStackGetNetworkParamsGetNumberOfInterfacesGetPerAdapterInfoGetRTTAndHopCountGetTcpStatisticsGetTcpStatsFromStackGetTcpTableGetTcpTableFromStackGetUdpStatisticsGetUdpStatsFromStackGetUdpTableGetUdpTableFromStackGetUniDirectionalAdapterInfoInternalCreateIpForwardEntryInternalCreateIpNetEntryInternalDeleteIpForwardEntryInternalDeleteIpNetEntryInternalGetIfTableInternalGetIpAddrTableInternalGetIpForwardTableInternalGetIpNetTableInternalGetTcpTableInternalGetUdpTableInternalSetIfEntryInternalSetIpForwardEntryInternalSetIpNetEntryInternalSetIpStatsInternalSetTcpEntryIpReleaseAddressIpRenewAddressIsLocalAddressNTPTimeToNTFileTimeNTTimeToNTPTimeNhGetGuidFromInterfaceNameNhGetInterfaceNameFromGuidNhpAllocateAndGetInterfaceInfoFromStackNhpGetInterfaceIndexFromStackNotifyAddrChangeNotifyRouteChangeNotifyRouteChangeEx_PfAddFiltersToInterface@24_PfAddGlobalFilterToInterface@8_PfBindInterfaceToIPAddress@12_PfBindInterfaceToIndex@16_PfCreateInterface@24_PfDeleteInterface@4_PfDeleteLog@0_PfGetInterfaceStatistics@16_PfMakeLog@4_PfRebindFilters@8_PfRemoveFilterHandles@12_PfRemoveFiltersFromInterface@20_PfRemoveGlobalFilterFromInterface@8_PfSetLogBuffer@28_PfTestPacket@20_PfUnBindInterface@4SendARPSetAdapterIpAddressSetBlockRoutesSetIfEntrySetIfEntryToStackSetIpForwardEntrySetIpForwardEntryToStackSetIpMultihopRouteEntryToStackSetIpNetEntrySetIpNetEntryToStackSetIpRouteEntryToStackSetIpStatisticsSetIpStatsToStackSetIpTTLSetProxyArpEntryToStackSetRouteWithRefSetTcpEntrySetTcpEntryToStackUnenableRouterI wasn't aware that Xeno86 set the KernelEX mode by default for the dll to disabled.
loblo Posted February 20, 2013 Posted February 20, 2013 I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! Hi jumper,I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :[KERNEL32.DLL]"FlsAlloc""FlsGetValue""FlsSetValue""FlsFree""GetUserDefaultUILanguage""GetModuleHandleExA""VerSetConditionMask""VerifyVersionInfoA""DecodePointer""EncodePointer""SetProcessDEPPolicy""LocaleNameToLCID""LCIDToLocaleName"[OLE32.DLL]"DcomChannelSetHResult""CoGetClassInfo""CLSIDFromProgIDEx""DcomChannelSetHResult"[USER32.DLL]"AllowSetForegroundWindow""SetProcessDPIAware""GetGestureInfo""CloseGestureInfoHandle""GetGestureExtraArgs""SetGestureConfig""GetGestureConfig"[NTDLL.DLL]"LdrUnloadDll""LdrLoadDll"[MSVCRT.DLL]"_get_terminate"[SHELL32.DLL]"SHGetKnownFolderPath"[GDI32.DLL]"GdiRealizationInfo""FontIsLinked"The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.Joe.You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now