Jump to content

Recommended Posts

Posted

By now I have come across a few apps who don't appear to be able to read or write or both. There is implementation of new file I/O APIs in KernelEx as well as fixes for file I/O APIs already present in 98/ME but I think something might still not be complete there.

A while back I assembled a set of stub definitions to duplicate the KernelEx functions that are pure stubs (so no lost functionality). I'll package them with a special version of Kstub822 so we can log what functions are being used and might need better definitions or actual implementations.


Posted (edited)

Using the new 'method 2' OpenOffice 3.2.1 and MediaplayerClassic 6.4.9.1 seem to work fine but now SeaMonkey 2.0.14 crashes immediately when I try to print :wacko:

Update. The new defs seem to work fine but 'something' in the new core.ini seem to cause the crashes !! So I am back using my old core.ini.

Edited by MiKl
Posted

> ...SeaMonkey 2.0.14 crashes immediately when I try to print ...

What was in the log file? Perhaps one of the new ActCtx definitions?

What modes are you using (with old and new core.ini)? Please try to step through the few core.ini differences and debug this for us.

Posted

After much definition testing, I was unable to find one for FindActCtxSectionStringW that would appease Msvcrt90.

The ActCtx definitions were introduced way back in post #10 and schwups first reported problems with it in post #15. Joe traced the main problem to FindActCtxSectionStringW in post #25. Clearly including FindActCtxSectionStringW was a big mistake (mine!), as no app is known to need it.

Removing FindActCtxSectionStringW, retaining the other new definitions, and adding similar new definitions for the rest of the (non-Find*) ActCtx clan, we get:


[Kernel32.dll]
ActivateActCtx=o2e0
AddRefActCtx=z1
CreateActCtxA=p1e0
CreateActCtxW=p1e0
DeactivateActCtx=o2e0
GetCurrentActCtx=f1e ; needs code for success
IsolationAwareCleanup=z0 ; for ActCtx/manifest
QueryActCtxSettingsW=o7e0
QueryActCtxW=o7e0
ReleaseActCtx=z1
ZombifyActCtx=o1e0

Hi jumper,

I can confirm that HoverIP, SAPGUI for Java, Open Office 3.2.1 and Dependency Walker all seem happy with this set of definitions. :)

Joe.

Posted (edited)

4. SuperAntiSpyware version 4.56 : The folderselection for custom scan now works.

I've managed to start version 5.0 with Win 2kSP4 mode (XP mode should do it, too). New entry in stubs.ini: [Netapi32.dll] NetUseEnum=04 > rather guessed not known

First start: The folderselection for custom scan works. After the definitions update has finished the system crashed.

Improvement with SuperAntiSpyware:

I made it to install the latest version 5.6.1014. Kext already supports [secur32.dll] GetUserNameExW=z3e and [Netapi32.dll] NetUseEnum=o7. To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss. SAS (SASCore.exe) doesn't start after the installation. First I have to set 2K or XP mode! This versions starts very fast. Problem with XP mode: Ugly or missing icons and missing fonts on the buttons. It looks good with 2k mode. The updater works, but the window seem to be a little incomplete. Error on start scanning, but it primarily runs by ignoring the message. Abort scanning isn't possible. I successfully scanned Memory, Registry and Cookies. When trying to scan longer and files it seems to hang during scan. And don't click the help button in preferences. The system crashes immediately!

All in all, it is not yet stable or really usable.

Edited by schwups
Posted

> To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss.

Check the log. If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.

Posted

> To run the setup I added [Advapi32.dll] RegOpenUserClassesRoot=o4e0 - (4 is # of WINAPI parameters, e0 is error success). It works, but I'm not sure with the value codes. "o" by hit or miss.

Check the log.  If RegOpenUserClassesRoot is not there, then the definition doesn't matter; it is only needed to satistfy the loader. If it is being called, a better definition or implementatation might improve the quality of the install and help the app run better.

RegOpenUserClassesRoot isn't called anymore. 

Posted

Investigation of Opera 12.5 and 12.12 - perhaps useful  :)

I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first. 

Listed functions of the ImportPatcher - Opera version 12.12:

[importPatcher.37]

;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]

Test by loading=Y

Walk dependencies=Y

Link to copies=N

Unbind broken bindings=N

OS Subsystem Version Ceiling=4.90

[DLL replacements]

[GDI32.dll]

GdiGradientFill=

GdiDrawStream=

ClearBitmapAttributes=

[ntdll.dll]

NtConnectPort=

NtRequestWaitReplyPort=

RtlUnhandledExceptionFilter=

RtlCreateUserThread=

NtQueryInformationProcess=

NtOpenFile=

RtlTimeToTimeFields=

RtlQueryEnvironmentVariable_U=

NtMapViewOfSection=

NtCreateSection=

NtQueryInformationFile=

NtUnmapViewOfSection=

NtProtectVirtualMemory=

NtFreeVirtualMemory=

NtQuerySystemInformation=

NtQueryVirtualMemory=

RtlxAnsiStringToUnicodeSize=

NlsMbCodePageTag=

RtlInitString=

RtlDoesFileExists_U=

RtlGetFullPathName_U=

RtlUnicodeStringToInteger=

NtWriteFile=

NtQueryAttributesFile=

RtlGetVersion=

NtSetInformationFile=

strpbrk=

strspn=

NtQueryDirectoryFile=

RtlGUIDFromString=

NtEnumerateValueKey=

NtQueryKey=

NtCreateKey=

NtSetValueKey=

NtSetInformationKey=

NtDeleteKey=

NtDeleteValueKey=

_wcsnicmp=

wcsspn=

strncpy=

atol=

isdigit=

wcscmp=

RtlSecondsSince1970ToTime=

RtlUpcaseUnicodeChar=

RtlUpcaseUnicodeString=

RtlCopyUnicodeString=

RtlUpcaseUnicodeToMultiByteN=

LdrAccessResource=

LdrFindResource_U=

wcsncpy=

RtlFormatCurrentUserKeyPath=

RtlAppendUnicodeStringToString=

RtlAppendUnicodeToString=

_alloca_probe=

_chkstk=

_snwprintf=

swprintf=

RtlDuplicateUnicodeString=

LdrGetDllHandle=

RtlDosPathNameToNtPathName_U=

RtlpEnsureBufferSize=

RtlNtPathNameToDosPathName=

RtlStringFromGUID=

RtlExpandEnvironmentStrings_U=

NtOpenKey=

NtQueryValueKey=

NtClose=

RtlFreeAnsiString=

qsort=

[uSER32.dll]

RegisterUserApiHook=

UnregisterUserApiHook=

IsServerSideWindow=

PaintMenuBar=

CalcMenuBar=

IsWindowInDestroy=

GetWindowRgnBox=

[Patches needed]

UxTheme.dll=Functions, Unbind

appHelp.dll=Functions, Unbind

SHLWAPI.dll=DLLs

opera.dll=Subsystem, DLLs

[KERNEL32.dll]

BaseDumpAppcompatCache=

BaseFlushAppcompatCache=

BaseCheckAppcompatCache=

BaseUpdateAppcompatCache=

First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?"

1. The setup of version 12.12 1707

The setup exit silently.

2. Try to start 12.12 / 12.10 (runs in the backround only)

3. Attempt start and run 12.5 1546 (first version with the internal communications error)

In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.

The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.

The Explorer don't like "NtOpenKey=?"!  :thumbdown

Posted (edited)

Investigation of Opera 12.5 and 12.12 - perhaps useful :)

I added all the mssing api's with a Question mark, listed of the ImportPatcher, to the Kstub822.ini to see which are called (prompted by Kext) first.

Listed functions of the ImportPatcher - Opera version 12.12:

[importPatcher.37]

;Edit parameters and replacement strings, then Retry or run again to patch. <=

[Parameters]

Test by loading=Y

Walk dependencies=Y

Link to copies=N

Unbind broken bindings=N

OS Subsystem Version Ceiling=4.90

[DLL replacements]

[GDI32.dll]

GdiGradientFill=

GdiDrawStream=

ClearBitmapAttributes=

[ntdll.dll]

NtConnectPort=

NtRequestWaitReplyPort=

RtlUnhandledExceptionFilter=

RtlCreateUserThread=

NtQueryInformationProcess=

NtOpenFile=

RtlTimeToTimeFields=

RtlQueryEnvironmentVariable_U=

NtMapViewOfSection=

NtCreateSection=

NtQueryInformationFile=

NtUnmapViewOfSection=

NtProtectVirtualMemory=

NtFreeVirtualMemory=

NtQuerySystemInformation=

NtQueryVirtualMemory=

RtlxAnsiStringToUnicodeSize=

NlsMbCodePageTag=

RtlInitString=

RtlDoesFileExists_U=

RtlGetFullPathName_U=

RtlUnicodeStringToInteger=

NtWriteFile=

NtQueryAttributesFile=

RtlGetVersion=

NtSetInformationFile=

strpbrk=

strspn=

NtQueryDirectoryFile=

RtlGUIDFromString=

NtEnumerateValueKey=

NtQueryKey=

NtCreateKey=

NtSetValueKey=

NtSetInformationKey=

NtDeleteKey=

NtDeleteValueKey=

_wcsnicmp=

wcsspn=

strncpy=

atol=

isdigit=

wcscmp=

RtlSecondsSince1970ToTime=

RtlUpcaseUnicodeChar=

RtlUpcaseUnicodeString=

RtlCopyUnicodeString=

RtlUpcaseUnicodeToMultiByteN=

LdrAccessResource=

LdrFindResource_U=

wcsncpy=

RtlFormatCurrentUserKeyPath=

RtlAppendUnicodeStringToString=

RtlAppendUnicodeToString=

_alloca_probe=

_chkstk=

_snwprintf=

swprintf=

RtlDuplicateUnicodeString=

LdrGetDllHandle=

RtlDosPathNameToNtPathName_U=

RtlpEnsureBufferSize=

RtlNtPathNameToDosPathName=

RtlStringFromGUID=

RtlExpandEnvironmentStrings_U=

NtOpenKey=

NtQueryValueKey=

NtClose=

RtlFreeAnsiString=

qsort=

[uSER32.dll]

RegisterUserApiHook=

UnregisterUserApiHook=

IsServerSideWindow=

PaintMenuBar=

CalcMenuBar=

IsWindowInDestroy=

GetWindowRgnBox=

[Patches needed]

UxTheme.dll=Functions, Unbind

appHelp.dll=Functions, Unbind

SHLWAPI.dll=DLLs

opera.dll=Subsystem, DLLs

[KERNEL32.dll]

BaseDumpAppcompatCache=

BaseFlushAppcompatCache=

BaseCheckAppcompatCache=

BaseUpdateAppcompatCache=

First Opera calls "NTDLL.DLL:NtQuerySystemInformation=?". If "NtOpenKey=?" is commented out it calls "NTDLL.DLL:NtQueryKey=?"

1. The setup of version 12.12 1707

The setup exit silently.

2. Try to start 12.12 / 12.10 (runs in the backround only)

3. Attempt start and run 12.5 1546 (first version with the internal communications error)

In all cases in the log file is listed "=Iphlpapi.dll:GetAdaptersAddresses=t5=", too.

The snapshot 12.5 1538 is the latest that works of course without the pluginwrapper.

The Explorer don't like "NtOpenKey=?"! :thumbdown

I tried running current Opera 12.14 yesterday with iphlpapi4 and it almost starts, it creates a bunch of files in the appdata folder as it should, connects with Opera website and exchanges a bit of data with it and then an error message pops that says:

'Autoupdate' failed init: -2

When I click OK, Opera exits without having initialized a GUI.

I also tried with a dummy iphlpapi I made and the same happens except that Opera crashes before I have the time to click OK on the error dialog.

I get the same results as with iphlpapi4 by using kexstub ini like that:

[iphlpapi.dll]

CancelIPChangeNotify=

GetAdaptersAddresses=t5e0

Other values also work but I don't remember which now and other crash Opera as with the dummy iphlpapi.

Opera's going to change a lot dependencywise I guess btw as it's going to be using chrome as its rendering engine in the near future. (from bad to worse) :}

Edit: There doesn't appear to be a plugin wrapper executable either in this version btw.

Edited by loblo
Posted

Running µTorrent 3.0: Main Problem: The downloads aren't saved - The download folder remains empty.

Kstub822.log: NTdll.dll:NTAllocateVirtualMemory=t6=

Configuration: stable Kstub822 - *ActCtx* functions commented out

Supplement:

The ImportPatcher generats this ini µTorren#3.0.0 26473.zip file of µTorrent 3.0 exe. It lists many missing functions, but in comparison to the generated file of version 2.0.4 (stable with KernelEX) there are only seven functions more.

The difference:

[ntdll.dll]

NtStopProfile=

RtlUnicodeToOemN=

_chkstk=

RtlAdjustPrivilege=

NtSetIntervalProfile=

NtStartProfile=

NtSetInformationProcess=

[Patches needed]

PSAPI.DLL=Functions, Unbind

This appears to be a debug build (_chkstk and profiling apis). Perhaps it's a beta???

Posted

I confirm that iphlpapi4 doesn't work with the Windows Me version of iphlpapi.

I have now replaced the ME version (4.90.3000) in the sysdir with the 98SE one (5.0.1717.2) and it works OK which is cool. :thumbup

Successfully tested with the program Zulu btw: http://www.nch.com.au/dj/index.html

According to Depends, 98SE contain the following 86 exports in Iphlpapi.dll:

AddIPAddress

AllocateAndGetArpEntTableFromStack

AllocateAndGetIfTableFromStack

AllocateAndGetIpAddrTableFromStack

AllocateAndGetIpForwardTableFromStack

AllocateAndGetIpNetTableFromStack

AllocateAndGetTcpTableFromStack

AllocateAndGetUdpTableFromStack

CreateIpForwardEntry

CreateIpNetEntry

CreateProxyArpEntry

DeleteIPAddress

DeleteIpForwardEntry

DeleteIpNetEntry

DeleteProxyArpEntry

GetAdapterIndex

GetAdaptersInfo

GetBestInterface

GetBestInterfaceFromStack

GetBestRoute

GetBestRouteFromStack

GetFriendlyIfIndex

GetIcmpStatistics

GetIcmpStatsFromStack

GetIfEntry

GetIfEntryFromStack

GetIfTable

GetIfTableFromStack

GetInterfaceInfo

GetIpAddrTable

GetIpAddrTableFromStack

GetIpForwardTable

GetIpForwardTableFromStack

GetIpNetTable

GetIpNetTableFromStack

GetIpStatistics

GetIpStatsFromStack

GetNetworkParams

GetNumberOfInterfaces

GetRTTAndHopCount

GetTcpStatistics

GetTcpStatsFromStack

GetTcpTable

GetTcpTableFromStack

GetUdpStatistics

GetUdpStatsFromStack

GetUdpTable

GetUdpTableFromStack

GetUniDirectionalAdapterInfo

InternalCreateIpForwardEntry

InternalCreateIpNetEntry

InternalDeleteIpForwardEntry

InternalDeleteIpNetEntry

InternalGetIfTable

InternalGetIpAddrTable

InternalGetIpForwardTable

InternalGetIpNetTable

InternalGetTcpTable

InternalGetUdpTable

InternalSetIfEntry

InternalSetIpForwardEntry

InternalSetIpNetEntry

InternalSetIpStats

InternalSetTcpEntry

IpHlpDllEntry

IpReleaseAddress

IpRenewAddress

IsLocalAddress

NotifyAddrChange

NotifyRouteChange

NTPTimeToNTFileTime

NTTimeToNTPTime

SendARP

SetIfEntry

SetIfEntryToStack

SetIpForwardEntry

SetIpForwardEntryToStack

SetIpNetEntry

SetIpNetEntryToStack

SetIpRouteEntryToStack

SetIpStatistics

SetIpStatsToStack

SetIpTTL

SetProxyArpEntryToStack

SetTcpEntry

SetTcpEntryToStack

What's the count and list for the ME version? I should be able to make the wrapper compatible with both.

Posted (edited)

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! :yes:

Hi jumper,

I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :


[KERNEL32.DLL]
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
"SetProcessDEPPolicy"
"LocaleNameToLCID"
"LCIDToLocaleName"

[OLE32.DLL]
"DcomChannelSetHResult"
"CoGetClassInfo"
"CLSIDFromProgIDEx"

[USER32.DLL]
"SetProcessDPIAware"
"GetGestureInfo"
"CloseGestureInfoHandle"
"GetGestureExtraArgs"
"SetGestureConfig"
"GetGestureConfig"

[NTDLL.DLL]
"LdrUnloadDll"
"LdrLoadDll"

[MSVCRT.DLL]
"_get_terminate"

[SHELL32.DLL]
"SHGetKnownFolderPath"

[GDI32.DLL]
"GdiRealizationInfo"
"FontIsLinked"

[USERENV.DLL]
"EnterCriticalPolicySection"
"LeaveCriticalPolicySection"

The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.

Joe.

Edit 1 : Deleted some functions that shouldn't have been listed.

Edit 2 : Added 'userenv.dll' functions.

Edited by jds
Posted

I've two versions of IPHlpApi.dll (4.90.3000 47KB and 4.90.3001 39KB), but the Dependency Walker lists for both the same 117 functions in the export list.

AddIPAddress

AllocateAndGetArpEntTableFromStack

AllocateAndGetIfTableFromStack

AllocateAndGetIpAddrTableFromStack

AllocateAndGetIpForwardTableFromStack

AllocateAndGetIpNetTableFromStack

AllocateAndGetTcpTableFromStack

AllocateAndGetUdpTableFromStack

CreateIpForwardEntry

CreateIpNetEntry

CreateProxyArpEntry

DeleteIPAddress

DeleteIpForwardEntry

DeleteIpNetEntry

DeleteProxyArpEntry

EnableRouter

FlushIpNetTable

FlushIpNetTableFromStack

GetAdapterIndex

GetAdapterOrderMap

GetAdaptersInfo

GetBestInterface

GetBestInterfaceFromStack

GetBestRoute

GetBestRouteFromStack

GetFriendlyIfIndex

GetIcmpStatistics

GetIcmpStatsFromStack

GetIfEntry

GetIfEntryFromStack

GetIfTable

GetIfTableFromStack

GetIgmpList

GetInterfaceInfo

GetIpAddrTable

GetIpAddrTableFromStack

GetIpForwardTable

GetIpForwardTableFromStack

GetIpNetTable

GetIpNetTableFromStack

GetIpStatistics

GetIpStatsFromStack

GetNetworkParams

GetNumberOfInterfaces

GetPerAdapterInfo

GetRTTAndHopCount

GetTcpStatistics

GetTcpStatsFromStack

GetTcpTable

GetTcpTableFromStack

GetUdpStatistics

GetUdpStatsFromStack

GetUdpTable

GetUdpTableFromStack

GetUniDirectionalAdapterInfo

InternalCreateIpForwardEntry

InternalCreateIpNetEntry

InternalDeleteIpForwardEntry

InternalDeleteIpNetEntry

InternalGetIfTable

InternalGetIpAddrTable

InternalGetIpForwardTable

InternalGetIpNetTable

InternalGetTcpTable

InternalGetUdpTable

InternalSetIfEntry

InternalSetIpForwardEntry

InternalSetIpNetEntry

InternalSetIpStats

InternalSetTcpEntry

IpReleaseAddress

IpRenewAddress

IsLocalAddress

NTPTimeToNTFileTime

NTTimeToNTPTime

NhGetGuidFromInterfaceName

NhGetInterfaceNameFromGuid

NhpAllocateAndGetInterfaceInfoFromStack

NhpGetInterfaceIndexFromStack

NotifyAddrChange

NotifyRouteChange

NotifyRouteChangeEx

_PfAddFiltersToInterface@24

_PfAddGlobalFilterToInterface@8

_PfBindInterfaceToIPAddress@12

_PfBindInterfaceToIndex@16

_PfCreateInterface@24

_PfDeleteInterface@4

_PfDeleteLog@0

_PfGetInterfaceStatistics@16

_PfMakeLog@4

_PfRebindFilters@8

_PfRemoveFilterHandles@12

_PfRemoveFiltersFromInterface@20

_PfRemoveGlobalFilterFromInterface@8

_PfSetLogBuffer@28

_PfTestPacket@20

_PfUnBindInterface@4

SendARP

SetAdapterIpAddress

SetBlockRoutes

SetIfEntry

SetIfEntryToStack

SetIpForwardEntry

SetIpForwardEntryToStack

SetIpMultihopRouteEntryToStack

SetIpNetEntry

SetIpNetEntryToStack

SetIpRouteEntryToStack

SetIpStatistics

SetIpStatsToStack

SetIpTTL

SetProxyArpEntryToStack

SetRouteWithRef

SetTcpEntry

SetTcpEntryToStack

UnenableRouter

I wasn't aware that Xeno86 set  the KernelEX mode by default for the dll to disabled. :blink: 

Posted

I'm hoping to assemble this week a release package for Kexstubs that will be easy to install. I'll be reviewing Kstub822.ini and preparing a stubs.ini that has logging disabled and any last definitions that should go in. All suggestions are very welcome! :yes:

Hi jumper,

I've recently compiled a list of missing API's in a bunch of bits and bobs that don't presently work :


[KERNEL32.DLL]
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
"GetUserDefaultUILanguage"
"GetModuleHandleExA"
"VerSetConditionMask"
"VerifyVersionInfoA"
"DecodePointer"
"EncodePointer"
"SetProcessDEPPolicy"
"LocaleNameToLCID"
"LCIDToLocaleName"

[OLE32.DLL]
"DcomChannelSetHResult"
"CoGetClassInfo"
"CLSIDFromProgIDEx"
"DcomChannelSetHResult"

[USER32.DLL]
"AllowSetForegroundWindow"
"SetProcessDPIAware"
"GetGestureInfo"
"CloseGestureInfoHandle"
"GetGestureExtraArgs"
"SetGestureConfig"
"GetGestureConfig"

[NTDLL.DLL]
"LdrUnloadDll"
"LdrLoadDll"

[MSVCRT.DLL]
"_get_terminate"

[SHELL32.DLL]
"SHGetKnownFolderPath"

[GDI32.DLL]
"GdiRealizationInfo"
"FontIsLinked"

The next step will be for me to look up the parameter counts and figure out the most appropriate return codes for these thingies.

Joe.

You'll save yourself some sweat by checking first which of those are already handled by KernelEx. I can spot several at a glance.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...