Jump to content

KernelEx 2022 (Kex22) Test Versions (4.22.26.2)


jumper

Recommended Posts

23 hours ago, jumper said:

Core.ini ApiConfigurations need to be renumbered without gaps in the sequence.

I tried that but what does the ApiConfiguration numbers mean or do? Core.ini 20i had some gaps in the numbering configuration but it still worked. EDIT I should have checked myself. As per Jumpers next post Core.ini 20i does not have any numbering gaps.

Edited by Goodmaneuver
Link to comment
Share on other sites


Using numbers is a simple way for KernelEx.dll to enumerate all active modes and also for Sheet.dll to order the menu items.

Yesterday I noticed setting a mode below the first gap didn't stick. If KernelEx.dll isn't recognizing modes below the gap, it will use the default instead. I'll debug it later, but eliminating gaps avoids problems for now. Filling them with <nn>=. works.

Just checked: Core.20i has 0..46, no gaps.

 

Link to comment
Share on other sites

Goodmaneuver, I testet your core.ini. The renumbering - with no gaps - in core.ini solved the  "Stack Overflow occurred in KEXBASEN.DLL" on Firefox start. So I'm able to use Kexbasen25 with Kexbases24 now.  The bugfix doesn't seem to have an effect on "invalid page fault in module KERNEL32.DLL" on ME start when using Kexbases25.

Edited by schwups
Link to comment
Share on other sites

If that's the Rundll32 initial report, determine the command line and reproduce the error while profiling and logging.

From the initial report, it appears to be a bad pointer in Kexbasen passed from jemalloc to EnterCriticalSection in Kernel32. Also a stack leak unless Kernel32 is somehow calling back into Kexbasen.

Only Sheet and Kexcom need to be registered.

 

Link to comment
Share on other sites

8 hours ago, jumper said:

If that's the Rundll32 initial report, determine the command line and reproduce the error while profiling and logging.

I can't find any access with keyboard or mouse, except ctrl-alt-del. I get only the windows faultlog. Or is there another possibilty to run a diagnostic tool, when Kexbases25 is used?

 

8 hours ago, jumper said:

Only Sheet and Kexcom need to be registered.

I never had this before. The installer of 4.5.2 doesn't register these files as Kex knowndll's. Ok, I will test this.

Link to comment
Share on other sites

7 hours ago, schwups said:

The installer of 4.5.2 doesn't register these files as Kex knowndll's.

'Only Sheet and Kexcom need to be registered' : - You have a shortcut of regsvr32.exe in the Windows\SendTo folder. Sheet and Kexcom are the only KEX modules that export DllRegisterServer and DllUnregisterServer.

Link to comment
Share on other sites

Some of my runtime applications require KernelEx and therefore I know straight away when KernelEx is not working when booting in. Some apps will break across RAM and corrupt other apps that are next in the load sequence if 1 or 2 of those apps do not load properly. I need to stop the App not trying to load again to halt further Memory/RAM corruption by choosing to debug it with Borland's Turbo Debugger TD32.exe instead of selecting to close the App. This way I can then start Explorer. WinMgmt starts before explorer I believe. I too lose the use of my USB after using Kexbases25 knocking out USB keyboard and USB mouse. PS2 devices should be OK. I think Dave-H is clarifying his use of the KEX modules as to hint on whether there was an update to these that we do not have. Kexbases25 introduces a new call to ImageHlp and KexBases25 stops KernelEx from running. Jumper if you have Kexbases25 running then is there an update to KernelEx.dll that we do not have or something like that?

Edited by Goodmaneuver
Link to comment
Share on other sites

> The installer of 4.5.2 doesn't register these files as Kex knowndll's.

It registers them as shell and com extensions.

On hang, is there a Debug option? Do you have a debugger installed?

Try disabling auto-start apps.

Try modding core.ini to use the NtClose alternates. (I'll do this in the update).

 

Link to comment
Share on other sites

42 minutes ago, jumper said:

On hang, is there a Debug option? Do you have a debugger installed?

Try disabling auto-start apps.

Debugging this will give differing results as to which application is trying to run. KernelEx does not run. RAM corruption is happening for me, see my above post, and TD32 can not debug it. Like I said, the best result was that KernelEx.dll could not load but it was not that exact word -(load) and it was not while testing Kexbases and prior to editing Core.ini. Jumper If you are running 98FE and have differing ImageHlp and DbgHelp modules then you may be getting Kexbases to run? My ImageHlp version is 6.05270.9 and runs in SafeMode along with DbgHelp of 6.9.3.113.

Edited by Goodmaneuver
Link to comment
Share on other sites

Here is the FaultLog but it is irrelevant due to memory corruption and pushing into the next application load. Everything will not load when Memory overshoot/overrun occurs unless it is stopped by trying to debug it then closing the debugger. Explorer then can be loaded but then you can only run applications that do not need modules that require KernelEx. WinMgmt.exe needs RegDisablePredefindCache as I have used 5.1.2296.1 - perhaps I should not have used this version but is first application to load that requires KernelEx.

**********************************************************************
Date 11/24/2021 Time 01:40
WINMGMT caused an invalid page fault in
module KERNEL32.DLL at 01bf:bff6bb07.
Registers:
EAX=00000000 CS=01bf EIP=bff6bb07 EFLGS=00000246
EBX=830c55ac SS=01c7 ESP=0064f7c8 EBP=0064f7d8
ECX=ffffffff DS=01c7 ESI=0052c510 FS=2267
EDX=830c5960 ES=01c7 EDI=bff7cf67 GS=0000
Bytes at CS:EIP:
ff 76 04 e8 8a 87 ff ff 5e c2 04 00 56 8b 74 24
Stack dump:
0050021c 0051b736 0052c510 ffffffff 0064f7f0 0051b67c 00000142 00400000 00500218 00000000 0064f810 0051aa2e 00000142 00000000 0064f81c bff888ed
**********************************************************************
Date 11/24/2021 Time 01:40
RUNDLL32 caused an invalid page fault in
module KERNEL32.DLL at 01bf:bff6bb07.
Registers:
EAX=00000000 CS=01bf EIP=bff6bb07 EFLGS=00000246
EBX=00000000 SS=01c7 ESP=0065f774 EBP=0065f784
ECX=ffffffff DS=01c7 ESI=0053c510 FS=230f
EDX=000001f0 ES=01c7 EDI=bff60000 GS=0000
Bytes at CS:EIP:
ff 76 04 e8 8a 87 ff ff 5e c2 04 00 56 8b 74 24
Stack dump:
000001f0 0052b736 0053c510 ffffffff 0065f79c 0052b67c 000001f2 830b5000 830c8908 00000001 0065f7bc 0052c119 000001f2 00000001 0065f7dc bfa01f2a
**********************************************************************

Edited by Goodmaneuver
Same as before no change. I am not sure that a memory overrun is occurring now.
Link to comment
Share on other sites

If KernelEx is not running, which it does not with Kesbases25, then how can we debug it. These Faults will occur when KernelEx is not running. Nvidia software launches with rundll32 and cannot be run again if stopped until a fresh reboot occurs. I would not be concerned about the fault log as KernelEx is not running and after first overrun then with the next application to launch, triggering a Fault Log, the fault log can not be trusted. We have numerous modules with KEX settings including Rundll32 (BASE). How can we attempt to launch KernelEx manually to try and debug it. I am certain KEX modules do not load. I know that the OS should run without KernelEx and I have made sure it does with Safe Mode and debugging an application that requires KernelEx when KernelEx is not running does not make sense.

Edited by Goodmaneuver
Link to comment
Share on other sites

 

KU211221.7z updated

.25 refresh

  • Kexbasen
  • Kexbases fixed
  • Kstub824 dll+ini
  • KexVista
  • Core.25h to fix some more issues
  • Core.24a fallback example
  • KernelEx.dll v.25 to match, but not new
  • 3 additional files for IE9 and 360ee support

Tools

  • ImportPatcher 42
    - Test and patch PE imports
  • Ktree 11
    - View KernelEx API's
    - New: choose and save font
  • ProcWin 1.6
    - View running process image detail w/disassembler
  • Minisnap 5
    - Displays module versions and KernelEx modes for each process
  • Kexports/Exports 5
    - List Exports as .ini or .def

 

Edited by jumper
Kexbases fixed
Link to comment
Share on other sites

@Goodmaneuver - Take a deep breath. We are not going to debug. We are investigating. Please stay focused and respond with only the exact information I request. You know about load addresses. In what module is bfa01fa2?

@schwups - Are you also using Nvidia apps? If so, disable their auto-start and see if you can get to the desktop.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...