loblo Posted November 12, 2015 Posted November 12, 2015 It's for the kernelex dlls, not for exe/dlls kernelex allows to run. 1
MiKl Posted November 12, 2015 Posted November 12, 2015 Thanks Loblo that explains it, but for me every dll that runs because of KernelEx is a kernelex-dll. @ JumperOn run I got an error message because I have iphlpapi.dll (4.90.3000.2) in my system folder because otherwise SeaMonkey crashes when trying to play a flash-file !!So Kexport created a ini for iphlpapi3.dll but not for iphlpapid4.dll. Should I better use iphlpapi3.dll in KernelEx ?
jumper Posted November 12, 2015 Author Posted November 12, 2015 Standard DLL's export available API's via the PE file's export table.Plug-ins "export" available API's via a special function that is specific to that plug-in standard. For KernelEx that function is get_api_table().> I have sent the folder containing the portable SeaMonkey 2.6.1 to Kexports but I get result 0 and no INI.SeaMonkey DLL's are not KernelEx plug-ins and don't have a get_api_table() function.> Kexport[s] created a ini for iphlpapi3.dll but not for iphlpapid4.dll.Iphlpapi3 and Iphlpapi4 are hybrid DLL's that work both as regular DLL's and as KernelEx plug-ins. Iphlpapi4 doesn't seems to be working correctly as a plug-in (core.ini method), but it doesn't need to if you are using it with the local or Kexstubs methods.
jumper Posted November 27, 2015 Author Posted November 27, 2015 Release.10.7zKernelEx v4.5.2015.10 by jumper2015-07-22+ 69 new api's, 37 improved, 9 removed.+ Support for implicit-only stubs.+ Prefix instruction added to beginning of all stubs in Kexbases and Kexbasen DS: (0x3e) for legacy stubs, ES: (0x26) for new stubs (implicit-only)+ API logging reduced to KernelEx enhancements (non-STD) only.Details by branch:Core\ Resolver.cpp: ExportFromOrdinal() and ExportFromName() modified to ignore implicit-only stubs when resolving explicitly Changed usage of terms for "implicit"/"explicit" from "static"/"dynamic" to "import"/"delay".Kexcrt\ strcpy.c reverted to version 4.5.2Common\ common.h "*UNIMPL_FUNC" macros prefixed with DS: (opcode 0x3e) for creating import+delay (legacy) stubs. common.h "*_UNIMPL_FUNC" macros prefixed with ES: (opcode 0x26) for creating import-only stubs. version.h renamed to kexversion.h to avoid conflict with standard header file; all references updated.ApiLibs\Kexbases\ Gdi32\Orhpans.cpp renamed to Orphans.cpp; updated reference in kexbases.dsp Gdi32\Orhpans.h renamed to Orphans.h; updated references in kexbases.dsp, Orphans.cpp, GdiObjects.c comctl32\: fixed warning in newclassreg.c and syslink.c by adding "#ifndef _WIN32_WINNT" 8 new Kernel32 stubs: se_UNIMPL_FUNC(FindActCtxSectionGuid, 5, ERROR_NI); //f5e rse_UNIMPL_FUNC(FindActCtxSectionStringW, 1, 5, 0 ); //o5e0 se_UNIMPL_FUNC(GetSystemWow64DirectoryA, 2, ERROR_NI); //z2e120 #65 se_UNIMPL_FUNC(GetSystemWow64DirectoryW, 2, ERROR_NI); //z2e120 #65 #304 se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointA, 3, ERROR_NI); //z3e120 se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointW, 3, ERROR_NI); //z3e120 se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameA, 4, ERROR_NI); //z4e120 se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameW, 4, ERROR_NI); //z4e120 2 removed Kernel32 stubs: FindActCtxSectionGui_, FindActCtxSectionStrin_W 7 updated Kernel32 stubs (to return correct error values): seUNIMPL_FUNC(CreateHardLinkA, 3, ERROR_NI); seUNIMPL_FUNC(CreateHardLinkW, 3, ERROR_NI); seUNIMPL_FUNC(ReplaceFileA, 6, ERROR_NI); seUNIMPL_FUNC(ReplaceFileW, 6, ERROR_NI); seUNIMPL_FUNC(GetProcessIoCounters, 2, ERROR_NI); seUNIMPL_FUNC(GetComputerNameExA, 3, ERROR_NI); seUNIMPL_FUNC(GetComputerNameExW, 3, ERROR_NI); 16 new Advapi32 stubs (plus 30 updated to return correct error values): se_UNIMPL_FUNC(AddAccessAllowedAceEx, 5, ERROR_NI); se_UNIMPL_FUNC(AddAccessDeniedAceEx, 5, ERROR_NI); se_UNIMPL_FUNC(ChangeServiceConfig2A, 3, ERROR_NI); se_UNIMPL_FUNC(ChangeServiceConfig2W, 3, ERROR_NI); se_UNIMPL_FUNC(IsTokenRestricted, 1, ERROR_NI); rs_UNIMPL_FUNC(LsaAddAccountRights, STATUS_NI, 4); rs_UNIMPL_FUNC(LsaEnumerateAccountRights, STATUS_NI, 4); rs_UNIMPL_FUNC(LsaFreeMemory, STATUS_NI, 1); rs_UNIMPL_FUNC(LsaLookupNames, STATUS_NI, 5); rs_UNIMPL_FUNC(LsaLookupNames2, STATUS_NI, 6); rs_UNIMPL_FUNC(LsaLookupPrivilegeValue, STATUS_NI, 3); rs_UNIMPL_FUNC(LsaLookupSids, STATUS_NI, 5); rs_UNIMPL_FUNC(LsaQueryInformationPolicy, STATUS_NI, 3); rs_UNIMPL_FUNC(QueryUsersOnEncryptedFile, ERROR_NI, 2); rs_UNIMPL_FUNC(RegOpenUserClassesRoot, ERROR_NI, 4); se_UNIMPL_FUNC(SetSecurityDescriptorControl, 3, ERROR_NI); 1 new Ntdll stub: rse_UNIMPL_FUNC(NtSetInformationProcess, STATUS_NI, 4, ERROR_NI);ApiLibs\Kexbases\ 53 new Ntdll forwards (to Msvcrt): _CIcos _CIlog _CIpow _CIsin _CIsqrt __isascii __iscsym __iscsymf __toascii _atoi64 _ftol2 _ftol2_sse _i64toa _i64tow _itow _lfind _ltoa _ltow _memccpy _memicmp _splitpath _strlwr _tolower _toupper _ui64toa _ui64tow _ultoa _ultow _wtoi64 _wtol atan ceil cos fabs floor iscntrl isgraph isprint ispunct isspace isupper iswalpha iswdigit iswlower iswspace iswxdigit isxdigit log mbstowcs sin tan wcscspn wcstombs 7 removed Ntdll forwards (not in Msvcrt!): _alloca_probe _itoa_s _vscwprintf strcpy_s wcscat_s wcscpy_s wcsnlen 2
MiKl Posted November 27, 2015 Posted November 27, 2015 Hi Jumper, just when I thought to ask you politely if you maybe could add 'ntsetinformationprocess' !!! Thanks. On first test all kernelex-dependent apps work except SeaMonkey !! It crashed while opening the tabs.After downgrading kernelex.dll to the one from release 9 it works fine again. Datum 11/27/2015 Uhrzeit 13:37SEAMONKEY verursachte einen Fehler durch eine ungültige Seitein Modul bei 0000:00000009.Register:EAX=0164e000 CS=018f EIP=00000009 EFLGS=00010246EBX=ffe144fb SS=0197 ESP=0201f7ec EBP=0201f824ECX=01638148 DS=0197 ESI=01c390e0 FS=5c0fEDX=00000000 ES=0197 EDI=8234bfe4 GS=0000Bytes bei CS:EIP:00 6b 0a 65 04 70 00 65 04 70 00 54 ff 00 f0 79Stapelwerte:00000197 0306afe9 00000005 0164e000 00002000 0201f814 01638148 0306815c 4e4d454a 00000008 8234bfe4 0164e000 00000000 00002000 0201f894 030614de
jumper Posted November 27, 2015 Author Posted November 27, 2015 Older versions of SumatraPDF (1.9-2.2) would delay-load NtSetInformationProcess and were incompatible with any implementation. A stub for other apps could only be added once the "resolver" in kernelex.dll was modified to support implicit-only stubs. Be aware that by using kexbases.dll v10 with kernelex.dll v9, I expect you will not be able to run these older versions of SumatraPDF.There is nothing in your crash report (such as low stack addresses) to indicate what version of SeaMonkey you are refering to. As SM 2.0.14 is working okay for me, and SM 2.6.1 is also loading, what version is crashing for you? (I'm running SE with no formal service packs on a non-SSE cpu with 256MB of memory.)
MiKl Posted November 28, 2015 Posted November 28, 2015 (edited) Hi Jumper, it is definetely a flash-issue again !! SeaMonkey crashes only when there is flash-content in any tab. In the meantime I have tested several versions of SM (2.1, 2.2., 2.3.3 and 2.6.1) and flash-plugin in different comp-modes. I even tried iphlpapi.dll 5.00.1717.2 in win/sys. But the crashing continued.But it works beautifully when using kernelex.dll v9. Besides that issue SeaMonkey loads now up to 2.8 for me. Thank you.For 2.9.1. I needed to add to kstub.ini:-> ntdll.dllRtlAssert (seem to work)RtlConvertSidToUnicodeString (seem to work)butRtlCreateEnvironment (seem to be not 'recognized' - maybe because of the kernelex.dll issue ?) When trying to start SM 2.10.1 I get the following:SEAMONKEY verursachte einen Ausnahmefehler c000000dH in Modul MSVCR80.DLL bei 016f:78178ad2.Register:EAX=9e9ef4b0 CS=c1c6016f EIP=78178ad2 EFLGS=00000282EBX=00000000 SS=630177 ESP=0063ebbc EBP=0063ebf8ECX=00000002 DS=83b20177 ESI=0063fd05 FS=81f743ffEDX=81f96614 ES=630177 EDI=bff9637b GS=85390000Bytes bei CS:EIP:83 c4 14 83 c8 ff e9 a1 00 00 00 8b 45 0c 3b c3Stapelwerte:78178ad2 00000000 00000000 00000000 00000000 00000000 bfa4100e 81f96880 00000000 00401235 0063ec0c 0063ec0c 00000001 0063ec28 0063ec0c 0063fc38 Edited November 28, 2015 by MiKl
loblo Posted November 28, 2015 Posted November 28, 2015 Release.10.7z Ok, just installed this and the problem with kexbasen.dll on windows ME seems to be gone, no need to revert to original one. There are issues however: * Many upx-compressed programs don't start anymore. Once decompressed (including their dependencies) they run fine however. (Example: Networx, QAAC, Lux Render and probably many others) * Programs built with QT5 all have a fatal crt crash on startup. With previous version they run and only crash on attempting to use any type of menu which made some of them still useable.
loblo Posted November 28, 2015 Posted November 28, 2015 Flash seems broken as Opera crashes on going to any page that's got flash content and screensavers using flash activex also crash. Both OK with previous KernelEx version which I am going to revert to now.
Dave-H Posted November 28, 2015 Posted November 28, 2015 Opera 12.02 is still working fine for me on YouTube, the videos still play perfectly after installing the new 2015.10 KernelEx DLLs.I'm using Flash 10.2.159.1, with the YouTube Center version 2.1.7 extension installed.My only niggling problem with Opera 12.02 is still some text apparently appearing in Greek characters at certain zoom settings (including the normal setting unfortunately!)
jumper Posted November 28, 2015 Author Posted November 28, 2015 (edited) @MiKl:UPX converts most implicit import dependencies into explicit, delay-load dependencies. That is a potential problem for the new implicit-only stub loading method in v.10.If the Flash plugin dll is UPX-ed, try un-UPX-ing it. Same for all other files that work with kernelex.dll v9 but not v10.I have extracted SeaMonkey Setup 2.9.1.exe, original filename: 7zS.sfx.exe, size: 19818694.Without setup, it loads in v10 (but hangs with 100% cpu usage after displaying the UI and release notes page).Other than RtlUnwind, SeaMonkey 2.9.1 does not have any Rtl* dependencies. What module (and version) is reporting the missing reference?update: Cross-post with last three replies....@loblo:> the problem with kexbasen.dll on windows ME seems to be goneKexstubs definitions are also now implicit-only (0x54 prefix)...or perhaps related to the seven forwards to phantom Msvcrt functions I removed?> Many upx-compressed programs...[o]nce decompressed...run fine however.Good verification. I plan to add some new property sheet options for better control of the stub resolving logic.> Programs built with QT5....such as? (a small one please!)@Dave-H: Good version details! Edited November 29, 2015 by jumper
loblo Posted November 28, 2015 Posted November 28, 2015 I use flash 19.0.0.245 (current/latest) and it's not upxed. Why is there an implicit-only stub loading method in v.10 now?
MiKl Posted November 29, 2015 Posted November 29, 2015 @MiKl:I have extracted SeaMonkey Setup 2.9.1.exe, original filename: 7zS.sfx.exe, size: 19818694.Without setup, it loads in v10 (but hangs with 100% cpu usage after displaying the UI and release notes page).Other than RtlUnwind, SeaMonkey 2.9.1 does not have any Rtl* dependencies. What module (and version) is reporting the missing reference? Hi Jumper,I am also using an unaltered flash 19.0.0.245 like Loblo. I always use the zip-versions of the different SeaMonkey-versions and after unpacking and setting the comp-modes I ran the exe and at first it wanted RtlAssert -> then RtlConvertSidToUnicodeString. So I added these to kstub822.ini [ntdll.dll].But anything seem to be wrong with RtlCreateEnvironment. Oh by the way, when you have the time, can you maybe update the 'printing with kernelex' thread with the best possible solutions ?I tried today the 'kernelex-folder' way from post #15 but this is indeed not working or is it ?But it is also of course possible (and likely) that I was finally just confused with all these different versions of comdlg32.dll and comdlgex.dll, renaming this to that and when to use exactly which installation method.
jumper Posted November 29, 2015 Author Posted November 29, 2015 Implicit imports are "needed" to load, just in case their functionality is wanted later.Explicit imports are "wanted" to be used right now.Stubs are needed to enable modules to load, but don't actually do anything if called other than try to fake the app into not crashing.Adding new api stubs for new apps that "need" them has the potential to crash apps that "want" them but used to work without them.Flash 19 needs some Kexstubs definitions to load. These are implicit-only with v10 which is fine. However Flash 19 may also be invoking other Kexstubs definitions explicitly. That is no longer fine in v10.Check your Kexstubs log file to see which are being invoked. Try clearing the log file and then trigger the screensaver and/or loading a page that uses flash in an already-running browser.If you can give me a list of all definitions needed for a working Flash 19, I'll add support for all of them in v11. (Bonus points for any extra definitions needed for older flash versions!)
loblo Posted November 29, 2015 Posted November 29, 2015 @jumper>> the problem with kexbasen.dll on windows ME seems to be gone>Kexstubs definitions are also now implicit-only (0x54 prefix)...or perhaps related to the seven forwards to phantom Msvcrt functions I removed?As I had experienced in the past crashes of kernelex at windows startup after having added definitions for msvcrt in kexstub, I suspect it could well be the latter.>> Many upx-compressed programs...[o]nce decompressed...run fine however.>Good verification. I plan to add some new property sheet options for better control of the stub resolving logic.Reading your other post I think I understand the rationale for this new loader: It's to avoid situations where programs/dlls break because of new definitions/stubs such as the actctx issues with the 80 and 90 msvc runtimes for example.If by adding a new property sheet to control the stub you mean offering a choice between the old and new loader, then this is great because as it is now it is a nightmare for me. I use zillions of upxed programs to save disk space and I am afraid I have not enough free disk space to unupx them all so they can run with v10. I just mention that often upx reduces executable size to 30% of the original which for just the current FFMpeg static binaries represents a saving of 70MB disk usage.I am also thinking about potential load issues with programs coming from author compressed with other packers such as MPress, Petite, etc... which are very difficult to unpack at best. Not sure if any of them obfuscate some imports as UPX does however.>> Programs built with QT5....>such as? (a small one please!)Bad news, there are no really small QT5 apps. XnConvert now uses QT5, it's 60MB once unarchived: http://download.xnview.com/XnConvert-win.zipI can't use XnConvert on v9 either because of the crashes using menus but at least it loads (using v9 with original kexbasen.dll).>Flash 19 needs some Kexstubs definitions to load. These are implicit-only with v10 which is fine. However Flash 19 may also be invoking other Kexstubs definitions explicitly. That is no longer fine in v10. Check your Kexstubs log file to see which are being invoked. Try clearing the log file and then trigger the screensaver and/or loading a page that uses flash in an already-running browser.Flash 19 Screensaver:[Kstub822]= Kernel32.dll:GetSystemWow64DirectoryW=z2e120 == Kernel32.dll:WerRegisterMemoryBlock=f2 == NTDLL.DLL:RtlInitUnicodeString=>Kstub822:IAS == Kernel32.dll:GetSystemWow64DirectoryW=z2e120 =Flash 19 plugin in Opera:[Kstub822]= Kernel32.dll:GetSystemWow64DirectoryW=z2e120 == NTDLL.DLL:RtlInitUnicodeString=>Kstub822:IAS =Looks like NTDLL.DLL:RtlInitUnicodeString might be the problem as it's common to both and doesn't show in Dependency Walker.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now