Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


jumper

KernelEx 4.5 Core Updates (4.5.2016.17)

Recommended Posts


Thanks Loblo that explains it, but for me every dll that runs because of KernelEx is a kernelex-dll.

 

@ Jumper

On run I got an error message because I have iphlpapi.dll (4.90.3000.2) in my system folder because otherwise SeaMonkey crashes when trying to play a flash-file !!

So Kexport created a ini for iphlpapi3.dll but not for iphlpapid4.dll. Should I better use iphlpapi3.dll in KernelEx ?

Share this post


Link to post
Share on other sites

Standard DLL's export available API's via the PE file's export table.

Plug-ins "export" available API's via a special function that is specific to that plug-in standard. For KernelEx that function is get_api_table().

> I have sent the folder containing the portable SeaMonkey 2.6.1 to Kexports but I get result 0 and no INI.

SeaMonkey DLL's are not KernelEx plug-ins and don't have a get_api_table() function.

> Kexport[s] created a ini for iphlpapi3.dll but not for iphlpapid4.dll.

Iphlpapi3 and Iphlpapi4 are hybrid DLL's that work both as regular DLL's and as KernelEx plug-ins. Iphlpapi4 doesn't seems to be working correctly as a plug-in (core.ini method), but it doesn't need to if you are using it with the local or Kexstubs methods.

Share this post


Link to post
Share on other sites

Release.10.7z

KernelEx v4.5.2015.10 by jumper2015-07-22+ 69 new api's, 37 improved, 9 removed.+ Support for implicit-only stubs.+ Prefix instruction added to beginning of all stubs in Kexbases and Kexbasen    DS: (0x3e) for legacy stubs, ES: (0x26) for new stubs (implicit-only)+ API logging reduced to KernelEx enhancements (non-STD) only.Details by branch:Core\  Resolver.cpp: ExportFromOrdinal() and ExportFromName() modified to ignore    implicit-only stubs when resolving explicitly  Changed usage of terms for "implicit"/"explicit" from    "static"/"dynamic" to "import"/"delay".Kexcrt\ strcpy.c reverted to version 4.5.2Common\  common.h "*UNIMPL_FUNC" macros prefixed with DS:    (opcode 0x3e) for creating import+delay (legacy) stubs.  common.h "*_UNIMPL_FUNC" macros prefixed with ES:    (opcode 0x26) for creating import-only stubs.  version.h renamed to kexversion.h to avoid conflict with    standard header file; all references updated.ApiLibs\Kexbases\ Gdi32\Orhpans.cpp renamed to Orphans.cpp; updated reference in kexbases.dsp Gdi32\Orhpans.h renamed to Orphans.h; updated references in kexbases.dsp, Orphans.cpp, GdiObjects.c comctl32\: fixed warning in newclassreg.c and syslink.c by adding "#ifndef _WIN32_WINNT" 8 new Kernel32 stubs:  se_UNIMPL_FUNC(FindActCtxSectionGuid, 5, ERROR_NI);  //f5e  rse_UNIMPL_FUNC(FindActCtxSectionStringW, 1, 5, 0  );  //o5e0  se_UNIMPL_FUNC(GetSystemWow64DirectoryA, 2, ERROR_NI);  //z2e120 #65  se_UNIMPL_FUNC(GetSystemWow64DirectoryW, 2, ERROR_NI);  //z2e120 #65 #304  se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointA, 3, ERROR_NI);  //z3e120  se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointW, 3, ERROR_NI);  //z3e120  se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameA, 4, ERROR_NI);  //z4e120  se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameW, 4, ERROR_NI);  //z4e120 2 removed Kernel32 stubs:  FindActCtxSectionGui_, FindActCtxSectionStrin_W 7 updated Kernel32 stubs (to return correct error values):  seUNIMPL_FUNC(CreateHardLinkA, 3, ERROR_NI);  seUNIMPL_FUNC(CreateHardLinkW, 3, ERROR_NI);  seUNIMPL_FUNC(ReplaceFileA, 6, ERROR_NI);  seUNIMPL_FUNC(ReplaceFileW, 6, ERROR_NI);  seUNIMPL_FUNC(GetProcessIoCounters, 2, ERROR_NI);  seUNIMPL_FUNC(GetComputerNameExA, 3, ERROR_NI);  seUNIMPL_FUNC(GetComputerNameExW, 3, ERROR_NI); 16 new Advapi32 stubs (plus 30 updated to return correct error values):  se_UNIMPL_FUNC(AddAccessAllowedAceEx, 5, ERROR_NI);  se_UNIMPL_FUNC(AddAccessDeniedAceEx, 5, ERROR_NI);  se_UNIMPL_FUNC(ChangeServiceConfig2A, 3, ERROR_NI);  se_UNIMPL_FUNC(ChangeServiceConfig2W, 3, ERROR_NI);  se_UNIMPL_FUNC(IsTokenRestricted, 1, ERROR_NI);  rs_UNIMPL_FUNC(LsaAddAccountRights, STATUS_NI, 4);  rs_UNIMPL_FUNC(LsaEnumerateAccountRights, STATUS_NI, 4);  rs_UNIMPL_FUNC(LsaFreeMemory, STATUS_NI, 1);  rs_UNIMPL_FUNC(LsaLookupNames, STATUS_NI, 5);  rs_UNIMPL_FUNC(LsaLookupNames2, STATUS_NI, 6);  rs_UNIMPL_FUNC(LsaLookupPrivilegeValue, STATUS_NI, 3);  rs_UNIMPL_FUNC(LsaLookupSids, STATUS_NI, 5);  rs_UNIMPL_FUNC(LsaQueryInformationPolicy, STATUS_NI, 3);  rs_UNIMPL_FUNC(QueryUsersOnEncryptedFile, ERROR_NI, 2);  rs_UNIMPL_FUNC(RegOpenUserClassesRoot, ERROR_NI, 4);  se_UNIMPL_FUNC(SetSecurityDescriptorControl, 3, ERROR_NI); 1 new Ntdll stub:  rse_UNIMPL_FUNC(NtSetInformationProcess, STATUS_NI, 4, ERROR_NI);ApiLibs\Kexbases\ 53 new Ntdll forwards (to Msvcrt):  _CIcos  _CIlog  _CIpow  _CIsin  _CIsqrt  __isascii  __iscsym  __iscsymf  __toascii  _atoi64  _ftol2  _ftol2_sse  _i64toa  _i64tow  _itow  _lfind  _ltoa  _ltow  _memccpy  _memicmp  _splitpath  _strlwr  _tolower  _toupper  _ui64toa  _ui64tow  _ultoa  _ultow  _wtoi64  _wtol  atan  ceil  cos  fabs  floor  iscntrl  isgraph  isprint  ispunct  isspace  isupper  iswalpha  iswdigit  iswlower  iswspace  iswxdigit  isxdigit  log  mbstowcs  sin  tan  wcscspn  wcstombs 7 removed Ntdll forwards (not in Msvcrt!):  _alloca_probe  _itoa_s  _vscwprintf  strcpy_s  wcscat_s  wcscpy_s  wcsnlen
  • Upvote 2

Share this post


Link to post
Share on other sites

Hi Jumper,
 
just when I thought to ask you politely if you maybe could add 'ntsetinformationprocess' !!! Thanks.
 
On first test all kernelex-dependent apps work except SeaMonkey !! It crashed while opening the tabs.
After downgrading kernelex.dll to the one from release 9 it works fine again.

 

Datum 11/27/2015 Uhrzeit 13:37SEAMONKEY verursachte einen Fehler durch eine ungültige Seitein Modul  bei 0000:00000009.Register:EAX=0164e000 CS=018f EIP=00000009 EFLGS=00010246EBX=ffe144fb SS=0197 ESP=0201f7ec EBP=0201f824ECX=01638148 DS=0197 ESI=01c390e0 FS=5c0fEDX=00000000 ES=0197 EDI=8234bfe4 GS=0000Bytes bei CS:EIP:00 6b 0a 65 04 70 00 65 04 70 00 54 ff 00 f0 79Stapelwerte:00000197 0306afe9 00000005 0164e000 00002000 0201f814 01638148 0306815c 4e4d454a 00000008 8234bfe4 0164e000 00000000 00002000 0201f894 030614de

Share this post


Link to post
Share on other sites

Older versions of SumatraPDF (1.9-2.2) would delay-load NtSetInformationProcess and were incompatible with any implementation. A stub for other apps could only be added once the "resolver" in kernelex.dll was modified to support implicit-only stubs. Be aware that by using kexbases.dll v10 with kernelex.dll v9, I expect you will not be able to run these older versions of SumatraPDF.

There is nothing in your crash report (such as low stack addresses) to indicate what version of SeaMonkey you are refering to. As SM 2.0.14 is working okay for me, and SM 2.6.1 is also loading, what version is crashing for you? (I'm running SE with no formal service packs on a non-SSE cpu with 256MB of memory.)

Share this post


Link to post
Share on other sites

Hi Jumper, it is definetely a flash-issue again !! SeaMonkey crashes only when there is flash-content in any tab.

 

In the meantime I have tested several versions of SM (2.1, 2.2., 2.3.3 and 2.6.1) and flash-plugin in different comp-modes. I even tried iphlpapi.dll 5.00.1717.2 in win/sys. But the crashing continued.

But it works beautifully when using kernelex.dll v9.

 

Besides that issue SeaMonkey loads now up to 2.8 for me. Thank you.

For 2.9.1. I needed to add to kstub.ini:

-> ntdll.dll

RtlAssert (seem to work)

RtlConvertSidToUnicodeString (seem to work)

but

RtlCreateEnvironment (seem to be not 'recognized' - maybe because of the kernelex.dll issue ?)

 

When trying to start SM 2.10.1 I get the following:

SEAMONKEY verursachte einen Ausnahmefehler c000000dH in Modul MSVCR80.DLL bei 016f:78178ad2.Register:EAX=9e9ef4b0 CS=c1c6016f EIP=78178ad2 EFLGS=00000282EBX=00000000 SS=630177 ESP=0063ebbc EBP=0063ebf8ECX=00000002 DS=83b20177 ESI=0063fd05 FS=81f743ffEDX=81f96614 ES=630177 EDI=bff9637b GS=85390000Bytes bei CS:EIP:83 c4 14 83 c8 ff e9 a1 00 00 00 8b 45 0c 3b c3Stapelwerte:78178ad2 00000000 00000000 00000000 00000000 00000000 bfa4100e 81f96880 00000000 00401235 0063ec0c 0063ec0c 00000001 0063ec28 0063ec0c 0063fc38
Edited by MiKl

Share this post


Link to post
Share on other sites

 

Ok, just installed this and the problem with kexbasen.dll on windows  ME seems to be gone, no need to revert to original one.

 

There are issues however:

 

* Many upx-compressed programs don't start anymore. Once decompressed (including their dependencies) they run fine however.   (Example: Networx, QAAC, Lux Render and probably many others) 

 

* Programs built with QT5 all have a fatal crt crash on startup. With previous version they run and only crash on attempting to use any type of menu which made some of them still useable.

Share this post


Link to post
Share on other sites

Flash seems broken as Opera crashes on going to any page that's got flash content and screensavers using flash activex also crash. Both OK with previous KernelEx  version which I am going to revert to now.

Share this post


Link to post
Share on other sites

Opera 12.02 is still working fine for me on YouTube, the videos still play perfectly after installing the new 2015.10 KernelEx DLLs.

I'm using Flash 10.2.159.1, with the YouTube Center version 2.1.7 extension installed.

My only niggling problem with Opera 12.02 is still some text apparently appearing in Greek characters at certain zoom settings (including the normal setting unfortunately!)

:)

Share this post


Link to post
Share on other sites

@MiKl:

UPX converts most implicit import dependencies into explicit, delay-load dependencies. That is a potential problem for the new implicit-only stub loading method in v.10.

If the Flash plugin dll is UPX-ed, try un-UPX-ing it. Same for all other files that work with kernelex.dll v9 but not v10.

I have extracted SeaMonkey Setup 2.9.1.exe, original filename: 7zS.sfx.exe, size: 19818694.

Without setup, it loads in v10 (but hangs with 100% cpu usage after displaying the UI and release notes page).

Other than RtlUnwind, SeaMonkey 2.9.1 does not have any Rtl* dependencies. What module (and version) is reporting the missing reference?


update: Cross-post with last three replies....

@loblo:

> the problem with kexbasen.dll on windows ME seems to be gone

Kexstubs definitions are also now implicit-only (0x54 prefix)...or perhaps related to the seven forwards to phantom Msvcrt functions I removed?

> Many upx-compressed programs...[o]nce decompressed...run fine however.

Good verification. I plan to add some new property sheet options for better control of the stub resolving logic.

> Programs built with QT5....

such as? (a small one please!)

@Dave-H: Good version details! :)

Edited by jumper

Share this post


Link to post
Share on other sites

I use flash 19.0.0.245 (current/latest) and it's not upxed.

 

Why is there an implicit-only stub loading method in v.10 now? 

Share this post


Link to post
Share on other sites

@MiKl:

I have extracted SeaMonkey Setup 2.9.1.exe, original filename: 7zS.sfx.exe, size: 19818694.

Without setup, it loads in v10 (but hangs with 100% cpu usage after displaying the UI and release notes page).

Other than RtlUnwind, SeaMonkey 2.9.1 does not have any Rtl* dependencies. What module (and version) is reporting the missing reference?

 

Hi Jumper,

I am also using an unaltered flash 19.0.0.245 like Loblo.

 

I always use the zip-versions of the different SeaMonkey-versions and after unpacking and setting the comp-modes I ran the exe and at first it wanted RtlAssert -> then RtlConvertSidToUnicodeString. So I added these to kstub822.ini [ntdll.dll].

But anything seem to be wrong with RtlCreateEnvironment.

 

Oh by the way, when you have the time, can you maybe update the 'printing with kernelex' thread with the best possible solutions ?

I tried today the 'kernelex-folder' way from post #15 but this is indeed not working or is it ?

But it is also of course possible (and likely) that I was finally just confused with all these different versions of comdlg32.dll and comdlgex.dll, renaming this to that and when to use exactly which installation method.  :crazy: 

Share this post


Link to post
Share on other sites

Implicit imports are "needed" to load, just in case their functionality is wanted later.

Explicit imports are "wanted" to be used right now.

Stubs are needed to enable modules to load, but don't actually do anything if called other than try to fake the app into not crashing.

Adding new api stubs for new apps that "need" them has the potential to crash apps that "want" them but used to work without them.

Flash 19 needs some Kexstubs definitions to load. These are implicit-only with v10 which is fine. However Flash 19 may also be invoking other Kexstubs definitions explicitly. That is no longer fine in v10.

Check your Kexstubs log file to see which are being invoked. Try clearing the log file and then trigger the screensaver and/or loading a page that uses flash in an already-running browser.

If you can give me a list of all definitions needed for a working Flash 19, I'll add support for all of them in v11. (Bonus points for any extra definitions needed for older flash versions!)

Share this post


Link to post
Share on other sites

@jumper

>> the problem with kexbasen.dll on windows ME seems to be gone
>Kexstubs definitions are also now implicit-only (0x54 prefix)...or perhaps related to the seven forwards to phantom Msvcrt functions I removed?

As I had experienced in the past crashes of kernelex at windows startup after having added definitions for msvcrt in kexstub, I suspect it could well be the latter.

>> Many upx-compressed programs...[o]nce decompressed...run fine however.
>Good verification. I plan to add some new property sheet options for better control of the stub resolving logic.

Reading your other post I think I understand the rationale for this new loader: It's to avoid situations where programs/dlls break because of new definitions/stubs such as the actctx issues with the 80 and 90 msvc runtimes for example.

If by adding a new property sheet to control the stub you mean offering a choice between the old and new loader, then this is great because as it is now it is a nightmare for me. I use zillions of upxed programs to save disk space and I am afraid I have not enough free disk space to unupx them all so they can run with v10. I just mention that often upx reduces executable size to 30% of the original which for just the current FFMpeg static binaries represents a saving of 70MB disk usage.

I am also thinking about potential load issues with programs coming from author compressed with other packers such as MPress, Petite, etc... which are very difficult to unpack at best. Not sure if any of them obfuscate some imports as UPX does however.

>> Programs built with QT5....
>such as? (a small one please!)

Bad news, there are no really small QT5 apps. XnConvert now uses QT5, it's 60MB once unarchived: http://download.xnview.com/XnConvert-win.zip

I can't use XnConvert on v9 either because of the crashes using menus but at least it loads (using v9 with original kexbasen.dll).

>Flash 19 needs some Kexstubs definitions to load. These are implicit-only with v10 which is fine. However Flash 19 may also be invoking other Kexstubs definitions explicitly. That is no longer fine in v10. Check your Kexstubs log file to see which are being invoked. Try clearing the log file and then trigger the screensaver and/or loading a page that uses flash in an already-running browser.

Flash 19 Screensaver:

[Kstub822]
= Kernel32.dll:GetSystemWow64DirectoryW=z2e120 =
= Kernel32.dll:WerRegisterMemoryBlock=f2 =
= NTDLL.DLL:RtlInitUnicodeString=>Kstub822:IAS =
= Kernel32.dll:GetSystemWow64DirectoryW=z2e120 =

Flash 19 plugin in Opera:

[Kstub822]
= Kernel32.dll:GetSystemWow64DirectoryW=z2e120 =
= NTDLL.DLL:RtlInitUnicodeString=>Kstub822:IAS =

Looks like NTDLL.DLL:RtlInitUnicodeString might be the problem as it's common to both and doesn't show in Dependency Walker.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   1 member

×