Goodmaneuver Posted November 20, 2021 Posted November 20, 2021 (edited) 23 hours ago, jumper said: Core.ini ApiConfigurations need to be renumbered without gaps in the sequence. I tried that but what does the ApiConfiguration numbers mean or do? Core.ini 20i had some gaps in the numbering configuration but it still worked. EDIT I should have checked myself. As per Jumpers next post Core.ini 20i does not have any numbering gaps. Edited November 21, 2021 by Goodmaneuver
jumper Posted November 20, 2021 Author Posted November 20, 2021 Using numbers is a simple way for KernelEx.dll to enumerate all active modes and also for Sheet.dll to order the menu items. Yesterday I noticed setting a mode below the first gap didn't stick. If KernelEx.dll isn't recognizing modes below the gap, it will use the default instead. I'll debug it later, but eliminating gaps avoids problems for now. Filling them with <nn>=. works. Just checked: Core.20i has 0..46, no gaps.
schwups Posted November 22, 2021 Posted November 22, 2021 (edited) Goodmaneuver, I testet your core.ini. The renumbering - with no gaps - in core.ini solved the "Stack Overflow occurred in KEXBASEN.DLL" on Firefox start. So I'm able to use Kexbasen25 with Kexbases24 now. The bugfix doesn't seem to have an effect on "invalid page fault in module KERNEL32.DLL" on ME start when using Kexbases25. Edited November 22, 2021 by schwups
jumper Posted November 23, 2021 Author Posted November 23, 2021 If that's the Rundll32 initial report, determine the command line and reproduce the error while profiling and logging. From the initial report, it appears to be a bad pointer in Kexbasen passed from jemalloc to EnterCriticalSection in Kernel32. Also a stack leak unless Kernel32 is somehow calling back into Kexbasen. Only Sheet and Kexcom need to be registered.
jumper Posted November 23, 2021 Author Posted November 23, 2021 7d011b65 push ebp Stack overflow/frozen. Error message and stack dump would have been useful.
schwups Posted November 23, 2021 Posted November 23, 2021 8 hours ago, jumper said: If that's the Rundll32 initial report, determine the command line and reproduce the error while profiling and logging. I can't find any access with keyboard or mouse, except ctrl-alt-del. I get only the windows faultlog. Or is there another possibilty to run a diagnostic tool, when Kexbases25 is used? 8 hours ago, jumper said: Only Sheet and Kexcom need to be registered. I never had this before. The installer of 4.5.2 doesn't register these files as Kex knowndll's. Ok, I will test this.
Goodmaneuver Posted November 23, 2021 Posted November 23, 2021 7 hours ago, schwups said: The installer of 4.5.2 doesn't register these files as Kex knowndll's. 'Only Sheet and Kexcom need to be registered' : - You have a shortcut of regsvr32.exe in the Windows\SendTo folder. Sheet and Kexcom are the only KEX modules that export DllRegisterServer and DllUnregisterServer.
Goodmaneuver Posted November 23, 2021 Posted November 23, 2021 (edited) Some of my runtime applications require KernelEx and therefore I know straight away when KernelEx is not working when booting in. Some apps will break across RAM and corrupt other apps that are next in the load sequence if 1 or 2 of those apps do not load properly. I need to stop the App not trying to load again to halt further Memory/RAM corruption by choosing to debug it with Borland's Turbo Debugger TD32.exe instead of selecting to close the App. This way I can then start Explorer. WinMgmt starts before explorer I believe. I too lose the use of my USB after using Kexbases25 knocking out USB keyboard and USB mouse. PS2 devices should be OK. I think Dave-H is clarifying his use of the KEX modules as to hint on whether there was an update to these that we do not have. Kexbases25 introduces a new call to ImageHlp and KexBases25 stops KernelEx from running. Jumper if you have Kexbases25 running then is there an update to KernelEx.dll that we do not have or something like that? Edited November 24, 2021 by Goodmaneuver
jumper Posted November 23, 2021 Author Posted November 23, 2021 > The installer of 4.5.2 doesn't register these files as Kex knowndll's. It registers them as shell and com extensions. On hang, is there a Debug option? Do you have a debugger installed? Try disabling auto-start apps. Try modding core.ini to use the NtClose alternates. (I'll do this in the update).
Goodmaneuver Posted November 24, 2021 Posted November 24, 2021 (edited) 42 minutes ago, jumper said: On hang, is there a Debug option? Do you have a debugger installed? Try disabling auto-start apps. Debugging this will give differing results as to which application is trying to run. KernelEx does not run. RAM corruption is happening for me, see my above post, and TD32 can not debug it. Like I said, the best result was that KernelEx.dll could not load but it was not that exact word -(load) and it was not while testing Kexbases and prior to editing Core.ini. Jumper If you are running 98FE and have differing ImageHlp and DbgHelp modules then you may be getting Kexbases to run? My ImageHlp version is 6.05270.9 and runs in SafeMode along with DbgHelp of 6.9.3.113. Edited November 24, 2021 by Goodmaneuver
Goodmaneuver Posted November 24, 2021 Posted November 24, 2021 (edited) Here is the FaultLog but it is irrelevant due to memory corruption and pushing into the next application load. Everything will not load when Memory overshoot/overrun occurs unless it is stopped by trying to debug it then closing the debugger. Explorer then can be loaded but then you can only run applications that do not need modules that require KernelEx. WinMgmt.exe needs RegDisablePredefindCache as I have used 5.1.2296.1 - perhaps I should not have used this version but is first application to load that requires KernelEx. ********************************************************************** Date 11/24/2021 Time 01:40 WINMGMT caused an invalid page fault in module KERNEL32.DLL at 01bf:bff6bb07. Registers: EAX=00000000 CS=01bf EIP=bff6bb07 EFLGS=00000246 EBX=830c55ac SS=01c7 ESP=0064f7c8 EBP=0064f7d8 ECX=ffffffff DS=01c7 ESI=0052c510 FS=2267 EDX=830c5960 ES=01c7 EDI=bff7cf67 GS=0000 Bytes at CS:EIP: ff 76 04 e8 8a 87 ff ff 5e c2 04 00 56 8b 74 24 Stack dump: 0050021c 0051b736 0052c510 ffffffff 0064f7f0 0051b67c 00000142 00400000 00500218 00000000 0064f810 0051aa2e 00000142 00000000 0064f81c bff888ed ********************************************************************** Date 11/24/2021 Time 01:40 RUNDLL32 caused an invalid page fault in module KERNEL32.DLL at 01bf:bff6bb07. Registers: EAX=00000000 CS=01bf EIP=bff6bb07 EFLGS=00000246 EBX=00000000 SS=01c7 ESP=0065f774 EBP=0065f784 ECX=ffffffff DS=01c7 ESI=0053c510 FS=230f EDX=000001f0 ES=01c7 EDI=bff60000 GS=0000 Bytes at CS:EIP: ff 76 04 e8 8a 87 ff ff 5e c2 04 00 56 8b 74 24 Stack dump: 000001f0 0052b736 0053c510 ffffffff 0065f79c 0052b67c 000001f2 830b5000 830c8908 00000001 0065f7bc 0052c119 000001f2 00000001 0065f7dc bfa01f2a ********************************************************************** Edited November 25, 2021 by Goodmaneuver Same as before no change. I am not sure that a memory overrun is occurring now.
jumper Posted November 24, 2021 Author Posted November 24, 2021 My previous response was for schwups, but looking at your logs I see bfa01fa2. This is our best clue. Investigate.
Goodmaneuver Posted November 24, 2021 Posted November 24, 2021 (edited) If KernelEx is not running, which it does not with Kesbases25, then how can we debug it. These Faults will occur when KernelEx is not running. Nvidia software launches with rundll32 and cannot be run again if stopped until a fresh reboot occurs. I would not be concerned about the fault log as KernelEx is not running and after first overrun then with the next application to launch, triggering a Fault Log, the fault log can not be trusted. We have numerous modules with KEX settings including Rundll32 (BASE). How can we attempt to launch KernelEx manually to try and debug it. I am certain KEX modules do not load. I know that the OS should run without KernelEx and I have made sure it does with Safe Mode and debugging an application that requires KernelEx when KernelEx is not running does not make sense. Edited November 24, 2021 by Goodmaneuver
jumper Posted November 24, 2021 Author Posted November 24, 2021 (edited) KU211221.7z updated .25 refresh Kexbasen Kexbases fixed Kstub824 dll+ini KexVista Core.25h to fix some more issues Core.24a fallback example KernelEx.dll v.25 to match, but not new 3 additional files for IE9 and 360ee support Tools ImportPatcher 42 - Test and patch PE imports Ktree 11 - View KernelEx API's - New: choose and save font ProcWin 1.6 - View running process image detail w/disassembler Minisnap 5 - Displays module versions and KernelEx modes for each process Kexports/Exports 5 - List Exports as .ini or .def Edited December 22, 2021 by jumper Kexbases fixed 1
jumper Posted November 24, 2021 Author Posted November 24, 2021 @Goodmaneuver - Take a deep breath. We are not going to debug. We are investigating. Please stay focused and respond with only the exact information I request. You know about load addresses. In what module is bfa01fa2? @schwups - Are you also using Nvidia apps? If so, disable their auto-start and see if you can get to the desktop.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now