Chrome 49 Update

[Dibya]

Friends i need some help.

Few av Softwares are  detecting my modified kernel32.dll as virus see here https://www.virustotal.com/en/file/a2439d8c0091223280077c926d1e5da9dc7a247b857db47d9734d9573e977d79/analysis/1472194004/

[Dave-H]

If you're absolutely sure that it's a false positive, I suspect it's being flagged simply because the file has been modified.
I've made really simple modifications to files with Resource Hacker, and my AV (Trend Internet Security) has started flagging them as suspicious files.
I'm not sure what you can do about that.

 

[jaclaz]

I don't want to seem more grumpy than usual but what (the heck) is the problem?

IF your modified kernel32.dll is tested, stable, verified to be working, etc. you can report the fact to the anti-virus vendors and - unless there is actually something malicious - they will normally whitelist the file.

IF instead it is a half-@§§ed, temporary, untested, only partially working version (let's call it Alpha or Beta) the (I presume restricted number of ) testers will know that it is a false positive and trust you more than the antivirus detection heuristics.

jaclaz

 

[Dibya]

 . There is no malicious things but some code from kernel32.dll of server 2008 sp2 r1

I got worried out , 360 Av which i installed in my test vm , it eaten all my modified files causing my pc to not start

Thanks a lot helping me . I donot know what wrong with AV softwares

[Dave-H]

Unfortunately, modified system files are one thing that they are designed to check, as that could be a symptom of a virus attack of course.
Apart for manually white-listing the files in the AV software, I suspect that there is no ideal solution to this, the AV software is only doing its job!

 

[Dibya]

6 hours ago, Dave-H said:

Unfortunately, modified system files are one thing that they are designed to check, as that could be a symptom of a virus attack of course.
Apart for manually white-listing the files in the AV software, I suspect that there is no ideal solution to this, the AV software is only doing its job!

 

They should do their job...

[dencorso]

That's just one more reason to encapsulate modifications in a new executable and redirect/inject those in real time, without modifying system files.
Don't ask me how to do it: I don't know, but I do know it can be done. And that's the beauty of how Xeno86 implemented kEx in for 98/ME.

[Dibya]

On 8/27/2016 at 1:51 AM, dencorso said:

That's just one more reason to encapsulate modifications in a new executable and redirect/inject those in real time, without modifying system files.
Don't ask me how to do it: I don't know, but I do know it can be done. And that's the beauty of how Xeno86 implemented kEx in for 98/ME.

I wished to do like that unfortunately Xeno86 was not active since long

[blackwingcat]

36.0.2130.80 :3

[sdfox7]

18 hours ago, blackwingcat said:

36.0.2130.80 :3

@Blackwingcat

Did you use the update mechanism within the Opera browser to get that 36.0.2130.80 version? The website is still serving the 36.0.2130.65 standalone version (at least to XP machines):

http://www.opera.com/computer/windows

http://www.opera.com/download/get/?id=39357&location=410&nothanks=yes&sub=marine

[Dave-H]

My Opera 36 didn't update automatically, but it did update when I did a manual check by going to the "About Opera" page in the menu.

If that doesn't work for you, the latest version can be downloaded here.

You need the file whose name ends with "setup.exe".

[blackwingcat]

You can also install it from opera xp.exe :3

[Dibya]

I have made a Comp ability  layer with following components

kernel32.dll with following function

DecodePointer
EncodePointer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetThreadId
InitializeCriticalSectionEx
InitOnceExecuteOnce
SetThreadStackGuarantee

GetTickCount64

Prevented not a valid win32 Application

Updated C Run-time Components

i.Windows NT C++ Runtime Library DLL 7.0.6002.18005

ii.MFCDLL Shared Library - Retail Version 4.1.6151(ALL 4 DLLS)

iii.Windows NT IOStreams DLL 7.0.6000.16386

iv. Windows NT CRT DLL 7.0.6002.22755

I have to now debug this files then i have to test it in vm , if it work tomorrow surely i will post it here.

 

 

few more functions i have added :-

K32EnumProcesses
K32EmptyWorkingSet
K32EnumDeviceDrivers
K32EnumProcesses
K32EnumProcessModules
K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameA
K32GetDeviceDriverFileNameW
K32GetMappedFileNameA
K32GetMappedFileNameW
K32GetModuleBaseNameA
K32GetModuleBaseNameW
K32GetModuleFileNameExA
K32GetModuleFileNameExW
K32GetModuleInformation
K32GetPerformanceInfo
K32GetProcessImageFileNameA
K32GetProcessImageFileNameW
K32GetProcessMemoryInfo
K32GetWsChanges
K32InitializeProcessForWsWatch
K32QueryWorkingSet

Quite easy so added i donot know which app require this only added in case someone need it.

I wanna add more function , if you guys and gals share some dependency issues

[Dibya]

Unfortunately my Kernel mod not working . I will send files to BWC let him check what wrong

 

I am asking many kernel modding experts for help. I believe they can help me to fix problem.

[LuckyCrydiaa]

3-4 Years later......

 

I found the code which is related to that GetThreadId error in kernel32.dll, using CFF Explorer i got to locate the API call, but however changing the name or function will still get me error 
"Entry Point Not Found", which means unlike the Extended Kernel in Vista which you can edit the functions on the Firefox executable, but on XP, not at all! I am using Windows XP Anime Edition SP4 upgraded for this investigation on Chrome 50

Edited November 13, 2020 by LuckyCrydiaa