Jump to content

Chrome 49 Update


sdfox7

Recommended Posts


If you're absolutely sure that it's a false positive, I suspect it's being flagged simply because the file has been modified.
I've made really simple modifications to files with Resource Hacker, and my AV (Trend Internet Security) has started flagging them as suspicious files.
I'm not sure what you can do about that.
:(
 

Link to comment
Share on other sites

I don't want to seem more grumpy than usual but what (the heck) is the problem? :w00t:

IF your modified kernel32.dll is tested, stable, verified to be working, etc. you can report the fact to the anti-virus vendors and - unless there is actually something malicious - they will normally whitelist the file.

IF instead it is a half-@§§ed, temporary, untested, only partially working version (let's call it Alpha or Beta) the (I presume restricted number of ) testers will know that it is a false positive and trust you more than the antivirus detection heuristics.

jaclaz


 

Link to comment
Share on other sites

 . There is no malicious things but some code from kernel32.dll of server 2008 sp2 r1

I got worried out , 360 Av which i installed in my test vm , it eaten all my modified files causing my pc to not start

Thanks a lot helping me . I donot know what wrong with AV softwares

Link to comment
Share on other sites

Unfortunately, modified system files are one thing that they are designed to check, as that could be a symptom of a virus attack of course.
Apart for manually white-listing the files in the AV software, I suspect that there is no ideal solution to this, the AV software is only doing its job!
:yes:
 

Link to comment
Share on other sites

6 hours ago, Dave-H said:

Unfortunately, modified system files are one thing that they are designed to check, as that could be a symptom of a virus attack of course.
Apart for manually white-listing the files in the AV software, I suspect that there is no ideal solution to this, the AV software is only doing its job!
:yes:
 

They should do their job... :lol:

Link to comment
Share on other sites

That's just one more reason to encapsulate modifications in a new executable and redirect/inject those in real time, without modifying system files.
Don't ask me how to do it: I don't know, but I do know it can be done. And that's the beauty of how Xeno86 implemented kEx in for 98/ME. :yes:

Link to comment
Share on other sites

On 8/27/2016 at 1:51 AM, dencorso said:

That's just one more reason to encapsulate modifications in a new executable and redirect/inject those in real time, without modifying system files.
Don't ask me how to do it: I don't know, but I do know it can be done. And that's the beauty of how Xeno86 implemented kEx in for 98/ME. :yes:

I wished to do like that unfortunately Xeno86 was not active since long

Link to comment
Share on other sites

18 hours ago, blackwingcat said:

bc82bd78.png

36.0.2130.80 :3

@Blackwingcat

Did you use the update mechanism within the Opera browser to get that 36.0.2130.80 version? The website is still serving the 36.0.2130.65 standalone version (at least to XP machines):

http://www.opera.com/computer/windows

http://www.opera.com/download/get/?id=39357&location=410&nothanks=yes&sub=marine

Link to comment
Share on other sites

My Opera 36 didn't update automatically, but it did update when I did a manual check by going to the "About Opera" page in the menu.

If that doesn't work for you, the latest version can be downloaded here.

You need the file whose name ends with "setup.exe".

:)

Link to comment
Share on other sites

I have made a Comp ability  layer with following components

kernel32.dll with following function

DecodePointer
EncodePointer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetThreadId
InitializeCriticalSectionEx
InitOnceExecuteOnce
SetThreadStackGuarantee

GetTickCount64

Prevented not a valid win32 Application

Updated C Run-time Components

i.Windows NT C++ Runtime Library DLL 7.0.6002.18005

ii.MFCDLL Shared Library - Retail Version 4.1.6151(ALL 4 DLLS)

iii.Windows NT IOStreams DLL 7.0.6000.16386

iv. Windows NT CRT DLL 7.0.6002.22755

I have to now debug this files then i have to test it in vm , if it work tomorrow surely i will post it here.

 

 

few more functions i have added :-

K32EnumProcesses
K32EmptyWorkingSet
K32EnumDeviceDrivers
K32EnumProcesses
K32EnumProcessModules
K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameA
K32GetDeviceDriverFileNameW
K32GetMappedFileNameA
K32GetMappedFileNameW
K32GetModuleBaseNameA
K32GetModuleBaseNameW
K32GetModuleFileNameExA
K32GetModuleFileNameExW
K32GetModuleInformation
K32GetPerformanceInfo
K32GetProcessImageFileNameA
K32GetProcessImageFileNameW
K32GetProcessMemoryInfo
K32GetWsChanges
K32InitializeProcessForWsWatch
K32QueryWorkingSet

Quite easy so added i donot know which app require this only added in case someone need it.

I wanna add more function , if you guys and gals share some dependency issues

Link to comment
Share on other sites

  • 4 years later...

3-4 Years later......

 

I found the code which is related to that GetThreadId error in kernel32.dll, using CFF Explorer i got to locate the API call, but however changing the name or function will still get me error 
"Entry Point Not Found", which means unlike the Extended Kernel in Vista which you can edit the functions on the Firefox executable, but on XP, not at all! I am using Windows XP Anime Edition SP4 upgraded for this investigation on Chrome 50

democrat.jpg

Edited by LuckyCrydiaa
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...