Jump to content

Zoom Cloud meetings on w2k Exkernel


Recommended Posts

Zoom cloud meetings 3.5.53922.620 will install without problems or necessary registry fakes on w2k exkernel.

Download link (I had to spend some time until I found it out):

https://zoom.us/client/3.5.53922.0620/ZoomInstaller.exe

It will install in documents and settings\*user*\Appdata\Zoom\bin.

Then we need to hexedit cmmlib.dll, XmppDll.dll, zVideoApp.dll, search for 3.5.53922.0620 and change these entries to the final version, now 4.6.19253.0401. Then the autoupdate function cannot replace the files with the newer ones which wont work. It should also be possible to install msi file with switch to diable autoupdate.

The Application works, there is only one bug left: screen sharing will not work. It produces Error message 105035 "please try later".

I also installed the program on Wxp32 and 64, there the screen sharing function works without error. My knowledge about screen sharing differencies between xp und 2kexkernel is not the best, perhaps some people here can help. I begged also blackwingcat with XP last version, but he did not answer.

What I did yet: there are no missing dependencies of the files in this version (only mpr.dll), except cpthost.exe is missing dependeny I_RpcBindingInqLocalClientPID (known to be buggy if added in exkernel). Patching cpthost.exe with wrapper rpcXP4.dll from winxp32 has no effect, error still present.

All files of zoom are digitally signed, but the signation ist not valid any more because of the time (certificate ended 2019). I consider this to be not a problem, because no other errors.

Any thoughts or comments appreciated!

Greetings Joe

 

 

Edited by JosefReisinger
Link to comment
Share on other sites


Problem solved, if the proper rpcrt4.dll is used. There are two versions of exkernel rpcrt4.dll, both version 5.0.2195.7291. One has I_RpcBindingInqLocalClientPID in it, the other one not. So always use all files of Exkernel and not only replace different version numbers!

Greeting Joe

Link to comment
Share on other sites

1 hour ago, Ximonite said:

Where could I download the rpcrt4.dll with I_RpcBindingInqLocalClientPID?

\It's in the exkernel v3.0e binary, which can be found on @i430VX's site. Not sure about the gameguard version.

Link to comment
Share on other sites

Perhaps there is a problem with d3d9. If I use exkernel v3.0e d3d9.dll with zoom cloud meeting, on my system the app gets buggy, screen flickering etc. So you can copy XP d3d9.dll (I used 5.3.2600.5512, but it should also work with 5.4.21.95.5513) into the zoom folder. The app will use this one.

Greetings Joe

Edited by JosefReisinger
Link to comment
Share on other sites

21 hours ago, win32 said:

Not sure about the gameguard version

I have been using the GameGuard version of the Extended Kernel and I_RpcBindingInqLocalClientPID is missing.

Link to comment
Share on other sites

Back to zoom investigation (error with black screen - screen sharing):

Investigation with Pe-Explorer:

CptHost.exe is loaded if video is started. If I click "share desktop", depending setupapi will load crypt32.dll, which will load msasn1.dll and wintrust.dll. Also, imagehlp.dll will be loaded. I tried to replace these with XP ones, no change. Also, changing of gdiplus will not resolve the black screen error with screen sharing.

Ivestigation with procmon:

zoom.exe will call msimtf, "create file mapping", and then has a lot of activities with zoomus.db in the data directory.

CptHost.exe will load d3d9.dll and has a lot of registry activities checking the graphic components.

So I think it will be necessary to debug CptHost.exe.

Greetings Joe

Link to comment
Share on other sites

If you need to replace crypt32.dll, you may also want to replace rsaenh.dll, schannel.dll and dssenh.dll. This would be the third program to have problems with BWC's versions of those files: Office 2007 for SHA-2 encrypted files, web browsers trying to run M$ Teams, and now Zoom.

Unfortunately, the XP versions of those files will break Outlook 2007.

Edited by win32
Link to comment
Share on other sites

14 hours ago, win32 said:

If you need to replace crypt32.dll, you may also want to replace rsaenh.dll, schannel.dll and dssenh.dll. This would be the third program to have problems with BWC's versions of those files: Office 2007 for SHA-2 encrypted files, web browsers trying to run M$ Teams, and now Zoom.

Unfortunately, the XP versions of those files will break Outlook 2007.

Thank you for your comment!

I changed crypt32 to XP, no effect, app works but screen sharing only seems to work - conference partner only sees black screen.

I think the problem could be related to graphics. In the middle of examing the graphic components, CptHost.exe will load vga.dll in XP. It will not do so in w2k exkernel. Perhaps the app needs vga service XP? I have uploaded the different outputs of procmon on w2k Exkernel and XP. Any help appreciated.

Greetings Joe

2kCptHostLogfile.xls

XP64CptHostLogfile.xls

Edited by JosefReisinger
Link to comment
Share on other sites

I would like to know the windows functions which are called by desktop sharing in the zoom app. Fortunally, the zoom sdk for windows is available in the net. Unfortunally, only the latest version and not v3.5.

For the more advanced it should be possible to program a proper app for w2k exkernel with visual studio 2008.

I found the source of screen sharing:

meeting_sharing_interface.h

Perhaps the more experienced users here can find out something, but I am not sure if this info is relevant.

Greetings Joe

Link to comment
Share on other sites

I disassembled CptHost.exe and got Imports and Exports.

CptHostImportsExports.txt

PE Explorer Disassembler found errors.

*Unexpected Opcode (mov r/n16,Sreg) at 0041C200h
*Line caused Error (F3 retn) at 0041BA14h

The interesting entry:

 L00401255:
          mov    eax,[ebp+08h]
          push    00000007h
          push    [eax+04h]
          push    [eax]
          call    [USER32.dll!GetDesktopWindow]
          push    eax
          call    [USER32.dll!ChildWindowFromPointEx]

 L0040126C:
          mov    edi,eax
 L0040126E:
          mov    eax,edi
          pop    edi
          pop    esi
          pop    ebp
          retn    0004h

 

Greetings Joe

 

 

Link to comment
Share on other sites

I debugged CptHost.exe with cdb.exe (old version): It seems that d3d9 is involved. d3d8thk.dll xpsp3 has function DdEntry1 ....10 in it,, d3d8thk.w2k does not, so if I use d3d8thk from XP, complaint about "missing dependency DdEntry1" in GDI32.DLL is the result.

Start Screen sharing:
0:004> g
Unknown exception - code 406d1388 (first chance)
ModLoad: 4fd50000 4fef6000   C:\Dokumente und Einstellungen\Administrator\A
ungsdaten\Zoom\bin\d3d9.dll
ModLoad: 01120000 01125000   C:\WINNT\system32\d3d8thk.dll
ModLoad: 768d0000 768fb000   C:\WINNT\system32\WINTRUST.dll
ModLoad: 799d0000 79a56000   C:\WINNT\system32\CRYPT32.dll
ModLoad: 77400000 77411000   C:\WINNT\system32\MSASN1.dll
ModLoad: 76c50000 76c78000   C:\WINNT\system32\IMAGEHLP.dll

If I close the app, CptHost.exe crashes:
Access violation - code c0000005 (first chance)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=001395f8 edi=000000
eip=7788f281 esp=0012fb68 ebp=0012fbc8 iopl=0         nv up ei pl nz na pe
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=000102
ntdll!RtlpWaitForCriticalSection+8a:
7788f281 ff4010           inc  dword ptr [eax+0x10] ds:0023:00000010=??????
0:000>

On "Exit" in systray, Zoom.exe will not shut down. One of two instances will stay. With XP, it will close all instances.

Now I need a hint of the more experienced users here: how do I find out "code 406d1388"? If I disassemble CptHost.exe, adresses are different.

Greetings Joe

Edited by JosefReisinger
Link to comment
Share on other sites

  • 2 weeks later...
On 4/24/2020 at 5:14 AM, JosefReisinger said:

@blackwingcat: did you get my email??

Greetings

Sorry, I missed your email for a long time.

Zoom version 3.5.71665.0713 and later are crashed cause of tp.dll

http://blog.livedoor.jp/blackwingcat/archives/1996464.html

Edited by blackwingcat
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...