Jump to content

ArcticFoxie/NotHereToPlayGames -- 360Chrome v13.5.2022 rebuild 3

NotHereToPlayGames
 Share

Recommended Posts


msfntor

msfntor

Posted
Posted
19 minutes ago, XPerceniol said:

Sorry, but I don't get the joke ??

Haha, I got tricked... I had this doctorwho.tv forbidden in uBlock, so why I didn't see anything posted by ArcticFoxie, so I thought I'd make a little joke of not posting anything like him, with this wink.... now this doctorwho is allowed here, so I can see his post!

2
Link to comment
Share on other sites
Skorpios

Skorpios

Posted
Posted (edited)

Well, the butchering/rebuilding/hacking of EE360 gave a new life to my Stinkpad T43 with 2GB RAM. I don't XPerience the slow loading of websites ending up in an errorpage that AstroSkipper mentioned in an earlier post.

Thank you everyone involved and a Happy New Year. :)

Cheers, Skorpios (leaving out 500 emojis) :cheerleader:

https://imgur.com/5FPDY29

 

 

Edited by Tommy
Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted (edited)
7 hours ago, AstroSkipper said:

@NotHereToPlayGames! As I reported weeks ago, I observed BSODs on my Windows XP system when starting one of the 360Chrome versions, caused by WiseVector StopX. Now, I checked the used memory addresses in my system and found out that WiseVector StopX loads the file WiseVectorHelperOne_X86.dll at the default address 0x10000000 of chrome.dll. I think that was the reason for the BSODs. Therefore, a rebasing of chrome.dll is mandatory for those Windows XP users who use WiseVector StopX. :yes:

Are you sure? Mozilla based browsers, which you use as well, have a bunch of DLLs with preferred base address 0x10000000. BSODs come from something going wrong in kernel space, although whether something in user space triggered that something is another question. Kinda doubt runtime rebasing is the main culprit, perhaps it just exposes a bigger problem.

Edited by UCyborg
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
1 hour ago, UCyborg said:

Are you sure? Mozilla based browsers, which you use as well, have a bunch of DLLs with preferred base address 0x10000000. BSODs come from something going wrong in kernel space, although whether something in user space triggered that something is another question. Kinda doubt runtime rebasing is the main culprit, perhaps it just exposes a bigger problem.

I had only BSODs in the past when starting one of the 360Chrome browsers which had a conflict with WiseVector StopX. Only a total exclusion of all 360Chrome installations in WiseVector StopX helped to avoid further BSODs. And I never had any other BSODs before. My system is flawless, so to speak, at least there are no discernible problems. I assume that rebasing chrome.dll might avoid such conflicts. In any case, I will test this again. BTW, I never said that rebasing is a culprit of whatever. Quite the opposite! I think you have misunderstood something.

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites
mixit

mixit

Posted
Posted
18 hours ago, NotHereToPlayGames said:

@mixit - how where you able to isolate the QR Code and Translate to English context menu entries?  Was there a specific software debugger you used?

I've been able to edit your build 2022 patches to work with build 1030 but I'd like to verify them with the method that you used as a compare/contrast.

Since I still use 1030, I actually used it to develop this patch before applying it to 2022. :)

So, for 1030:

Drop Share URL QR Code from Chrome mode page context menu:
89 F9 68 6D 1A 00 00 68 4F 81 00 00
EB 0F 68 6D 1A 00 00 68 4F 81 00 00

Drop Share URL QR Code from Chrome mode link context menu:
89 F1 68 6D 1A 00 00 68 50 81 00 00
EB 0F 68 6D 1A 00 00 68 50 81 00 00

Drop Share URL QR Code from IE mode page context menu:
6A 00 68 D5 08 00 00 FF 75 08 FF 15 E4 B1 EA 16
EB 5E 68 D5 08 00 00 FF 75 08 FF 15 E4 B1 EA 16

68 E4 25 00 00 FF 75 08 FF 15 E4 B1 EA 16
68 D5 08 00 00 FF 75 08 FF 15 E4 B1 EA 16

68 E4 25 00 00 FF 75 08 FF 15 64 B2 EA 16
68 D5 08 00 00 FF 75 08 FF 15 64 B2 EA 16

Drop Share URL QR Code from IE mode link context menu:
8D 7D E8 68 6D 1A 00 00 57 E8 41 58 17 FB
EB 3A 90 68 6D 1A 00 00 57 E8 41 58 17 FB

Drop Share URL QR Code from IE mode image link context menu:
8D 45 D8 68 6D 1A 00 00
EB 43 90 68 6D 1A 00 00

Drop Share image location from Chrome mode image context menu:
89 F9 68 6E 1A 00 00 68 51 81 00 00
EB 0F 68 6E 1A 00 00 68 51 81 00 00

Drop Share image location from IE mode image context menu:
6A 00 6A 0F 53 FF 15 E4 B1 EA 16 83 F8 FF 74 3C
EB 4A 6A 0F 53 FF 15 E4 B1 EA 16 83 F8 FF 74 3C

Drop Translate to English from Chrome mode page context menu:
8D 86 F0 02 00 00 50 E8 2F 9E 72 FE
E9 E6 00 00 00 90 50 E8 2F 9E 72 FE

As for your questions, I used the obvious suspect for such things. :D But its free version or Ghidra :ph34r: or OllyDbg should work just as well. Finding the locations isn't too hard with the source code for Chromium available, don't really need to decompile or use the debugger. It takes quite some time to disassemble/analyze a huge DLL like this one, though.

2
Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted (edited)
1 hour ago, AstroSkipper said:

BTW, I never said that rebasing is a culprit of whatever. Quite the opposite! I think you have misunderstood something.

Well, I meant that the OS will rebase in memory/pagefile when it's loaded if there's a conflict, that causing BSODs is really strange.

I tried WiseVector StopX really quick in a VM, couldn't install in that old messy XP x86 SP3 VM, the installer crashed, but I could load it on XP x64. Seems to put quite a strain on the CPU when Chrome does something, though I couldn't crash the system. Maybe I'll try again at some point with fresh XP SP3.

Edited by UCyborg
1
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
1 hour ago, UCyborg said:

Well, I meant that the OS will rebase in memory/pagefile when it's loaded if there's a conflict, that causing BSODs is really strange.

I thought Windows XP wouldn't be able to rebase dll files in its memory due to the lack of the ASLR feature and would always load these files to their predetermined addresses.  :dubbio:

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites
mixit

mixit

Posted
Posted (edited)

@NotHereToPlayGames @Humming Owl

I just remembered I forgot to report a yet another stray Chinese UI string I saw a while back. It shows up when downloading from a "dangerous" site; IIRC there was a certificate problem with a not at all suspicious podcast host when I saw it. I'm too lazy to look for a suitably problematic site right now, but you can simulate it if you search for
85 E4 00 00 00 8D 86 F8 02
in chrome.dll (2022) and temporarily replace that 85 there at the beginning with 84. Then when you hover over the d/l button, all downloads should be red and have that message attached (if the filename is too long, you can see it in the tooltip).
unsafedl.jpg
The string is "(来自危险网址)":
EF BC 88 E6 9D A5 E8 87 AA E5 8D B1 E9 99 A9 E7 BD 91 E5 9D 80 EF BC 89
A fairly literal translation would be " (from unsafe URL)      ". In any case, it's UTF-8, and should be padded with spaces to full length of 24. I also recommend starting with a space before the paren, because Chinese parentheses are double-width and have the space "built in".

Edited by mixit
2
Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted (edited)
6 hours ago, AstroSkipper said:

I thought Windows XP wouldn't be able to rebase dll files in its memory due to the lack of the ASLR feature and would always load these files to their predetermined addresses.  :dubbio:

It has to support rebasing due to Windows executable design, which is not position-independent. ASLR on Vista+ is just implemented in a way that when the DLL is first used (same should apply for EXEs), it will reuse the same random address in subsequent processes. Though looking at my Win10, this doesn't always seem to be the case, choosing two processes for comparison, one native executable and one .NET executable, the .NET one had differing addresses in two instances of the process.

DLLs had to have relocation tables in any case due to possibility of conflicts, old EXEs did not have them, they're always first inside the address, but since ASLR is the thing, EXEs have the relocation table well so they can be relocated freely inside address space by the ASLR feature.

Edit:

Quote

one native executable and one .NET executable

Perhaps .NET executables/images are different, but native .NET images might behave the same as normal native images, not sure.

Edited by UCyborg
1
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted
4 hours ago, mixit said:

@NotHereToPlayGames @Humming Owl

I just remembered I forgot to report a yet another stray Chinese UI string I saw a while back. It shows up when downloading from a "dangerous" site; IIRC there was a certificate problem with a not at all suspicious podcast host when I saw it. I'm too lazy to look for a suitably problematic site right now, but you can simulate it if you search for
85 E4 00 00 00 8D 86 F8 02
in chrome.dll (2022) and temporarily replace that 85 there at the beginning with 84. Then when you hover over the d/l button, all downloads should be red and have that message attached (if the filename is too long, you can see it in the tooltip).
unsafedl.jpg
The string is "(来自危险网址)":
EF BC 88 E6 9D A5 E8 87 AA E5 8D B1 E9 99 A9 E7 BD 91 E5 9D 80 EF BC 89
A fairly literal translation would be " (from unsafe URL)      ". In any case, it's UTF-8, and should be padded with spaces to full length of 24. I also recommend starting with a space before the paren, because Chinese parentheses are double-width and have the space "built in".

 

What do you have for these options?  The "unsafe" URL message tells me you have a third-party being contacted for each and every download!

image.png.d6879361448942565ef752bbac8452ff.png

Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted
19 hours ago, XPerceniol said:

Sorry, but I don't get the joke ??

That Dr. Who character is the best portrayal of "vanity of vanities".

Her name is Lady Cassandra.  She claims to be the last "pure" human.  But she's had so many surgeries performed over the years that she is nothing but the skin of a face stretched in a frame.

The world revolves around Cassandra.  Every other human still in existence is at her becking call to spritz her with a spray bottle of water so that she doesn't dry out.

She reminds me of people on this forum.  We are all just here minding our own business and yet some here are so into themselves that any and every move any of us makes is somehow turned and twisted into revolving around their own little universe.

I'd say it's fun to watch.  But it isn't.  Dr. Who, on the other hand, that is fun to watch!

3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...