LLXX Posted August 22, 2006 Posted August 22, 2006 (edited) Version 1.1 available for downloadAs mentioned in http://support.microsoft.com/?id=318293 Windows 98SE shell fails at trying to copy files over 2Gb. According to M$...This problem can occur because of a problem in the versions of the Shell32.dll file that are included with Windows 98 and Windows 98 Second Edition. The root cause is a generic file operation which is used by the shell in Windows 95/98 and Microsoft Windows NT 4.0 which interprets values that are greater than 2 GB as negative numbers....the problem is with shell32.dll.Unfortunately, M$ is only partially right. I've inspected and traced through the copying code in shell32.dll, and the actual problem seems to lie within the kernel itself, at the _llseek API.7FCEB349 mov [ebp+nNumberOfBytesToWrite], eax7FCEB34C mov eax, [edi+20h]7FCEB34F cmp eax, 30000h; over 192Kb in size?7FCEB354 jbe short 7FCEB386; no pre-enlargement if not7FCEB356 push ebx; iOrigin7FCEB357 mov ebx, ds:_llseek7FCEB35D push eax; lOffset7FCEB35E push [ebp+hDestFile]; hFile7FCEB361 call ebx; _llseek apparently has problems seeking over 2Gb7FCEB363 cmp eax, 0FFFFFFFFh7FCEB366 jz loc_0_7FCEB55D; fails here7FCEB36C push [ebp+hDestFile]; hFile7FCEB36F call ds:SetEndOfFile7FCEB375 test eax, eax7FCEB377 jz loc_0_7FCEB55D7FCEB37D push 0; iOrigin7FCEB37F push 0; lOffset7FCEB381 push [ebp+hDestFile]; hFile7FCEB384 call ebx; _llseekFor those that don't understand the above code, what it does is attempt to enlarge the destination file to the correct size by seeking to the source filesize and then setting the file's end there. Unfortunately, if the file is >2Gb, _llseek fails with "invalid parameter" error. Also note that unless the file is over 192Kb in size, no attempt to pre-enlarge is made - the file just enlarges automatically as data is written to it.Either the bug is with the _llseek function in the kernel and the code in shell32 is fine, or _llseek was designed to do that (i.e. interprets >2Gb as moving the file pointer backwards, but the pointer is already at the start of the file so it complains) and shell32 is flawed. I can see several possible fixes:1. Patch shell32.dll to use newer SetFilePointer function which uses 64-bit signed integers - difficult, but possibly the most "correct" solution.2. Patch kernel32.dll _llseek to interpret seeking from the beginning with a negative offset as a positive offset - moderate, might break some other apps, but what program would want to move the file pointer past the start of the file?3. Change conditional jump at 7FCEB354 to a permanent jump - easiest, but no more pre-enlargement - is pre-enlargement really needed?-------------------------------------------------------------------------------------------------Update:Fixed kernels:4.10.19984.10.20014.10.22224.10.22254.90.3000(kernels are too big to attach)Verification Tool:MAKE2GB.ZIP Edited December 9, 2010 by dencorso Made the MAKE2GB test app available again!
wizardofwindows Posted August 22, 2006 Posted August 22, 2006 conquering the 2gb barrier would be a plus with dvd use today.noting many new games etc. are well over 2gig.u da man.
Petr Posted August 22, 2006 Posted August 22, 2006 In Windows 2000 (beta), it seems to be this part of the source code:// initialzie the file to the full size // this takes 3 dos calls, so only do it if the file is big if (pfd->nFileSizeLow > (COPYMAXBUFFERSIZE * 3)) { // if there's a problem, bail if ((_llseek(hDest, pfd->nFileSizeLow, 0L) == HFILE_ERROR) || (!SetEndOfFile((HANDLE)hDest))) { iLastError = GetLastError(); goto ErrorOnWrite; } else { _llseek(hDest, 0, 0L); } }Petr
LLXX Posted August 22, 2006 Author Posted August 22, 2006 This problem was corrected in Windows Millennium Edition, Windows 2000, and Windows XP.If Windows 2000 uses_llseek and is able to copy files > 2Gb correctly, then the problem must reside in _llseek function in kernel32.dll.Also, would increasing the buffer size beyond the default 64k make for faster copying?
LLXX Posted August 22, 2006 Author Posted August 22, 2006 I've fixed _llseek, and it seems to work fine Maybe I'll experiment with different buffer sizes next...As usual, if you want a newer version or already modified kernel to be patched, just post.Once Kernel Update Project stabilises I'll probably fix the modified kernel from it.
the_guy Posted August 22, 2006 Posted August 22, 2006 Hey LLXX,If you get it working from the 313829 version, can you try patching the NT4 version from MS04-037 (with Active Desktop) as well?the_guy
Tihiy Posted August 22, 2006 Posted August 22, 2006 I haven't checked code, but project seems excellent.It is not needed to patch Kernel Update because it is patch itself and does not provide kernel32.dllBut patch 4.10.2225!
wizardofwindows Posted August 22, 2006 Posted August 22, 2006 (edited) thx u this is great u rock!! Edited August 22, 2006 by wizardofwindows
erpdude8 Posted August 22, 2006 Posted August 22, 2006 (edited) As mentioned in http://support.microsoft.com/?id=318293 Windows 98SE shell fails at trying to copy files over 2Gb. According to M$...This problem can occur because of a problem in the versions of the Shell32.dll file that are included with Windows 98 and Windows 98 Second Edition. The root cause is a generic file operation which is used by the shell in Windows 95/98 and Microsoft Windows NT 4.0 which interprets values that are greater than 2 GB as negative numbers....the problem is with shell32.dll.You also need to patch kernel32.dll version 4.10.1998 (and version 4.10.2001 from Q320798) for Win98 FE, LLXX. Let's not forget, the 2GB+ copy problem also occurs under Win98 FE as noted in MS article 318293.patching kernel32.dll files from Win95? I believe Win95 also has the 2GB+ copy problem but the Win95 kernel32.dll files are missing a bunch of functions that were included in the Win98 FE/SE versions of kernel32.dll files. Edited August 22, 2006 by erpdude8
MDGx Posted August 22, 2006 Posted August 22, 2006 Great work.Keep it up. Added link here [scroll under "Windows 98/98 SE/ME Updates + Patches"]:http://www.mdgx.com/Does it make sense to patch WinME kernel32.dll ?And I think it's a good idea to patch kernel32.dll 4.10.2225 .IMHO:When patching a system file that has already been patched previously, it's best to patch the newest build, which contains all previous patches.Patching the oldest file only takes care of the newest issue, but not any previous ones.Thanks for your time.
eidenk Posted August 22, 2006 Posted August 22, 2006 Does it make sense to patch WinME kernel32.dll ?I don't think so as it does not appear there is a problem with WinME. I have just created a 3.8GB archive and copied it over without problems. I have been using Windows ME since a few years in the erroneous belief that it wouldn't handle files over 2GB.
winxpi Posted August 22, 2006 Posted August 22, 2006 [1. Patch shell32.dll to use newer SetFilePointer function which uses 64-bit signed integers - difficult, but possibly the most "correct" solution.2. Patch kernel32.dll _llseek to interpret seeking from the beginning with a negative offset as a positive offset - moderate, might break some other apps, but what program would want to move the file pointer past the start of the file?3. Change conditional jump at 7FCEB354 to a permanent jump - easiest, but no more pre-enlargement - is pre-enlargement really needed?Super another barrier fell.I have some questions :Not so important but did you try the most "correct" solution modifing shell32.dll ?A better question :How can I "Change conditional jump at 7FCEB354 to a permanent jump" and witch file would I have to change to do this?thx again
LLXX Posted August 22, 2006 Author Posted August 22, 2006 (edited) The following patch requests have been listed:- NT4 kernel - I don't have NT4, if you have the file PM me and deposit it somewhere.- 4.10.2225 - Will do, http://www.mdgx.com/files/Q320798.EXE- 4.10.1998 - I don't have this file, nor 98FE.- 4.10.2001 - Will do, http://www.mdgx.com/files/Q320798.EXE- Win95 kernels - probably pointless, as 95's explorer.exe doesn't work correctly with large files anyway.- WinME - SHELL32.DLL probably changed to use SetFilePointer instead of flawed _llseek, may patch.I have created a simple test to see if _llseek API in your kernel is flawed:http://z11.zupload.com/file.php?filepath=40201All it does is attempt to create a file and then enlarge it to 2147483648 bytes via _llseek. It will report success or error depending on behavior of _llseek. (Delete the file after testing, it contains no useful data. Also ensure there is more than 2Gb of free space).A better question :How can I "Change conditional jump at 7FCEB354 to a permanent jump" and witch file would I have to change to do this?Open shell32.dll in a hex editor and go to .7FCEB354 (or 3B354, depending on the editor). The following bytes should be there:76 30 53 8b 1d 44 16 cb 7fChange it toeb 30 53 8b 1d 44 16 cb 7f(This is version 4.72.3612.1700, I don't know the exact location in other versions).Edit: fixed link Edited August 23, 2006 by LLXX
Philco Posted August 23, 2006 Posted August 23, 2006 ....I have created a simple test to see if _llseek API in your kernel is flawed:http://www.upload2.net/page/download/VYkEc...AKE2GB.ZIP.html...Please, file corrupted, hosting other server?
LLXX Posted August 23, 2006 Author Posted August 23, 2006 It seems so. I found another filehost... seems to be workinghttp://z11.zupload.com/file.php?filepath=40201
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now