KernelEx v4.5.2015.10 by jumper 2015-07-22 + 69 new api's, 37 improved, 9 removed. + Support for implicit-only stubs (TBD: replace exception hack for ImportPatcher with core.ini or per-app setting). + Prefix instruction added to beginning of all stubs in kexbases AND kexbasen DS: (0x3e) for legacy stubs, ES: (0x26) for new stubs (implicit-only) + API logging reduced to KernelEx enhancements (non-STD) only. Details by branch: Core\ Resolver.cpp: ExportFromOrdinal() and ExportFromName() modified to ignore implicit-only stubs when resolving explicitly Changed usage of terms for "implicit"/"explicit" from "static"/"dynamic" to "import"/"delay". Kexcrt\ strcpy.c reverted to version 4.5.2 Common\ common.h "*UNIMPL_FUNC" macros prefixed with DS: (opcode 0x3e) for creating import+delay (legacy) stubs. common.h "*_UNIMPL_FUNC" macros prefixed with ES: (opcode 0x26) for creating import-only stubs. version.h renamed to kexversion.h to avoid conflict with standard header file; all references updated. ApiLibs\Kexbases\ Gdi32\Orhpans.cpp renamed to Orphans.cpp; updated reference in kexbases.dsp Gdi32\Orhpans.h renamed to Orphans.h; updated references in kexbases.dsp, Orphans.cpp, GdiObjects.c comctl32\: fixed warning in newclassreg.c and syslink.c by adding "#ifndef _WIN32_WINNT" 8 new Kernel32 stubs: se_UNIMPL_FUNC(FindActCtxSectionGuid, 5, ERROR_NI); //f5e rse_UNIMPL_FUNC(FindActCtxSectionStringW, 1, 5, 0 ); //o5e0 se_UNIMPL_FUNC(GetSystemWow64DirectoryA, 2, ERROR_NI); //z2e120 #65 se_UNIMPL_FUNC(GetSystemWow64DirectoryW, 2, ERROR_NI); //z2e120 #65 #304 se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointA, 3, ERROR_NI); //z3e120 se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointW, 3, ERROR_NI); //z3e120 se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameA, 4, ERROR_NI); //z4e120 se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameW, 4, ERROR_NI); //z4e120 2 removed Kernel32 stubs: FindActCtxSectionGui_, FindActCtxSectionStrin_W 7 updated Kernel32 stubs (to return correct error values): seUNIMPL_FUNC(CreateHardLinkA, 3, ERROR_NI); seUNIMPL_FUNC(CreateHardLinkW, 3, ERROR_NI); seUNIMPL_FUNC(ReplaceFileA, 6, ERROR_NI); seUNIMPL_FUNC(ReplaceFileW, 6, ERROR_NI); seUNIMPL_FUNC(GetProcessIoCounters, 2, ERROR_NI); seUNIMPL_FUNC(GetComputerNameExA, 3, ERROR_NI); seUNIMPL_FUNC(GetComputerNameExW, 3, ERROR_NI); 16 new Advapi32 stubs (plus 30 updated to return correct error values): se_UNIMPL_FUNC(AddAccessAllowedAceEx, 5, ERROR_NI); se_UNIMPL_FUNC(AddAccessDeniedAceEx, 5, ERROR_NI); se_UNIMPL_FUNC(ChangeServiceConfig2A, 3, ERROR_NI); se_UNIMPL_FUNC(ChangeServiceConfig2W, 3, ERROR_NI); se_UNIMPL_FUNC(IsTokenRestricted, 1, ERROR_NI); rs_UNIMPL_FUNC(LsaAddAccountRights, STATUS_NI, 4); rs_UNIMPL_FUNC(LsaEnumerateAccountRights, STATUS_NI, 4); rs_UNIMPL_FUNC(LsaFreeMemory, STATUS_NI, 1); rs_UNIMPL_FUNC(LsaLookupNames, STATUS_NI, 5); rs_UNIMPL_FUNC(LsaLookupNames2, STATUS_NI, 6); rs_UNIMPL_FUNC(LsaLookupPrivilegeValue, STATUS_NI, 3); rs_UNIMPL_FUNC(LsaLookupSids, STATUS_NI, 5); rs_UNIMPL_FUNC(LsaQueryInformationPolicy, STATUS_NI, 3); rs_UNIMPL_FUNC(QueryUsersOnEncryptedFile, ERROR_NI, 2); rs_UNIMPL_FUNC(RegOpenUserClassesRoot, ERROR_NI, 4); se_UNIMPL_FUNC(SetSecurityDescriptorControl, 3, ERROR_NI); 1 new Ntdll stub: rse_UNIMPL_FUNC(NtSetInformationProcess, STATUS_NI, 4, ERROR_NI); ApiLibs\Kexbases\ 53 new Ntdll forwards: _CIcos _CIlog _CIpow _CIsin _CIsqrt __isascii __iscsym __iscsymf __toascii _atoi64 _ftol2 _ftol2_sse _i64toa _i64tow _itow _lfind _ltoa _ltow _memccpy _memicmp _splitpath _strlwr _tolower _toupper _ui64toa _ui64tow _ultoa _ultow _wtoi64 _wtol atan ceil cos fabs floor iscntrl isgraph isprint ispunct isspace isupper iswalpha iswdigit iswlower iswspace iswxdigit isxdigit log mbstowcs sin tan wcscspn wcstombs 7 removed Ntdll forwards (not in Msvcrt!): _alloca_probe _itoa_s _vscwprintf strcpy_s wcscat_s wcscpy_s wcsnlen |