KernelEx v4.5.2015.10 by jumper
2015-07-22
+ 69 new api's, 37 improved, 9 removed.
+ Support for implicit-only stubs (TBD: replace exception hack for
ImportPatcher with core.ini or per-app setting).
+ Prefix instruction added to beginning of all stubs in kexbases AND kexbasen
DS: (0x3e) for legacy stubs, ES: (0x26) for new stubs (implicit-only)
+ API logging reduced to KernelEx enhancements (non-STD) only.
Details by branch:
Core\
Resolver.cpp: ExportFromOrdinal() and ExportFromName() modified to ignore
implicit-only stubs when resolving explicitly
Changed usage of terms for "implicit"/"explicit" from
"static"/"dynamic" to "import"/"delay".
Kexcrt\
strcpy.c reverted to version 4.5.2
Common\
common.h "*UNIMPL_FUNC" macros prefixed with DS:
(opcode 0x3e) for creating import+delay (legacy) stubs.
common.h "*_UNIMPL_FUNC" macros prefixed with ES:
(opcode 0x26) for creating import-only stubs.
version.h renamed to kexversion.h to avoid conflict with
standard header file; all references updated.
ApiLibs\Kexbases\
Gdi32\Orhpans.cpp renamed to Orphans.cpp; updated reference in kexbases.dsp
Gdi32\Orhpans.h renamed to Orphans.h; updated references in kexbases.dsp, Orphans.cpp, GdiObjects.c
comctl32\: fixed warning in newclassreg.c and syslink.c by adding "#ifndef _WIN32_WINNT"
8 new Kernel32 stubs:
se_UNIMPL_FUNC(FindActCtxSectionGuid, 5, ERROR_NI); //f5e
rse_UNIMPL_FUNC(FindActCtxSectionStringW, 1, 5, 0 ); //o5e0
se_UNIMPL_FUNC(GetSystemWow64DirectoryA, 2, ERROR_NI); //z2e120 #65
se_UNIMPL_FUNC(GetSystemWow64DirectoryW, 2, ERROR_NI); //z2e120 #65 #304
se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointA, 3, ERROR_NI); //z3e120
se_UNIMPL_FUNC(GetVolumeNameForVolumeMountPointW, 3, ERROR_NI); //z3e120
se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameA, 4, ERROR_NI); //z4e120
se_UNIMPL_FUNC(GetVolumePathNamesForVolumeNameW, 4, ERROR_NI); //z4e120
2 removed Kernel32 stubs:
FindActCtxSectionGui_, FindActCtxSectionStrin_W
7 updated Kernel32 stubs (to return correct error values):
seUNIMPL_FUNC(CreateHardLinkA, 3, ERROR_NI);
seUNIMPL_FUNC(CreateHardLinkW, 3, ERROR_NI);
seUNIMPL_FUNC(ReplaceFileA, 6, ERROR_NI);
seUNIMPL_FUNC(ReplaceFileW, 6, ERROR_NI);
seUNIMPL_FUNC(GetProcessIoCounters, 2, ERROR_NI);
seUNIMPL_FUNC(GetComputerNameExA, 3, ERROR_NI);
seUNIMPL_FUNC(GetComputerNameExW, 3, ERROR_NI);
16 new Advapi32 stubs (plus 30 updated to return correct error values):
se_UNIMPL_FUNC(AddAccessAllowedAceEx, 5, ERROR_NI);
se_UNIMPL_FUNC(AddAccessDeniedAceEx, 5, ERROR_NI);
se_UNIMPL_FUNC(ChangeServiceConfig2A, 3, ERROR_NI);
se_UNIMPL_FUNC(ChangeServiceConfig2W, 3, ERROR_NI);
se_UNIMPL_FUNC(IsTokenRestricted, 1, ERROR_NI);
rs_UNIMPL_FUNC(LsaAddAccountRights, STATUS_NI, 4);
rs_UNIMPL_FUNC(LsaEnumerateAccountRights, STATUS_NI, 4);
rs_UNIMPL_FUNC(LsaFreeMemory, STATUS_NI, 1);
rs_UNIMPL_FUNC(LsaLookupNames, STATUS_NI, 5);
rs_UNIMPL_FUNC(LsaLookupNames2, STATUS_NI, 6);
rs_UNIMPL_FUNC(LsaLookupPrivilegeValue, STATUS_NI, 3);
rs_UNIMPL_FUNC(LsaLookupSids, STATUS_NI, 5);
rs_UNIMPL_FUNC(LsaQueryInformationPolicy, STATUS_NI, 3);
rs_UNIMPL_FUNC(QueryUsersOnEncryptedFile, ERROR_NI, 2);
rs_UNIMPL_FUNC(RegOpenUserClassesRoot, ERROR_NI, 4);
se_UNIMPL_FUNC(SetSecurityDescriptorControl, 3, ERROR_NI);
1 new Ntdll stub:
rse_UNIMPL_FUNC(NtSetInformationProcess, STATUS_NI, 4, ERROR_NI);
ApiLibs\Kexbases\
53 new Ntdll forwards:
_CIcos
_CIlog
_CIpow
_CIsin
_CIsqrt
__isascii
__iscsym
__iscsymf
__toascii
_atoi64
_ftol2
_ftol2_sse
_i64toa
_i64tow
_itow
_lfind
_ltoa
_ltow
_memccpy
_memicmp
_splitpath
_strlwr
_tolower
_toupper
_ui64toa
_ui64tow
_ultoa
_ultow
_wtoi64
_wtol
atan
ceil
cos
fabs
floor
iscntrl
isgraph
isprint
ispunct
isspace
isupper
iswalpha
iswdigit
iswlower
iswspace
iswxdigit
isxdigit
log
mbstowcs
sin
tan
wcscspn
wcstombs
7 removed Ntdll forwards (not in Msvcrt!):
_alloca_probe
_itoa_s
_vscwprintf
strcpy_s
wcscat_s
wcscpy_s
wcsnlen |
