|
|
|||||||
...yes... it's been a while... but a ping by Allen woke me up ... So here's a link to a test-version of 4.69: KiXtart 4.69 test This version recognizes Windows 11, Windows Server 2019, 2022 (and the builds in between) and it also features 2 new macros: @RELEASEID (eg: 1909, 2003, etc) @RELEASENAME eg: 21H2) If nothing unexpected comes up, I'll share a final build shortly. |
||||||||
|
|
|||||||
@RELEASEID and @RELEASENAME are working correct. @PRODUCTTYPE is giving Windows 11 PRO which also is correct. The only thing strange is that kix32.exe is now more than twice as big (bitwise). Testing goes on. |
||||||||
|
|
|||||||
Nice. Will give it a go and post any feedback here. |
||||||||
|
|
|||||||
I now found that kix32.exe a log-file makes in the temp-directory. So maybe the bigger size of the program has to do with a debug-version. |
||||||||
|
|
|||||||
Yep, the debug-build is slightly larger and indeed creates a log-file. |
||||||||
|
|
|||||||
Dank Je -- Looked forward to this. ;-) |
||||||||
|
|
|||||||
I was surprised to see kix32.exe running on Win 11 ARM! I tried with my most complex script, and got this error: Code: --------------------------- Microsoft Visual C++ Runtime Library --------------------------- Debug Error! Program: Z:\KIX32.EXE HEAP CORRUPTION DETECTED: after Normal block (#38939) at 0x096D94A0. CRT detected that the application wrote to memory after end of heap buffer. (Press Retry to debug the application) --------------------------- Abort Retry Ignore --------------------------- After extracting the function, I've got this: Code: --------------------------- Windows - Application Error --------------------------- The instruction at 0x0000000077BBE658 referenced memory at 0x00000000FEFEFEFE. The memory could not be read. Click on OK to terminate the program --------------------------- OK --------------------------- The culprit: Code: readvalue("HKLM\hardware\resourcemap\system resources\physical memory", ".Translated") |
||||||||
|
|
|||||||
(Posted this once already, not sure if it went nowhere or got duplicated) FYI - Just tried 4.67 on Win 11 ARM (in a VM running on Parallels on a M1 Mac). Caught a bug running this: Code: break on readvalue("HKLM\hardware\resourcemap\system resources\physical memory", ".Translated") Code: --------------------------- Windows - Application Error --------------------------- The instruction at 0x000000007781E658 referenced memory at 0x00000000FEFEFEFE. The memory could not be read. kixtart.log: Code: 2022/06/22 15:13:57.0122 - Starting initialization. 2022/06/22 15:13:57.0122 - OS Platform : "NT " [2] 2022/06/22 15:13:57.0122 - OS Major version: [6] 2022/06/22 15:13:57.0122 - OS Minor version: [2] 2022/06/22 15:13:57.0137 - Loaded "C:\Windows\System32\ADVAPI32.dll" 2022/06/22 15:13:57.0137 - Adjusted DACL 2022/06/22 15:13:57.0137 - default locale : "English" 2022/06/22 15:13:57.0137 - set locale 2022/06/22 15:13:57.0137 - decimal point : "." 2022/06/22 15:13:57.0137 - thousands separator : "," 2022/06/22 15:13:57.0153 - grouping : "3;0" 2022/06/22 15:13:57.0153 - negative sign : "-" 2022/06/22 15:13:57.0153 - digits : "2" 2022/06/22 15:13:57.0153 - leading zero : "1" 2022/06/22 15:13:57.0153 - negative number format : "1" 2022/06/22 15:13:57.0153 - Current console attribs [7] 2022/06/22 15:13:57.0169 - Set console mode 2022/06/22 15:13:57.0169 - Loaded "C:\Windows\System32\KERNEL32.DLL" 2022/06/22 15:13:57.0169 - Got console handle 2022/06/22 15:13:57.0169 - Got menu handle 2022/06/22 15:13:57.0169 - Set Ctrl handler 2022/06/22 15:13:57.0169 - Initialized console 2022/06/22 15:13:57.0184 - PATH : "C:\Program Files\Parallels\Parallels Tools\Applications;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\flavien\AppData\Local\Microsoft\WindowsApps;" 2022/06/22 15:13:57.0184 - argv0 "KIX32.EXE" 2022/06/22 15:13:57.0184 - argv "ram_size.kix" [1] 2022/06/22 15:13:57.0184 - Trying LANA: 2022/06/22 15:13:57.0184 - Trying LANA: [1] 2022/06/22 15:13:57.0184 - Trying LANA: [2] 2022/06/22 15:13:57.0200 - Trying LANA: [3] 2022/06/22 15:13:57.0200 - Trying LANA: [4] 2022/06/22 15:13:57.0200 - Trying LANA: [5] 2022/06/22 15:13:57.0200 - Trying LANA: [6] 2022/06/22 15:13:57.0200 - Found NIC address: "001C42D3E32A" [6] 2022/06/22 15:13:57.0200 - Systemdir: "C:\Windows\system32" 2022/06/22 15:13:57.0216 - Computername: "WIN11ARM" 2022/06/22 15:13:57.0216 - Wusername: "flavien" 2022/06/22 15:13:57.0216 - Loaded "C:\Windows\SYSTEM32\NETAPI32.dll" 2022/06/22 15:13:57.0216 - KXLM32: Loaded lib and pointers 2022/06/22 15:13:57.0216 - Got SID "S-1-5-21-796517349-848208846-1737980647-1000" 2022/06/22 15:13:57.0216 - Username: "flavien" 2022/06/22 15:13:57.0231 - LogonDomain: "WIN11ARM" 2022/06/22 15:13:57.0231 - LogonServer: "\\WIN11ARM" 2022/06/22 15:13:57.0231 - Computername: "WIN11ARM" 2022/06/22 15:13:57.0231 - Domain: "WORKGROUP" 2022/06/22 15:13:57.0231 - Actual logonServer: "\\WIN11ARM" 2022/06/22 15:13:57.0231 - Netlogon Drive: "\\WIN11ARM\NETLOGON\" 2022/06/22 15:13:57.0247 - Got local network info 2022/06/22 15:13:57.0247 - LogonMode : 2022/06/22 15:13:57.0247 - Real OS Major version: [10] 2022/06/22 15:13:57.0247 - Real OS Minor version: 2022/06/22 15:13:57.0247 - Real OS Build version: [22598] 2022/06/22 15:13:57.0247 - Current directory: "Z:\" 2022/06/22 15:13:57.0247 - About to process script: "ram_size.kix" 2022/06/22 15:13:57.0262 - Trying for script: "ram_size.kix" 2022/06/22 15:13:57.0262 - Opening: "ram_size.kix" 2022/06/22 15:13:57.0262 - FQ ScriptName: "Z:\ram_size.kix" 2022/06/22 15:13:57.0262 - ScriptLength: [98] 2022/06/22 15:13:57.0262 - Allocated scriptbuffer 2022/06/22 15:13:57.0262 - Read script 2022/06/22 15:13:57.0278 - Initialized script buffers 2022/06/22 15:13:57.0278 - Tokenized script, lines: [4] 2022/06/22 15:13:57.0278 - Strings 2022/06/22 15:13:57.0278 - Initialized script 2022/06/22 15:13:57.0278 - Start descent [5272312] A longer script has a lot of these: Code: --------------------------- Microsoft Visual C++ Runtime Library --------------------------- Debug Error! Program: Z:\KIX32.EXE HEAP CORRUPTION DETECTED: after Normal block (#38937) at 0x097FD840. CRT detected that the application wrote to memory after end of heap buffer. |
||||||||
|
|
|||||||
Me again, just realized that this forum section is moderated... Previous posts were about 4.69 (not 4.67, no problem with that version on W11 ARM). |
||||||||
|
|
|||||||
moderated? it is? |
||||||||
|
|
|||||||
I do admit, someone (ehm) should update the downloads page... |
||||||||
|
|
|||||||
Ok, thanks for the report. Let me see if I can repro this on a test-ARM VM. |
||||||||
|
|
|||||||
Early digging indicates this isn't ARM-specific, but a bug related to registry values of type resource-list. No fix yet, but at least I know where to look now. |
||||||||
|
|
|||||||
Hi Flavien, thanks again for the report! This turned out to be a flat-out overflow bug in the handling of binary/resource type registry values. Replaced the code and the fix will be in 4.69. And along the lines I got to test KiX on ARM64 :-) If you find any more of these, let me know... |
||||||||
|
|
|||||||
Thanks Ruud! I wish your source code was on GitHub, would be much easier to help you with this. And we could start working on KiX 2030, a refactor in rust (sorry, couldn't resist) |
||||||||
|
|
|||||||
KiX 2030.... now there's a thought... If I was to keep things "consistent", it would actually have to be KiX 2061... :-) |
||||||||
|
|
|||||||
Hi, Mcafee End Point Security keeps deleting this version as it thinks it is malware :- Adaptive Threat Protection repaired D:\utils\kix.net.exe TargetType, because its reputation (Known Malicious) is below the configured Clean threshold. Threat category Malware Detected Threat name ATP/Suspect!d6b12754465c Threat type Trojan |
||||||||
|
|
|||||||
First guess would be due to having debugging enabled. This isn't a production build yet, so you might need to make exceptions for it that you wouldn't for earlier versions. |
||||||||
|
|
|||||||
So this sounds like the reputation of the exe (kix.net.exe in this case) was classified by McAfee ATP as "unknown". And apparently McAfee ATP in your environment is configured to treat those type of detections as suspicious/malicious and block them. This is a common issue with dynamic application control solutions (such as McAfee ATP or Windows DAC) and applications that aren't used as much in the wide world (application reputation is based (amongst other things) on global usage metrics). The way around is to configure the dac-solution to exclude the exe. If the exe is signed, you can use the signing cert for that. If not (as for example kix32...), you can use the hash. For McAfee (or Trellix...) this is documented here: https://docs.trellix.com/bundle/endpoint...73E65B359C.html Let me know if this helps. |