Page 1 of 1 1
Topic Options
#214063 - 2022-03-18 11:22 AM Anyone game to test a new build?
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
...yes... it's been a while... but a ping by Allen woke me up ...
So here's a link to a test-version of 4.69:
KiXtart 4.69 test

This version recognizes Windows 11, Windows Server 2019, 2022 (and the builds in between) and it also features 2 new macros:
@RELEASEID (eg: 1909, 2003, etc)
@RELEASENAME eg: 21H2)

If nothing unexpected comes up, I'll share a final build shortly.

Top
#214064 - 2022-03-19 05:05 PM Re: Anyone game to test a new build? [Re: Ruud van Velsen]
Henriques Offline
Fresh Scripter

Registered: 2007-09-13
Posts: 38
@RELEASEID and @RELEASENAME are working correct. @PRODUCTTYPE is giving Windows 11 PRO which also is correct.
The only thing strange is that kix32.exe is now more than twice as big (bitwise).
Testing goes on.

Top
#214066 - 2022-03-23 12:38 PM Re: Anyone game to test a new build? [Re: Ruud van Velsen]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4671
Loc: The Netherlands
Nice. Will give it a go and post any feedback here.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#214067 - 2022-04-07 12:02 PM Re: Anyone game to test a new build? [Re: Mart]
Henriques Offline
Fresh Scripter

Registered: 2007-09-13
Posts: 38
I now found that kix32.exe a log-file makes in the temp-directory. So maybe the bigger size of the program has to do with a debug-version.
Top
#214068 - 2022-04-08 02:35 PM Re: Anyone game to test a new build? [Re: Henriques]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
Yep, the debug-build is slightly larger and indeed creates a log-file.
Top
#214128 - 2022-05-07 10:56 PM Re: Anyone game to test a new build? [Re: Ruud van Velsen]
DaveLipman Offline
Fresh Scripter

Registered: 2005-07-13
Posts: 32
Loc: NJ, USA
Dank Je -- Looked forward to this. ;-)
Top
#214138 - 2022-06-22 03:15 PM Re: Anyone game to test a new build? [Re: DaveLipman]
Flavien Offline
Getting the hang of it

Registered: 1999-07-21
Posts: 95
Loc: Geneva, Switzerland
I was surprised to see kix32.exe running on Win 11 ARM!

I tried with my most complex script, and got this error:

 Code:
---------------------------
Microsoft Visual C++ Runtime Library
---------------------------
Debug Error!

Program: Z:\KIX32.EXE

HEAP CORRUPTION DETECTED: after Normal block (#38939) at 0x096D94A0.
CRT detected that the application wrote to memory after end of heap buffer.


(Press Retry to debug the application)

---------------------------
Abort   Retry   Ignore   
---------------------------


After extracting the function, I've got this:

 Code:
---------------------------
Windows - Application Error
---------------------------
The instruction at 0x0000000077BBE658 referenced memory at 0x00000000FEFEFEFE. The memory could not be read.

Click on OK to terminate the program
---------------------------
OK   
---------------------------


The culprit:
 Code:
readvalue("HKLM\hardware\resourcemap\system resources\physical memory", ".Translated")

Top
#214139 - 2022-06-22 03:48 PM Re: Anyone game to test a new build? [Re: DaveLipman]
Flavien Offline
Getting the hang of it

Registered: 1999-07-21
Posts: 95
Loc: Geneva, Switzerland
(Posted this once already, not sure if it went nowhere or got duplicated)

FYI - Just tried 4.67 on Win 11 ARM (in a VM running on Parallels on a M1 Mac). Caught a bug running this:

 Code:
break on
readvalue("HKLM\hardware\resourcemap\system resources\physical memory", ".Translated")


 Code:
---------------------------
Windows - Application Error
---------------------------
The instruction at 0x000000007781E658 referenced memory at 0x00000000FEFEFEFE. The memory could not be read.


kixtart.log:
 Code:
2022/06/22 15:13:57.0122 -  Starting initialization.
2022/06/22 15:13:57.0122 -  OS Platform :  "NT " [2]
2022/06/22 15:13:57.0122 -  OS Major version:  [6]
2022/06/22 15:13:57.0122 -  OS Minor version:  [2]
2022/06/22 15:13:57.0137 -  Loaded  "C:\Windows\System32\ADVAPI32.dll"
2022/06/22 15:13:57.0137 -  Adjusted DACL
2022/06/22 15:13:57.0137 -  default locale :  "English"
2022/06/22 15:13:57.0137 -  set locale
2022/06/22 15:13:57.0137 -  decimal point :  "."
2022/06/22 15:13:57.0137 -  thousands separator :  ","
2022/06/22 15:13:57.0153 -  grouping :  "3;0"
2022/06/22 15:13:57.0153 -  negative sign :  "-"
2022/06/22 15:13:57.0153 -  digits :  "2"
2022/06/22 15:13:57.0153 -  leading zero :  "1"
2022/06/22 15:13:57.0153 -  negative number format :  "1"
2022/06/22 15:13:57.0153 -  Current console attribs [7]
2022/06/22 15:13:57.0169 -  Set console mode
2022/06/22 15:13:57.0169 -  Loaded  "C:\Windows\System32\KERNEL32.DLL"
2022/06/22 15:13:57.0169 -  Got console handle
2022/06/22 15:13:57.0169 -  Got menu handle
2022/06/22 15:13:57.0169 -  Set Ctrl handler
2022/06/22 15:13:57.0169 -  Initialized console
2022/06/22 15:13:57.0184 -  PATH :  "C:\Program Files\Parallels\Parallels Tools\Applications;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\flavien\AppData\Local\Microsoft\WindowsApps;"
2022/06/22 15:13:57.0184 -  argv0  "KIX32.EXE"
2022/06/22 15:13:57.0184 -  argv  "ram_size.kix" [1]
2022/06/22 15:13:57.0184 -  Trying LANA:
2022/06/22 15:13:57.0184 -  Trying LANA: [1]
2022/06/22 15:13:57.0184 -  Trying LANA: [2]
2022/06/22 15:13:57.0200 -  Trying LANA: [3]
2022/06/22 15:13:57.0200 -  Trying LANA: [4]
2022/06/22 15:13:57.0200 -  Trying LANA: [5]
2022/06/22 15:13:57.0200 -  Trying LANA: [6]
2022/06/22 15:13:57.0200 -  Found NIC address: "001C42D3E32A" [6]
2022/06/22 15:13:57.0200 -  Systemdir: "C:\Windows\system32"
2022/06/22 15:13:57.0216 -  Computername: "WIN11ARM"
2022/06/22 15:13:57.0216 -  Wusername: "flavien"
2022/06/22 15:13:57.0216 -  Loaded  "C:\Windows\SYSTEM32\NETAPI32.dll"
2022/06/22 15:13:57.0216 -  KXLM32: Loaded lib and pointers
2022/06/22 15:13:57.0216 -  Got SID "S-1-5-21-796517349-848208846-1737980647-1000"
2022/06/22 15:13:57.0216 -  Username: "flavien"
2022/06/22 15:13:57.0231 -  LogonDomain: "WIN11ARM"
2022/06/22 15:13:57.0231 -  LogonServer: "\\WIN11ARM"
2022/06/22 15:13:57.0231 -  Computername: "WIN11ARM"
2022/06/22 15:13:57.0231 -  Domain: "WORKGROUP"
2022/06/22 15:13:57.0231 -  Actual logonServer: "\\WIN11ARM"
2022/06/22 15:13:57.0231 -  Netlogon Drive: "\\WIN11ARM\NETLOGON\"
2022/06/22 15:13:57.0247 -  Got local network info
2022/06/22 15:13:57.0247 -  LogonMode : 
2022/06/22 15:13:57.0247 -  Real OS Major version:  [10]
2022/06/22 15:13:57.0247 -  Real OS Minor version: 
2022/06/22 15:13:57.0247 -  Real OS Build version:  [22598]
2022/06/22 15:13:57.0247 -  Current directory:  "Z:\"
2022/06/22 15:13:57.0247 -  About to process script:  "ram_size.kix"
2022/06/22 15:13:57.0262 -  Trying for script:  "ram_size.kix"
2022/06/22 15:13:57.0262 -  Opening: "ram_size.kix"
2022/06/22 15:13:57.0262 -  FQ ScriptName: "Z:\ram_size.kix"
2022/06/22 15:13:57.0262 -  ScriptLength:  [98]
2022/06/22 15:13:57.0262 -  Allocated scriptbuffer
2022/06/22 15:13:57.0262 -  Read script
2022/06/22 15:13:57.0278 -  Initialized script buffers
2022/06/22 15:13:57.0278 -  Tokenized script, lines: [4]
2022/06/22 15:13:57.0278 -  Strings
2022/06/22 15:13:57.0278 -  Initialized script
2022/06/22 15:13:57.0278 -  Start descent [5272312]


A longer script has a lot of these:
 Code:
---------------------------
Microsoft Visual C++ Runtime Library
---------------------------
Debug Error!

Program: Z:\KIX32.EXE

HEAP CORRUPTION DETECTED: after Normal block (#38937) at 0x097FD840.
CRT detected that the application wrote to memory after end of heap buffer.

Top
#214140 - 2022-06-22 03:58 PM Re: Anyone game to test a new build? [Re: DaveLipman]
Flavien Offline
Getting the hang of it

Registered: 1999-07-21
Posts: 95
Loc: Geneva, Switzerland
Me again, just realized that this forum section is moderated... Previous posts were about 4.69 (not 4.67, no problem with that version on W11 ARM).
Top
#214155 - 2022-08-17 10:07 PM Re: Anyone game to test a new build? [Re: Flavien]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
moderated? it is?
_________________________
!

download KiXnet

Top
#214156 - 2022-08-17 10:08 PM Re: Anyone game to test a new build? [Re: Lonkero]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
I do admit, someone (ehm) should update the downloads page...
_________________________
!

download KiXnet

Top
#214162 - 2022-09-12 04:52 PM Re: Anyone game to test a new build? [Re: Flavien]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
Ok, thanks for the report. Let me see if I can repro this on a test-ARM VM.
Top
#214163 - 2022-09-12 06:12 PM Re: Anyone game to test a new build? [Re: Flavien]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
Early digging indicates this isn't ARM-specific, but a bug related to registry values of type resource-list. No fix yet, but at least I know where to look now.
Top
#214164 - 2022-09-13 10:45 AM Re: Anyone game to test a new build? [Re: Flavien]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
Hi Flavien, thanks again for the report! This turned out to be a flat-out overflow bug in the handling of binary/resource type registry values. Replaced the code and the fix will be in 4.69. And along the lines I got to test KiX on ARM64 :-) If you find any more of these, let me know...
Top
#214165 - 2022-09-13 12:25 PM Re: Anyone game to test a new build? [Re: Ruud van Velsen]
Flavien Offline
Getting the hang of it

Registered: 1999-07-21
Posts: 95
Loc: Geneva, Switzerland
Thanks Ruud! I wish your source code was on GitHub, would be much easier to help you with this. And we could start working on KiX 2030, a refactor in rust (sorry, couldn't resist)
Top
#214166 - 2022-09-16 05:38 PM Re: Anyone game to test a new build? [Re: Flavien]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
KiX 2030.... now there's a thought...
If I was to keep things "consistent", it would actually have to be KiX 2061... :-)


Edited by Ruud van Velsen (2022-09-16 05:39 PM)

Top
#214168 - 2022-09-22 12:08 PM Re: Anyone game to test a new build? [Re: Lonkero]
HarrowCactus Offline
Fresh Scripter

Registered: 2006-04-12
Posts: 8
Loc: United Kingdom
Hi,
Mcafee End Point Security keeps deleting this version as it thinks it is malware :-

Adaptive Threat Protection repaired D:\utils\kix.net.exe TargetType, because its reputation (Known Malicious) is below the configured Clean threshold.

Threat category Malware Detected
Threat name ATP/Suspect!d6b12754465c
Threat type Trojan

Top
#214169 - 2022-09-22 01:23 PM (NA) Re: Anyone game to test a new build? [Re: HarrowCactus]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4372
Loc: New Jersey
First guess would be due to having debugging enabled. This isn't a production build yet, so you might need to make exceptions for it that you wouldn't for earlier versions.
_________________________
Actually I am a Rocket Scientist! \:D

Top
#214171 - 2022-09-26 04:45 PM Re: Anyone game to test a new build? [Re: HarrowCactus]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 382
Loc: Amsterdam, The Netherlands
So this sounds like the reputation of the exe (kix.net.exe in this case) was classified by McAfee ATP as "unknown". And apparently McAfee ATP in your environment is configured to treat those type of detections as suspicious/malicious and block them.

This is a common issue with dynamic application control solutions (such as McAfee ATP or Windows DAC) and applications that aren't used as much in the wide world (application reputation is based (amongst other things) on global usage metrics).

The way around is to configure the dac-solution to exclude the exe. If the exe is signed, you can use the signing cert for that. If not (as for example kix32...), you can use the hash.

For McAfee (or Trellix...) this is documented here: https://docs.trellix.com/bundle/endpoint...73E65B359C.html

Let me know if this helps.

Top
Page 1 of 1 1


Moderator:  ShaneEP, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 64 anonymous users online.
Newest Members
jtpk2022, Rayvenhaus, Insecurity, KGSOFT, fobrien
17791 Registered Users

Generated in 0.076 seconds in which 0.025 seconds were spent on a total of 13 queries. Zlib compression enabled.