Solved

Win16 apps loose time sync in NT (WOWEXEC.EXE Bug?)

Posted on 1998-09-10
9
943 Views
Last Modified: 2010-05-18
The Problem:
0
Comment
Question by:ramsoft
  • 4
  • 4
9 Comments
 
LVL 3

Expert Comment

by:a111a111a111
ID: 1434104
I found it in the www.developer.com

Maybe it will give you a direction.

http://www.developer.com/reference/library/067231066x/ch15.htm

SOLUTIONS: Why does it take so long to launch my 16-bit Windows
applications on my server? By default, the Windows-on-Windows
(WOW) function does not start on a server until an application that is using it starts.
 Then, after it starts, it will stay in memory ready to be used until the system is restarted. On a Workstation, the WOW files are automatically launched at startup. If you are going to be using 16-bit Windows applications at your server, and you want them to launch faster, change the Registry. The value to change is in  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ WinLogon. In the Userinit value, add the
following text to the rest of the data.
  ,win.com wowexec
  With the data in the value, it will look like Figure 15.3, and the server will start your 16-bit Windows applications faster.

http://www.developer.com/reference/library/067231066x/art/15/15tcr03.jpg
0
 
LVL 5

Expert Comment

by:Mujeeb082598
ID: 1434105
Hi :)

As i said to u before the only way till MS comes up with this limitation u have to do the way u are doing it or as i suggested to u in other answer that u write 32bit application whoes prime directive is to read the system time and dump it to a file from where your 16 bit application can read the file and initialise the time.

That is if u can modify your applications and if not then have another small 16 bit application whose prime directive is to read the time and inistialise it which then seen by all other applications running under the same wow.

I have reverse engineered the ntvdm.exe and it is a 32 bit application which is emulating a 16bit environment.

As i said before that it initialises the BiosDataArea for the timer when it loads new 16 bit application with the system time. This process of setting up the environment is done using the 32 bit calls from the following dll's

+++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++
Number of Imported Modules =    5 (decimal)
   Import Module 001: KERNEL32.dll
   Import Module 002: ntdll.dll
   Import Module 003: ADVAPI32.dll
   Import Module 004: GDI32.dll
   Import Module 005: USER32.dll

All the time related functions are called from kernal32.dll anyway here are all the function that are called from kernal32.dll by ntvdm.dll

   Import Module 001: KERNEL32.dll

 Addr:000552EE hint(0135) Name: GetSystemTime
 Addr:000552FE hint(00EE) Name: GetFileTime
 Addr:0005530C hint(0109) Name: GetOEMCP
 Addr:00055318 hint(00E1) Name: GetEnvironmentStrings
 Addr:00055330 hint(0097) Name: FreeEnvironmentStringsW
 Addr:0005534C hint(00E3) Name: GetEnvironmentStringsW
 Addr:00055366 hint(0271) Name: WideCharToMultiByte
 Addr:0005537C hint(00A3) Name: GetCPInfo
 Addr:00055388 hint(0096) Name: FreeEnvironmentStringsA
 Addr:000553A4 hint(01AC) Name: MultiByteToWideChar
 Addr:000553BA hint(021E) Name: SetHandleCount
 Addr:000553D0 hint(00EF) Name: GetFileType
 Addr:000553DE hint(012A) Name: GetStdHandle
 Addr:000553EE hint(0128) Name: GetStartupInfoA
 Addr:00055400 hint(016C) Name: HeapDestroy
 Addr:0005540E hint(016A) Name: HeapCreate
 Addr:00055420 hint(009D) Name: GetACP
 Addr:0005542C hint(00D3) Name: GetCurrentProcess
 Addr:00055440 hint(016E) Name: HeapFree
 Addr:0005544C hint(025E) Name: VirtualAlloc
 Addr:0005545C hint(0116) Name: GetProcAddress
 Addr:00055470 hint(0191) Name: LoadLibraryA
 Addr:00055480 hint(018E) Name: LCMapStringA
 Addr:00055490 hint(018F) Name: LCMapStringW
 Addr:000554A0 hint(00F4) Name: GetLastError
 Addr:000554B0 hint(01D7) Name: ReadFile
 Addr:000554C0 hint(008E) Name: FlushFileBuffers
 Addr:000554D4 hint(012B) Name: GetStringTypeA
 Addr:000554E6 hint(012E) Name: GetStringTypeW
 Addr:000554F8 hint(021C) Name: SetFilePointer
 Addr:0005550A hint(0018) Name: CloseHandle
 Addr:00055518 hint(022C) Name: SetStdHandle
 Addr:00055528 hint(00FC) Name: GetModuleFileNameA
 Addr:00055540 hint(0253) Name: UnhandledExceptionFilter
 Addr:0005555C hint(0168) Name: HeapAlloc
 Addr:00055570 hint(0249) Name: TerminateProcess
 Addr:00055584 hint(006B) Name: ExitProcess
 Addr:00055592 hint(00AA) Name: GetCommandLineA
 Addr:000555A4 hint(01E7) Name: RtlUnwind
 Addr:000555B0 hint(014C) Name: GetVersion
 Addr:000555C0 hint(0261) Name: VirtualFree
 Addr:000555CE hint(027E) Name: WriteFile
 Addr:000555E0 hint(0216) Name: SetErrorMode
 Addr:000555F0 hint(0133) Name: GetSystemInfo
 Addr:00055600 hint(00F5) Name: GetLocalTime
 Addr:00055610 hint(0242) Name: Sleep
 Addr:00055618 hint(0043) Name: CreateThread
 Addr:00055628 hint(0179) Name: InitializeCriticalSection
 Addr:00055648 hint(002E) Name: CreateEventA
 Addr:00055658 hint(026E) Name: WaitForSingleObjectEx
 Addr:00055670 hint(00D6) Name: GetCurrentThreadId
 Addr:00055686 hint(0236) Name: SetThreadPriority
 Addr:0005569A hint(006C) Name: ExitThread
 Addr:000556A8 hint(0217) Name: SetEvent
 Addr:000556B4 hint(00FE) Name: GetModuleHandleA
 Addr:000556C8 hint(01CA) Name: RaiseException
 Addr:000556DA hint(0093) Name: FormatMessageA
 Addr:000556EC hint(0103) Name: GetNextVDMCommand
 Addr:00055700 hint(0227) Name: SetPriorityClass
 Addr:00055714 hint(010B) Name: GetPriorityClass
 Addr:00055728 hint(00ED) Name: GetFileSize
 Addr:00055736 hint(0031) Name: CreateFileA
 Addr:00055744 hint(0131) Name: GetSystemDirectoryA
 Addr:0005575A hint(024B) Name: TlsAlloc
 Addr:00055766 hint(007E) Name: FindClose
 Addr:00055772 hint(0082) Name: FindFirstFileA
 Addr:00055784 hint(0221) Name: SetLastError
 Addr:00055794 hint(0181) Name: IsBadCodePtr
 Addr:000557A4 hint(0050) Name: DeviceIoControl
 Addr:000557B6 hint(024E) Name: TlsSetValue
 Addr:000557C4 hint(024D) Name: TlsGetValue
 Addr:000557D2 hint(026D) Name: WaitForSingleObject
 Addr:000557E8 hint(01C2) Name: PulseEvent
 Addr:000557F6 hint(0145) Name: GetTickCount
 Addr:00055806 hint(01E4) Name: ResumeThread
 Addr:00055816 hint(0055) Name: DuplicateHandle
 Addr:00055828 hint(00D5) Name: GetCurrentThread
 Addr:0005583C hint(006D) Name: ExitVDM
 Addr:00055846 hint(006A) Name: EscapeCommFunction
 Addr:0005585C hint(0015) Name: ClearCommBreak
 Addr:0005586E hint(01ED) Name: SetCommBreak
 Addr:0005587E hint(01F1) Name: SetCommTimeouts
 Addr:00055890 hint(00A9) Name: GetCommTimeouts
 Addr:000558A2 hint(023E) Name: SetupComm
 Addr:000558AE hint(01F0) Name: SetCommState
 Addr:000558BE hint(00A8) Name: GetCommState
 Addr:000558CE hint(004C) Name: DeleteCriticalSection
 Addr:000558E6 hint(026B) Name: WaitForMultipleObjects
 Addr:00055900 hint(0016) Name: ClearCommError
 Addr:00055912 hint(010A) Name: GetOverlappedResult
 Addr:00055928 hint(0190) Name: LeaveCriticalSection
 Addr:00055940 hint(0058) Name: EnterCriticalSection
 Addr:00055958 hint(01BB) Name: OutputDebugStringA
 Addr:0005596E hint(01FB) Name: SetConsoleDisplayMode
 Addr:00055986 hint(00C0) Name: GetConsoleDisplayMode
 Addr:0005599E hint(0201) Name: SetConsoleKeyShortcuts
 Addr:000559B8 hint(020B) Name: SetConsoleTitleA
 Addr:000559CC hint(020F) Name: SetCurrentDirectoryA
 Addr:000559E4 hint(0214) Name: SetEnvironmentVariableA
 Addr:000559FE hint(00D4) Name: GetCurrentProcessId
 Addr:00055A14 hint(00CC) Name: GetConsoleTitleA
 Addr:00055A28 hint(013F) Name: GetThreadContext
 Addr:00055A3C hint(0161) Name: GlobalMemoryStatus
 Addr:00055A52 hint(00CA) Name: GetConsoleOutputCP
 Addr:00055A68 hint(00C3) Name: GetConsoleHardwareState
 Addr:00055A82 hint(00CB) Name: GetConsoleScreenBufferInfo
 Addr:00055AA0 hint(01F9) Name: SetConsoleCursorInfo
 Addr:00055AB8 hint(01FD) Name: SetConsoleHardwareState
 Addr:00055AD2 hint(01FA) Name: SetConsoleCursorPosition
 Addr:00055AEE hint(0278) Name: WriteConsoleOutputA
 Addr:00055B04 hint(020D) Name: SetConsoleWindowInfo
 Addr:00055B1C hint(0209) Name: SetConsoleScreenBufferSize
 Addr:00055B3A hint(01DB) Name: RegisterConsoleVDM
 Addr:00055B50 hint(01D0) Name: ReadConsoleOutputA
 Addr:00055B66 hint(00BF) Name: GetConsoleCursorInfo
 Addr:00055B7E hint(0204) Name: SetConsoleMode
 Addr:00055B90 hint(00C9) Name: GetConsoleMode
 Addr:00055BA2 hint(01F4) Name: SetConsoleActiveScreenBuffer
 Addr:00055BC2 hint(0079) Name: FillConsoleOutputAttribute
 Addr:00055BE0 hint(007A) Name: FillConsoleOutputCharacterA
 Addr:00055BFE hint(0150) Name: GetVolumeInformationW
 Addr:00055C16 hint(00DE) Name: GetDiskFreeSpaceW
 Addr:00055C2A hint(00E0) Name: GetDriveTypeW
 Addr:00055C3A hint(01E2) Name: RemoveDirectoryW
 Addr:00055C4E hint(002D) Name: CreateDirectoryW
 Addr:00055C62 hint(0088) Name: FindNextFileW
 Addr:00055C80 hint(0085) Name: FindFirstFileW
 Addr:00055C92 hint(01A9) Name: MoveFileExW
 Addr:00055CA0 hint(004F) Name: DeleteFileW
 Addr:00055CAE hint(00AF) Name: GetComputerNameW
 Addr:00055CC8 hint(021B) Name: SetFileAttributesW
 Addr:00055CDE hint(0034) Name: CreateFileW
 Addr:00055CEC hint(0127) Name: GetShortPathNameW
 Addr:00055D00 hint(006E) Name: ExpandEnvironmentStringsA
 Addr:00055D1C hint(01EC) Name: SearchPathW
 Addr:00055D2A hint(0171) Name: HeapReAlloc
 Addr:00055D38 hint(00EB) Name: GetFileAttributesW
 Addr:00055D4E hint(003D) Name: CreateProcessA
 Addr:00055D60 hint(00E6) Name: GetExitCodeProcess
 Addr:00055D76 hint(00A1) Name: GetBinaryTypeA
 Addr:00055D88 hint(00C7) Name: GetConsoleKeyboardLayoutNameA
 Addr:00055DA8 hint(00BA) Name: GetConsoleCP
 Addr:00055DB8 hint(013B) Name: GetTempFileNameA
 Addr:00055DCC hint(024A) Name: TerminateThread
 Addr:00055DE0 hint(0126) Name: GetShortPathNameA
 Addr:00055DF8 hint(013D) Name: GetTempPathA
 Addr:00055E08 hint(00F6) Name: GetLocaleInfoA
 Addr:00055E20 hint(004E) Name: DeleteFileA
 Addr:00055E2E hint(00E4) Name: GetEnvironmentVariableA
 Addr:00055E48 hint(023A) Name: SetVDMCurrentDirectories
 Addr:00055E64 hint(01A2) Name: LockFile
 Addr:00055E70 hint(0254) Name: UnlockFile
 Addr:00055E80 hint(0222) Name: SetLocalTime
 Addr:00055E90 hint(00DF) Name: GetDriveTypeA
 Addr:00055EA0 hint(00D0) Name: GetCurrentConsoleFont
 Addr:00055EB8 hint(00C2) Name: GetConsoleFontSize
 Addr:00055ECE hint(0247) Name: SystemTimeToFileTime
 Addr:00055EE6 hint(0053) Name: DosDateTimeToFileTime
 Addr:00055F00 hint(0199) Name: LocalFileTimeToFileTime
 Addr:00055F1A hint(021D) Name: SetFileTime
 Addr:00055F28 hint(0213) Name: SetEndOfFile
 Addr:00055F40 hint(023B) Name: SetVolumeLabelA
 Addr:00055F54 hint(0048) Name: DebugBreak
 Addr:00055F62 hint(0077) Name: FileTimeToLocalFileTime
 Addr:00055F7C hint(0076) Name: FileTimeToDosDateTime
 Addr:00055F98 hint(00E8) Name: GetFileAttributesA
 Addr:00055FB0 hint(029C) Name: lstrcmpiA
 Addr:00055FBC hint(0180) Name: InvalidateConsoleDIBits
 Addr:00055FD8 hint(0197) Name: LocalAlloc
 Addr:00055FE8 hint(019B) Name: LocalFree
 Addr:00055FF4 hint(0220) Name: SetLastConsoleEventActive
 Addr:00056010 hint(0098) Name: FreeLibrary
 Addr:0005601E hint(0244) Name: SuspendThread
 Addr:0005602E hint(0151) Name: GetWindowsDirectoryA
 Addr:00056048 hint(0292) Name: _lopen
 Addr:00056052 hint(0291) Name: _llseek
 Addr:00056060 hint(0293) Name: _lread
 Addr:0005606A hint(028F) Name: _lclose
 Addr:00056074 hint(0276) Name: WriteConsoleInputVDMW
 Addr:0005608C hint(01DF) Name: ReleaseMutex
 Addr:0005609C hint(00C6) Name: GetConsoleInputWaitHandle
 Addr:000560B8 hint(01CE) Name: ReadConsoleInputExW
 Addr:000560D0 hint(0038) Name: CreateMutexA
 Addr:000560E0 hint(01F7) Name: SetConsoleCtrlHandler
 Addr:000560F8 hint(0259) Name: VDMConsoleOperation
 Addr:0005610E hint(023F) Name: ShowConsoleCursor
 Addr:00056124 hint(0021) Name: ConsoleMenuControl
 Addr:0005613C hint(0273) Name: WriteConsoleA
 Addr:00056150 hint(0029) Name: CreateConsoleScreenBuffer
 Addr:0005616C hint(0208) Name: SetConsolePalette


These are the functions which is exported to other applications and can be used if one know the exact interface of the functions.

Number of Exported Functions = 0135 (decimal)

 Addr:0F001066 Ord:   1 (0001h) Name: BlockWOWIdle
 Addr:0F091200 Ord:   2 (0002h) Name: CurrentMonitorTeb
 Addr:0F044EA9 Ord:   3 (0003h) Name: DBGNotifyDebugged
 Addr:0F044B3E Ord:   4 (0004h) Name: DBGNotifyNewTask
 Addr:0F044E90 Ord:   5 (0005h) Name: DBGNotifyRemoteThreadAddress
 Addr:0F001000 Ord:   6 (0006h) Name: DispatchInterrupts
 Addr:0F09953C Ord:   7 (0007h) Name: ExpLdt
 Addr:0F0905B0 Ord:   8 (0008h) Name: ExpVdmTib
 Addr:0F091540 Ord:   9 (0009h) Name: FlatAddress
 Addr:0F044F6B Ord:  10 (000Ah) Name: GetWOWShortCutInfo
 Addr:0F047371 Ord:  11 (000Bh) Name: MGetVdmPointer
 Addr:0F014F56 Ord:  12 (000Ch) Name: RegisterWOWIdle
 Addr:0F00332C Ord:  13 (000Dh) Name: ResumeTimerThread
 Addr:0F05BD68 Ord:  14 (000Eh) Name: SelectorLimit
 Addr:0F0013C9 Ord:  15 (000Fh) Name: Sim32pGetVDMPointer
 Addr:0F030AF3 Ord:  16 (0010h) Name: SoftPcEoi
 Addr:0F0028C3 Ord:  17 (0011h) Name: SuspendTimerThread
 Addr:0F031279 Ord:  18 (0012h) Name: VDDAllocMem
 Addr:0F00240C Ord:  19 (0013h) Name: VDDAllocateDosHandle
 Addr:0F0023C0 Ord:  20 (0014h) Name: VDDAssociateNtHandle
 Addr:0F0318D6 Ord:  21 (0015h) Name: VDDDeInstallIOHook
 Addr:0F0311D1 Ord:  22 (0016h) Name: VDDDeInstallMemoryHook
 Addr:0F031599 Ord:  23 (0017h) Name: VDDDeInstallUserHook
 Addr:0F0313C1 Ord:  24 (0018h) Name: VDDExcludeMem
 Addr:0F031E70 Ord:  25 (0019h) Name: VDDFlushPrinters
 Addr:0F0312F1 Ord:  26 (001Ah) Name: VDDFreeMem
 Addr:0F031369 Ord:  27 (001Bh) Name: VDDIncludeMem
 Addr:0F0316CE Ord:  28 (001Ch) Name: VDDInstallIOHook
 Addr:0F0310C1 Ord:  29 (001Dh) Name: VDDInstallMemoryHook
 Addr:0F03152C Ord:  30 (001Eh) Name: VDDInstallUserHook
 Addr:0F031BCD Ord:  31 (001Fh) Name: VDDQueryDMA
 Addr:0F03FE3D Ord:  32 (0020h) Name: VDDReleaseDosHandle
 Addr:0F031A49 Ord:  33 (0021h) Name: VDDReleaseIrqLine
 Addr:0F031A9D Ord:  34 (0022h) Name: VDDRequestDMA
 Addr:0F0319B4 Ord:  35 (0023h) Name: VDDReserveIrqLine
 Addr:0F001269 Ord:  36 (0024h) Name: VDDRetrieveNtHandle
 Addr:0F031C63 Ord:  37 (0025h) Name: VDDSetDMA
 Addr:0F031622 Ord:  38 (0026h) Name: VDDSimulate16
 Addr:0F031419 Ord:  39 (0027h) Name: VDDTerminateVDM
 Addr:0F03316C Ord:  40 (0028h) Name: WOWSysErrorBox
 Addr:0F033232 Ord:  41 (0029h) Name: WaitIfIdle
 Addr:0F014165 Ord:  42 (002Ah) Name: call_ica_hw_interrupt
 Addr:0F002DD1 Ord:  43 (002Bh) Name: cpu_createthread
 Addr:0F00C384 Ord:  44 (002Ch) Name: demClientErrorEx
 Addr:0F0146CE Ord:  45 (002Dh) Name: demFileFindFirst
 Addr:0F017A67 Ord:  46 (002Eh) Name: demFileFindNext
 Addr:0F05A950 Ord:  47 (002Fh) Name: fSeparateWow
 Addr:0F03F6D3 Ord:  48 (0030h) Name: getAF
 Addr:0F011634 Ord:  49 (0031h) Name: getAH
 Addr:0F01493A Ord:  50 (0032h) Name: getAL
 Addr:0F00F9D7 Ord:  51 (0033h) Name: getAX
 Addr:0F03F683 Ord:  52 (0034h) Name: getBH
 Addr:0F001D07 Ord:  53 (0035h) Name: getBL
 Addr:0F011AB6 Ord:  54 (0036h) Name: getBP
 Addr:0F001DD6 Ord:  55 (0037h) Name: getBX
 Addr:0F00F6E6 Ord:  56 (0038h) Name: getCF
 Addr:0F004F70 Ord:  57 (0039h) Name: getCH
 Addr:0F008FA7 Ord:  58 (003Ah) Name: getCL
 Addr:0F00265B Ord:  59 (003Bh) Name: getCS
 Addr:0F0119B1 Ord:  60 (003Ch) Name: getCX
 Addr:0F03F707 Ord:  61 (003Dh) Name: getDF
 Addr:0F03F695 Ord:  62 (003Eh) Name: getDH
 Addr:0F00C02D Ord:  63 (003Fh) Name: getDI
 Addr:0F009B65 Ord:  64 (0040h) Name: getDL
 Addr:0F017F5B Ord:  65 (0041h) Name: getDS
 Addr:0F002037 Ord:  66 (0042h) Name: getDX
 Addr:0F03F677 Ord:  67 (0043h) Name: getEAX
 Addr:0F03F6A1 Ord:  68 (0044h) Name: getEBP
 Addr:0F03F67D Ord:  69 (0045h) Name: getEBX
 Addr:0F03F689 Ord:  70 (0046h) Name: getECX
 Addr:0F03F6AD Ord:  71 (0047h) Name: getEDI
 Addr:0F03F68F Ord:  72 (0048h) Name: getEDX
 Addr:0F03F6B3 Ord:  73 (0049h) Name: getEIP
 Addr:0F00D844 Ord:  74 (004Ah) Name: getES
 Addr:0F03F6A7 Ord:  75 (004Bh) Name: getESI
 Addr:0F03F69B Ord:  76 (004Ch) Name: getESP
 Addr:0F03F6B9 Ord:  77 (004Dh) Name: getFS
 Addr:0F03F6C0 Ord:  78 (004Eh) Name: getGS
 Addr:0F00187C Ord:  79 (004Fh) Name: getIF
 Addr:0F001C5F Ord:  80 (0050h) Name: getIP
 Addr:0F00F5F8 Ord:  81 (0051h) Name: getIntelRegistersPointer
 Addr:0F001316 Ord:  82 (0052h) Name: getMSW
 Addr:0F03F715 Ord:  83 (0053h) Name: getOF
 Addr:0F03F6C7 Ord:  84 (0054h) Name: getPF
 Addr:0F03F6EB Ord:  85 (0055h) Name: getSF
 Addr:0F001D4A Ord:  86 (0056h) Name: getSI
 Addr:0F002405 Ord:  87 (0057h) Name: getSP
 Addr:0F00203E Ord:  88 (0058h) Name: getSS
 Addr:0F03F6DF Ord:  89 (0059h) Name: getZF
 Addr:0F00335E Ord:  90 (005Ah) Name: host_CreateThread
 Addr:0F002B71 Ord:  91 (005Bh) Name: host_ExitThread
 Addr:0F033403 Ord:  92 (005Ch) Name: host_com_close
 Addr:0F03231C Ord:  93 (005Dh) Name: host_direct_access_error
 Addr:0F03428F Ord:  94 (005Eh) Name: host_simulate
 Addr:0F091358 Ord:  95 (005Fh) Name: pDeviceChain
 Addr:0F03F805 Ord:  96 (0060h) Name: setAF
 Addr:0F011618 Ord:  97 (0061h) Name: setAH
 Addr:0F013B3E Ord:  98 (0062h) Name: setAL
 Addr:0F008808 Ord:  99 (0063h) Name: setAX
 Addr:0F03F73B Ord: 100 (0064h) Name: setBH
 Addr:0F00B14E Ord: 101 (0065h) Name: setBL
 Addr:0F0119B8 Ord: 102 (0066h) Name: setBP
 Addr:0F00C034 Ord: 103 (0067h) Name: setBX
 Addr:0F0023AB Ord: 104 (0068h) Name: setCF
 Addr:0F005ED0 Ord: 105 (0069h) Name: setCH
 Addr:0F007132 Ord: 106 (006Ah) Name: setCL
 Addr:0F008F0A Ord: 107 (006Bh) Name: setCS
 Addr:0F002662 Ord: 108 (006Ch) Name: setCX
 Addr:0F03F852 Ord: 109 (006Dh) Name: setDF
 Addr:0F017A4B Ord: 110 (006Eh) Name: setDH
 Addr:0F00AFC9 Ord: 111 (006Fh) Name: setDI
 Addr:0F00CF9A Ord: 112 (0070h) Name: setDL
 Addr:0F03F7C5 Ord: 113 (0071h) Name: setDS
 Addr:0F0028EE Ord: 114 (0072h) Name: setDX
 Addr:0F03F723 Ord: 115 (0073h) Name: setEAX
 Addr:0F03F77B Ord: 116 (0074h) Name: setEBP
 Addr:0F03F72F Ord: 117 (0075h) Name: setEBX
 Addr:0F03F757 Ord: 118 (0076h) Name: setECX
 Addr:0F03F7AC Ord: 119 (0077h) Name: setEDI
 Addr:0F03F763 Ord: 120 (0078h) Name: setEDX
 Addr:0F011AA9 Ord: 121 (0079h) Name: setES
 Addr:0F03F787 Ord: 122 (007Ah) Name: setESI
 Addr:0F03F76F Ord: 123 (007Bh) Name: setESP
 Addr:0F03F7D2 Ord: 124 (007Ch) Name: setFS
 Addr:0F03F7DF Ord: 125 (007Dh) Name: setGS
 Addr:0F008C78 Ord: 126 (007Eh) Name: setIF
 Addr:0F0027B8 Ord: 127 (007Fh) Name: setIP
 Addr:0F03F888 Ord: 128 (0080h) Name: setMSW
 Addr:0F03F86D Ord: 129 (0081h) Name: setOF
 Addr:0F03F7EC Ord: 130 (0082h) Name: setPF
 Addr:0F03F837 Ord: 131 (0083h) Name: setSF
 Addr:0F03F793 Ord: 132 (0084h) Name: setSI
 Addr:0F002758 Ord: 133 (0085h) Name: setSP
 Addr:0F03F7B8 Ord: 134 (0086h) Name: setSS
 Addr:0F03F81E Ord: 135 (0087h) Name: setZF

0
 

Author Comment

by:ramsoft
ID: 1434106
Thanks for all the API calls it makes.  Sounds like a DOS emulator to me.  Even calls to get and set all the processor registers.  But what I didn't see is all the hooks to simulate the WIN16 enviroment?  Where are they?  The 16bit application can only make 16 bit calls then someone has to get them?  Then they must be exported by someone? Who would that be?

0
 

Author Comment

by:ramsoft
ID: 1434107
Thanks for all the API calls it makes.  Sounds like a DOS emulator to me.  Even calls to get and set all the processor registers.  But what I didn't see is all the hooks to simulate the WIN16 enviroment?  Where are they?  The 16bit application can only make 16 bit calls then someone has to get them?  Then they must be exported by someone? Who would that be?

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 5

Expert Comment

by:Mujeeb082598
ID: 1434108
Hi :)

All the 16 bit calls are handled and answered by krnl386.exe, user.exe

Here are the functions listing from krnl386.exe

 Addr:0001.BC50 Ord:0000d Type:00h Name: KERNEL
 Addr:0001.BC50 Ord:0000d Type:00h Name: Microsoft Windows Kernel Interface Version 3.10
 Addr:0001.96A6 Ord:0001d Type:01h Name: FATALEXIT {Exported}
 Addr:0001.8341 Ord:0002d Type:01h Name: EXITKERNEL {Exported}
 Addr:0001.822C Ord:0003d Type:01h Name: GETVERSION {Exported}
 Addr:0002.2EC9 Ord:0004d Type:02h Name: LOCALINIT {Exported}
 Addr:0001.05DF Ord:0005d Type:01h Name: LOCALALLOC {Exported}
 Addr:0001.0623 Ord:0006d Type:01h Name: LOCALREALLOC {Exported}
 Addr:0001.05FB Ord:0007d Type:01h Name: LOCALFREE {Exported}
 Addr:0001.060F Ord:0008d Type:01h Name: LOCALLOCK {Exported}
 Addr:0001.0659 Ord:0009d Type:01h Name: LOCALUNLOCK {Exported}
 Addr:0001.0645 Ord:0010d Type:01h Name: LOCALSIZE {Exported}
 Addr:0001.8F7A Ord:0011d Type:01h Name: LOCALHANDLE {Exported}
 Addr:0001.066D Ord:0012d Type:01h Name: LOCALFLAGS {Exported}
 Addr:0001.8F95 Ord:0013d Type:01h Name: LOCALCOMPACT {Exported}
 Addr:0002.027C Ord:0014d Type:02h Name: LOCALNOTIFY {Exported}
 Addr:0001.02C7 Ord:0015d Type:01h Name: GLOBALALLOC {Exported}
 Addr:0001.0328 Ord:0016d Type:01h Name: GLOBALREALLOC {Exported}
 Addr:0001.02E3 Ord:0017d Type:01h Name: GLOBALFREE {Exported}
 Addr:0001.0314 Ord:0018d Type:01h Name: GLOBALLOCK {Exported}
 Addr:0001.0367 Ord:0019d Type:01h Name: GLOBALUNLOCK {Exported}
 Addr:0001.0353 Ord:0020d Type:01h Name: GLOBALSIZE {Exported}
 Addr:0001.0300 Ord:0021d Type:01h Name: GLOBALHANDLE {Exported}
 Addr:0001.0384 Ord:0022d Type:01h Name: GLOBALFLAGS {Exported}
 Addr:0001.044F Ord:0023d Type:01h Name: LOCKSEGMENT {Exported}
 Addr:0001.0463 Ord:0024d Type:01h Name: UNLOCKSEGMENT {Exported}
 Addr:0001.13ED Ord:0025d Type:01h Name: GLOBALCOMPACT {Exported}
 Addr:0001.1059 Ord:0026d Type:01h Name: GLOBALFREEALL {Exported}
 Addr:0001.1478 Ord:0028d Type:01h Name: GLOBALMASTERHANDLE {Exported}
 Addr:0001.B4AC Ord:0029d Type:01h Name: YIELD {Exported}
 Addr:0001.B847 Ord:0030d Type:01h Name: WAITEVENT {Exported}
 Addr:0001.B83A Ord:0031d Type:01h Name: POSTEVENT {Exported}
 Addr:0001.B861 Ord:0032d Type:01h Name: SETPRIORITY {Exported}
 Addr:0001.B87B Ord:0033d Type:01h Name: LOCKCURRENTTASK {Exported}
 Addr:0001.8030 Ord:0034d Type:01h Name: SETTASKQUEUE {Exported}
 Addr:0001.7FEA Ord:0035d Type:01h Name: GETTASKQUEUE {Exported}
 Addr:0001.85F8 Ord:0036d Type:01h Name: GETCURRENTTASK {Exported}
 Addr:0003.0256 Ord:0037d Type:03h Name: GETCURRENTPDB {Exported}
 Addr:0001.8012 Ord:0038d Type:01h Name: SETTASKSIGNALPROC {Exported}
 Addr:0001.A0E3 Ord:0041d Type:01h Name: ENABLEDOS {Exported}
 Addr:0001.A0E4 Ord:0042d Type:01h Name: DISABLEDOS {Exported}
 Addr:0002.0248 Ord:0045d Type:02h Name: LOADMODULE {Exported}
 Addr:0002.0176 Ord:0046d Type:02h Name: FREEMODULE {Exported}
 Addr:0002.01BB Ord:0047d Type:02h Name: GETMODULEHANDLE {Exported}
 Addr:0002.01D2 Ord:0048d Type:02h Name: GETMODULEUSAGE {Exported}
 Addr:0002.01E6 Ord:0049d Type:02h Name: GETMODULEFILENAME {Exported}
 Addr:0002.019E Ord:0050d Type:02h Name: GETPROCADDRESS {Exported}
 Addr:0003.00A8 Ord:0051d Type:03h Name: MAKEPROCINSTANCE {Exported}
 Addr:0003.00C5 Ord:0052d Type:03h Name: FREEPROCINSTANCE {Exported}
 Addr:0001.5A43 Ord:0053d Type:01h Name: CALLPROCINSTANCE {Exported}
 Addr:0002.021D Ord:0054d Type:02h Name: GETINSTANCEDATA {Exported}
 Addr:0003.08B4 Ord:0055d Type:03h Name: CATCH {Exported}
 Addr:0003.08EE Ord:0056d Type:03h Name: THROW {Exported}
 Addr:0001.06FF Ord:0057d Type:01h Name: GETPROFILEINT {Exported}
 Addr:0001.0725 Ord:0058d Type:01h Name: GETPROFILESTRING {Exported}
 Addr:0001.07FF Ord:0059d Type:01h Name: WRITEPROFILESTRING {Exported}
 Addr:0003.0008 Ord:0060d Type:03h Name: FINDRESOURCE {Exported}
 Addr:0001.01C2 Ord:0061d Type:01h Name: LOADRESOURCE {Exported}
 Addr:0001.0227 Ord:0062d Type:01h Name: LOCKRESOURCE {Exported}
 Addr:0001.0213 Ord:0063d Type:01h Name: FREERESOURCE {Exported}
 Addr:0001.01DC Ord:0064d Type:01h Name: ACCESSRESOURCE {Exported}
 Addr:0001.023B Ord:0065d Type:01h Name: SIZEOFRESOURCE {Exported}
 Addr:0001.01F9 Ord:0066d Type:01h Name: ALLOCRESOURCE {Exported}
 Addr:0003.002E Ord:0067d Type:03h Name: SETRESOURCEHANDLER {Exported}
 Addr:0003.042E Ord:0068d Type:03h Name: INITATOMTABLE {Exported}
 Addr:0001.5A5E Ord:0069d Type:01h Name: FINDATOM {Exported}
 Addr:0001.5A5B Ord:0070d Type:01h Name: ADDATOM {Exported}
 Addr:0001.0255 Ord:0071d Type:01h Name: DELETEATOM {Exported}
 Addr:0001.0269 Ord:0072d Type:01h Name: GETATOMNAME {Exported}
 Addr:0001.0299 Ord:0073d Type:01h Name: GETATOMHANDLE {Exported}
 Addr:0001.0681 Ord:0074d Type:01h Name: OPENFILE {Exported}
 Addr:0003.04D2 Ord:0075d Type:03h Name: OPENPATHNAME {Exported}
 Addr:0003.04CA Ord:0076d Type:03h Name: DELETEPATHNAME {Exported}
 Addr:0001.8599 Ord:0077d Type:01h Name: RESERVED1 {Exported}
 Addr:0001.8596 Ord:0078d Type:01h Name: RESERVED2 {Exported}
 Addr:0001.8590 Ord:0079d Type:01h Name: RESERVED3 {Exported}
 Addr:0001.8593 Ord:0080d Type:01h Name: RESERVED4 {Exported}
 Addr:0001.050A Ord:0081d Type:01h Name: _LCLOSE {Exported}
 Addr:0001.0582 Ord:0082d Type:01h Name: _LREAD {Exported}
 Addr:0001.0529 Ord:0083d Type:01h Name: _LCREAT {Exported}
 Addr:0001.0554 Ord:0084d Type:01h Name: _LLSEEK {Exported}
 Addr:0001.04DF Ord:0085d Type:01h Name: _LOPEN {Exported}
 Addr:0001.05B2 Ord:0086d Type:01h Name: _LWRITE {Exported}
 Addr:0001.855A Ord:0087d Type:01h Name: RESERVED5 {Exported}
 Addr:0001.84F7 Ord:0088d Type:01h Name: LSTRCPY {Exported}
 Addr:0001.8507 Ord:0089d Type:01h Name: LSTRCAT {Exported}
 Addr:0001.847E Ord:0090d Type:01h Name: LSTRLEN {Exported}
 Addr:0002.2C92 Ord:0091d Type:02h Name: INITTASK {Exported}
 Addr:0003.051C Ord:0092d Type:03h Name: GETTEMPDRIVE {Exported}
 Addr:0001.5A16 Ord:0093d Type:01h Name: GETCODEHANDLE {Exported}
 Addr:0003.03E1 Ord:0094d Type:03h Name: DEFINEHANDLETABLE {Exported}
 Addr:0002.0231 Ord:0095d Type:02h Name: LOADLIBRARY {Exported}
 Addr:0002.018A Ord:0096d Type:02h Name: FREELIBRARY {Exported}
 Addr:0003.00DC Ord:0097d Type:03h Name: GETTEMPFILENAME {Exported}
 Addr:0001.6DDA Ord:0098d Type:01h Name: GETLASTDISKCHANGE {Exported}
 Addr:0001.0D55 Ord:0099d Type:01h Name: GETLPERRMODE {Exported}
 Addr:0002.30C9 Ord:0100d Type:02h Name: VALIDATECODESEGMENTS {Exported}
 Addr:0001.2ADA Ord:0101d Type:01h Name: NOHOOKDOSCALL {Exported}
 Addr:0001.2AE0 Ord:0102d Type:01h Name: DOS3CALL {Exported}
 Addr:0001.A205 Ord:0103d Type:01h Name: NETBIOSCALL {Exported}
 Addr:0001.0477 Ord:0104d Type:01h Name: GETCODEINFO {Exported}
 Addr:0003.07D6 Ord:0105d Type:03h Name: GETEXEVERSION {Exported}
 Addr:0001.3E4E Ord:0106d Type:01h Name: SETSWAPAREASIZE {Exported}
 Addr:0003.0132 Ord:0107d Type:03h Name: SETERRORMODE {Exported}
 Addr:0001.14AE Ord:0108d Type:01h Name: SWITCHSTACKTO {Exported}
 Addr:0001.1568 Ord:0109d Type:01h Name: SWITCHSTACKBACK {Exported}
 Addr:0001.7E96 Ord:0110d Type:01h Name: PATCHCODEHANDLE {Exported}
 Addr:0001.0398 Ord:0111d Type:01h Name: GLOBALWIRE {Exported}
 Addr:0001.03AC Ord:0112d Type:01h Name: GLOBALUNWIRE {Exported}
 Addr:0254.0003 Ord:0113d Type:FEh Name: __AHSHIFT {Exported}
 Addr:0254.0008 Ord:0114d Type:FEh Name: __AHINCR {Exported}
 Addr:0001.9D21 Ord:0115d Type:01h Name: OUTPUTDEBUGSTRING {Exported}
 Addr:0002.2D9C Ord:0116d Type:02h Name: INITLIB {Exported}
 Addr:0001.B854 Ord:0117d Type:01h Name: OLDYIELD {Exported}
 Addr:0001.7FF4 Ord:0118d Type:01h Name: GETTASKQUEUEDS {Exported}
 Addr:0001.8002 Ord:0119d Type:01h Name: GETTASKQUEUEES {Exported}
 Addr:0001.74B4 Ord:0120d Type:01h Name: UNDEFDYNLINK {Exported}
 Addr:0001.8FC0 Ord:0121d Type:01h Name: LOCALSHRINK {Exported}
 Addr:0001.8229 Ord:0122d Type:01h Name: ISTASKLOCKED {Exported}
 Addr:0001.5754 Ord:0123d Type:01h Name: KBDRST {Exported}
 Addr:0001.A0E5 Ord:0124d Type:01h Name: ENABLEKERNEL {Exported}
 Addr:0001.A0E6 Ord:0125d Type:01h Name: DISABLEKERNEL {Exported}
 Addr:0001.3E17 Ord:0126d Type:01h Name: MEMORYFREED {Exported}
 Addr:0001.0773 Ord:0127d Type:01h Name: GETPRIVATEPROFILEINT {Exported}
 Addr:0001.07A5 Ord:0128d Type:01h Name: GETPRIVATEPROFILESTRING {Exported}
 Addr:0001.0831 Ord:0129d Type:01h Name: WRITEPRIVATEPROFILESTRING {Exported}
 Addr:0003.084E Ord:0130d Type:03h Name: FILECDR {Exported}
 Addr:0003.0894 Ord:0131d Type:03h Name: GETDOSENVIRONMENT {Exported}
 Addr:0003.07BB Ord:0132d Type:03h Name: GETWINFLAGS {Exported}
 Addr:0001.5FBA Ord:0133d Type:01h Name: GETEXEPTR {Exported}
 Addr:0003.0054 Ord:0134d Type:03h Name: GETWINDOWSDIRECTORY {Exported}
 Addr:0003.007E Ord:0135d Type:03h Name: GETSYSTEMDIRECTORY {Exported}
 Addr:0001.B7EC Ord:0136d Type:01h Name: GETDRIVETYPE {Exported}
 Addr:0001.02AD Ord:0137d Type:01h Name: FATALAPPEXIT {Exported}
 Addr:0002.231F Ord:0138d Type:02h Name: GETHEAPSPACES {Exported}
 Addr:0001.746B Ord:0139d Type:01h Name: DOSIGNAL {Exported}
 Addr:0003.068A Ord:0140d Type:03h Name: SETSIGHANDLER {Exported}
 Addr:0001.820F Ord:0141d Type:01h Name: INITTASK1 {Exported}
 Addr:0001.B53B Ord:0149d Type:01h Name: GETVERSIONEX {Exported}
 Addr:0001.B86E Ord:0150d Type:01h Name: DIRECTEDYIELD {Exported}
 Addr:0003.08A8 Ord:0152d Type:03h Name: GETNUMTASKS {Exported}
 Addr:0001.03E8 Ord:0154d Type:01h Name: GLOBALNOTIFY {Exported}
 Addr:0001.1487 Ord:0155d Type:01h Name: GETTASKDS {Exported}
 Addr:0001.574E Ord:0156d Type:01h Name: LIMITEMSPAGES {Exported}
 Addr:0001.5755 Ord:0157d Type:01h Name: GETCURPID {Exported}
 Addr:0001.803D Ord:0158d Type:01h Name: ISWINOLDAPTASK {Exported}
 Addr:0001.1138 Ord:0159d Type:01h Name: GLOBALHANDLENORIP {Exported}
 Addr:0001.BB00 Ord:0160d Type:01h Name: EMSCOPY {Exported}
 Addr:0002.2FDB Ord:0161d Type:02h Name: LOCALCOUNTFREE {Exported}
 Addr:0002.3013 Ord:0162d Type:02h Name: LOCALHEAPSIZE {Exported}
 Addr:0001.03D4 Ord:0163d Type:01h Name: GLOBALLRUOLDEST {Exported}
 Addr:0001.03C0 Ord:0164d Type:01h Name: GLOBALLRUNEWEST {Exported}
 Addr:0001.A1F8 Ord:0165d Type:01h Name: A20PROC {Exported}
 Addr:0002.0293 Ord:0166d Type:02h Name: WINEXEC {Exported}
 Addr:0001.6044 Ord:0167d Type:01h Name: GETEXPWINVER {Exported}
 Addr:0001.8684 Ord:0168d Type:01h Name: DIRECTRESALLOC {Exported}
 Addr:0001.04A0 Ord:0169d Type:01h Name: GETFREESPACE {Exported}
 Addr:0001.016C Ord:0170d Type:01h Name: ALLOCCSTODSALIAS {Exported}
 Addr:0001.0180 Ord:0171d Type:01h Name: ALLOCDSTOCSALIAS {Exported}
 Addr:0001.3014 Ord:0172d Type:01h Name: ALLOCALIAS {Exported}
 Addr:0254.F000 Ord:0173d Type:FEh Name: __ROMBIOS {Exported}
 Addr:0254.A000 Ord:0174d Type:FEh Name: __A000H {Exported}
 Addr:0001.2AEB Ord:0175d Type:01h Name: ALLOCSELECTOR {Exported}
 Addr:0001.0194 Ord:0176d Type:01h Name: FREESELECTOR {Exported}
 Addr:0001.01A8 Ord:0177d Type:01h Name: PRESTOCHANGOSELECTOR {Exported}
 Addr:0254.0001 Ord:0178d Type:FEh Name: __WINFLAGS {Exported}
 Addr:0254.D000 Ord:0179d Type:FEh Name: __D000H {Exported}
 Addr:0001.348F Ord:0180d Type:01h Name: LONGPTRADD {Exported}
 Addr:0254.B000 Ord:0181d Type:FEh Name: __B000H {Exported}
 Addr:0254.B800 Ord:0182d Type:FEh Name: __B800H {Exported}
 Addr:0254.0000 Ord:0183d Type:FEh Name: __0000H {Exported}
 Addr:0001.171C Ord:0184d Type:01h Name: GLOBALDOSALLOC {Exported}
 Addr:0001.1756 Ord:0185d Type:01h Name: GLOBALDOSFREE {Exported}
 Addr:0001.3098 Ord:0186d Type:01h Name: GETSELECTORBASE {Exported}
 Addr:0001.3544 Ord:0187d Type:01h Name: SETSELECTORBASE {Exported}
 Addr:0001.3565 Ord:0188d Type:01h Name: GETSELECTORLIMIT {Exported}
 Addr:0001.357D Ord:0189d Type:01h Name: SETSELECTORLIMIT {Exported}
 Addr:0254.E000 Ord:0190d Type:FEh Name: __E000H {Exported}
 Addr:0001.03FF Ord:0191d Type:01h Name: GLOBALPAGELOCK {Exported}
 Addr:0001.0413 Ord:0192d Type:01h Name: GLOBALPAGEUNLOCK {Exported}
 Addr:0254.0040 Ord:0193d Type:FEh Name: __0040H {Exported}
 Addr:0254.F000 Ord:0194d Type:FEh Name: __F000H {Exported}
 Addr:0254.C000 Ord:0195d Type:FEh Name: __C000H {Exported}
 Addr:0001.3598 Ord:0196d Type:01h Name: SELECTORACCESSRIGHTS {Exported}
 Addr:0001.0427 Ord:0197d Type:01h Name: GLOBALFIX {Exported}
 Addr:0001.043B Ord:0198d Type:01h Name: GLOBALUNFIX {Exported}
 Addr:0001.06E3 Ord:0199d Type:01h Name: SETHANDLECOUNT {Exported}
 Addr:0001.4F3B Ord:0200d Type:01h Name: VALIDATEFREESPACES {Exported}
 Addr:0001.9F38 Ord:0201d Type:01h Name: REPLACEINST {Exported}
 Addr:0003.07E3 Ord:0202d Type:03h Name: REGISTERPTRACE {Exported}
 Addr:0001.96BF Ord:0203d Type:01h Name: DEBUGBREAK {Exported}
 Addr:0003.014E Ord:0204d Type:03h Name: SWAPRECORDING {Exported}
 Addr:0001.9A87 Ord:0205d Type:01h Name: CVWBREAK {Exported}
 Addr:0001.2BF9 Ord:0206d Type:01h Name: ALLOCSELECTORARRAY {Exported}
 Addr:0001.85F1 Ord:0207d Type:01h Name: ISDBCSLEADBYTE {Exported}
 Addr:0001.B6F5 Ord:0215d Type:01h Name: WOWSHOULDWESAYWIN95 {Exported}
 Addr:0001.086F Ord:0216d Type:01h Name: REGENUMKEY {Exported}
 Addr:0001.088C Ord:0217d Type:01h Name: REGOPENKEY {Exported}
 Addr:0001.08B5 Ord:0220d Type:01h Name: REGCLOSEKEY {Exported}
 Addr:0001.08BE Ord:0223d Type:01h Name: REGENUMVALUE {Exported}
 Addr:0001.B673 Ord:0262d Type:01h Name: WOWWAITFORMSGANDEVENT {Exported}
 Addr:0001.B680 Ord:0263d Type:01h Name: WOWMSGBOX {Exported}
 Addr:0001.B6E8 Ord:0273d Type:01h Name: K273 {Exported}
 Addr:0001.B702 Ord:0274d Type:01h Name: GETSHORTPATHNAME {Exported}
 Addr:0002.301E Ord:0310d Type:02h Name: LOCALHANDLEDELTA {Exported}
 Addr:0001.A29B Ord:0311d Type:01h Name: GETSETKERNELDOSPROC {Exported}
 Addr:0001.9ADC Ord:0314d Type:01h Name: DEBUGDEFINESEGMENT {Exported}
 Addr:0001.B888 Ord:0315d Type:01h Name: WRITEOUTPROFILES {Exported}
 Addr:0001.15EE Ord:0316d Type:01h Name: GETFREEMEMINFO {Exported}
 Addr:0001.A2BB Ord:0318d Type:01h Name: FATALEXITHOOK {Exported}
 Addr:0001.643E Ord:0319d Type:01h Name: FLUSHCACHEDFILEHANDLE {Exported}
 Addr:0001.8042 Ord:0320d Type:01h Name: ISTASK {Exported}
 Addr:0002.236D Ord:0323d Type:02h Name: ISROMMODULE {Exported}
 Addr:0001.9720 Ord:0324d Type:01h Name: LOGERROR {Exported}
 Addr:0001.9743 Ord:0325d Type:01h Name: LOGPARAMERROR {Exported}
 Addr:0002.2372 Ord:0326d Type:02h Name: ISROMFILE {Exported}
 Addr:0001.96EC Ord:0327d Type:01h Name: K327 {Exported}
 Addr:0001.971F Ord:0328d Type:01h Name: _DEBUGOUTPUT {Exported}
 Addr:0001.9716 Ord:0329d Type:01h Name: K329 {Exported}
 Addr:0004.0218 Ord:0332d Type:04h Name: THHOOK {Exported}
 Addr:0001.5C7E Ord:0334d Type:01h Name: ISBADREADPTR {Exported}
 Addr:0001.5C9F Ord:0335d Type:01h Name: ISBADWRITEPTR {Exported}
 Addr:0001.5D44 Ord:0336d Type:01h Name: ISBADCODEPTR {Exported}
 Addr:0001.5D6A Ord:0337d Type:01h Name: ISBADSTRINGPTR {Exported}
 Addr:0001.5D8E Ord:0338d Type:01h Name: HASGPHANDLER {Exported}
 Addr:0001.ABEC Ord:0339d Type:01h Name: DIAGQUERY {Exported}
 Addr:0001.ABFB Ord:0340d Type:01h Name: DIAGOUTPUT {Exported}
 Addr:0003.0812 Ord:0341d Type:03h Name: TOOLHELPHOOK {Exported}
 Addr:0001.B9E0 Ord:0342d Type:01h Name: __GP {Exported}
 Addr:0002.0894 Ord:0343d Type:02h Name: REGISTERWINOLDAPHOOK {Exported}
 Addr:0002.08FE Ord:0344d Type:02h Name: GETWINOLDAPHOOKS {Exported}
 Addr:0001.5E55 Ord:0345d Type:01h Name: ISSHAREDSELECTOR {Exported}
 Addr:0001.5CC1 Ord:0346d Type:01h Name: ISBADHUGEREADPTR {Exported}
 Addr:0001.5D01 Ord:0347d Type:01h Name: ISBADHUGEWRITEPTR {Exported}
 Addr:0001.5E78 Ord:0348d Type:01h Name: HMEMCPY {Exported}
 Addr:0001.5F08 Ord:0349d Type:01h Name: _HREAD {Exported}
 Addr:0001.5F5B Ord:0350d Type:01h Name: _HWRITE {Exported}
 Addr:0001.71A1 Ord:0351d Type:01h Name: BUNNY_351 {Exported}
 Addr:0001.84A7 Ord:0353d Type:01h Name: LSTRCPYN {Exported}
 Addr:0001.A2D7 Ord:0354d Type:01h Name: GETAPPCOMPATFLAGS {Exported}
 Addr:0001.A382 Ord:0355d Type:01h Name: GETWINDEBUGINFO {Exported}
 Addr:0001.A38E Ord:0356d Type:01h Name: SETWINDEBUGINFO {Exported}
 Addr:0001.37EF Ord:0403d Type:01h Name: K403 {Exported}
 Addr:0001.37AC Ord:0404d Type:01h Name: K404 {Exported}
 Addr:0001.AE72 Ord:0500d Type:01h Name: WOW16CALL {Exported}
 Addr:0001.B986 Ord:0501d Type:01h Name: KDDBGOUT {Exported}
 Addr:0001.B729 Ord:0502d Type:01h Name: WOWGETNEXTVDMCOMMAND {Exported}
 Addr:0001.B736 Ord:0503d Type:01h Name: WOWREGISTERSHELLWINDOWHANDLE {Exported}
 Addr:0001.B743 Ord:0504d Type:01h Name: WOWLOADMODULE {Exported}
 Addr:0001.B75D Ord:0505d Type:01h Name: WOWQUERYPERFORMANCECOUNTER {Exported}
 Addr:0001.B5B0 Ord:0507d Type:01h Name: WOWCURSORICONOP {Exported}
 Addr:0001.B5BD Ord:0508d Type:01h Name: WOWFAILEDEXEC {Exported}
 Addr:0001.B5CA Ord:0509d Type:01h Name: WOWCLOSECOMPORT {Exported}
 Addr:0001.B791 Ord:0511d Type:01h Name: WOWKILLREMOTETASK {Exported}
 Addr:0001.B375 Ord:0512d Type:01h Name: WOWQUERYDEBUG {Exported}
 Addr:0001.B7F9 Ord:0513d Type:01h Name: LOADLIBRARYEX32W {Exported}
 Addr:0001.B806 Ord:0514d Type:01h Name: FREELIBRARY32W {Exported}
 Addr:0001.B813 Ord:0515d Type:01h Name: GETPROCADDRESS32W {Exported}
 Addr:0001.B820 Ord:0516d Type:01h Name: GETVDMPOINTER32W {Exported}
 Addr:0001.B8C9 Ord:0517d Type:01h Name: CALLPROC32W {Exported}
 Addr:0001.B96A Ord:0518d Type:01h Name: _CALLPROCEX32W {Exported}
 Addr:0001.B895 Ord:0519d Type:01h Name: EXITKERNELTHUNK {Exported}
 Addr:0254.0000 Ord:0520d Type:FEh Name: __MOD_KERNEL {Exported}
 Addr:0254.0000 Ord:0521d Type:FEh Name: __MOD_DKERNEL {Exported}
 Addr:0254.0000 Ord:0522d Type:FEh Name: __MOD_USER {Exported}
 Addr:0254.0000 Ord:0523d Type:FEh Name: __MOD_DUSER {Exported}
 Addr:0254.0000 Ord:0524d Type:FEh Name: __MOD_GDI {Exported}
 Addr:0254.0000 Ord:0525d Type:FEh Name: __MOD_DGDI {Exported}
 Addr:0254.0000 Ord:0526d Type:FEh Name: __MOD_KEYBOARD {Exported}
 Addr:0254.0000 Ord:0527d Type:FEh Name: __MOD_SOUND {Exported}
 Addr:0254.0000 Ord:0528d Type:FEh Name: __MOD_SHELL {Exported}
 Addr:0254.0000 Ord:0529d Type:FEh Name: __MOD_WINSOCK {Exported}
 Addr:0254.0000 Ord:0530d Type:FEh Name: __MOD_TOOLHELP {Exported}
 Addr:0254.0000 Ord:0531d Type:FEh Name: __MOD_MMEDIA {Exported}
 Addr:0254.0000 Ord:0532d Type:FEh Name: __MOD_COMMDLG {Exported}
 Addr:0001.B402 Ord:0541d Type:01h Name: WOWSETEXITONLASTAPP {Exported}
 Addr:0001.B48A Ord:0544d Type:01h Name: WOWSETCOMPATHANDLE {Exported}

Here is the sample for one of the function above to show that all the functions are 16bit

Exported fn(): GETDOSENVIRONMENT - Ord:0083h
:0003.0894 1E                     push ds
:0003.0895 9AF885C507             call 0001.85F8
:0003.089A 8ED8                   mov ds, ax
:0003.089C 8E1E6000               mov ds, [0060]
:0003.08A0 8B162C00               mov dx, [002C]
:0003.08A4 33C0                   xor ax, ax
:0003.08A6 1F                     pop ds
:0003.08A7 CB                     retf

I hope this helps you to convience your customer to either let u port the applicatin to 32bit or have to accept the shelling way of keeping the time.
0
 
LVL 5

Expert Comment

by:Mujeeb082598
ID: 1434109
Hi :)

I am giving u the answers as comment, because u seems to get angry to my answers :).

Anyway the api that u looking to force the wow to syn the time is the exec call to load another application, wow in turn while setting the environment for the new program will sync the time.

Let this application be part of the applicationn suite that u have and job of this application is to exit as soon as it loads :) this will solve your time problem as well as keep your customer happy. Since anyway u will be making call to the fucntion (which u will never find untill some person from MS gives u some undocument feature :) if their is any) so u call this exec instead.
0
 

Author Comment

by:ramsoft
ID: 1434110
Mujeeb,
  Thanks for the attempts to help out.  Yes you are correct and I did write the application that does just that.  What you don't see is the cost required to maintain even a simple program like that in a DOD system.  Anyway I believe my customers have relented in finding a solution to the problem that fits in the acceptable answer list.  I have written a comment in the same question in the Windows NT area, it has more points than this one, please write an answer saying, "I told you so", over there and I'll give you the points for the effort.
 
  Again I was only upset because the same answer was coming back again and again that was in the unacceptable answer list and I wanted a second opinion.

Roy

0
 
LVL 5

Accepted Solution

by:
Mujeeb082598 earned 300 total points
ID: 1434111
Hi :)

None taken. I was not after the points as i said to u before the only reason i was keep answering or commenting u because i do not wanted u to waiste time for looking thing which does not exit, and should have spent this time either to design a well thaught out shelling or converting the application to 32 bit.

So i am happy that u come to terms with the fact, and i am sorry too to make u angry by saying things which u do not wanted to hear :) but we have to accept the facts not matter how unwanted they can be.

I will post the same to the VB question that u posted under VB applications area.
0
 

Author Comment

by:ramsoft
ID: 1434112
I did write the shell applicatoin before I asked the question.  It was rejected by my customers.  They pay my salery, therefor if they want to pay me to look for the impossible, thats what I do.  Have a good one.  
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now