Board view
Mix viewGPF in "GetProcessHeapEx" | trun in "GetExitCodeProcess" (DOSX)
Well, there are even more:
53. Exit code is truncated to 8 bits only, maybe a flaw rather than BUG, or just documentation bug ... GetExitCodeProcess 
54. SET DPMILDR=8 has an evil and undocumented side effect:
> - bit 3 (DPMILDR=8): prevents loader from trying to run another
> application in the current DPMI client. Instead the int 21h, ax=4B00h
> call is routed to the next handler in the chain. This is useful if
> the applications to run cannot share the client, which is mostly the
> case for Win32 applications where the relocation information has
> been stripped from the binary. To make this finally work as expected,
> it must be ensured that the DPMI host will run clients in separate
> address spaces (see HDPMI docs for details).
it (fired by CreateProcessA) stops preferring PE over MZ and if there is no DPMIST32.BIN inside, it will execute just the stub, "Need HX-DOS Extender to run !" is the "optimal" result
55. README.TXT in DKRNL32 source DIR incorrectly writes:
> EXITPROC.ASM PROCESS ExitProcess
> GetExitCodeProcess
at this occasion, EXITPROC.ASM and PROCESSW.ASM could be integrated into PROCESS.ASM, they are ridiculously small
56. GPF:
3014 lstrcpy
3014 lstrcpyA
3044 lstrlen
3044 lstrlenA
3060 GetModuleHandleA
30C8 GetProcessHeap
30D0 IsBadReadPtr
dkrnl32: exception C0000005 (AKA GPF ?????), flags=0 occured at B7:12A084
ax=8210 bx=100A7 cx=0 dx=128210
si=126E47 di=126A00 bp=1268CC sp=1268C8
ip = Module 'kernel32.dll'+3084 fs=?????????????????????
Filepos: $2484
2460 55 push ebp ; GetModuleHandleA
2461 8BEC mov ebp,esp
2463 8B5508 mov edx,[ebp+8]
2466 23D2 and edx,edx
2468 750A jnz $2474
246A E8CDF3FFFF call $183c
246F 8B4008 mov eax,[eax+8]
2472 EB06 jmp short $247a
;--------------
2474 66B8824B mov ax,$4b82
2478 CD21 int $21 ; Talk to DPMILD32, if present at all
247A C9 leave
247B C20400 ret 4
247E 8BFF mov edi,edi ; NOPE
2480 55 push ebp ; GetProcessHeapEx (non-public ??????)
2481 8BEC mov ebp,esp
2483 53 push ebx
2484 67648B1E3000 mov ebx,[word fs:$30] ; !!! BOOM !!! here it crashes
248A 8B430C mov eax,[ebx+$0C]
248D 23C0 and eax,eax
248F 7532 jnz $24c3
2491 837D0800 cmp dword [ebp+8],0
2495 742C jz $24c3
2497 6A00 push 0
2499 E8C2FFFFFF call $2460
249E 8BD8 mov ebx,eax
24A0 035B3C add ebx,[ebx+$3c]
24A3 8B4368 mov eax,[ebx+$68]
24A6 23C0 and eax,eax
24A8 7419 jz $24c3
24AA 8B4B6C mov ecx,[ebx+$6c]
24AD 6A02 push 2
24AF 6A00 push 0
24B1 51 push ecx
24B2 50 push eax
24B3 6A00 push 0
24B5 E87A0E0000 call $3334
24BA 67648B1E3000 mov ebx,[word fs:$30]
24C0 89430C mov [ebx+$0C],eax
24C3 5B pop ebx
24C4 C9 leave
24C5 C20400 ret 4
24C8 6A01 push 1 ; GetProcessHeap
24CA E8B1FFFFFF call $2480
24CF C3 ret ; What a sophisticated function 
After "some" usage of LoadLibraryA (and a few other), a GPF in DKRNL32 occurs 
FS is secret, but SET DKRNL32=32 can reveal it: ZERO 
---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***
Complete thread:
- HX bugs - DOS386, 19.12.2009, 14:26
![[Board]](img/board_d.gif "Open in board view")
![[Mix]](img/mix_d.gif "Open in mix view")
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - DOS386, 20.12.2009, 07:45
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - Japheth, 20.12.2009, 16:45
- HX 2.17 improvements | even one more bug - DOS386, 21.12.2009, 08:50
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - Japheth, 20.12.2009, 16:45
- GPF in "GetProcessHeapEx" | trun in "GetExitCodeProcess" - DOS386, 24.12.2009, 09:59
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 25.12.2009, 16:16
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - Japheth, 28.12.2009, 16:37
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 29.12.2009, 09:39
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 17.03.2010, 06:02
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - Japheth, 18.03.2010, 08:59
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 06.06.2010, 16:04
- discovered 3 more buggs - DOS386, 14.07.2010, 14:38
- discovered 3 more buggs - Japheth, 17.07.2010, 15:58
- discovered 3 more buggs - DOS386, 23.07.2010, 07:33
- discovered 3 more buggs - Japheth, 17.07.2010, 15:58
- discovered 3 more buggs - DOS386, 14.07.2010, 14:38
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 06.06.2010, 16:04
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - Japheth, 18.03.2010, 08:59
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 17.03.2010, 06:02
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 29.12.2009, 09:39
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - Japheth, 28.12.2009, 16:37
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 25.12.2009, 16:16
- Generic horse power 15.CHINA for HX :-) - DOS386, 23.05.2010, 07:07
- HX bugs - DOS386, 17.11.2010, 04:43
- HX bugs - DOS386, 17.11.2010, 05:26
- HX bugs | GNASH - DOS386, 27.12.2010, 09:25
- HX bugs | GNASH - DOS386, 28.12.2010, 07:52
- HX bugs | GNASH - DOS386, 27.12.2010, 09:25
- HX bugs - DOS386, 17.11.2010, 05:26
- HX bugs - innounp - DOS386, 18.02.2011, 05:03
- HX issues | MUH-pdf | Is Processor Feature Present - DOS386, 19.02.2011, 11:58
- HX issues | MUH-pdf | Is Processor Feature Present - Japheth, 19.02.2011, 12:48
- HX issues | MUH-pdf | Is Processor Feature Present - DOS386, 19.02.2011, 11:58
- HX bugs | PETITE & 7-ZIP PF in Ring0 - DOS386, 03.07.2011, 11:18
- HX bugs | PETITE & 7-ZIP PF in Ring0 - Japheth, 03.07.2011, 20:01
- HX bugs | missing imports | Dillo | MUPDF | TryEnter - DOS386, 20.11.2011, 04:33
- HX bugs 2 more | ME bugs 1'000'000'000 more - DOS386, 24.11.2011, 06:11
- HX updated - DOS386, 20.11.2012, 11:34
- HX updated - Rugxulo, 22.11.2012, 05:56
- HX updated - Japheth, 22.11.2012, 07:03
- HX updated - Rugxulo, 22.11.2012, 09:32
- HX updated - Rugxulo, 22.11.2012, 10:16
- HX updated - Japheth, 23.11.2012, 09:13
- HX updated - Rugxulo, 25.11.2012, 07:09
- HX updated - george_breese, 07.01.2013, 18:43
- HX updated - Japheth, 08.01.2013, 08:44
- HX updated (5 years ago) ... but FFMPEG 1.1.1 works almost - DOS386, 08.02.2013, 10:50
- HX and INNOUNP (yeah: BUG isolated !!!) - DOS386, 08.02.2013, 14:41
- HX and INNOUNP (yeah: BUG isolated !!!) - Japheth, 09.02.2013, 08:48
- HX bugs (3 more) - DOS386, 10.04.2013, 12:08
- HX and MSVCRT.DLL - DOS386, 08.03.2014, 18:52
- HX and MSVCRT.DLL - Rugxulo, 23.03.2014, 06:47
- HX and MSVCRT.DLL - DOS386, 08.03.2014, 18:52
- WINE and INNOUNP (and Delphi) - Rugxulo, 11.06.2015, 02:15
- HX and INNOUNP (yeah: BUG isolated !!!) - DOS386, 08.02.2013, 14:41
- HX updated (5 years ago) ... but FFMPEG 1.1.1 works almost - DOS386, 08.02.2013, 10:50
- HX updated - Japheth, 08.01.2013, 08:44
- HX updated - Japheth, 23.11.2012, 09:13
- HX updated - Rugxulo, 22.11.2012, 10:16
- HX updated - Rugxulo, 22.11.2012, 09:32
- HX full of virii - DOS386, 22.11.2012, 16:09
- HX full of virii - Rugxulo, 23.11.2012, 00:24
- HX full of virii - DOS386, 16.12.2012, 13:00
- HX (not) full of virii - Rugxulo, 16.12.2012, 22:07
- HX (not) full of virii - Japheth, 16.12.2012, 22:24
- HX (not) full of virii - Rugxulo, 17.12.2012, 21:59
- HX (not) full of virii - DOS386, 17.12.2012, 05:32
- HX (not) full of virii - Japheth, 17.12.2012, 08:47
- HX (not) full of virii - Rugxulo, 17.12.2012, 22:14
- HX (not) full of virii - Rugxulo, 18.12.2012, 20:55
- HX (not) full of virii - Japheth, 16.12.2012, 22:24
- HX (not) full of virii - Rugxulo, 16.12.2012, 22:07
- HX full of virii - DOS386, 16.12.2012, 13:00
- HX full of virii - Rugxulo, 23.11.2012, 00:24
- HX updated - Japheth, 22.11.2012, 07:03
- HX updated - Rugxulo, 22.11.2012, 05:56
- HX updated - DOS386, 20.11.2012, 11:34
- HX bugs 2 more | ME bugs 1'000'000'000 more - DOS386, 24.11.2011, 06:11
- HX bugs | missing imports | Dillo | MUPDF | TryEnter - DOS386, 20.11.2011, 04:33
- HX bugs | PETITE & 7-ZIP PF in Ring0 - Japheth, 03.07.2011, 20:01
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - DOS386, 20.12.2009, 07:45
