Hi All,

FYI:
KAM 1.20 has been released. List of changes:
- added command line support; cmd line is preserved
- added DLL and Groups to APIs window (+windows splitter)
- APIs window position is now preserved
- added support for more API arguments

http://www.kakeeware.com/i_kam.php

Many thanks for your very good work

Nacho_dj

Every single application I try and use this with, I get "The application failed to initialize properly (0xc0000005). Click on OK to terminate the application" twice.

I tried having a peek at the problem and it appears that the error is generated at 407C77 (I unpacked this myself so the addresses may be wierd, but I do get the same error in the UPacked version) :

Is it this a local problem for me or has anyone else had this?

Thanks
bb

i have a problem too. the api functions dialog doesnt show up here when i press the button or if i use the shortcut alt+a.

sHice : That bit works fine for me here. I know that is not much comfort to you but I thought I would let you know anyway

Hi Guys,

Thx for pointing out this strange behaviour.
Sigh... It's probably the same problem as some other guys experienced with previous versions of KAM on _certain_ versions of Windows XP SP2.
Bad news is, that I still can't figure out what's the problem...
I tested it myself on 6 diffeent Windows XP versions (including 3 localized) that I use at home and at work and I wasn't "lucky" to get this error.

Hmm the snippet posted doesn't seem to be a "rational" source of exception.
I will add more debugging functionality in a next release and hopefully it will help to pin it down.

Out of curiosity... are you arunning on admin account or less priviledged account? KAM requires admin account to work properly.

Thanks!

Hi KaKeeware,

I'm running it as admin.

The snippet I know is not the 'rational' cause of the error, I included it to show when the error popped up. Sorry I don't have any more info at this point - I might see if I can find time to dig around with it today. Otherwise if it helps, you can PM me and I can run some tests here.

Thanks for replying.

bb

Hi, I had have same problem.

Seams that problem is in hardware DEP (Data execution protection) builded in your processor.

Nice info here:
http://en.wikipedia.org/wiki/NX_bit

Code which resist in data section could not be executed. So I patch code before VirtualProtectEx to include executable flag for memory also. And all work nice and shinny. :-)

Workaround: unpack kam, if don't go by hand you can use PE Explorer. Search for this part of code in Olly or some other debugger.:


00401779 |. 50 PUSH EAX ; /pOldProtect = NULL
0040177A |. 6A 04 PUSH 4 ; |NewProtect = PAGE_READWRITE
0040177C |. 6A 01 PUSH 1 ; |Size = 1
0040177E |. FF75 0C PUSH [ARG.2] ; |Address = NULL
00401781 |. FF75 08 PUSH [ARG.1] ; |hProcess = 004080CF
00401784 |. E8 CB6C0000 CALL <JMP.&KERNEL32.VirtualProtectEx> ; \VirtualProtectEx



exchange
0040177A |. 6A 04 PUSH 4

with

0040177A |. 6A 40 PUSH 40

And that should be it.
(hope that didn't break internal way how kam working, but seams all work for me)
ah, yes, big thanks to kakeeware for nice peace of software :-)

Enjoy godfather+

Good work

As Fravia once said, the best reversers fix and improve their tools

It must be that most of us still do not have CPUs with DEP support.