Windows 11, trying to open app, opens and closes rigtht away

[Chet303]

autobuild-ccpu-fre and debug versions win 11 build 22000 Windows 10 works fine, on windows 11 every time I try to open a Dos app, opens and closes right away. Anything I can try to fix this issue? Tried uninstalling/reinstalling, real time protections off Thanks

[Chet303]

Was able to make the program open by changing the font to Raster which is too small for me to use. By changing the font to LUCIDA CONSOLE (preferred) the window opens and closes right away, same result with Consolas font. Is there any way to use the LUCIDA font for the DOS text app? Stuck with the program only working with Raster Fonts.

Never had this issue in win10.

[leecher1337]

This sounds like a severe bug in Windows 11 console that got addressed by the loader in https://github.com/leecher1337/ntvdmx64/commit/929c8533231ce968732a14423c2d48e1bdb4bfe3

I'm pretty annoyed that I always have to fix Microsoft's bugs in my loader. grr I guess, you are using the latest Win11 loader? I tested my Windows bugfix with Build 22000.318 and it works there. Maybe these morons messed up something again in later updates?

[Chet303]

Upgraded my win10 box today to 11 and now on OS 22000.434build . Does that mean the loader needs to be fixed, or is there another way around this issue.

[leecher1337]

Hm, if you upgraded Windows, did you reinstall NTVDMx64 so that Win 11 loader gets installed and not Win10 loader? I guess so, because Win 10 loader wouldn't work with Win 11 anyway, but you can verify (compare loader DLLs in system32 and syswow64 directory):

These are the correct loader DLLs for Win 11 that contain the bugfix and work on 22000.318 (haven't tested 22000.434 yet): https://github.com/leecher1337/ntvdmx64/tree/master/ntvdmpatch/release/ldntvdm/system32/11.0 https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/release/ldntvdm/syswow64/11.0

[Chet303]

Tried on 22000.434 with patched files, same issue. System prompted for an update, now on 22000.469, tried again, with patched files above, same issue. Any other workarounds?

[leecher1337]

Updated to 22000.469 now. Found a little loader bug while updating, but not related to your issue. Still no font problems with 22000.469. You can try to remove contents of HKEY_LOCAL_MACHINE\SOFTWARE\ldntvdm key (DON'T delete the key itself, otherwise it will get recreated, most likely with wrong permissions!). That would clean out the symbol cache in case conhostV1 symbols needed for bugfix are wrong. You can also check dbgView output if there are problems resolving ConHost symbols required for bugfix (conhostV1.dll/InitializeCustomCP needs to get resolved properly). If there are bugfix installation problems, these may get written to console, see https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/src/ldntvdm/ldntvdm/oemcp.c for possible errors to watch for.

[Chet303]

Thanks for looking into this. Removed everything in the ldntvdm key, still not able to use no other font but raster, cmd just opens and closes.

I'm not versed in finding bugs in pgms. Tried to capture dbgview output when the app opens and closes. Not sure if you can make anything of it or not or if captured properly.

00000001 0.00000000 [6468] NtCreateUserProcess(ThreadHandle=0, CommandLine="C:\Users\chet303.domain\Desktop\shortcuts\Shortcut.pif" ) failed with C000012F
00000002 0.00002330 [6468] LDNTVDM: BasepProcessInvalidImage(C000012F,'\??\C:\Users\chet303.domain\Desktop\shortcuts\Shortcut.pif');
00000003 0.00091200 [6468] VDMState=00000001
00000004 0.00091850 [6468] LDNTVDM: Launch DOS! 00000005 0.00200280 [6468] Injecting into WOW64 Process? 1
00000006 0.00212190 [6468] Hook_Inline(77daf5d0, e0000, code)
00000007 0.00213400 [6468] dwOrigSize detected: 10
00000008 0.00267840 [6468] About to alloc page @77cff000
00000009 0.00270930 [6468] Hook_Inline context=77cf0000 00000010 0.00273780 [6468] Hook_Inline(7ffbc28de1ac, f0000, code)
00000011 0.00274760 [6468] dwOrigSize detected: 10
00000012 0.00335830 [6468] About to alloc page @7ffbc27ff000
00000013 0.00338370 [6468] Hook_Inline context=7ffbc27f0000 00000014 0.00340300 [6468] APPCERT_IMAGE_OK_TO_RUN
00000015 0.00341000 [6468] APPCERT_CREATION_ALLOWED 00000016 0.04268080 [8232] LDNTVDM is running inside ntvdm.exe
00000017 0.04270930 [8232] Hook_IAT_x64(778A0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 6F763FF0)
00000018 0.04272330 [8232] Hooked 777E5CE0 -> 6F763FF0
00000019 0.04273640 [8232] LDNTVDM: BasepProcessInvalidImageReal = 777E5CE0 00000020 0.04274750 [8232] LDNTVDM: BaseIsDosApplication = 7780A490 00000021 0.04275990 [8232] Hook_IAT_x64_IAT(778A0000, ntdll.dll, NtCreateUserProcess, 6F763F20, 6F7706C0)
00000022 0.04279080 [8232] Hooked 77D75700 -> 6F763F20
00000023 0.04281300 [8232] Hook_IAT_x64_IAT(777B0000, ntdll.dll, CsrClientCallServer, 6F762690, 6F76B000)
00000024 0.04283130 [8232] Hooked 77DC24A0 -> 6F762690
00000025 0.04292440 [8232] Hook_IAT_x64_IAT(777B0000, ntdll.dll, CsrAllocateMessagePointer, 6F762800, 00000000) 00000026 0.04299320 [8232] Hooked 77DC2360 -> 6F762800
00000027 0.04304240 [8232] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 6F761160, 6F7706D4)
00000028 0.04307950 [8232] Hooked 778128B0 -> 6F761160
00000029 0.04311570 [8232] Hook_IAT_x64_IAT(777B0000, ntdll.dll, NtQueryInformationProcess, 6F761080, 00000000) 00000030 0.04317190 [8232] Hooked 77D74BA0 -> 6F761080
00000031 0.04320340 [8232] Hook_IAT_x64_IAT(778A0000, ntdll.dll, NtQueryInformationProcess, 6F761080, 00000000) 00000032 0.04325270 [8232] Hooked 77D74BA0 -> 6F761080
00000033 0.04330470 [8232] Hook_Inline(76e48ab0, 6f763590, PrivateExtractIconsWHook)
00000034 0.04333840 [8232] Hook_Inline did hotpatch -> context=76e48ab2 00000035 0.04336230 [8232] Hook_IAT_x64_IAT(76E10000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 6F763510, 6F7706D0)
00000036 0.04338740 [8232] Hooking failed (-1)
00000037 0.04339860 [8232] Hook_IAT_x64_IAT(76E10000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 6F763510, 6F7706D0)
00000038 0.04340710 [8232] Hooked 779C0130 -> 6F763510
00000039 0.07670030 [8232] Process has child with PID 16380 00000040 0.07677220 [8232] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)
00000041 0.07679150 [8232] Injecting into WOW64 Process? 0
00000042 0.07692820 [8232] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000043 0.07729160 [16380] LDNTVDM is running inside conhost.exe
00000044 0.07732140 [16380] Hook_IAT_x64(BFF70000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, BE6745CC)
00000045 0.07733520 [16380] Hooked C18C70E0 -> BE6745CC 00000046 0.07734170 [16380] LDNTVDM: BasepProcessInvalidImageReal = C18C70E0
00000047 0.07734930 [16380] LDNTVDM: BaseIsDosApplication = C18EE9E0
00000048 0.07735670 [16380] Hook_IAT_x64_IAT(BFF70000, ntdll.dll, NtCreateUserProcess, BE6743CC, BE6828C0)
00000049 0.07738240 [16380] Hooked C28A50D0 -> BE6743CC 00000050 0.07738710 [16380] LDNTVDM is running inside ConHost.exe
00000051 0.07746470 [16380] ShouldUseConhostV2 hook installed @BF866850 00000052 0.07747510 [16380] Hook_IAT_x64_IAT(87590000, ntdll.dll, RtlAllocateHeap, BE671304, BE6828F8)
00000053 0.07749910 [8232] BaseGetNextVDMCommand: ConsoleHandle=00003FFC, iTask=00000007
00000054 0.07751640 [16380] Hooked C2828AC0 -> BE671304 00000055 0.07754320 [8232] BaseGetNextVDMCommand(268500999) = 00000000
00000056 0.07764930 [16380] Hook_Inline(7ffbc1b4f9c0, 7ffbbe672b94, PrivateExtractIconsWHook)
00000057 0.07769860 [16380] dwOrigSize detected: 7
00000058 0.07775360 [8232] NTVDM: 18432K Memory: 1024K XMS, 0K EMS, 16384K DPMI 00000059 0.07776940 [16380] Hook_Inline context=7ffbc1bc4e76
00000060 0.07778490 [16380] Hook_IAT_x64_IAT(C1B30000, api-ms-win-core-file-l1-2-1.dll, ReadFile, BE672AB0, BE6828E8)
00000061 0.07779330 [16380] Hooking failed (-1) 00000062 0.07780190 [16380] Hook_IAT_x64_IAT(C1B30000, api-ms-win-core-file-l1-1-0.dll, ReadFile, BE672AB0, BE6828E8)
00000063 0.07781180 [16380] Hooked BFFA4420 -> BE672AB0 00000064 0.07976330 [8232] BaseIsFirstVDM(65545) = C0000022 00000065 0.08006070 [8232] YODA debug event handler installed
00000066 0.08067470 [8232] Loading [C:\WINDOWS\system32\ntio.sys]
00000067 0.08068730 [8232] VDM ModLoad: C:\WINDOWS\system32\ntio.sys => segment 8e05, len=8430
00000068 0.08072060 [8232] VDM SegMove: C:\WINDOWS\system32\ntio.sys (1) 8e05 => 70, len = 8430 00000069 0.08361330 [8232] VDM SegMove: C:\WINDOWS\system32\ntdos.sys (2) 9386 => a7, len = 8f29
00000070 0.08928200 [8232] Loading [C:\WINDOWS\SYSTEM32\HIMEM.SYS]
00000071 0.08936900 [8232] VDM ModLoad: C:\WINDOWS\SYSTEM32\HIMEM.SYS => segment 0, len=12a0
00000072 0.08996150 [8232] VDM SegMove: C:\WINDOWS\system32\ntdos.sys (1) 9386 => fe2e, len = 793f
00000073 0.09228810 [8232] Loading [C:\WINDOWS\SYSTEM32\COMMAND.COM]
00000074 0.09230000 [8232] VDM ModLoad: C:\WINDOWS\SYSTEM32\COMMAND.COM => segment 410, len=c5bc
00000075 0.10043860 [8232] Loading [C:\WINDOWS\system32\MSCDEXNT.EXE]
00000076 0.10045840 [8232] VDM ModLoad: C:\WINDOWS\system32\MSCDEXNT.EXE => segment c898, len=200
00000077 0.10276500 [8232] Loading [C:\WINDOWS\system32\REDIR.EXE]
00000078 0.10278150 [8232] VDM ModLoad: C:\WINDOWS\system32\REDIR.EXE => segment c8af, len=1400 00000079 0.10509880 [8232] Loading [C:\WINDOWS\system32\DOSX.EXE]
00000080 0.10511630 [8232] VDM ModLoad: C:\WINDOWS\system32\DOSX.EXE => segment c9d4, len=de00
00000081 0.10638460 [8232] VDM SegLoad: C:\WINDOWS\system32\DOSX.EXE(0) Data => b7
00000082 0.10640660 [8232] VDM SegLoad: C:\WINDOWS\system32\DOSX.EXE(2) Code => cf
00000083 0.10642730 [8232] VDM SegLoad: C:\WINDOWS\system32\DOSX.EXE(3) Code => c7
00000084 0.10941020 [8232] BaseGetNextVDMCommand: ConsoleHandle=00003FFC, iTask=00000000
00000085 0.10946020 [8232] BaseGetNextVDMCommand(268500999) = 00000000
00000086 0.12741619 [16380] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 00000087 0.48980349 [12924] LDNTVDM is running inside WerFault.exe
00000088 0.48981911 [12924] Hook_IAT_x64(BFF70000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, BE6745CC)
00000089 0.48985159 [12924] Hooked C18C70E0 -> BE6745CC 00000090 0.48991421 [12924] LDNTVDM: BasepProcessInvalidImageReal = C18C70E0
00000091 0.48992190 [12924] LDNTVDM: BaseIsDosApplication = C18EE9E0
00000092 0.48997909 [12924] Hook_IAT_x64_IAT(BFF70000, ntdll.dll, NtCreateUserProcess, BE6743CC, BE6828C0)
00000093 0.48998570 [12924] Hooked C28A50D0 -> BE6743CC 00000094 0.51846367 [12924] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 00000095 78.78274536 [18400] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)

[leecher1337]

Log looks OK to me, please try attached version of ldntvdm.dll in System32 directory (rename ldntvdm.dll to ldntvdm.dll.bak and copy new ldntvdm.dll there, then reboot) and redo DbgView recording, it should output some more information about NLS table initialization. ldntvdm.zip

[dominicraf]

Trying with Windows 11 10.0.22000.434, I rebuilt reinstalled and rebooted. Now when I try to start it I get a box headed '16 bit MS-DOS Subsystem' with text: NTVDM has encountered a System Error. No process is on the other end of the pipe. Choose 'Close' to terminate the application

[leecher1337]

@dominicraf So same issue as described in this thread? So, changing font "cures" conhost crash? Have you tried ldntvdm attached in my previous post, which contains more logging regarding the Win11 NLS conhost bug. If so, please paste DbgView output.

[dominicraf]

I had not previously touched the fonts at all - I am using Consolas (but see below). Also I just did an advised upgrade so now I am on Windows 11 v10.0.22000.469.

I installed Dbgview and your ldntvdm.dll and I give below the output (I have tried to leave out a lot of stuff that looked irrelevant) - comments continue below.

00000001    0.00000000  [16400] LDNTVDM is running inside MoNotificationUx.exe  
00000002    0.00003750  [16400] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)  
00000003    0.00007020  [16400] Hooked 0E0A70E0 -> 0B2B453C 
00000004    0.00008710  [16400] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0    
00000005    0.00010320  [16400] LDNTVDM: BaseIsDosApplication = 0E0CE9E0    
00000006    0.00012200  [16400] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)   
00000007    0.00015460  [16400] Hooked 0F3850D0 -> 0B2B43FC 
00000008    0.00017770  [16400] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)   
00000009    0.00019680  [16400] dwOrigSize detected: 7  
00000010    0.00022820  [16400] Hook_Inline context=7ffd0d4b4e76    
00000011    0.00024340  [16400] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)    
00000012    0.00026000  [16400] Hooking failed (-1) 
00000013    0.00027590  [16400] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)    
00000014    0.00029320  [16400] Hooked 0CA94420 -> 0B2B2AB0 
00000015    0.04615560  [16400] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000016    0.06686960  [16400] Populating UpdatePolicy AllowList   
00000017    0.06707520  [16400] SKU MDM licensing allow list string from SLAPI: 
00000018    0.06709580  [16400] AboveLock|Accounts|ActiveXControls|ADMXIngest|AllowMessageSync|AppHVSI|ApplicationDefaults|AllowAllTrustedApps|AllowAppStoreAutoUpdate|AllowAutomaticAppArchiving|AllowDeveloperUnlock|AllowGameDVR|AllowSharedUserAppData|ApplicationRestrictions|Audit|ConfigureChatIcon|LaunchAppAfterLogOn|MSIAllowUserControlOverInstall|MSIAlwaysInstallWithElevatedPrivileges|RestrictAppDataToSystemVolume|RestrictAppToSystemVolume|AppRuntime|AttachmentManager|Authentication|Autoplay|BitLocker|BITS|Bluetooth|Browser|Camera|Cellular|Connectivity|ControlPolicyConflict|CredentialProviders|CredentialsDelegation|CredentialsUI|Cryptography|DataProtection|DataUsage|Defender|DeliveryOptimization|Desktop|ConfigureSystemGuardLaunch|EnableVirtualizationBasedSecurity|DeviceHealthMonitoring|DeviceInstallation|DeviceLock|Display|DmaGuard|ErrorReporting|Eap|Education|EnterpriseCloudPrint|EventLogService|AllowClipboardHistory|AllowCopyPaste|AllowCortana|AllowDeviceDiscovery|AllowManualMDMUnenrollment|AllowSaveAsOfOfficeFiles|AllowScreenCapture|AllowSharingOfOfficeFiles|AllowSIMErrorDialogPromptWhenNoSIM|AllowSyncMySettings|AllowTailoredExperiencesWithDiagnosticData|AllowTaskSwitcher|AllowThirdPartySuggestionsInWindowsSpotlight|AllowVoiceRecording|DoNotShowFeedbackNotifications|DoNotSyncBrowserSettings|AllowFindMyDevice|ExploitGuard|Feeds|FileExplorer|Games|Handwriting|HumanPresence|InternetExplorer|Kerberos|KioskBrowser|Knobs|LanmanWorkstation|Licensing|LocalPoliciesSecurityOptions|LocalUsersAndGroups|Lockdown|Maps|MemoryDump|MSSecurityGuide|MSSLegacy|Multitasking|NetworkIsolation|NetworkListManager|NewsAndInterests|Notifications|OneDrive|Power|Printers|Privacy|RemoteAssistance|RemoteDesktopServices|RemoteDesktop|RemoteManagement|RemoteProcedureCall|RemoteShell|RestrictedGroups|Search|Security|Settings|SmartScreen|Speech|Start|Storage|System|SystemServices|TaskManager|TaskScheduler|TenantRestrictions|TextInput|TimeLanguageSettings|Troubleshooting|Update|UserRights|VirtualizationBasedTechnology|WiFi|WindowsLogon|WirelessDisplay|Location|WindowsAutopilot|WindowsConnectionManager|WindowsDefenderSecurityCenter|WindowsInkWorkspace|WindowsPowerShell|WindowsSandbox|WiredNetwork  
00000019    0.06711130  [16400]     
00000020    0.06716130  [16400] All policies are allowed    
00000021    0.11091090  [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000022    0.11096370  [6620] AURACtrl::Sync   
...
00000189    2.74267030  [10688] Injecting into WOW64 Process? 0 
00000190    2.74270368  [10688] Hook_Inline(7ffd0f3be1ac, 1738fa40000, code)    
00000191    2.74272490  [10688] dwOrigSize detected: 10 
00000192    2.74343920  [10688] About to alloc page @7ffd0f2df000   
00000193    2.74349165  [10688] Hook_Inline context=7ffd0f2d0000    
00000194    2.74353480  [10688] APPCERT_IMAGE_OK_TO_RUN 
00000195    2.74355149  [10688] APPCERT_CREATION_ALLOWED    
00000196    2.78183198  [16544] LDNTVDM is running inside cmd.exe   
00000197    2.78190970  [16544] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)  
00000198    2.78193212  [16544] Hooked 0E0A70E0 -> 0B2B453C 
00000199    2.78194594  [16544] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0    
00000200    2.78196812  [16544] LDNTVDM: BaseIsDosApplication = 0E0CE9E0    
00000201    2.78197932  [16544] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)   
00000202    2.78201389  [16544] Hooked 0F3850D0 -> 0B2B43FC 
00000203    2.83217931  [16544] Process has child with PID 16552    
00000204    2.83228207  [16544] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe) 
00000205    2.83230829  [16544] Injecting into WOW64 Process? 0 
00000206    2.83245850  [16544] Created injection thread h=00000090, tid=7852   
00000207    2.83323002  [16552] LDNTVDM is running inside conhost.exe   
00000208    2.83329320  [16552] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)  
00000209    2.83331609  [16552] Hooked 0E0A70E0 -> 0B2B453C 
00000210    2.83333468  [16552] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0    
00000211    2.83335161  [16552] LDNTVDM: BaseIsDosApplication = 0E0CE9E0    
00000212    2.83336949  [16552] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)   
00000213    2.83340526  [16552] Hooked 0F3850D0 -> 0B2B43FC 
00000214    2.83342409  [16552] LDNTVDM is running inside ConHost.exe   
00000215    2.83356881  [16552] Hook_IAT_x64_IAT(C5510000, ntdll.dll, RtlAllocateHeap, 0B2B1304, 0B2C2988)  
00000216    2.83359361  [16552] Hooked 0F308AC0 -> 0B2B1304 
00000217    2.83361602  [16552] OEMCP_FixNLSTable enter 
00000218    2.83372474  [16552] Peb->OemCodePageData set to CCA70000    
00000219    2.83374619  [16552] OEMCP_CallInitializeCustomCP    
00000220    2.83385611  [16552] failed: nt=C5510000, fnInitializeCustomCP=0 
00000221    2.83388114  [16552] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)   
00000222    2.83390236  [16552] dwOrigSize detected: 7  
00000223    2.83393216  [16552] Hook_Inline context=7ffd0d4b4e76    
00000224    2.83395004  [16552] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)    
00000225    2.83396840  [16552] Hooking failed (-1) 
00000226    2.83398485  [16552] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)    
00000227    2.83400559  [16552] Hooked 0CA94420 -> 0B2B2AB0 
00000228    2.88217711  [16552] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000229    2.88225985  [16544] RtlCreateUserThread Status = 00000000   
00000230    2.88232470  [16544] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000231    2.90196729  [16544] UpdateSymbolCache() 
00000232    2.90280604  [16544] Symsrv options: 00000002    
00000233    2.90284705  [16544] DBGHELP: Symbol Search Path: SRV*C:\WINDOWS\Symbols*C:\Users\Dominic\AppData\Local\Temp\SymbolCache*http://msdl.microsoft.com/download/symbols  
00000234    2.90287971  [16544] DBGHELP: No header for C:\WINDOWS\system32\conhost.exe.  Searching for image on disk    
00000235    2.90294075  [16544] DBGHELP: C:\WINDOWS\system32\conhost.exe - OK   
00000236    2.90746856  [16544] SYMSRV:  C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb   
00000237    2.91905880  [16544] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863  
00000238    2.91907740  [16544] DBGHELP: C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb - drive not ready     
00000239    2.91914248  [16544] DBGHELP: C:\WINDOWS\system32\conhost.pdb - file not found   
00000240    2.92019677  [16544] DBGHELP: conhost.pdb - file not found   
00000241    2.92025423  [16544] DBGHELP: conhost - no symbols loaded    
00000242    2.92027235  [16544] UpdateSymbolCache() loading conhost.exe symbols 
00000243    2.92028761  [16544] SymEng_GetAddr ShouldUseConhostV2   
00000244    2.92031431  [16544] SymFromName failed: 0000007E    
00000245    2.92033029  [16544] SymEng_GetAddr ConhostV2ForcedInRegistry    
00000246    2.92034721  [16544] SymFromName failed: 0000007E    
00000247    2.92045426  [16544] DBGHELP: No header for C:\WINDOWS\system32\conhostV1.dll.  Searching for image on disk  
00000248    2.92051530  [16544] DBGHELP: C:\WINDOWS\system32\conhostV1.dll - OK     
00000249    2.92069650  [16544] SYMSRV:  C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb   
00000250    2.92078471  [16544] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863  
00000251    2.92080402  [16544] DBGHELP: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb - drive not ready     
00000252    2.92085171  [16544] DBGHELP: C:\WINDOWS\system32\ConhostV1.pdb - file not found     
00000253    2.92172670  [16544] DBGHELP: ConhostV1.pdb - file not found     
00000254    2.92186666  [16544] DBGHELP: conhostV1 - export symbols     
00000255    2.92188239  [16544] UpdateSymbolCache() loading conhostV1.dll symbols   
00000256    2.92189693  [16544] SymEng_GetAddr InitializeCustomCP   
00000257    2.92191958  [16544] SymFromName failed: 0000007E    
00000258    2.92395997  [16544] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130    
00000259    2.98347926  [16544] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');   
00000260    2.99414802  [16544] VDMState=00000001   
00000261    2.99545598  [16544] LDNTVDM: Launch DOS!    
00000262    3.01446271  [16544] Injecting into WOW64 Process? 1 
00000263    3.01474524  [16544] Hook_Inline(76fdf5d0, f0000, code)  
00000264    3.01476908  [16544] dwOrigSize detected: 10 
00000265    3.01529312  [16544] About to alloc page @76f2f000   
00000266    3.01534557  [16544] Hook_Inline context=76f20000    
00000267    3.01549006  [16544] Hook_Inline(7ffd0f3be1ac, 100000, code) 
00000268    3.01551127  [16544] dwOrigSize detected: 10 
00000269    3.01611567  [16544] About to alloc page @7ffd0f2df000   
00000270    3.01616049  [16544] Hook_Inline context=7ffd0f2d0000    
00000271    3.01625276  [16544] APPCERT_IMAGE_OK_TO_RUN 
00000272    3.01626825  [16544] APPCERT_CREATION_ALLOWED    
00000273    3.02916121  [18096] LDNTVDM is running inside ntvdm.exe 
00000274    3.02923298  [18096] Hook_IAT_x64(75E80000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 74013FF0)  
00000275    3.02926159  [18096] Hooked 75A85CE0 -> 74013FF0 
00000276    3.02928591  [18096] LDNTVDM: BasepProcessInvalidImageReal = 75A85CE0    
00000277    3.02930760  [18096] LDNTVDM: BaseIsDosApplication = 75AAA490    
00000278    3.02933049  [18096] Hook_IAT_x64_IAT(75E80000, ntdll.dll, NtCreateUserProcess, 74013F20, 740206C0)  
00000279    3.02937365  [18096] Hooked 76FA5700 -> 74013F20 
00000280    3.02940607  [18096] Hook_IAT_x64_IAT(75A50000, ntdll.dll, CsrClientCallServer, 74012690, 7401B000)  
00000281    3.02943158  [18096] Hooked 76FF24A0 -> 74012690 
00000282    3.02945614  [18096] Hook_IAT_x64_IAT(75A50000, ntdll.dll, CsrAllocateMessagePointer, 74012800, 00000000)    
00000283    3.02948070  [18096] Hooked 76FF2360 -> 74012800 
00000284    3.02950406  [18096] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 74011160, 740206D4)  
00000285    3.02953124  [18096] Hooked 75AB28B0 -> 74011160 
00000286    3.02955437  [18096] Hook_IAT_x64_IAT(75A50000, ntdll.dll, NtQueryInformationProcess, 74011080, 00000000)    
00000287    3.02958131  [18096] Hooked 76FA4BA0 -> 74011080 
00000288    3.02960277  [18096] Hook_IAT_x64_IAT(75E80000, ntdll.dll, NtQueryInformationProcess, 74011080, 00000000)    
00000289    3.02962923  [18096] Hooked 76FA4BA0 -> 74011080 
00000290    3.02965951  [18096] Hook_Inline(74cf8ab0, 74013590, PrivateExtractIconsWHook)   
00000291    3.02968979  [18096] Hook_Inline did hotpatch -> context=74cf8ab2    
00000292    3.02971148  [18096] Hook_IAT_x64_IAT(74CC0000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 74013510, 740206D0)   
00000293    3.02973366  [18096] Hooking failed (-1) 
00000294    3.02975678  [18096] Hook_IAT_x64_IAT(74CC0000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 74013510, 740206D0)   
00000295    3.02977991  [18096] Hooked 75FA0130 -> 74013510 
00000296    3.08092451  [18096] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000297    3.08291173  [18096] BaseGetNextVDMCommand: ConsoleHandle=000040A8, iTask=00000000   
00000298    3.08295083  [18096] BaseGetNextVDMCommand(268500999) = 00000000 
00000299    3.08582520  [18096] BaseIsFirstVDM(65545) = C0000022    
00000300    3.12958407  [18096] BaseGetNextVDMCommand: ConsoleHandle=000040A8, iTask=00000000   
00000301    3.12965918  [18096] BaseGetNextVDMCommand(268500999) = 00000000 
00000302    3.44073677  [1580] LDNTVDM is running inside WerFault.exe   
00000303    3.44078755  [1580] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)   
00000304    3.44080710  [1580] Hooked 0E0A70E0 -> 0B2B453C  
00000305    3.44083166  [1580] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0 
00000306    3.44084477  [1580] LDNTVDM: BaseIsDosApplication = 0E0CE9E0 
00000307    3.44085932  [1580] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)    
00000308    3.44089317  [1580] Hooked 0F3850D0 -> 0B2B43FC  
00000309    3.49070477  [1580] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)  
00000310    5.67628384  [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
...
00000509    13.52215862 [2640] LDNTVDM is running inside SystemSettings.exe 
00000510    13.52356434 [16908] LDNTVDM is running inside ApplicationFrameHost.exe  
00000511    13.52480316 [6620] Sync0 Address 0x72 ChipID 0x3570 
00000512    13.52606392 [2640] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)   
00000513    13.52738857 [16908] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)  
00000514    13.52868462 [6620] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000515    13.53012180 [2640] Hooked 0E0A70E0 -> 0B2B453C  
00000516    13.53142834 [16908] Hooked 0E0A70E0 -> 0B2B453C 
00000517    13.53291702 [6620] Sync1 Address 0x72 ChipID 0x3570 
00000518    13.53418922 [2640] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0 
00000519    13.53545284 [16908] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0    
00000520    13.53674221 [6620] Direction 0  
00000521    13.53816605 [2640] LDNTVDM: BaseIsDosApplication = 0E0CE9E0 
00000522    13.53941154 [16908] LDNTVDM: BaseIsDosApplication = 0E0CE9E0    
00000523    13.54069424 [6620] Sync1 frame_tobe_write 0xB7 effect_support 0x1   
00000524    13.54193878 [2640] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)    
00000525    13.54317093 [16908] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)   
00000526    13.54459190 [2640] Hooked 0F3850D0 -> 0B2B43FC  
00000527    13.54592514 [16908] Hooked 0F3850D0 -> 0B2B43FC 
00000528    14.00708485 [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000529    14.00713921 [6620] AURACtrl::Sync   
00000530    14.00721741 [16908] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000531    14.00726414 [2640] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)  
...
00000662    14.21620464 [6620] Sync1 frame_tobe_write 0xB7 effect_support 0x1   
00000663    14.65336800 [8544] LDNTVDM is running inside UserOOBEBroker.exe 
00000664    14.65340805 [8544] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)   
00000665    14.65343475 [8544] Hooked 0E0A70E0 -> 0B2B453C  
00000666    14.65345287 [8544] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0 
00000667    14.65347195 [8544] LDNTVDM: BaseIsDosApplication = 0E0CE9E0 
00000668    14.65349483 [8544] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)    
00000669    14.65353298 [8544] Hooked 0F3850D0 -> 0B2B43FC  
00000670    14.65356636 [8544] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)    
00000671    14.65358925 [8544] dwOrigSize detected: 7   
00000672    14.65361786 [8544] Hook_Inline context=7ffd0d4b4e76 
00000673    14.65364170 [8544] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978) 
00000674    14.65366840 [8544] Hooking failed (-1)  
00000675    14.65370083 [8544] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978) 
00000676    14.65372944 [8544] Hooked 0CA94420 -> 0B2B2AB0  
00000677    14.71276665 [8544] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)  
00000678    14.75612640 [18672] LDNTVDM is running inside FileCoAuth.exe    
00000679    14.75616646 [18672] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)  
00000680    14.75618744 [18672] Hooked 0E0A70E0 -> 0B2B453C 
00000681    14.75620651 [18672] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0    
00000682    14.75622368 [18672] LDNTVDM: BaseIsDosApplication = 0E0CE9E0    
00000683    14.75624275 [18672] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)   
00000684    14.75627804 [18672] Hooked 0F3850D0 -> 0B2B43FC 
00000685    14.75630569 [18672] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)   
00000686    14.75632668 [18672] dwOrigSize detected: 7  
00000687    14.75635529 [18672] Hook_Inline context=7ffd0d4b4e76    
00000688    14.75637436 [18672] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)    
00000689    14.75639534 [18672] Hooking failed (-1) 
00000690    14.75641251 [18672] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)    
00000691    14.75643158 [18672] Hooked 0CA94420 -> 0B2B2AB0 
00000692    14.79506397 [2640] Populating UpdatePolicy AllowList    
00000693    14.79524612 [2640] SKU MDM licensing allow list string from SLAPI:  
00000694    14.79526901 [2640] AboveLock|Accounts|ActiveXControls|ADMXIngest|AllowMessageSync|AppHVSI|ApplicationDefaults|AllowAllTrustedApps|AllowAppStoreAutoUpdate|AllowAutomaticAppArchiving|AllowDeveloperUnlock|AllowGameDVR|AllowSharedUserAppData|ApplicationRestrictions|Audit|ConfigureChatIcon|LaunchAppAfterLogOn|MSIAllowUserControlOverInstall|MSIAlwaysInstallWithElevatedPrivileges|RestrictAppDataToSystemVolume|RestrictAppToSystemVolume|AppRuntime|AttachmentManager|Authentication|Autoplay|BitLocker|BITS|Bluetooth|Browser|Camera|Cellular|Connectivity|ControlPolicyConflict|CredentialProviders|CredentialsDelegation|CredentialsUI|Cryptography|DataProtection|DataUsage|Defender|DeliveryOptimization|Desktop|ConfigureSystemGuardLaunch|EnableVirtualizationBasedSecurity|DeviceHealthMonitoring|DeviceInstallation|DeviceLock|Display|DmaGuard|ErrorReporting|Eap|Education|EnterpriseCloudPrint|EventLogService|AllowClipboardHistory|AllowCopyPaste|AllowCortana|AllowDeviceDiscovery|AllowManualMDMUnenrollment|AllowSaveAsOfOfficeFiles|AllowScreenCapture|AllowSharingOfOfficeFiles|AllowSIMErrorDialogPromptWhenNoSIM|AllowSyncMySettings|AllowTailoredExperiencesWithDiagnosticData|AllowTaskSwitcher|AllowThirdPartySuggestionsInWindowsSpotlight|AllowVoiceRecording|DoNotShowFeedbackNotifications|DoNotSyncBrowserSettings|AllowFindMyDevice|ExploitGuard|Feeds|FileExplorer|Games|Handwriting|HumanPresence|InternetExplorer|Kerberos|KioskBrowser|Knobs|LanmanWorkstation|Licensing|LocalPoliciesSecurityOptions|LocalUsersAndGroups|Lockdown|Maps|MemoryDump|MSSecurityGuide|MSSLegacy|Multitasking|NetworkIsolation|NetworkListManager|NewsAndInterests|Notifications|OneDrive|Power|Printers|Privacy|RemoteAssistance|RemoteDesktopServices|RemoteDesktop|RemoteManagement|RemoteProcedureCall|RemoteShell|RestrictedGroups|Search|Security|Settings|SmartScreen|Speech|Start|Storage|System|SystemServices|TaskManager|TaskScheduler|TenantRestrictions|TextInput|TimeLanguageSettings|Troubleshooting|Update|UserRights|VirtualizationBasedTechnology|WiFi|WindowsLogon|WirelessDisplay|Location|WindowsAutopilot|WindowsConnectionManager|WindowsDefenderSecurityCenter|WindowsInkWorkspace|WindowsPowerShell|WindowsSandbox|WiredNetwork   
00000695    14.79528809 [2640]  
00000696    14.79534721 [2640] All policies are allowed 
00000697    14.83329105 [18672] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000698    16.27603531 [2336] LDNTVDM is running inside taskhostw.exe  
00000699    16.27607346 [2336] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)   
00000700    16.27609634 [2336] Hooked 0E0A70E0 -> 0B2B453C  
00000701    16.27611351 [2336] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0 
00000702    16.27612877 [2336] LDNTVDM: BaseIsDosApplication = 0E0CE9E0 
00000703    16.27614212 [2336] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)    
00000704    16.27617455 [2336] Hooked 0F3850D0 -> 0B2B43FC  
00000705    16.31977463 [2336] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)  
00000706    17.55430222 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000707    17.55631065 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000708    17.55809975 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000709    17.55960083 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000710    17.56120300 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000711    18.04552078 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000712    18.04728699 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000713    18.04937553 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)   
00000714    18.54718399 [6828] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)   
00000715    19.57489014 [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
...

After doing this, I switched the shortcut properties to using Raster font 10x18 instead of Consolas and hey presto it worked! But after I switched to trying to another non-Raster and then back to Raster it crashed without any error message at all - rather like OP's situation. Even after rebooting it now will not run at all - no error message, the windows flashes up and disappears. Here is the Dbgview output in this new situation:

00000169    3.03157115  [10316] Injecting into WOW64 Process? 0 
00000170    3.03160262  [10316] Hook_Inline(7ff8a0e3e1ac, 2bac2e00000, code)    
00000171    3.03162026  [10316] dwOrigSize detected: 10 
00000172    3.03227043  [10316] About to alloc page @7ff8a0d5f000   
00000173    3.03231406  [10316] Hook_Inline context=7ff8a0d50000    
00000174    3.03235030  [10316] APPCERT_IMAGE_OK_TO_RUN 
00000175    3.03236556  [10316] APPCERT_CREATION_ALLOWED    
00000176    3.06913829  [10928] LDNTVDM is running inside cmd.exe   
00000177    3.06918311  [10928] Hook_IAT_x64(9E5D0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 9CD3453C)  
00000178    3.06920886  [10928] Hooked 9F9870E0 -> 9CD3453C 
00000179    3.06923246  [10928] LDNTVDM: BasepProcessInvalidImageReal = 9F9870E0    
00000180    3.06926632  [10928] LDNTVDM: BaseIsDosApplication = 9F9AE9E0    
00000181    3.06933951  [10928] Hook_IAT_x64_IAT(9E5D0000, ntdll.dll, NtCreateUserProcess, 9CD343FC, 9CD42950)  
00000182    3.06938839  [10928] Hooked A0E050D0 -> 9CD343FC 
00000183    3.12318349  [10928] Process has child with PID 11276    
00000184    3.12328005  [10928] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe) 
00000185    3.12330604  [10928] Injecting into WOW64 Process? 0 
00000186    3.12343359  [10928] Created injection thread h=00000104, tid=15028  
00000187    3.12412429  [11276] LDNTVDM is running inside conhost.exe   
00000188    3.12417817  [11276] Hook_IAT_x64(9E5D0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 9CD3453C)  
00000189    3.12420130  [11276] Hooked 9F9870E0 -> 9CD3453C 
00000190    3.12422109  [11276] LDNTVDM: BasepProcessInvalidImageReal = 9F9870E0    
00000191    3.12423921  [11276] LDNTVDM: BaseIsDosApplication = 9F9AE9E0    
00000192    3.12426472  [11276] Hook_IAT_x64_IAT(9E5D0000, ntdll.dll, NtCreateUserProcess, 9CD343FC, 9CD42950)  
00000193    3.12431026  [11276] Hooked A0E050D0 -> 9CD343FC 
00000194    3.12433028  [11276] LDNTVDM is running inside ConHost.exe   
00000195    3.12448096  [11276] Hook_IAT_x64_IAT(60080000, ntdll.dll, RtlAllocateHeap, 9CD31304, 9CD42988)  
00000196    3.12450576  [11276] Hooked A0D88AC0 -> 9CD31304 
00000197    3.12452650  [11276] OEMCP_FixNLSTable enter 
00000198    3.12463450  [11276] Peb->OemCodePageData set to 88210000    
00000199    3.12465644  [11276] OEMCP_CallInitializeCustomCP    
00000200    3.12476444  [11276] failed: nt=60080000, fnInitializeCustomCP=0 
00000201    3.12478971  [11276] Hook_Inline(7ff89f3ef9c0, 7ff89cd32b94, PrivateExtractIconsWHook)   
00000202    3.12481213  [11276] dwOrigSize detected: 7  
00000203    3.12484360  [11276] Hook_Inline context=7ff89f464e76    
00000204    3.12486076  [11276] Hook_IAT_x64_IAT(9F3D0000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 9CD32AB0, 9CD42978)   
00000205    3.12487841  [11276] Hooking failed (-1) 
00000206    3.12489486  [11276] Hook_IAT_x64_IAT(9F3D0000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 9CD32AB0, 9CD42978)   
00000207    3.12491322  [11276] Hooked 9E604420 -> 9CD32AB0 
00000208    3.17419147  [11276] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000209    3.17428112  [10928] RtlCreateUserThread Status = 00000000   
00000210    3.17435598  [10928] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000211    3.18943548  [10928] UpdateSymbolCache() 
00000212    3.19023252  [10928] Symsrv options: 00000002    
00000213    3.19027400  [10928] DBGHELP: Symbol Search Path: SRV*C:\WINDOWS\Symbols*C:\Users\Dominic\AppData\Local\Temp\SymbolCache*http://msdl.microsoft.com/download/symbols  
00000214    3.19030690  [10928] DBGHELP: No header for C:\WINDOWS\system32\conhost.exe.  Searching for image on disk    
00000215    3.19036841  [10928] DBGHELP: C:\WINDOWS\system32\conhost.exe - OK   
00000216    3.19496322  [10928] SYMSRV:  C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb   
00000217    3.20514750  [10928] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863  
00000218    3.20517349  [10928] DBGHELP: C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb - drive not ready     
00000219    3.20523596  [10928] DBGHELP: C:\WINDOWS\system32\conhost.pdb - file not found   
00000220    3.20620608  [10928] DBGHELP: conhost.pdb - file not found   
00000221    3.20626044  [10928] DBGHELP: conhost - no symbols loaded    
00000222    3.20627689  [10928] UpdateSymbolCache() loading conhost.exe symbols 
00000223    3.20629120  [10928] SymEng_GetAddr ShouldUseConhostV2   
00000224    3.20631742  [10928] SymFromName failed: 0000007E    
00000225    3.20633292  [10928] SymEng_GetAddr ConhostV2ForcedInRegistry    
00000226    3.20634890  [10928] SymFromName failed: 0000007E    
00000227    3.20646310  [10928] DBGHELP: No header for C:\WINDOWS\system32\conhostV1.dll.  Searching for image on disk  
00000228    3.20652747  [10928] DBGHELP: C:\WINDOWS\system32\conhostV1.dll - OK     
00000229    3.20670772  [10928] SYMSRV:  C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb   
00000230    3.20679569  [10928] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863  
00000231    3.20681429  [10928] DBGHELP: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb - drive not ready     
00000232    3.20686150  [10928] DBGHELP: C:\WINDOWS\system32\ConhostV1.pdb - file not found     
00000233    3.20763803  [10928] DBGHELP: ConhostV1.pdb - file not found     
00000234    3.20779514  [10928] DBGHELP: conhostV1 - export symbols     
00000235    3.20781088  [10928] UpdateSymbolCache() loading conhostV1.dll symbols   
00000236    3.20782447  [10928] SymEng_GetAddr InitializeCustomCP   
00000237    3.20784712  [10928] SymFromName failed: 0000007E    
00000238    3.20963621  [10928] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130    
00000239    3.27475882  [10928] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');   
00000240    3.28519487  [10928] VDMState=00000001   
00000241    3.28672647  [10928] LDNTVDM: Launch DOS!    
00000410    6.50493813  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000411    6.50658083  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000412    6.50820637  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000413    6.50977039  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000414    6.73545456  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000415    6.73723507  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000416    6.73946238  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000417    6.74159431  [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000418    11.24928856 [6624] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000419    11.25079346 [6624] AURACtrl::Sync   
00000420    11.25280571 [6624] Sync0 Address 0x72 ChipID 0x3570 
00000421    11.25417519 [6624] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000422    11.25545692 [6624] Sync1 Address 0x72 ChipID 0x3570 
00000423    11.25671864 [6624] Direction 0  
00000424    11.25801468 [6624] Sync1 frame_tobe_write 0x3F effect_support 0x1   

[leecher1337]

Thanks for the log, this seems to be the reason:

00000255    2.92188239  [16544] UpdateSymbolCache() loading conhostV1.dll symbols   
00000256    2.92189693  [16544] SymEng_GetAddr InitializeCustomCP   
00000257    2.92191958  [16544] SymFromName failed: 0000007E    

0x7e means, that symbol was not found. So the debug Symbols do not contain a reference to the function "InitializeCustomCP" in ConhostV1.DLL which is necessary to do the NLS table initialization. My ConhostV1.DLL is still from 06/2021 and version V10.0.22000.1 and contains the required symbol. Maybe you got a newer ConhostV1.dll where the function got ripped out, can you check this? ConhostV1.DLL is in system32 directory. M$ is in the process of removing these NLS functions, but they forgot that some functions depend on it an didn't fix those, which causes the crash. Reimplementing the missing function would be really painful, as they depend on ConhostV1 internal structures.

Judging from inferior M$ Software quality lately, I assume they are mainly developing in India nowadays.. ;-)

[dominicraf]

Hmm, my ConhostV1.dll is version 10.0.22000.1, dated 06/2021, so presumably same as yours (352256 bytes). (BTW I edited my previous post to add a second log, did you see it?)

[leecher1337]

Sounds like a permission problem with the symbol files.

00000229    3.20670772  [10928] SYMSRV:  C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb   
00000230    3.20679569  [10928] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863  
00000231    3.20681429  [10928] DBGHELP: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb - drive not ready     
0

Can you check if the file C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb is readable and writable for everyone? It should theoretically inherit access permissions from "Symbols" directory which gets set up during install with write permissions for everyone, but maybe it got downloaded from inside a process that has other access permissions and therefore reading the file or writing to the file (updating) is denied.

[dominicraf]

Permissions of that file are in gray (and same for 923DD6A5A61A4F6348488E67DABD234C1 and ConhostV1.pdb directories), and show 'Everyone' has all permissions. However the file has 0 size, which seems a bit strange? (So is the file C:\Windows\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb, by the way)

[leecher1337]

That sometimes happens if symbol downloads fail. When there is a 0 byte file, it doesn't try to redownload it and you are foiled. Try to the delete the 0 byte files, then the loader should download it again, maybe this time without errors

[dominicraf]

ok, to re-run the loader do I reinstall NTVDMx64 or rebuild it, or restart the machine?

[leecher1337]

It should be enough to start another application so that UpdateSymbolCache() function gets re-invoked, but you can also try to reboot.

[dominicraf]

I did that and the file(s) Conhostv1.pdb and conhost.pdb magically appeared (as non-zero files), but the 16-bit app still just flashed up in a window and disappeared. I then (unwisely, it seems) deleted the files again (without keeping a backup of Conhostv1.pdb doh!) and tried again. But now they don't re-appear even after re-booting and/or re-installing NTVDMx64.

Now when I try to launch 16-bit app, I get a box saying 'Unsupported 16-bit application' - though NTVDMx64 is installed.

[dominicraf]

I rebuilt and reinstalled NTVDMx64 and then rebooted. Then I ran the 16-bit app, and up it came - with Consolas font! Great. Then I started a second 16-bit app and both apps immediately disappeared and now neither will restart at all. So trying again with Dbgview shows:

00000001    0.00000000  [6360] Injecting into WOW64 Process? 0  
00000002    0.00003120  [6360] Hook_Inline(7ffe50f7e1ac, 2c57e0b0000, code) 
00000003    0.00007120  [6360] dwOrigSize detected: 10  
00000004    0.00081960  [6360] About to alloc page @7ffe50e9f000    
00000005    0.00086570  [6360] Hook_Inline context=7ffe50e90000 
00000006    0.00089770  [6360] APPCERT_IMAGE_OK_TO_RUN  
00000007    0.00091200  [6360] APPCERT_CREATION_ALLOWED 
00000008    0.03476210  [20896] LDNTVDM is running inside cmd.exe   
00000009    0.03480950  [20896] Hook_IAT_x64(4E5A0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 4CE3453C)  
00000010    0.03486230  [20896] Hooked 4FD270E0 -> 4CE3453C 
00000011    0.03491520  [20896] LDNTVDM: BasepProcessInvalidImageReal = 4FD270E0    
00000012    0.03492880  [20896] LDNTVDM: BaseIsDosApplication = 4FD4E9E0    
00000013    0.03495860  [20896] Hook_IAT_x64_IAT(4E5A0000, ntdll.dll, NtCreateUserProcess, 4CE343FC, 4CE42950)  
00000014    0.03499570  [20896] Hooked 50F450D0 -> 4CE343FC 
00000015    0.09382320  [20896] Process has child with PID 16820    
00000016    0.09391800  [20896] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe) 
00000017    0.09394340  [20896] Injecting into WOW64 Process? 0 
00000018    0.09407310  [20896] Created injection thread h=00000104, tid=21344  
00000019    0.09481730  [16820] LDNTVDM is running inside conhost.exe   
00000020    0.09486990  [16820] Hook_IAT_x64(4E5A0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 4CE3453C)  
00000021    0.09489480  [16820] Hooked 4FD270E0 -> 4CE3453C 
00000022    0.09491440  [16820] LDNTVDM: BasepProcessInvalidImageReal = 4FD270E0    
00000023    0.09493140  [16820] LDNTVDM: BaseIsDosApplication = 4FD4E9E0    
00000024    0.09494810  [16820] Hook_IAT_x64_IAT(4E5A0000, ntdll.dll, NtCreateUserProcess, 4CE343FC, 4CE42950)  
00000025    0.09498320  [16820] Hooked 50F450D0 -> 4CE343FC 
00000026    0.09500120  [16820] LDNTVDM is running inside ConHost.exe   
00000027    0.09515120  [16820] ShouldUseConhostV2 hook installed @D4E06850 
00000028    0.09517560  [16820] Hook_IAT_x64_IAT(45540000, ntdll.dll, RtlAllocateHeap, 4CE31304, 4CE42988)  
00000029    0.09519810  [16820] Hooked 50EC8AC0 -> 4CE31304 
00000030    0.09540500  [16820] Hook_Inline(7ffe4faaf9c0, 7ffe4ce32b94, PrivateExtractIconsWHook)   
00000031    0.09542860  [16820] dwOrigSize detected: 7  
00000032    0.09545980  [16820] Hook_Inline context=7ffe4fb24e76    
00000033    0.09547690  [16820] Hook_IAT_x64_IAT(4FA90000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 4CE32AB0, 4CE42978)   
00000034    0.09549400  [16820] Hooking failed (-1) 
00000035    0.09551000  [16820] Hook_IAT_x64_IAT(4FA90000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 4CE32AB0, 4CE42978)   
00000036    0.09552900  [16820] Hooked 4E5D4420 -> 4CE32AB0 
00000037    0.15102831  [16820] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000038    0.15111271  [20896] RtlCreateUserThread Status = 00000000   
00000039    0.15117830  [20896] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000040    0.16921359  [20896] UpdateSymbolCache() 
00000041    0.17130040  [20896] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130    
00000042    0.22495390  [20896] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');   
00000043    0.23795439  [20896] VDMState=00000001   
00000044    0.23798349  [20896] LDNTVDM: Launch DOS!    

[leecher1337]

The reason for the files not reapperaing is that their symbols got cached in the registry in HKLM\Software\ldntvdm and HKLM\WOW3264Node\Software\ldntvdm The symbols only get reloaded if it is necessary due to missing symbols or changed DLL file versions, so you got hit by the caching mechanism. If you want it to redownload everything, after deleting the symbol files, you also have to delete the ldntvdm-Key contents (not the key itself, as this would mess up access permissions).

When reinstalling NTVDMx64, I guess you didn't change the ldntvdm.dll with the one from this thread that contains additional debug info, otherwise it would be visible in the logs. Please retry with the debug-version from this thread .

[dominicraf]

Correct sorry. So here is the dbgview output with the amnded ldntvdm.dll installed (still the 16-bit does not run the window just flashes briefly and there is no message):

00000001    0.00000000  [1132] Injecting into WOW64 Process? 0  
00000002    0.00003070  [1132] Hook_Inline(7fffcbb1e1ac, 25e48cb0000, code) 
00000003    0.00005680  [1132] dwOrigSize detected: 10  
00000004    0.00069000  [1132] About to alloc page @7fffcba3f000    
00000005    0.00073230  [1132] Hook_Inline context=7fffcba30000 
00000006    0.00076270  [1132] APPCERT_IMAGE_OK_TO_RUN  
00000007    0.00077920  [1132] APPCERT_CREATION_ALLOWED 
00000008    0.01360580  [18664] LDNTVDM is running inside wlrmdr.exe    
00000009    0.01364560  [18664] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)  
00000010    0.01366610  [18664] Hooked CAED70E0 -> C7A1453C 
00000011    0.01368380  [18664] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0    
00000012    0.01369910  [18664] LDNTVDM: BaseIsDosApplication = CAEFE9E0    
00000013    0.01371490  [18664] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)  
00000014    0.01374820  [18664] Hooked CBAE50D0 -> C7A143FC 
00000015    0.01377000  [18664] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)   
00000016    0.01378810  [18664] dwOrigSize detected: 7  
00000017    0.01381550  [18664] Hook_Inline context=7fffcb8e4e76    
00000018    0.01383150  [18664] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)   
00000019    0.01384750  [18664] Hooking failed (-1) 
00000020    0.01386310  [18664] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)   
00000021    0.01388030  [18664] Hooked C9024420 -> C7A12AB0 
00000022    0.06609380  [18664] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000023    0.94413632  [9780] VoiceControlEngine.exe Information: 0 :  
00000024    0.94444072  [9780] SAPI does not implement phonetic alphabet selection.     
00000025    1.25459611  [17916] LDNTVDM is running inside LocationNotificationWindows.exe   
00000026    1.25463450  [17916] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)  
00000027    1.25465548  [17916] Hooked CAED70E0 -> C7A1453C 
00000028    1.25467348  [17916] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0    
00000029    1.25468981  [17916] LDNTVDM: BaseIsDosApplication = CAEFE9E0    
00000030    1.25470614  [17916] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)  
00000031    1.25474000  [17916] Hooked CBAE50D0 -> C7A143FC 
00000032    1.25476241  [17916] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)   
00000033    1.25478435  [17916] dwOrigSize detected: 7  
00000034    1.25481057  [17916] Hook_Inline context=7fffcb8e4e76    
00000035    1.25482690  [17916] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)   
00000036    1.25484347  [17916] Hooking failed (-1) 
00000037    1.25486159  [17916] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)   
00000038    1.25487864  [17916] Hooked C9024420 -> C7A12AB0 
00000039    1.31879854  [17916] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000040    2.61359048  [6488] Injecting into WOW64 Process? 0  
00000041    2.61361957  [6488] Hook_Inline(7fffcbb1e1ac, 2bf3f940000, code) 
00000042    2.61364460  [6488] dwOrigSize detected: 10  
00000043    2.61428428  [6488] About to alloc page @7fffcba3f000    
00000044    2.61432552  [6488] Hook_Inline context=7fffcba30000 
00000045    2.61435652  [6488] APPCERT_IMAGE_OK_TO_RUN  
00000046    2.61437130  [6488] APPCERT_CREATION_ALLOWED 
00000047    2.65285444  [4260] LDNTVDM is running inside cmd.exe    
00000048    2.65290689  [4260] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)   
00000049    2.65293789  [4260] Hooked CAED70E0 -> C7A1453C  
00000050    2.65296674  [4260] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0 
00000051    2.65298271  [4260] LDNTVDM: BaseIsDosApplication = CAEFE9E0 
00000052    2.65300941  [4260] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)   
00000053    2.65306020  [4260] Hooked CBAE50D0 -> C7A143FC  
00000054    2.70890355  [4260] Process has child with PID 17924 
00000055    2.70899534  [4260] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)  
00000056    2.70901990  [4260] Injecting into WOW64 Process? 0  
00000057    2.70914674  [4260] Created injection thread h=00000104, tid=17548   
00000058    2.70980549  [17924] LDNTVDM is running inside conhost.exe   
00000059    2.70982313  [17924] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)  
00000060    2.70984840  [17924] Hooked CAED70E0 -> C7A1453C 
00000061    2.70986772  [17924] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0    
00000062    2.70988750  [17924] LDNTVDM: BaseIsDosApplication = CAEFE9E0    
00000063    2.70990372  [17924] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)  
00000064    2.70993876  [17924] Hooked CBAE50D0 -> C7A143FC 
00000065    2.70995688  [17924] LDNTVDM is running inside ConHost.exe   
00000066    2.71010566  [17924] ShouldUseConhostV2 hook installed @15A96850 
00000067    2.71012950  [17924] Hook_IAT_x64_IAT(827D0000, ntdll.dll, RtlAllocateHeap, C7A11304, C7A22988)  
00000068    2.71015143  [17924] Hooked CBA68AC0 -> C7A11304 
00000069    2.71017170  [17924] OEMCP_FixNLSTable enter 
00000070    2.71027303  [17924] Peb->OemCodePageData set to 94A90000    
00000071    2.71029353  [17924] OEMCP_CallInitializeCustomCP    
00000072    2.71041679  [17924] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)   
00000073    2.71043921  [17924] dwOrigSize detected: 7  
00000074    2.71046948  [17924] Hook_Inline context=7fffcb8e4e76    
00000075    2.71048665  [17924] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)   
00000076    2.71050692  [17924] Hooking failed (-1) 
00000077    2.71052289  [17924] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)   
00000078    2.71054292  [17924] Hooked C9024420 -> C7A12AB0 
00000079    2.75668025  [17924] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 
00000080    2.75678706  [4260] RtlCreateUserThread Status = 00000000    
00000081    2.75684714  [4260] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)  
00000082    2.77180767  [4260] UpdateSymbolCache()  
00000083    2.77382445  [4260] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130 
00000084    2.82191992  [4260] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');    
00000085    2.85863948  [4260] VDMState=00000001    
00000086    2.86000037  [4260] LDNTVDM: Launch DOS! 
00000087    3.43808532  [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000088    3.43817925  [6664] AURACtrl::Sync   
00000089    3.43823767  [6664] Sync0 Address 0x72 ChipID 0x3570 
00000090    3.43830967  [6664] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000091    3.43835235  [6664] Sync1 Address 0x72 ChipID 0x3570 
00000092    3.43839478  [6664] Direction 0  
00000093    3.43844366  [6664] Sync1 frame_tobe_write 0x63 effect_support 0x1   
00000094    3.44797802  [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000095    3.44802237  [6664] AURACtrl::Sync   
00000096    3.44806075  [6664] Sync0 Address 0x72 ChipID 0x3570 
00000097    3.44809675  [6664] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000098    3.44813108  [6664] Sync1 Address 0x72 ChipID 0x3570 
00000099    3.44816566  [6664] Direction 0  
00000100    3.44819999  [6664] Sync1 frame_tobe_write 0x63 effect_support 0x1   
00000255    6.95117140  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000256    6.95415115  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000257    6.95601177  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000258    6.95783424  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000259    6.95953703  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000260    7.39219379  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000261    7.39397430  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000262    7.39575052  [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)  
00000263    9.38723087  [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000264    9.38864708  [6664] AURACtrl::Sync   
00000265    9.39072800  [16112] LDNTVDM is running inside MoNotificationUx.exe  
00000266    9.39214039  [6664] Sync0 Address 0x72 ChipID 0x3570 
00000267    9.39343739  [16112] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)  
00000268    9.39470291  [6664] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000269    9.39595985  [16112] Hooked CAED70E0 -> C7A1453C 
00000270    9.39720917  [6664] Sync1 Address 0x72 ChipID 0x3570 
00000271    9.39844894  [16112] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0    
00000272    9.39970016  [6664] Direction 0  
00000273    9.40094280  [16112] LDNTVDM: BaseIsDosApplication = CAEFE9E0    
00000274    9.40223217  [6664] Sync1 frame_tobe_write 0xD4 effect_support 0x1   
00000275    9.40372849  [16112] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)  
00000276    9.40507889  [16112] Hooked CBAE50D0 -> C7A143FC 
00000277    9.40632820  [16112] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)   
00000278    9.40756702  [16112] dwOrigSize detected: 7  
00000279    9.40882778  [16112] Hook_Inline context=7fffcb8e4e76    
00000280    9.41006088  [16112] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)   
00000281    9.41130543  [16112] Hooking failed (-1) 
00000282    9.41255951  [16112] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)   
00000283    9.41379833  [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000284    9.41505718  [16112] Hooked C9024420 -> C7A12AB0 
00000301    10.39632225 [16112] Populating UpdatePolicy AllowList   
00000302    10.39760780 [6664] Sync0 Address 0x72 ChipID 0x3570 
00000303    10.39888191 [16112] SKU MDM licensing allow list string from SLAPI: 
00000304    10.40014458 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000305    10.40140343 [16112] AboveLock|Accounts|ActiveXControls|ADMXIngest|AllowMessageSync|AppHVSI|ApplicationDefaults|AllowAllTrustedApps|AllowAppStoreAutoUpdate|AllowAutomaticAppArchiving|AllowDeveloperUnlock|AllowGameDVR|AllowSharedUserAppData|ApplicationRestrictions|Audit|ConfigureChatIcon|LaunchAppAfterLogOn|MSIAllowUserControlOverInstall|MSIAlwaysInstallWithElevatedPrivileges|RestrictAppDataToSystemVolume|RestrictAppToSystemVolume|AppRuntime|AttachmentManager|Authentication|Autoplay|BitLocker|BITS|Bluetooth|Browser|Camera|Cellular|Connectivity|ControlPolicyConflict|CredentialProviders|CredentialsDelegation|CredentialsUI|Cryptography|DataProtection|DataUsage|Defender|DeliveryOptimization|Desktop|ConfigureSystemGuardLaunch|EnableVirtualizationBasedSecurity|DeviceHealthMonitoring|DeviceInstallation|DeviceLock|Display|DmaGuard|ErrorReporting|Eap|Education|EnterpriseCloudPrint|EventLogService|AllowClipboardHistory|AllowCopyPaste|AllowCortana|AllowDeviceDiscovery|AllowManualMDMUnenrollment|AllowSaveAsOfOfficeFiles|AllowScreenCapture|AllowSharingOfOfficeFiles|AllowSIMErrorDialogPromptWhenNoSIM|AllowSyncMySettings|AllowTailoredExperiencesWithDiagnosticData|AllowTaskSwitcher|AllowThirdPartySuggestionsInWindowsSpotlight|AllowVoiceRecording|DoNotShowFeedbackNotifications|DoNotSyncBrowserSettings|AllowFindMyDevice|ExploitGuard|Feeds|FileExplorer|Games|Handwriting|HumanPresence|InternetExplorer|Kerberos|KioskBrowser|Knobs|LanmanWorkstation|Licensing|LocalPoliciesSecurityOptions|LocalUsersAndGroups|Lockdown|Maps|MemoryDump|MSSecurityGuide|MSSLegacy|Multitasking|NetworkIsolation|NetworkListManager|NewsAndInterests|Notifications|OneDrive|Power|Printers|Privacy|RemoteAssistance|RemoteDesktopServices|RemoteDesktop|RemoteManagement|RemoteProcedureCall|RemoteShell|RestrictedGroups|Search|Security|Settings|SmartScreen|Speech|Start|Storage|System|SystemServices|TaskManager|TaskScheduler|TenantRestrictions|TextInput|TimeLanguageSettings|Troubleshooting|Update|UserRights|VirtualizationBasedTechnology|WiFi|WindowsLogon|WirelessDisplay|Location|WindowsAutopilot|WindowsConnectionManager|WindowsDefenderSecurityCenter|WindowsInkWorkspace|WindowsPowerShell|WindowsSandbox|WiredNetwork  
00000306    10.40516853 [6664] Sync1 Address 0x72 ChipID 0x3570 
00000307    10.40866089 [16112]     
00000308    10.41006184 [6664] Direction 0  
00000309    10.41136646 [16112] All policies are allowed    
00000310    10.41267586 [6664] Sync1 frame_tobe_write 0xD4 effect_support 0x1   
00000311    10.88105583 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)    
00000312    10.88247204 [6664] AURACtrl::Sync   
00000313    10.88440418 [6664] Sync0 Address 0x72 ChipID 0x3570 
00000314    10.91080284 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5  
00000315    10.91291523 [6664] Sync1 Address 0x72 ChipID 0x3570 
00000316    10.91415215 [6664] Direction 0  
00000317    10.93668461 [6664] Sync1 frame_tobe_write 0xD4 effect_support 0x1   
00000318    10.93923378 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)    

[leecher1337]

Cannot find anything suspicious in the logs now. Could be that conhost crashes or that it just doesn't launch NTVDM as it should. You can check Windows Event log to see if conhost.exe still crashes or if another application crashes on startup? If you launch a dos application from cmd.exe, does the console window vanish or is it just that the DOS application doesn't start? If conhost.exe crashes, you can attach a debugger like x64dbg to conhost.exe process and see where it crashes.

[dominicraf]

If I try to launch from a command prompt I see a message saying the file cannot be found, although it is clearly there.

C:\Users\Dominic>dir C:\UTILS\VBDOS.EXE
 Volume in drive C is DOMC
 Volume Serial Number is 988D-9F76

 Directory of C:\UTILS

19/08/1992  22:59           555,520 VBDOS.EXE
               1 File(s)        555,520 bytes
               0 Dir(s)  240,303,177,728 bytes free

C:\Users\Dominic>cmd.exe /C C:\UTILS\VBDOS.EXE
The system cannot find the file C:\UTILS\VBDOS.EXE.

[leecher1337]

This sounds like Windows\system32\ntvdm.exe and/or Windows\SysWOW64\ntvdm.exe is not present, are you sure that it's there and executable?

[dominicraf]

ntvdm.exe is present (and executable) in SysWOW64 but is not present in system32.

[leecher1337]

Then the hard linking on installation went wrong for whatever reason.

fsutil hardlink create  %SYSTEMROOT%\System32\ntvdm.exe %SYSTEMROOT%\SysWOW64\ntvdm.exe

No idea why that failed during setup on your machine.

[dominicraf]

Hmm, I think it might be an antivirus thing. I will uninstall Avast (can't do this until tomorrow) and then try again.

[Chet303]

Was getting nowhere trying to make ntvdm work with my upgrade from win10 to win11. With the patch already installed on win10 and uninstalled before the update, updating to 11 seems to break something. Installed 11 fresh and everything is working as it should, thanks again leecher for your efforts!

[dominicraf]

After I removed Avast (which wasn't easy) and again created the hard link as you advised (it kept disappearing before) it all works, with Consolas. Thanks for your help in resolving this. I suspect all my problems with Windows 11 were down to the antivirus.

NTVDMx64 is a fantastic project! Thanks @leecher1337 for all your work on it.

[dominicraf]

Note to others: if you use Windows Defender you need to make exclusions for C:\Windows\System32\ldntvdm.dll and C:\Windows\SysWOW64\ldntvdm.dll (at least under Windows 11) [ Settings / Virus and threat protection / under 'Virus & threat protection settings' click 'Manage settings' / 'Add or remove exclusions' ]. Similar exceptions are likely required with other antivirus products.