leecher1337 / ntvdmx64

Run Microsoft Windows NTVDM (DOS) on 64bit Editions
820 stars 81 forks source link

cannot run batch files #266

Open revelator opened 4 months ago

revelator commented 4 months ago

this one is a bit strange, i cannot run batch or cmd files on win11 after installing ntvdmx64 but running cmd works fine also terminals work but if something accesses comspec things stop working. any idea ?.

leecher1337 commented 3 months ago

Hm, I setup a fresh Windows 11 x64 and tried a simple .bat file that calls a win32 application and a DOS-application:

@echo off
echo Hallo, ich bin eine .bat Datei
ipconfig
pause
edit.com
pause
echo Bye

Runs perfectly fine for me, from 32bit and 64bit applications. Sometimes the Symbol offset cache of NTVDMx64 gets messed up which then causes wrong offsets to be loaded for hte patches leading to strange behaviour of the loader. To force a re-parsing of the Symbols, run the reloadsym.reg from the reg folder of the NTVDMx64 distribution:

https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/release/reg/reloadsym.reg

For futher output, you can also have a look at DbgView, if you can spot any errors during launching of your .cmd and .bat files.

revelator commented 3 months ago

will do, btw im on win11 enterprise ltsc if that has any bearing with this. the ltsc version seems to have added a hardcoded blocklist of things microsoft do not want to have running on windows which caused me no small trouble because it blocked any browser besides edge from being default it also blocked any pdf reader besides edge and adobe, and it even blocks some drivers my mainboard uses :S so i had to dig up how to disable it (yeah its in windows defenders settings). i hope to god they dont make this a permanent feature or im out of using windows ever again.

leecher1337 commented 3 months ago

You can also check if this export is still available on your Windows version:

https://github.com/leecher1337/ntvdmx64/blob/d9c75bdb68f2c4b42bf2b8caf5cd130c9769f3d2/ntvdmpatch/src/ldntvdm/ldntvdm/ldntvdm.c#L975

Maybe it moved to another .dll file on your Windows version or something like that. If the function is not patched correctly, this can lead to stuck .bat or .cmd files, see related commit:

https://github.com/leecher1337/ntvdmx64/commit/ef9d5c1e35fbce6182c93f0886ec5a0019e5e459

I don't know if Enterprise LTSC Version of Win 11 has some Specials, sounds like it is like Windows Server 2003 where you had to unblock every site in IE.

revelator commented 3 months ago

i would'nt be surprised since this version is the only one where you dont need hacks to install it if you lack a TPM 2.0 module or your cpu is older than the intel version 8 (it just needs to supports FMA) so i suspect they ramped up some security related stuff.

IE is totally gone in this version, it uses edge for all the fun stuff xD but no i had no problems with unblocking url's atleast.

revelator commented 3 months ago

btw which dll is it hooking normally ? i could zip up my version so we can do a compare.

ah this one ? ext-ms-win-cmd-util-l1-1-0.dll

hmm guess it is hidden as neither windows search nor everything can find it :/

revelator commented 3 months ago

looks like the export is named CmdBatNotificationStub in my version.

revelator commented 3 months ago

dependencies

shot from dependencies

leecher1337 commented 3 months ago

Looks OK to me, still the same DLL name as on Win 10. Maybe DebugView can shed some light on this, if there are any errors. How does the malfunction manifest itself? Does it crash when executing a .bat file or does it get stuck or something?

Btw it's normal that you cannot find the mentioned .dll, Windows does some weird redirection based on these strange DLL-names internally.

revelator commented 3 months ago

ok so that seems normal then :), what happens on my machine is that executing any batch or cmd file fails to execute when ldntvdm is installed. strangely i can open command prompt and execute qbasic and edit with no problems its just batch files that fail to run when executed directly (allmost looks like the same that happens if by accident you delete the association between .bat and .cmd files from registry). strangely there is no crash they just fail to run :/. uninstalling ntvdmx64 puts everything back and batch files work again so it might be as you say a failure to read the symbol table properly so im going to try your suggestion tomorrow.

revelator commented 3 months ago

seems its indeed a problem with the symbol cache im getting a permission denied on compshell.dll incidently this dll does not seem to exist on this version of win11 ?? looked for it in both system32and syswow64. sadly still no luck using batchfiles either even after using the reg file you pointed to.

revelator commented 3 months ago

out of desperation i removed the downloaded symbol cache completely and reloaded and it works now :)

revelator commented 3 months ago

ok not completely i can run batch files again but im getting a ton of permission denied errors when i try to execute something via the batch files (yes im admin).

not sure what is blocking execution as the permission errors are totally random sometimes it throws on executing notepad at other times notepad runs when called from the batchfile but then some other program throws the permission problem welp!!!.

leecher1337 commented 3 months ago

Very strange, indeed... As you said that it helped to nuke the Symbol cache, be aware that there are 2 directories where it can reside. One is C:\windows\Symbols\ (but do not remove DbgHelp subdirectory and do not remove the instntvdmx64.bat from there, dbghelp is necessary so that the correct DLL to resolve symbols can be used by ldntvdm.dll). The other one is in %TEMP%\SymbolCache

I had cases where a 0 byte or defective .pdb file (not fully downloaded) in one of the symbolcache-directories caused problems. After wiping these 2 symbolcache-directories, the .reg file will also remove the cached offsets from registry in order to force the loader to redownload everything.

If this still doesn't help, maybe process monitor may be used to check where the "access denied" comes from (possibly, it doesn't try to access any file, though, but some subfunction that gets called returns this error code for whatever reason).

Unfortunately, it's always hard to remote-diagnose such issues when they are not reproducable.

revelator commented 3 months ago

have not really had time to look further as i was moving at the time we looked at it last, but im more or less bunkered down in my new hovel so ill give it another go trying to find where or in which function things go wrong.

revelator commented 3 months ago

strangely i have a symbolcache in C:\Symbols to ? might be from msvc 2017 though im not sure.

revelator commented 3 months ago

ah wait its from windbg i tried using that to get some answers i remember.

alessandrovolpin commented 2 months ago

Here also I had issues in a old VB windows program that try to start a "script.bat" file. OS: Windows 2019 Server Remote Desktop Server running a multi-session 1992 DOS program with NTVDMx64 My workaround has been: 1) compile script.bat .bat to script.exe ( there are utilities out there to do that ), 2) create hard link script.bat -> script.exe Everything now work as expected, no UAC request, no error for permission denies.

revelator commented 2 months ago

allthough a possibility id prefer normal batch operation :) and i found sortoff a fix for it. seems the symbolcache gets corrupted the first time you install ntvdmx64 so have to delete the cache folder manually then redownload the symbol cache. after that batch files work fine again.

i suspect remaining problems is due to some hooked functions being blocked by defender and so far i had little luck getting it to work correctly with defender on. One fix might be installing an antivirus with better control over what gets blocked i reckon ?.

leecher1337 commented 2 months ago

The Symbol Server libs are generally a strange beast. Not only are there dozens of versions of the library out there which are even incompatible to each other (the symbol server DLLs shipped with the OS are practically non-usable, but if you replace them with other/newer versions, very bad things will happen as some system components depend on the versions shipped with the OS), that's why ntvdmx64 ships with the appropriate DLLs. They also behave strangely sometimes, i.e. not cleaning up 0-byte downloads and then just fail on symbol lookup instead of wiping the damaged .pdbs and redownload them (Keeping damaged symbols makes no sense to me). Additionally, the DLLs lock up if being used in i.e. DLL init routines. I cannot complain about this, as it is generally documented that one shouldn't do system calls in DLL init routine, but in the loader, I have no other choice, as hooks need to be placed as early as possible. But that's the reason why the Symbol lookup results get cached in the registry which is an additional source of problems after an update (Loader is happily using its old offsets causing weird behaviour or crashes by patching the wrong memory location) when this cache doesn't get in sync with the symbols on the symbol server. Maybe I should write a little utility that deletes all symbol files from the symbol cache directories, forcefully redownloads all necessary symbols and wipes the offset chache in registry? Unfortunately, problems still occur rarely in my test installations, so it's a bit hard to create a scenario where bugs occur in order to check, if such a utility would help to remedy issues with the symbols.

revelator commented 2 months ago

interresting idea :), yeah the new core isolation and memory protection routines have really made a mess of things hooking into the OS. also breaks the asus software im using for fan control etc.

i suspect microsoft will disable most of what we could normally use to get around things in windows at some point (security reasons heh), or most likely to prevent us from disabling all the crap they normally shove down our throats xD.

windows 11 also blocks the turbo boost max driver from installing so i have a yellow exclamation mark on it which i cannot get rid off without writing some dummy driver and setting it to hidden.