cannot run batch files

[revelator]

this one is a bit strange, i cannot run batch or cmd files on win11 after installing ntvdmx64 but running cmd works fine also terminals work but if something accesses comspec things stop working. any idea ?.

[leecher1337]

Hm, I setup a fresh Windows 11 x64 and tried a simple .bat file that calls a win32 application and a DOS-application:

@echo off
echo Hallo, ich bin eine .bat Datei
ipconfig
pause
edit.com
pause
echo Bye

Runs perfectly fine for me, from 32bit and 64bit applications. Sometimes the Symbol offset cache of NTVDMx64 gets messed up which then causes wrong offsets to be loaded for hte patches leading to strange behaviour of the loader. To force a re-parsing of the Symbols, run the reloadsym.reg from the reg folder of the NTVDMx64 distribution:

https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/release/reg/reloadsym.reg

For futher output, you can also have a look at DbgView, if you can spot any errors during launching of your .cmd and .bat files.

[revelator]

will do, btw im on win11 enterprise ltsc if that has any bearing with this. the ltsc version seems to have added a hardcoded blocklist of things microsoft do not want to have running on windows which caused me no small trouble because it blocked any browser besides edge from being default it also blocked any pdf reader besides edge and adobe, and it even blocks some drivers my mainboard uses :S so i had to dig up how to disable it (yeah its in windows defenders settings). i hope to god they dont make this a permanent feature or im out of using windows ever again.

[leecher1337]

You can also check if this export is still available on your Windows version:

https://github.com/leecher1337/ntvdmx64/blob/d9c75bdb68f2c4b42bf2b8caf5cd130c9769f3d2/ntvdmpatch/src/ldntvdm/ldntvdm/ldntvdm.c#L975

Maybe it moved to another .dll file on your Windows version or something like that. If the function is not patched correctly, this can lead to stuck .bat or .cmd files, see related commit:

https://github.com/leecher1337/ntvdmx64/commit/ef9d5c1e35fbce6182c93f0886ec5a0019e5e459

I don't know if Enterprise LTSC Version of Win 11 has some Specials, sounds like it is like Windows Server 2003 where you had to unblock every site in IE.

[revelator]

i would'nt be surprised since this version is the only one where you dont need hacks to install it if you lack a TPM 2.0 module or your cpu is older than the intel version 8 (it just needs to supports FMA) so i suspect they ramped up some security related stuff.

IE is totally gone in this version, it uses edge for all the fun stuff xD but no i had no problems with unblocking url's atleast.

[revelator]

btw which dll is it hooking normally ? i could zip up my version so we can do a compare.

ah this one ? ext-ms-win-cmd-util-l1-1-0.dll

hmm guess it is hidden as neither windows search nor everything can find it :/

[revelator]

looks like the export is named CmdBatNotificationStub in my version.

[revelator]

shot from dependencies

[leecher1337]

Looks OK to me, still the same DLL name as on Win 10. Maybe DebugView can shed some light on this, if there are any errors. How does the malfunction manifest itself? Does it crash when executing a .bat file or does it get stuck or something?

Btw it's normal that you cannot find the mentioned .dll, Windows does some weird redirection based on these strange DLL-names internally.

[revelator]

ok so that seems normal then :), what happens on my machine is that executing any batch or cmd file fails to execute when ldntvdm is installed. strangely i can open command prompt and execute qbasic and edit with no problems its just batch files that fail to run when executed directly (allmost looks like the same that happens if by accident you delete the association between .bat and .cmd files from registry). strangely there is no crash they just fail to run :/. uninstalling ntvdmx64 puts everything back and batch files work again so it might be as you say a failure to read the symbol table properly so im going to try your suggestion tomorrow.

[revelator]

seems its indeed a problem with the symbol cache im getting a permission denied on compshell.dll incidently this dll does not seem to exist on this version of win11 ?? looked for it in both system32and syswow64. sadly still no luck using batchfiles either even after using the reg file you pointed to.

[revelator]

out of desperation i removed the downloaded symbol cache completely and reloaded and it works now :)

[revelator]

ok not completely i can run batch files again but im getting a ton of permission denied errors when i try to execute something via the batch files (yes im admin).

not sure what is blocking execution as the permission errors are totally random sometimes it throws on executing notepad at other times notepad runs when called from the batchfile but then some other program throws the permission problem welp!!!.

[leecher1337]

Very strange, indeed... As you said that it helped to nuke the Symbol cache, be aware that there are 2 directories where it can reside. One is C:\windows\Symbols\ (but do not remove DbgHelp subdirectory and do not remove the instntvdmx64.bat from there, dbghelp is necessary so that the correct DLL to resolve symbols can be used by ldntvdm.dll). The other one is in %TEMP%\SymbolCache

I had cases where a 0 byte or defective .pdb file (not fully downloaded) in one of the symbolcache-directories caused problems. After wiping these 2 symbolcache-directories, the .reg file will also remove the cached offsets from registry in order to force the loader to redownload everything.

If this still doesn't help, maybe process monitor may be used to check where the "access denied" comes from (possibly, it doesn't try to access any file, though, but some subfunction that gets called returns this error code for whatever reason).

Unfortunately, it's always hard to remote-diagnose such issues when they are not reproducable.

[revelator]

have not really had time to look further as i was moving at the time we looked at it last, but im more or less bunkered down in my new hovel so ill give it another go trying to find where or in which function things go wrong.

[revelator]

strangely i have a symbolcache in C:\Symbols to ? might be from msvc 2017 though im not sure.

[revelator]

ah wait its from windbg i tried using that to get some answers i remember.

[alessandrovolpin]

Here also I had issues in a old VB windows program that try to start a "script.bat" file. OS: Windows 2019 Server Remote Desktop Server running a multi-session 1992 DOS program with NTVDMx64 My workaround has been: 1) compile script.bat .bat to script.exe ( there are utilities out there to do that ), 2) create hard link script.bat -> script.exe Everything now work as expected, no UAC request, no error for permission denies.

[revelator]

allthough a possibility id prefer normal batch operation :) and i found sortoff a fix for it. seems the symbolcache gets corrupted the first time you install ntvdmx64 so have to delete the cache folder manually then redownload the symbol cache. after that batch files work fine again.

i suspect remaining problems is due to some hooked functions being blocked by defender and so far i had little luck getting it to work correctly with defender on. One fix might be installing an antivirus with better control over what gets blocked i reckon ?.