import KernelEx-4.5.1

2025-07-19 07:21:20 +03:00 · 2018-11-03 16:23:39 +03:00
parent 7571e3c60d
commit 2948e23961
77 changed files with 2603 additions and 883 deletions
--- a/ApiHook/ApiHook.dsw
+++ b/ApiHook/ApiHook.dsw
@ -0,0 +1,41 @@
 Microsoft Developer Studio Workspace File, Format Version 6.00
 # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
 ###############################################################################
 Project: "ApiLog"=.\ApiLog\ApiLog.dsp - Package Owner=<4>
 Package=<5>
 {{{
 }}}
 Package=<4>
 {{{
 }}}
 ###############################################################################
 Project: "DebugWindow"=.\DebugWindow\DebugWindow.dsp - Package Owner=<4>
 Package=<5>
 {{{
 }}}
 Package=<4>
 {{{
 }}}
 ###############################################################################
 Global:
 Package=<5>
 {{{
 }}}
 Package=<3>
 {{{
 }}}
 ###############################################################################
--- a/ApiHook/ApiLog/ApiLog.dsp
+++ b/ApiHook/ApiLog/ApiLog.dsp
@ -0,0 +1,133 @@
 # Microsoft Developer Studio Project File - Name="ApiLog" - Package Owner=<4>
 # Microsoft Developer Studio Generated Build File, Format Version 6.00
 # ** DO NOT EDIT **
 # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
 CFG=ApiLog - Win32 Debug
 !MESSAGE This is not a valid makefile. To build this project using NMAKE,
 !MESSAGE use the Export Makefile command and run
 !MESSAGE 
 !MESSAGE NMAKE /f "ApiLog.mak".
 !MESSAGE 
 !MESSAGE You can specify a configuration when running NMAKE
 !MESSAGE by defining the macro CFG on the command line. For example:
 !MESSAGE 
 !MESSAGE NMAKE /f "ApiLog.mak" CFG="ApiLog - Win32 Debug"
 !MESSAGE 
 !MESSAGE Possible choices for configuration are:
 !MESSAGE 
 !MESSAGE "ApiLog - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
 !MESSAGE "ApiLog - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
 !MESSAGE 
 # Begin Project
 # PROP AllowPerConfigDependencies 0
 # PROP Scc_ProjName ""
 # PROP Scc_LocalPath ""
 CPP=cl.exe
 MTL=midl.exe
 RSC=rc.exe
 !IF  "$(CFG)" == "ApiLog - Win32 Release"
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 0
 # PROP BASE Output_Dir "Release"
 # PROP BASE Intermediate_Dir "Release"
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 0
 # PROP Output_Dir "Release"
 # PROP Intermediate_Dir "Release"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "APILOG_EXPORTS" /YX /FD /c
 # ADD CPP /nologo /MT /W3 /O2 /I "." /I "../../common" /FI"msvc_quirks.h" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "APILOG_EXPORTS" /YX /FD /c
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x415 /d "NDEBUG"
 # ADD RSC /l 0x415 /d "NDEBUG"
 BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
 # ADD LINK32 kernel32.lib user32.lib gdi32.lib ../../kexcrt/kexcrt.lib libc.lib /nologo /entry:"DllMain@12" /dll /machine:I386 /nodefaultlib /OPT:NOWIN98
 # SUBTRACT LINK32 /pdb:none
 !ELSEIF  "$(CFG)" == "ApiLog - Win32 Debug"
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 1
 # PROP BASE Output_Dir "Debug"
 # PROP BASE Intermediate_Dir "Debug"
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 1
 # PROP Output_Dir "Debug"
 # PROP Intermediate_Dir "Debug"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "APILOG_EXPORTS" /YX /FD /GZ /c
 # ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "." /I "../../common" /FI"msvc_quirks.h" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "APILOG_EXPORTS" /YX /FD /GZ /c
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x415 /d "_DEBUG"
 # ADD RSC /l 0x415 /d "_DEBUG"
 BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
 # ADD LINK32 kernel32.lib user32.lib gdi32.lib ../../kexcrt/kexcrt.lib libc.lib /nologo /entry:"DllMain@12" /dll /debug /machine:I386 /nodefaultlib /OPT:NOWIN98
 # SUBTRACT LINK32 /pdb:none
 !ENDIF 
 # Begin Target
 # Name "ApiLog - Win32 Release"
 # Name "ApiLog - Win32 Debug"
 # Begin Group "Source Files"
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 SOURCE=.\apilog.cpp
 # End Source File
 # Begin Source File
 SOURCE=.\apilog.def
 # End Source File
 # Begin Source File
 SOURCE=.\apilog_params.cpp
 # End Source File
 # Begin Source File
 SOURCE=.\writer.cpp
 # End Source File
 # End Group
 # Begin Group "Header Files"
 # PROP Default_Filter "h;hpp;hxx;hm;inl"
 # Begin Source File
 SOURCE=.\apilog.h
 # End Source File
 # Begin Source File
 SOURCE=.\apilog_params.h
 # End Source File
 # Begin Source File
 SOURCE=.\writer.h
 # End Source File
 # End Group
 # Begin Group "Resource Files"
 # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
 # End Group
 # End Target
 # End Project
--- a/ApiHook/ApiLog/README.txt
+++ b/ApiHook/ApiLog/README.txt
@ -0,0 +1,38 @@
 API logging DLL for KernelEx Core API hook infrastructure
 Make sure to disable API extensions for this module or else the DLL
 will try to hooks its own imports.
 By default you have to rename the DLL to kexApiHook.dll and place it either in C:\Windows\KernelEx or somewhere in DLL search path.
 Alternatively you can set the 'ApiHookPath' value under 'HKEY_LOCAL_MACHINE\Software\KernelEx' to full path to the DLL.
 Search path takes precedence over other methods.
 The DLL can output logs using different methods, set 'KEXAPILOG_OUTPUT' environment variable to change:
 file - API logs are written to a file named as module but with '.log' extension (default)
 window - API logs are output to DebugWindow application
 debug - API logs are output via OutputDebugString API to system debugger
 The DLL will also try to load the file called 'signature.dat' in the directory where the DLL is located.
 This file contains API function signatures for parameter logging.
 Syntax of the file:
 [MODULENAME.DLL]
 ApiName=format
 where format is a sequence of letters from printf format specifiers:
 p - pointer in the form of: 0x1234abcd
 d - decimal number
 x - hexadecimal number
 s - ansi string
 S - unicode string
 f - float
 Example:
 [KERNEL32.DLL]
 GetProcAddress=ps
 Errors related to API hook DLL loading are written to debug output.
--- a/ApiHook/ApiLog/apilog.cpp
+++ b/ApiHook/ApiLog/apilog.cpp
@ -0,0 +1,334 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 /*
 * API logging DLL for KernelEx Core API hook infrastructure
 *
 * Make sure to disable API extensions for this module or else the DLL
 * will try to hooks its own imports.
 */
 #include "apilog.h"
 #include "apilog_params.h"
 #include "writer.h"
 extern "C" void * _AddressOfReturnAddress(void);
 #pragma intrinsic(_AddressOfReturnAddress)
 #define countof(x) (sizeof(x)/sizeof(x[0]))
 #ifdef _DEBUG
 #define DBGASSERT(e)  ((e) ? 0 : DebugBreak())
 #else
 #define DBGASSERT(e)  ((void)0)
 #endif
 extern "C"
 int snprintf(char *buffer, size_t n, const char* format, ...);
 int tlsindex = -1;
 const bool apilog_enabled = true;
 HINSTANCE hInst;
 ThreadAddrStack::ThreadAddrStack()
 {
 	pos = 0;
 }
 void __stdcall ThreadAddrStack::push_ret_addr(DWORD addr)
 {
 	DBGASSERT(tlsindex != -1);
 	ThreadAddrStack* tas = (ThreadAddrStack*) TlsGetValue(tlsindex);
 	if (!tas)
 	{
 		tas = new ThreadAddrStack;
 		TlsSetValue(tlsindex, tas);
 	}
 	tas->stack[tas->pos++] = addr;
 	DBGASSERT(tas->pos < countof(tas->stack));
 }
 DWORD __stdcall ThreadAddrStack::pop_ret_addr()
 {
 	DBGASSERT(tlsindex != -1);
 	ThreadAddrStack* tas = (ThreadAddrStack*) TlsGetValue(tlsindex);
 	DBGASSERT(tas->pos > 0);
 	return tas->stack[--tas->pos];
 }
 DWORD __stdcall ThreadAddrStack::get_level()
 {
 	DBGASSERT(tlsindex != -1);
 	ThreadAddrStack* tas = (ThreadAddrStack*) TlsGetValue(tlsindex);
 	return tas->pos;
 }
 log_stub::log_stub(const char* source, const char* target, const char* name, 
 		unsigned long proc)
 		: call_prelog(DWORD(pre_log)), call_postlog(DWORD(post_log)),
 		call_orig(proc)
 {
 	c_pushad1 = c_pushad2 = 0x60;
 	c_popad1 = c_popad2 = 0x61;
 	c_ret = 0xc3;
 	c_push1 = c_push2 = 0x68;
 	v_lgd1 = &lgd;
 	v_lgd2 = &lgd;
 	c_push_eax = 0x50;
 	c_add_esp = 0xc483;
 	c_sub_esp = 0xec83;
 	c_byte_4 = c_byte_4_1 = 4;
 	lgd.source = source;
 	lgd.target = target;
 	lgd.api_name = name;
 }
 void __stdcall log_stub::pre_log(log_data* lgd)
 {
 	DWORD last_err;
 	DWORD caller_addr;
 	caller_addr = *((DWORD*) _AddressOfReturnAddress() + 10);
 	last_err = GetLastError();
 	ThreadAddrStack::push_ret_addr(caller_addr);
 	if (apilog_enabled)
 	{
 		DWORD level;
 		char msg[DEBUGMSG_MAXLEN];
 		level = ThreadAddrStack::get_level();
 		int z = snprintf(msg, sizeof(msg)-1, "%-2d|%x|%*s[%s]%08x:<%s>%s", 
 				level,
 				GetCurrentThreadId(),
 				(level-1) * 2, "",
 				lgd->source, caller_addr,
 				lgd->target, lgd->api_name);
 		va_list ap = va_list((DWORD*) &lgd + 10);
 		z += ApiLogParams::inst().decode_parameters(lgd->target, lgd->api_name, ap, msg + z, sizeof(msg)-1 - z);
 		strcpy(msg + z, "\n");
 		writer_fn(msg);
 	}
 	SetLastError(last_err);
 }
 void __stdcall log_stub::post_log(log_data* lgd, DWORD retval)
 {
 	DWORD last_err;
 	DWORD& caller_addr = *((DWORD*) _AddressOfReturnAddress() + 11);
 	last_err = GetLastError();
 	caller_addr = ThreadAddrStack::pop_ret_addr();
 	if (apilog_enabled)
 	{
 		DWORD level;
 		char msg[DEBUGMSG_MAXLEN];
 		level = ThreadAddrStack::get_level() + 1;
 		snprintf(msg, sizeof(msg), "%-2d|%x|%*s[%s]%08x:<%s>%s|%x\n", 
 				level,
 				GetCurrentThreadId(),
 				(level-1) * 2, "",
 				lgd->source, caller_addr,
 				lgd->target, lgd->api_name,
 				retval);
 		writer_fn(msg);
 	}
 	SetLastError(last_err);
 }
 HMODULE GetCurrentModule()
 {
 	MEMORY_BASIC_INFORMATION mbi;
 	static int dummy;
 	VirtualQuery(&dummy, &mbi, sizeof(mbi));
 	return (HMODULE)mbi.AllocationBase;
 }
 void load_signature()
 {
 	char signature_file[MAX_PATH];
 	GetModuleFileName(hInst, signature_file, MAX_PATH);
 	char* p = strrchr(signature_file, '\\');
 	if (!p) p = signature_file;
 	else p++;
 	*p = '\0';
 	strcat(signature_file, "signature.dat");
 	OutputDebugString("Loading apilog signatures... ");
 	bool res = ApiLogParams::inst().load_signatures(signature_file);
 	OutputDebugString(res ? "done.\n" : "error.\n");
 }
 bool filter_out(const char* target, const char* api)
 {
 	static const char* filtered_apis[] = 
 	{
 		"HeapAlloc",
 		"HeapFree",
 		"HeapReAlloc",
 		"HeapSize",
 		"GetProcessHeap",
 		"TlsGetValue",
 		"TlsSetValue",
 		"InitializeCriticalSection",
 		"ReinitializeCriticalSection",
 		"DeleteCriticalSection",
 		"EnterCriticalSection",
 		"LeaveCriticalSection",
 		"InterlockedIncrement",
 		"InterlockedDecrement",
 		"InterlockedExchange",
 		"InterlockedExchangeAdd",
 		"InterlockedCompareExchange",
 	};
 	if (HIWORD(api) && !strcmp(target, "KERNEL32.DLL"))
 	{
 		for (int i = 0 ; i < countof(filtered_apis) ; i++)
 		{
 			if (!strcmp(api, filtered_apis[i]))
 				return true;
 		}
 	}
 	return false;
 }
 /*
 * This function is called before any call to _register and BEFORE DllMain
 * in order to let you prepare your API hooks.
 * 
 * Return:
 * 1 for success
 * 0 in case of error - this will trigger unloading of the DLL
 *
 * WARNING: This function is called inside Kernel32Lock
 * so you have to be VERY careful what you call here if you don't want
 * to crash the system.
 */
 int kexApiHook_initonce(void)
 {
 	hInst = GetCurrentModule();
 	DBGASSERT(hInst != NULL);
 	load_signature();
 	return 1;
 }
 /*
 * This function is called  by the resolver for each API imported by a module.
 * This function is called before DllMain.
 *
 * Parameters:
 * caller - the module which imports the API (full path)
 * target - the module from which API is imported (full path)
 * api - the name of the API or ordinal number of the API (if upper word is zero)
 * orig - address of the API being hooked, can be NULL if resolver found no API
 *
 * Return:
 * orig - if you don't want to hook the API
 * address of the hook - if you want to intercept the API
 * NULL - if you want to disable the API altogether
 *
 * WARNING: This function is called inside Kernel32Lock
 * so you have to be VERY careful what you call here if you don't want
 * to crash the system.
 */
 PROC kexApiHook_register(const char* caller, const char* target, const char* api, PROC orig)
 {
 	char* new_api;
 	if (orig == NULL)
 		return orig;
 	//extract DLL file names
 	char* p;
 	p = strrchr(caller, '\\');
 	if (p) caller = p + 1;
 	p = strrchr(target, '\\');
 	if (p) target = p + 1;
 	if (filter_out(target, api))
 		return orig;
 	if (HIWORD(api)) //named export
 	{
 		new_api = strdup(api);
 	}
 	else //ordinal export
 	{
 		char ord_name[32];
 		snprintf(ord_name, sizeof(ord_name), "Ordinal:%u", (unsigned) api);
 		new_api = strdup(ord_name);
 	}
 	return (PROC) new log_stub(caller, target, new_api, (unsigned long) orig);
 }
 void prologue()
 {
 	char path[MAX_PATH];
 	GetModuleFileName(NULL, path, MAX_PATH);
 	char msg[DEBUGMSG_MAXLEN];
 	snprintf(msg, sizeof(msg) -1, "0 |KernelEx API Log start for %s\n", path);
 	writer_fn(msg);
 }
 void epilogue()
 {
 	writer_fn("0 |End of API log\n");
 }
 /*
 * Called at DLL initialization/unload time, outside of Kernel32Lock.
 * All static variables are initialized at this point.
 * Also all DLLs on which this DLL depends are initialized here.
 * This DLL's module tree is initialized before DLLs belonging to the process
 * so be careful what you do.
 */
 BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
 {
 	if (dwReason == DLL_PROCESS_ATTACH)
 	{
 		tlsindex = TlsAlloc();
 		if (tlsindex == -1)
 			return 0;
 		DisableThreadLibraryCalls(hModule);
 		if (!init_writer())
 			return FALSE;
 		prologue();
 	}
 	else if (dwReason == DLL_PROCESS_DETACH)
 	{
 		epilogue();
 	}
 	return TRUE;
 }
--- a/ApiHook/ApiLog/apilog.def
+++ b/ApiHook/ApiLog/apilog.def
@ -0,0 +1,4 @@
 LIBRARY ApiLog.dll BASE=0x77000000
 EXPORTS
 	kexApiHook_initonce
 	kexApiHook_register
--- a/ApiHook/ApiLog/apilog.h
+++ b/ApiHook/ApiLog/apilog.h
@ -1,6 +1,6 @@
 /*
 *  KernelEx
- *  Copyright (C) 2009, Xeno86
+ *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
@ -19,11 +19,11 @@
 *
 */
-#ifndef __APILOG_H
+#ifndef _APILOG_APILOG_H
-#define __APILOG_H
+#define _APILOG_APILOG_H
 #include "resolver.h"
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 class ThreadAddrStack
 {
@ -40,6 +40,24 @@ private:
 #pragma pack(push,1)
 /* Creates a stub that calls address specified in the constructor. */
 class redir_stub
 {
 public:
 	redir_stub(unsigned long target, bool make_call = true)
 	{
 		op = make_call ? 0xe8 : 0xe9;
 		addr = target - ((unsigned long)(this) + 5);
 	}
 private:
 	unsigned char op;
 	unsigned long addr;
 };
 /* Creates a stub for api logging. */
 class log_stub
 {
@ -101,7 +119,4 @@ private:
 #pragma pack(pop)
 PROC create_log_stub(const char* caller, const char* target, const char* api, PROC orig);
 PROC create_log_stub(const char* caller, const char* target, WORD ord, PROC orig);
 #endif
--- a/ApiHook/ApiLog/apilog_params.cpp
+++ b/ApiHook/ApiLog/apilog_params.cpp
@ -0,0 +1,172 @@
 /*
 *  KernelEx
 *  Copyright (C) 2010, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #include <malloc.h>
 #include "apilog_params.h"
 extern "C"
 int vsnprintf(char *buffer, size_t n, const char *format, va_list ap);
 //singleton instance
 ApiLogParams* ApiLogParams::inst_;
 ApiLogParams::ApiLogParams() : empty_signature("")
 {
 }
 ApiLogParams::~ApiLogParams()
 {
 }
 int ApiLogParams::decode_parameters(const char* lib, const char* fn, va_list ap, 
 									 char* buf, int len)
 {
 	const sstring& sign = get_signature(lib, fn);
 	if (sign.empty())
 		return 0;
 	int slen = sign.length();
 	int extra = 0;
 	for (int i = 0 ; i < slen ; i++)
 	{
 		if (sign[i] == 's' || sign[i] == 'S') extra += 2;
 	}
 	char* format = (char*) alloca(slen * 3 + 3);
 	char* p = format;
 	*p++ = '(';
 	for (int i = 0 ; i < slen ; i++)
 	{
 		bool wide = false;
 		char fc = sign[i];
 		if (i != 0)
 			*p++ = ' ';
 		if (fc == 's' || fc == 'S') *p++ = '\"';
 		*p++ = '%';
 		*p++ = fc;
 		if (fc == 's' || fc == 'S') *p++ = '\"';
 	}
 	*p++ = ')';
 	*p++ = '\0';
 	__try 
 	{
 		return vsnprintf(buf, len, format, ap);
 	}
 	__except(EXCEPTION_EXECUTE_HANDLER)
 	{
 		//better output nothing than crash
 		return 0;
 	}
 }
 size_t ApiLogParams::readline(HANDLE file, char* buf, size_t size)
 {
 	char c;
 	DWORD nr;
 	size_t pos = 0;
 	bool cmt = false;
 	bool read_sth = false;
 	//fill buffer with a line, skipping comments, trimming line to buffer size
 	while (ReadFile(file, &c, 1, &nr, NULL) && nr == 1)
 	{
 		read_sth = true;
 		if (c == '\r')
 			continue;
 		if (c == '\n')
 			break;
 		if (c == ';' || cmt)
 		{
 			cmt = true;
 			continue;
 		}
 		if (pos < size-1)
 			buf[pos++] = c;
 	}
 	if (read_sth)
 		buf[pos++] = '\0';
 	return pos;
 }
 bool ApiLogParams::load_signatures(const char* file_name)
 {
 	char buf[256];
 	sstring lib;
 	HANDLE file = CreateFile(file_name, GENERIC_READ, FILE_SHARE_READ, 
 			NULL, OPEN_EXISTING, 0, NULL);
 	if (file == INVALID_HANDLE_VALUE)
 		return false;
 	while (readline(file, buf, sizeof(buf)) != 0)
 	{
 		char* p;
 		char* fun;
 		char* sig;
 		//library name
 		if (buf[0] == '[')
 		{
 			p = strchr(buf, ']');
 			if (!p) continue;
 			*p = '\0';
 			strupr(buf);
 			lib = buf + 1;
 		}
 		//function definition
 		else
 		{
 			fun = buf;
 			p = strchr(buf, '=');
 			if (!p) continue;
 			*p++ = '\0';
 			sig = p;
 			if (!lib.empty())
 				signatures[lib][fun] = sig;
 		}
 	}
 	CloseHandle(file);
 	return true;
 }
 const sstring& ApiLogParams::get_signature(const char* lib, const char* fn)
 {
 	std::map<sstring, std::map<sstring, sstring> >::iterator outer;
 	std::map<sstring, sstring>::iterator inner;
 	outer = signatures.find(lib);
 	if (outer == signatures.end())
 		return empty_signature;
 	inner = outer->second.find(fn);
 	if (inner == outer->second.end())
 		return empty_signature;
 	return inner->second;
 }
--- a/ApiHook/ApiLog/apilog_params.h
+++ b/ApiHook/ApiLog/apilog_params.h
@ -0,0 +1,54 @@
 /*
 *  KernelEx
 *  Copyright (C) 2010, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #ifndef __APILOGPARAMS_H
 #define __APILOGPARAMS_H
 #include <map>
 #include <stdarg.h>
 #include <windows.h>
 #include "sstring.hpp"
 class ApiLogParams
 {
 public:
 	~ApiLogParams();
 	int decode_parameters(const char* lib, const char* fn, va_list ap, char* buf, int len);
 	bool load_signatures(const char* file_name);
 	static ApiLogParams& inst();
 private:
 	ApiLogParams();
 	const sstring& get_signature(const char* lib, const char* fn);
 	size_t readline(HANDLE file, char* buf, size_t size);
    static ApiLogParams* inst_;
 	const sstring empty_signature;
 	std::map<sstring, std::map<sstring, sstring> > signatures;
 };
 inline ApiLogParams& ApiLogParams::inst()
 {
 	if (!inst_) inst_ = new ApiLogParams;
 	return *inst_;
 }
 #endif // __APILOGPARAMS_H
--- a/ApiHook/ApiLog/test.cpp
+++ b/ApiHook/ApiLog/test.cpp
@ -0,0 +1,37 @@
 #include <windows.h>
 #include <stdio.h>
 typedef PROC (*al_register_t)(const char*, const char*, const char*, PROC);
 typedef int (*init_once_t)(void);
 typedef int (WINAPI *MessageBox_t)(HWND, LPCWSTR, LPCWSTR, UINT);
 int main()
 {
 	MessageBox_t msgbox;
 	HMODULE hUser32 = LoadLibrary("user32.dll");
 	msgbox = (MessageBox_t) GetProcAddress(hUser32, "MessageBoxW");
 	al_register_t al_register;
 	init_once_t init_once;	
 	HMODULE hApiHookDll = LoadLibrary("ApiLog.dll");
 	init_once = (init_once_t) GetProcAddress(hApiHookDll, "kexApiHook_initonce");
 	al_register = (al_register_t) GetProcAddress(hApiHookDll, "kexApiHook_register");
 	if (!init_once || !al_register)
 	{
 		puts("Failed to load api hook dll");
 		return 1;
 	}
 	if (!init_once())
 	{
 		puts("Failed to init api hook dll");
 		return 1;
 	}
 	msgbox = (MessageBox_t) al_register("SOURCE", "TARGET", "TestApi", (PROC) msgbox);
 	msgbox(NULL, L"This is a test message", L"Caption", MB_OK | MB_ICONINFORMATION);
 	FreeLibrary(hUser32);
 	FreeLibrary(hApiHookDll);
 	return 0;
 }
--- a/ApiHook/ApiLog/writer.cpp
+++ b/ApiHook/ApiLog/writer.cpp
@ -0,0 +1,121 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 #include "writer.h"
 #define VA_SHARED 0x8000000
 const unsigned short WM_KEXAPPENDLOG = 0x6eef;
 static HANDLE hFile;
 static char* shbuf;
 static HWND hwnd;
 static CRITICAL_SECTION windows_cs;
 typedef bool (*initfn_t)();
 initfn_t init_fn;
 writerfn_t writer_fn;
 bool init_file()
 {
 	char path[MAX_PATH];
 	char* p;
 	GetModuleFileName(NULL, path, sizeof(path));
 	p = strrchr(path, '.');
 	if (p) *p = '\0';
 	strcat(path, ".log");
 	hFile = CreateFile(path, GENERIC_WRITE, FILE_SHARE_READ, NULL,
 			CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
 	if (hFile == INVALID_HANDLE_VALUE)
 		return false;
 	return true;
 }
 void write_file(const char* msg)
 {
 	DWORD written;
 	WriteFile(hFile, msg, strlen(msg), &written, NULL);
 }
 bool init_window()
 {
 	shbuf = (char*) VirtualAlloc(NULL, DEBUGMSG_MAXLEN,
 			VA_SHARED | MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
 	hwnd = FindWindow(NULL, "KernelEx Debug Console");
 	InitializeCriticalSection(&windows_cs);
 	if (hwnd == NULL)
 		return false;
 	return true;
 }
 void write_window(const char* msg)
 {
 	EnterCriticalSection(&windows_cs);
 	strcpy(shbuf, msg);
 	int i = strlen(shbuf);
 	if (i > 0) shbuf[i-1] = 0;
 	SendMessage(hwnd, WM_KEXAPPENDLOG, 0, (LPARAM) shbuf);
 	LeaveCriticalSection(&windows_cs);
 }
 bool init_debug()
 {
 	return true;
 }
 void write_debug(const char* msg)
 {
 	OutputDebugString(msg);
 }
 bool init_writer()
 {
 	char output[100];
 	output[0] = 0;
 	if (GetEnvironmentVariable("KEXAPILOG_OUTPUT", output, sizeof(output)))
 	{
 		if (!strcmp(output, "file"))
 		{
 			init_fn = init_file;
 			writer_fn = write_file;
 		}
 		else if (!strcmp(output, "window"))
 		{
 			init_fn = init_window;
 			writer_fn = write_window;
 		}
 		else if (!strcmp(output, "debug"))
 		{
 			init_fn = init_debug;
 			writer_fn = write_debug;
 		}
 	}
 	//default fallback
 	if (!writer_fn)
 	{
 		init_fn = init_file;
 		writer_fn = write_file;
 	}
 	return init_fn();
 }
--- a/ApiHook/ApiLog/writer.h
+++ b/ApiHook/ApiLog/writer.h
@ -0,0 +1,32 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #ifndef _APILOG_WRITER_H
 #define _APILOG_WRITER_H
 #define DEBUGMSG_MAXLEN 256
 typedef void (*writerfn_t)(const char* msg);
 extern writerfn_t writer_fn;
 bool init_writer();
 #endif
--- a/ApiHook/DebugWindow/DebugWindow.cpp
+++ b/ApiHook/DebugWindow/DebugWindow.cpp
@ -24,25 +24,20 @@
 #include <malloc.h>
 #include "DebugWindow.h"
 #include "resource.h"
 #include "internals.h"
 #include "debug.h"
-extern bool apilog_enabled;
+#define DEBUGMSG_MAXLEN 256
 const unsigned short WM_KEXSTOPDEBUG = 0x6eee;
 const unsigned short WM_KEXAPPENDLOG = 0x6eef;
 DebugWindow* DebugWindow::instance = NULL;
 extern "C"
 char* strtok_r(char* s, const char* delim, char** holder);
 static bool apilog_enabled;
 const unsigned short WM_KEXAPPENDLOG = 0x6eef;
 HINSTANCE hInstance;
 DebugWindow::DebugWindow()
 {
 	DWORD tid;
 	DBGPRINTF(("Creating DebugWindow\n"));
 	hwnd = (HWND) -1;
 	//we're interested in everything
@ -53,17 +48,11 @@ DebugWindow::DebugWindow()
 	excludes.push_back("CriticalSection");
 	excludes.push_back("Interlocked");
-	InitializeCriticalSection(&cs);
+	InitCommonControls();
 	MakeCriticalSectionGlobal(&cs);
 	LoadLibrary("COMCTL32.DLL");
 	hThread = CreateThread(NULL, 0, thread, (void*) this, 0, &tid);
 }
 DebugWindow::~DebugWindow()
 {
 	DBGPRINTF(("Destroying DebugWindow\n"));
 	DeleteCriticalSection(&cs);
 	SendMessage(hwnd, WM_KEXSTOPDEBUG, 0, 0);
 }
 BOOL CALLBACK DebugWindow::DebugDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
@ -82,11 +71,11 @@ BOOL CALLBACK DebugWindow::DebugDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPAR
 		MoveWindow(GetDlgItem(hwnd, IDC_LOG), 0, 0, LOWORD(lParam), HIWORD(lParam), TRUE);
 		SendDlgItemMessage(hwnd, IDC_LOG, WM_VSCROLL, SB_BOTTOM, 0);
 		break;
-	case WM_KEXSTOPDEBUG:
+	case WM_CLOSE:
 		DestroyWindow(hwnd);
 		break;
 	case WM_KEXAPPENDLOG:
-		_this->AppendLog((char*) lParam);
+		_this->append((const char*) lParam);
 		break;
 	case WM_DESTROY:
 		PostQuitMessage(0);
@ -96,7 +85,7 @@ BOOL CALLBACK DebugWindow::DebugDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPAR
 		if (nmhdr->idFrom == IDC_LOG)
 			if (nmhdr->code == NM_RCLICK)
 			{
-				_this->HandleMenu();
+				_this->HandleMenu(hwnd);
 				break;
 			}
 			else if (nmhdr->code == LVN_KEYDOWN)
@ -117,7 +106,6 @@ BOOL CALLBACK DebugWindow::DebugDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPAR
 void DebugWindow::InitDialog(HWND hwnd)
 {
 	hList = GetDlgItem(hwnd, IDC_LOG);
 	SetClassLong(hwnd, GCL_STYLE, GetClassLong(hwnd, GCL_STYLE) | CS_NOCLOSE);
 	MoveWindow(hwnd, 0, 0, 480, 200, TRUE);
 	SendMessage(hList, LVM_SETEXTENDEDLISTVIEWSTYLE,
           0, LVS_EX_FULLROWSELECT);
@ -148,7 +136,7 @@ void DebugWindow::InitDialog(HWND hwnd)
 	menu = GetSubMenu(menu, 0);
 }
-void DebugWindow::HandleMenu()
+void DebugWindow::HandleMenu(HWND hwnd)
 {
 	POINT p;
 	GetCursorPos(&p);
@ -188,7 +176,7 @@ void DebugWindow::DeleteSelItems()
 	}
 }
-void DebugWindow::AppendLog(char* msg)
+void DebugWindow::ListView_Append(char* msg)
 {
 	LV_ITEM item;
 	int idx;
@ -202,8 +190,15 @@ void DebugWindow::AppendLog(char* msg)
 	if (!pch)
 		return;
 	int items = ListView_GetItemCount(hList);
 	if (items >= 1000)
 	{
 		ListView_DeleteItem(hList, 0);
 		items--;
 	}
 	item.mask = LVIF_TEXT;
-	item.iItem = ListView_GetItemCount(hList);
+	item.iItem = items;
 	item.iSubItem = 0;
 	item.pszText = pch;
 	idx = ListView_InsertItem(hList, &item);
@ -271,7 +266,6 @@ BOOL CALLBACK DebugWindow::FilterDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPA
 			buf = (char*) alloca(max(len1, len2));
 			GetDlgItemText(hwnd, IDC_DFINCLUDE, buf, len1);
 			EnterCriticalSection(&_this->cs);
 			_this->includes.clear();
 			pch = strtok_r(buf, ";", &p);
 			if (pch)
@ -280,10 +274,8 @@ BOOL CALLBACK DebugWindow::FilterDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPA
 				while ((pch = strtok_r(NULL, ";", &p)) != NULL)
 					_this->includes.push_back(pch);
 			}
 			LeaveCriticalSection(&_this->cs);
 			GetDlgItemText(hwnd, IDC_DFEXCLUDE, buf, len2);
 			EnterCriticalSection(&_this->cs);
 			_this->excludes.clear();
 			pch = strtok_r(buf, ";", &p);
 			if (pch)
@ -292,7 +284,6 @@ BOOL CALLBACK DebugWindow::FilterDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPA
 				while ((pch = strtok_r(NULL, ";", &p)) != NULL)
 					_this->excludes.push_back(pch);
 			}
 			LeaveCriticalSection(&_this->cs);
 			EndDialog(hwnd, 0);
 			break;
@ -384,16 +375,14 @@ void DebugWindow::WriteToFile()
 	MessageBox(hwnd, "File written successfully", "Information", MB_ICONINFORMATION | MB_OK);
 }
-DWORD WINAPI DebugWindow::thread(void* param)
+void DebugWindow::msgloop()
 {
 	MSG msg;
-	DebugWindow* _this = (DebugWindow*) param;
+	hwnd = CreateDialogParam(hInstance, MAKEINTRESOURCE(IDD_DEBUG), 
-	_this->hwnd = CreateDialogParam(hInstance, MAKEINTRESOURCE(IDD_DEBUG), 
+			NULL, DebugDlgProc, (LPARAM) this);
-			NULL, DebugDlgProc, (LPARAM) _this);
+	ShowWindow(hwnd, SW_SHOW);
 	ShowWindow(_this->hwnd, SW_MINIMIZE);
 	while (GetMessage(&msg, NULL, 0, 0))
 		DispatchMessage(&msg);
 	return 0;
 }
 void DebugWindow::append(const char* str)
@ -401,8 +390,6 @@ void DebugWindow::append(const char* str)
 	static char msg[DEBUGMSG_MAXLEN];
 	bool filter_out = true;
 	EnterCriticalSection(&cs);
 	//filter out based on includes and excludes
 	if (includes.size() != 0)
 	{
@ -432,46 +419,21 @@ void DebugWindow::append(const char* str)
 	}
 	if (filter_out)
 	{
 		LeaveCriticalSection(&cs);
 		return;
 	}
 	strncpy(msg, str, sizeof(msg));
 	msg[sizeof(msg) - 1] = '\0';
-	SendMessage(hwnd, WM_KEXAPPENDLOG, 0, (LPARAM) msg);
+	ListView_Append(msg);
 	LeaveCriticalSection(&cs);
 	SendMessage(hList, WM_VSCROLL, SB_BOTTOM, 0);
 }
-DebugWindow* DebugWindow::get()
+int WINAPI WinMain(HINSTANCE hinstance, HINSTANCE hPrevInstance, 
 		LPSTR lpCmdLine, int nCmdShow) 
 {
-	if (instance->hwnd == (HWND) -1 || instance->hwnd == NULL)
+	hInstance = hinstance;
-	{
+	DebugWindow dw;
-		delete instance;
+	dw.msgloop();
-		instance = NULL;
+	return 0;
 	}
 	return instance;
 }
 bool DebugWindow::create()
 {
 	instance = new DebugWindow;
 	if (instance->hThread)
 		return true;
 	else
 	{
 		delete instance;
 		instance = NULL;
 		return false;
 	}
 }
 void DebugWindow::destroy()
 {
 	if (instance)
 		delete instance;
 	instance = NULL;
 }
--- a/ApiHook/DebugWindow/DebugWindow.dsp
+++ b/ApiHook/DebugWindow/DebugWindow.dsp
@ -0,0 +1,120 @@
 # Microsoft Developer Studio Project File - Name="DebugWindow" - Package Owner=<4>
 # Microsoft Developer Studio Generated Build File, Format Version 6.00
 # ** DO NOT EDIT **
 # TARGTYPE "Win32 (x86) Application" 0x0101
 CFG=DebugWindow - Win32 Debug
 !MESSAGE This is not a valid makefile. To build this project using NMAKE,
 !MESSAGE use the Export Makefile command and run
 !MESSAGE 
 !MESSAGE NMAKE /f "DebugWindow.mak".
 !MESSAGE 
 !MESSAGE You can specify a configuration when running NMAKE
 !MESSAGE by defining the macro CFG on the command line. For example:
 !MESSAGE 
 !MESSAGE NMAKE /f "DebugWindow.mak" CFG="DebugWindow - Win32 Debug"
 !MESSAGE 
 !MESSAGE Possible choices for configuration are:
 !MESSAGE 
 !MESSAGE "DebugWindow - Win32 Release" (based on "Win32 (x86) Application")
 !MESSAGE "DebugWindow - Win32 Debug" (based on "Win32 (x86) Application")
 !MESSAGE 
 # Begin Project
 # PROP AllowPerConfigDependencies 0
 # PROP Scc_ProjName ""
 # PROP Scc_LocalPath ""
 CPP=cl.exe
 MTL=midl.exe
 RSC=rc.exe
 !IF  "$(CFG)" == "DebugWindow - Win32 Release"
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 0
 # PROP BASE Output_Dir "Release"
 # PROP BASE Intermediate_Dir "Release"
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 0
 # PROP Output_Dir "Release"
 # PROP Intermediate_Dir "Release"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
 # ADD CPP /nologo /W3 /GX- /O2 /I "." /I "../../common" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x415 /d "NDEBUG"
 # ADD RSC /l 0x415 /d "NDEBUG"
 BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /machine:I386
 # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib comctl32.lib ../../kexcrt/kexcrt.lib libc.lib /nologo /entry:"" /subsystem:windows /machine:I386 /nodefaultlib
 !ELSEIF  "$(CFG)" == "DebugWindow - Win32 Debug"
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 1
 # PROP BASE Output_Dir "Debug"
 # PROP BASE Intermediate_Dir "Debug"
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 1
 # PROP Output_Dir "Debug"
 # PROP Intermediate_Dir "Debug"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
 # ADD CPP /nologo /W3 /Gm /GX- /ZI /Od /I "." /I "../../common" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x415 /d "_DEBUG"
 # ADD RSC /l 0x415 /d "_DEBUG"
 BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
 # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib comctl32.lib ../../kexcrt/kexcrt.lib libc.lib /nologo /subsystem:windows /debug /machine:I386 /nodefaultlib
 # SUBTRACT LINK32 /pdb:none
 !ENDIF 
 # Begin Target
 # Name "DebugWindow - Win32 Release"
 # Name "DebugWindow - Win32 Debug"
 # Begin Group "Source Files"
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 SOURCE=.\DebugWindow.cpp
 # End Source File
 # End Group
 # Begin Group "Header Files"
 # PROP Default_Filter "h;hpp;hxx;hm;inl"
 # Begin Source File
 SOURCE=.\DebugWindow.h
 # End Source File
 # Begin Source File
 SOURCE=.\resource.h
 # End Source File
 # End Group
 # Begin Group "Resource Files"
 # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
 # Begin Source File
 SOURCE=.\DebugWindow.rc
 # End Source File
 # End Group
 # End Target
 # End Project
--- a/ApiHook/DebugWindow/DebugWindow.h
+++ b/ApiHook/DebugWindow/DebugWindow.h
@ -32,21 +32,14 @@ using namespace std;
 class DebugWindow
 {
 public:
-	static bool create();
+	DebugWindow();
-	static void destroy();
+	~DebugWindow();
-	static DebugWindow* get();
+	void msgloop();
 	void append(const char* str);
 private:
 	DebugWindow();
 	~DebugWindow();
 	static DebugWindow* instance;
 	HWND hwnd;
 	HWND hList;
 	HANDLE hThread;
 	CRITICAL_SECTION cs;
 	HMENU menu;
 	list<sstring> includes;
 	list<sstring> excludes;
@ -54,11 +47,10 @@ private:
 	static BOOL CALLBACK DebugDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
 	static BOOL CALLBACK FilterDlgProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
 	void InitDialog(HWND hwnd);
-	void HandleMenu();
+	void HandleMenu(HWND hwnd);
 	void DeleteSelItems();
-	void AppendLog(char* msg);
+	void ListView_Append(char* msg);
 	void WriteToFile();
 	static DWORD WINAPI thread(void* param);
 };
 #endif
--- a/ApiHook/DebugWindow/DebugWindow.rc
+++ b/ApiHook/DebugWindow/DebugWindow.rc
@ -0,0 +1,141 @@
 //Microsoft Developer Studio generated resource script.
 //
 #include "resource.h"
 #define APSTUDIO_READONLY_SYMBOLS
 /////////////////////////////////////////////////////////////////////////////
 //
 // Generated from the TEXTINCLUDE 2 resource.
 //
 #include "afxres.h"
 /////////////////////////////////////////////////////////////////////////////
 #undef APSTUDIO_READONLY_SYMBOLS
 /////////////////////////////////////////////////////////////////////////////
 // Neutral resources
 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_NEU)
 #ifdef _WIN32
 LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 #pragma code_page(1250)
 #endif //_WIN32
 /////////////////////////////////////////////////////////////////////////////
 //
 // Dialog
 //
 IDD_DEBUG DIALOG DISCARDABLE  0, 0, 186, 100
 STYLE WS_MINIMIZEBOX | WS_MAXIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU | 
    WS_THICKFRAME
 CAPTION "KernelEx Debug Console"
 FONT 8, "MS Sans Serif"
 BEGIN
    CONTROL         "",IDC_LOG,"SysListView32",LVS_REPORT | WS_TABSTOP,0,0,
                    185,100
 END
 IDD_DEBUGFILTER DIALOG DISCARDABLE  0, 0, 177, 90
 STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "Filter settings"
 FONT 8, "MS Sans Serif"
 BEGIN
    DEFPUSHBUTTON   "OK",IDOK,65,70,50,14
    PUSHBUTTON      "Cancel",IDCANCEL,120,70,50,14
    EDITTEXT        IDC_DFINCLUDE,5,15,165,14,ES_AUTOHSCROLL
    EDITTEXT        IDC_DFEXCLUDE,5,45,165,14,ES_AUTOHSCROLL
    LTEXT           "Include:",IDC_STATIC,5,5,26,8
    LTEXT           "Exclude:",IDC_STATIC,5,35,28,8
 END
 /////////////////////////////////////////////////////////////////////////////
 //
 // Menu
 //
 IDR_LOGMENU MENU DISCARDABLE 
 BEGIN
    POPUP ""
    BEGIN
        MENUITEM "Enabled",                     IDM_ENABLE, CHECKED
        MENUITEM SEPARATOR
        MENUITEM "Save to file",                IDM_TOFILE
        MENUITEM "Clear",                       IDM_CLEAR
        MENUITEM "Filter",                      IDM_FILTER
    END
 END
 /////////////////////////////////////////////////////////////////////////////
 //
 // DESIGNINFO
 //
 #ifdef APSTUDIO_INVOKED
 GUIDELINES DESIGNINFO DISCARDABLE 
 BEGIN
    IDD_DEBUGFILTER, DIALOG
    BEGIN
        LEFTMARGIN, 7
        RIGHTMARGIN, 170
        TOPMARGIN, 7
        BOTTOMMARGIN, 83
    END
 END
 #endif    // APSTUDIO_INVOKED
 #endif    // Neutral resources
 /////////////////////////////////////////////////////////////////////////////
 /////////////////////////////////////////////////////////////////////////////
 // Polish resources
 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_PLK)
 #ifdef _WIN32
 LANGUAGE LANG_POLISH, SUBLANG_DEFAULT
 #pragma code_page(1250)
 #endif //_WIN32
 #ifdef APSTUDIO_INVOKED
 /////////////////////////////////////////////////////////////////////////////
 //
 // TEXTINCLUDE
 //
 1 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "resource.h\0"
 END
 2 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "#include ""afxres.h""\r\n"
    "\0"
 END
 3 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "\r\n"
    "\0"
 END
 #endif    // APSTUDIO_INVOKED
 #endif    // Polish resources
 /////////////////////////////////////////////////////////////////////////////
 #ifndef APSTUDIO_INVOKED
 /////////////////////////////////////////////////////////////////////////////
 //
 // Generated from the TEXTINCLUDE 3 resource.
 //
 /////////////////////////////////////////////////////////////////////////////
 #endif    // not APSTUDIO_INVOKED
--- a/ApiHook/DebugWindow/resource.h
+++ b/ApiHook/DebugWindow/resource.h
@ -0,0 +1,28 @@
 //{{NO_DEPENDENCIES}}
 // Microsoft Developer Studio generated include file.
 // Used by Core.rc
 //
 #define IDS_NOTREADY                    1
 #define IDS_STUBMISMATCH                2
 #define IDS_OLDVER                      3
 #define IDD_DEBUG                       101
 #define IDR_LOGMENU                     102
 #define IDD_DEBUGFILTER                 103
 #define IDC_LOG                         1003
 #define IDC_DFINCLUDE                   1004
 #define IDC_DFEXCLUDE                   1005
 #define IDM_TOFILE                      40001
 #define IDM_CLEAR                       40002
 #define IDM_FILTER                      40003
 #define IDM_ENABLE                      40004
 // Next default values for new objects
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        104
 #define _APS_NEXT_COMMAND_VALUE         40005
 #define _APS_NEXT_CONTROL_VALUE         1006
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif
--- a/ApiHook/README.txt
+++ b/ApiHook/README.txt
@ -0,0 +1,5 @@
 In order to use the projects in this folder, you need to compile KernelEx Core with _ENABLE_APIHOOK defined.
 Contents:
 ApiLog - API logging DLL for KernelEx Core API hook infrastructure
 DebugWindow - message receiver in ApiLog output to window mode
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@ -1,3 +1,22 @@
 KernelEx v4.5.1 by Xeno86
 2011-05-06
 added kernel32.SetThreadUILanguage stub
 replaced some MSLU regkey APIs with custom implementation: advapi32.RegCreateKeyW, RegCreateKeyExW, RegDeleteKeyW, RegOpenKeyW, RegOpenKeyExW, RegSetValueExW
 replaced kernel32.GetLocaleInfoW (MSLU, error handling LOCALE_RETURN_NUMBER) with custom implementation (fixes Opera 11 download numbers)
 added advapi32.RegGetKeySecurity - allows Opera 11 uninstall to proceed further
 added redirection for 'All Users\Desktop' for SHGet*Follder* functions (allows Opera 11 installer to complete)
 fixed buffer length argument for wctomb in STACK_WtoA macro, added parentheses around macroes
 fixed advapi32.RegSetValueExA to allow null lpData pointer (allows Opera 11 setup to proceed further)
 added advapi32.GetNamedSecurityInfo (allows Opera 11 setup to proceed further)
 added GDI32.MaskBlt - fixes missing checkboxes in GTK apps - Pidgin and GIMP
 added api logging DLL + debug window for KernelEx API Hook infrastructure
 replaced old api logging with KernelEx API Hook infrastructure
 sdb: fixed google earth transform to work on non-english systems, added new product codes
 added missing configs for google earth exes
 ---------------------------------------
 KernelEx v4.5 Final by Xeno86
 2010-12-30
--- a/KernelEx.nsi
+++ b/KernelEx.nsi
@ -1,4 +1,4 @@
-  !define _VERSION '4.5 Final'
+  !define _VERSION '4.5.1'
  !ifndef _DEBUG
    !define FLAVOUR 'Release'
@ -24,7 +24,7 @@
  ;Name and file
  Name "KernelEx"
  Caption "KernelEx ${VERSION} Setup"
-  OutFile "..\KernelEx-dev.exe"
+  OutFile "KernelEx-dev.exe"
  ;Default installation folder
  InstallDir "$WINDIR\KernelEx"
--- a/NEWS.txt
+++ b/NEWS.txt
@ -1,231 +0,0 @@
 KernelEx v4.5 RC 5 by Xeno86
 2010-11-02
 What's new:
 ----------------------------------
 * KernelEx should now work better with Windows 95 shell
 * Fixed stability issues with GDI anti-leaking code
 Apps fixed / now working:
 -------------------------
 * Fixed: OpenOffice.org often crashed on closing
 * Fixed: VLC 1.1.x crashed on DVD playback on windows 98 shell
 * Fixed: MAME insufficient memory error
 * Fixed: Inkscape 0.47 invisible save dialog problem
 * Fixed: Foxit Reader 3,4 resource leaks and random scrolling crashes
 * Fixed: Opera crashed in 'Windows 2000' mode when trying to save file
 * Fixed: Qt4 apps not showing interface fonts
 * Fixed: AkelPad had broken national input
 * Fixed: Easy Assembler Shell installer crash
 * Now working: Media Player Classic Home Cinema rev 2374+
 * Now working: MS Office 2003 Word/Excel + Viewers (experimental)
 * Now working: MS Office 2007 converters [docx only] (experimental)
 #################################################
 KernelEx v4.5 RC 4 by Xeno86
 2010-09-21
 What's new:
 -----------
 * Fixed: missing background colors and images in Mozilla Firefox 3.6.9/3.6.10
 * Fixed: MSIMG32 warning and menu icon transparency issues in Opera 10.62
 * Fixed: crashes introduced in RC 3
 * KernelEx auxiliary libraries weren't loaded when full path to system file was passed in call to LoadLibary
 #################################################
 KernelEx v4.5 RC 3 by Xeno86
 2010-09-10
 hotfix to prevent DLL circular-references causing crashes on certain configurations
 #################################################
 KernelEx v4.5 RC 2 by Xeno86
 2010-09-08
 What's new:
 -----------
 * Implemented SysLink common control class
 Apps fixed / now working:
 -------------------------
 * Fixed: Google Picasa options dialog (empty tabs)
 * Fixed: Adobe Flash Player crashes (reported by mailcat via sf.net forum)
 * Fixed: Adobe Flash Player 10.1 volume control
 * Fixed: Wizard101 game crash (bug #3041092)
 * Fixed: Maxthon browser (freezing)
 * Now working: Maxthon 1.6.7
 * Now working: VLC 1.1.2 (without RP9)
 #################################################
 KernelEx v4.5 RC 1 by Xeno86
 2010-07-30
 What's new:
 ----------------------------------
 * Reworked 'Compatibility' tab to allow resetting compatibility settings to default values
 * Resources with high ID are disallowed when KernelEx is disabled
 * Platform check is now re-enabled when KernelEx is disabled
 * Fixed settings not applied for applications with international characters in path
 * Implemented get-post I/O completion ports functionality
 Apps fixed / now working:
 -------------------------
 * Fixed: MSYS (broken)
 * Fixed: Microsoft Access XP (crashing)
 * Fixed: Rally Championship '99 (crashing)
 * Fixed: GTA San Andreas (crashing)
 * Fixed: VLC 1.0+ (UI)
 * Fixed: Firefox 3.6.4+ (high cpu usage)
 * Now working: Adobe Flash 10.1 plugin
 * Now working: Mozilla Firefox 4.0 Beta 2
 * Now working: Artweaver 1.0
 * Now working: MPC-HC (newer builds, svn build 1391+)
 #################################################
 KernelEx v4.5 Beta 2 by Xeno86
 2010-02-14
 What's new:
 ----------------------------------
 * Implemented Uniscribe font caching (improves Firefox 3 performance).
 * New thread pool implementation (fixes IE6 problems).
 * Fixed rare font related Firefox 3 crash.
 * Implemented timer queue APIs.
 * Implemented SHParseDisplayName and restricted to XP+ configs to fix Firefox mailto issues.
 * Fixed premature kexCOM unloading crashing Photoshop 5 and other buggy apps.
 * Updated jemalloc to version from FF3.6.
 * Fixed jemalloc sensitiveness to invalid pointers. Fixes vmwareuser, cvtaplog crashing.
 * Implemented EnumPrintersW (Foxit 3.1 Unicode printing support).
 * Fixed Opera 10.50 Beta Acid3 crash.
 * Other small fixes / stubs.
 #################################################
 KernelEx v4.5 Beta 1 by Xeno86
 2010-01-18
 What's new:
 ----------------------------------
 * Noticeably improved speed of applications which make extensive use of memory.
 This was made possible by introducing new memory allocator originating from FreeBSD - jemalloc.
 It improves heap memory allocation/free speed and reduces virtual memory fragmentation.
 * Improved compatibility with Unicode applications by implementing new windowing layer
 which provides NT-consistent way to work with Unicode window procedures.
 * Extended TLS slot limitation from 80 to 1000+, for some heavy apps.
 * Lifted PE loader named resource limitation, allowing named resource-heavy libraries to load.
 * Changed kernel obfuscator to produce positive object (process, thread) IDs in order to improve compatibility.
 * Introduced kexCOM - new library to take care of missing COM interfaces. Fixes creating shell shortcuts in newer installers.
 * GDI object destroying rules adjusted in order to fix certain resource leaks or unstability with Flash and other apps.
 * Implemented certain userenv, unicode winspool, thread pool functions.
 * Lot of API fixes and stubs.
 * Improved Compatibility tab.
 * Various architecture improvements.
 * Fixed uninstall kernel32.bak not restoring reliably issue.
 Apps now working / fixed:
 -------------------------
 * .NET Framework 2 (fixed install/uninstall and apps)
 * AbiWord 2.8 (usable, minor problems)
 * Adobe Flash 10.1 beta
 * Adobe Acrobat Reader 9 (very unstable)
 * Adobe ImageReady CS2 (no Photoshop yet)
 * Arora (WebKit Internet Browser)
 * FastStone Image Viewer (fixed plugin crash)
 * Foxit Reader 3.1
 * ICQ 6.5 / ICQLite
 * InkScape (usable)
 * GIMP 2.6 (usable, fixed brush trace)
 * Half-Life 2 Episode One/Two
 * Miranda IM 0.8.x Unicode
 * Mozilla Thunderbird 3 (fixed out of space errors)
 * Nero DiscSpeed 4
 * QtCreator 1.2.1
 * SoftMaker Office 2008 (fixed input bugs)
 * WinAmp 5.5x (fixed ML crash, charset problems)
 * X-Moto
 Notes:
 ------
 * This release is beta quality in order to test several major changes in KernelEx.
 Please test the apps which were working before. Compare the performance and memory usage of any heavy apps you use.
 Pay attention to possible national language input problems.
 * If you want to downgrade to Final 2, you have to uninstall this beta first.
 * Enjoy this great release. win9x 4ever.
 #################################################
 KernelEx v4.0 Final 2 by Xeno86
 2009-08-20
 Major changes:
 --------------
 * system won't try to load auxiliary libraries (PSAPI, MSIMG32, PDH, UXTHEME, WTSAPI32) when extensions are disabled
 Fixed regressions:
 ------------------
 * fixed ZoneAlarm not working properly
 * Firefox 3 couldn't be uninstalled if KernelEx was installed with extensions disabled
 * Foobar2000 v0.9.6.x installer was crashing
 #################################################
 KernelEx v4.0 Final by Xeno86
 2009-07-23
 Now working on Windows 98/Me:
 -----------------------------
 * Flash 10 in Internet Explorer
 Major changes:
 --------------
 * added option to installer to select between enabling KernelEx extensions for all applications and disabling them
 * added installation verifier
 * printer driver software no longer running in NT mode
 * file select dialogs in Flash applets and certain applications should work correctly now
 * improved RP9 compatibility
 * loading MSLU altered floating point unit flags and caused certain programs to crash
 * MSLU (Unicows.dll) is no longer loaded right on startup and should be seen referenced less often in system
 * Dependency Walker is no longer slow when profiling
 * startup speed improvements
 * stability improvements
 * tons of small changes
 #################################################
 KernelEx v4.0 RC 2 by Xeno86
 2009-03-21
 Now working on Windows 98/Me:
 -----------------------------
 * The Chronicles of Riddick EFBB Demo
 * QEmu 0.9
 Fixed regressions:
 ------------------
 * fixed Adobe Acrobat Reader 7.0 not working with RC 1
 * .Net framework was broken in RC 1 now should work correctly
 * input issue in Firefox 3 affecting special characters
 * eMule couldn't complete downloads in RC 1, now fixed
 * transparency issue in Firefox 3
 * incompatibility with Norton Utilities
 #################################################
 KernelEx v4.0 RC 1 by Xeno86
 2009-03-10
 Now working on Windows 98/Me:
 -----------------------------
 * Firefox 3.6 alpha
 * JDK 6 / JRE 6 works fine with the exception of Java applets which don't work (reason: missing proper named-pipe support in the system)
 * PDF-XChange Viewer now works
 Fixed regressions:
 ------------------
 * Sysinternals TCPView display fix
--- a/Notes.txt
+++ b/Notes.txt
@ -1,3 +1,20 @@
 KernelEx v4.5.1 by Xeno86
 2011-05-06
 What's new:
 ----------------------------------
 * New KernelEx API Hook infrastructure for developers
 * Various bugfixes
 Apps fixed / now working:
 -------------------------
 * New Opera 11 non-MSI installer now works
 * Fixed download numbers in Opera 11 not being displayed properly
 * Fixed missing checkboxes in GTK applications - Pidgin and GIMP among others
 * Fixed Google Earth installation on non-english systems
 #################################################
 KernelEx v4.5 Final by Xeno86
 2010-12-30
--- a/apilibs/kexbasen/advapi32/_advapi32_apilist.c
+++ b/apilibs/kexbasen/advapi32/_advapi32_apilist.c
@ -34,21 +34,15 @@ static const apilib_named_api advapi32_named_apis[] =
 	DECL_API("GetUserNameW", GetUserNameW_fwd),
 	DECL_API("IsTextUnicode", IsTextUnicode_fwd),
 	DECL_API("RegConnectRegistryW", RegConnectRegistryW_fwd),
 	DECL_API("RegCreateKeyExW", RegCreateKeyExW_fwd),
 	DECL_API("RegCreateKeyW", RegCreateKeyW_fwd),
 	DECL_API("RegDeleteKeyW", RegDeleteKeyW_fwd),
 	DECL_API("RegDeleteValueW", RegDeleteValueW_fwd),
 	DECL_API("RegEnumKeyExW", RegEnumKeyExW_fwd),
 	DECL_API("RegEnumKeyW", RegEnumKeyW_fwd),
 	DECL_API("RegLoadKeyW", RegLoadKeyW_fwd),
 	DECL_API("RegOpenKeyExW", RegOpenKeyExW_fwd),
 	DECL_API("RegOpenKeyW", RegOpenKeyW_fwd),
 	DECL_API("RegQueryInfoKeyW", RegQueryInfoKeyW_fwd),
 	DECL_API("RegQueryMultipleValuesW", RegQueryMultipleValuesW_fwd),
 	DECL_API("RegQueryValueW", RegQueryValueW_fwd),
 	DECL_API("RegReplaceKeyW", RegReplaceKeyW_fwd),
 	DECL_API("RegSaveKeyW", RegSaveKeyW_fwd),
 	DECL_API("RegSetValueExW", RegSetValueExW_fwd),
 	DECL_API("RegSetValueW", RegSetValueW_fwd),
 	DECL_API("RegUnLoadKeyW", RegUnLoadKeyW_fwd),
 /*** AUTOGENERATED APILIST NAMED EXPORTS END ***/
--- a/apilibs/kexbasen/advapi32/_advapi32_apilist.h
+++ b/apilibs/kexbasen/advapi32/_advapi32_apilist.h
@ -31,21 +31,15 @@ extern const apilib_api_table apitable_advapi32;
 FWDPROC GetUserNameW_fwd;
 FWDPROC IsTextUnicode_fwd;
 FWDPROC RegConnectRegistryW_fwd;
 FWDPROC RegCreateKeyExW_fwd;
 FWDPROC RegCreateKeyW_fwd;
 FWDPROC RegDeleteKeyW_fwd;
 FWDPROC RegDeleteValueW_fwd;
 FWDPROC RegEnumKeyExW_fwd;
 FWDPROC RegEnumKeyW_fwd;
 FWDPROC RegLoadKeyW_fwd;
 FWDPROC RegOpenKeyExW_fwd;
 FWDPROC RegOpenKeyW_fwd;
 FWDPROC RegQueryInfoKeyW_fwd;
 FWDPROC RegQueryMultipleValuesW_fwd;
 FWDPROC RegQueryValueW_fwd;
 FWDPROC RegReplaceKeyW_fwd;
 FWDPROC RegSaveKeyW_fwd;
 FWDPROC RegSetValueExW_fwd;
 FWDPROC RegSetValueW_fwd;
 FWDPROC RegUnLoadKeyW_fwd;
 /*** AUTOGENERATED APILIST DECLARATIONS END ***/
--- a/apilibs/kexbasen/advapi32/uniadvapi32.c
+++ b/apilibs/kexbasen/advapi32/uniadvapi32.c
@ -24,20 +24,14 @@
 FORWARD_TO_UNICOWS(GetUserNameW);
 FORWARD_TO_UNICOWS(IsTextUnicode);
 FORWARD_TO_UNICOWS(RegConnectRegistryW);
 FORWARD_TO_UNICOWS(RegCreateKeyExW);
 FORWARD_TO_UNICOWS(RegCreateKeyW);
 FORWARD_TO_UNICOWS(RegDeleteKeyW);
 FORWARD_TO_UNICOWS(RegDeleteValueW);
 FORWARD_TO_UNICOWS(RegEnumKeyExW);
 FORWARD_TO_UNICOWS(RegEnumKeyW);
 FORWARD_TO_UNICOWS(RegLoadKeyW);
 FORWARD_TO_UNICOWS(RegOpenKeyExW);
 FORWARD_TO_UNICOWS(RegOpenKeyW);
 FORWARD_TO_UNICOWS(RegQueryInfoKeyW);
 FORWARD_TO_UNICOWS(RegQueryMultipleValuesW);
 FORWARD_TO_UNICOWS(RegQueryValueW);
 FORWARD_TO_UNICOWS(RegReplaceKeyW);
 FORWARD_TO_UNICOWS(RegSaveKeyW);
 FORWARD_TO_UNICOWS(RegSetValueExW);
 FORWARD_TO_UNICOWS(RegSetValueW);
 FORWARD_TO_UNICOWS(RegUnLoadKeyW);
--- a/apilibs/kexbasen/kernel32/_kernel32_apilist.c
+++ b/apilibs/kexbasen/kernel32/_kernel32_apilist.c
@ -83,7 +83,6 @@ static const apilib_named_api kernel32_named_apis[] =
 	DECL_API("GetDateFormatW", GetDateFormatW_fwd),
 	DECL_API("GetDriveTypeW", GetDriveTypeW_fwd),
 	DECL_API("GetEnvironmentVariableW", GetEnvironmentVariableW_fwd),
 	DECL_API("GetLocaleInfoW", GetLocaleInfoW_fwd),
 	DECL_API("GetLogicalDriveStringsW", GetLogicalDriveStringsW_fwd),
 	DECL_API("GetNamedPipeHandleStateW", GetNamedPipeHandleStateW_fwd),
 	DECL_API("GetNumberFormatW", GetNumberFormatW_fwd),
--- a/apilibs/kexbasen/kernel32/_kernel32_apilist.h
+++ b/apilibs/kexbasen/kernel32/_kernel32_apilist.h
@ -86,7 +86,6 @@ FWDPROC GetCurrencyFormatW_fwd;
 FWDPROC GetDateFormatW_fwd;
 FWDPROC GetDriveTypeW_fwd;
 FWDPROC GetEnvironmentVariableW_fwd;
 FWDPROC GetLocaleInfoW_fwd;
 FWDPROC GetLogicalDriveStringsW_fwd;
 FWDPROC GetNamedPipeHandleStateW_fwd;
 FWDPROC GetNumberFormatW_fwd;
--- a/apilibs/kexbasen/kernel32/unikernel32.c
+++ b/apilibs/kexbasen/kernel32/unikernel32.c
@ -51,7 +51,6 @@ FORWARD_TO_UNICOWS(GetCurrencyFormatW);
 FORWARD_TO_UNICOWS(GetDateFormatW);
 FORWARD_TO_UNICOWS(GetDriveTypeW);
 FORWARD_TO_UNICOWS(GetEnvironmentVariableW);
 FORWARD_TO_UNICOWS(GetLocaleInfoW);
 FORWARD_TO_UNICOWS(GetLogicalDriveStringsW);
 FORWARD_TO_UNICOWS(GetNamedPipeHandleStateW);
 FORWARD_TO_UNICOWS(GetNumberFormatW);
--- a/apilibs/kexbasen/kexbasen.dsp
+++ b/apilibs/kexbasen/kexbasen.dsp
@ -347,6 +347,10 @@ SOURCE=.\ws2_32\_ws2_32_apilist.h
 SOURCE=.\ws2_32\addinfo.c
 # End Source File
 # Begin Source File
 SOURCE=.\ws2_32\select_fix.c
 # End Source File
 # End Group
 # Begin Group "ole32"
@ -396,8 +400,8 @@ ProjDir=.
 InputPath=.\dirlist
 "&" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	if not exist $(WkspDir)\util\prep\Release\prep.exe goto error 
+	if not exist "$(WkspDir)\util\prep\Release\prep.exe" goto error 
-	$(WkspDir)\util\prep\Release\prep.exe "$(ProjDir)" 
+	"$(WkspDir)\util\prep\Release\prep.exe" "$(ProjDir)" 
 	goto quit 
 	:error 
 	echo Error - compile PREP (Release) project first 
@ -414,8 +418,8 @@ ProjDir=.
 InputPath=.\dirlist
 "&" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	if not exist $(WkspDir)\util\prep\Release\prep.exe goto error 
+	if not exist "$(WkspDir)\util\prep\Release\prep.exe" goto error 
-	$(WkspDir)\util\prep\Release\prep.exe "$(ProjDir)" 
+	"$(WkspDir)\util\prep\Release\prep.exe" "$(ProjDir)" 
 	goto quit 
 	:error 
 	echo Error - compile PREP (Release) project first 
@ -439,11 +443,21 @@ WkspDir=.
 InputPath=.\kexbasen.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DK32ORD_IMPLIB /Fo$(OutDir)\k32ord.obj "$(WkspDir)\common\k32ord.h" 
+	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(WkspDir)\common\k32ord.def" /OUT:$(OutDir)\k32ord.dll /IMPLIB:$(OutDir)\k32ord.lib $(OutDir)\k32ord.obj 
+	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.exp 
+	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
@ -455,11 +469,21 @@ WkspDir=.
 InputPath=.\kexbasen.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DK32ORD_IMPLIB /Fo$(OutDir)\k32ord.obj "$(WkspDir)\common\k32ord.h" 
+	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(WkspDir)\common\k32ord.def" /OUT:$(OutDir)\k32ord.dll /IMPLIB:$(OutDir)\k32ord.lib $(OutDir)\k32ord.obj 
+	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.exp 
+	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
--- a/apilibs/kexbasen/shell32/folderfix.h
+++ b/apilibs/kexbasen/shell32/folderfix.h
@ -48,6 +48,8 @@ inline int folder_fix(int nFolder)
 		nFolder = CSIDL_STARTMENU;
 	else if (nFolder == CSIDL_COMMON_STARTUP)
 		nFolder = CSIDL_STARTUP;
 	else if (nFolder == CSIDL_COMMON_DESKTOPDIRECTORY)
 		nFolder = CSIDL_DESKTOPDIRECTORY;
 	nFolder |= nFolderFlags;
 	return nFolder;
 }
--- a/apilibs/kexbasen/ws2_32/_ws2_32_apilist.c
+++ b/apilibs/kexbasen/ws2_32/_ws2_32_apilist.c
@ -33,6 +33,7 @@ static const apilib_named_api ws2_32_named_apis[] =
 	DECL_API("freeaddrinfo", freeaddrinfo_new),
 	DECL_API("getaddrinfo", getaddrinfo_new),
 	DECL_API("getnameinfo", getnameinfo_new),
 	DECL_API("select", select_new),
 /*** AUTOGENERATED APILIST NAMED EXPORTS END ***/
 };
--- a/apilibs/kexbasen/ws2_32/_ws2_32_apilist.h
+++ b/apilibs/kexbasen/ws2_32/_ws2_32_apilist.h
@ -34,6 +34,7 @@ extern const apilib_api_table apitable_ws2_32;
 int WINAPI getaddrinfo_new(const char* hostname, const char* servname, const struct addrinfo* hints, struct addrinfo** res);
 void WINAPI freeaddrinfo_new(struct addrinfo* ai);
 int WINAPI getnameinfo_new(const struct sockaddr* sa, socklen_t salen, char* host, size_t hostlen, char* serv, size_t servlen, int flags);
 int FAR PASCAL select_new(int nfds, fd_set FAR * readfds, fd_set FAR * writefds, fd_set FAR * exceptfds, const struct timeval FAR * timeout);
 /*** AUTOGENERATED APILIST DECLARATIONS END ***/
 #endif
--- a/apilibs/kexbasen/ws2_32/select_fix.c
+++ b/apilibs/kexbasen/ws2_32/select_fix.c
@ -0,0 +1,45 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 #include <winsock2.h>
 /* fixes 100% cpu usage when timeout < 1ms */
 /* MAKE_EXPORT select_new=select */
 int FAR PASCAL select_new(
 	int nfds,	
 	fd_set FAR * readfds,	
 	fd_set FAR * writefds,	
 	fd_set FAR * exceptfds,	
 	const struct timeval FAR * timeout	
 )
 {
 	struct timeval tv;
 	if (timeout && timeout->tv_sec == 0 && timeout->tv_usec > 0 && timeout->tv_usec < 1000)
 	{
 		tv.tv_sec = 0;
 		tv.tv_usec = 1000;
 		timeout = &tv;
 	}
 	return select(nfds, readfds, writefds, exceptfds, timeout);
 }
--- a/apilibs/kexbases/Advapi32/RegSetValueExA_fix.c
+++ b/apilibs/kexbases/Advapi32/RegSetValueExA_fix.c
@ -0,0 +1,44 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #include <windows.h>
 /* MAKE_EXPORT RegSetValueExA_fix=RegSetValueExA */
 LONG WINAPI RegSetValueExA_fix(
 	HKEY hKey,
 	LPCSTR lpValueName,
 	DWORD Reserved,
 	DWORD dwType,
 	CONST BYTE *lpData,
 	DWORD cbData
 )
 {
 	if (!lpData && cbData)
 		return ERROR_INVALID_PARAMETER;
 	if (dwType == REG_SZ || dwType == REG_EXPAND_SZ || dwType == REG_MULTI_SZ)
 	{
 		if (!lpData)
 			lpData = (CONST BYTE*) "";
 	}
 	return RegSetValueExA(hKey, lpValueName, Reserved, dwType, lpData, cbData);
 }
--- a/apilibs/kexbases/Advapi32/_advapi32_apilist.c
+++ b/apilibs/kexbases/Advapi32/_advapi32_apilist.c
@ -74,6 +74,8 @@ static const apilib_named_api advapi32_named_apis[] =
 	DECL_API("GetFileSecurityA", GetFileSecurityA_new),
 	DECL_API("GetFileSecurityW", GetFileSecurityW_new),
 	DECL_API("GetLengthSid", GetLengthSid_new),
 	DECL_API("GetNamedSecurityInfoA", GetNamedSecurityInfoA_new),
 	DECL_API("GetNamedSecurityInfoW", GetNamedSecurityInfoW_new),
 	DECL_API("GetSecurityDescriptorControl", GetSecurityDescriptorControl_new),
 	DECL_API("GetSecurityDescriptorDacl", GetSecurityDescriptorDacl_new),
 	DECL_API("GetSecurityDescriptorGroup", GetSecurityDescriptorGroup_new),
@ -112,11 +114,19 @@ static const apilib_named_api advapi32_named_apis[] =
 	DECL_API("PrivilegeCheck", PrivilegeCheck_new),
 	DECL_API("QueryServiceStatusEx", QueryServiceStatusEx_stub),
 	DECL_API("QueryWindows31FilesMigration", QueryWindows31FilesMigration_stub),
 	DECL_API("RegCreateKeyExW", RegCreateKeyExW_new),
 	DECL_API("RegCreateKeyW", RegCreateKeyW_new),
 	DECL_API("RegDeleteKeyW", RegDeleteKeyW_new),
 	DECL_API("RegDisablePredefinedCache", RegDisablePredefinedCache_new),
 	DECL_API("RegEnumValueW", RegEnumValueW_new),
 	DECL_API("RegGetKeySecurity", RegGetKeySecurity_new),
 	DECL_API("RegOpenCurrentUser", RegOpenCurrentUser_new),
 	DECL_API("RegOpenKeyExW", RegOpenKeyExW_new),
 	DECL_API("RegOpenKeyW", RegOpenKeyW_new),
 	DECL_API("RegOverridePredefKey", RegOverridePredefKey_stub),
 	DECL_API("RegQueryValueExW", RegQueryValueExW_new),
 	DECL_API("RegSetValueExA", RegSetValueExA_fix),
 	DECL_API("RegSetValueExW", RegSetValueExW_new),
 	DECL_API("RevertToSelf", RevertToSelf_new),
 	DECL_API("SetFileSecurityA", SetFileSecurityA_new),
 	DECL_API("SetFileSecurityW", SetFileSecurityW_new),
--- a/apilibs/kexbases/Advapi32/_advapi32_apilist.h
+++ b/apilibs/kexbases/Advapi32/_advapi32_apilist.h
@ -23,6 +23,7 @@
 #define _ADVAPI32_APILIST_H
 #include "kexcoresdk.h"
 #include <accctrl.h>
 BOOL init_advapi32();
 extern const apilib_api_table apitable_advapi32;
@ -32,6 +33,7 @@ SC_HANDLE WINAPI OpenSCManagerA_stub(LPCSTR lpMachineName, LPCSTR lpDatabaseName
 SC_HANDLE WINAPI OpenSCManagerW_stub(LPCWSTR lpMachineName, LPCWSTR lpDatabaseName, DWORD dwDesiredAccess);
 BOOL WINAPI RegDisablePredefinedCache_new();
 LONG WINAPI RegOpenCurrentUser_new(REGSAM access, PHKEY retkey);
 LONG WINAPI RegSetValueExA_fix(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, CONST BYTE *lpData, DWORD cbData);
 BOOL WINAPI SystemFunction036_new(PVOID pbBuffer, ULONG dwLen);
 ULONG CDECL TraceMessage_new(ULONG64 LoggerHandle, ULONG MessageFlags, LPGUID MessageGuid, USHORT MessageNumber, ...);
 STUB CryptAcquireContextW_stub;
@ -114,6 +116,9 @@ BOOL WINAPI LookupAccountSidA_new(IN LPCSTR system, IN PSID sid, OUT LPSTR accou
 BOOL WINAPI LookupAccountSidW_new(IN LPCWSTR system, IN PSID sid, OUT LPWSTR account, IN OUT LPDWORD accountSize, OUT LPWSTR domain, IN OUT LPDWORD domainSize, OUT PSID_NAME_USE name_use);
 BOOL WINAPI SetFileSecurityA_new(LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor);
 BOOL WINAPI SetFileSecurityW_new(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor);
 DWORD WINAPI GetNamedSecurityInfoW_new(LPWSTR name, SE_OBJECT_TYPE type, SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl, PACL* sacl, PSECURITY_DESCRIPTOR* descriptor);
 DWORD WINAPI GetNamedSecurityInfoA_new(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl, PSECURITY_DESCRIPTOR* ppSecurityDescriptor);
 LONG WINAPI RegGetKeySecurity_new(IN HKEY hKey, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR pSecurityDescriptor, IN OUT LPDWORD lpcbSecurityDescriptor);
 BOOL WINAPI RevertToSelf_new(void);
 BOOL WINAPI ImpersonateSelf_new(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
 BOOL WINAPI AccessCheck_new(PSECURITY_DESCRIPTOR SecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, LPDWORD PrivilegeSetLength, LPDWORD GrantedAccess, LPBOOL AccessStatus);
@ -124,8 +129,14 @@ BOOL WINAPI GetAce_new(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce);
 BOOL WINAPI DeleteAce_new(PACL pAcl, DWORD dwAceIndex);
 BOOL WINAPI CreateRestrictedToken_new(HANDLE baseToken, DWORD flags, DWORD nDisableSids, PSID_AND_ATTRIBUTES disableSids, DWORD nDeletePrivs, PLUID_AND_ATTRIBUTES deletePrivs, DWORD nRestrictSids, PSID_AND_ATTRIBUTES restrictSids, PHANDLE newToken);
 BOOL WINAPI CreateWellKnownSid_new(DWORD WellKnownSidType, PSID DomainSid, PSID pSid, DWORD* cbSid);
 LONG WINAPI RegCreateKeyW_new(HKEY hKey, LPCWSTR lpSubKeyW, PHKEY phkResult);
 LONG WINAPI RegCreateKeyExW_new(HKEY hKey, LPCWSTR lpSubKeyW, DWORD Reserved, LPWSTR lpClassW, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition);
 LONG WINAPI RegDeleteKeyW_new(HKEY hKey, LPCWSTR lpSubKeyW);
 LONG WINAPI RegOpenKeyW_new(HKEY hKey, LPCWSTR lpSubKeyW, PHKEY phkResult);
 LONG WINAPI RegOpenKeyExW_new(HKEY hKey, LPCWSTR lpSubKeyW, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult);
 LONG WINAPI RegQueryValueExW_new(HKEY hKey, LPCWSTR lpValueNameW, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
 LONG WINAPI RegEnumValueW_new(HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
 LONG WINAPI RegSetValueExW_new(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, CONST BYTE *lpData, DWORD cbData);
 /*** AUTOGENERATED APILIST DECLARATIONS END ***/
 #endif
--- a/apilibs/kexbases/Advapi32/security.c
+++ b/apilibs/kexbases/Advapi32/security.c
@ -30,6 +30,7 @@
 #include <windows.h>
 #include <ntsecapi.h>
 #include <accctrl.h>
 #include "common.h"
 #include "_advapi32_apilist.h"
@ -1146,6 +1147,70 @@ BOOL WINAPI InitializeAcl_new(PACL acl, DWORD size, DWORD rev)
        ##############################
 */
 LONG WINAPI
 FillSecurityDescriptor(
 	IN SECURITY_INFORMATION RequestedInformation,
 	OUT PSECURITY_DESCRIPTOR pSecurityDescriptor,
 	IN ULONG nLength,
 	OUT PULONG lpnLengthNeeded
 )
 {
    DWORD               nNeeded;
    LPBYTE      pBuffer;
    DWORD               iLocNow;
    SECURITY_DESCRIPTOR *pSDRelative;
    nNeeded = sizeof(SECURITY_DESCRIPTOR);
    if (RequestedInformation & OWNER_SECURITY_INFORMATION)
        nNeeded += sizeof(sidWorld);
    if (RequestedInformation & GROUP_SECURITY_INFORMATION)
        nNeeded += sizeof(sidWorld);
    if (RequestedInformation & DACL_SECURITY_INFORMATION)
        nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    if (RequestedInformation & SACL_SECURITY_INFORMATION)
        nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    *lpnLengthNeeded = nNeeded;
    if (nNeeded > nLength)
        return ERROR_INSUFFICIENT_BUFFER;
    if (!InitializeSecurityDescriptor_new((SECURITY_DESCRIPTOR*) pSecurityDescriptor, 
 			SECURITY_DESCRIPTOR_REVISION))
        return ERROR_INVALID_SECURITY_DESCR;
    pSDRelative = (PISECURITY_DESCRIPTOR) pSecurityDescriptor;
    pSDRelative->Control |= SE_SELF_RELATIVE;
    pBuffer = (LPBYTE) pSDRelative;
    iLocNow = sizeof(SECURITY_DESCRIPTOR);
    if (RequestedInformation & OWNER_SECURITY_INFORMATION)
    {
        memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
        pSDRelative->Owner = (PACL) iLocNow;
        iLocNow += sizeof(sidWorld);
    }
    if (RequestedInformation & GROUP_SECURITY_INFORMATION)
    {
        memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
        pSDRelative->Group = (PACL) iLocNow;
        iLocNow += sizeof(sidWorld);
    }
    if (RequestedInformation & DACL_SECURITY_INFORMATION)
    {
        GetWorldAccessACL((PACL) (pBuffer + iLocNow));
        pSDRelative->Dacl = (PACL) iLocNow;
        iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    }
    if (RequestedInformation & SACL_SECURITY_INFORMATION)
    {
        GetWorldAccessACL((PACL) (pBuffer + iLocNow));
        pSDRelative->Sacl = (PACL) iLocNow;
        /* iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL; */
    }
    return ERROR_SUCCESS;
 }
 /******************************************************************************
 * LookupPrivilegeValueW                        [ADVAPI32.@] !!20040505
 * Retrieves LUID used on a system to represent the privilege name.
@ -1202,61 +1267,17 @@ GetFileSecurityW_new( LPCWSTR lpFileName,
                    SECURITY_DESCRIPTOR* pSecurityDescriptor,
                    DWORD nLength, LPDWORD lpnLengthNeeded )
 {
-    DWORD               nNeeded;
+    LONG res;
    LPBYTE      pBuffer;
    DWORD               iLocNow;
    SECURITY_DESCRIPTOR *pSDRelative;
    FIXMEW("GetFileSecurityW(%s) : returns fake SECURITY_DESCRIPTOR\n", lpFileName);
-    nNeeded = sizeof(SECURITY_DESCRIPTOR);
+	res = FillSecurityDescriptor(RequestedInformation, pSecurityDescriptor, nLength, lpnLengthNeeded);
    if (RequestedInformation & OWNER_SECURITY_INFORMATION)
        nNeeded += sizeof(sidWorld);
    if (RequestedInformation & GROUP_SECURITY_INFORMATION)
        nNeeded += sizeof(sidWorld);
    if (RequestedInformation & DACL_SECURITY_INFORMATION)
        nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    if (RequestedInformation & SACL_SECURITY_INFORMATION)
        nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
-    *lpnLengthNeeded = nNeeded;
+	if (res == ERROR_SUCCESS)
-
+		return TRUE;
-    if (nNeeded > nLength)
+	if (res == ERROR_INSUFFICIENT_BUFFER)
-            return TRUE;
+		return TRUE;
-
+	return FALSE;
    if (!InitializeSecurityDescriptor_new(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
        return FALSE;
    pSDRelative = (PISECURITY_DESCRIPTOR) pSecurityDescriptor;
    pSDRelative->Control |= SE_SELF_RELATIVE;
    pBuffer = (LPBYTE) pSDRelative;
    iLocNow = sizeof(SECURITY_DESCRIPTOR);
    if (RequestedInformation & OWNER_SECURITY_INFORMATION)
    {
        memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
        pSDRelative->Owner = (PACL) iLocNow;
        iLocNow += sizeof(sidWorld);
    }
    if (RequestedInformation & GROUP_SECURITY_INFORMATION)
    {
        memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
        pSDRelative->Group = (PACL) iLocNow;
        iLocNow += sizeof(sidWorld);
    }
    if (RequestedInformation & DACL_SECURITY_INFORMATION)
    {
        GetWorldAccessACL((PACL) (pBuffer + iLocNow));
        pSDRelative->Dacl = (PACL) iLocNow;
        iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    }
    if (RequestedInformation & SACL_SECURITY_INFORMATION)
    {
        GetWorldAccessACL((PACL) (pBuffer + iLocNow));
        pSDRelative->Sacl = (PACL) iLocNow;
        /* iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL; */
    }
    return TRUE;
 }
 /******************************************************************************
@ -1400,6 +1421,160 @@ SetFileSecurityW_new( LPCWSTR lpFileName,
  return TRUE;
 }
 /******************************************************************************
 * GetNamedSecurityInfoW [ADVAPI32.@]
 */
 /* MAKE_EXPORT GetNamedSecurityInfoW_new=GetNamedSecurityInfoW */
 DWORD WINAPI GetNamedSecurityInfoW_new( LPWSTR name, SE_OBJECT_TYPE type,
    SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
    PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
 {
    DWORD needed, offset;
    SECURITY_DESCRIPTOR_RELATIVE *relative = NULL;
    BYTE *buffer;
    TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
           group, dacl, sacl, descriptor );
    /* A NULL descriptor is allowed if any one of the other pointers is not NULL */
    if (!name || !(owner||group||dacl||sacl||descriptor) ) return ERROR_INVALID_PARAMETER;
    /* If no descriptor, we have to check that there's a pointer for the requested information */
    if( !descriptor && (
        ((info & OWNER_SECURITY_INFORMATION) && !owner)
    ||  ((info & GROUP_SECURITY_INFORMATION) && !group)
    ||  ((info & DACL_SECURITY_INFORMATION)  && !dacl)
    ||  ((info & SACL_SECURITY_INFORMATION)  && !sacl)  ))
        return ERROR_INVALID_PARAMETER;
    needed = !descriptor ? 0 : sizeof(SECURITY_DESCRIPTOR_RELATIVE);
    if (info & OWNER_SECURITY_INFORMATION)
        needed += sizeof(sidWorld);
    if (info & GROUP_SECURITY_INFORMATION)
        needed += sizeof(sidWorld);
    if (info & DACL_SECURITY_INFORMATION)
        needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    if (info & SACL_SECURITY_INFORMATION)
        needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    if(descriptor)
    {
        /* must be freed by caller */
        *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
        if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
        if (!InitializeSecurityDescriptor_new( (SECURITY_DESCRIPTOR*) *descriptor, SECURITY_DESCRIPTOR_REVISION ))
        {
            HeapFree( GetProcessHeap(), 0, *descriptor );
            return ERROR_INVALID_SECURITY_DESCR;
        }
        relative = (SECURITY_DESCRIPTOR_RELATIVE*) *descriptor;
        relative->Control |= SE_SELF_RELATIVE;
        buffer = (BYTE *)relative;
        offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
    }
    else
    {
        buffer = (BYTE*) HeapAlloc( GetProcessHeap(), 0, needed );
        if (!buffer) return ERROR_NOT_ENOUGH_MEMORY;
        offset = 0;
    }
    if (info & OWNER_SECURITY_INFORMATION)
    {
        memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
        if(relative)
            relative->Owner = offset;
        if (owner)
            *owner = buffer + offset;
        offset += sizeof(sidWorld);
    }
    if (info & GROUP_SECURITY_INFORMATION)
    {
        memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
        if(relative)
            relative->Group = offset;
        if (group)
            *group = buffer + offset;
        offset += sizeof(sidWorld);
    }
    if (info & DACL_SECURITY_INFORMATION)
    {
        GetWorldAccessACL( (PACL)(buffer + offset) );
        if(relative)
        {
            relative->Control |= SE_DACL_PRESENT;
            relative->Dacl = offset;
        }
        if (dacl)
            *dacl = (PACL)(buffer + offset);
        offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
    }
    if (info & SACL_SECURITY_INFORMATION)
    {
        GetWorldAccessACL( (PACL)(buffer + offset) );
        if(relative)
        {
            relative->Control |= SE_SACL_PRESENT;
            relative->Sacl = offset;
        }
        if (sacl)
            *sacl = (PACL)(buffer + offset);
    }
    return ERROR_SUCCESS;
 }
 /******************************************************************************
 * GetNamedSecurityInfoA [ADVAPI32.@]
 */
 /* MAKE_EXPORT GetNamedSecurityInfoA_new=GetNamedSecurityInfoA */
 DWORD WINAPI GetNamedSecurityInfoA_new(LPSTR pObjectName,
        SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
        PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
        PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
 {
    DWORD len;
    LPWSTR wstr = NULL;
    DWORD r;
    TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
        ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
    if( pObjectName )
    {
        len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
        wstr = (LPWSTR) HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
        MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
    }
    r = GetNamedSecurityInfoW_new( wstr, ObjectType, SecurityInfo, ppsidOwner,
                           ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
    HeapFree( GetProcessHeap(), 0, wstr );
    return r;
 }
 /* MAKE_EXPORT RegGetKeySecurity_new=RegGetKeySecurity */
 LONG WINAPI RegGetKeySecurity_new(
 	IN     HKEY hKey,
 	IN     SECURITY_INFORMATION SecurityInformation,
 	OUT    PSECURITY_DESCRIPTOR pSecurityDescriptor,
 	IN OUT LPDWORD lpcbSecurityDescriptor
 )
 {
 	TRACE("(%x,%ld,%p,%ld)\n",hkey,SecurityInformation,pSecurityDescriptor,
 			pSecurityDescriptor?*pSecurityDescriptor:0);
    if (!lpcbSecurityDescriptor)
        return ERROR_INVALID_PARAMETER;
 	return FillSecurityDescriptor(SecurityInformation, pSecurityDescriptor,
 			*lpcbSecurityDescriptor, lpcbSecurityDescriptor);
 }
 #if 0 /* LSA disabled */
 /******************************************************************************
--- a/apilibs/kexbases/Advapi32/uniadvapi32.c
+++ b/apilibs/kexbases/Advapi32/uniadvapi32.c
@ -1,6 +1,6 @@
 /*
 *  KernelEx
- *  Copyright (C) 2008-2009, Xeno86
+ *  Copyright (C) 2008-2011, Xeno86
 *  Copyright (C) 2009, Tihiy
 *
 *  This file is part of KernelEx source code.
@ -21,10 +21,87 @@
 */
 #include "common.h"
 #include "_advapi32_apilist.h"
 //MAKE_EXPORT RegCreateKeyW_new=RegCreateKeyW
 LONG WINAPI RegCreateKeyW_new(
 	HKEY hKey,
 	LPCWSTR lpSubKeyW,
 	PHKEY phkResult
 )
 {
 	LPSTR lpSubKeyA;
 	STACK_WtoA(lpSubKeyW, lpSubKeyA);
 	return RegCreateKeyA(hKey, lpSubKeyA, phkResult);
 }
 //MAKE_EXPORT RegCreateKeyExW_new=RegCreateKeyExW
 LONG WINAPI RegCreateKeyExW_new(
    HKEY hKey,
    LPCWSTR lpSubKeyW,
    DWORD Reserved,
    LPWSTR lpClassW,
    DWORD dwOptions,
    REGSAM samDesired,
    LPSECURITY_ATTRIBUTES lpSecurityAttributes,
    PHKEY phkResult,
    LPDWORD lpdwDisposition
 )
 {
 	LPSTR lpSubKeyA;
 	LPSTR lpClassA;
 	STACK_WtoA(lpSubKeyW, lpSubKeyA);
 	STACK_WtoA(lpClassW, lpClassA);
 	return RegCreateKeyExA(hKey, lpSubKeyA, Reserved, lpClassA, dwOptions,
 			samDesired, lpSecurityAttributes, phkResult, lpdwDisposition);
 }
 //MAKE_EXPORT RegDeleteKeyW_new=RegDeleteKeyW
 LONG WINAPI RegDeleteKeyW_new(
 	HKEY hKey,
 	LPCWSTR lpSubKeyW
 )
 {
 	LPSTR lpSubKeyA;
 	STACK_WtoA(lpSubKeyW, lpSubKeyA);
 	return RegDeleteKeyA(hKey, lpSubKeyA);
 }
 //MAKE_EXPORT RegOpenKeyW_new=RegOpenKeyW
 LONG WINAPI RegOpenKeyW_new(
 	HKEY hKey,
 	LPCWSTR lpSubKeyW,
 	PHKEY phkResult
 )
 {
 	LPSTR lpSubKeyA;
 	STACK_WtoA(lpSubKeyW, lpSubKeyA);
 	return RegOpenKeyA(hKey, lpSubKeyA, phkResult);
 }
 //MAKE_EXPORT RegOpenKeyExW_new=RegOpenKeyExW
 LONG WINAPI RegOpenKeyExW_new(
 	HKEY hKey,
 	LPCWSTR lpSubKeyW,
 	DWORD ulOptions,
 	REGSAM samDesired,
 	PHKEY phkResult
 )
 {
 	LPSTR lpSubKeyA;
 	STACK_WtoA(lpSubKeyW, lpSubKeyA);
 	return RegOpenKeyExA(hKey, lpSubKeyA, ulOptions, samDesired, phkResult);
 }
 //MAKE_EXPORT RegQueryValueExW_new=RegQueryValueExW
-LONG WINAPI RegQueryValueExW_new(HKEY hKey, LPCWSTR lpValueNameW, LPDWORD lpReserved, 
+LONG WINAPI RegQueryValueExW_new(
-	LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
+	HKEY hKey,
 	LPCWSTR lpValueNameW,
 	LPDWORD lpReserved, 
 	LPDWORD lpType,
 	LPBYTE lpData,
 	LPDWORD lpcbData
 )
 {
 	LONG ret;
 	DWORD type;
@ -167,3 +244,36 @@ LONG WINAPI RegEnumValueW_new(
 	if (heapbuf) HeapFree(GetProcessHeap(), 0, heapbuf);
 	return ret;
 }
 /* MAKE_EXPORT RegSetValueExW_new=RegSetValueExW */
 LONG WINAPI RegSetValueExW_new(
 	HKEY hKey,
 	LPCWSTR lpValueName,
 	DWORD Reserved,
 	DWORD dwType,
 	CONST BYTE *lpData,
 	DWORD cbData
 )
 {
 	LPSTR strA;
 	STACK_WtoA(lpValueName, strA);
 	if (dwType == REG_SZ || dwType == REG_EXPAND_SZ || dwType == REG_MULTI_SZ)
 	{
 		if (HIWORD(lpData))
 		{
 			LPSTR lpDataA;
 			int cbDataA;
 			cbData = (cbData + 1) / 2;
 			cbDataA = WideCharToMultiByte(CP_ACP, 0, (LPWSTR) lpData, cbData, NULL, 0, NULL, NULL);
 			lpDataA = (LPSTR) alloca(cbDataA + 1);
 			WideCharToMultiByte(CP_ACP, 0, (LPWSTR) lpData, cbData, lpDataA, cbDataA, NULL, NULL);
 			lpDataA[cbDataA] = 0;
 			lpData = (CONST BYTE*) lpDataA;
 		}
 	}
 	return RegSetValueExA_fix(hKey, strA, Reserved, dwType, lpData, cbData); 
 }
--- a/apilibs/kexbases/Gdi32/MaskBlt.c
+++ b/apilibs/kexbases/Gdi32/MaskBlt.c
@ -0,0 +1,32 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 /* MAKE_EXPORT MaskBlt_new=MaskBlt */
 BOOL WINAPI MaskBlt_new(HDC hdcDest, INT nXDest, INT nYDest,
 					INT nWidth, INT nHeight, HDC hdcSrc,
 					INT nXSrc, INT nYSrc, HBITMAP hbmMask,
 					INT xMask, INT yMask, DWORD dwRop)
 {
    return BitBlt(hdcDest, nXDest, nYDest, nWidth, nHeight, hdcSrc, nXSrc, nYSrc, dwRop & 0x00FFFFFF);
 }
--- a/apilibs/kexbases/Gdi32/_gdi32_apilist.c
+++ b/apilibs/kexbases/Gdi32/_gdi32_apilist.c
@ -64,6 +64,7 @@ static const apilib_named_api gdi32_named_apis[] =
 	DECL_API("GetTextExtentPoint32W", GetTextExtentPoint32W_fix),
 	DECL_API("GetTextMetricsA", GetTextMetricsA_NT),
 	DECL_API("GetWorldTransform", GetWorldTransform_NT),
 	DECL_API("MaskBlt", MaskBlt_new),
 	DECL_API("ModifyWorldTransform", ModifyWorldTransform_NT),
 	DECL_API("PolyTextOutA", PolyTextOutA_new),
 	DECL_API("PolyTextOutW", PolyTextOutW_new),
--- a/apilibs/kexbases/Gdi32/_gdi32_apilist.h
+++ b/apilibs/kexbases/Gdi32/_gdi32_apilist.h
@ -44,6 +44,7 @@ HFONT WINAPI CreateFontIndirectA_fix(CONST LOGFONT* lplf);
 DWORD WINAPI GetGlyphOutlineA_fix(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, CONST MAT2 *lpmat2);
 BOOL WINAPI GetTextExtentPoint32A_fix(HDC hdc, LPCSTR str, int count, LPSIZE size);
 BOOL WINAPI GetTextExtentPoint32W_fix(HDC hdc, LPCWSTR str, int count, LPSIZE size);
 BOOL WINAPI MaskBlt_new(HDC hdcDest, INT nXDest, INT nYDest, INT nWidth, INT nHeight, HDC hdcSrc, INT nXSrc, INT nYSrc, HBITMAP hbmMask, INT xMask, INT yMask, DWORD dwRop);
 DWORD WINAPI GetFontUnicodeRanges_new(HDC hdc, LPGLYPHSET lpgs);
 int WINAPI SetGraphicsMode_NT(HDC hdc, int iMode);
 BOOL WINAPI SetWorldTransform_9x(HDC hdc, CONST XFORM *lpXform);
--- a/apilibs/kexbases/Kernel32/_kernel32_apilist.c
+++ b/apilibs/kexbases/Kernel32/_kernel32_apilist.c
@ -101,6 +101,7 @@ static const apilib_named_api kernel32_named_apis[] =
 	DECL_API("GetFileAttributesW", GetFileAttributesW_new),
 	DECL_API("GetFileSizeEx", GetFileSizeEx_new),
 	DECL_API("GetFullPathNameW", GetFullPathNameW_new),
 	DECL_API("GetLocaleInfoW", GetLocaleInfoW_new),
 	DECL_API("GetLongPathNameW", GetLongPathNameW_new),
 	DECL_API("GetModuleFileNameW", GetModuleFileNameW_new),
 	DECL_API("GetModuleHandleExA", GetModuleHandleExA_new),
@ -208,6 +209,7 @@ static const apilib_named_api kernel32_named_apis[] =
 	DECL_API("SetFileAttributesW", SetFileAttributesW_new),
 	DECL_API("SetFilePointerEx", SetFilePointerEx_new),
 	DECL_API("SetInformationJobObject", SetInformationJobObject_new),
 	DECL_API("SetThreadUILanguage", SetThreadUILanguage_new),
 	DECL_API("SystemTimeToTzSpecificLocalTime", SystemTimeToTzSpecificLocalTime_new),
 	DECL_API("TerminateJobObject", TerminateJobObject_new),
 	DECL_API("TryEnterCriticalSection", TryEnterCriticalSection_new),
--- a/apilibs/kexbases/Kernel32/_kernel32_apilist.h
+++ b/apilibs/kexbases/Kernel32/_kernel32_apilist.h
@ -109,6 +109,7 @@ LANGID WINAPI GetUserDefaultUILanguage_new(void);
 LANGID WINAPI GetSystemDefaultUILanguage_new(void);
 BOOL WINAPI EnumUILanguagesA_new(UILANGUAGE_ENUMPROCA pUILangEnumProc, DWORD dwFlags, LONG_PTR lParam);
 BOOL WINAPI EnumUILanguagesW_new(UILANGUAGE_ENUMPROCW pUILangEnumProc, DWORD dwFlags, LONG_PTR lParam);
 LANGID WINAPI SetThreadUILanguage_new(LANGID LangId);
 ATOM WINAPI AddAtomW_new(LPCWSTR strW);
 BOOL WINAPI CopyFileExW_new(LPCWSTR lpExistingFileNameW, LPCWSTR lpNewFileNameW, LPPROGRESS_ROUTINE lpProgressRoutine, LPVOID lpData, LPBOOL pbCancel, DWORD dwCopyFlags);
 BOOL WINAPI CopyFileW_new(LPCWSTR lpExistingFileNameW, LPCWSTR lpNewFileNameW, BOOL bFailIfExists);
@ -133,6 +134,7 @@ void* WINAPI GetEnvironmentStringsW_new(void);
 BOOL WINAPI GetFileAttributesExW_new(LPCWSTR lpFileNameW, GET_FILEEX_INFO_LEVELS fInfoLevelId, LPVOID lpFileInformation);
 DWORD WINAPI GetFileAttributesW_new(LPCWSTR lpFileNameW);
 DWORD WINAPI GetFullPathNameW_new(LPCWSTR lpFileNameW, DWORD nBufferLength, LPWSTR lpBufferW, LPWSTR *lpFilePartW);
 int WINAPI GetLocaleInfoW_new(LCID Locale, LCTYPE LCType, LPWSTR lpLCData, int cchData);
 DWORD WINAPI GetLongPathNameW_new(LPCWSTR lpszShortPathW, LPWSTR lpszLongPathW, DWORD cchBuffer);
 DWORD WINAPI GetModuleFileNameW_new(HMODULE hModule, LPWSTR lpFilenameW, DWORD nSize);
 HMODULE WINAPI GetModuleHandleW_new(LPCWSTR lpModuleNameW);
--- a/apilibs/kexbases/Kernel32/uilang.c
+++ b/apilibs/kexbases/Kernel32/uilang.c
@ -158,3 +158,9 @@ BOOL WINAPI EnumUILanguagesW_new(UILANGUAGE_ENUMPROCW pUILangEnumProc, DWORD dwF
 	pUILangEnumProc(buf, lParam);
 	return TRUE;
 }
 /* MAKE_EXPORT SetThreadUILanguage_new=SetThreadUILanguage */
 LANGID WINAPI SetThreadUILanguage_new(LANGID LangId)
 {
 	return LangId;
 }
--- a/apilibs/kexbases/Kernel32/unikernel32.c
+++ b/apilibs/kexbases/Kernel32/unikernel32.c
@ -314,6 +314,48 @@ DWORD WINAPI GetFullPathNameW_new(LPCWSTR lpFileNameW, DWORD nBufferLength, LPWS
 	}
 	return ret;
 }
 static int GetCPFromLocale(LCID Locale)
 {
 	int cp;	
 	Locale = LOWORD(Locale);
 	if (GetLocaleInfoA(Locale, LOCALE_IDEFAULTANSICODEPAGE | LOCALE_RETURN_NUMBER, (LPSTR)&cp, sizeof(int)))
 		return cp;
 	else
 		return CP_ACP;
 }
 /* MAKE_EXPORT GetLocaleInfoW_new=GetLocaleInfoW */
 int WINAPI GetLocaleInfoW_new(
 	LCID Locale,
 	LCTYPE LCType,
 	LPWSTR lpLCData,
 	int cchData
 )
 {
 	int cp;
 	int ret;
 	char *buf;
 	if ((LCType & LOCALE_RETURN_NUMBER) || (cchData == 0))
 		return GetLocaleInfoA(Locale, LCType, (LPSTR) lpLCData, cchData * 2);
 	if (!lpLCData)
 	{
 		SetLastError(ERROR_INVALID_PARAMETER);
 		return 0;
 	}
 	buf = (char*) alloca(cchData * 2);
 	buf[0] = 0;
 	ret = GetLocaleInfoA(Locale, LCType, buf, cchData * 2);
 	if (!ret)
 		return ret;
 	if (LCType & LOCALE_USE_CP_ACP)
 		cp = CP_ACP;
 	else
 		cp = GetCPFromLocale(Locale);
 	ret = MultiByteToWideChar(cp, 0, buf, -1, lpLCData, cchData);
 	return ret;
 }
 //MAKE_EXPORT GetLongPathNameW_new=GetLongPathNameW
 DWORD WINAPI GetLongPathNameW_new(LPCWSTR lpszShortPathW, LPWSTR lpszLongPathW, DWORD cchBuffer)
--- a/apilibs/kexbases/kexbases.dsp
+++ b/apilibs/kexbases/kexbases.dsp
@ -437,6 +437,10 @@ SOURCE=.\Gdi32\GetTextExtentPoint32_fix.c
 # End Source File
 # Begin Source File
 SOURCE=.\Gdi32\MaskBlt.c
 # End Source File
 # Begin Source File
 SOURCE=.\Gdi32\Orhpans.cpp
 # End Source File
 # Begin Source File
@ -485,6 +489,10 @@ SOURCE=.\Advapi32\RegOpenCurrentUser.c
 # End Source File
 # Begin Source File
 SOURCE=.\Advapi32\RegSetValueExA_fix.c
 # End Source File
 # Begin Source File
 SOURCE=.\Advapi32\RtlGenRandom.c
 # End Source File
 # Begin Source File
@ -592,8 +600,8 @@ ProjDir=.
 InputPath=.\dirlist
 "&" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	if not exist $(WkspDir)\util\prep\Release\prep.exe goto error 
+	if not exist "$(WkspDir)\util\prep\Release\prep.exe" goto error 
-	$(WkspDir)\util\prep\Release\prep.exe "$(ProjDir)" 
+	"$(WkspDir)\util\prep\Release\prep.exe" "$(ProjDir)" 
 	goto quit 
 	:error 
 	echo Error - compile PREP (Release) project first 
@ -610,8 +618,8 @@ ProjDir=.
 InputPath=.\dirlist
 "&" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	if not exist $(WkspDir)\util\prep\Release\prep.exe goto error 
+	if not exist "$(WkspDir)\util\prep\Release\prep.exe" goto error 
-	$(WkspDir)\util\prep\Release\prep.exe "$(ProjDir)" 
+	"$(WkspDir)\util\prep\Release\prep.exe" "$(ProjDir)" 
 	goto quit 
 	:error 
 	echo Error - compile PREP (Release) project first 
@ -635,11 +643,21 @@ WkspDir=.
 InputPath=.\kexbases.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DK32ORD_IMPLIB /Fo$(OutDir)\k32ord.obj "$(WkspDir)\common\k32ord.h" 
+	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(WkspDir)\common\k32ord.def" /OUT:$(OutDir)\k32ord.dll /IMPLIB:$(OutDir)\k32ord.lib $(OutDir)\k32ord.obj 
+	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.exp 
+	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
@ -651,11 +669,21 @@ WkspDir=.
 InputPath=.\kexbases.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DK32ORD_IMPLIB /Fo$(OutDir)\k32ord.obj "$(WkspDir)\common\k32ord.h" 
+	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(WkspDir)\common\k32ord.def" /OUT:$(OutDir)\k32ord.dll /IMPLIB:$(OutDir)\k32ord.lib $(OutDir)\k32ord.obj 
+	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.exp 
+	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
--- a/apilibs/settings.reg
+++ b/apilibs/settings.reg
@ -43,11 +43,18 @@ REGEDIT4
 ;-Office 2007
 "*\\OFFICE12\\MSO.DLL"="NT2K"
 "*\\OFFICE12\\WORDCONV.EXE"="NT2K"
-;-Google Earth setup
+"*\\PKMWS.DLL"="DCFG1"
 ;-Google Earth
 "*\\GOOGLEEARTH-WIN-*.EXE"="NT2K"
 "*\\GOOGLEEARTHWIN.EXE"="NT2K"
 "*\\GOOGLEEARTHSETUP.EXE"="NT2K"
 "*\\GOOGLE\\GOOGLE EARTH\\CLIENT\\GOOGLEEARTH.EXE"="NT2K"
 "%TEMP%\\GTAPI.DLL"="NT2K"
 ;-Windows Installer
 "%WINDIR%\\SYSTEM\\MSI.DLL"="DCFG1"
 "%WINDIR%\\SYSTEM\\MSIEXEC.EXE"="DCFG1"
 ;-Opera
 "*\\OPERA_11*_SETUP.EXE"="WINXP"
 [HKEY_LOCAL_MACHINE\Software\KernelEx\AppSettings\Flags]
 ;DISABLE KERNELEX FOR:
--- a/auxiliary/psapi/makefile
+++ b/auxiliary/psapi/makefile
@ -6,10 +6,10 @@ RCC = windres
 OBJ = psapi.o
 RES = 
 DEF = psapi.def
-LIBS = -nostdlib -lkernel32
+LIBS = -nostdlib -lkernel32 -L../../common -lkernelex
 LDFLAGS = -s -shared -Wl,--enable-stdcall-fixup -e _DllMain@12
 BIN = ..\psapi.dll
-CFLAGS = -Os -Wall
+CFLAGS = -Os -Wall -I../../common
 CXXFLAGS = $(CFLAGS)
 .SUFFIXES: .rc
--- a/auxiliary/psapi/makefile.msv
+++ b/auxiliary/psapi/makefile.msv
@ -4,9 +4,10 @@ OBJ = psapi.obj
 RES = 
 DEF = /DEF:psapi.def
 BIN = ..\psapi.dll
-LIBS = -nodefaultlib kernel32.lib
+COMMON_DIR = ../../common
-LDFLAGS = /DLL /OPT:NOWIN98 /ENTRY:DllMain@12
+LIBS = -nodefaultlib kernel32.lib $(COMMON_DIR)/kernelex.lib
-CFLAGS = /W3 /O2 /Oi /FD
+LDFLAGS = /DLL /OPT:NOWIN98 /ENTRY:DllMain@12 /LIBPATH:$(COMMON_DIR) KernelEx.lib
 CFLAGS = /W3 /O2 /Oi /FD /I$(COMMON_DIR)
 CXXFLAGS = $(CFLAGS)
 all : $(BIN)
--- a/auxiliary/psapi/psapi.c
+++ b/auxiliary/psapi/psapi.c
@ -21,6 +21,7 @@
 #include <windows.h>
 #include <tlhelp32.h>
 #include "kexcoresdk.h"
 BOOL WINAPI DllMain (HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
 {
@ -37,7 +38,7 @@ DWORD WINAPI GetProcessFlags(
 	typedef DWORD (WINAPI *GPF) (HANDLE ProcessID);
 	static GPF g_GetProcessFlags = 0;
-	if ( !g_GetProcessFlags ) g_GetProcessFlags = (GPF) GetProcAddress(GetModuleHandle("kernel32.dll"),"GetProcessFlags");
+	if ( !g_GetProcessFlags ) g_GetProcessFlags = (GPF) kexGetProcAddress(GetModuleHandle("kernel32.dll"),"GetProcessFlags");
 	return g_GetProcessFlags(ProcessID);
 }
@ -58,7 +59,7 @@ DWORD WINAPI GetProcessId(
 		DWORD *faddr;
 		DWORD addr;
-		faddr = (DWORD *) ( (DWORD)GetProcAddress(GetModuleHandle("kernel32.dll"),"SetFilePointer") + 0x1D ); //there is jmp _SetFilePointer	
+		faddr = (DWORD *) ( (DWORD)kexGetProcAddress(GetModuleHandle("kernel32.dll"),"SetFilePointer") + 0x1D ); //there is jmp _SetFilePointer	
 		addr = (DWORD) faddr + *faddr + 4 - 0x16; //0x16 bytes before _SetFilePointer there is MapProcessHandle, just what we need	
 		faddr = (DWORD *) addr;
 		if (*faddr != 0x206A006A) return FALSE; //push 0; push 0x20
--- a/common/common.h
+++ b/common/common.h
@ -120,26 +120,31 @@ size_t lstrlenWnull(LPCWSTR s);
 //In macros: convert A<->W on stack
 #define STACK_WtoA(strW,strA) \
 	strA = (LPSTR)strW; \
 	if (HIWORD(strW)) \
 	{ \
-		int c = lstrlenWnull((LPCWSTR)strW); \
+		strA = (LPSTR)strW; \
-		if (c) \
+		if (HIWORD(strW)) \
 		{ \
-			strA = (LPSTR)alloca(c*2); \
+			int c = lstrlenWnull((LPCWSTR)strW); \
-			WideCharToMultiByte(CP_ACP, 0, (LPCWSTR)strW, -1, (LPSTR)strA, c, NULL, NULL); \
+			if (c) \
 			{ \
 				c *= 2; \
 				strA = (LPSTR)alloca(c); \
 				WideCharToMultiByte(CP_ACP, 0, (LPCWSTR)strW, -1, (LPSTR)strA, c, NULL, NULL); \
 			} \
 		} \
 	}
 #define STACK_AtoW(strA,strW) \
 	strW = (LPWSTR)strA; \
 	if (HIWORD(strA)) \
 	{ \
-		int c = lstrlenAnull((LPCSTR)strA); \
+		strW = (LPWSTR)strA; \
-		if (c) \
+		if (HIWORD(strA)) \
 		{ \
-			strW = (LPWSTR)alloca(c*sizeof(WCHAR)); \
+			int c = lstrlenAnull((LPCSTR)strA); \
-			MultiByteToWideChar(CP_ACP, 0, (LPCSTR)strA, -1, (LPWSTR)strW, c); \
+			if (c) \
 			{ \
 				strW = (LPWSTR)alloca(c*sizeof(WCHAR)); \
 				MultiByteToWideChar(CP_ACP, 0, (LPCSTR)strA, -1, (LPWSTR)strW, c); \
 			} \
 		} \
 	}
--- a/common/kexcoresdk.h
+++ b/common/kexcoresdk.h
@ -106,11 +106,16 @@ typedef const apilib_api_table* (* fgat_t)();
 _KEXCOREIMP unsigned long kexGetKEXVersion();
-/** kexIsDebugCore - determine release/debug KernelEx Core version
+/** KernelEx Core capability flags. */
 #define KCC_DEBUG                1  /* Core compiled with debug features enabled */
 #define KCC_APIHOOK              2  /* Core compiled with API hook feature enabled */
 /** kexGetCoreCaps - determine KernelEx Core capabilities
 *
- * @return Zero if release Core, one if debug Core.
+ * @return Combination of capability flags.
 */
-_KEXCOREIMP int kexIsDebugCore();
+_KEXCOREIMP DWORD kexGetCoreCaps();
 /** DBGPRINTF - convenience macro for including debug messages only in debugs. 
@ -165,7 +170,7 @@ _KEXCOREIMP BOOL kexAreExtensionsEnabled();
 /** KernelEx resolver flags. */
 #define KRF_KEX_DISABLE          1  /* disable KernelEx API extensions for this module */
 #define KRF_OVERRIDE_PROC_MOD    2  /* use same configuration and flags for all modules in a process */
-#define KRF_LOG_APIS             4  /* enable API tracing */
+#define KRF_HOOK_APIS            8  /* enable API tracing */
 #define KRF_NO_INHERIT          16  /* don't inherit configuration and flags to child processes */
 #define KRF_VALID_FLAG         128  /* denotes that flags field is valid */
--- a/common/kstructs.h
+++ b/common/kstructs.h
@ -296,6 +296,32 @@ typedef struct _FILEMAPPING {  // Size = 0x28 (from Kernel32)
 #pragma pack(pop)
 #if defined(__GNUC__)
 static inline
 PDB98* get_pdb(void)
 {
 	PDB98* pdb;
 	__asm__(".byte 0x64\n\tmovl (0x30),%0" : "=r" (pdb));
 	return pdb;
 }
 static inline
 TIB98* get_tib(void)
 {
 	TIB98* tib;
 	__asm__(".byte 0x64\n\tmovl (0x18),%0" : "=r" (tib));
 	return tib;
 }
 static inline
 TDB98* get_tdb(void)
 {
 	return (TDB98*) ((unsigned long) get_tib()) - 8;
 }
 #else
 #pragma warning (disable:4035)		// turn off no return code warning
 static inline
@ -319,4 +345,6 @@ TDB98* get_tdb(void)
 #pragma warning (default:4035)		// turn on no return code warning
 #endif /* defined(__GNUC__) */
 #endif /* __KSTRUCTS_H */
--- a/common/sstring.hpp
+++ b/common/sstring.hpp
@ -28,6 +28,13 @@
 class sstring
 {
 public:
 	sstring()
 	{
 		len = 0;
 		storage = new char[1];
 		storage[0] = '\0';
 	}
 	sstring(const char* src)
 	{
 		len = strlen(src);
@ -79,6 +86,11 @@ public:
 	{
 		return len;
 	}
 	bool empty() const
 	{
 		return len == 0;
 	}
 private:
 	int len;
--- a/common/version.h
+++ b/common/version.h
@ -22,9 +22,9 @@
 #ifndef __VERSION_H
 #define __VERSION_H
-#define VERSION_STR      "4.5 Final"
+#define VERSION_STR      "4.5.1"
-#define VERSION_CODE     0x04050065
+#define VERSION_CODE     0x0405006E
-#define RCVERSION        4, 5, 10, 1
+#define RCVERSION        4, 5, 11, 0
-#define _RCVERSION_      "4, 5, 10, 1"
+#define _RCVERSION_      "4, 5, 11, 0"
 #endif
--- a/core/Core.rc
+++ b/core/Core.rc
@ -20,57 +20,6 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 #pragma code_page(1250)
 #endif //_WIN32
 /////////////////////////////////////////////////////////////////////////////
 //
 // String Table
 //
 STRINGTABLE DISCARDABLE 
 BEGIN
    IDS_NOTREADY            "System is not KernelEx-ready.\nPlease reinstall KernelEx."
    IDS_STUBMISMATCH        "Stub version mismatch (expected: %d, got: %d).\nPlease reinstall KernelEx."
    IDS_OLDVER              "Another KernelEx version has been detected: %s.\nPlease uninstall  all other versions and reinstall latest version."
 END
 #endif    // Neutral resources
 /////////////////////////////////////////////////////////////////////////////
 /////////////////////////////////////////////////////////////////////////////
 // Polish resources
 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_POL)
 #ifdef _WIN32
 LANGUAGE LANG_POLISH, SUBLANG_DEFAULT
 #pragma code_page(1250)
 #endif //_WIN32
 #ifdef APSTUDIO_INVOKED
 /////////////////////////////////////////////////////////////////////////////
 //
 // TEXTINCLUDE
 //
 1 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "resource.h\0"
 END
 2 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "#include ""afxres.h""\r\n"
    "\0"
 END
 3 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "\r\n"
    "\0"
 END
 #endif    // APSTUDIO_INVOKED
 #ifndef _MAC
 /////////////////////////////////////////////////////////////////////////////
 //
@ -112,75 +61,60 @@ END
 #endif    // !_MAC
 #ifdef _DEBUG
 /////////////////////////////////////////////////////////////////////////////
 //
 // Dialog
 //
 IDD_DEBUG DIALOG DISCARDABLE  0, 0, 186, 100
 STYLE WS_MINIMIZEBOX | WS_MAXIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU | 
    WS_THICKFRAME
 CAPTION "KernelEx Debug Console"
 FONT 8, "MS Sans Serif"
 BEGIN
    CONTROL         "",IDC_LOG,"SysListView32",LVS_REPORT | WS_TABSTOP,0,0,
                    185,100
 END
 IDD_DEBUGFILTER DIALOG DISCARDABLE  0, 0, 177, 90
 STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "Filter settings"
 FONT 8, "MS Sans Serif"
 BEGIN
    DEFPUSHBUTTON   "OK",IDOK,65,70,50,14
    PUSHBUTTON      "Cancel",IDCANCEL,120,70,50,14
    EDITTEXT        IDC_DFINCLUDE,5,15,165,14,ES_AUTOHSCROLL
    EDITTEXT        IDC_DFEXCLUDE,5,45,165,14,ES_AUTOHSCROLL
    LTEXT           "Include:",IDC_STATIC,5,5,26,8
    LTEXT           "Exclude:",IDC_STATIC,5,35,28,8
 END
 /////////////////////////////////////////////////////////////////////////////
 //
-// Menu
+// String Table
 //
-IDR_LOGMENU MENU DISCARDABLE 
+STRINGTABLE DISCARDABLE 
 BEGIN
-    POPUP ""
+    IDS_NOTREADY            "System is not KernelEx-ready.\nPlease reinstall KernelEx."
-    BEGIN
+    IDS_STUBMISMATCH        "Stub version mismatch (expected: %d, got: %d).\nPlease reinstall KernelEx."
-        MENUITEM "Enabled",                     IDM_ENABLE, CHECKED
+    IDS_OLDVER              "Another KernelEx version has been detected: %s.\nPlease uninstall  all other versions and reinstall latest version."
        MENUITEM SEPARATOR
        MENUITEM "Save to file",                IDM_TOFILE
        MENUITEM "Clear",                       IDM_CLEAR
        MENUITEM "Filter",                      IDM_FILTER
    END
 END
 #endif    // Neutral resources
 /////////////////////////////////////////////////////////////////////////////
 /////////////////////////////////////////////////////////////////////////////
-//
+// Polish resources
-// DESIGNINFO
+
-//
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_PLK)
 #ifdef _WIN32
 LANGUAGE LANG_POLISH, SUBLANG_DEFAULT
 #pragma code_page(1250)
 #endif //_WIN32
 #ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO DISCARDABLE 
+/////////////////////////////////////////////////////////////////////////////
 //
 // TEXTINCLUDE
 //
 1 TEXTINCLUDE DISCARDABLE 
 BEGIN
-    IDD_DEBUGFILTER, DIALOG
+    "resource.h\0"
    BEGIN
        LEFTMARGIN, 7
        RIGHTMARGIN, 170
        TOPMARGIN, 7
        BOTTOMMARGIN, 83
    END
 END
 2 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "#include ""afxres.h""\r\n"
    "\0"
 END
 3 TEXTINCLUDE DISCARDABLE 
 BEGIN
    "\r\n"
    "\0"
 END
 #endif    // APSTUDIO_INVOKED
 #endif    // Polish resources
 /////////////////////////////////////////////////////////////////////////////
-#endif    // _DEBUG
+
 #ifndef APSTUDIO_INVOKED
--- a/core/apihook.cpp
+++ b/core/apihook.cpp
@ -0,0 +1,173 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #ifdef _ENABLE_APIHOOK
 #include "apihook.h"
 #include "resolver.h"
 #include "internals.h"
 #include "ModInit.h"
 #include "ProcessStorage.h"
 #include "debug.h"
 extern "C" int snprintf(char*, size_t, const char*, ...);
 PROC apihook::prepare(BOOL is_static)
 {
 	typedef int (*init_once_t)(void);
 	HMODULE hApiHookDll;
 	MODREF* mr;
 	PROC ah_reg;
 	init_once_t init_once;
 	DBGPRINTF(("Preparing API HOOK DLL"));
 	_EnterSysLevel(krnl32lock);
 	mr = MRLoadTree("kexApiHook.dll");
 	if (!mr)
 	{
 		char path[MAX_PATH];
 		FreeLibRemove();
 		get_default_dll_path(path, sizeof(path));
 		mr = MRLoadTree(path);
 	}
 	if (mr)
 	{
 		IMTE** pmteModTable = *ppmteModTable;
 		IMTE_KEX* imte = (IMTE_KEX*) pmteModTable[mr->mteIndex];
 		hApiHookDll = (HMODULE) imte->pNTHdr->OptionalHeader.ImageBase;
 	}
 	else
 	{
 		FreeLibRemove();
 		hApiHookDll = NULL;
 	}
 	_LeaveSysLevel(krnl32lock);
 	//this will also create heap for us if one isn't there
 	ModuleInitializer* mi = ModuleInitializer::get_instance(true);
 	if (hApiHookDll)
 	{
 		init_once = (init_once_t) GetProcAddress(hApiHookDll, "kexApiHook_initonce");
 		__try
 		{
 			if (!init_once || !init_once())
 				hApiHookDll = NULL;
 		}
 		__except (EXCEPTION_EXECUTE_HANDLER)
 		{
 			OutputDebugString("KernelEx: API HOOK DLL crashed during init");
 			hApiHookDll = NULL;
 		}
 	}
 	if (hApiHookDll && !is_static)
 	{
 		DBGPRINTF(("Explicitly initializing APIHOOK [PID=%08x]\n", 
 				GetCurrentProcessId()));
 		if (FLoadTreeNotify(mr, FALSE))
 		{
 			FreeLibTree(mr);
 			hApiHookDll = NULL;
 		}
 	}
 	if (hApiHookDll)
 		ah_reg = GetProcAddress(hApiHookDll, "kexApiHook_register");
 	if (!hApiHookDll || !init_once || !ah_reg)
 	{
 		if (mr)
 		{
 			_EnterSysLevel(krnl32lock);
 			FreeLibTree(mr);
 			_LeaveSysLevel(krnl32lock);
 		}
 		return NULL;
 	}
 	mi->add_module(mr);
 	return ah_reg;
 }
 VOID apihook::get_default_dll_path(LPSTR buf, DWORD len)
 {
 	HKEY key;
 	DWORD type;
 	LONG result;
 	DWORD len2 = len;
 	result = RegOpenKey(HKEY_LOCAL_MACHINE, "Software\\KernelEx", &key);
 	if (result == ERROR_SUCCESS)
 	{
 		result = RegQueryValueEx(key, "ApiHookPath", NULL, &type, (BYTE*)buf, &len2);
 		RegCloseKey(key);
 	}
 	if (result != ERROR_SUCCESS || type != REG_SZ)
 	{
 		snprintf(buf, len, "%s%s", (LPCSTR) kernelex_dir, "kexApiHook.dll");
 	}
 }
 PROC apihook::hook(BOOL is_static, LPCSTR caller, LPCSTR target, LPCSTR api, PROC orig)
 {
 	typedef PROC (*apihook_register_t)(LPCSTR, LPCSTR, LPCSTR, PROC);
 	static const int psidx = ProcessStorage::allocate();
 	ProcessStorage* ps = ProcessStorage::get_instance();
 	apihook_register_t ah_reg = (apihook_register_t) ps->get(psidx);
 	if (!ah_reg)
 	{
 		//to avoid recursion in hook dll, disable the hook first
 		ps->set(psidx, (void*) -1);
 		ah_reg = (apihook_register_t) prepare(is_static);
 		if (!ah_reg)
 		{
 			OutputDebugString("KernelEx: Couldn't locate API HOOK DLL or DLL failed to init.");
 			ah_reg = (apihook_register_t)-1;
 		}
 		else
 		{
 			ps->set(psidx, (void*) ah_reg);
 		}
 	}
 	if ((int)ah_reg == -1)
 	{
 		//failed once - so run normally as promised
 		return orig;
 	}
 	__try
 	{
 		return ah_reg(caller, target, api, orig);
 	}
 	__except (EXCEPTION_EXECUTE_HANDLER)
 	{
 		OutputDebugString("KernelEx: API HOOK DLL crashed. Destroying process");
 		return NULL;
 	}
 }
 #endif
--- a/core/apihook.h
+++ b/core/apihook.h
@ -0,0 +1,40 @@
 /*
 *  KernelEx
 *  Copyright (C) 2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #ifndef __APIHOOK_H
 #define __APIHOOK_H
 #ifdef _ENABLE_APIHOOK
 #include <windows.h>
 class apihook
 {
 protected:
 	static PROC prepare(BOOL is_static);
 	static VOID get_default_dll_path(LPSTR buf, DWORD len);
 public:
 	static PROC hook(BOOL is_static, LPCSTR caller, LPCSTR target, LPCSTR api, PROC orig);
 };
 #endif /* _ENABLE_APIHOOK */
 #endif
--- a/core/apilog.cpp
+++ b/core/apilog.cpp
@ -1,187 +0,0 @@
 /*
 *  KernelEx
 *  Copyright (C) 2009, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
 *  KernelEx is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published
 *  by the Free Software Foundation; version 2 of the License.
 *
 *  KernelEx is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */
 #include <new>
 #include <windows.h>
 #include "apilog.h"
 #include "debug.h"
 #include "internals.h"
 #include "DebugWindow.h"
 #include "ProcessStorage.h"
 #define APILOG_TLS_INDEX       78
 static int apilog_ps_index = -1;
 bool apilog_enabled = true;
 void* tls_creator()
 {
 	for (int i = 0 ; i < APILOG_TLS_INDEX+1 ; i++)
 		TlsAlloc();
 	for (int i = 0 ; i < APILOG_TLS_INDEX ; i++)
 		TlsFree(i);
 	return (void*) APILOG_TLS_INDEX;
 }
 void get_process_debug_tls()
 {
 	ProcessStorage* ps = ProcessStorage::get_instance();
 	if (apilog_ps_index == -1)
 		apilog_ps_index = ps->allocate();
 	if (APILOG_TLS_INDEX != (DWORD) ps->get(apilog_ps_index))
 	{
 		ps->set(apilog_ps_index, tls_creator());
 	}
 }
 extern "C"
 int snprintf(char *buffer, size_t n, const char* format, ...);
 ThreadAddrStack::ThreadAddrStack()
 {
 	pos = 0;
 }
 void __stdcall ThreadAddrStack::push_ret_addr(DWORD addr)
 {
 	ThreadAddrStack* tas = (ThreadAddrStack*) TlsGetValue(APILOG_TLS_INDEX);
 	if (!tas)
 	{
 		void* mem = HeapAlloc(_GetProcessHeap(), 0, sizeof(ThreadAddrStack));
 		tas = new (mem) ThreadAddrStack;
 		TlsSetValue(APILOG_TLS_INDEX, mem);
 	}
 	tas->stack[tas->pos++] = addr;
 	DBGASSERT(tas->pos < countof(tas->stack));
 }
 DWORD __stdcall ThreadAddrStack::pop_ret_addr()
 {
 	ThreadAddrStack* tas = (ThreadAddrStack*) TlsGetValue(APILOG_TLS_INDEX);
 	DBGASSERT(tas->pos > 0);
 	return tas->stack[--tas->pos];
 }
 DWORD __stdcall ThreadAddrStack::get_level()
 {
 	ThreadAddrStack* tas = (ThreadAddrStack*) TlsGetValue(APILOG_TLS_INDEX);
 	return tas->pos;
 }
 log_stub::log_stub(const char* source, const char* target, const char* name, 
 		unsigned long proc)
 		: call_prelog(DWORD(pre_log)), call_postlog(DWORD(post_log)),
 		call_orig(proc)
 {
 	c_pushad1 = c_pushad2 = 0x60;
 	c_popad1 = c_popad2 = 0x61;
 	c_ret = 0xc3;
 	c_push1 = c_push2 = 0x68;
 	v_lgd1 = &lgd;
 	v_lgd2 = &lgd;
 	c_push_eax = 0x50;
 	c_add_esp = 0xc483;
 	c_sub_esp = 0xec83;
 	c_byte_4 = c_byte_4_1 = 4;
 	lgd.source = source;
 	lgd.target = target;
 	lgd.api_name = name;
 }
 void __stdcall log_stub::pre_log(log_data* lgd)
 {
 	DWORD last_err;
 	DWORD caller_addr;
 	caller_addr = *((DWORD*) &lgd + 9);
 	last_err = GetLastError();
 	ThreadAddrStack::push_ret_addr(caller_addr);
 	DebugWindow* dw = DebugWindow::get();
 	if (dw && apilog_enabled)
 	{
 		DWORD level;
 		char msg[DEBUGMSG_MAXLEN];
 		level = ThreadAddrStack::get_level();
 		snprintf(msg, sizeof(msg), "%-2d|%x|%*s[%s]%08x:<%s>%s", 
 				level,
 				GetCurrentThreadId(),
 				(level-1) * 2, "",
 				lgd->source, caller_addr,
 				lgd->target, lgd->api_name);
 		dw->append(msg);
 	}
 	SetLastError(last_err);
 }
 void __stdcall log_stub::post_log(log_data* lgd, DWORD retval)
 {
 	DWORD last_err;
 	DWORD& caller_addr = *((DWORD*) &retval + 9);
 	last_err = GetLastError();
 	caller_addr = ThreadAddrStack::pop_ret_addr();
 	DebugWindow* dw = DebugWindow::get();
 	if (dw && apilog_enabled)
 	{
 		DWORD level;
 		char msg[DEBUGMSG_MAXLEN];
 		level = ThreadAddrStack::get_level();
 		snprintf(msg, sizeof(msg), "%-2d|%x|%*s[%s]%08x:<%s>%s|%x", 
 				level,
 				GetCurrentThreadId(),
 				(level-1) * 2, "",
 				lgd->source, caller_addr,
 				lgd->target, lgd->api_name,
 				retval);
 		dw->append(msg);
 	}
 	SetLastError(last_err);
 }
 PROC create_log_stub(const char* caller, const char* target, const char* api, PROC orig)
 {
 	char* new_api = (char*) HeapAlloc(_GetProcessHeap(), 0, strlen(api) + 1);
 	strcpy(new_api, api);
 	get_process_debug_tls();
 	void* mem = HeapAlloc(_GetProcessHeap(), 0, sizeof(log_stub));
 	return (PROC) new (mem) log_stub(caller, 
 			target, new_api, (unsigned long) orig);
 }
 PROC create_log_stub(const char* caller, const char* target, WORD ord, PROC orig)
 {
 	char ord_name[16];
 	snprintf(ord_name, sizeof(ord_name), "Ordinal:%d", ord);
 	return create_log_stub(caller, target, ord_name, orig);
 }
--- a/core/core.dsp
+++ b/core/core.dsp
@ -19,6 +19,7 @@ CFG=Core - Win32 Debug
 !MESSAGE 
 !MESSAGE "Core - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
 !MESSAGE "Core - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
 !MESSAGE "Core - Win32 Release APIHOOK" (based on "Win32 (x86) Dynamic-Link Library")
 !MESSAGE 
 # Begin Project
@ -83,12 +84,42 @@ LINK32=link.exe
 # ADD LINK32 kernel32.lib user32.lib gdi32.lib advapi32.lib comctl32.lib ..\kexcrt\kexcrt.lib libc.lib /nologo /entry:"PreDllMain@12" /dll /incremental:no /map /debug /machine:I386 /nodefaultlib /out:"Debug/KernelEx.dll" /implib:"../common/KernelEx.lib" /ignore:4092 /OPT:NOWIN98
 # SUBTRACT LINK32 /pdb:none
 !ELSEIF  "$(CFG)" == "Core - Win32 Release APIHOOK"
 # PROP BASE Use_MFC 0
 # PROP BASE Use_Debug_Libraries 0
 # PROP BASE Output_Dir "Release_APIHOOK"
 # PROP BASE Intermediate_Dir "Release_APIHOOK"
 # PROP BASE Ignore_Export_Lib 0
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 0
 # PROP Output_Dir "Release_APIHOOK"
 # PROP Intermediate_Dir "Release_APIHOOK"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /O2 /I "." /I "../common" /FI"msvc_quirks.h" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "KEXCORE_EXPORTS" /YX /FD /GF /c
 # ADD CPP /nologo /W3 /O2 /I "." /I "../common" /FI"msvc_quirks.h" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "KEXCORE_EXPORTS" /D "_ENABLE_APIHOOK" /YX /FD /GF /c
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x415 /i "../common" /d "NDEBUG"
 # ADD RSC /l 0x415 /i "../common" /d "NDEBUG"
 BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib advapi32.lib comctl32.lib ..\kexcrt\kexcrt.lib libc.lib /nologo /entry:"PreDllMain@12" /dll /map /machine:I386 /nodefaultlib /out:"Release_APIHOOK/KernelEx.dll" /implib:"../common/KernelEx.lib" /ignore:4092 /OPT:NOWIN98
 # SUBTRACT BASE LINK32 /pdb:none
 # ADD LINK32 kernel32.lib user32.lib gdi32.lib advapi32.lib comctl32.lib ..\kexcrt\kexcrt.lib libc.lib /nologo /entry:"PreDllMain@12" /dll /map /machine:I386 /nodefaultlib /out:"Release_APIHOOK/KernelEx.dll" /implib:"../common/KernelEx.lib" /ignore:4092 /OPT:NOWIN98
 # SUBTRACT LINK32 /pdb:none
 !ENDIF 
 # Begin Target
 # Name "Core - Win32 Release"
 # Name "Core - Win32 Debug"
 # Name "Core - Win32 Release APIHOOK"
 # Begin Group "Source Files"
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
@ -102,20 +133,11 @@ SOURCE=.\apiconfmgr.cpp
 # End Source File
 # Begin Source File
-SOURCE=.\apilib.cpp
+SOURCE=.\apihook.cpp
 # End Source File
 # Begin Source File
-SOURCE=.\apilog.cpp
+SOURCE=.\apilib.cpp
 !IF  "$(CFG)" == "Core - Win32 Release"
 # PROP Exclude_From_Build 1
 !ELSEIF  "$(CFG)" == "Core - Win32 Debug"
 !ENDIF 
 # End Source File
 # Begin Source File
@ -129,11 +151,21 @@ WkspDir=.
 InputPath=.\core.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DK32ORD_IMPLIB /Fo$(OutDir)\k32ord.obj "$(WkspDir)\common\k32ord.h" 
+	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(WkspDir)\common\k32ord.def" /OUT:$(OutDir)\k32ord.dll /IMPLIB:$(OutDir)\k32ord.lib $(OutDir)\k32ord.obj 
+	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.exp 
+	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
@ -145,11 +177,47 @@ WkspDir=.
 InputPath=.\core.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DK32ORD_IMPLIB /Fo$(OutDir)\k32ord.obj "$(WkspDir)\common\k32ord.h" 
+	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(WkspDir)\common\k32ord.def" /OUT:$(OutDir)\k32ord.dll /IMPLIB:$(OutDir)\k32ord.lib $(OutDir)\k32ord.obj 
+	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.exp 
+	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\k32ord.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
 !ELSEIF  "$(CFG)" == "Core - Win32 Release APIHOOK"
 # Begin Custom Build
 OutDir=.\Release_APIHOOK
 WkspDir=.
 InputPath=.\core.def
 "$(OutDir)\k32ord.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
 	echo /nologo /c /TC /DK32ORD_IMPLIB >"%TEMP%\resp1455.tmp" 
 	echo /Fo"$(OutDir)\k32ord.obj" >>"%TEMP%\resp1455.tmp" 
 	echo "$(WkspDir)\common\k32ord.h" >>"%TEMP%\resp1455.tmp" 
 	cl @"%TEMP%\resp1455.tmp" 
 	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(WkspDir)\common\k32ord.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\k32ord.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\k32ord.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\k32ord.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\k32ord.exp" >NUL 
 	del "$(OutDir)\k32ord.obj" >NUL 
 	del "$(OutDir)\k32ord.dll" >NUL 
 # End Custom Build
@ -166,6 +234,11 @@ SOURCE=.\debug.cpp
 !ELSEIF  "$(CFG)" == "Core - Win32 Debug"
 !ELSEIF  "$(CFG)" == "Core - Win32 Release APIHOOK"
 # PROP BASE Exclude_From_Build 1
 # PROP Exclude_From_Build 1
 !ENDIF 
 # End Source File
@ -179,19 +252,11 @@ SOURCE=.\debugproto.cpp
 !ELSEIF  "$(CFG)" == "Core - Win32 Debug"
-!ENDIF 
+!ELSEIF  "$(CFG)" == "Core - Win32 Release APIHOOK"
 # End Source File
 # Begin Source File
 SOURCE=.\DebugWindow.cpp
 !IF  "$(CFG)" == "Core - Win32 Release"
 # PROP BASE Exclude_From_Build 1
 # PROP Exclude_From_Build 1
 !ELSEIF  "$(CFG)" == "Core - Win32 Debug"
 !ENDIF 
 # End Source File
@ -253,11 +318,11 @@ SOURCE=.\apiconfmgr.h
 # End Source File
 # Begin Source File
-SOURCE=.\apilib.h
+SOURCE=.\apihook.h
 # End Source File
 # Begin Source File
-SOURCE=.\apilog.h
+SOURCE=.\apilib.h
 # End Source File
 # Begin Source File
@ -269,10 +334,6 @@ SOURCE=.\debugproto.h
 # End Source File
 # Begin Source File
 SOURCE=.\DebugWindow.h
 # End Source File
 # Begin Source File
 SOURCE=.\internals.h
 # End Source File
 # Begin Source File
@ -282,7 +343,22 @@ SOURCE=..\common\is_sorted.hpp
 # Begin Source File
 SOURCE=..\common\k32ord.def
 !IF  "$(CFG)" == "Core - Win32 Release"
 # PROP Exclude_From_Build 1
 !ELSEIF  "$(CFG)" == "Core - Win32 Debug"
 # PROP Exclude_From_Build 1
 !ELSEIF  "$(CFG)" == "Core - Win32 Release APIHOOK"
 # PROP BASE Exclude_From_Build 1
 # PROP Exclude_From_Build 1
 !ENDIF 
 # End Source File
 # Begin Source File
--- a/core/kexcoresdk.cpp
+++ b/core/kexcoresdk.cpp
@ -35,13 +35,16 @@ unsigned long kexGetKEXVersion()
 	return VERSION_CODE;
 }
-int kexIsDebugCore()
+DWORD kexGetCoreCaps()
 {
 	DWORD caps = 0;
 #ifdef _DEBUG
-	return 1;
+	caps |= KCC_DEBUG;
 #else
 	return 0;
 #endif
 #ifdef _ENABLE_APIHOOK
 	caps |= KCC_APIHOOK;
 #endif
 	return caps;
 }
 void kexDebugPrint(const char* format, ...)
@ -91,7 +94,7 @@ void kexGetModuleSettings(const char* module,
 	DWORD flags = 0;
 	if (as.flags & LDR_KEX_DISABLE) flags |= KRF_KEX_DISABLE;
 	if (as.flags & LDR_OVERRIDE_PROC_MOD) flags |= KRF_OVERRIDE_PROC_MOD;
-	if (as.flags & LDR_LOG_APIS) flags |= KRF_LOG_APIS;
+	if (as.flags & LDR_HOOK_APIS) flags |= KRF_HOOK_APIS;
 	if (as.flags & LDR_NO_INHERIT) flags |= KRF_NO_INHERIT;
 	if (as.flags & LDR_VALID_FLAG) flags |= KRF_VALID_FLAG;
 	*mod_flags = flags;
@ -103,7 +106,7 @@ void kexSetModuleSettings(const char* module,
 	BYTE flags = 0;
 	if (mod_flags & KRF_KEX_DISABLE) flags |= LDR_KEX_DISABLE;
 	if (mod_flags & KRF_OVERRIDE_PROC_MOD) flags |= LDR_OVERRIDE_PROC_MOD;
-	if (mod_flags & KRF_LOG_APIS) flags |= LDR_LOG_APIS;
+	if (mod_flags & KRF_HOOK_APIS) flags |= LDR_HOOK_APIS;
 	if (mod_flags & KRF_NO_INHERIT) flags |= LDR_NO_INHERIT;
 	SettingsDB::instance.write_single(module, conf_name, flags);
 }
--- a/core/main.cpp
+++ b/core/main.cpp
@ -25,7 +25,6 @@
 #include "debug.h"
 #include "apiconfmgr.h"
 #include "internals.h"
 #include "DebugWindow.h"
 extern int internals_init();
 extern void internals_uninit();
@ -61,10 +60,6 @@ int kexInit()
 	resolver_hook();
 #ifdef _DEBUG
 	DebugWindow::create();
 #endif
 	DBGPRINTF(("Initialized successfully\n"));
 	return ++init_count;
@ -91,9 +86,6 @@ int kexUninit()
 	DBGPRINTF(("Uninitializing\n"));
 	resolver_unhook();
 	resolver_uninit();
 #ifdef _DEBUG
 	DebugWindow::destroy();
 #endif
 	internals_uninit();
 	return --init_count;
 }
--- a/core/resolver.cpp
+++ b/core/resolver.cpp
@ -1,6 +1,6 @@
 /*
 *  KernelEx
- *  Copyright (C) 2008-2009, Xeno86
+ *  Copyright (C) 2008-2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
@ -30,9 +30,7 @@
 #include "thunks.h"
 #include "SettingsDB.h"
 #include "ModInit.h"
-#ifdef _DEBUG
+#include "apihook.h"
 #include "apilog.h"
 #endif
 using namespace std;
@ -90,8 +88,9 @@ static bool get_config(MODREF* moduleMR, config_params& cp)
 				if ((parent.as.flags & LDR_VALID_FLAG) && !(parent.as.flags & LDR_NO_INHERIT))
 				{
 					process.as = parent.as;
-#ifdef _DEBUG       //don't inherit log flag
+#ifdef _ENABLE_APIHOOK
-					process.as.flags &= ~LDR_LOG_APIS;	
+					//don't inherit hook flag
 					process.as.flags &= ~LDR_HOOK_APIS;	
 #endif
 				}
 			}
@ -133,9 +132,10 @@ static bool get_config(MODREF* moduleMR, config_params& cp)
 	if (module.as.flags & LDR_VALID_FLAG)
 	{
-#ifdef _DEBUG //copy log flag from process to module
+#ifdef _ENABLE_APIHOOK
-		if (process.as.flags & LDR_LOG_APIS)
+		//copy hook flag from process to module
-			module.as.flags |= LDR_LOG_APIS;
+		if (process.as.flags & LDR_HOOK_APIS)
 			module.as.flags |= LDR_HOOK_APIS;
 #endif
 		goto __end;
 	}
@ -150,8 +150,8 @@ __end:
 	DBGASSERT(module.as.conf != NULL);
 	cp.apiconf = module.as.conf;
-#ifdef _DEBUG
+#ifdef _ENABLE_APIHOOK
-	cp.log_apis = (module.as.flags & LDR_LOG_APIS) != 0;
+	cp.hook_apis = (module.as.flags & LDR_HOOK_APIS) != 0;
 #endif
 	return true;
 }
@ -513,13 +513,16 @@ PROC WINAPI ExportFromOrdinal(IMTE_KEX* target, MODREF* caller, BOOL is_static,
 					target->pNTHdr, caller, is_static);
 		else 
 			ret = OriExportFromOrdinal(target->pNTHdr, ordinal);
-#ifdef _DEBUG
+#ifdef _ENABLE_APIHOOK
-		if (ret && cp.log_apis)
+		if (cp.hook_apis)
 		{
 			IMTE* icaller = (*ppmteModTable)[caller->mteIndex];
 			if (DWORD(ret) < target->pNTHdr->OptionalHeader.ImageBase 
 					+ target->pNTHdr->OptionalHeader.BaseOfData)
-				ret = create_log_stub(icaller->pszModName, target->pszModName, ordinal, ret);
+			{
 				ret = apihook::hook(is_static, icaller->pszFileName,
 						target->pszFileName, (LPSTR) ordinal, ret);
 			}
 		}
 #endif
 	}
@ -568,13 +571,16 @@ PROC WINAPI ExportFromName(IMTE_KEX* target, MODREF* caller, BOOL is_static, WOR
 					target->pNTHdr, caller, is_static);
 		else 
 			ret = OriExportFromName(target->pNTHdr, hint, name);
-#ifdef _DEBUG
+#ifdef _ENABLE_APIHOOK
-		if (ret && cp.log_apis)
+		if (cp.hook_apis)
 		{
 			IMTE* icaller = (*ppmteModTable)[caller->mteIndex];
 			if (DWORD(ret) < target->pNTHdr->OptionalHeader.ImageBase 
 					+ target->pNTHdr->OptionalHeader.BaseOfData)
-				ret = create_log_stub(icaller->pszModName, target->pszModName, name, ret);
+			{
 				ret = apihook::hook(is_static, icaller->pszFileName,
 						target->pszFileName, name, ret);
 			}
 		}
 #endif
 	}
--- a/core/resolver.h
+++ b/core/resolver.h
@ -1,6 +1,6 @@
 /*
 *  KernelEx
- *  Copyright (C) 2008-2009, Xeno86
+ *  Copyright (C) 2008-2011, Xeno86
 *
 *  This file is part of KernelEx source code.
 *
@ -28,8 +28,7 @@
 /***** loader flags *****/
 #define LDR_KEX_DISABLE          1  /* disable KernelEx API extensions for this module */
 #define LDR_OVERRIDE_PROC_MOD    2  /* use same configuration and flags for all modules in a process */
-#define LDR_LOG_APIS             4  /* enable API tracing */
+#define LDR_HOOK_APIS            8  /* enable API tracing */
 #define LDR_FILTER_APIS          8  /* allow to control single APIs - enable, disable, switch */
 #define LDR_NO_INHERIT          16  /* don't inherit configuration and flags to child processes */
 #define LDR_VALID_FLAG         128  /* denotes that flags field is valid */
@ -67,7 +66,7 @@ public:
 	redir_stub(unsigned long target, bool make_call = true)
 	{
 		op = make_call ? 0xe8 : 0xe9;
-		addr = target - (unsigned long(this) + 5);
+		addr = target - ((unsigned long)(this) + 5);
 	}
 private:
@ -78,8 +77,8 @@ private:
 struct config_params
 {
 	ApiConfiguration* apiconf;
-#ifdef _DEBUG
+#ifdef _ENABLE_APIHOOK
-	bool log_apis;
+	bool hook_apis;
 #endif
 };
--- a/core/resource.h
+++ b/core/resource.h
@ -5,24 +5,14 @@
 #define IDS_NOTREADY                    1
 #define IDS_STUBMISMATCH                2
 #define IDS_OLDVER                      3
 #define IDD_DEBUG                       101
 #define IDR_LOGMENU                     102
 #define IDD_DEBUGFILTER                 103
 #define IDC_LOG                         1003
 #define IDC_DFINCLUDE                   1004
 #define IDC_DFEXCLUDE                   1005
 #define IDM_TOFILE                      40001
 #define IDM_CLEAR                       40002
 #define IDM_FILTER                      40003
 #define IDM_ENABLE                      40004
 // Next default values for new objects
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        104
+#define _APS_NEXT_RESOURCE_VALUE        101
-#define _APS_NEXT_COMMAND_VALUE         40005
+#define _APS_NEXT_COMMAND_VALUE         40001
-#define _APS_NEXT_CONTROL_VALUE         1006
+#define _APS_NEXT_CONTROL_VALUE         1001
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif
--- a/kexcrt/assert.c
+++ b/kexcrt/assert.c
@ -4,7 +4,6 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <assert.h>
 void _assert(const char *expr, const char *file, unsigned int line)
 {
--- a/kexcrt/kexcrt.dsp
+++ b/kexcrt/kexcrt.dsp
@ -198,6 +198,11 @@ SOURCE=.\memswap.c
 # End Source File
 # Begin Source File
 SOURCE=.\msvc\msvc8.c
 # PROP Exclude_From_Build 1
 # End Source File
 # Begin Source File
 SOURCE=.\printf.c
 # End Source File
 # Begin Source File
--- a/kexcrt/makefile.msv
+++ b/kexcrt/makefile.msv
@ -1,6 +1,6 @@
 OBJ = abort.obj assert.obj atoi.obj atol.obj atoll.obj ctypes.obj memccpy.obj memchr.obj memcmp.obj memcpy.obj memmem.obj memmove.obj memory.obj memory-cpp.obj memrchr.obj memset.obj memswap.obj printf.obj snprintf.obj sprintf.obj sscanf.obj strcat.obj strchr.obj strcmp.obj strcmpi.obj strcpy.obj strdup.obj strlen.obj strncat.obj strncmp.obj strncpy.obj strnicmp.obj strnlen.obj strntoimax.obj strntoumax.obj strpbrk.obj strrchr.obj strsep.obj strstr.obj strtok.obj strtok_r.obj strtol.obj strtoll.obj strtoul.obj strtoull.obj strtoumax.obj strupr.obj strxspn.obj vsnprintf.obj vsprintf.obj vsscanf.obj _vsnprintf.obj write.obj exit.obj \
 ctype/isalnum.obj ctype/isalpha.obj ctype/isascii.obj ctype/isblank.obj ctype/iscntrl.obj ctype/isdigit.obj ctype/isgraph.obj ctype/islower.obj ctype/isprint.obj ctype/ispunct.obj ctype/isspace.obj ctype/isupper.obj ctype/isxdigit.obj ctype/tolower.obj ctype/toupper.obj \
-msvc/init.obj msvc/dllcrt0.obj msvc/argcargv.obj msvc/concrt0.obj msvc/wincrt0.obj msvc/purecall.obj
+msvc/init.obj msvc/dllcrt0.obj msvc/argcargv.obj msvc/concrt0.obj msvc/wincrt0.obj msvc/purecall.obj msvc/msvc8.obj
 CFLAGS = /O2 /Oi- /I. /nologo /D_CTYPE_DISABLE_MACROS
--- a/kexcrt/msvc/msvc8.c
+++ b/kexcrt/msvc/msvc8.c
@ -0,0 +1,34 @@
 #include <windows.h>
 #ifndef STATUS_INVALID_CRUNTIME_PARAMETER
 #define STATUS_INVALID_CRUNTIME_PARAMETER       0xC0000417
 #endif
 __declspec(noreturn) void _invoke_watson(
    const wchar_t *pszExpression,
    const wchar_t *pszFunction,
    const wchar_t *pszFile,
    unsigned int nLine,
    void* pReserved
    )
 {
 	MessageBox(NULL, "Invalid argument passed into a CRT function", "CRT error", MB_OK | MB_ICONERROR);
 	RaiseException( STATUS_INVALID_CRUNTIME_PARAMETER, EXCEPTION_NONCONTINUABLE, 0, NULL );
 }
 void _invalid_parameter(
    const wchar_t *pszExpression,
    const wchar_t *pszFunction,
    const wchar_t *pszFile,
    unsigned int nLine,
    void* pReserved
    )
 {
 	_invoke_watson(pszExpression, pszFunction, pszFile, nLine, pReserved);
 }
 void _invalid_parameter_noinfo(void)
 {
    _invalid_parameter(NULL, NULL, NULL, 0, 0);
 }
--- a/kexcrt/vsnprintf.c
+++ b/kexcrt/vsnprintf.c
@ -186,6 +186,7 @@ int vsnprintf(char *buffer, size_t n, const char *format, va_list ap)
 		st_modifiers	/* Length or conversion modifiers */
 	} state = st_normal;
 	const char *sarg;	/* %s string argument */
 	const wchar_t *warg; /* %S unicode string argument */
 	char carg;		/* %c char argument */
 	int slen;		/* String length */
@ -401,6 +402,13 @@ int vsnprintf(char *buffer, size_t n, const char *format, va_list ap)
 					sarg = sarg ? sarg : "(null)";
 					slen = strlen(sarg);
 					goto is_string;
 				case 'S':	/* Unicode String */
 					warg = va_arg(ap, const wchar_t *);
 					warg = warg ? warg : L"(null)";
 					rank = rank_long;
 					sarg = (const char *) warg;
 					for (slen = 0; warg[slen]; slen++) (void)0;
 					goto is_string;
 				is_string:
 					{
@ -422,6 +430,7 @@ int vsnprintf(char *buffer, size_t n, const char *format, va_list ap)
 						}
 						for (i = slen; i; i--) {
 							sch = *sarg++;
 							if (rank > rank_int) sarg++;
 							EMIT(sch);
 						}
 						if (width > slen
--- a/sheet/KexLinkage.cpp
+++ b/sheet/KexLinkage.cpp
@ -60,12 +60,12 @@ bool KexLinkage::Prepare()
 			"kexResetModuleSettings");
 	m_kexGetKEXVersion = (kexGetKEXVersion_t) GetProcAddress(hKernelEx,
 			"kexGetKEXVersion");
-	m_kexIsDebugCore = (kexIsDebugCore_t) GetProcAddress(hKernelEx,
+	m_kexGetCoreCaps = (kexGetCoreCaps_t) GetProcAddress(hKernelEx,
-			"kexIsDebugCore");
+			"kexGetCoreCaps");
 	if (!m_kexGetModuleSettings || !m_kexSetModuleSettings 
 			|| !m_kexResetModuleSettings
-			|| !m_kexGetKEXVersion || !m_kexIsDebugCore)
+			|| !m_kexGetKEXVersion || !m_kexGetCoreCaps)
 		return false;
 	//read config file location from registry
--- a/sheet/KexLinkage.h
+++ b/sheet/KexLinkage.h
@ -38,7 +38,7 @@ class KexLinkage
 			const char* conf_name, DWORD mod_flags);
 	typedef void (*kexResetModuleSettings_t)(const char* module);
 	typedef unsigned long (*kexGetKEXVersion_t)(void);
-	typedef int (*kexIsDebugCore_t)(void);
+	typedef DWORD (*kexGetCoreCaps_t)(void);
 public:
@ -60,7 +60,7 @@ public:
 	kexSetModuleSettings_t m_kexSetModuleSettings;
 	kexResetModuleSettings_t m_kexResetModuleSettings;
 	kexGetKEXVersion_t m_kexGetKEXVersion;
-	kexIsDebugCore_t m_kexIsDebugCore;
+	kexGetCoreCaps_t m_kexGetCoreCaps;
 protected:
 	KexLinkage();
--- a/sheet/resource.h
+++ b/sheet/resource.h
@ -8,7 +8,7 @@
 #define TIP_SYSTEM                      4
 #define TIP_NOINHERIT                   5
 #define TIP_OVERRIDE                    6
-#define TIP_LOG                         7
+#define TIP_HOOK                        7
 #define IDS_ENABLED                     8
 #define IDS_DISABLED                    9
 #define IDD_PROPPAGE                    102
@ -20,7 +20,7 @@
 #define IDC_KEXVER                      1005
 #define IDC_GCOMPAT                     1006
 #define IDC_TCOMPAT                     1007
-#define IDC_LOG                         1008
+#define IDC_HOOK                        1008
 #define IDC_NOINHERIT                   1009
 #define IDC_GADVAN                      1010
 #define IDC_CHECK1                      1011
--- a/sheet/sheet.cpp
+++ b/sheet/sheet.cpp
@ -36,12 +36,12 @@ struct CTips
 	char* _TIP_SYSTEM;
 	char* _TIP_NOINHERIT;
 	char* _TIP_OVERRIDE;
-	char* _TIP_LOG;
+	char* _TIP_HOOK;
 	CTips()
 	{
 		_TIP_DEFAULT = _TIP_DISABLE = _TIP_COMPAT = _TIP_SYSTEM
-				= _TIP_NOINHERIT = _TIP_OVERRIDE = _TIP_LOG = NULL;
+				= _TIP_NOINHERIT = _TIP_OVERRIDE = _TIP_HOOK = NULL;
 		loaded = false;
 	}
@ -55,7 +55,7 @@ struct CTips
 			free(_TIP_SYSTEM);
 			free(_TIP_NOINHERIT);
 			free(_TIP_OVERRIDE);
-			free(_TIP_LOG);
+			free(_TIP_HOOK);
 		}
 	}
@ -70,7 +70,7 @@ struct CTips
 		_TIP_SYSTEM = load_string(TIP_SYSTEM);
 		_TIP_NOINHERIT = load_string(TIP_NOINHERIT);
 		_TIP_OVERRIDE = load_string(TIP_OVERRIDE);
-		_TIP_LOG = load_string(TIP_LOG);
+		_TIP_HOOK = load_string(TIP_HOOK);
 	}
 private:
@ -372,7 +372,7 @@ BOOL CALLBACK KexShlExt::DlgProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lPa
 			case IDC_DEFAULT:
 				if (!IsDlgButtonChecked(hwnd, IDC_DEFAULT)) break;
 				EnableWindow(GetDlgItem(hwnd, IDC_SYSTEM), FALSE);
-				EnableWindow(GetDlgItem(hwnd, IDC_LOG), FALSE);
+				EnableWindow(GetDlgItem(hwnd, IDC_HOOK), FALSE);
 				EnableWindow(GetDlgItem(hwnd, IDC_NOINHERIT), FALSE);
 				EnableWindow(GetDlgItem(hwnd, IDC_OVERRIDE), FALSE);
 				PropSheet_Changed(GetParent(hwnd), hwnd);
@ -380,7 +380,7 @@ BOOL CALLBACK KexShlExt::DlgProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lPa
 			case IDC_DISABLE:
 				if (!IsDlgButtonChecked(hwnd, IDC_DISABLE)) break;
 				EnableWindow(GetDlgItem(hwnd, IDC_SYSTEM), FALSE);
-				EnableWindow(GetDlgItem(hwnd, IDC_LOG), FALSE);
+				EnableWindow(GetDlgItem(hwnd, IDC_HOOK), FALSE);
 				EnableWindow(GetDlgItem(hwnd, IDC_NOINHERIT), TRUE);
 				EnableWindow(GetDlgItem(hwnd, IDC_OVERRIDE), TRUE);
 				PropSheet_Changed(GetParent(hwnd), hwnd);
@ -388,14 +388,15 @@ BOOL CALLBACK KexShlExt::DlgProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lPa
 			case IDC_COMPAT:
 				if (!IsDlgButtonChecked(hwnd, IDC_COMPAT)) break;
 				EnableWindow(GetDlgItem(hwnd, IDC_SYSTEM), TRUE);
-				EnableWindow(GetDlgItem(hwnd, IDC_LOG), TRUE);
+				EnableWindow(GetDlgItem(hwnd, IDC_HOOK), TRUE);
 				EnableWindow(GetDlgItem(hwnd, IDC_NOINHERIT), TRUE);
 				EnableWindow(GetDlgItem(hwnd, IDC_OVERRIDE), TRUE);
 				PropSheet_Changed(GetParent(hwnd), hwnd);
 				break;
 			case IDC_SYSTEM:
-			case IDC_LOG:
+			case IDC_HOOK:
 			case IDC_NOINHERIT:
 			case IDC_OVERRIDE:
 				PropSheet_Changed(GetParent(hwnd), hwnd);
 				break;
 			}
@ -438,7 +439,7 @@ void KexShlExt::OnInitDialog(HWND hwnd, ModuleSetting* ms)
 	{
 		CheckDlgButton(hwnd, IDC_DEFAULT, BST_CHECKED);
 		EnableWindow(GetDlgItem(hwnd, IDC_SYSTEM), FALSE);
-		EnableWindow(GetDlgItem(hwnd, IDC_LOG), FALSE);
+		EnableWindow(GetDlgItem(hwnd, IDC_HOOK), FALSE);
 		EnableWindow(GetDlgItem(hwnd, IDC_NOINHERIT), FALSE);
 		EnableWindow(GetDlgItem(hwnd, IDC_OVERRIDE), FALSE);
 	}
@ -446,10 +447,10 @@ void KexShlExt::OnInitDialog(HWND hwnd, ModuleSetting* ms)
 	{
 		CheckDlgButton(hwnd, IDC_DISABLE, BST_CHECKED);
 		EnableWindow(GetDlgItem(hwnd, IDC_SYSTEM), FALSE);
-		EnableWindow(GetDlgItem(hwnd, IDC_LOG), FALSE);
+		EnableWindow(GetDlgItem(hwnd, IDC_HOOK), FALSE);
 	}
-	if (ms->flags & KRF_LOG_APIS)
+	if (ms->flags & KRF_HOOK_APIS)
-		CheckDlgButton(hwnd, IDC_LOG, BST_CHECKED);
+		CheckDlgButton(hwnd, IDC_HOOK, BST_CHECKED);
 	if (ms->flags & KRF_NO_INHERIT)
 		CheckDlgButton(hwnd, IDC_NOINHERIT, BST_CHECKED);
 	if (ms->flags & KRF_OVERRIDE_PROC_MOD)
@ -470,25 +471,27 @@ void KexShlExt::OnInitDialog(HWND hwnd, ModuleSetting* ms)
 				(WPARAM) 0, (LPARAM) bufo);
 	}
-
+	DWORD caps = KexLinkage::instance.m_kexGetCoreCaps();
 	int debug = KexLinkage::instance.m_kexIsDebugCore();
 	{
 		//set KernelEx version
 		unsigned long ver = KexLinkage::instance.m_kexGetKEXVersion();
 		char ver_s[32];
-		snprintf(ver_s, sizeof(ver_s), "KernelEx Core v%d.%d.%d %s", 
+		snprintf(ver_s, sizeof(ver_s), "KernelEx Core v%d.%d.%d %s", ver>>24,
-				ver>>24, (ver>>16) & 0xff, ver & 0xffff, debug ? "DEBUG" : "");
+				(ver>>16) & 0xff, ver & 0xffff, caps & KCC_DEBUG ? "DEBUG" : "");
 		SendMessage(GetDlgItem(hwnd, IDC_KEXVER), WM_SETTEXT, 0, (LPARAM) ver_s);
 	}
-	ShowWindow(GetDlgItem(hwnd, IDC_OVERRIDE), debug ? SW_SHOW : SW_HIDE);
+	ShowWindow(GetDlgItem(hwnd, IDC_HOOK), caps & KCC_APIHOOK ? SW_SHOW : SW_HIDE);
-	ShowWindow(GetDlgItem(hwnd, IDC_LOG), debug ? SW_SHOW : SW_HIDE);
+	ShowWindow(GetDlgItem(hwnd, IDC_OVERRIDE), caps & KCC_DEBUG ? SW_SHOW : SW_HIDE);
-	if (!debug)
+
 	if (!(caps & KCC_DEBUG))
 	{
 		RECT r;
 		HWND h = GetDlgItem(hwnd, IDC_GADVAN);
 		GetWindowRect(h, &r);
-		r.bottom -= 40; //height between IDC_LOG and element above
+		r.bottom -= 20; //space between IDC_HOOK and element above
 		if (!(caps & KCC_APIHOOK))
 			r.bottom -= 20;
 		SetWindowPos(h, NULL, 0, 0, r.right - r.left, r.bottom - r.top, SWP_NOMOVE);
 	}
@ -500,8 +503,8 @@ void KexShlExt::OnInitDialog(HWND hwnd, ModuleSetting* ms)
 	CreateTooltip(hwndTip, hwnd, IDC_COMPAT, tips._TIP_COMPAT);
 	CreateTooltip(hwndTip, hwnd, IDC_SYSTEM, tips._TIP_SYSTEM);
 	CreateTooltip(hwndTip, hwnd, IDC_NOINHERIT, tips._TIP_NOINHERIT);
 	CreateTooltip(hwndTip, hwnd, IDC_HOOK, tips._TIP_HOOK);
 	CreateTooltip(hwndTip, hwnd, IDC_OVERRIDE, tips._TIP_OVERRIDE);
 	CreateTooltip(hwndTip, hwnd, IDC_LOG, tips._TIP_LOG);
 }
@ -517,8 +520,8 @@ void KexShlExt::OnApply(HWND hwnd)
 	if (IsDlgButtonChecked(hwnd, IDC_COMPAT))
 		conf = KexLinkage::instance.confs[SendMessage(
 				GetDlgItem(hwnd, IDC_SYSTEM), CB_GETCURSEL, 0, 0)].name;
-	if (IsDlgButtonChecked(hwnd, IDC_LOG))
+	if (IsDlgButtonChecked(hwnd, IDC_HOOK))
-		flags |= KRF_LOG_APIS;
+		flags |= KRF_HOOK_APIS;
 	if (IsDlgButtonChecked(hwnd, IDC_NOINHERIT))
 		flags |= KRF_NO_INHERIT;
 	if (IsDlgButtonChecked(hwnd, IDC_OVERRIDE))
--- a/sheet/sheet.rc
+++ b/sheet/sheet.rc
@ -54,8 +54,8 @@ END
 //
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,0,0,6
+ FILEVERSION 1,0,0,7
- PRODUCTVERSION 1,0,0,6
+ PRODUCTVERSION 1,0,0,7
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -72,15 +72,15 @@ BEGIN
        BEGIN
            VALUE "Comments", "\0"
            VALUE "CompanyName", "Xeno86\0"
-            VALUE "FileDescription", "sheet\0"
+            VALUE "FileDescription", "KernelEx Properties Tab\0"
-            VALUE "FileVersion", "1, 0, 0, 6\0"
+            VALUE "FileVersion", "1, 0, 0, 7\0"
            VALUE "InternalName", "sheet\0"
-            VALUE "LegalCopyright", "Copyright <20> 2009-2010, Xeno86\0"
+            VALUE "LegalCopyright", "Copyright <20> 2009-2011, Xeno86\0"
            VALUE "LegalTrademarks", "\0"
            VALUE "OriginalFilename", "sheet.dll\0"
            VALUE "PrivateBuild", "\0"
            VALUE "ProductName", "KernelEx\0"
-            VALUE "ProductVersion", "1, 0, 0, 6\0"
+            VALUE "ProductVersion", "1, 0, 0, 7\0"
            VALUE "SpecialBuild", "\0"
        END
    END
@ -134,10 +134,10 @@ BEGIN
    CONTROL         "Don't use these settings in child processes",
                    IDC_NOINHERIT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,15,
                    127,208,10
    CONTROL         "Use API hook",IDC_HOOK,"Button",BS_AUTOCHECKBOX | NOT 
                    WS_VISIBLE | WS_TABSTOP,15,141,208,10
    CONTROL         "Override settings of invidual modules",IDC_OVERRIDE,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,15,141,208,10
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,15,155,208,10
    CONTROL         "Enable api logging",IDC_LOG,"Button",BS_AUTOCHECKBOX | 
                    NOT WS_VISIBLE | WS_TABSTOP,15,155,208,10
 END
@ -173,7 +173,7 @@ BEGIN
    TIP_SYSTEM              "Select desired compatibility mode from the list."
    TIP_NOINHERIT           "Disables inheritance of these settings. Normally programs started by this application use settings from this tab as their default settings. Use this option to disable such behaviour."
    TIP_OVERRIDE            "Disables usage of per module settings. Use this option to use same settings for all modules in the application."
-    TIP_LOG                 "Use this option to enable api spying debugging feature."
+    TIP_HOOK                "Use this option to enable api hooking debugging feature."
    IDS_ENABLED             "KernelEx is enabled"
    IDS_DISABLED            "KernelEx is disabled"
 END
--- a/util/sdbcreate/sdbcreate.dsp
+++ b/util/sdbcreate/sdbcreate.dsp
@ -118,11 +118,21 @@ ProjDir=.
 InputPath=.\sdbapi.h
 "$(OutDir)\sdbapi.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DSDBAPI_IMPLIB /Fo$(OutDir)\sdbapi.obj "$(ProjDir)\sdbapi.h" 
+	echo /nologo /c /TC /DSDBAPI_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(ProjDir)\sdbapi.def" /OUT:$(OutDir)\sdbapi.dll /IMPLIB:$(OutDir)\sdbapi.lib $(OutDir)\sdbapi.obj 
+	echo /Fo"$(OutDir)\sdbapi.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\sdbapi.exp 
+	echo "$(ProjDir)\sdbapi.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\sdbapi.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\sdbapi.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(ProjDir)\sdbapi.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\sdbapi.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\sdbapi.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\sdbapi.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\sdbapi.exp" >NUL 
 	del "$(OutDir)\sdbapi.obj" >NUL 
 	del "$(OutDir)\sdbapi.dll" >NUL 
 # End Custom Build
@ -135,11 +145,21 @@ ProjDir=.
 InputPath=.\sdbapi.h
 "$(OutDir)\sdbapi.lib" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
-	cl /nologo /c /TC /DSDBAPI_IMPLIB /Fo$(OutDir)\sdbapi.obj "$(ProjDir)\sdbapi.h" 
+	echo /nologo /c /TC /DSDBAPI_IMPLIB >"%TEMP%\resp1455.tmp" 
-	link /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 /DEF:"$(ProjDir)\sdbapi.def" /OUT:$(OutDir)\sdbapi.dll /IMPLIB:$(OutDir)\sdbapi.lib $(OutDir)\sdbapi.obj 
+	echo /Fo"$(OutDir)\sdbapi.obj" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\sdbapi.exp 
+	echo "$(ProjDir)\sdbapi.h" >>"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\sdbapi.obj 
+	cl @"%TEMP%\resp1455.tmp" 
-	del $(OutDir)\sdbapi.dll 
+	del "%TEMP%\resp1455.tmp" >NUL 
 	echo /DLL /NOENTRY /NOLOGO /IGNORE:4070 /MACHINE:IX86 >"%TEMP%\resp1456.tmp" 
 	echo /DEF:"$(ProjDir)\sdbapi.def" >>"%TEMP%\resp1456.tmp" 
 	echo /OUT:"$(OutDir)\sdbapi.dll" >>"%TEMP%\resp1456.tmp" 
 	echo /IMPLIB:"$(OutDir)\sdbapi.lib" >>"%TEMP%\resp1456.tmp" 
 	echo "$(OutDir)\sdbapi.obj" >>"%TEMP%\resp1456.tmp" 
 	link @"%TEMP%\resp1456.tmp" 
 	del "%TEMP%\resp1456.tmp" >NUL 
 	del "$(OutDir)\sdbapi.exp" >NUL 
 	del "$(OutDir)\sdbapi.obj" >NUL 
 	del "$(OutDir)\sdbapi.dll" >NUL 
 # End Custom Build
--- a/util/sdbcreate/sdbdb/gearth.mst
+++ b/util/sdbcreate/sdbdb/gearth.mst
--- a/util/sdbcreate/sdbdb/kexsdb.ini
+++ b/util/sdbcreate/sdbdb/kexsdb.ini
@ -23,16 +23,31 @@ AppName=Google Earth 5.1
 ProductCode={B59EF430-4849-11DF-B1EC-005056806466}
 Transform=gearth.mst
 [gearth51-1]
 AppName=Google Earth 5.1.7894.7252
 ProductCode={C084BC61-E537-11DE-8616-005056806466}
 Transform=gearth.mst
 [gearth52]
 AppName=Google Earth 5.2
 ProductCode={2EAF7E61-068E-11DF-953C-005056806466}
 Transform=gearth.mst
-[gearth6]
+[gearth52-1]
 AppName=Google Earth 5.2.1.1588
 ProductCode={4286E640-B5FB-11DF-AC4B-005056C00008}
 Transform=gearth.mst
 [gearth6b]
 AppName=Google Earth 6 beta
 ProductCode={6DB7AD00-F781-11DF-9EEF-001279CD8240}
 Transform=gearth.mst
 [gearth6]
 AppName=Google Earth 6.0.2.2074
 ProductCode={BE06114F-559D-11E0-B5A1-001D0926B1BF}
 Transform=gearth.mst
 [acroread7]
 AppName=Acrobat Reader 7
 ProductCode={AC76BA86-7AD7-1033-7B44-A70900000002}