ntvdmx64
ntvdmx64 copied to clipboard
leecher1337
Windows 11, trying to open app, opens and closes rigtht away
autobuild-ccpu-fre and debug versions win 11 build 22000 Windows 10 works fine, on windows 11 every time I try to open a Dos app, opens and closes right away. Anything I can try to fix this issue? Tried uninstalling/reinstalling, real time protections off Thanks
Was able to make the program open by changing the font to Raster which is too small for me to use. By changing the font to LUCIDA CONSOLE (preferred) the window opens and closes right away, same result with Consolas font. Is there any way to use the LUCIDA font for the DOS text app? Stuck with the program only working with Raster Fonts.
Never had this issue in win10.
This sounds like a severe bug in Windows 11 console that got addressed by the loader in https://github.com/leecher1337/ntvdmx64/commit/929c8533231ce968732a14423c2d48e1bdb4bfe3
I'm pretty annoyed that I always have to fix Microsoft's bugs in my loader. grr I guess, you are using the latest Win11 loader? I tested my Windows bugfix with Build 22000.318 and it works there. Maybe these morons messed up something again in later updates?
Upgraded my win10 box today to 11 and now on OS 22000.434build . Does that mean the loader needs to be fixed, or is there another way around this issue.
Hm, if you upgraded Windows, did you reinstall NTVDMx64 so that Win 11 loader gets installed and not Win10 loader? I guess so, because Win 10 loader wouldn't work with Win 11 anyway, but you can verify (compare loader DLLs in system32 and syswow64 directory):
These are the correct loader DLLs for Win 11 that contain the bugfix and work on 22000.318 (haven't tested 22000.434 yet): https://github.com/leecher1337/ntvdmx64/tree/master/ntvdmpatch/release/ldntvdm/system32/11.0 https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/release/ldntvdm/syswow64/11.0
Tried on 22000.434 with patched files, same issue. System prompted for an update, now on 22000.469, tried again, with patched files above, same issue. Any other workarounds?
Updated to 22000.469 now. Found a little loader bug while updating, but not related to your issue. Still no font problems with 22000.469. You can try to remove contents of HKEY_LOCAL_MACHINE\SOFTWARE\ldntvdm key (DON'T delete the key itself, otherwise it will get recreated, most likely with wrong permissions!). That would clean out the symbol cache in case conhostV1 symbols needed for bugfix are wrong. You can also check dbgView output if there are problems resolving ConHost symbols required for bugfix (conhostV1.dll/InitializeCustomCP needs to get resolved properly). If there are bugfix installation problems, these may get written to console, see https://github.com/leecher1337/ntvdmx64/blob/master/ntvdmpatch/src/ldntvdm/ldntvdm/oemcp.c for possible errors to watch for.
Thanks for looking into this. Removed everything in the ldntvdm key, still not able to use no other font but raster, cmd just opens and closes.
I'm not versed in finding bugs in pgms. Tried to capture dbgview output when the app opens and closes. Not sure if you can make anything of it or not or if captured properly.
00000001 0.00000000 [6468] NtCreateUserProcess(ThreadHandle=0, CommandLine="C:\Users\chet303.domain\Desktop\shortcuts\Shortcut.pif" ) failed with C000012F 00000002 0.00002330 [6468] LDNTVDM: BasepProcessInvalidImage(C000012F,'??\C:\Users\chet303.domain\Desktop\shortcuts\Shortcut.pif'); 00000003 0.00091200 [6468] VDMState=00000001 00000004 0.00091850 [6468] LDNTVDM: Launch DOS! 00000005 0.00200280 [6468] Injecting into WOW64 Process? 1 00000006 0.00212190 [6468] Hook_Inline(77daf5d0, e0000, code) 00000007 0.00213400 [6468] dwOrigSize detected: 10 00000008 0.00267840 [6468] About to alloc page @77cff000 00000009 0.00270930 [6468] Hook_Inline context=77cf0000 00000010 0.00273780 [6468] Hook_Inline(7ffbc28de1ac, f0000, code) 00000011 0.00274760 [6468] dwOrigSize detected: 10 00000012 0.00335830 [6468] About to alloc page @7ffbc27ff000 00000013 0.00338370 [6468] Hook_Inline context=7ffbc27f0000 00000014 0.00340300 [6468] APPCERT_IMAGE_OK_TO_RUN 00000015 0.00341000 [6468] APPCERT_CREATION_ALLOWED 00000016 0.04268080 [8232] LDNTVDM is running inside ntvdm.exe 00000017 0.04270930 [8232] Hook_IAT_x64(778A0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 6F763FF0) 00000018 0.04272330 [8232] Hooked 777E5CE0 -> 6F763FF0 00000019 0.04273640 [8232] LDNTVDM: BasepProcessInvalidImageReal = 777E5CE0 00000020 0.04274750 [8232] LDNTVDM: BaseIsDosApplication = 7780A490 00000021 0.04275990 [8232] Hook_IAT_x64_IAT(778A0000, ntdll.dll, NtCreateUserProcess, 6F763F20, 6F7706C0) 00000022 0.04279080 [8232] Hooked 77D75700 -> 6F763F20 00000023 0.04281300 [8232] Hook_IAT_x64_IAT(777B0000, ntdll.dll, CsrClientCallServer, 6F762690, 6F76B000) 00000024 0.04283130 [8232] Hooked 77DC24A0 -> 6F762690 00000025 0.04292440 [8232] Hook_IAT_x64_IAT(777B0000, ntdll.dll, CsrAllocateMessagePointer, 6F762800, 00000000) 00000026 0.04299320 [8232] Hooked 77DC2360 -> 6F762800 00000027 0.04304240 [8232] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 6F761160, 6F7706D4) 00000028 0.04307950 [8232] Hooked 778128B0 -> 6F761160 00000029 0.04311570 [8232] Hook_IAT_x64_IAT(777B0000, ntdll.dll, NtQueryInformationProcess, 6F761080, 00000000) 00000030 0.04317190 [8232] Hooked 77D74BA0 -> 6F761080 00000031 0.04320340 [8232] Hook_IAT_x64_IAT(778A0000, ntdll.dll, NtQueryInformationProcess, 6F761080, 00000000) 00000032 0.04325270 [8232] Hooked 77D74BA0 -> 6F761080 00000033 0.04330470 [8232] Hook_Inline(76e48ab0, 6f763590, PrivateExtractIconsWHook) 00000034 0.04333840 [8232] Hook_Inline did hotpatch -> context=76e48ab2 00000035 0.04336230 [8232] Hook_IAT_x64_IAT(76E10000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 6F763510, 6F7706D0) 00000036 0.04338740 [8232] Hooking failed (-1) 00000037 0.04339860 [8232] Hook_IAT_x64_IAT(76E10000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 6F763510, 6F7706D0) 00000038 0.04340710 [8232] Hooked 779C0130 -> 6F763510 00000039 0.07670030 [8232] Process has child with PID 16380 00000040 0.07677220 [8232] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe) 00000041 0.07679150 [8232] Injecting into WOW64 Process? 0 00000042 0.07692820 [8232] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 00000043 0.07729160 [16380] LDNTVDM is running inside conhost.exe 00000044 0.07732140 [16380] Hook_IAT_x64(BFF70000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, BE6745CC) 00000045 0.07733520 [16380] Hooked C18C70E0 -> BE6745CC 00000046 0.07734170 [16380] LDNTVDM: BasepProcessInvalidImageReal = C18C70E0 00000047 0.07734930 [16380] LDNTVDM: BaseIsDosApplication = C18EE9E0 00000048 0.07735670 [16380] Hook_IAT_x64_IAT(BFF70000, ntdll.dll, NtCreateUserProcess, BE6743CC, BE6828C0) 00000049 0.07738240 [16380] Hooked C28A50D0 -> BE6743CC 00000050 0.07738710 [16380] LDNTVDM is running inside ConHost.exe 00000051 0.07746470 [16380] ShouldUseConhostV2 hook installed @BF866850 00000052 0.07747510 [16380] Hook_IAT_x64_IAT(87590000, ntdll.dll, RtlAllocateHeap, BE671304, BE6828F8) 00000053 0.07749910 [8232] BaseGetNextVDMCommand: ConsoleHandle=00003FFC, iTask=00000007 00000054 0.07751640 [16380] Hooked C2828AC0 -> BE671304 00000055 0.07754320 [8232] BaseGetNextVDMCommand(268500999) = 00000000 00000056 0.07764930 [16380] Hook_Inline(7ffbc1b4f9c0, 7ffbbe672b94, PrivateExtractIconsWHook) 00000057 0.07769860 [16380] dwOrigSize detected: 7 00000058 0.07775360 [8232] NTVDM: 18432K Memory: 1024K XMS, 0K EMS, 16384K DPMI 00000059 0.07776940 [16380] Hook_Inline context=7ffbc1bc4e76 00000060 0.07778490 [16380] Hook_IAT_x64_IAT(C1B30000, api-ms-win-core-file-l1-2-1.dll, ReadFile, BE672AB0, BE6828E8) 00000061 0.07779330 [16380] Hooking failed (-1) 00000062 0.07780190 [16380] Hook_IAT_x64_IAT(C1B30000, api-ms-win-core-file-l1-1-0.dll, ReadFile, BE672AB0, BE6828E8) 00000063 0.07781180 [16380] Hooked BFFA4420 -> BE672AB0 00000064 0.07976330 [8232] BaseIsFirstVDM(65545) = C0000022 00000065 0.08006070 [8232] YODA debug event handler installed 00000066 0.08067470 [8232] Loading [C:\WINDOWS\system32\ntio.sys] 00000067 0.08068730 [8232] VDM ModLoad: C:\WINDOWS\system32\ntio.sys => segment 8e05, len=8430 00000068 0.08072060 [8232] VDM SegMove: C:\WINDOWS\system32\ntio.sys (1) 8e05 => 70, len = 8430 00000069 0.08361330 [8232] VDM SegMove: C:\WINDOWS\system32\ntdos.sys (2) 9386 => a7, len = 8f29 00000070 0.08928200 [8232] Loading [C:\WINDOWS\SYSTEM32\HIMEM.SYS] 00000071 0.08936900 [8232] VDM ModLoad: C:\WINDOWS\SYSTEM32\HIMEM.SYS => segment 0, len=12a0 00000072 0.08996150 [8232] VDM SegMove: C:\WINDOWS\system32\ntdos.sys (1) 9386 => fe2e, len = 793f 00000073 0.09228810 [8232] Loading [C:\WINDOWS\SYSTEM32\COMMAND.COM] 00000074 0.09230000 [8232] VDM ModLoad: C:\WINDOWS\SYSTEM32\COMMAND.COM => segment 410, len=c5bc 00000075 0.10043860 [8232] Loading [C:\WINDOWS\system32\MSCDEXNT.EXE] 00000076 0.10045840 [8232] VDM ModLoad: C:\WINDOWS\system32\MSCDEXNT.EXE => segment c898, len=200 00000077 0.10276500 [8232] Loading [C:\WINDOWS\system32\REDIR.EXE] 00000078 0.10278150 [8232] VDM ModLoad: C:\WINDOWS\system32\REDIR.EXE => segment c8af, len=1400 00000079 0.10509880 [8232] Loading [C:\WINDOWS\system32\DOSX.EXE] 00000080 0.10511630 [8232] VDM ModLoad: C:\WINDOWS\system32\DOSX.EXE => segment c9d4, len=de00 00000081 0.10638460 [8232] VDM SegLoad: C:\WINDOWS\system32\DOSX.EXE(0) Data => b7 00000082 0.10640660 [8232] VDM SegLoad: C:\WINDOWS\system32\DOSX.EXE(2) Code => cf 00000083 0.10642730 [8232] VDM SegLoad: C:\WINDOWS\system32\DOSX.EXE(3) Code => c7 00000084 0.10941020 [8232] BaseGetNextVDMCommand: ConsoleHandle=00003FFC, iTask=00000000 00000085 0.10946020 [8232] BaseGetNextVDMCommand(268500999) = 00000000 00000086 0.12741619 [16380] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 00000087 0.48980349 [12924] LDNTVDM is running inside WerFault.exe 00000088 0.48981911 [12924] Hook_IAT_x64(BFF70000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, BE6745CC) 00000089 0.48985159 [12924] Hooked C18C70E0 -> BE6745CC 00000090 0.48991421 [12924] LDNTVDM: BasepProcessInvalidImageReal = C18C70E0 00000091 0.48992190 [12924] LDNTVDM: BaseIsDosApplication = C18EE9E0 00000092 0.48997909 [12924] Hook_IAT_x64_IAT(BFF70000, ntdll.dll, NtCreateUserProcess, BE6743CC, BE6828C0) 00000093 0.48998570 [12924] Hooked C28A50D0 -> BE6743CC 00000094 0.51846367 [12924] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64) 00000095 78.78274536 [18400] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)
Log looks OK to me, please try attached version of ldntvdm.dll in System32 directory (rename ldntvdm.dll to ldntvdm.dll.bak and copy new ldntvdm.dll there, then reboot) and redo DbgView recording, it should output some more information about NLS table initialization. ldntvdm.zip
Trying with Windows 11 10.0.22000.434, I rebuilt reinstalled and rebooted. Now when I try to start it I get a box headed '16 bit MS-DOS Subsystem' with text: NTVDM has encountered a System Error. No process is on the other end of the pipe. Choose 'Close' to terminate the application
@dominicraf So same issue as described in this thread? So, changing font "cures" conhost crash? Have you tried ldntvdm attached in my previous post, which contains more logging regarding the Win11 NLS conhost bug. If so, please paste DbgView output.
I had not previously touched the fonts at all - I am using Consolas (but see below). Also I just did an advised upgrade so now I am on Windows 11 v10.0.22000.469.
I installed Dbgview and your ldntvdm.dll and I give below the output (I have tried to leave out a lot of stuff that looked irrelevant) - comments continue below.
00000001 0.00000000 [16400] LDNTVDM is running inside MoNotificationUx.exe
00000002 0.00003750 [16400] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000003 0.00007020 [16400] Hooked 0E0A70E0 -> 0B2B453C
00000004 0.00008710 [16400] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000005 0.00010320 [16400] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000006 0.00012200 [16400] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000007 0.00015460 [16400] Hooked 0F3850D0 -> 0B2B43FC
00000008 0.00017770 [16400] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)
00000009 0.00019680 [16400] dwOrigSize detected: 7
00000010 0.00022820 [16400] Hook_Inline context=7ffd0d4b4e76
00000011 0.00024340 [16400] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000012 0.00026000 [16400] Hooking failed (-1)
00000013 0.00027590 [16400] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000014 0.00029320 [16400] Hooked 0CA94420 -> 0B2B2AB0
00000015 0.04615560 [16400] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000016 0.06686960 [16400] Populating UpdatePolicy AllowList
00000017 0.06707520 [16400] SKU MDM licensing allow list string from SLAPI:
00000018 0.06709580 [16400] AboveLock|Accounts|ActiveXControls|ADMXIngest|AllowMessageSync|AppHVSI|ApplicationDefaults|AllowAllTrustedApps|AllowAppStoreAutoUpdate|AllowAutomaticAppArchiving|AllowDeveloperUnlock|AllowGameDVR|AllowSharedUserAppData|ApplicationRestrictions|Audit|ConfigureChatIcon|LaunchAppAfterLogOn|MSIAllowUserControlOverInstall|MSIAlwaysInstallWithElevatedPrivileges|RestrictAppDataToSystemVolume|RestrictAppToSystemVolume|AppRuntime|AttachmentManager|Authentication|Autoplay|BitLocker|BITS|Bluetooth|Browser|Camera|Cellular|Connectivity|ControlPolicyConflict|CredentialProviders|CredentialsDelegation|CredentialsUI|Cryptography|DataProtection|DataUsage|Defender|DeliveryOptimization|Desktop|ConfigureSystemGuardLaunch|EnableVirtualizationBasedSecurity|DeviceHealthMonitoring|DeviceInstallation|DeviceLock|Display|DmaGuard|ErrorReporting|Eap|Education|EnterpriseCloudPrint|EventLogService|AllowClipboardHistory|AllowCopyPaste|AllowCortana|AllowDeviceDiscovery|AllowManualMDMUnenrollment|AllowSaveAsOfOfficeFiles|AllowScreenCapture|AllowSharingOfOfficeFiles|AllowSIMErrorDialogPromptWhenNoSIM|AllowSyncMySettings|AllowTailoredExperiencesWithDiagnosticData|AllowTaskSwitcher|AllowThirdPartySuggestionsInWindowsSpotlight|AllowVoiceRecording|DoNotShowFeedbackNotifications|DoNotSyncBrowserSettings|AllowFindMyDevice|ExploitGuard|Feeds|FileExplorer|Games|Handwriting|HumanPresence|InternetExplorer|Kerberos|KioskBrowser|Knobs|LanmanWorkstation|Licensing|LocalPoliciesSecurityOptions|LocalUsersAndGroups|Lockdown|Maps|MemoryDump|MSSecurityGuide|MSSLegacy|Multitasking|NetworkIsolation|NetworkListManager|NewsAndInterests|Notifications|OneDrive|Power|Printers|Privacy|RemoteAssistance|RemoteDesktopServices|RemoteDesktop|RemoteManagement|RemoteProcedureCall|RemoteShell|RestrictedGroups|Search|Security|Settings|SmartScreen|Speech|Start|Storage|System|SystemServices|TaskManager|TaskScheduler|TenantRestrictions|TextInput|TimeLanguageSettings|Troubleshooting|Update|UserRights|VirtualizationBasedTechnology|WiFi|WindowsLogon|WirelessDisplay|Location|WindowsAutopilot|WindowsConnectionManager|WindowsDefenderSecurityCenter|WindowsInkWorkspace|WindowsPowerShell|WindowsSandbox|WiredNetwork
00000019 0.06711130 [16400]
00000020 0.06716130 [16400] All policies are allowed
00000021 0.11091090 [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000022 0.11096370 [6620] AURACtrl::Sync
...
00000189 2.74267030 [10688] Injecting into WOW64 Process? 0
00000190 2.74270368 [10688] Hook_Inline(7ffd0f3be1ac, 1738fa40000, code)
00000191 2.74272490 [10688] dwOrigSize detected: 10
00000192 2.74343920 [10688] About to alloc page @7ffd0f2df000
00000193 2.74349165 [10688] Hook_Inline context=7ffd0f2d0000
00000194 2.74353480 [10688] APPCERT_IMAGE_OK_TO_RUN
00000195 2.74355149 [10688] APPCERT_CREATION_ALLOWED
00000196 2.78183198 [16544] LDNTVDM is running inside cmd.exe
00000197 2.78190970 [16544] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000198 2.78193212 [16544] Hooked 0E0A70E0 -> 0B2B453C
00000199 2.78194594 [16544] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000200 2.78196812 [16544] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000201 2.78197932 [16544] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000202 2.78201389 [16544] Hooked 0F3850D0 -> 0B2B43FC
00000203 2.83217931 [16544] Process has child with PID 16552
00000204 2.83228207 [16544] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)
00000205 2.83230829 [16544] Injecting into WOW64 Process? 0
00000206 2.83245850 [16544] Created injection thread h=00000090, tid=7852
00000207 2.83323002 [16552] LDNTVDM is running inside conhost.exe
00000208 2.83329320 [16552] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000209 2.83331609 [16552] Hooked 0E0A70E0 -> 0B2B453C
00000210 2.83333468 [16552] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000211 2.83335161 [16552] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000212 2.83336949 [16552] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000213 2.83340526 [16552] Hooked 0F3850D0 -> 0B2B43FC
00000214 2.83342409 [16552] LDNTVDM is running inside ConHost.exe
00000215 2.83356881 [16552] Hook_IAT_x64_IAT(C5510000, ntdll.dll, RtlAllocateHeap, 0B2B1304, 0B2C2988)
00000216 2.83359361 [16552] Hooked 0F308AC0 -> 0B2B1304
00000217 2.83361602 [16552] OEMCP_FixNLSTable enter
00000218 2.83372474 [16552] Peb->OemCodePageData set to CCA70000
00000219 2.83374619 [16552] OEMCP_CallInitializeCustomCP
00000220 2.83385611 [16552] failed: nt=C5510000, fnInitializeCustomCP=0
00000221 2.83388114 [16552] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)
00000222 2.83390236 [16552] dwOrigSize detected: 7
00000223 2.83393216 [16552] Hook_Inline context=7ffd0d4b4e76
00000224 2.83395004 [16552] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000225 2.83396840 [16552] Hooking failed (-1)
00000226 2.83398485 [16552] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000227 2.83400559 [16552] Hooked 0CA94420 -> 0B2B2AB0
00000228 2.88217711 [16552] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000229 2.88225985 [16544] RtlCreateUserThread Status = 00000000
00000230 2.88232470 [16544] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000231 2.90196729 [16544] UpdateSymbolCache()
00000232 2.90280604 [16544] Symsrv options: 00000002
00000233 2.90284705 [16544] DBGHELP: Symbol Search Path: SRV*C:\WINDOWS\Symbols*C:\Users\Dominic\AppData\Local\Temp\SymbolCache*http://msdl.microsoft.com/download/symbols
00000234 2.90287971 [16544] DBGHELP: No header for C:\WINDOWS\system32\conhost.exe. Searching for image on disk
00000235 2.90294075 [16544] DBGHELP: C:\WINDOWS\system32\conhost.exe - OK
00000236 2.90746856 [16544] SYMSRV: C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb
00000237 2.91905880 [16544] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863
00000238 2.91907740 [16544] DBGHELP: C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb - drive not ready
00000239 2.91914248 [16544] DBGHELP: C:\WINDOWS\system32\conhost.pdb - file not found
00000240 2.92019677 [16544] DBGHELP: conhost.pdb - file not found
00000241 2.92025423 [16544] DBGHELP: conhost - no symbols loaded
00000242 2.92027235 [16544] UpdateSymbolCache() loading conhost.exe symbols
00000243 2.92028761 [16544] SymEng_GetAddr ShouldUseConhostV2
00000244 2.92031431 [16544] SymFromName failed: 0000007E
00000245 2.92033029 [16544] SymEng_GetAddr ConhostV2ForcedInRegistry
00000246 2.92034721 [16544] SymFromName failed: 0000007E
00000247 2.92045426 [16544] DBGHELP: No header for C:\WINDOWS\system32\conhostV1.dll. Searching for image on disk
00000248 2.92051530 [16544] DBGHELP: C:\WINDOWS\system32\conhostV1.dll - OK
00000249 2.92069650 [16544] SYMSRV: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb
00000250 2.92078471 [16544] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863
00000251 2.92080402 [16544] DBGHELP: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb - drive not ready
00000252 2.92085171 [16544] DBGHELP: C:\WINDOWS\system32\ConhostV1.pdb - file not found
00000253 2.92172670 [16544] DBGHELP: ConhostV1.pdb - file not found
00000254 2.92186666 [16544] DBGHELP: conhostV1 - export symbols
00000255 2.92188239 [16544] UpdateSymbolCache() loading conhostV1.dll symbols
00000256 2.92189693 [16544] SymEng_GetAddr InitializeCustomCP
00000257 2.92191958 [16544] SymFromName failed: 0000007E
00000258 2.92395997 [16544] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130
00000259 2.98347926 [16544] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');
00000260 2.99414802 [16544] VDMState=00000001
00000261 2.99545598 [16544] LDNTVDM: Launch DOS!
00000262 3.01446271 [16544] Injecting into WOW64 Process? 1
00000263 3.01474524 [16544] Hook_Inline(76fdf5d0, f0000, code)
00000264 3.01476908 [16544] dwOrigSize detected: 10
00000265 3.01529312 [16544] About to alloc page @76f2f000
00000266 3.01534557 [16544] Hook_Inline context=76f20000
00000267 3.01549006 [16544] Hook_Inline(7ffd0f3be1ac, 100000, code)
00000268 3.01551127 [16544] dwOrigSize detected: 10
00000269 3.01611567 [16544] About to alloc page @7ffd0f2df000
00000270 3.01616049 [16544] Hook_Inline context=7ffd0f2d0000
00000271 3.01625276 [16544] APPCERT_IMAGE_OK_TO_RUN
00000272 3.01626825 [16544] APPCERT_CREATION_ALLOWED
00000273 3.02916121 [18096] LDNTVDM is running inside ntvdm.exe
00000274 3.02923298 [18096] Hook_IAT_x64(75E80000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 74013FF0)
00000275 3.02926159 [18096] Hooked 75A85CE0 -> 74013FF0
00000276 3.02928591 [18096] LDNTVDM: BasepProcessInvalidImageReal = 75A85CE0
00000277 3.02930760 [18096] LDNTVDM: BaseIsDosApplication = 75AAA490
00000278 3.02933049 [18096] Hook_IAT_x64_IAT(75E80000, ntdll.dll, NtCreateUserProcess, 74013F20, 740206C0)
00000279 3.02937365 [18096] Hooked 76FA5700 -> 74013F20
00000280 3.02940607 [18096] Hook_IAT_x64_IAT(75A50000, ntdll.dll, CsrClientCallServer, 74012690, 7401B000)
00000281 3.02943158 [18096] Hooked 76FF24A0 -> 74012690
00000282 3.02945614 [18096] Hook_IAT_x64_IAT(75A50000, ntdll.dll, CsrAllocateMessagePointer, 74012800, 00000000)
00000283 3.02948070 [18096] Hooked 76FF2360 -> 74012800
00000284 3.02950406 [18096] Hook_IAT_x64_IAT(F000000, KERNEL32.DLL, SetConsolePalette, 74011160, 740206D4)
00000285 3.02953124 [18096] Hooked 75AB28B0 -> 74011160
00000286 3.02955437 [18096] Hook_IAT_x64_IAT(75A50000, ntdll.dll, NtQueryInformationProcess, 74011080, 00000000)
00000287 3.02958131 [18096] Hooked 76FA4BA0 -> 74011080
00000288 3.02960277 [18096] Hook_IAT_x64_IAT(75E80000, ntdll.dll, NtQueryInformationProcess, 74011080, 00000000)
00000289 3.02962923 [18096] Hooked 76FA4BA0 -> 74011080
00000290 3.02965951 [18096] Hook_Inline(74cf8ab0, 74013590, PrivateExtractIconsWHook)
00000291 3.02968979 [18096] Hook_Inline did hotpatch -> context=74cf8ab2
00000292 3.02971148 [18096] Hook_IAT_x64_IAT(74CC0000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 74013510, 740206D0)
00000293 3.02973366 [18096] Hooking failed (-1)
00000294 3.02975678 [18096] Hook_IAT_x64_IAT(74CC0000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 74013510, 740206D0)
00000295 3.02977991 [18096] Hooked 75FA0130 -> 74013510
00000296 3.08092451 [18096] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000297 3.08291173 [18096] BaseGetNextVDMCommand: ConsoleHandle=000040A8, iTask=00000000
00000298 3.08295083 [18096] BaseGetNextVDMCommand(268500999) = 00000000
00000299 3.08582520 [18096] BaseIsFirstVDM(65545) = C0000022
00000300 3.12958407 [18096] BaseGetNextVDMCommand: ConsoleHandle=000040A8, iTask=00000000
00000301 3.12965918 [18096] BaseGetNextVDMCommand(268500999) = 00000000
00000302 3.44073677 [1580] LDNTVDM is running inside WerFault.exe
00000303 3.44078755 [1580] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000304 3.44080710 [1580] Hooked 0E0A70E0 -> 0B2B453C
00000305 3.44083166 [1580] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000306 3.44084477 [1580] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000307 3.44085932 [1580] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000308 3.44089317 [1580] Hooked 0F3850D0 -> 0B2B43FC
00000309 3.49070477 [1580] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000310 5.67628384 [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)
...
00000509 13.52215862 [2640] LDNTVDM is running inside SystemSettings.exe
00000510 13.52356434 [16908] LDNTVDM is running inside ApplicationFrameHost.exe
00000511 13.52480316 [6620] Sync0 Address 0x72 ChipID 0x3570
00000512 13.52606392 [2640] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000513 13.52738857 [16908] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000514 13.52868462 [6620] Sync0 Last Effect ID 0x5 ChipID 0x5
00000515 13.53012180 [2640] Hooked 0E0A70E0 -> 0B2B453C
00000516 13.53142834 [16908] Hooked 0E0A70E0 -> 0B2B453C
00000517 13.53291702 [6620] Sync1 Address 0x72 ChipID 0x3570
00000518 13.53418922 [2640] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000519 13.53545284 [16908] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000520 13.53674221 [6620] Direction 0
00000521 13.53816605 [2640] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000522 13.53941154 [16908] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000523 13.54069424 [6620] Sync1 frame_tobe_write 0xB7 effect_support 0x1
00000524 13.54193878 [2640] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000525 13.54317093 [16908] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000526 13.54459190 [2640] Hooked 0F3850D0 -> 0B2B43FC
00000527 13.54592514 [16908] Hooked 0F3850D0 -> 0B2B43FC
00000528 14.00708485 [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000529 14.00713921 [6620] AURACtrl::Sync
00000530 14.00721741 [16908] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000531 14.00726414 [2640] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
...
00000662 14.21620464 [6620] Sync1 frame_tobe_write 0xB7 effect_support 0x1
00000663 14.65336800 [8544] LDNTVDM is running inside UserOOBEBroker.exe
00000664 14.65340805 [8544] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000665 14.65343475 [8544] Hooked 0E0A70E0 -> 0B2B453C
00000666 14.65345287 [8544] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000667 14.65347195 [8544] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000668 14.65349483 [8544] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000669 14.65353298 [8544] Hooked 0F3850D0 -> 0B2B43FC
00000670 14.65356636 [8544] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)
00000671 14.65358925 [8544] dwOrigSize detected: 7
00000672 14.65361786 [8544] Hook_Inline context=7ffd0d4b4e76
00000673 14.65364170 [8544] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000674 14.65366840 [8544] Hooking failed (-1)
00000675 14.65370083 [8544] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000676 14.65372944 [8544] Hooked 0CA94420 -> 0B2B2AB0
00000677 14.71276665 [8544] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000678 14.75612640 [18672] LDNTVDM is running inside FileCoAuth.exe
00000679 14.75616646 [18672] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000680 14.75618744 [18672] Hooked 0E0A70E0 -> 0B2B453C
00000681 14.75620651 [18672] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000682 14.75622368 [18672] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000683 14.75624275 [18672] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000684 14.75627804 [18672] Hooked 0F3850D0 -> 0B2B43FC
00000685 14.75630569 [18672] Hook_Inline(7ffd0d43f9c0, 7ffd0b2b2b94, PrivateExtractIconsWHook)
00000686 14.75632668 [18672] dwOrigSize detected: 7
00000687 14.75635529 [18672] Hook_Inline context=7ffd0d4b4e76
00000688 14.75637436 [18672] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000689 14.75639534 [18672] Hooking failed (-1)
00000690 14.75641251 [18672] Hook_IAT_x64_IAT(D420000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 0B2B2AB0, 0B2C2978)
00000691 14.75643158 [18672] Hooked 0CA94420 -> 0B2B2AB0
00000692 14.79506397 [2640] Populating UpdatePolicy AllowList
00000693 14.79524612 [2640] SKU MDM licensing allow list string from SLAPI:
00000694 14.79526901 [2640] AboveLock|Accounts|ActiveXControls|ADMXIngest|AllowMessageSync|AppHVSI|ApplicationDefaults|AllowAllTrustedApps|AllowAppStoreAutoUpdate|AllowAutomaticAppArchiving|AllowDeveloperUnlock|AllowGameDVR|AllowSharedUserAppData|ApplicationRestrictions|Audit|ConfigureChatIcon|LaunchAppAfterLogOn|MSIAllowUserControlOverInstall|MSIAlwaysInstallWithElevatedPrivileges|RestrictAppDataToSystemVolume|RestrictAppToSystemVolume|AppRuntime|AttachmentManager|Authentication|Autoplay|BitLocker|BITS|Bluetooth|Browser|Camera|Cellular|Connectivity|ControlPolicyConflict|CredentialProviders|CredentialsDelegation|CredentialsUI|Cryptography|DataProtection|DataUsage|Defender|DeliveryOptimization|Desktop|ConfigureSystemGuardLaunch|EnableVirtualizationBasedSecurity|DeviceHealthMonitoring|DeviceInstallation|DeviceLock|Display|DmaGuard|ErrorReporting|Eap|Education|EnterpriseCloudPrint|EventLogService|AllowClipboardHistory|AllowCopyPaste|AllowCortana|AllowDeviceDiscovery|AllowManualMDMUnenrollment|AllowSaveAsOfOfficeFiles|AllowScreenCapture|AllowSharingOfOfficeFiles|AllowSIMErrorDialogPromptWhenNoSIM|AllowSyncMySettings|AllowTailoredExperiencesWithDiagnosticData|AllowTaskSwitcher|AllowThirdPartySuggestionsInWindowsSpotlight|AllowVoiceRecording|DoNotShowFeedbackNotifications|DoNotSyncBrowserSettings|AllowFindMyDevice|ExploitGuard|Feeds|FileExplorer|Games|Handwriting|HumanPresence|InternetExplorer|Kerberos|KioskBrowser|Knobs|LanmanWorkstation|Licensing|LocalPoliciesSecurityOptions|LocalUsersAndGroups|Lockdown|Maps|MemoryDump|MSSecurityGuide|MSSLegacy|Multitasking|NetworkIsolation|NetworkListManager|NewsAndInterests|Notifications|OneDrive|Power|Printers|Privacy|RemoteAssistance|RemoteDesktopServices|RemoteDesktop|RemoteManagement|RemoteProcedureCall|RemoteShell|RestrictedGroups|Search|Security|Settings|SmartScreen|Speech|Start|Storage|System|SystemServices|TaskManager|TaskScheduler|TenantRestrictions|TextInput|TimeLanguageSettings|Troubleshooting|Update|UserRights|VirtualizationBasedTechnology|WiFi|WindowsLogon|WirelessDisplay|Location|WindowsAutopilot|WindowsConnectionManager|WindowsDefenderSecurityCenter|WindowsInkWorkspace|WindowsPowerShell|WindowsSandbox|WiredNetwork
00000695 14.79528809 [2640]
00000696 14.79534721 [2640] All policies are allowed
00000697 14.83329105 [18672] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000698 16.27603531 [2336] LDNTVDM is running inside taskhostw.exe
00000699 16.27607346 [2336] Hook_IAT_x64(0CA60000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 0B2B453C)
00000700 16.27609634 [2336] Hooked 0E0A70E0 -> 0B2B453C
00000701 16.27611351 [2336] LDNTVDM: BasepProcessInvalidImageReal = 0E0A70E0
00000702 16.27612877 [2336] LDNTVDM: BaseIsDosApplication = 0E0CE9E0
00000703 16.27614212 [2336] Hook_IAT_x64_IAT(CA60000, ntdll.dll, NtCreateUserProcess, 0B2B43FC, 0B2C2950)
00000704 16.27617455 [2336] Hooked 0F3850D0 -> 0B2B43FC
00000705 16.31977463 [2336] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000706 17.55430222 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000707 17.55631065 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000708 17.55809975 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000709 17.55960083 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000710 17.56120300 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000711 18.04552078 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000712 18.04728699 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000713 18.04937553 [6828] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000714 18.54718399 [6828] PrivateExtractIconsWHook(c:\windows\system32\imageres.dll)
00000715 19.57489014 [6620] [AURA HAL][ENE DRAM] Sunc (1,0,5)
...
After doing this, I switched the shortcut properties to using Raster font 10x18 instead of Consolas and hey presto it worked! But after I switched to trying to another non-Raster and then back to Raster it crashed without any error message at all - rather like OP's situation. Even after rebooting it now will not run at all - no error message, the windows flashes up and disappears. Here is the Dbgview output in this new situation:
00000169 3.03157115 [10316] Injecting into WOW64 Process? 0
00000170 3.03160262 [10316] Hook_Inline(7ff8a0e3e1ac, 2bac2e00000, code)
00000171 3.03162026 [10316] dwOrigSize detected: 10
00000172 3.03227043 [10316] About to alloc page @7ff8a0d5f000
00000173 3.03231406 [10316] Hook_Inline context=7ff8a0d50000
00000174 3.03235030 [10316] APPCERT_IMAGE_OK_TO_RUN
00000175 3.03236556 [10316] APPCERT_CREATION_ALLOWED
00000176 3.06913829 [10928] LDNTVDM is running inside cmd.exe
00000177 3.06918311 [10928] Hook_IAT_x64(9E5D0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 9CD3453C)
00000178 3.06920886 [10928] Hooked 9F9870E0 -> 9CD3453C
00000179 3.06923246 [10928] LDNTVDM: BasepProcessInvalidImageReal = 9F9870E0
00000180 3.06926632 [10928] LDNTVDM: BaseIsDosApplication = 9F9AE9E0
00000181 3.06933951 [10928] Hook_IAT_x64_IAT(9E5D0000, ntdll.dll, NtCreateUserProcess, 9CD343FC, 9CD42950)
00000182 3.06938839 [10928] Hooked A0E050D0 -> 9CD343FC
00000183 3.12318349 [10928] Process has child with PID 11276
00000184 3.12328005 [10928] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)
00000185 3.12330604 [10928] Injecting into WOW64 Process? 0
00000186 3.12343359 [10928] Created injection thread h=00000104, tid=15028
00000187 3.12412429 [11276] LDNTVDM is running inside conhost.exe
00000188 3.12417817 [11276] Hook_IAT_x64(9E5D0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 9CD3453C)
00000189 3.12420130 [11276] Hooked 9F9870E0 -> 9CD3453C
00000190 3.12422109 [11276] LDNTVDM: BasepProcessInvalidImageReal = 9F9870E0
00000191 3.12423921 [11276] LDNTVDM: BaseIsDosApplication = 9F9AE9E0
00000192 3.12426472 [11276] Hook_IAT_x64_IAT(9E5D0000, ntdll.dll, NtCreateUserProcess, 9CD343FC, 9CD42950)
00000193 3.12431026 [11276] Hooked A0E050D0 -> 9CD343FC
00000194 3.12433028 [11276] LDNTVDM is running inside ConHost.exe
00000195 3.12448096 [11276] Hook_IAT_x64_IAT(60080000, ntdll.dll, RtlAllocateHeap, 9CD31304, 9CD42988)
00000196 3.12450576 [11276] Hooked A0D88AC0 -> 9CD31304
00000197 3.12452650 [11276] OEMCP_FixNLSTable enter
00000198 3.12463450 [11276] Peb->OemCodePageData set to 88210000
00000199 3.12465644 [11276] OEMCP_CallInitializeCustomCP
00000200 3.12476444 [11276] failed: nt=60080000, fnInitializeCustomCP=0
00000201 3.12478971 [11276] Hook_Inline(7ff89f3ef9c0, 7ff89cd32b94, PrivateExtractIconsWHook)
00000202 3.12481213 [11276] dwOrigSize detected: 7
00000203 3.12484360 [11276] Hook_Inline context=7ff89f464e76
00000204 3.12486076 [11276] Hook_IAT_x64_IAT(9F3D0000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 9CD32AB0, 9CD42978)
00000205 3.12487841 [11276] Hooking failed (-1)
00000206 3.12489486 [11276] Hook_IAT_x64_IAT(9F3D0000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 9CD32AB0, 9CD42978)
00000207 3.12491322 [11276] Hooked 9E604420 -> 9CD32AB0
00000208 3.17419147 [11276] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000209 3.17428112 [10928] RtlCreateUserThread Status = 00000000
00000210 3.17435598 [10928] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000211 3.18943548 [10928] UpdateSymbolCache()
00000212 3.19023252 [10928] Symsrv options: 00000002
00000213 3.19027400 [10928] DBGHELP: Symbol Search Path: SRV*C:\WINDOWS\Symbols*C:\Users\Dominic\AppData\Local\Temp\SymbolCache*http://msdl.microsoft.com/download/symbols
00000214 3.19030690 [10928] DBGHELP: No header for C:\WINDOWS\system32\conhost.exe. Searching for image on disk
00000215 3.19036841 [10928] DBGHELP: C:\WINDOWS\system32\conhost.exe - OK
00000216 3.19496322 [10928] SYMSRV: C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb
00000217 3.20514750 [10928] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863
00000218 3.20517349 [10928] DBGHELP: C:\WINDOWS\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb - drive not ready
00000219 3.20523596 [10928] DBGHELP: C:\WINDOWS\system32\conhost.pdb - file not found
00000220 3.20620608 [10928] DBGHELP: conhost.pdb - file not found
00000221 3.20626044 [10928] DBGHELP: conhost - no symbols loaded
00000222 3.20627689 [10928] UpdateSymbolCache() loading conhost.exe symbols
00000223 3.20629120 [10928] SymEng_GetAddr ShouldUseConhostV2
00000224 3.20631742 [10928] SymFromName failed: 0000007E
00000225 3.20633292 [10928] SymEng_GetAddr ConhostV2ForcedInRegistry
00000226 3.20634890 [10928] SymFromName failed: 0000007E
00000227 3.20646310 [10928] DBGHELP: No header for C:\WINDOWS\system32\conhostV1.dll. Searching for image on disk
00000228 3.20652747 [10928] DBGHELP: C:\WINDOWS\system32\conhostV1.dll - OK
00000229 3.20670772 [10928] SYMSRV: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb
00000230 3.20679569 [10928] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863
00000231 3.20681429 [10928] DBGHELP: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb - drive not ready
00000232 3.20686150 [10928] DBGHELP: C:\WINDOWS\system32\ConhostV1.pdb - file not found
00000233 3.20763803 [10928] DBGHELP: ConhostV1.pdb - file not found
00000234 3.20779514 [10928] DBGHELP: conhostV1 - export symbols
00000235 3.20781088 [10928] UpdateSymbolCache() loading conhostV1.dll symbols
00000236 3.20782447 [10928] SymEng_GetAddr InitializeCustomCP
00000237 3.20784712 [10928] SymFromName failed: 0000007E
00000238 3.20963621 [10928] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130
00000239 3.27475882 [10928] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');
00000240 3.28519487 [10928] VDMState=00000001
00000241 3.28672647 [10928] LDNTVDM: Launch DOS!
00000410 6.50493813 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000411 6.50658083 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000412 6.50820637 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000413 6.50977039 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000414 6.73545456 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000415 6.73723507 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000416 6.73946238 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000417 6.74159431 [20324] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000418 11.24928856 [6624] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000419 11.25079346 [6624] AURACtrl::Sync
00000420 11.25280571 [6624] Sync0 Address 0x72 ChipID 0x3570
00000421 11.25417519 [6624] Sync0 Last Effect ID 0x5 ChipID 0x5
00000422 11.25545692 [6624] Sync1 Address 0x72 ChipID 0x3570
00000423 11.25671864 [6624] Direction 0
00000424 11.25801468 [6624] Sync1 frame_tobe_write 0x3F effect_support 0x1
Thanks for the log, this seems to be the reason:
00000255 2.92188239 [16544] UpdateSymbolCache() loading conhostV1.dll symbols
00000256 2.92189693 [16544] SymEng_GetAddr InitializeCustomCP
00000257 2.92191958 [16544] SymFromName failed: 0000007E
0x7e means, that symbol was not found. So the debug Symbols do not contain a reference to the function "InitializeCustomCP" in ConhostV1.DLL which is necessary to do the NLS table initialization. My ConhostV1.DLL is still from 06/2021 and version V10.0.22000.1 and contains the required symbol. Maybe you got a newer ConhostV1.dll where the function got ripped out, can you check this? ConhostV1.DLL is in system32 directory. M$ is in the process of removing these NLS functions, but they forgot that some functions depend on it an didn't fix those, which causes the crash. Reimplementing the missing function would be really painful, as they depend on ConhostV1 internal structures.
Judging from inferior M$ Software quality lately, I assume they are mainly developing in India nowadays.. ;-)
Hmm, my ConhostV1.dll is version 10.0.22000.1, dated 06/2021, so presumably same as yours (352256 bytes). (BTW I edited my previous post to add a second log, did you see it?)
Sounds like a permission problem with the symbol files.
00000229 3.20670772 [10928] SYMSRV: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb
00000230 3.20679569 [10928] DBGHELP: ........ DIA E_PDB_FILE_SYSTEM error from 863
00000231 3.20681429 [10928] DBGHELP: C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb - drive not ready
0
Can you check if the file C:\WINDOWS\Symbols\ConhostV1.pdb\923DD6A5A61A4F6348488E67DABD234C1\ConhostV1.pdb is readable and writable for everyone? It should theoretically inherit access permissions from "Symbols" directory which gets set up during install with write permissions for everyone, but maybe it got downloaded from inside a process that has other access permissions and therefore reading the file or writing to the file (updating) is denied.
Permissions of that file are in gray (and same for 923DD6A5A61A4F6348488E67DABD234C1 and ConhostV1.pdb directories), and show 'Everyone' has all permissions. However the file has 0 size, which seems a bit strange? (So is the file C:\Windows\Symbols\conhost.pdb\BA25DA8802E1B55EEF17F13C891170EB1\conhost.pdb, by the way)
That sometimes happens if symbol downloads fail. When there is a 0 byte file, it doesn't try to redownload it and you are foiled. Try to the delete the 0 byte files, then the loader should download it again, maybe this time without errors
ok, to re-run the loader do I reinstall NTVDMx64 or rebuild it, or restart the machine?
It should be enough to start another application so that UpdateSymbolCache() function gets re-invoked, but you can also try to reboot.
I did that and the file(s) Conhostv1.pdb and conhost.pdb magically appeared (as non-zero files), but the 16-bit app still just flashed up in a window and disappeared. I then (unwisely, it seems) deleted the files again (without keeping a backup of Conhostv1.pdb doh!) and tried again. But now they don't re-appear even after re-booting and/or re-installing NTVDMx64.
Now when I try to launch 16-bit app, I get a box saying 'Unsupported 16-bit application' - though NTVDMx64 is installed.
I rebuilt and reinstalled NTVDMx64 and then rebooted. Then I ran the 16-bit app, and up it came - with Consolas font! Great. Then I started a second 16-bit app and both apps immediately disappeared and now neither will restart at all. So trying again with Dbgview shows:
00000001 0.00000000 [6360] Injecting into WOW64 Process? 0
00000002 0.00003120 [6360] Hook_Inline(7ffe50f7e1ac, 2c57e0b0000, code)
00000003 0.00007120 [6360] dwOrigSize detected: 10
00000004 0.00081960 [6360] About to alloc page @7ffe50e9f000
00000005 0.00086570 [6360] Hook_Inline context=7ffe50e90000
00000006 0.00089770 [6360] APPCERT_IMAGE_OK_TO_RUN
00000007 0.00091200 [6360] APPCERT_CREATION_ALLOWED
00000008 0.03476210 [20896] LDNTVDM is running inside cmd.exe
00000009 0.03480950 [20896] Hook_IAT_x64(4E5A0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 4CE3453C)
00000010 0.03486230 [20896] Hooked 4FD270E0 -> 4CE3453C
00000011 0.03491520 [20896] LDNTVDM: BasepProcessInvalidImageReal = 4FD270E0
00000012 0.03492880 [20896] LDNTVDM: BaseIsDosApplication = 4FD4E9E0
00000013 0.03495860 [20896] Hook_IAT_x64_IAT(4E5A0000, ntdll.dll, NtCreateUserProcess, 4CE343FC, 4CE42950)
00000014 0.03499570 [20896] Hooked 50F450D0 -> 4CE343FC
00000015 0.09382320 [20896] Process has child with PID 16820
00000016 0.09391800 [20896] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)
00000017 0.09394340 [20896] Injecting into WOW64 Process? 0
00000018 0.09407310 [20896] Created injection thread h=00000104, tid=21344
00000019 0.09481730 [16820] LDNTVDM is running inside conhost.exe
00000020 0.09486990 [16820] Hook_IAT_x64(4E5A0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, 4CE3453C)
00000021 0.09489480 [16820] Hooked 4FD270E0 -> 4CE3453C
00000022 0.09491440 [16820] LDNTVDM: BasepProcessInvalidImageReal = 4FD270E0
00000023 0.09493140 [16820] LDNTVDM: BaseIsDosApplication = 4FD4E9E0
00000024 0.09494810 [16820] Hook_IAT_x64_IAT(4E5A0000, ntdll.dll, NtCreateUserProcess, 4CE343FC, 4CE42950)
00000025 0.09498320 [16820] Hooked 50F450D0 -> 4CE343FC
00000026 0.09500120 [16820] LDNTVDM is running inside ConHost.exe
00000027 0.09515120 [16820] ShouldUseConhostV2 hook installed @D4E06850
00000028 0.09517560 [16820] Hook_IAT_x64_IAT(45540000, ntdll.dll, RtlAllocateHeap, 4CE31304, 4CE42988)
00000029 0.09519810 [16820] Hooked 50EC8AC0 -> 4CE31304
00000030 0.09540500 [16820] Hook_Inline(7ffe4faaf9c0, 7ffe4ce32b94, PrivateExtractIconsWHook)
00000031 0.09542860 [16820] dwOrigSize detected: 7
00000032 0.09545980 [16820] Hook_Inline context=7ffe4fb24e76
00000033 0.09547690 [16820] Hook_IAT_x64_IAT(4FA90000, api-ms-win-core-file-l1-2-1.dll, ReadFile, 4CE32AB0, 4CE42978)
00000034 0.09549400 [16820] Hooking failed (-1)
00000035 0.09551000 [16820] Hook_IAT_x64_IAT(4FA90000, api-ms-win-core-file-l1-1-0.dll, ReadFile, 4CE32AB0, 4CE42978)
00000036 0.09552900 [16820] Hooked 4E5D4420 -> 4CE32AB0
00000037 0.15102831 [16820] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000038 0.15111271 [20896] RtlCreateUserThread Status = 00000000
00000039 0.15117830 [20896] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000040 0.16921359 [20896] UpdateSymbolCache()
00000041 0.17130040 [20896] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130
00000042 0.22495390 [20896] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');
00000043 0.23795439 [20896] VDMState=00000001
00000044 0.23798349 [20896] LDNTVDM: Launch DOS!
The reason for the files not reapperaing is that their symbols got cached in the registry in HKLM\Software\ldntvdm and HKLM\WOW3264Node\Software\ldntvdm The symbols only get reloaded if it is necessary due to missing symbols or changed DLL file versions, so you got hit by the caching mechanism. If you want it to redownload everything, after deleting the symbol files, you also have to delete the ldntvdm-Key contents (not the key itself, as this would mess up access permissions).
When reinstalling NTVDMx64, I guess you didn't change the ldntvdm.dll with the one from this thread that contains additional debug info, otherwise it would be visible in the logs. Please retry with the debug-version from this thread .
Correct sorry. So here is the dbgview output with the amnded ldntvdm.dll installed (still the 16-bit does not run the window just flashes briefly and there is no message):
00000001 0.00000000 [1132] Injecting into WOW64 Process? 0
00000002 0.00003070 [1132] Hook_Inline(7fffcbb1e1ac, 25e48cb0000, code)
00000003 0.00005680 [1132] dwOrigSize detected: 10
00000004 0.00069000 [1132] About to alloc page @7fffcba3f000
00000005 0.00073230 [1132] Hook_Inline context=7fffcba30000
00000006 0.00076270 [1132] APPCERT_IMAGE_OK_TO_RUN
00000007 0.00077920 [1132] APPCERT_CREATION_ALLOWED
00000008 0.01360580 [18664] LDNTVDM is running inside wlrmdr.exe
00000009 0.01364560 [18664] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)
00000010 0.01366610 [18664] Hooked CAED70E0 -> C7A1453C
00000011 0.01368380 [18664] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0
00000012 0.01369910 [18664] LDNTVDM: BaseIsDosApplication = CAEFE9E0
00000013 0.01371490 [18664] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)
00000014 0.01374820 [18664] Hooked CBAE50D0 -> C7A143FC
00000015 0.01377000 [18664] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)
00000016 0.01378810 [18664] dwOrigSize detected: 7
00000017 0.01381550 [18664] Hook_Inline context=7fffcb8e4e76
00000018 0.01383150 [18664] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)
00000019 0.01384750 [18664] Hooking failed (-1)
00000020 0.01386310 [18664] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)
00000021 0.01388030 [18664] Hooked C9024420 -> C7A12AB0
00000022 0.06609380 [18664] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000023 0.94413632 [9780] VoiceControlEngine.exe Information: 0 :
00000024 0.94444072 [9780] SAPI does not implement phonetic alphabet selection.
00000025 1.25459611 [17916] LDNTVDM is running inside LocationNotificationWindows.exe
00000026 1.25463450 [17916] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)
00000027 1.25465548 [17916] Hooked CAED70E0 -> C7A1453C
00000028 1.25467348 [17916] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0
00000029 1.25468981 [17916] LDNTVDM: BaseIsDosApplication = CAEFE9E0
00000030 1.25470614 [17916] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)
00000031 1.25474000 [17916] Hooked CBAE50D0 -> C7A143FC
00000032 1.25476241 [17916] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)
00000033 1.25478435 [17916] dwOrigSize detected: 7
00000034 1.25481057 [17916] Hook_Inline context=7fffcb8e4e76
00000035 1.25482690 [17916] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)
00000036 1.25484347 [17916] Hooking failed (-1)
00000037 1.25486159 [17916] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)
00000038 1.25487864 [17916] Hooked C9024420 -> C7A12AB0
00000039 1.31879854 [17916] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000040 2.61359048 [6488] Injecting into WOW64 Process? 0
00000041 2.61361957 [6488] Hook_Inline(7fffcbb1e1ac, 2bf3f940000, code)
00000042 2.61364460 [6488] dwOrigSize detected: 10
00000043 2.61428428 [6488] About to alloc page @7fffcba3f000
00000044 2.61432552 [6488] Hook_Inline context=7fffcba30000
00000045 2.61435652 [6488] APPCERT_IMAGE_OK_TO_RUN
00000046 2.61437130 [6488] APPCERT_CREATION_ALLOWED
00000047 2.65285444 [4260] LDNTVDM is running inside cmd.exe
00000048 2.65290689 [4260] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)
00000049 2.65293789 [4260] Hooked CAED70E0 -> C7A1453C
00000050 2.65296674 [4260] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0
00000051 2.65298271 [4260] LDNTVDM: BaseIsDosApplication = CAEFE9E0
00000052 2.65300941 [4260] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)
00000053 2.65306020 [4260] Hooked CBAE50D0 -> C7A143FC
00000054 2.70890355 [4260] Process has child with PID 17924
00000055 2.70899534 [4260] Want to inject into child (conhost=1, proc=C:\Windows\System32\conhost.exe)
00000056 2.70901990 [4260] Injecting into WOW64 Process? 0
00000057 2.70914674 [4260] Created injection thread h=00000104, tid=17548
00000058 2.70980549 [17924] LDNTVDM is running inside conhost.exe
00000059 2.70982313 [17924] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)
00000060 2.70984840 [17924] Hooked CAED70E0 -> C7A1453C
00000061 2.70986772 [17924] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0
00000062 2.70988750 [17924] LDNTVDM: BaseIsDosApplication = CAEFE9E0
00000063 2.70990372 [17924] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)
00000064 2.70993876 [17924] Hooked CBAE50D0 -> C7A143FC
00000065 2.70995688 [17924] LDNTVDM is running inside ConHost.exe
00000066 2.71010566 [17924] ShouldUseConhostV2 hook installed @15A96850
00000067 2.71012950 [17924] Hook_IAT_x64_IAT(827D0000, ntdll.dll, RtlAllocateHeap, C7A11304, C7A22988)
00000068 2.71015143 [17924] Hooked CBA68AC0 -> C7A11304
00000069 2.71017170 [17924] OEMCP_FixNLSTable enter
00000070 2.71027303 [17924] Peb->OemCodePageData set to 94A90000
00000071 2.71029353 [17924] OEMCP_CallInitializeCustomCP
00000072 2.71041679 [17924] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)
00000073 2.71043921 [17924] dwOrigSize detected: 7
00000074 2.71046948 [17924] Hook_Inline context=7fffcb8e4e76
00000075 2.71048665 [17924] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)
00000076 2.71050692 [17924] Hooking failed (-1)
00000077 2.71052289 [17924] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)
00000078 2.71054292 [17924] Hooked C9024420 -> C7A12AB0
00000079 2.75668025 [17924] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000080 2.75678706 [4260] RtlCreateUserThread Status = 00000000
00000081 2.75684714 [4260] ldntvdm Init done (https://github.com/leecher1337/ntvdmx64)
00000082 2.77180767 [4260] UpdateSymbolCache()
00000083 2.77382445 [4260] NtCreateUserProcess(ThreadHandle=0, CommandLine=I:\RENTS\BAS\RENTS.EXE) failed with C0000130
00000084 2.82191992 [4260] LDNTVDM: BasepProcessInvalidImage(C0000130,'\??\I:\RENTS\BAS\RENTS.EXE');
00000085 2.85863948 [4260] VDMState=00000001
00000086 2.86000037 [4260] LDNTVDM: Launch DOS!
00000087 3.43808532 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000088 3.43817925 [6664] AURACtrl::Sync
00000089 3.43823767 [6664] Sync0 Address 0x72 ChipID 0x3570
00000090 3.43830967 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5
00000091 3.43835235 [6664] Sync1 Address 0x72 ChipID 0x3570
00000092 3.43839478 [6664] Direction 0
00000093 3.43844366 [6664] Sync1 frame_tobe_write 0x63 effect_support 0x1
00000094 3.44797802 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000095 3.44802237 [6664] AURACtrl::Sync
00000096 3.44806075 [6664] Sync0 Address 0x72 ChipID 0x3570
00000097 3.44809675 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5
00000098 3.44813108 [6664] Sync1 Address 0x72 ChipID 0x3570
00000099 3.44816566 [6664] Direction 0
00000100 3.44819999 [6664] Sync1 frame_tobe_write 0x63 effect_support 0x1
00000255 6.95117140 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000256 6.95415115 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000257 6.95601177 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000258 6.95783424 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000259 6.95953703 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000260 7.39219379 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000261 7.39397430 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000262 7.39575052 [19452] PrivateExtractIconsWHook(C:\WINDOWS\system32\imageres.dll)
00000263 9.38723087 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000264 9.38864708 [6664] AURACtrl::Sync
00000265 9.39072800 [16112] LDNTVDM is running inside MoNotificationUx.exe
00000266 9.39214039 [6664] Sync0 Address 0x72 ChipID 0x3570
00000267 9.39343739 [16112] Hook_IAT_x64(C8FF0000, ext-ms-win-kernelbase-processthread-l1-1-0.dll, BasepProcessInvalidImage, C7A1453C)
00000268 9.39470291 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5
00000269 9.39595985 [16112] Hooked CAED70E0 -> C7A1453C
00000270 9.39720917 [6664] Sync1 Address 0x72 ChipID 0x3570
00000271 9.39844894 [16112] LDNTVDM: BasepProcessInvalidImageReal = CAED70E0
00000272 9.39970016 [6664] Direction 0
00000273 9.40094280 [16112] LDNTVDM: BaseIsDosApplication = CAEFE9E0
00000274 9.40223217 [6664] Sync1 frame_tobe_write 0xD4 effect_support 0x1
00000275 9.40372849 [16112] Hook_IAT_x64_IAT(C8FF0000, ntdll.dll, NtCreateUserProcess, C7A143FC, C7A22950)
00000276 9.40507889 [16112] Hooked CBAE50D0 -> C7A143FC
00000277 9.40632820 [16112] Hook_Inline(7fffcb86f9c0, 7fffc7a12b94, PrivateExtractIconsWHook)
00000278 9.40756702 [16112] dwOrigSize detected: 7
00000279 9.40882778 [16112] Hook_Inline context=7fffcb8e4e76
00000280 9.41006088 [16112] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-2-1.dll, ReadFile, C7A12AB0, C7A22978)
00000281 9.41130543 [16112] Hooking failed (-1)
00000282 9.41255951 [16112] Hook_IAT_x64_IAT(CB850000, api-ms-win-core-file-l1-1-0.dll, ReadFile, C7A12AB0, C7A22978)
00000283 9.41379833 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000284 9.41505718 [16112] Hooked C9024420 -> C7A12AB0
00000301 10.39632225 [16112] Populating UpdatePolicy AllowList
00000302 10.39760780 [6664] Sync0 Address 0x72 ChipID 0x3570
00000303 10.39888191 [16112] SKU MDM licensing allow list string from SLAPI:
00000304 10.40014458 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5
00000305 10.40140343 [16112] AboveLock|Accounts|ActiveXControls|ADMXIngest|AllowMessageSync|AppHVSI|ApplicationDefaults|AllowAllTrustedApps|AllowAppStoreAutoUpdate|AllowAutomaticAppArchiving|AllowDeveloperUnlock|AllowGameDVR|AllowSharedUserAppData|ApplicationRestrictions|Audit|ConfigureChatIcon|LaunchAppAfterLogOn|MSIAllowUserControlOverInstall|MSIAlwaysInstallWithElevatedPrivileges|RestrictAppDataToSystemVolume|RestrictAppToSystemVolume|AppRuntime|AttachmentManager|Authentication|Autoplay|BitLocker|BITS|Bluetooth|Browser|Camera|Cellular|Connectivity|ControlPolicyConflict|CredentialProviders|CredentialsDelegation|CredentialsUI|Cryptography|DataProtection|DataUsage|Defender|DeliveryOptimization|Desktop|ConfigureSystemGuardLaunch|EnableVirtualizationBasedSecurity|DeviceHealthMonitoring|DeviceInstallation|DeviceLock|Display|DmaGuard|ErrorReporting|Eap|Education|EnterpriseCloudPrint|EventLogService|AllowClipboardHistory|AllowCopyPaste|AllowCortana|AllowDeviceDiscovery|AllowManualMDMUnenrollment|AllowSaveAsOfOfficeFiles|AllowScreenCapture|AllowSharingOfOfficeFiles|AllowSIMErrorDialogPromptWhenNoSIM|AllowSyncMySettings|AllowTailoredExperiencesWithDiagnosticData|AllowTaskSwitcher|AllowThirdPartySuggestionsInWindowsSpotlight|AllowVoiceRecording|DoNotShowFeedbackNotifications|DoNotSyncBrowserSettings|AllowFindMyDevice|ExploitGuard|Feeds|FileExplorer|Games|Handwriting|HumanPresence|InternetExplorer|Kerberos|KioskBrowser|Knobs|LanmanWorkstation|Licensing|LocalPoliciesSecurityOptions|LocalUsersAndGroups|Lockdown|Maps|MemoryDump|MSSecurityGuide|MSSLegacy|Multitasking|NetworkIsolation|NetworkListManager|NewsAndInterests|Notifications|OneDrive|Power|Printers|Privacy|RemoteAssistance|RemoteDesktopServices|RemoteDesktop|RemoteManagement|RemoteProcedureCall|RemoteShell|RestrictedGroups|Search|Security|Settings|SmartScreen|Speech|Start|Storage|System|SystemServices|TaskManager|TaskScheduler|TenantRestrictions|TextInput|TimeLanguageSettings|Troubleshooting|Update|UserRights|VirtualizationBasedTechnology|WiFi|WindowsLogon|WirelessDisplay|Location|WindowsAutopilot|WindowsConnectionManager|WindowsDefenderSecurityCenter|WindowsInkWorkspace|WindowsPowerShell|WindowsSandbox|WiredNetwork
00000306 10.40516853 [6664] Sync1 Address 0x72 ChipID 0x3570
00000307 10.40866089 [16112]
00000308 10.41006184 [6664] Direction 0
00000309 10.41136646 [16112] All policies are allowed
00000310 10.41267586 [6664] Sync1 frame_tobe_write 0xD4 effect_support 0x1
00000311 10.88105583 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)
00000312 10.88247204 [6664] AURACtrl::Sync
00000313 10.88440418 [6664] Sync0 Address 0x72 ChipID 0x3570
00000314 10.91080284 [6664] Sync0 Last Effect ID 0x5 ChipID 0x5
00000315 10.91291523 [6664] Sync1 Address 0x72 ChipID 0x3570
00000316 10.91415215 [6664] Direction 0
00000317 10.93668461 [6664] Sync1 frame_tobe_write 0xD4 effect_support 0x1
00000318 10.93923378 [6664] [AURA HAL][ENE DRAM] Sunc (1,0,5)
Cannot find anything suspicious in the logs now. Could be that conhost crashes or that it just doesn't launch NTVDM as it should. You can check Windows Event log to see if conhost.exe still crashes or if another application crashes on startup? If you launch a dos application from cmd.exe, does the console window vanish or is it just that the DOS application doesn't start? If conhost.exe crashes, you can attach a debugger like x64dbg to conhost.exe process and see where it crashes.
If I try to launch from a command prompt I see a message saying the file cannot be found, although it is clearly there.
C:\Users\Dominic>dir C:\UTILS\VBDOS.EXE
Volume in drive C is DOMC
Volume Serial Number is 988D-9F76
Directory of C:\UTILS
19/08/1992 22:59 555,520 VBDOS.EXE
1 File(s) 555,520 bytes
0 Dir(s) 240,303,177,728 bytes free
C:\Users\Dominic>cmd.exe /C C:\UTILS\VBDOS.EXE
The system cannot find the file C:\UTILS\VBDOS.EXE.
This sounds like Windows\system32\ntvdm.exe and/or Windows\SysWOW64\ntvdm.exe is not present, are you sure that it's there and executable?
ntvdm.exe is present (and executable) in SysWOW64 but is not present in system32.
Then the hard linking on installation went wrong for whatever reason.
fsutil hardlink create %SYSTEMROOT%\System32\ntvdm.exe %SYSTEMROOT%\SysWOW64\ntvdm.exe
No idea why that failed during setup on your machine.
Hmm, I think it might be an antivirus thing. I will uninstall Avast (can't do this until tomorrow) and then try again.
Was getting nowhere trying to make ntvdm work with my upgrade from win10 to win11. With the patch already installed on win10 and uninstalled before the update, updating to 11 seems to break something. Installed 11 fresh and everything is working as it should, thanks again leecher for your efforts!
After I removed Avast (which wasn't easy) and again created the hard link as you advised (it kept disappearing before) it all works, with Consolas. Thanks for your help in resolving this. I suspect all my problems with Windows 11 were down to the antivirus.
NTVDMx64 is a fantastic project! Thanks @leecher1337 for all your work on it.
Note to others: if you use Windows Defender you need to make exclusions for C:\Windows\System32\ldntvdm.dll and C:\Windows\SysWOW64\ldntvdm.dll (at least under Windows 11) [ Settings / Virus and threat protection / under 'Virus & threat protection settings' click 'Manage settings' / 'Add or remove exclusions' ]. Similar exceptions are likely required with other antivirus products.