New registry key?

[SidCos]

Why in new version 5052 is the HKLM\Software\Chrome-XPAPI-Adapter key created in the registry?
It's an empty key without any parameters, and any registry cleaner (like CCleaner) removes it, but it's still a bit unnerving...
Supermium XP

[IDA-RE-things]

Its will be fixed in next build. Will be changed to create key before using, to store var, instead of on DLL-start phase, So its wiil not be empty, if user not watched video.
The registry var itself is requered for screensaver prevention interprocess approach.

[IDA-RE-things]

try build 5053.

[SidCos]

Yep, now the key is only created when you start the video:
HKLM\Software\Chrome-xpapi-adapter
"NumOfActiveWakeLocks"=dword:00000fe3
Is that correct?

[IDA-RE-things]

Try another build with same number, uploaded now. There was little bug. The value was incorrect.

[SidCos]

Now:
"NumOfActiveWakeLocks"=dword:ffffffff

[IDA-RE-things]

That strange.
Try to delete this wrong key value before using.
I have 0-1 while testing.

[IDA-RE-things]

It should not be < 0 in any case.

[IDA-RE-things]

UPD: yes the bug with value still here. I will check it more in such case...
Wait for this.

[IDA-RE-things]

5054 fixes issue with value.

[SidCos]

HKLM\SOFTWARE\Chrome-xpapi-adapter
"NumOfActiveWakeLocks"=dword:00000000

Everything seem all right?

[IDA-RE-things]

Yes, it should be 1, when video playing, and 0 when stopped.

[IDA-RE-things]

If you have sceensaver enabled on you system, you can test how this approach works.

[SidCos]

Yes, it is! Thank you!

One more question.
Earlier #527 I reported that with your DLL, it allowed to bypass starting the WMI Performance Adapter service. This was the case up to version 5045.
Now in the newer versions (split into 2 files), the WMI Performance Adapter also runs as on the original progwrp.dll.
One browser launch produces 3 messages in the system log. If you run the browser repeatedly and do not monitor the system log, the log is filled with these messages.
I would like to know why these DLLs need to run this service so much?

[IDA-RE-things]

This service started not by DLL's, but by the browser.
bypassing of starting the "WMI Performance Adapter service" it was side effect I think :)
because crashpad was not started,
The crashpad process I think starting this service.
I can try to disable it in future, by patching some DLL call. But its not in priority while.
But crashpad was restore early , from build 5033.

[IDA-RE-things]

I can try to do this when I have time between other tasks, and found where to do it by patching the browser on the fly. I hope its not influents to sandbox ))

[IDA-RE-things]

BTW I have not seen any messages frm WMI on My XP system (on both systems). May be I disabled it early. I mean "Event Viewer"
or what do you mean under the "system log" ?

[IDA-RE-things]

I found that \wbem\wmiprvse.exe have started with browser start, yes. But where is the messages from it ? My event log is clean.

[IDA-RE-things]

Have checked it on both real XP's SP3; on XP SP2 Vm; on Win2k3 Vm -- the event logs are clean.
Note, that on VM's was default system settings.

[IDA-RE-things]

Its on XP SP2 VM, after I clenan it and running the browser :

[IDA-RE-things]

I will close this issue as resolved. But you can continue to write here about your second question.