Jump to content

All Activity

This stream auto-updates

  1. Past hour
  2. Use a slim lock instead. If an SList node is present, it must be processed (Next and Depth zeroed). A pointer to the next node in the list must be returned.
  3. So I think, that even on one cpu with one core and one thread, via this attempt cmpxchg8b qword ptr [ebp+0] is necessary Dietmar PS: Now I think, that I read the paper from Cutler wrong. There is NO version for .386 at all in this paper.
  4. I make a new try with my hacked function .text:0040B0B2 ; Exported entry 7. ExInterlockedFlushSList .text:0040B0B2 .text:0040B0B2 ; =============== S U B R O U T I N E ======================================= .text:0040B0B2 .text:0040B0B2 .text:0040B0B2 public ExInterlockedFlushSList .text:0040B0B2 ExInterlockedFlushSList proc near ; CODE XREF: sub_45F0DF:loc_45F0F7p .text:0040B0B2 ; DATA XREF: .edata:off_5AC2A8o .text:0040B0B2 push ebx .text:0040B0B3 push ebp .text:0040B0B4 xor ebx, ebx .text:0040B0B6 mov ebp, ecx .text:0040B0B8 mov edx, [ebp+4] .text:0040B0BB mov eax, [ebp+0] .text:0040B0BE or eax, eax .text:0040B0C0 jz short loc_40B0C9 .text:0040B0C2 mov ecx, edx .text:0040B0C4 mov cx, bx .text:0040B0C7 xor ecx, ecx .text:0040B0C9 .text:0040B0C9 loc_40B0C9: ; CODE XREF: ExInterlockedFlushSList+Ej .text:0040B0C9 pop ebp .text:0040B0CA pop ebx .text:0040B0CB nop .text:0040B0CC nop .text:0040B0CD nop .text:0040B0CE nop .text:0040B0CF retn .text:0040B0CF ExInterlockedFlushSList endp .text:0040B0CF .text:0040B0CF ; --------------------------------------------------------------------------- Hex code 53 55 33 DB 8B E9 8B 55 04 8B 45 00 09 C0 74 07 8B CA 66 89 D9 33 C9 5D 5B 90 90 90 90 C3 But I get this Bsod kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0a130038, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: f7839bd8, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 0a130038 CURRENT_IRQL: 2 FAULTING_IP: storport!StorPortExtendedFunction+57cd f7839bd8 8b7e24 mov edi,dword ptr [esi+24h] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre DPC_STACK_BASE: FFFFFFFFF78A3000 TRAP_FRAME: f78a2ef8 -- (.trap 0xfffffffff78a2ef8) ErrCode = 00000000 eax=8a619ab8 ebx=00000000 ecx=8a619b4c edx=00000000 esi=0a130014 edi=8a619ab8 eip=f7839bd8 esp=f78a2f6c ebp=f78a2f78 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 storport!StorPortExtendedFunction+0x57cd: f7839bd8 8b7e24 mov edi,dword ptr [esi+24h] ds:0023:0a130038=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 80532747 to 804e3592 STACK_TEXT: f78a2aac 80532747 00000003 f78a2e08 00000000 nt!RtlpBreakWithStatusInstruction f78a2af8 8053321e 00000003 0a130038 f7839bd8 nt!KiBugCheckDebugBreak+0x19 f78a2ed8 804e187f 0000000a 0a130038 00000002 nt!KeBugCheck2+0x574 f78a2ed8 f7839bd8 0000000a 0a130038 00000002 nt!KiTrap0E+0x233 WARNING: Stack unwind information not available. Following frames may be wrong. f78a2f78 f783a26e 8a619ab8 8a6129f0 8a4be024 storport!StorPortExtendedFunction+0x57cd f78a2fa8 f782b356 8a610438 8a619ab8 8a610438 storport!StorPortExtendedFunction+0x5e63 f78a2fd0 804dbbd4 8a6129ac 8a612938 00000000 storport!DllInitialize+0xfc5 f78a2ff4 804db89e f789ded8 00000000 00000000 nt!KiRetireDpcList+0x46 f78a2ff8 f789ded8 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a 804db89e 00000000 00000009 bb835675 00000128 0xf789ded8 STACK_COMMAND: kb FOLLOWUP_IP: storport!StorPortExtendedFunction+57cd f7839bd8 8b7e24 mov edi,dword ptr [esi+24h] SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: storport!StorPortExtendedFunction+57cd FOLLOWUP_NAME: MachineOwner MODULE_NAME: storport IMAGE_NAME: storport.sys DEBUG_FLR_IMAGE_TIMESTAMP: 6142afab IMAGE_VERSION: 6.1.7601.25735 FAILURE_BUCKET_ID: 0xD1_storport!StorPortExtendedFunction+57cd BUCKET_ID: 0xD1_storport!StorPortExtendedFunction+57cd ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xd1_storport!storportextendedfunction+57cd FAILURE_ID_HASH: {2d353e86-f9c7-de18-d8db-956bcb502646} Followup: MachineOwner ---------
  5. Today
  6. thank Satya Nadella for that crap its much cheaper for users to be beta testers than actual programmers / devs its even miracle they still have their Build Labs
  7. OP youre looking it all wrong... believe or not it is Linux that is big troubles now the linux foundation is investing the least in dev of lin kernel (think it is about 3%) and most in AI and some non related Lin projects... while for some stupid reason stocks raised up for m$ when they announced new AI in w11 there is going to be new sh1t storm in Lin world soon and its not going to be nice even Canonical is starting to branch off soon
  8. if its not in their "idea" then they wont this was obvious since windows 8 if you havent noticed it yet...
  9. Delrina/Amaze Daily Planner, from 1992/93 for Win 3.1 - Me, 2000. Also check Simtel mirrors for similar sw.
  10. And now the explanation, what this function ExInterlockedFlushSList is doing in real: The calling function gives the register ECX to this function ExInterlockedFlushSList. In ECX stays the information of the startpoint for a list in memory. How long this list is, or whatever is in this list, is not interesting. Now the function ExInterlockedFlushSList checks 2 scenarios: ECX is empty, ECX=NULL is given back to the calling function, which means, that never such a list existed, because it has no memory address. The second scenario is, that ECX is not NULL. In this case, the ONLY thing, that the function ExInterlockedFlushSList is doing, is to delete everything in the register ECX. And gives then the value ECX=NULL back to the calling function. The list itself stays untouched in memory. But now, the calling function has lost all information about the place in memory about this list, because ECX is made to NULL by the function ExInterlockedFlushSList. And it cant be repaired from the calling function via ECX, because ECX is NULL: I wonder, why it is not enough to tell to the calling function: mov ECX, 00000000h
  11. Oh, I didn't try the MSDN image, but I just generated a new Win11 ISO using UUPDump and tested it again, and still have this error. It's really strange. I am very grateful to Mr. JFX for his continued attention to these issues, and I hope Mr. JFX has a happy day every day
  12. 8800GT is a very hot running card. You'd need a good cooling solution in a well ventilated case.
  13. ControlD is a DNS service by the makers of Windscribe VPN. Windscribe has a strong social media presence, but not actually secure as they claim to be. Windscribe had a major security breach last year. It's pricey compared to the competition. ControlD founders (Yegor Sak, Alex Paguis and Mark Ulicki) - not Canadian names at all, but claim to be based in Canada, a "five eyes" country. I advise against using it. https://www.howtogeek.com/856154/windscribe-vpn-review/ https://windscribe.com/ https://windscribe.com/knowledge-base/articles/who-owns-windscribe/
  14. this might have been asked when you goto history and clear it all is it all really gone from browser or is there a file that retains it all if so where is it
  15. I don't see how hardware PC health could be negatively affected. Not in general and not with this particular modification. If some essential part of the driver would be a mismatch with the hardware, then it would hang the system as soon as that mismatched code path was ran. Also, if people would have dying hardware because of such, it would be reported. My GT 710 system still runs fine.
  16. Yes, controld is utter garbage, thanks for bringing it to our attention! I don't know why would anyone suggest it here in the first place. I think there needs to be some sort of post checking against dangerous advice that user gives.
  17. After install Startallback on my computer,every time I open my computer the taskbar would stuck for a while,and when it recover the NVIDIA Control panel in the The notification area would disappear. I would like to know if this problem can be solved? Sorry for my low level english
  18. Well I can't reproduce it. Where can I download that exact ISO? Did you try with different source, maybe a clean MDSN version?
  19. Here is the from me relocated function ExInterlockedFlushSList from XP SP3 .data:004762B2 ; Exported entry 7. ExInterlockedFlushSList .data:004762B2 .data:004762B2 ; =============== S U B R O U T I N E ======================================= .data:004762B2 .data:004762B2 .data:004762B2 public ExInterlockedFlushSList .data:004762B2 ExInterlockedFlushSList proc near ; CODE XREF: sub_45F0DF:loc_45F0F7p .data:004762B2 ; DATA XREF: .edata:off_5AC2A8o .data:004762B2 push ebx .data:004762B3 push ebp .data:004762B4 xor ebx, ebx .data:004762B6 mov ebp, ecx .data:004762B8 mov edx, [ebp+4] .data:004762BB mov eax, [ebp+0] .data:004762BE .data:004762BE loc_4762BE: ; CODE XREF: ExInterlockedFlushSList+19j .data:004762BE or eax, eax .data:004762C0 jz short loc_4762CD .data:004762C2 mov ecx, edx .data:004762C4 mov cx, bx .data:004762C7 cmpxchg8b qword ptr [ebp+0] .data:004762CB jnz short loc_4762BE .data:004762CD .data:004762CD loc_4762CD: ; CODE XREF: ExInterlockedFlushSList+Ej .data:004762CD pop ebp .data:004762CE pop ebx .data:004762CF retn .data:004762CF ExInterlockedFlushSList endp .data:004762CF .data:004762CF ; ---------------------------------------------------------------------------
  20. @LoneCrusaderI dont know what you need it for... But looks like all the patch does is skip the checks in pSetupVerifyFile found in setupapi.dll. Fortunately XP64 has the same logic as XP for that part so same patch should also work. x86 setupapi.dll 5.1.2600.5603 @53789 8B FF 55 8B EC -> 33 C0 C2 30 00 x64 setupapi.dll 5.2.3790.4511 @94240 48 81 EC 98 00 -> 33 C0 C2 30 00
  21. I tried WimHost1.2.0.0, but still encountered the same problem as last time, which was when I deleted the winsxs.ini configuration file in the Default folder of MinWin and encountered an error of 0xc000005. As long as I restored winsxs.ini, there was no problem. This is strange, even if I downloaded the latest version of WinNTSetup from Mediafire and replaced the previous WimHost1.2.0.0, I still get this error. I don't know if Mr. JFX has a self use version of WinNTSetup that he can borrow me to test? Thank you, Mr. JFX, for your tireless answers these days. Thank you very much!
  22. Now we come to the whole work of the function ExInterlockedFlushSList in XP SP3. This function starts after its call with push ebx ; Push value of the ebx register to the stack to rescue its content there, its value is not changed. push ebp ; Push value of the ebp register to the stack to rescue its content there, its value is not changed. xor ebx, ebx ; Set the ebx register to zero (EBX = 00 00 00 00) by performing a bitwise XOR operation with itself. mov ebp, ecx ; Copy value of the ecx register in the ebp register (ECX value has to be prepared outside this function). mov edx, [ebp+4] ; Copy the 32-bit value stored at the RAM address [ebp+4] into the edx register (ebp is new from above ecx). mov eax, [ebp+0] ; Copy the 32-bit value stored at the RAM address [ebp+0] into the eax register (ebp is new from above ecx). Now we have empty ebx, and the lower 32bit in ram from the address of ecx, and the higher 32bit from the address from ecx. or eax, eax ; If eax was zero, the zero flag will be set. If eax was non-zero, the zero flag will be cleared. jz short loc_4762CD ; If EAX was zero, we overjump (short) all of the compare, to address 4762CD. mov ecx, edx ; Now we move the content of edx to ecx. The content of ecx is lost, the content in edx is still kept. But the content of ecx is (see before) already rescued in ebp. mov cx, bx ; cx represents the lower 16 bits of the ecx register. bx represents the lower 16 bits of the ebx register. mov cx, bx copies the content of the lower 16 bit of the ebx register (bx) into the lower 16 bit of the ecx register (cx). The upper 16 bits of both ebx and ecx remain unchanged. Example: EBX = 0x12345678 (upper 16 bit: 0x1234, lower 16 bit: 0x5678) ECX = 0x98765432 (upper 16 bit: 0x9876, lower 16 bit: 0x5432) Now mov cx, bx EBX remains unchanged (0x12345678). ECX will have only its lower 16 bit replaced with the lower 16 bit from bx = 0x5678. The upper 16 bit of ECX will remain the same (0x9876). So, this is the only change from mov cx, bx is in this example ECX = 0x98765678 jnz short loc_4762BE ; If the operation cmpxchg8b qword ptr [ebp+0] changes Ram via EBX, the Zero flag is set. Then, we go out of the loop, just next opcode after this jnz short loc_4762BE instruction. If the bits in EAX and the lower 32bits in Ram from the 64 bits are not identic, the cmpxchg8b qword ptr [ebp+0] does just nothing with any memory or register. But the Zero flag is not set. So, the jump to loc_4762BE happens. pop ebp ;Fetches the topmost value from the stack and store it in the ebp register and delete its value on top of stack. pop ebx ; Fetches the now topmost value from the stack, store it in the ebx register. Delete this value on stack. retn ; Return from the function ExInterlockedFlushSList to the caller. And delets the return address from the stack (the address where the function was called from). Jumps to the popped return address, effectively resuming execution from the point where the function was called.
  23. You change the config.sys with Notepad, or from DOS you can use EDIT.
  24. cauldronfire is a cancer contaminates whole web. To suggest give up your data in chase for "secooorety" is either ignorance or being vermin with them. Everybody please take time to read the novel and understand where leads the inspired obsession with "secooorety" https://i.4pcdn.org/tg/1467947329951.pdf or https://archive.org/details/epdf.pub_jack-williamson-with-folded-hands1d05f1195c81076f66d774b4012a34e585195 by the way https://github.com/Feodor2/Mypal68/issues/261
  25. Yes, noticed there was a problem, should be fixed now. WIMHost_1.2.0.0.zip
  26. LOL... I was considering flashing to 8800GT from 3700 (just bought a 3700 on eBay) for the higher clocks but probably better just take the 3700 and BIOS mod for the overclock if the FX3700 works in MacOS as is.... its also compatible with AROS (Amiga-like OS)
  1. Load more activity
×
×
  • Create New...