Damnation

@Dietmar I think @Mov AX, 0xDEAD or @daniel_k would know more about adding a new exported function to 5048 ndis.sys since they've done this sort of thing before.

@Dietmar Sorry, I'm not skilled enough to manually add a new exported function to vista 5048 ndis.sys implementing this into ntoskrn8.sys won't do anything since it will never be called from there. making an ndis.sys extender for this version won't work either since we don't have a vista beta DDK to link it to, and the vista RTM version of the ndis.lib library won't link it correctly.

@Dietmar can you try these ndis/netio/msrpc.sys files on a system with a known XP compatible NDIS5 NIC? i.e just swap the files on a system with a working NIC on XP and restart. Does it stop working? do you get a similar BSOD on that kind of hardware?

@Dietmar OK, So we are quite sure now that netio.sys is where it is failing. I will have to implenent SeCaptureSubjectContextEx and SeAccessCheckFromState properly I think. Unless you or @Mov AX, 0xDEAD have some other ideas?

@Dietmar we might also need to add some registry keys?

@Dietmar try bu ndis!DriverEntry does a BSOD occur? if so, any change in the BSOD?

@Mov AX, 0xDEAD I've added the internal ntoskrnl libraries for use with the ntoskrnl extender project. This was to help with some of the much larger functions like MmAllocatePagesForMdlEx You can make use of internal Ki functions this way. It's helped a bit with @Dietmar being able to allocate resources to hardware, and at the very least, adding these libraries did not interfere with anything that already worked with the previous version ntoskrnl extender. Can you take a look at what I have to see if it's possible to get NDIS6 working this way? https://ufile.io/x8teed7c

@Dietmar where in the debug log makes you think these NMR functions are the cause?

@Dietmar The NmrWaitForProviderDeregisterComplete function could still potentially be in 5048 but be invisible without the symbols.

@Dietmar I'm not sure what you mean? - I see NmrWaitForProviderDeregisterComplete function is in both vista and 7 netio.sys

@Dietmar I noticed that RmpStartModule makes use of MmAllocatePagesForMdlEx I made use of code from the windows research kernel for my implementation of it, can you debug that function in my ntoskrn8.sys?

@Dietmar I got the Vista RTM versions with PDB Symbols for you. https://ufile.io/j8gnil57 already redirected to ntoskrn8.sys

@Dietmar do the Vista RTM versions of ndis/netio/msrpc work with my ntoskrn8.sys?

@Dietmar I would ideally like to target windows7 ndis.sys since the LAN chip of my new B550 motherboard - Realtek RTL8125 - is Windows7 and later only, no vista support. regarding missing ndis.sys dependency - does vista RTM ndis.sys have it?

@Dietmar any idea for which part of ntoskrn8.sys I need to change?

@Dietmar I Implemented some more of the missing functions in assembly and included PDB symbols of everything for you. https://ufile.io/qnm6t9wa can you debug when you get the chance?

@Dietmar win7 ndis.sys depends also on netio.sys and msrpc.sys ntoskrn8.sys depends only on ntoskrnl.exe and hal.dll

@Dietmar @George King Back after trying a new thing. Can you guys try running win7 ndis.sys and debugging this new version? https://ufile.io/ktn5wbbo

@Dave-H make sure you have windbg open on your debugger and waiting for the debugee to connect. then on the debugee select the debug option from your XP boot menu. then switch back to the debugger and wait for it to connect.

@Dave-H The guide I gave you assumes XP is the only OS on the drive. Ideally, to get this debugging setup going, it would be best to make a backup image of your entire HDD (boot sector and all) and then wipe it, leaving XP as the only OS so you can use the boot.ini

@Dave-H It can be the windows 10 version of windbg if you prefer to use that. it just needs to support KDNET.

@Dave-H The HOST (debugger) does not need to be running XP like the TARGET (debugee) PC. It can be running newer OS's like Windows 10, and all windbg needs is a connection to the TARGET PC. Which in this case would be the TARGET PC's IP Address, a port, and encryption key.

@Dave-H Here are those kdnet you need. https://ufile.io/mr0jjupa

@Dave-H Here are some instructions @Mov AX, 0xDEAD sent me. type these commands in windbg for debugging - post full debug log.

@Dave-H You'd have to have windbg running on another machine as you click restart if you want to find what the cause of the problem is.