Damnation

@K-BOX2022 try downloading the last AMD drivers for XP (14.04 I think?) and adding the hardware ID to the INF file, see if that works.

@George King @Dietmar For that to work I would need an ndis.lib from Vista beta 5048 DDK - Vista RTM ndis.lib is different again. Only way to extend functionality of Vista beta 5048 ndis.sys is with direct hex edit.

@Mov AX, 0xDEAD are you able to help us get this working?

@thomasxxx You mentioned you have the HDD drive inside a USB Caddy? if so then you're not using an AHCI driver but are using the USB Mass Storage driver instead.

very true.

@Mov AX, 0xDEAD are you willing to help? or not interested?

@Dietmar I'm out of ideas for now. I'll come back to this later. If you discover something else that you think might help with this let me know. Thanks for all the help!

@Dietmar Please double check that it's not ntoskrn8.sys again - I see PDB symbols are not loaded for it.

@Dietmar Thanks for all the help with debugging Dietmar! I really appreciate it. https://ufile.io/vhdgq4uy

@Dietmar OK, lets try this one - sorry it's not ufile.io - it's down for me right now. https://anonfiles.com/Hc1fR7n4y6/ndis6_fordietmar_8jun2022_5_7z edit: ufile is back https://ufile.io/69oe56vn

@Dietmar can you load the PDB symbols for ntoskrn8? last time it was has that changed?

@Dietmar OK, try this one. https://ufile.io/nuiwxdd6

@Dietmar I think KeAllocateCalloutStackEx is the cause, let me try something.

@Dietmar OK, I changed security_cookie in those files https://ufile.io/072ifs98 hopefully this yields results!

@Dietmar I just remembered something! I did not update the security_cookie in ndis/netio/msrpc.sys IIRC This might be the cause of the 7F BSOD Give me a few minutes to patch them.

@Dietmar I've never heard of it. Although If I want to patched imports I can already use CFF Explorer or PEMaker 0.8.2 for that.

@Dietmar This was with the most recent version? If it's in an infinite loop, I guess I'll stop working on this for now. Unless you or @Mov AX, 0xDEAD have some ideas for where to go from here?

@Dietmar I made some changes to SeQueryInformationToken https://ufile.io/q1o3tltj please test this one.

@Dietmar is this happening in SeQueryInformationToken_inject? or somewhere else?

@Dietmar I implemented SeCaptureSubjectContextEx and SeAccessCheckFromState in assembly in this version https://ufile.io/8sapwobp please test. If this still doesn't work I'll do the same for NtTraceControl and NtQuerySystemInformationEx

@Dietmar I think @Mov AX, 0xDEAD or @daniel_k would know more about adding a new exported function to 5048 ndis.sys since they've done this sort of thing before.

@Dietmar Sorry, I'm not skilled enough to manually add a new exported function to vista 5048 ndis.sys implementing this into ntoskrn8.sys won't do anything since it will never be called from there. making an ndis.sys extender for this version won't work either since we don't have a vista beta DDK to link it to, and the vista RTM version of the ndis.lib library won't link it correctly.

@Dietmar can you try these ndis/netio/msrpc.sys files on a system with a known XP compatible NDIS5 NIC? i.e just swap the files on a system with a working NIC on XP and restart. Does it stop working? do you get a similar BSOD on that kind of hardware?

@Dietmar OK, So we are quite sure now that netio.sys is where it is failing. I will have to implenent SeCaptureSubjectContextEx and SeAccessCheckFromState properly I think. Unless you or @Mov AX, 0xDEAD have some other ideas?

@Dietmar we might also need to add some registry keys?