Damnation

@Dietmar @George King @Mov AX, 0xDEAD I've gotten a KISystemservice implementation building with a precompiled object. I'll upload what I have in a bit, hopefully that'll help with the msrpc.sys BSOD. edit - upload here: https://ufile.io/fbdrjma3

@George King I'll try making workable code out of it, no guarantees. If you're willing to put up with 32bit only I can make an exact copy of this function in assembly, if you want?

@George King here, psuedocode will need reworking to be functional though. NTSTATUS IoSynchronousCallDriver_k8 ( PDEVICE_OBJECT DeviceObject, PIRP Irp ) { unsigned int local_0x18; // [esp-24] unsigned char local_0x14[20]; // [esp-20] unsigned long v1; // eax local_0x18 = (unsigned char)&local_0x18 & 0xFFFFFF00; local_0x14[0] = 0; local_0x18 = 1024; local_0x14[8] = &local_0x18[2]; local_0x14[4] = &local_0x18[2]; *(*(Irp + 96) + 4294967292) = &local_0x18; *(*(Irp + 96) + 4294967288) = &CmpCompleteFlushAndPurgeIrp; *(*(Irp + 96) + 4294967263) = 224; v1 = IofCallDriver( DeviceObject, Irp ); if( v1 == 259 ) { KeWaitForSingleObject( &local_0x18, 5, 0, 0, 0 ); v1 = *(Irp + 24); } return v1; }

@Dave-H BSOD A5 0x2001 - ACPI tried to evaluate the PIC control method but failed. This would explain why you're running out of hardware resources too, Programmable Interrupt Controller isn't working properly so you're running out of Interrupts. This is one of the unresolved BSODs mentioned on page 1 of this thread, so setting up windbg is a must to solve this. Sorry this is turning out to be so complicated for you @Dave-H

@Dave-H post a screenshot of the BSOD, maybe some of the parameters about the error have changed?

@George King @Dietmar @Dave-H So we're still getting a DDB error even when using our usual DDB fix, so we're gonna need to get windbg running to find the exact cause of this one. I left a post with debugging instructions here -

@Dave-H can you post a screenshot of the A5 BSOD please?

@Dave-H If you're willing to do a fresh install that would save a lot of hassle getting this working. If you must preserve some existing data for whatever reason, make sure you do a backup!

@Dave-H That's outdated. here - https://ufile.io/yuxh9ziz first try the one in 5.1.2600.7777.4\i386_free do an "ACPI Multiprocessor PC" install with this one. report any problems.

@Dave-H Try switching to "ACPI Multiprocessor PC" with the newer acpi.sys

@Dave-H Have you tried any of the acpi.sys that have been built on this thread to see if they work for you?

@Dietmar I think I might have found a way to implement it, TBD~ edit: even using precompiled trap.obj I can't resolve missing externals.

@Dietmar @George King I'm not sure how to implement the KiSystemService function for all the ZwAlpc functions that msrpc.sys depends on. KiSystemService depends on alot of functions and is very large~

@Dietmar @George King most of the missing imports for msrpc.sys I added are just stubs right now i.e just return STATUS_SUCCESS I'll work on them tomorrow.

@George King This one builds successfully https://ufile.io/itvzfprv It froze in my VM, I'll work on this tomorrow.

@George King I'm targeting NDIS 6.3 Windows 7

@Dietmar OK, I'll check dependencies there.

@Dietmar I use CFF explorer to modify the import tables. here I modded them for you - https://ufile.io/5cxo9w60

yeah, although not tested yet. storport is unchanged. yeah I haven't changed the import tables of these drivers yet.

This one builds successfully https://ufile.io/itvzfprv

OK, all needed functions added for ndis6, although most are stubbed right now. edit: forgot NtQuerySystemInformationEx

I've noticed that this part mov eax, 0x14 seems to increment upwords for each ZwAlpc function - I wonder why?

@LanXing link https://ufile.io/w7fej333 pass 123 kdnet and instructions thanks to Mov Ax 0xDEAD

@sookoop Can you double check in task manager if all of the CPU cores are showing up?

@Mov AX, 0xDEAD for functions like ZwAlpcCancelMessage and others NTSYSCALLAPI NTSTATUS NTAPI ZwAlpcCancelMessage(_In_ HANDLE PortHandle, _In_ ULONG Flags, _In_ PALPC_CONTEXT_ATTR MessageContext ); void __stdcall _ZwAlpcCancelMessage@12( int p1, int p2, int p3 ) { __asm.pushfd(); _KiSystemService(); } in asm void __stdcall _ZwAlpcCancelMessage@12( int p1, int p2, int p3 ) { mov eax, 0x14 lea edx, [p1] pushfd push 0x8 call _KiSystemService; void __cdecl( void ) ret 0xC } how should we implement this? should we take KiSystemService from trap.asm?