Dietmar

Yessssssssssssssssaaaaaaaaaaaaaaaa!!!!! I can see the google.com Website with my CNVi Wlan driver 9560 under XP SP3. Now, XP can do more than win7 Dietmar

@reboot12 What a crazy hard job to make this 9560 Wlan card CNVi to work under XP. But today I fix the most most difficult part, that the 9560 can see my Router with its correct values. The prove is easy: Switch the Router on: Channnel 6 and my router can be seen. Switch router off, clean all(!) SSID list, Channel 6 is gone. Switch router on again: Channel 6 is there with the correct name of my Router, its correct Mac and on Channel6 Dietmar 1: kd> bc * 1: kd> bd * 1: kd> .logopen /t c:\KD_nn56openbsd3.txt Closing open log file c:\KD_nn56openbsd4_0c08_2026-04-19_16-16-43-078.txt Opened log file 'c:\KD_nn56openbsd3_135c_2026-04-19_18-47-32-328.txt' 1: kd> sxd ibp 1: kd> sxi ld 1: kd> sxi ud 1: kd> sxe av 1: kd> sxe gp 1: kd> sxe ud 1: kd> !sym quiet quiet mode - symbol prompts on 1: kd> .reload /f nt 1: kd> .reload /f ndis.sys 1: kd> .reload /f 9560.sys 1: kd> bu 9560!WifiConfigureLinuxLikeInit ".printf "==== OPENBSD3 INIT ====\n"; gu" ^ Malformed string in 'bu 9560!WifiConfigureLinuxLikeInit ".printf "==== OPENBSD3 INIT ====\n"; gu"' 1: kd> bu 9560!WifiPrepareLinuxExactScanHcmd ".printf "==== BUILD OPENBSD3 SCAN ====\n"; gu" ^ Malformed string in 'bu 9560!WifiPrepareLinuxExactScanHcmd ".printf "==== BUILD OPENBSD3 SCAN ====\n"; gu"' 1: kd> bu 9560!WifiHoldMutableScanDebugMap ".printf "==== HOLD BEFORE OPENBSD3 0D ====\n"; gu" ^ Malformed string in 'bu 9560!WifiHoldMutableScanDebugMap ".printf "==== HOLD BEFORE OPENBSD3 0D ====\n"; gu"' 1: kd> bu 9560!WifiHandleLinuxLikeScanReqAck ".printf "==== SCAN ACK ====\n"; gu" ^ Malformed string in 'bu 9560!WifiHandleLinuxLikeScanReqAck ".printf "==== SCAN ACK ====\n"; gu"' 1: kd> bu 9560!WifiHandleLinuxLikeScanUmacComplete ".printf "==== UMAC COMPLETE ====\n"; gu" ^ Malformed string in 'bu 9560!WifiHandleLinuxLikeScanUmacComplete ".printf "==== UMAC COMPLETE ====\n"; gu"' 1: kd> bu 9560!WifiStoreRealBss ".printf "==== STORE BSS ====\n"; gu" ^ Malformed string in 'bu 9560!WifiStoreRealBss ".printf "==== STORE BSS ====\n"; gu"' 1: kd> g 9560nn56: NdisMInitializeScatterGatherDma -> 00000000 9560nn56: query resources pass0 status=c000009a need=56 9560nn56: query resources pass1 status=00000000 size=56 9560nn56: resources count=3 bytes=56 bar0raw=00000000:8b224004 9560nn56: resource[0] type=3 share=1 flags=0000 start=00000000:8b224000 len=16384 9560nn56: resource[1] type=129 share=1 flags=0000 start=00000000:00000001 len=0 9560nn56: resource[2] type=2 share=3 flags=0000 start=00000010:00000010 len=4294967295 9560nn56: mapped resources mmio=00000000:8b224000 len=16384 irq=16/16 hwrev=00000370 hwif=00080000 gp=08040000 mbox=00000000 9560n14: awake hwready=1 awake=1 hwrev=00000370 hwif=00480000 gp=0804000d mbox=00000020 9560n14: sw_reset before=00000011 after=00000011 hwif=00080000 gp=08040000 mbox=00000000 9560n14: awake hwready=1 awake=1 hwrev=00000370 hwif=00480000 gp=0804000d mbox=00000020 9560n14: retake after reset ok=1 hwready=1 awake=1 hwif=00480000 gp=0804000d mbox=00000020 9560nn56: NdisMRegisterInterrupt vec=16 lvl=16 shared=1 level=1 -> 00000000 9560nn56: embedded fw hdr ver=0000004d api=77 build=f92b5fed 9560nn56: alloc LMAC uncached len=1656 va=B7964000 pa=00000000:001cb000 9560nn56: alloc LMAC uncached len=32768 va=B83F8000 pa=00000000:001cc000 9560nn56: alloc LMAC uncached len=32768 va=B8400000 pa=00000000:001d4000 9560nn56: alloc LMAC uncached len=32768 va=B8408000 pa=00000000:001dc000 9560nn56: alloc LMAC uncached len=32760 va=B8410000 pa=00000000:001e4000 9560nn56: alloc LMAC uncached len=32768 va=B8418000 pa=00000000:001ec000 9560nn56: alloc LMAC uncached len=32768 va=B8420000 pa=00000000:001f4000 9560nn56: alloc LMAC uncached len=32768 va=B8428000 pa=00000000:001fc000 9560nn56: alloc LMAC uncached len=32768 va=B8430000 pa=00000000:00204000 9560nn56: alloc LMAC uncached len=32768 va=B8338000 pa=00000000:0020c000 9560nn56: alloc LMAC uncached len=32768 va=B8340000 pa=00000000:00214000 9560nn56: alloc LMAC uncached len=32768 va=B8348000 pa=00000000:0021c000 9560nn56: alloc LMAC uncached len=32768 va=B8360000 pa=00000000:00224000 9560nn56: alloc LMAC uncached len=13248 va=B7A1A000 pa=00000000:0022c000 9560nn56: alloc LMAC uncached len=5312 va=B85D8000 pa=00000000:00230000 9560nn56: alloc UMAC uncached len=1656 va=B7964678 pa=00000000:001cb678 9560nn56: alloc UMAC uncached len=32768 va=B8368000 pa=00000000:00232000 9560nn56: alloc UMAC uncached len=32768 va=B8370000 pa=00000000:0023a000 9560nn56: alloc UMAC uncached len=32768 va=B8378000 pa=00000000:00242000 9560nn56: alloc UMAC uncached len=32768 va=B8380000 pa=00000000:0024a000 9560nn56: alloc UMAC uncached len=32768 va=B8388000 pa=00000000:00252000 9560nn56: alloc UMAC uncached len=32768 va=B8390000 pa=00000000:0025a000 9560nn56: alloc UMAC uncached len=32768 va=B8398000 pa=00000000:00262000 9560nn56: alloc UMAC uncached len=32768 va=B83A0000 pa=00000000:0026a000 9560nn56: alloc UMAC uncached len=32768 va=B83A8000 pa=00000000:00272000 9560nn56: alloc UMAC uncached len=32768 va=B83B0000 pa=00000000:0027a000 9560nn56: alloc UMAC uncached len=32768 va=B83B8000 pa=00000000:00282000 9560nn56: alloc UMAC uncached len=4280 va=B85DA000 pa=00000000:0028a000 9560nn56: alloc UMAC uncached len=3592 va=B7968000 pa=00000000:0028c000 9560nn56: alloc UMAC uncached len=24756 va=B83C0000 pa=00000000:0028d000 9560nn56: alloc PAGE uncached len=1656 va=B75BC000 pa=00000000:00294000 9560nn56: alloc PAGE uncached len=32768 va=B8438000 pa=00000000:00295000 9560nn56: alloc PAGE uncached len=32768 va=B8440000 pa=00000000:0029d000 9560nn56: alloc PAGE uncached len=32768 va=B8448000 pa=00000000:002a5000 9560nn56: alloc PAGE uncached len=32768 va=B8450000 pa=00000000:002ad000 9560nn56: alloc PAGE uncached len=32768 va=B8458000 pa=00000000:002b5000 9560nn56: alloc PAGE uncached len=32768 va=B8460000 pa=00000000:002bd000 9560nn56: alloc PAGE uncached len=32768 va=B8468000 pa=00000000:002c5000 9560nn56: alloc PAGE uncached len=32768 va=B8470000 pa=00000000:002cd000 9560nn56: alloc PAGE uncached len=32768 va=B8478000 pa=00000000:002d5000 9560nn56: alloc PAGE uncached len=32768 va=B8480000 pa=00000000:002dd000 9560nn56: alloc PAGE uncached len=32768 va=B8488000 pa=00000000:002e5000 9560nn56: alloc PAGE uncached len=32768 va=B8490000 pa=00000000:002ed000 9560nn56: alloc PAGE uncached len=32768 va=B8498000 pa=00000000:002f5000 9560nn56: alloc PAGE uncached len=32768 va=B84A0000 pa=00000000:002fd000 9560nn56: alloc PAGE uncached len=32768 va=B62BC000 pa=00000000:00305000 9560nn56: alloc PAGE uncached len=32768 va=B62B4000 pa=00000000:0030d000 9560nn56: alloc PAGE uncached len=32768 va=B62AC000 pa=00000000:00315000 9560nn56: alloc PAGE uncached len=32768 va=B62A4000 pa=00000000:0031d000 9560nn56: alloc PAGE uncached len=12288 va=B7A16000 pa=00000000:00325000 9560nn56openbsd2: fw sections lmac=15 umac=15 page=20 iml=13944 phy_cfg=00330018 scan_req_cmdver=15 scan_cfg_cmdver=5 9560nn56: alloc Cmd uncached len=16384 va=B7A12000 pa=00000000:00328000 9560nn56: alloc TxQ uncached len=16384 va=B7A0E000 pa=00000000:0032c000 9560nn56: alloc RxQ uncached len=16384 va=B7A0A000 pa=00000000:00330000 9560nn56: alloc RxStatus uncached len=2 va=B75BC678 pa=00000000:00294678 9560nn56: alloc RxUsed uncached len=32768 va=B629C000 pa=00000000:00334000 9560nn56: alloc RxData uncached len=4194304 va=B5DD4000 pa=00000000:01000000 9560nn56: rx-prime count=1024 posted=1023 buf=4096 9560nn56: transport cmd=16384 txq=16384 rxq=16384 rxdata=4194304 9560nn56: alloc CtxG3 uncached len=104 va=B75BC67C pa=00000000:0029467c 9560nn56: alloc PrphInfo uncached len=4096 va=B7946000 pa=00000000:0033c000 9560nn56: alloc PrphScr uncached len=1660 va=B75BC6E4 pa=00000000:002946e4 9560nn56: alloc IML uncached len=13944 va=B7A06000 pa=00000000:0033d000 9560nn56: ctxt prepared ver=2 size=26 prph=00000000:0033c000 scratch=00000000:002946e4 9560nn56: disint-pulse[fwload] before=80000001 after_disable=00000000 after_enable=80000001 mask=80000001 9560nn56: ALIVE interrupt observed int=00000003 msix=00000000 9560nn56: ax210-iml-spin irq=0 loops=100000 msix_before=00000000 msix_after=00000000 ltr_before=00000000 ltr_after=881f881f iml_resp=00000001 9560nn56: alive wait end alive=1 status=0000cafe last_int=00000003 last_msix=00000000 spin=100000 9560nn56: bootstrap status alive=1 cpu_run=00000000 boot_before=00480000 boot_after=00480002 9560nn56: rfh-rx[post-boot] write=1023 write_actual=1016 read=0 active=00010001 frbdcb=00000000:00330000 urbdcb=00000000:00334000 stts=00000000:00294678 9560nn56: rx-slot[0] rbid=1 flags=00 bufslot=0 cmd=01 grp=00 seq=C000 len=148 type=alive mgmt_off=-1 data_off=-1 phys=00000000:01000000 9560nn56: rx-slot +000: 94 00 00 20 01 00 00 C0 FE CA 00 00 4D 00 00 00 9560nn56: rx-slot +010: ED 5F 2B F9 00 01 00 00 00 00 00 00 D0 7B 4F 00 9560nn56: rx-slot +020: 0C 6C 4F 00 18 71 4F 00 70 15 80 00 14 71 4F 00 9560nn56: rx-slot +030: 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: FE CA 00 00 4D 00 00 00 ED 5F 2B F9 00 01 00 00 9560nn56: rx-payload +010: 00 00 00 00 D0 7B 4F 00 0C 6C 4F 00 18 71 4F 00 9560nn56: rx-payload +020: 70 15 80 00 14 71 4F 00 00 00 62 00 00 00 00 00 9560nn56: rx-payload +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: notif alive seq=C000 len=148 status=0000cafe 9560nn56: rx-slot[1] rbid=2 flags=00 bufslot=1 cmd=B1 grp=00 seq=C001 len=24 type=notif-b1 mgmt_off=-1 data_off=-1 phys=00000000:01001000 9560nn56: rx-slot +000: 18 00 00 20 B1 00 01 C0 00 00 00 00 0C 00 00 14 9560nn56: rx-slot +010: 00 00 35 00 B0 12 00 00 94 60 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 0C 00 00 14 00 00 35 00 B0 12 00 00 9560nn56: rx-payload +010: 94 60 00 00 00 00 00 00 9560nn56: notif b1 seq=C001 len=24 9560nn56: rx-slot[2] rbid=3 flags=00 bufslot=2 cmd=FF grp=02 seq=C002 len=8 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01002000 9560nn56: rx-slot +000: 08 00 00 20 FF 02 02 C0 04 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 04 00 00 00 00 00 00 00 9560nn56: notif other cmd=FF grp=02 seq=C002 len=8 9560nn56: rx-consume[openbsd-init-pre] closed=3 cur=3 write=2 write_actual=0 raw=3 notif=3 mpdu=0 alive=1 b1=1 f7=0 mgmt=0 data=0 bss=0 9560nn56: raw-hcmd[init-203] tail=0 next=1 len=12 seq=001B pa=00000000:00328000 db=00000001 queued=1 9560nn56: rfh-dump[dpc] frbdcb=00328000:000c0001 urbdcb=00000000:00334000 stts=00000000:00294678 orb=00000000:00000000 gen=40031800 active=00000000 dma=87940000 umac_dma=87000000 9560nn56: rx-slot[3] rbid=4 flags=00 bufslot=3 cmd=F7 grp=00 seq=C003 len=16 type=notif-f7 mgmt_off=-1 data_off=-1 phys=00000000:01003000 9560nn56: rx-slot +000: 10 00 00 00 F7 00 03 C0 74 14 08 01 00 00 00 20 9560nn56: rx-slot +010: F7 C5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 74 14 08 01 00 00 00 20 F7 C5 00 00 00 00 00 00 9560nn56: notif f7 seq=C003 len=16 9560nn56: rx-slot[4] rbid=5 flags=00 bufslot=4 cmd=03 grp=02 seq=001B len=8 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01004000 9560nn56: rx-slot +000: 08 00 00 20 03 02 1B 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 00 00 00 00 9560nn56: notif other cmd=03 grp=02 seq=001B len=8 9560nn56: rx-consume[openbsd-init-post-203] closed=5 cur=5 write=4 write_actual=0 raw=5 notif=5 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: raw-hcmd[init-c00] tail=1 next=2 len=12 seq=001B pa=00000000:00328800 db=00000002 queued=2 9560nn56: rx-slot[5] rbid=6 flags=00 bufslot=5 cmd=00 grp=0C seq=001B len=4 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01005000 9560nn56: rx-slot[5] rbid=6 flags=00 bufslot=5 cmd=00 grp=0C seq=001B len=4 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01005000 9560nn56: rx-slot +000: 04 00 00 20 00 0C 1B 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 9560nn56: notif other cmd=00 grp=0C seq=001B len=4 9560nn56: rx-consume[init-wait] closed=6 cur=6 write=5 write_actual=0 raw=6 notif=6 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: rx-slot +000: 04 00 00 20 00 0C 1B 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot[6] rbid=7 flags=00 bufslot=6 cmd=04 grp=00 seq=C004 len=8 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01006000 9560nn56: rx-slot +000: 08 00 00 20 04 00 04 C0 01 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 01 00 00 00 00 00 00 00 9560nn56openbsd2: notif init-complete seq=C004 len=8 9560nn56openbsd2: notif init-complete seq=C004 len=8 9560nn56: rx-consume[init-wait] closed=7 cur=7 write=6 write_actual=0 raw=7 notif=7 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: rx-consume[openbsd-init-post-c00] closed=7 cur=7 write=6 write_actual=0 raw=7 notif=7 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: raw-hcmd[init-98] tail=2 next=3 len=12 seq=001B pa=00000000:00329000 db=00000003 queued=3 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot[7] rbid=8 flags=00 bufslot=7 cmd=98 grp=01 seq=001B len=4 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01007000 9560nn56: rx-slot +000: 04 00 00 20 98 01 1B 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 9560nn56: notif other cmd=98 grp=01 seq=001B len=4 9560nn56: rx-consume[openbsd-init-post-98] closed=8 cur=8 write=7 write_actual=0 raw=8 notif=8 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: raw-hcmd[init-10c-openbsd] tail=3 next=4 len=20 seq=001B pa=00000000:00329800 db=00000004 queued=4 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot[8] rbid=9 flags=00 bufslot=8 cmd=0C grp=01 seq=001B len=4 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01008000 9560nn56: rx-slot +000: 04 00 00 20 0C 01 1B 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 9560nn56: notif other cmd=0C grp=01 seq=001B len=4 9560nn56: rx-consume[openbsd-init-post-10c] closed=9 cur=9 write=8 write_actual=8 raw=9 notif=9 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: raw-hcmd[init-1d2-openbsd] tail=4 next=5 len=68 seq=001B pa=00000000:0032a000 db=00000005 queued=5 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot[9] rbid=10 flags=00 bufslot=9 cmd=D2 grp=01 seq=001B len=4 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01009000 9560nn56: rx-slot +000: 04 00 00 20 D2 01 1B 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 9560nn56: notif other cmd=D2 grp=01 seq=001B len=4 9560nn56: rx-consume[openbsd-init-post-1d2] closed=10 cur=10 write=9 write_actual=8 raw=10 notif=10 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56openbsd2: openbsd-init ok203=1 okc00=1 initdone=1 seq=C004 ok98=1 ok10c=1 ok1d2=1 txq=5 bell=5 raw=10 notif=10 mpdu=0 bss=0 txchains=3 rxchains=3 scan_cfg_cmdver=5 9560nn56: WifiInitialize success hwpresent=1 hwready=1 awake=1 alive=1 status=0000cafe mmio=00000000:8b224000 len=16384 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 00 00 00 00 9560nn56: notif other cmd=00 grp=0C seq=001B len=4 9560nn56: rx-consume[dpc] closed=6 cur=6 write=10 write_actual=8 raw=11 notif=11 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: rfh-dump[dpc] frbdcb=0032a000:00440001 urbdcb=00329800:00140001 stts=00000000:00294678 orb=00000000:00000000 gen=40031800 active=00000000 dma=40031800 umac_dma=87000000 9560nn56: rx-slot[6] rbid=7 flags=00 bufslot=6 cmd=04 grp=00 seq=C004 len=8 type=rx-other mgmt_off=-1 data_off=-1 phys=00000000:01006000 9560nn56: rx-slot +000: 08 00 00 20 04 00 04 C0 01 00 00 00 00 00 00 00 9560nn56: rx-slot +010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-slot +050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9560nn56: rx-payload +000: 01 00 00 00 00 00 00 00 9560nn56openbsd2: notif init-complete seq=C004 len=8 9560nn56openbsd2: notif init-complete seq=C004 len=8 9560nn56: notif other cmd=98 grp=01 seq=001B len=4 9560nn56: notif other cmd=0C grp=01 seq=001B len=4 9560nn56: notif other cmd=D2 grp=01 seq=001B len=4 9560nn56: rx-consume[dpc] closed=10 cur=10 write=14 write_actual=8 raw=15 notif=15 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 Unload module Flpydisk.SYS at b628c000 nt!DebugService2+0x10: 80532042 cc int 3 1: kd> g Unload module Sfloppy.SYS at b5a00000 nt!DebugService2+0x10: 80532042 cc int 3 2: kd> g Unload module Cdaudio.SYS at b6284000 nt!DebugService2+0x10: 80532042 cc int 3 1: kd> g Unload module serial.sys at b7d09000 nt!DebugService2+0x10: 80532042 cc int 3 1: kd> g Unload module imapi.sys at b7cf9000 nt!DebugService2+0x10: 80532042 cc int 3 2: kd> g Unload module nv4_disp.dll at bd012000 nt!DebugService2+0x10: 80532042 cc int 3 0: kd> g Unload module vga.dll at bff70000 nt!DebugService2+0x10: 80532042 cc int 3 0: kd> g 9560nn56: rx-consume[oid-bssid-list] closed=10 cur=10 write=14 write_actual=8 raw=15 notif=15 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: OID_802_11_BSSID_LIST count=0 media=1 real_frames=15 9560nn56: set oid=0D01011D len=64 auth=3 enc=6 9560nn56: set oid=0D010113 len=28 auth=0 enc=0 9560nn56: desired SSID set len=0 first=00 00 00 00 9560nn56: set oid=0D01011D len=64 auth=3 enc=6 9560nn56: rfh-dump[scan-pre] frbdcb=0032a000:00440001 urbdcb=00329800:00140001 stts=00000000:00294678 orb=00000000:00000000 gen=40031800 active=00000000 dma=40031800 umac_dma=87000000 9560nn56: rfh-rx[scan-pre-refresh] write=14 write_actual=8 read=10 active=00010001 frbdcb=00000000:00330000 urbdcb=00000000:00334000 stts=00000000:00294678 9560nn56: rfh-dump[scan-pre-after-refresh] frbdcb=00000000:00330000 urbdcb=00000000:00334000 stts=00000000:00294678 orb=00000000:00000000 gen=00000003 active=00010001 dma=87940000 umac_dma=87000000 9560nn56openbsd4: openbsd-scan v14 wildcard passive on channels 6 and 100 9560nn56openbsd4: scan-builder-openbsd v14 cmdver=15 chan0_flags=00000000 chan1_flags=00000000 gp_flags=0886 band0=1 band1=0 9560nn56: scan-builder uid=0 prio=6 chan_count=2 chan_flags=20 first_ch=6 last_ch=100 ssid_len=0 schedule0=0/1 schedule1=0/0 start_mac=0 gp_flags=0886 gp_flags2=00 9560nn56: scan-builder direct[0] id=0 len=0 first=00 00 00 00 count=2 9560nn56: scan-debug base=8B4190D4 bytes=1948 hold@=8B419878 ready@=8B419874 submit_count@=8B41987C uid@=8B419880 release_spin@=8B419884 cmdver=15 9560nn56: scan-debug offs hdr cmd=+0000 grp=+0001 seq=+0002 len=+0004 ver=+0007 req=+0008 uid=+0008 ooc=+0012 gp=+0016 chan=+0052 periodic=+0592 probe=+0604 9560nn56: scan-debug offs gp flags=+0016 reserved=+0018 start_mac=+0019 active=+0020 adwell2g=+0022 adwell5g=+0023 social=+0024 flags2=+0025 budget=+0026 maxoot=+0028 suspend=+0036 prio=+0044 passive=+0048 frags=+0050 9560nn56: scan-debug offs chan flags=+0052 count=+0053 numaps=+0054 ch0=+0056 chN=+0056+(N*8) periodic.s0=+0592 periodic.s1=+0596 delay=+0600 probe.shortssid_count=+1136 probe.bssid_count=+1137 direct0=+1140 directN=+1140+(N*34) shortssid0=+1820 shortssidN=+1820+(N*4) bssid0=+1852 bssidN=+1852+(N*6) 9560nn56: scan-debug hdr cmd=0D grp=01 seq=001C len=1940 ver=0 uid=0 ooc=6 9560nn56: scan-debug gp flags=0886 reserved=00 start_mac=0 active=10/10 adwell=2/8/10 flags2=00 budget=300 maxoot=0/0 suspend=0/0 prio=6 passive=110/110 frags=0/0 9560nn56: scan-debug chan flags=20 count=2 numaps=10/2 9560nn56: scan-debug ch[0] off=+0038 flags=00000000 num=6 psd=1 iter=1 interval=0 9560nn56: scan-debug ch[1] off=+0040 flags=00000000 num=100 psd=0 iter=1 interval=0 9560nn56: scan-debug periodic s0=0/1 s1=0/0 delay=0 reserved=0 9560nn56: scan-debug probe mac_hdr=0/26 band0=26/47 band1=73/52 band2=125/0 common=125/9 shortssid_count=0 bssid_count=0 9560nn56: scan-debug direct[0] off=+0474 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[1] off=+0496 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[2] off=+04b8 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[3] off=+04da id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[4] off=+04fc id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[5] off=+051e id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[6] off=+0540 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[7] off=+0562 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[8] off=+0584 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[9] off=+05a6 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[10] off=+05c8 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[11] off=+05ea id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[12] off=+060c id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[13] off=+062e id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[14] off=+0650 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[15] off=+0672 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[16] off=+0694 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[17] off=+06b6 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[18] off=+06d8 id=0 len=0 first=00 00 00 00 9560nn56: scan-debug direct[19] off=+06fa id=0 len=0 first=00 00 00 00 9560nn56: scan-debug short_ssid[0] off=+071c value=00000000 9560nn56: scan-debug short_ssid[1] off=+0720 value=00000000 9560nn56: scan-debug short_ssid[2] off=+0724 value=00000000 9560nn56: scan-debug short_ssid[3] off=+0728 value=00000000 9560nn56: scan-debug short_ssid[4] off=+072c value=00000000 9560nn56: scan-debug short_ssid[5] off=+0730 value=00000000 9560nn56: scan-debug short_ssid[6] off=+0734 value=00000000 9560nn56: scan-debug short_ssid[7] off=+0738 value=00000000 9560nn56: scan-debug bssid[0] off=+073c value=00-00-00-00-00-00 9560nn56: scan-debug bssid[1] off=+0742 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[2] off=+0748 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[3] off=+074e value=00-00-00-00-00-00 9560nn56: scan-debug bssid[4] off=+0754 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[5] off=+075a value=00-00-00-00-00-00 9560nn56: scan-debug bssid[6] off=+0760 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[7] off=+0766 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[8] off=+076c value=00-00-00-00-00-00 9560nn56: scan-debug bssid[9] off=+0772 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[10] off=+0778 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[11] off=+077e value=00-00-00-00-00-00 9560nn56: scan-debug bssid[12] off=+0784 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[13] off=+078a value=00-00-00-00-00-00 9560nn56: scan-debug bssid[14] off=+0790 value=00-00-00-00-00-00 9560nn56: scan-debug bssid[15] off=+0796 value=00-00-00-00-00-00 9560nn56: raw-hcmd[scan-0d-openbsd] tail=5 next=6 len=1948 seq=001C pa=00000000:0032a800 db=00000006 queued=6 9560nn56: rfh-dump[dpc] frbdcb=00000000:00330000 urbdcb=0032a800:079c0001 stts=00000000:00294678 orb=00000000:00000000 gen=00000003 active=00010001 dma=40031800 umac_dma=87000000 9560nn56: linux scan req ack grp=01 code=0D seq=001C len=4 uid=0 9560nn56: notif other cmd=0D grp=01 seq=001C len=4 9560nn56: rx-consume[scan-post-0d-openbsd] closed=11 cur=11 write=15 write_actual=8 raw=16 notif=16 mpdu=0 alive=1 b1=1 f7=1 mgmt=0 data=0 bss=0 9560nn56: scan-rx-candidate cmd=C1 grp=00 seq=8000 len=328 mgmt_off=64 data_off=8 9560nn56: real-bss add bssid=04-02-1F-F7-0D-B8 ssid_len=11 ds=2437000 count=1 9560nn56: rx-consume[scan-wait] closed=12 cur=12 write=16 write_actual=16 raw=17 notif=16 mpdu=1 alive=1 b1=1 f7=1 mgmt=1 data=1 bss=1 9560nn56openbsd2: openbsd-scan-submit ok0d=1 progress=1 gen=1 uid=0 ack=1 iter=0 umac_iter=0 done=0 status=0 mpdu=1 bss=1 wait_ms=0 9560nn56: rx-consume[scan] closed=12 cur=12 write=16 write_actual=16 raw=17 notif=16 mpdu=1 alive=1 b1=1 f7=1 mgmt=1 data=1 bss=1 9560nn56: OID_802_11_BSSID_LIST_SCAN gen=1 count=1 frames=17 mgmt=1 txq=6 bell=6 ack=1 iter=0 umac_iter=0 done=0 status=0 mpdu=1 wait_ms=0 9560nn56: scan-rx-candidate cmd=B5 grp=00 seq=C005 len=916 mgmt_off=10 data_off=8 9560nn56: linux scan umac iter grp=00 code=B5 seq=C005 len=916 uid=0 channels=2 status=1 bt=0 last_ch=100 tsf=00000000:0353737a 9560nn56: linux scan umac complete grp=00 code=0F seq=C006 len=20 uid=0 sched=0 iter=0 status=1 ebs=3 time=0 bss=1 mpdu=2 9560nn56: notif other cmd=0F grp=00 seq=C006 len=20 9560nn56: rx-consume[dpc] closed=14 cur=14 write=18 write_actual=16 raw=19 notif=17 mpdu=2 alive=1 b1=1 f7=1 mgmt=1 data=2 bss=1 9560nn56: rfh-dump[dpc] frbdcb=00000000:00330000 urbdcb=0032a800:079c0001 stts=00000000:00294678 orb=00000000:00000000 gen=00000003 active=00010001 dma=40031800 umac_dma=87000000 9560nn56: rx-consume[dpc] closed=14 cur=14 write=18 write_actual=16 raw=19 notif=17 mpdu=2 alive=1 b1=1 f7=1 mgmt=1 data=2 bss=1 9560nn56: rx-consume[oid-bssid-list] closed=14 cur=14 write=18 write_actual=16 raw=19 notif=17 mpdu=2 alive=1 b1=1 f7=1 mgmt=1 data=2 bss=1 9560nn56: OID_802_11_BSSID_LIST count=1 media=1 real_frames=19 9560nn56: desired SSID set len=11 first=57 4C 41 4E 9560nn56: set oid=0D01011D len=64 auth=3 enc=6 9560nn56: set oid=0D010113 len=28 auth=0 enc=0 9560nn56: desired SSID set len=0 first=00 00 00 00 36: ERROR: UMRxReadDWORDFromTheRegistry/ZwQueryValueKey: NtStatus = c0000034 ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 127 ERROR: DavReadRegistryValues/RegQueryValueExW(5). WStatus = 127 ERROR: DavReadRegistryValues/RegQueryValueExW(6). WStatus = 127

I have the Speedport W 724V router from the Telekom germany. There I notice, that the channel can change (automatisch) or can be fixed to one channel. So, I can and will really test everything (WPA, WPA2, WEP, unsecured) with the Wlan driver 9560 for XP Dietmar

@Mark-XP Hihi, the situation is a little bit other. There is no driver for Win7 for the wlan 9560 card. But soon will be there a driver for XP. Oh..soso much crazy things happen to me today. First I get Wlan contact to my router with this Wlan card for the very first time. On 2.4 GHZ on channel 6 and on 5 GHZ on channel 100. Later I was wondering, why suddently I get contact on channel 1. Interesting, it is from neighbor. But in the meantime, my router switched to 2.4 GHZ channel 11, but why Dietmar PS: From a user I get a hint, that it is possible to use Win11 and on the same board a virtual machine with XP for to pass through this Wlan device 9560. On his board is such a 9560 Wlan card, running under win11. He reported, that with my driver version 9560rr15 under XP SP3 he already gets contact with 6 different WPA2 sources. Hm, I always think that for tests, XP on real hardware is better. But in the same time I never make such a try with real hardware devices, and I think it is very difficult. I make pass through only one time with Linux in summer 2012 for the game Moorhuhn and sound.

@reboot12 Yessssaahh.. today is break through with the XP driver for wlan 9560. Crazy, I was one step away from to give up. Now I build around 1000(!) different versions of this driver. Now I have prove, that my 9560 driver connects to my router. Nowhere in Internet you can find any like this for Wlan and XP Dietmar Intel 9560 Wi-Fi Driver for Windows XP Current Status (rr12) 1. What this driver is This is a ground-up NDIS 5.1 miniport driver for the Intel 9560 Wi-Fi project on Windows XP. It does not rely on Intel's original Windows XP Wi-Fi driver, because no such complete modern driver exists for this hardware path. Instead, it loads the real Linux iwlwifi firmware and talks directly to the hardware with Linux-style low-level commands, DMA rings, RX/TX queues, and firmware notifications. In the current test logs, the active hardware path is the Intel CNVi device with PCI ID 8086:7AF0 and firmware API 77 (SoJf B0 family, build f92b5fed). 2. What already works The driver now performs the full low-level hardware and firmware bring-up successfully: - PCI BAR mapping - device reset and wake-up - interrupt registration - DMA/RFH/RX queue allocation - firmware loading - ALIVE notification handling - bootstrap completion After firmware startup, the driver can run the modern Linux-style UMAC scan sequence: - pre-scan command 0x03 - full scan request 0x0D - scan request ACK - UMAC iteration notification B5 - UMAC complete notification 0x0F This is important, because earlier revisions only got ACK/COMPLETE without usable scan results. The newer revisions now receive real scan-result traffic from the hardware. 3. What the driver can do right now At the current rr12 stage, the driver can already do the following: - initialize the hardware and firmware reliably - run real over-the-air Wi-Fi scans - receive real 802.11 management traffic from the air - parse scan-result notifications from the modern UMAC scan path - detect beacons / probe responses in the RX path - populate the Windows XP BSSID list - return real networks through OID_802_11_BSSID_LIST - repeat scans reliably when Windows XP requests them - detect whether a scanned network is open, WPA, or WPA2/WPA-family encrypted - set the Privacy flag for encrypted networks so the XP Wi-Fi UI can distinguish protected networks In plain words: The driver is no longer only loading firmware. It is now actually hearing Wi-Fi signals and building a real network list that Windows XP can query. 4. What the current logs prove The latest successful logs show all of the following: - firmware boot completes cleanly - ALIVE status is received - scan commands are accepted - B5 UMAC iteration results are returned - management frames are parsed - at least one BSS entry is created - OID_802_11_BSSID_LIST returns count = 1 instead of 0 This means the scan path is now real and functional. This is the first major milestone where the XP driver is no longer "talking to firmware only", but is actually receiving real radio data and exposing it back to Windows XP. 5. What is proven about radio reception The logs now prove real RF reception. That means this is no longer a fake scan, a synthetic result, or a firmware-only illusion. The driver is now receiving real scan-result data from the radio path and converting it into BSS entries. The current successful logs clearly prove real reception on 2.4 GHz. The scan also runs on 5 GHz channels, but in the currently confirmed logs the strongest proven decoded result is from the 2.4 GHz side. So the safe statement is: - 2.4 GHz reception is proven - 5 GHz scanning is active - 5 GHz reception is very likely, but should still be confirmed with a clearly decoded 5 GHz BSS entry in the log 6. WPA / WPA2 status WPA / WPA2 support is currently present at the scan-detection level, not yet at the full connection level. What works now: - RSN / WPA-family information can be recognized from scan results - encrypted networks can be marked as protected - the driver can expose that protection state in the BSS list What does not work yet: - no full WPA/WPA2 association - no 4-way handshake - no PTK/GTK installation - no real data traffic under WPA2 yet So at the moment: The driver can see WPA/WPA2-protected networks. 7. What still does NOT work yet The following major parts are still unfinished: - association / authentication sequence - full connect logic - WPA/WPA2 key installation - real TX data path for connected traffic - full RX data path for normal user packets - IP traffic over Wi-Fi - stable end-to-end network connection So the current status is: Scanning works. Discovery works. BSS list reporting works. Encryption detection works. Connection does not work yet. 8. Current technical limitation Although scan reception is now real, the management-frame decoding is still not fully clean. The latest logs show that the driver is extracting real BSS data, but some parsed fields are still not fully trustworthy in every case. That means the scan-result path is alive, but the embedded frame interpretation still needs refinement. So the remaining scan-side work is no longer "make scanning work at all". It is now much narrower: - improve exact management-frame alignment inside the B5 result path - refine SSID / BSSID / channel extraction - confirm 5 GHz decoding with a clean real entry - keep WPA / RSN interpretation attached to the corrected frame parser 9. Practical summary What the Intel 9560 XP driver can do now: - bring up hardware - load real firmware - run real Wi-Fi scans - receive real over-the-air management frames - build a real BSS list - show at least one real access point in Windows XP - detect protected networks as encrypted What it still cannot do yet: - associate - authenticate fully - complete WPA2 handshake - pass normal network traffic 11. Bottom line This project has now moved beyond basic firmware bring-up. The Intel 9560 XP driver is already capable of: - real firmware initialization - real radio scanning - real management-frame reception - real BSS list reporting - WPA/WPA2 network detection during scan The next big milestone is no longer scanning. The next big milestone is full connection support: association, key handling, and real data traffic. Current state in one sentence: The driver can already see real Wi-Fi networks under Windows XP, including protected WPA/WPA2 networks

@reboot12 I have this switch in Bios also, because with hack for ME I can see everything in the Bios of the Biostar z690A Valkyrie. I just switch this CNVi from Auto ===> disable. But because of those "IF" constructions there, then the whole device 9560 disappears. May be with ru.efi I can switch ONLY this CNVi but until now I have not tested because I do not think, that this will help me Dietmar PS: On your Dell the switch for CSM is write protected. But you can read out the whole Bios, switch this CSM to enabled and flash Bios back. This was the only way, how I can enable CSM on the N100 board. 0x41D1B Form: Connectivity Configuration, FormId: 0x2720 {01 86 20 27 75 02} 0x41D21 Text: Statement.Prompt: CNVi CRF Present, TextTwo: No {03 08 F8 16 F9 16 FA 16} 0x41D29 Text: Statement.Prompt: CNVi Configuration, TextTwo: {03 08 FC 16 FC 16 00 00} 0x41D31 One Of: CNVi Mode, VarStoreInfo (VarOffset/VarName): 0x734, VarStore: 0x6, QuestionId: 0x5E, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 76 02 FD 16 5E 00 06 00 34 07 10 10 00 01 00} 0x41D42 One Of Option: Disable Integrated, Value (8 bit): 0x0 {09 07 FF 16 00 00 00} 0x41D49 One Of Option: Auto Detection, Value (8 bit): 0x1 (default) {09 07 FE 16 30 00 01} 0x41D50 End One Of {29 02} 0x41D52 Suppress If {0A 82} 0x41D54 QuestionId: 0x5E equals value 0x0 {12 06 5E 00 00 00} 0x41D5A Gray Out If {19 82} 0x41D5C String Ref: No (0x16FB) {4E 84 FB 16} 0x41D60 String Ref: No (0x16FA) {4E 04 FA 16} 0x41D64 Match {2A 02} 0x41D66 End {29 02} 0x41D68 One Of: Wi-Fi Core, VarStoreInfo (VarOffset/VarName): 0x735, VarStore: 0x6, QuestionId: 0x5F, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 77 02 00 17 5F 00 06 00 35 07 10 10 00 01 00} 0x41D79 One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 10 00 01} 0x41D80 One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00} 0x41D87 End One Of {29 02} 0x41D89 One Of: BT Core, VarStoreInfo (VarOffset/VarName): 0x736, VarStore: 0x6, QuestionId: 0x60, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 78 02 01 17 60 00 06 00 36 07 10 10 00 01 00} 0x41D9A One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 10 00 01} 0x41DA1 One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00} 0x41DA8 End One Of {29 02} 0x41DAA Gray Out If {19 82} 0x41DAC QuestionId: 0x60 equals value 0x0 {12 06 60 00 00 00} 0x41DB2 One Of: BT Audio Offload, VarStoreInfo (VarOffset/VarName): 0x737, VarStore: 0x6, QuestionId: 0x271E, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 79 02 02 17 1E 27 06 00 37 07 14 10 00 01 00} 0x41DC3 One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 10 00 00} 0x41DCA One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01} 0x41DD1 End One Of {29 02} 0x41DD3 End If {29 02} 0x41DD5 End If {29 02} 0x41DD7 End If {29 02}

@K4sum1 I make a new version for RTL812x. Then I compile everything for XP SP3 free, chk and 2003 NT5.2 bit 64 also free and chk. I have not tested, good luck Dietmar https://www.upload.ee/files/19243043/RTL8125_NT52_x86_x64_patched_v3.zip.html

Hi, just for fun, for to look what is possible to do with the WDK 7600 under XP SP3, I wrote a pure Assembler program, for to calculate the sum of 1^3 + 2^3 + 3^3 + 4^3 + ...+ 10.000.000.000^3 = [n*(n+1)/2]^2 (zur Probe). The stupid compi has to add all one by one.. But he did this very tricky, for to avoid multiplication, uses always the "6" as constant difference in 3. order sum, and now only has to sum everything up. On my X58 board the program gives the time out of nearly exact 120 sec. The whole program kubik.exe is only 3kb in size. This program kubik.exe should run on a lot of different Windows versions. And I make an interesting discovery: I wrote another kubik.exe program, that make use of the 4 cores of my i920 cpu on this x58 board. Now, the cpu last goes up from 13% ==> 53%, means all cores are involve. But now I get nearly 200sec as result.. Dietmar PS: Here is the program kubik.exe and the whole Source Code that you run in commandline, nice(!).. https://www.upload.ee/files/19235972/kubik10.zip.html EDIT: I make a small joke: I just fake the Header PE signature. Now kubikOS.exe should also run on win95 >=Win95 XP 108: 03 05 10A: 0A 01 110: 03 05 112: 0A 01 https://www.upload.ee/files/19236111/kubikOS.exe.html .686 .model flat, stdcall option casemap:none EXTERN GetStdHandle@4:PROC EXTERN WriteFile@20:PROC EXTERN ExitProcess@4:PROC EXTERN GetTickCount@0:PROC .data sum0 dd 0 sum1 dd 0 sum2 dd 0 sum3 dd 0 sum4 dd 0 cube0 dd 1 cube1 dd 0 cube2 dd 0 cube3 dd 0 d10 dd 7 d11 dd 0 d12 dd 0 d13 dd 0 d20 dd 12 d21 dd 0 count0 dd 540BE400h count1 dd 2 startTick dd 0 elapsed dd 0 hout dd 0 bytesWritten dd 0 outptr dd 0 outlen dd 0 timeptr dd 0 timelen dd 0 prefix db 'Zeit ms: ' outbuf db 128 dup(0) timebuf db 32 dup(0) .code start PROC call GetTickCount@0 mov startTick, eax L1: mov eax, sum0 add eax, cube0 mov sum0, eax mov eax, sum1 adc eax, cube1 mov sum1, eax mov eax, sum2 adc eax, cube2 mov sum2, eax mov eax, sum3 adc eax, cube3 mov sum3, eax mov eax, sum4 adc eax, 0 mov sum4, eax mov eax, cube0 add eax, d10 mov cube0, eax mov eax, cube1 adc eax, d11 mov cube1, eax mov eax, cube2 adc eax, d12 mov cube2, eax mov eax, cube3 adc eax, d13 mov cube3, eax mov eax, d10 add eax, d20 mov d10, eax mov eax, d11 adc eax, d21 mov d11, eax mov eax, d12 adc eax, 0 mov d12, eax mov eax, d13 adc eax, 0 mov d13, eax add d20, 6 adc d21, 0 sub count0, 1 sbb count1, 0 mov eax, count0 or eax, count1 jnz L1 call GetTickCount@0 sub eax, startTick mov elapsed, eax mov edi, OFFSET outbuf add edi, 127 mov byte ptr [edi], 0 dec edi mov byte ptr [edi], 10 dec edi mov byte ptr [edi], 13 dec edi L2: mov ebx, 10 xor edx, edx mov eax, sum4 div ebx mov sum4, eax mov eax, sum3 div ebx mov sum3, eax mov eax, sum2 div ebx mov sum2, eax mov eax, sum1 div ebx mov sum1, eax mov eax, sum0 div ebx mov sum0, eax add dl, '0' mov byte ptr [edi], dl dec edi mov eax, sum0 or eax, sum1 or eax, sum2 or eax, sum3 or eax, sum4 jnz L2 inc edi mov outptr, edi mov eax, OFFSET outbuf add eax, 127 sub eax, edi mov outlen, eax mov edi, OFFSET timebuf add edi, 31 mov byte ptr [edi], 0 dec edi mov byte ptr [edi], 10 dec edi mov byte ptr [edi], 13 dec edi mov eax, elapsed cmp eax, 0 jne L3 mov byte ptr [edi], '0' dec edi jmp L4 L3: mov ebx, 10 L3A: xor edx, edx div ebx add dl, '0' mov byte ptr [edi], dl dec edi test eax, eax jnz L3A L4: inc edi mov timeptr, edi mov eax, OFFSET timebuf add eax, 31 sub eax, edi mov timelen, eax push -11 call GetStdHandle@4 mov hout, eax push 0 push OFFSET bytesWritten push outlen push outptr push hout call WriteFile@20 push 0 push OFFSET bytesWritten push 9 push OFFSET prefix push hout call WriteFile@20 push 0 push OFFSET bytesWritten push timelen push timeptr push hout call WriteFile@20 push 0 call ExitProcess@4 start ENDP end start

@sk9392 ntoskrnl.exe from XP SP3 and W2003 are not the same. They have some similarities but also big differences. So, when you use the Patch Integrator, I think it will always fail, when you use modded drivers, that depend on ntoskrn8.sys . Other drivers, which make no use of the ntoskrn8.sys, should work Dietmar PS: By the way I noticed, that the USB AMD 145 driver gives Bsod c0005 on z690 boards, even with the patch from @reboot12 .

@reboot12 I can only take a deeper look in this "not find UEFI data in RAM" when you tell me, what you are trying. By the way: My Wlan driver under XP for the 9560 device now shows "ALIVE=1" and also "ack=1" . This means, that the Wlan-cpu is feeding with the correct firmware, starts and works. But I still have problems for to convert the search from Linux Ubuntu for "Wlan network" to the XP search. The driver is nearly ready but still no able to find Wlan traffic, all other works Dietmar

@reboot12 Here is your wished driver, for XP SP3 and XP bit 64 compiled. I always compile under XP SP3 with WDK 7600 Dietmar https://www.upload.ee/files/19219218/gelipDriver.zip.html EDIT: I just correct the link.

@reboot12 After such a long and crazy search in the dark, I succed to print out each function, register, each adress, each size, a whole trace, what happens, when the Wlan 9560 driver starts in Linux. And the most hard and crazy step was to dump the full Payload in Linux for the firmware of the Wlan-cpu. Under XP I need for all those dumps via Windbg 5 min. Now I make a one by one compare and I find already small(?!) differences between my XP driver for the Wlan 9560 device and the Linux one. Now I put all whats different from Linux ==> XP, because the Wlan-cpu understands only what is given by Linux to its firmware, like food. Nowhere in internet is an example for a working payload for this Wlan-cpu. Now I have and maybe, whol fun starts is a very short moment Dietmar

@Damnation Oh yes, I am interested, because nearly nothing can to be found in Internet about Wireless lan an Windows Dietmar

@Damnation For me it was not possible, to reduce the Wlan 9560 driver from Linux Ubuntu ubuntu-24.04.2-desktop-amd64 to a maximal simplified single 9560.c 9560.h and sources and makefile. This is Open Source? ChatGPT tells, that it needs about 198 files for this and still the Kernel Sources?! ChatGPT 5.4 is much too stupid for such a task. The maximal end for to convert from Linux to XP is Lan-driver, at least in this moment. And you have no chance to put the nose of ChatGPT to that point, what really has to be looked on. For example I make a try for to figure out, what has to be the input for the Wlan-cpu when it accepts an input for scan. In Linux, it does not seem to be possible. When I am at this Linux, suddently the screen becomes black and I get a message, that my resolution of this screen is not perfect. BUT BLACK SCREEN SEEMS TO BE BETTER. How can somebody with brain work with this stupid, ugly OS, Win95 is much better. IT IS SOO STUPID, I mean ChatGPT. But I also do not know another KI, which is better Dietmar EDIT: Just when I write this, I come to an crazy idea. Even stupid ChatGPT cant find out, which bits the Wlan-cpu needs for to start a Scan, I can use Windbg and offer this Wlan-cpu really all of different bits, and it has to eat them..

@windows2 The answer is very easy, because I dont know anything about Copilot with Visual Studio Code. I compare some KI models. ChatGPT is for me the most most best of all, until now. I just think about if it is possible, to construct a machine, that automatically translated any working driver under ubuntu-24.04.2-desktop-amd64 direct in Source Code for XP, where it is possible Dietmar

@reboot12 I do not succeed to translate the Linux scan sequence to XP SP3. Even I succeed to get the full path under Linux Ubuntu, how Linux is doing everything and also a reset I can trace step by step. Strange for me. Linux hangs sometimes at the same point as XP during this scan for Wifi network, firmware of the integrated Wlan-cpu looks like dead. Linux did in this case a reset of all the rings, alive=1 etc. But I do not succeed to redo this reset in XP Dietmar PS: It is only a small step but I cant solve, even I have all the information for the Wlan 9560 card, that I need. Funny, I get the feeling, that ChatGPT does not want to help me with this. EDIT: This feeling becomes even more real. Now I trick Chatgpt, during build this whole Wlan driver for Linux Ubuntu from only 3 files 9560.c 9560.h firmware.c together with makefile and sources. This means to pack all the files from Linux intelligent together. Soon we will see..because now ChatGPT suddently forgets, that it does not want to help me with scan. EDIT2: Oh nice, this trick works. For the very first time I have Scan code for XP, build direct from Linux.

@reboot12 First Grok tells: Impossible ChatGPT: 0 % Chance. Now GroK: Nearly ready Chatgpt: 70 % chance for a full working Wlan driver for XP with WPA2 Dietmar PS: By the way I noticed, that there is not a single Wlan driver code for XP in whole Internet. Reactos also has none. This was other for to look for a normal Lan driver. All try and error and with the help of the XP SP1 Sources by myself. Interesting is the help of ChatGPT. This Ki can do a lot of programs, but comes very quick to an end. So just now no Terminator at all. ALL (100%) of ideas how to continue come only from me. Grok is good for some crazy ideas. But makes such a lot of mistakes..brrr..

@reboot12 I look at the SP1 Sources, what needs to be done, that an device is recogniced as wireless. This bit=1 I fake with Windbg. Waaoooh, fun is really endless in this Dietmar

@reboot12 I am not sure about this Valley-view graphik. Is it 3D? But I think such a hack would be easier for me than this crazy Wlan card because the working driver is close to the existing one for XP, Needs a lot of Hex work I think Dietmar

@reboot12 Sending works, WPA2 works, receive not works until now Dietmar

@reboot12 Yessssaaaaaaaaaaaaa Dietmar 9560L38: dpc cause=00000003 fh=00000000 msix_hw=00000000 msix_fh=00000000 [alive=1 wake=1 swrx=0 rfkill=0 ctkill=0 swerr=0 fhtx=0 hwerr=0 fhrx=0] 9560L53: rx-widx[alive] write=511 write_actual=504 cur=0 hw=0 Really crazy, how I solved this. I boot the compi with this Wlan card on Ubuntu life. Nothing good in this life Ubuntu but for me the only possibility to check, what is going on. And then I noticed something very strange: The Wlan card hangs at Ubuntu with exakt my symptoms, firmware hangs, so no ALIVE. And then I look, how Ubuntu overcomes this problem, because the Wlan card later works under Ubuntu. And it is this what i found and I copied it simple into my Source Code for XP SP3 --- /tmp/l66orig/l66/WDM/9560.c 2026-03-21 17:39:59.000000000 +0000 +++ /tmp/package_l67/l67/WDM/9560.c 2026-03-21 18:00:18.537173358 +0000 @@ -1849,6 +1849,51 @@ Adapter->ImlResp = WifiReadRegister32(Adapter->MmioBase0, Adapter->MmioLength0, INTEL9560_CSR_IML_RESP_ADDR); } +static VOID WifiSpinForAx210Iml(PADAPTER Adapter, ULONG TimeoutUs) +{ + ULONG loops; + ULONG ltr; + ULONG msix; + BOOLEAN irqSeen; + + if (Adapter == NULL || Adapter->MmioBase0 == NULL) + return; + + WifiClearMsixImrCause(Adapter); + Adapter->BootstrapLastMsgBefore = WifiReadRegister32(Adapter->MmioBase0, Adapter->MmioLength0, INTEL9560_CSR_LTR_LAST_MSG); + Adapter->BootstrapMsixCauseBefore = WifiReadMsixImrCause(Adapter); + ltr = Adapter->BootstrapLastMsgBefore; + irqSeen = FALSE; + + for (loops = 0; loops < TimeoutUs; ++loops) { + msix = WifiReadMsixImrCause(Adapter); + if ((msix & INTEL9560_MSIX_HW_INT_CAUSES_REG_IML) != 0) { + irqSeen = TRUE; + break; + } + ltr = WifiReadRegister32(Adapter->MmioBase0, Adapter->MmioLength0, INTEL9560_CSR_LTR_LAST_MSG); + if ((loops & 0x3FFUL) == 0) + NdisStallExecution(1); + } + + Adapter->BootstrapSpinLoops = loops; + Adapter->BootstrapLastMsgAfter = ltr; + Adapter->BootstrapMsixCauseAfter = WifiReadMsixImrCause(Adapter); + Adapter->ImlResp = WifiReadRegister32(Adapter->MmioBase0, Adapter->MmioLength0, INTEL9560_CSR_IML_RESP_ADDR); + + DbgPrint("9560L67: ax210-iml-spin irq=%u loops=%lu msix_before=%08lX msix_after=%08lX ltr_before=%08lX ltr_after=%08lX iml_resp=%08lX\n", + irqSeen ? 1 : 0, + loops, + Adapter->BootstrapMsixCauseBefore, + Adapter->BootstrapMsixCauseAfter, + Adapter->BootstrapLastMsgBefore, + Adapter->BootstrapLastMsgAfter, + Adapter->ImlResp); + + if (irqSeen) + WifiClearMsixImrCause(Adapter); +} + ULONG WifiReadPrph32(PADAPTER Adapter, ULONG Reg) { @@ -4494,9 +4539,17 @@ Adapter->BootstrapCpuRunOmitted = FALSE; WifiWriteRegister32(Adapter->MmioBase0, Adapter->MmioLength0, INTEL9560_CSR_CTXT_INFO_BOOT_CTRL, BootCtrl | INTEL9560_CSR_AUTO_FUNC_BOOT_ENA); - LtrVal = WifiBuildAx210BootLtrValue(); - WifiApplyBootLtr(Adapter, LtrVal); - WifiWriteUmacPrph32(Adapter, INTEL9560_UREG_CPU_INIT_RUN, 1); + if (Adapter->ChipKind == WifiChipSO_7AF0) { + Adapter->BootstrapLtrWriteSkipped = 1; + WifiClearMsixImrCause(Adapter); + WifiWriteUmacPrph32(Adapter, INTEL9560_UREG_CPU_INIT_RUN, 1); + WifiSpinForAx210Iml(Adapter, 100000UL); + } else { + LtrVal = WifiBuildAx210BootLtrValue(); + WifiApplyBootLtr(Adapter, LtrVal); + WifiWriteUmacPrph32(Adapter, INTEL9560_UREG_CPU_INIT_RUN, 1); + WifiSpinForBootstrapProgress(Adapter, 0x8000UL); + } Adapter->BootstrapCpuRunReadback = 0; Adapter->BootstrapCpuRunReadLooksStale = 0; Adapter->BootstrapUmacCurrentPc = 0;

@reboot12 Wooaoh, it looks like, if there is also a mechanismus against XP, very similar to ME on this Wifi card, better this special M2 slots. I fake via Windbg for the Wlan-cpu cpu=0 ==> cpu=1 And like from hand from ghost, suddently is set back to cpu=0 out of nowhere. Exakt this I have seen under ME on the AIMB 786 board. But on the Biostar z690 Valkyrie I disabled with Bioshack ME. So, it is this special Wifi M2 slot, that tells to XP: "We dont want to have you here". But the hack i did via Windbg direkt in the register. This can be done also permanent at the right time during recognicing of the Wlan card. Soon we will know Dietmar

@reboot12 I worked now for about 100 hours on this crazy Wlan card to get it work under XP SP3. It starts very nice, I check that I load the correct firmware to the one of the 2 cpus in this card. After the firmware is loaded, the Wlan-cpu starts working. One cpu is for Wifi, the other for Bluetooth. But then happens something strange: The Wlan-cpu after starting jumps always to the umac=8047E450 place. This firmware is from Intel and I can see its content via Winhex but it is not disassembled by Intel for the public. Even more crazy, with Windbg you cant check the memory of this Wlan chip. I have the Source Code from OpenBSD, which is EXACT for this Wlan card. All is ok. But the Wlan-cpu always stops working at this place 0x8047E450. With Windbg you can see via Stack (kd>kv) that via this stopping of this Wlan-cpu you never get the signal ALIVE from this cpu, so that Wlan traffic can happen. I also try disint+-, no helps. The Wlan card works. On the same compi I read out all values of this card via Linux Ubuntu life. I even can fetch the full original Source Code, from which this driver for the Wlan card was compiled for Linux. All seems ok. But the translation to XP SP3 fails until now. This is the first time for me. Ok, all the lan drivers which I modded have a size of about 20kb. This Wlan driver is another cathegory, about 1.5 Mb(!). Dietmar 1.) What I tested 1.1) Correct hardware / device path - PCI device is consistently detected as Intel 8086:7AF0. - hwrev is consistently 0x430. - rfid is consistently 0x00105110. - CNVi value is consistently 0x00080400. - This matches the expected AX210 / so-a0-jf-b0 path well enough to be accepted by the driver. 1.2) Correct firmware selection - The embedded firmware selected is always: iwlwifi-so-a0-jf-b0-77.ucode - Firmware header is read correctly: api = 77 build = F92B5FED - So the driver is not loading a random or obviously wrong blob. 1.3) Full firmware section loading - All runtime sections are allocated and copied successfully: - LMAC sections = 15 - UMAC sections = 15 - PAGE sections = 20 - All pre/post verification checks pass: - checks = 50 - failures = 0 - So the blob content survives copy/load intact. 1.4) GEN3 context / OpenBSD-based bootstrap structure - I built the GEN3 context from the OpenBSD source code for this exact card. - Context header remains valid: - ver = 2 - size_dw = 26 - prphinfo / scratch / context addresses are filled consistently. - I tested both: - closer-to-Linux/OpenBSD variants - strict OpenBSD-style layout / sequencing 1.5) IML / firmware kick path - IML buffer is allocated and copied correctly. - IML response becomes 1. - bootctrl changes correctly: - before = 0x00480000 - after = 0x00480002 - So the kick path itself works. 1.6) Interrupt setup - NdisMRegisterInterrupt succeeds. - Bringup interrupt mask is applied. - I also tested disint+- pulse. - The pulse toggles exactly as intended: - before = 0x80000001 - after_disable = 0x00000000 - after_enable = 0x80000001 1.7) RX / RFH experiments - I tested several variants: - deferred OpenBSD-style RX until ALIVE - forced pre-ALIVE host-owned RFH / RX arm - pre-kick re-arm attempts - doorbell / write pointer programming - I also traced direct-vs-UMAC RFH register paths. 2.) What works 2.1) The driver reaches deep firmware bootstrap - MiniportInitialize runs. - PCI resources are mapped. - MMIO is readable. - Scatter/gather DMA init succeeds. - Interrupt registration succeeds. 2.2) The correct WiFi CPU is actually running - Very important: Not just talking to the Bluetooth side. - The WiFi UMAC definitely starts executing. - I can see the UMAC PC move: - first around C00C09E4 - then later consistently to 8047E450 - So the WLAN CPU does start and execute code. 2.3) Firmware integrity looks good - Correct firmware family is selected. - Full runtime image loads. - All copied sections verify perfectly. - IML responds positively. - So there is no evidence of a corrupted firmware copy/load. 2.4) The physical card works - On the same machine, Linux Ubuntu live can read out the card and use it. - Hardware values from Linux are consistent with the XP-side probing. - So this is not a dead/broken card. 2.5) The failure is highly reproducible - The stop is deterministic. - The WiFi UMAC always ends at the same place: UMAC PC = 0x8047E450 3.) NOT works 3.1) ALIVE never arrives - The fundamental failure remains: - no ALIVE notification - no working WLAN traffic after bootstrap 3.2) No real interrupt activity after firmware start - MiniportISR is never hit after the firmware begins running. - MiniportHandleInterrupt is never hit after the firmware begins running. - Combined state stays dead: - int = 0 - fh = 0 - bootstage = 0 - ipc = 0 3.3) No RX notification traffic appears - rxst stays 0 - used0 stays 0000/00 - data0 stays 0 - cur/hw indices stay 0 - So the first notification packet never becomes visible on the host side. 3.4) Forced pre-ALIVE RX/RFH arm did not help - I tested host-owned RFH before ALIVE. - I tested write pointer / doorbell programming. - I tested re-arm while waiting. - Result stayed the same: - UMAC ends at 8047E450 - no ALIVE 3.5) Strict OpenBSD deferred RX-until-ALIVE also did not help - In L62 I went back to strict OpenBSD deferred RX behavior, except for disint pulse tests. - Result still stayed the same. - So the bug is not explained simply by: "RX was armed too early" or "RX was armed too late". 3.6) disint+- did not help - The interrupt disable/enable pulse executes correctly. - But it changes nothing. - The WiFi CPU still stalls at 8047E450. 4.1) The main new finding - The problem is no longer "wrong firmware file" or "firmware not loaded". - The firmware is loaded correctly and verified completely. - The WiFi UMAC really starts running. - It then reproducibly stalls at: UMAC PC = 0x8047E450 4.2) Very important technical conclusion - I tested BOTH opposite RX theories: - force RX/RFH before ALIVE - strict OpenBSD deferred RX until ALIVE - Neither changed the result. - That is an important negative result and should be mentioned. 4.3) Another important negative result - disint+- was tested and does not solve it. 4.4) Important logical conclusion - This strongly suggests the remaining bug is not just one obvious visible register value. - It is more likely something deeper such as: - DMA visibility / coherency - cache / uncached behavior - memory ordering / barrier issue - XP-specific transport / synchronization mismatch - some hidden prerequisite that Linux/OpenBSD satisfy indirectly 5.) - Correct firmware is selected: iwlwifi-so-a0-jf-b0-77.ucode (api 77, build F92B5FED) - All LMAC/UMAC/PAGE sections load and verify perfectly (50 checks, 0 failures). - IML responds successfully and bootctrl changes correctly to 0x00480002. - The WiFi UMAC definitely starts running, so this is not just the Bluetooth CPU. - The UMAC always ends reproducibly at 0x8047E450. - No ALIVE notification is ever received afterward. - No ISR / HandleInterrupt is ever triggered afterward. - I tested both opposite RX strategies: - strict deferred RX until ALIVE - forced host-owned RFH/RX before ALIVE - Neither changes the outcome. - disint+- was also tested and does not help. - Therefore the remaining failure is likely deeper than firmware selection or one obvious register mismatch; DMA/coherency/synchronization on XP SP3 is now a strong suspect. 15: kd> bc * 15: kd> bd * 15: kd> .logopen /t c:\9560l62_kd.txt Closing open log file c:\9560l61_kd_09ec_2026-03-21_00-27-51-609.txt Opened log file 'c:\9560l62_kd_01a8_2026-03-21_00-55-48-812.txt' 15: kd> sxd ibp 15: kd> sxi ld 15: kd> sxi ud 15: kd> sxe av 15: kd> sxe gp 15: kd> sxe ud 15: kd> !sym quiet quiet mode - symbol prompts on 15: kd> .reload /f nt 15: kd> .reload /f ndis.sys 15: kd> .reload /f 9560.sys 15: kd> lm vm 9560 Browse full module list start end module name b2fc3000 b3135780 9560 (private pdb symbols) c:\9560l62\l62\wdm\objchk_wxp_x86\i386\9560.pdb Loaded symbol image file: 9560.sys Image path: \SystemRoot\system32\DRIVERS\9560.sys Image name: 9560.sys Browse all global symbols functions data Timestamp: Sat Mar 21 00:50:24 2026 (69BDDD40) CheckSum: 00181399 ImageSize: 00172780 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 15: kd> x 9560!*AttemptFirmwareBootstrap* b2fc72c0 9560!WifiAttemptFirmwareBootstrap (struct _ADAPTER *) b2fc7330 9560!WifiAttemptFirmwareBootstrapLegacy (struct _ADAPTER *) b2fc8440 9560!WifiAttemptFirmwareBootstrapGen2V2 (struct _ADAPTER *) 15: kd> x 9560!*SeedGen3* b2fca000 9560!WifiSeedGen3PrphInfoWindows (struct _ADAPTER *) 15: kd> x 9560!*PrimeOpenBsdRxRing* b2fc60b0 9560!WifiPrimeOpenBsdRxRing (struct _ADAPTER *) 15: kd> x 9560!*ProgramOpenBsdRxDma* b2fca500 9560!WifiProgramOpenBsdRxDma (struct _ADAPTER *, char *) 15: kd> x 9560!*ApplyDisintPulse* b2fca9a0 9560!WifiApplyDisintPulse (struct _ADAPTER *, char *) 15: kd> x 9560!*EnableBringupInterrupts* b2fca7f0 9560!WifiEnableBringupInterrupts (struct _ADAPTER *) 15: kd> x 9560!*WaitForInitialAlive* b2fcaae0 9560!WifiWaitForInitialAlive (struct _ADAPTER *) 15: kd> x 9560!*PollBringupState* b2fcc0b0 9560!WifiPollBringupState (struct _ADAPTER *, char *) 15: kd> x 9560!*ReadCombinedInterruptState* b2fcc3f0 9560!WifiReadCombinedInterruptState (struct _ADAPTER *, unsigned long *, unsigned long *, unsigned long *, unsigned long *) 15: kd> x 9560!*AckCombinedInterruptState* b2fcc640 9560!WifiAckCombinedInterruptState (struct _ADAPTER *, unsigned long, unsigned long, unsigned long, unsigned long) 15: kd> x 9560!*ReadAx210BringupInterruptState* b2fcc6d0 9560!WifiReadAx210BringupInterruptState (struct _ADAPTER *, unsigned long *, unsigned long *, unsigned long *, unsigned long *) 15: kd> x 9560!*PrimeOpenBsdAliveRx* b2fccd60 9560!WifiPrimeOpenBsdAliveRx (struct _ADAPTER *, char *) 15: kd> x 9560!*ConsumeOpenBsdRxNotifs* b2fcb970 9560!WifiConsumeOpenBsdRxNotifs (struct _ADAPTER *) 15: kd> x 9560!*TryDecodeNotifBuffer* b2fcbd90 9560!WifiTryDecodeNotifBuffer (struct _ADAPTER *, unsigned char *, unsigned long, unsigned long) 15: kd> bu 9560!WifiAttemptFirmwareBootstrapGen2V2 15: kd> bu 9560!WifiSeedGen3PrphInfoWindows 15: kd> bu 9560!WifiPrimeOpenBsdRxRing 15: kd> bu 9560!WifiProgramOpenBsdRxDma 15: kd> bu 9560!WifiApplyDisintPulse 15: kd> bu 9560!WifiEnableBringupInterrupts 15: kd> bu 9560!WifiWaitForInitialAlive 15: kd> bu 9560!WifiPollBringupState 15: kd> bu 9560!WifiReadCombinedInterruptState 15: kd> bu 9560!WifiAckCombinedInterruptState 15: kd> bu 9560!WifiReadAx210BringupInterruptState 15: kd> bu 9560!WifiPrimeOpenBsdAliveRx 15: kd> bu 9560!WifiConsumeOpenBsdRxNotifs 15: kd> bu 9560!WifiTryDecodeNotifBuffer 15: kd> bu 9560!MiniportISR 15: kd> bu 9560!MiniportHandleInterrupt 15: kd> bl 0 e b2fc8440 0001 (0001) 9560!WifiAttemptFirmwareBootstrapGen2V2 1 e b2fca000 0001 (0001) 9560!WifiSeedGen3PrphInfoWindows 2 e b2fc60b0 0001 (0001) 9560!WifiPrimeOpenBsdRxRing 3 e b2fca500 0001 (0001) 9560!WifiProgramOpenBsdRxDma 4 e b2fca9a0 0001 (0001) 9560!WifiApplyDisintPulse 5 e b2fca7f0 0001 (0001) 9560!WifiEnableBringupInterrupts 6 e b2fcaae0 0001 (0001) 9560!WifiWaitForInitialAlive 7 e b2fcc0b0 0001 (0001) 9560!WifiPollBringupState 8 e b2fcc3f0 0001 (0001) 9560!WifiReadCombinedInterruptState 9 e b2fcc640 0001 (0001) 9560!WifiAckCombinedInterruptState 10 e b2fcc6d0 0001 (0001) 9560!WifiReadAx210BringupInterruptState 11 e b2fccd60 0001 (0001) 9560!WifiPrimeOpenBsdAliveRx 12 e b2fcb970 0001 (0001) 9560!WifiConsumeOpenBsdRxNotifs 13 e b2fcbd90 0001 (0001) 9560!WifiTryDecodeNotifBuffer 14 e b2fcdf80 0001 (0001) 9560!MiniportISR 15 e b2fce080 0001 (0001) 9560!MiniportHandleInterrupt 15: kd> g 9560v38: MiniportInitialize enter 9560v38: NdisMInitializeScatterGatherDma -> 00000000 9560v38: PCI ven=8086 dev=7AF0 subven=8086 subsys=4234 status=00000000 9560v38: PCI cmd=0006 stat=0010 class=02/80/00 rev=11 BAR0=2B41C004 BAR1=00000000 9560v38: query resources pass0 status=C000009A need=56 9560v38: query resources pass1 status=00000000 size=56 9560v38: resources version=0 rev=0 count=3 9560v38: RES[0] MEM start=00000000:2B41C000 len=00004000 flags=00000000 9560v38: map MEM[0] phys=00000000:2B41C000 len=00004000 -> 00000000 va=B1DA2000 9560v38: RES[1] type=129 flags=00000000 9560v38: RES[2] IRQ level=18 vector=18 affinity=FFFFFFFF flags=00000000 share=3 9560v38: resource mapping done, probing key registers 9560v38: mapped resources summary mmio0=B1DA2000 len0=00004000 mmio1=00000000 len1=00000000 9560v38: linux target fw=iwlwifi-so-a0-jf-b0 queues=512 tfd=65536 smem=00400000 len=000D0000 family=21000 gen2=1 integrated=1 umac=00300000 9560v38: regs 000=00080000 020=00000011 024=08040000 028=00000430 02C=D55555D5 030=D55555D5 9560v38: regs 090=00000000 09C=00105110 0A8=802FFFFF 0AC=00000000 0B0=00800000 0FC=5FFF7FFE 9560v38: linux-ish ids rfid=105110 cnv=80400 9560v53: 7AF0 expected hwrev=00000430 cnv=00080401 alt=00080400 rfid=00105110 crf=01300202 wfpm=80000030 board=00480002 fseq=00000024 got hwrev=00000430 cnv=00080400 rfid=00105110 match=1/0/1 accept=1 base=1 9560v53: 7AF0 refs[probe] hw=00000430/00000430 cnv=00080400 exact=0 alt=1 base=1 accepted=1 rfid=00105110/00105110 crf_ref=01300202 board_ref=00480002 wfpm_ref=80000030 fseq_ref=00000024 fw_ref=0000004D.F92B5FED iml_ref=00000B03 wait_ref=00011F5A flow_ref=00000024 auth_ref=00000080 9560v38: regs 200=00000000 204=05008010 208=00020000 220=AAAAA0AA 224=00000000 228=3F1D0430 9560v38: regs 250=00000000 258=3666CCDC 25C=00000000 260=00000000 270=21000000 278=80000400 318=00000020 9560v38: resource setup status=00000000 mmio0=B1DA2000 len0=00004000 mmio1=00000000 len1=00000000 irq=18/18 9560v38: transport setup fw=iwlwifi-so-a0-jf-b0 stage=29 cmd=4096 txq=16384 rxq=8192 9560v38: alloc Cmd uncached len=4096 va=B67DC000 pa=00000000:00331000 9560v38: alloc TxQ uncached len=16384 va=B1D9E000 pa=00000000:00332000 9560v38: alloc RxQ uncached len=8192 va=B865C000 pa=00000000:00336000 9560v38: alloc RxStatus uncached len=4 va=B7876000 pa=00000000:00338000 9560v38: alloc RxUsed uncached len=16384 va=B1D9A000 pa=00000000:00339000 9560v38: alloc RxData uncached len=2097152 va=B0A32000 pa=00000000:00AE9000 Breakpoint 2 hit 9560!WifiPrimeOpenBsdRxRing: b2fc60b0 8bff mov edi,edi 15: kd> g 9560L62: openbsd-rx-prime deferred count=512 buf=4096 write=0 actual=0 9560v38: transport cmd va=B67DC000 pa=00000000:00331000 len=4096 cached=0 ok=1 9560v38: transport txq va=B1D9E000 pa=00000000:00332000 len=16384 cached=0 ok=1 9560v38: transport rxq va=B865C000 pa=00000000:00336000 len=8192 cached=0 ok=1 9560v54: transport rxdata va=B0A32000 pa=00000000:00AE9000 len=2097152 cached=0 ok=1 9560v38: transport summary ok=1 stage=29 9560v38: transport setup status=00000000 shared=1 stage=29 9560L45: start-hw ok hw_if=00080000 reset=00000011 gp=08040005 gio=041F0042 hpet=FFFF0000 linkpm=00000000 9560L45: early hw ready hw_if=00080000 gp=08040005 int_coalescing=40 9560v38: mapped resources summary mmio0=B1DA2000 len0=00004000 mmio1=00000000 len1=00000000 9560v38: linux target fw=iwlwifi-so-a0-jf-b0 queues=512 tfd=65536 smem=00400000 len=000D0000 family=21000 gen2=1 integrated=1 umac=00300000 9560v38: regs 000=00080000 020=00000011 024=08040005 028=00000430 02C=D55555D5 030=D55555D5 9560v38: regs 090=00000000 09C=00105110 0A8=802FFFFF 0AC=00000000 0B0=00000000 0FC=5FFF7FFE 9560v38: linux-ish ids rfid=105110 cnv=80400 9560v53: 7AF0 expected hwrev=00000430 cnv=00080401 alt=00080400 rfid=00105110 crf=01300202 wfpm=80000030 board=00480002 fseq=00000024 got hwrev=00000430 cnv=00080400 rfid=00105110 match=1/0/1 accept=1 base=1 9560v53: 7AF0 refs[probe] hw=00000430/00000430 cnv=00080400 exact=0 alt=1 base=1 accepted=1 rfid=00105110/00105110 crf_ref=01300202 board_ref=00480002 wfpm_ref=80000030 fseq_ref=00000024 fw_ref=0000004D.F92B5FED iml_ref=00000B03 wait_ref=00011F5A flow_ref=00000024 auth_ref=00000080 9560v38: regs 200=00000000 204=05008010 208=00020000 220=AAAAA0AA 224=00000000 228=3F1F2210 9560v38: regs 250=00000000 258=3666CCDC 25C=00000000 260=00000000 270=21000000 278=80000400 318=00000020 9560v40: NdisMRegisterInterrupt vec=18 lvl=18 shared=1 level=1 -> 00000000 Breakpoint 0 hit 9560!WifiAttemptFirmwareBootstrapGen2V2: b2fc8440 8bff mov edi,edi 3: kd> g 9560v38: embedded fw selected name=iwlwifi-so-a0-jf-b0-77.ucode size=1446036 9560v38: embedded fw hdr ver=0000004D api=77 build=F92B5FED text=release/core74_pv::f92b5fed 9560v38: alloc LMAC uncached len=1656 va=B7876004 pa=00000000:00338004 9560L41: fw section LMAC idx=0 pa=00000000:00338004 rawlen=1660 payload=1656 load=00440000 cached=0 first=00000006 tail=00000000 hash=6CD08191 cap=1 9560v38: alloc LMAC uncached len=32768 va=B67E9000 pa=00000000:0033D000 9560L41: fw section LMAC idx=1 pa=00000000:0033D000 rawlen=32772 payload=32768 load=00800000 cached=0 first=00000000 tail=00000000 hash=00000000 cap=1 9560v38: alloc LMAC uncached len=32768 va=B67E1000 pa=00000000:00345000 9560L41: fw section LMAC idx=2 pa=00000000:00345000 rawlen=32772 payload=32768 load=00000000 cached=0 first=00000060 tail=00832009 hash=E4606A05 cap=1 9560v38: alloc LMAC uncached len=32768 va=B79FE000 pa=00000000:0034D000 9560L41: fw section LMAC idx=3 pa=00000000:0034D000 rawlen=32772 payload=32768 load=00008000 cached=0 first=782AD8D8 tail=00011800 hash=AE01458D cap=1 9560v38: alloc LMAC uncached len=32760 va=B79F6000 pa=00000000:00355000 9560L41: fw section LMAC idx=4 pa=00000000:00355000 rawlen=32764 payload=32760 load=00010000 cached=0 first=004018A8 tail=7E7E7E7E hash=AC99C48C cap=1 9560v38: alloc LMAC uncached len=32768 va=B79EE000 pa=00000000:0035D000 9560L41: fw section LMAC idx=5 pa=00000000:0035D000 rawlen=32772 payload=32768 load=004B8000 cached=0 first=B805C0F1 tail=F5F77724 hash=093DB8D4 cap=1 9560v38: alloc LMAC uncached len=32768 va=B79E6000 pa=00000000:00365000 9560L41: fw section LMAC idx=6 pa=00000000:00365000 rawlen=32772 payload=32768 load=004C0000 cached=0 first=7E554E41 tail=0CBA0000 hash=CA811E0A cap=1 9560v38: alloc LMAC uncached len=32768 va=B79DE000 pa=00000000:0036D000 9560L41: fw section LMAC idx=7 pa=00000000:0036D000 rawlen=32772 payload=32768 load=004C8000 cached=0 first=26150600 tail=86018622 hash=E73EEF43 cap=1 9560v38: alloc LMAC uncached len=32768 va=B79D6000 pa=00000000:00375000 9560L41: fw section LMAC idx=8 pa=00000000:00375000 rawlen=32772 payload=32768 load=004D0000 cached=0 first=165C7FB6 tail=7E7E7E7E hash=213105E3 cap=1 9560v38: alloc LMAC uncached len=32768 va=B79CE000 pa=00000000:0037D000 9560L41: fw section LMAC idx=9 pa=00000000:0037D000 rawlen=32772 payload=32768 load=004D8000 cached=0 first=7E7E7E7E tail=7E7E7E7E hash=00000000 cap=1 9560v38: alloc LMAC uncached len=32768 va=B79C6000 pa=00000000:00385000 9560L41: fw section LMAC idx=10 pa=00000000:00385000 rawlen=32772 payload=32768 load=004E0000 cached=0 first=7E7E7E7E tail=00000000 hash=12377400 cap=1 9560v38: alloc LMAC uncached len=32768 va=B79BE000 pa=00000000:0038D000 9560L41: fw section LMAC idx=11 pa=00000000:0038D000 rawlen=32772 payload=32768 load=004E8000 cached=0 first=00000000 tail=7E7E7E7E hash=12377400 cap=1 9560v38: alloc LMAC uncached len=32768 va=B8438000 pa=00000000:00395000 9560L41: fw section LMAC idx=12 pa=00000000:00395000 rawlen=32772 payload=32768 load=004F0000 cached=0 first=7E7E7E7E tail=33312B25 hash=52641390 cap=1 9560v38: alloc LMAC uncached len=13248 va=B0CD6000 pa=00000000:0039D000 9560L41: fw section LMAC idx=13 pa=00000000:0039D000 rawlen=13252 payload=13248 load=004F8000 cached=0 first=25253D39 tail=00000000 hash=2ECDE456 cap=1 9560v38: alloc LMAC uncached len=5312 va=B865E000 pa=00000000:003A1000 9560L41: fw section LMAC idx=14 pa=00000000:003A1000 rawlen=5316 payload=5312 load=00629980 cached=0 first=10C02020 tail=00000000 hash=C1029EC7 cap=1 9560v54: embedded IML selected len=13944 first=00000006 9560v38: fw separator cpu1->cpu2 type=19 9560v38: alloc UMAC uncached len=1656 va=B787667C pa=00000000:0033867C 9560L41: fw section UMAC idx=0 pa=00000000:0033867C rawlen=1660 payload=1656 load=80440000 cached=0 first=00000006 tail=00000000 hash=533CEFB5 cap=1 9560v38: alloc UMAC uncached len=32768 va=B8448000 pa=00000000:003A3000 9560L41: fw section UMAC idx=1 pa=00000000:003A3000 rawlen=32772 payload=32768 load=C0080000 cached=0 first=0F802020 tail=80470F80 hash=C9B2F00B cap=1 9560v38: alloc UMAC uncached len=32768 va=B8450000 pa=00000000:003AB000 9560L41: fw section UMAC idx=2 pa=00000000:003AB000 rawlen=32772 payload=32768 load=C0088000 cached=0 first=F0031EF4 tail=7E7E7E7E hash=C2D55671 cap=1 9560v38: alloc UMAC uncached len=32768 va=B8458000 pa=00000000:003B3000 9560L41: fw section UMAC idx=3 pa=00000000:003B3000 rawlen=32772 payload=32768 load=C0880000 cached=0 first=00000000 tail=7E7E7E7E hash=12377400 cap=1 9560v38: alloc UMAC uncached len=32768 va=B8478000 pa=00000000:003BB000 9560L41: fw section UMAC idx=4 pa=00000000:003BB000 rawlen=32772 payload=32768 load=80447000 cached=0 first=2022C0F1 tail=00000000 hash=ADF9FE3E cap=1 9560v38: alloc UMAC uncached len=32768 va=B8480000 pa=00000000:003C3000 9560L41: fw section UMAC idx=5 pa=00000000:003C3000 rawlen=32772 payload=32768 load=80466000 cached=0 first=70CFC0F1 tail=08021378 hash=4EA1AD9A cap=1 9560v38: alloc UMAC uncached len=32768 va=B8468000 pa=00000000:003CB000 9560L41: fw section UMAC idx=6 pa=00000000:003CB000 rawlen=32772 payload=32768 load=8046E000 cached=0 first=BA91BA8E tail=D90070A9 hash=26B06EC1 cap=1 9560v38: alloc UMAC uncached len=32768 va=B6821000 pa=00000000:003D3000 9560L41: fw section UMAC idx=7 pa=00000000:003D3000 rawlen=32772 payload=32768 load=80476000 cached=0 first=0F802022 tail=768B7708 hash=5BE7E634 cap=1 9560v38: alloc UMAC uncached len=32768 va=B8460000 pa=00000000:003DB000 9560L41: fw section UMAC idx=8 pa=00000000:003DB000 rawlen=32772 payload=32768 load=8047E000 cached=0 first=202270C9 tail=F420E081 hash=85ED5596 cap=1 9560v38: alloc UMAC uncached len=32768 va=B8490000 pa=00000000:003E3000 9560L41: fw section UMAC idx=9 pa=00000000:003E3000 rawlen=32772 payload=32768 load=80486000 cached=0 first=F003DA00 tail=00000000 hash=F647C2BA cap=1 9560v38: alloc UMAC uncached len=32768 va=B84A8000 pa=00000000:003F1000 9560L41: fw section UMAC idx=10 pa=00000000:003F1000 rawlen=32772 payload=32768 load=8048E000 cached=0 first=00000000 tail=00000000 hash=00000000 cap=1 9560v38: alloc UMAC uncached len=32768 va=B8498000 pa=00000000:003F9000 9560L41: fw section UMAC idx=11 pa=00000000:003F9000 rawlen=32772 payload=32768 load=80496000 cached=0 first=00000000 tail=00000000 hash=00000000 cap=1 9560v38: alloc UMAC uncached len=4280 va=B8660000 pa=00000000:003EB000 9560L41: fw section UMAC idx=12 pa=00000000:003EB000 rawlen=4284 payload=4280 load=8049E000 cached=0 first=00000000 tail=00000000 hash=00000000 cap=1 9560v38: alloc UMAC uncached len=3592 va=B7875000 pa=00000000:003ED000 9560L41: fw section UMAC idx=13 pa=00000000:003ED000 rawlen=3596 payload=3592 load=80415000 cached=0 first=00000000 tail=0001520C hash=0C1F0AE3 cap=1 9560v38: alloc UMAC uncached len=24756 va=B8488000 pa=00000000:00401000 9560L41: fw section UMAC idx=14 pa=00000000:00401000 rawlen=24760 payload=24756 load=80409000 cached=0 first=01000080 tail=00000000 hash=9FFE4F3C cap=1 9560v38: fw separator paging type=19 9560v38: alloc PAGE uncached len=1656 va=B67DB000 pa=00000000:003EE000 9560L41: fw section PAGE idx=0 pa=00000000:003EE000 rawlen=1660 payload=1656 load=00000000 cached=0 first=00000006 tail=00000000 hash=C7546061 cap=1 9560v38: alloc PAGE uncached len=32768 va=B84B0000 pa=00000000:00408000 9560L41: fw section PAGE idx=1 pa=00000000:00408000 rawlen=32772 payload=32768 load=01000000 cached=0 first=2022C0F1 tail=78E078E0 hash=00037E26 cap=1 9560v38: alloc PAGE uncached len=32768 va=B8408000 pa=00000000:00410000 9560L41: fw section PAGE idx=2 pa=00000000:00410000 rawlen=32772 payload=32768 load=01008000 cached=0 first=2022C0F1 tail=78E078E0 hash=BCAC3A00 cap=1 9560v38: alloc PAGE uncached len=32768 va=B7A06000 pa=00000000:00418000 9560L41: fw section PAGE idx=3 pa=00000000:00418000 rawlen=32772 payload=32768 load=01010000 cached=0 first=2022C0F1 tail=7E7E7E7E hash=5CD90AF3 cap=1 9560v38: alloc PAGE uncached len=32768 va=B84A0000 pa=00000000:00420000 9560L41: fw section PAGE idx=4 pa=00000000:00420000 rawlen=32772 payload=32768 load=01018000 cached=0 first=2022C0F1 tail=0101C8B4 hash=A497F3C0 cap=1 9560v38: alloc PAGE uncached len=32768 va=B8470000 pa=00000000:00428000 9560L41: fw section PAGE idx=5 pa=00000000:00428000 rawlen=32772 payload=32768 load=01020000 cached=0 first=00000001 tail=78E078E0 hash=BFEE781D cap=1 9560v38: alloc PAGE uncached len=32768 va=B6829000 pa=00000000:00430000 9560L41: fw section PAGE idx=6 pa=00000000:00430000 rawlen=32772 payload=32768 load=01028000 cached=0 first=2022C0F1 tail=00000000 hash=C9EB8940 cap=1 9560v38: alloc PAGE uncached len=32768 va=B6819000 pa=00000000:00438000 9560L41: fw section PAGE idx=7 pa=00000000:00438000 rawlen=32772 payload=32768 load=01030000 cached=0 first=00000000 tail=78E078E0 hash=EA79D894 cap=1 9560v38: alloc PAGE uncached len=32768 va=B0A2A000 pa=00000000:00440000 9560L41: fw section PAGE idx=8 pa=00000000:00440000 rawlen=32772 payload=32768 load=01038000 cached=0 first=2022C0F1 tail=00000000 hash=D40A992B cap=1 9560v38: alloc PAGE uncached len=32768 va=B0A22000 pa=00000000:00448000 9560L41: fw section PAGE idx=9 pa=00000000:00448000 rawlen=32772 payload=32768 load=01040000 cached=0 first=00000000 tail=00000000 hash=00000000 cap=1 9560v38: alloc PAGE uncached len=32768 va=B0A1A000 pa=00000000:00450000 9560L41: fw section PAGE idx=10 pa=00000000:00450000 rawlen=32772 payload=32768 load=01048000 cached=0 first=2022C0F1 tail=00000000 hash=F6517548 cap=1 9560v38: alloc PAGE uncached len=32768 va=B0A12000 pa=00000000:00458000 9560L41: fw section PAGE idx=11 pa=00000000:00458000 rawlen=32772 payload=32768 load=01050000 cached=0 first=00000000 tail=00000000 hash=00000000 cap=1 9560v38: alloc PAGE uncached len=32768 va=B0A0A000 pa=00000000:00460000 9560L41: fw section PAGE idx=12 pa=00000000:00460000 rawlen=32772 payload=32768 load=01058000 cached=0 first=00000000 tail=7E7E7E7E hash=12377400 cap=1 9560v38: alloc PAGE uncached len=32768 va=B0A02000 pa=00000000:00468000 9560L41: fw section PAGE idx=13 pa=00000000:00468000 rawlen=32772 payload=32768 load=01060000 cached=0 first=78E07EE0 tail=78E078E0 hash=FDE67B52 cap=1 9560v38: alloc PAGE uncached len=32768 va=B09FA000 pa=00000000:00470000 9560L41: fw section PAGE idx=14 pa=00000000:00470000 rawlen=32772 payload=32768 load=01068000 cached=0 first=2022C0F1 tail=78E078E0 hash=B97CB369 cap=1 9560v38: alloc PAGE uncached len=32768 va=B09F2000 pa=00000000:00478000 9560L41: fw section PAGE idx=15 pa=00000000:00478000 rawlen=32772 payload=32768 load=01070000 cached=0 first=2022C0F1 tail=7E7E7E7E hash=DF9CC818 cap=1 9560v38: alloc PAGE uncached len=32768 va=B09EA000 pa=00000000:004B0000 9560L41: fw section PAGE idx=16 pa=00000000:004B0000 rawlen=32772 payload=32768 load=01078000 cached=0 first=2022C0F1 tail=7E7E7E7E hash=ED458946 cap=1 9560v38: alloc PAGE uncached len=32768 va=B09E2000 pa=00000000:004B8000 9560L41: fw section PAGE idx=17 pa=00000000:004B8000 rawlen=32772 payload=32768 load=01080000 cached=0 first=C0F1C1A1 tail=00000100 hash=C09BC6A3 cap=1 9560v38: alloc PAGE uncached len=32768 va=B09B2000 pa=00000000:004C0000 9560L41: fw section PAGE idx=18 pa=00000000:004C0000 rawlen=32772 payload=32768 load=01088000 cached=0 first=00000000 tail=00000000 hash=F3CE5FDE cap=1 9560v38: alloc PAGE uncached len=12288 va=B0CD2000 pa=00000000:004C8000 9560L41: fw section PAGE idx=19 pa=00000000:004C8000 rawlen=12292 payload=12288 load=01090000 cached=0 first=02000000 tail=7E7E7E7E hash=DB1A0D17 cap=1 9560v38: embedded fw sections rt=52 init=0 wow=0 lmac=15 umac=15 paging=20 9560v54: embedded IML ready=1 len=13944 9560v38: alloc CtxG3 uncached len=104 va=B67DB678 pa=00000000:003EE678 9560v38: alloc PrphInfo uncached len=4096 va=B787C000 pa=00000000:003EF000 9560v38: alloc PrphScr uncached len=1660 va=B67DB6E0 pa=00000000:003EE6E0 9560v38: alloc IML uncached len=13944 va=B0CCE000 pa=00000000:004CB000 9560v54: IML buffer pa=00000000:004CB000 len=13944 cached=0 Breakpoint 1 hit 9560!WifiSeedGen3PrphInfoWindows: b2fca000 8bff mov edi,edi 3: kd> g 9560L57: seed prphinfo va=B787C000 pa=00000000:003EF000 len=4096 win=32 crh=B7876000 trt=B787C800 crt=B787CC00 trh=00000000 9560L57: seed openbsd-map crh=00000000:00338000 trt=00000000:003EF800 crt=00000000:003EFC00 trh=00000000:00000000 9560L57: seed prphinfo+000 d0=00000000 d1=00000000 d2=00000000 d3=00000000 9560L57: seed prphinfo+800=0000 0000 0000 0000 0000 0000 0000 0000 src_trt=0000 0000 0000 0000 0000 0000 0000 0000 9560L57: seed prphinfo+C00=0000 0000 0000 0000 0000 0000 0000 0000 src_crt=0000 0000 0000 0000 0000 0000 0000 0000 9560L57: seed idx src crh=0000 0000 0006 0000 trh=0000 0000 0000 0000 9560L62: bootstrap START - OpenBSD GEN3 ctxt layout + UCODE only + strict OpenBSD deferred RX until ALIVE, except disint pulse Breakpoint 2 hit 9560!WifiPrimeOpenBsdRxRing: b2fc60b0 8bff mov edi,edi 3: kd> g 9560L62: openbsd-rx-prime deferred count=512 buf=4096 write=0 actual=0 9560L45: GEN3 CONTEXT FIXED ver=2 size=26 prph=00000000:003EF000 scratch=00000000:003EE6E0 mtr=00000000:00332000 mtr_sz=5 mcr=00000000:00339000 mcr_sz=9 idx_cr=16 idx_tr=16 9560L45: gen3 scratch macid=0430 ctrl=00AF0000 rsv=00000000 free_rbd=00000000:00336000 lmac0=00000000:00338004 umac0=00000000:0033867C page0=00000000:003EE000 9560L57: layout ctxt=003EE678 prph_page=003EF000 scratch=003EE6E0 scratch_dw=415 scratch_bytes=1660 cr_head=00338000 tr_tail=003EF800 cr_tail=003EFC00 tr_head=00000000 9560L57: ctxt map stat=00338000 prph_page=003EF000 cr_head=00338000 tr_tail=003EF800 cr_tail=003EFC00 tr_head=00000000 idx=16 scratch_field=1660(openbsd-bytes) 9560L45: doublecheck mtr_base uses TxQ pa=00000000:00332000 cmd_pa=00000000:00331000 9560v38: verify pre boot header va=B67DB678 ver=2 size_dw=26 cfg=00000000 raw0=001A0002 raw1=00000000 9560v38: verify pre LMAC[0] ok=1 va=B7876004 pa=00000000:00338004 len=1656 first=00000006/00000006 tail=00000000/00000000 hash=6CD08191/6CD08191 9560v38: verify pre LMAC[1] ok=1 va=B67E9000 pa=00000000:0033D000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify pre LMAC[2] ok=1 va=B67E1000 pa=00000000:00345000 len=32768 first=00000060/00000060 tail=00832009/00832009 hash=E4606A05/E4606A05 9560v38: verify pre LMAC[3] ok=1 va=B79FE000 pa=00000000:0034D000 len=32768 first=782AD8D8/782AD8D8 tail=00011800/00011800 hash=AE01458D/AE01458D 9560v38: verify pre LMAC[4] ok=1 va=B79F6000 pa=00000000:00355000 len=32760 first=004018A8/004018A8 tail=7E7E7E7E/7E7E7E7E hash=AC99C48C/AC99C48C 9560v38: verify pre LMAC[5] ok=1 va=B79EE000 pa=00000000:0035D000 len=32768 first=B805C0F1/B805C0F1 tail=F5F77724/F5F77724 hash=093DB8D4/093DB8D4 9560v38: verify pre LMAC[6] ok=1 va=B79E6000 pa=00000000:00365000 len=32768 first=7E554E41/7E554E41 tail=0CBA0000/0CBA0000 hash=CA811E0A/CA811E0A 9560v38: verify pre LMAC[7] ok=1 va=B79DE000 pa=00000000:0036D000 len=32768 first=26150600/26150600 tail=86018622/86018622 hash=E73EEF43/E73EEF43 9560v38: verify pre LMAC[8] ok=1 va=B79D6000 pa=00000000:00375000 len=32768 first=165C7FB6/165C7FB6 tail=7E7E7E7E/7E7E7E7E hash=213105E3/213105E3 9560v38: verify pre LMAC[9] ok=1 va=B79CE000 pa=00000000:0037D000 len=32768 first=7E7E7E7E/7E7E7E7E tail=7E7E7E7E/7E7E7E7E hash=00000000/00000000 9560v38: verify pre LMAC[10] ok=1 va=B79C6000 pa=00000000:00385000 len=32768 first=7E7E7E7E/7E7E7E7E tail=00000000/00000000 hash=12377400/12377400 9560v38: verify pre LMAC[11] ok=1 va=B79BE000 pa=00000000:0038D000 len=32768 first=00000000/00000000 tail=7E7E7E7E/7E7E7E7E hash=12377400/12377400 9560v38: verify pre LMAC[12] ok=1 va=B8438000 pa=00000000:00395000 len=32768 first=7E7E7E7E/7E7E7E7E tail=33312B25/33312B25 hash=52641390/52641390 9560v38: verify pre LMAC[13] ok=1 va=B0CD6000 pa=00000000:0039D000 len=13248 first=25253D39/25253D39 tail=00000000/00000000 hash=2ECDE456/2ECDE456 9560v38: verify pre LMAC[14] ok=1 va=B865E000 pa=00000000:003A1000 len=5312 first=10C02020/10C02020 tail=00000000/00000000 hash=C1029EC7/C1029EC7 9560v38: verify pre UMAC[0] ok=1 va=B787667C pa=00000000:0033867C len=1656 first=00000006/00000006 tail=00000000/00000000 hash=533CEFB5/533CEFB5 9560v38: verify pre UMAC[1] ok=1 va=B8448000 pa=00000000:003A3000 len=32768 first=0F802020/0F802020 tail=80470F80/80470F80 hash=C9B2F00B/C9B2F00B 9560v38: verify pre UMAC[2] ok=1 va=B8450000 pa=00000000:003AB000 len=32768 first=F0031EF4/F0031EF4 tail=7E7E7E7E/7E7E7E7E hash=C2D55671/C2D55671 9560v38: verify pre UMAC[3] ok=1 va=B8458000 pa=00000000:003B3000 len=32768 first=00000000/00000000 tail=7E7E7E7E/7E7E7E7E hash=12377400/12377400 9560v38: verify pre UMAC[4] ok=1 va=B8478000 pa=00000000:003BB000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=ADF9FE3E/ADF9FE3E 9560v38: verify pre UMAC[5] ok=1 va=B8480000 pa=00000000:003C3000 len=32768 first=70CFC0F1/70CFC0F1 tail=08021378/08021378 hash=4EA1AD9A/4EA1AD9A 9560v38: verify pre UMAC[6] ok=1 va=B8468000 pa=00000000:003CB000 len=32768 first=BA91BA8E/BA91BA8E tail=D90070A9/D90070A9 hash=26B06EC1/26B06EC1 9560v38: verify pre UMAC[7] ok=1 va=B6821000 pa=00000000:003D3000 len=32768 first=0F802022/0F802022 tail=768B7708/768B7708 hash=5BE7E634/5BE7E634 9560v38: verify pre UMAC[8] ok=1 va=B8460000 pa=00000000:003DB000 len=32768 first=202270C9/202270C9 tail=F420E081/F420E081 hash=85ED5596/85ED5596 9560v38: verify pre UMAC[9] ok=1 va=B8490000 pa=00000000:003E3000 len=32768 first=F003DA00/F003DA00 tail=00000000/00000000 hash=F647C2BA/F647C2BA 9560v38: verify pre UMAC[10] ok=1 va=B84A8000 pa=00000000:003F1000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify pre UMAC[11] ok=1 va=B8498000 pa=00000000:003F9000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify pre UMAC[12] ok=1 va=B8660000 pa=00000000:003EB000 len=4280 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify pre UMAC[13] ok=1 va=B7875000 pa=00000000:003ED000 len=3592 first=00000000/00000000 tail=0001520C/0001520C hash=0C1F0AE3/0C1F0AE3 9560v38: verify pre UMAC[14] ok=1 va=B8488000 pa=00000000:00401000 len=24756 first=01000080/01000080 tail=00000000/00000000 hash=9FFE4F3C/9FFE4F3C 9560v38: verify pre PAGE[0] ok=1 va=B67DB000 pa=00000000:003EE000 len=1656 first=00000006/00000006 tail=00000000/00000000 hash=C7546061/C7546061 9560v38: verify pre PAGE[1] ok=1 va=B84B0000 pa=00000000:00408000 len=32768 first=2022C0F1/2022C0F1 tail=78E078E0/78E078E0 hash=00037E26/00037E26 9560v38: verify pre PAGE[2] ok=1 va=B8408000 pa=00000000:00410000 len=32768 first=2022C0F1/2022C0F1 tail=78E078E0/78E078E0 hash=BCAC3A00/BCAC3A00 9560v38: verify pre PAGE[3] ok=1 va=B7A06000 pa=00000000:00418000 len=32768 first=2022C0F1/2022C0F1 tail=7E7E7E7E/7E7E7E7E hash=5CD90AF3/5CD90AF3 9560v38: verify pre PAGE[4] ok=1 va=B84A0000 pa=00000000:00420000 len=32768 first=2022C0F1/2022C0F1 tail=0101C8B4/0101C8B4 hash=A497F3C0/A497F3C0 9560v38: verify pre PAGE[5] ok=1 va=B8470000 pa=00000000:00428000 len=32768 first=00000001/00000001 tail=78E078E0/78E078E0 hash=BFEE781D/BFEE781D 9560v38: verify pre PAGE[6] ok=1 va=B6829000 pa=00000000:00430000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=C9EB8940/C9EB8940 9560v38: verify pre PAGE[7] ok=1 va=B6819000 pa=00000000:00438000 len=32768 first=00000000/00000000 tail=78E078E0/78E078E0 hash=EA79D894/EA79D894 9560v38: verify pre PAGE[8] ok=1 va=B0A2A000 pa=00000000:00440000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=D40A992B/D40A992B 9560v38: verify pre PAGE[9] ok=1 va=B0A22000 pa=00000000:00448000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify pre PAGE[10] ok=1 va=B0A1A000 pa=00000000:00450000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=F6517548/F6517548 9560v38: verify pre PAGE[11] ok=1 va=B0A12000 pa=00000000:00458000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify pre PAGE[12] ok=1 va=B0A0A000 pa=00000000:00460000 len=32768 first=00000000/00000000 tail=7E7E7E7E/7E7E7E7E hash=12377400/12377400 9560v38: verify pre PAGE[13] ok=1 va=B0A02000 pa=00000000:00468000 len=32768 first=78E07EE0/78E07EE0 tail=78E078E0/78E078E0 hash=FDE67B52/FDE67B52 9560v38: verify pre PAGE[14] ok=1 va=B09FA000 pa=00000000:00470000 len=32768 first=2022C0F1/2022C0F1 tail=78E078E0/78E078E0 hash=B97CB369/B97CB369 9560v38: verify pre PAGE[15] ok=1 va=B09F2000 pa=00000000:00478000 len=32768 first=2022C0F1/2022C0F1 tail=7E7E7E7E/7E7E7E7E hash=DF9CC818/DF9CC818 9560v38: verify pre PAGE[16] ok=1 va=B09EA000 pa=00000000:004B0000 len=32768 first=2022C0F1/2022C0F1 tail=7E7E7E7E/7E7E7E7E hash=ED458946/ED458946 9560v38: verify pre PAGE[17] ok=1 va=B09E2000 pa=00000000:004B8000 len=32768 first=C0F1C1A1/C0F1C1A1 tail=00000100/00000100 hash=C09BC6A3/C09BC6A3 9560v38: verify pre PAGE[18] ok=1 va=B09B2000 pa=00000000:004C0000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=F3CE5FDE/F3CE5FDE 9560v38: verify pre PAGE[19] ok=1 va=B0CD2000 pa=00000000:004C8000 len=12288 first=02000000/02000000 tail=7E7E7E7E/7E7E7E7E hash=DB1A0D17/DB1A0D17 9560v38: verify pre summary ok=1 ctxt=1 checks=50 failures=0 lmac=15 umac=15 page=20 9560v54: gen3 ctxt addr=00000000:003EE678 iml=00000000:004CB000 iml_len=13944 resp=00000000 ok=1 Breakpoint 5 hit 9560!WifiEnableBringupInterrupts: b2fca7f0 8bff mov edi,edi 3: kd> g Breakpoint 4 hit 9560!WifiApplyDisintPulse: b2fca9a0 8bff mov edi,edi 3: kd> g 9560L62: disint-pulse[fwload] before=80000001 after_disable=00000000 after_enable=80000001 mask=80000001 9560L62: enable AX210/INTx fwload mask=80000001 9560L62: strict-openbsd fwload interrupt armed before kick mask=80000001 9560v38: verify post boot header va=B67DB678 ver=2 size_dw=26 cfg=00000000 raw0=001A0002 raw1=00000000 9560v38: verify post LMAC[0] ok=1 va=B7876004 pa=00000000:00338004 len=1656 first=00000006/00000006 tail=00000000/00000000 hash=6CD08191/6CD08191 9560v38: verify post LMAC[1] ok=1 va=B67E9000 pa=00000000:0033D000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify post LMAC[2] ok=1 va=B67E1000 pa=00000000:00345000 len=32768 first=00000060/00000060 tail=00832009/00832009 hash=E4606A05/E4606A05 9560v38: verify post LMAC[3] ok=1 va=B79FE000 pa=00000000:0034D000 len=32768 first=782AD8D8/782AD8D8 tail=00011800/00011800 hash=AE01458D/AE01458D 9560v38: verify post LMAC[4] ok=1 va=B79F6000 pa=00000000:00355000 len=32760 first=004018A8/004018A8 tail=7E7E7E7E/7E7E7E7E hash=AC99C48C/AC99C48C 9560v38: verify post LMAC[5] ok=1 va=B79EE000 pa=00000000:0035D000 len=32768 first=B805C0F1/B805C0F1 tail=F5F77724/F5F77724 hash=093DB8D4/093DB8D4 9560v38: verify post LMAC[6] ok=1 va=B79E6000 pa=00000000:00365000 len=32768 first=7E554E41/7E554E41 tail=0CBA0000/0CBA0000 hash=CA811E0A/CA811E0A 9560v38: verify post LMAC[7] ok=1 va=B79DE000 pa=00000000:0036D000 len=32768 first=26150600/26150600 tail=86018622/86018622 hash=E73EEF43/E73EEF43 9560v38: verify post LMAC[8] ok=1 va=B79D6000 pa=00000000:00375000 len=32768 first=165C7FB6/165C7FB6 tail=7E7E7E7E/7E7E7E7E hash=213105E3/213105E3 9560v38: verify post LMAC[9] ok=1 va=B79CE000 pa=00000000:0037D000 len=32768 first=7E7E7E7E/7E7E7E7E tail=7E7E7E7E/7E7E7E7E hash=00000000/00000000 9560v38: verify post LMAC[10] ok=1 va=B79C6000 pa=00000000:00385000 len=32768 first=7E7E7E7E/7E7E7E7E tail=00000000/00000000 hash=12377400/12377400 9560v38: verify post LMAC[11] ok=1 va=B79BE000 pa=00000000:0038D000 len=32768 first=00000000/00000000 tail=7E7E7E7E/7E7E7E7E hash=12377400/12377400 9560v38: verify post LMAC[12] ok=1 va=B8438000 pa=00000000:00395000 len=32768 first=7E7E7E7E/7E7E7E7E tail=33312B25/33312B25 hash=52641390/52641390 9560v38: verify post LMAC[13] ok=1 va=B0CD6000 pa=00000000:0039D000 len=13248 first=25253D39/25253D39 tail=00000000/00000000 hash=2ECDE456/2ECDE456 9560v38: verify post LMAC[14] ok=1 va=B865E000 pa=00000000:003A1000 len=5312 first=10C02020/10C02020 tail=00000000/00000000 hash=C1029EC7/C1029EC7 9560v38: verify post UMAC[0] ok=1 va=B787667C pa=00000000:0033867C len=1656 first=00000006/00000006 tail=00000000/00000000 hash=533CEFB5/533CEFB5 9560v38: verify post UMAC[1] ok=1 va=B8448000 pa=00000000:003A3000 len=32768 first=0F802020/0F802020 tail=80470F80/80470F80 hash=C9B2F00B/C9B2F00B 9560v38: verify post UMAC[2] ok=1 va=B8450000 pa=00000000:003AB000 len=32768 first=F0031EF4/F0031EF4 tail=7E7E7E7E/7E7E7E7E hash=C2D55671/C2D55671 9560v38: verify post UMAC[3] ok=1 va=B8458000 pa=00000000:003B3000 len=32768 first=00000000/00000000 tail=7E7E7E7E/7E7E7E7E hash=12377400/12377400 9560v38: verify post UMAC[4] ok=1 va=B8478000 pa=00000000:003BB000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=ADF9FE3E/ADF9FE3E 9560v38: verify post UMAC[5] ok=1 va=B8480000 pa=00000000:003C3000 len=32768 first=70CFC0F1/70CFC0F1 tail=08021378/08021378 hash=4EA1AD9A/4EA1AD9A 9560v38: verify post UMAC[6] ok=1 va=B8468000 pa=00000000:003CB000 len=32768 first=BA91BA8E/BA91BA8E tail=D90070A9/D90070A9 hash=26B06EC1/26B06EC1 9560v38: verify post UMAC[7] ok=1 va=B6821000 pa=00000000:003D3000 len=32768 first=0F802022/0F802022 tail=768B7708/768B7708 hash=5BE7E634/5BE7E634 9560v38: verify post UMAC[8] ok=1 va=B8460000 pa=00000000:003DB000 len=32768 first=202270C9/202270C9 tail=F420E081/F420E081 hash=85ED5596/85ED5596 9560v38: verify post UMAC[9] ok=1 va=B8490000 pa=00000000:003E3000 len=32768 first=F003DA00/F003DA00 tail=00000000/00000000 hash=F647C2BA/F647C2BA 9560v38: verify post UMAC[10] ok=1 va=B84A8000 pa=00000000:003F1000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify post UMAC[11] ok=1 va=B8498000 pa=00000000:003F9000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify post UMAC[12] ok=1 va=B8660000 pa=00000000:003EB000 len=4280 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify post UMAC[13] ok=1 va=B7875000 pa=00000000:003ED000 len=3592 first=00000000/00000000 tail=0001520C/0001520C hash=0C1F0AE3/0C1F0AE3 9560v38: verify post UMAC[14] ok=1 va=B8488000 pa=00000000:00401000 len=24756 first=01000080/01000080 tail=00000000/00000000 hash=9FFE4F3C/9FFE4F3C 9560v38: verify post PAGE[0] ok=1 va=B67DB000 pa=00000000:003EE000 len=1656 first=00000006/00000006 tail=00000000/00000000 hash=C7546061/C7546061 9560v38: verify post PAGE[1] ok=1 va=B84B0000 pa=00000000:00408000 len=32768 first=2022C0F1/2022C0F1 tail=78E078E0/78E078E0 hash=00037E26/00037E26 9560v38: verify post PAGE[2] ok=1 va=B8408000 pa=00000000:00410000 len=32768 first=2022C0F1/2022C0F1 tail=78E078E0/78E078E0 hash=BCAC3A00/BCAC3A00 9560v38: verify post PAGE[3] ok=1 va=B7A06000 pa=00000000:00418000 len=32768 first=2022C0F1/2022C0F1 tail=7E7E7E7E/7E7E7E7E hash=5CD90AF3/5CD90AF3 9560v38: verify post PAGE[4] ok=1 va=B84A0000 pa=00000000:00420000 len=32768 first=2022C0F1/2022C0F1 tail=0101C8B4/0101C8B4 hash=A497F3C0/A497F3C0 9560v38: verify post PAGE[5] ok=1 va=B8470000 pa=00000000:00428000 len=32768 first=00000001/00000001 tail=78E078E0/78E078E0 hash=BFEE781D/BFEE781D 9560v38: verify post PAGE[6] ok=1 va=B6829000 pa=00000000:00430000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=C9EB8940/C9EB8940 9560v38: verify post PAGE[7] ok=1 va=B6819000 pa=00000000:00438000 len=32768 first=00000000/00000000 tail=78E078E0/78E078E0 hash=EA79D894/EA79D894 9560v38: verify post PAGE[8] ok=1 va=B0A2A000 pa=00000000:00440000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=D40A992B/D40A992B 9560v38: verify post PAGE[9] ok=1 va=B0A22000 pa=00000000:00448000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify post PAGE[10] ok=1 va=B0A1A000 pa=00000000:00450000 len=32768 first=2022C0F1/2022C0F1 tail=00000000/00000000 hash=F6517548/F6517548 9560v38: verify post PAGE[11] ok=1 va=B0A12000 pa=00000000:00458000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=00000000/00000000 9560v38: verify post PAGE[12] ok=1 va=B0A0A000 pa=00000000:00460000 len=32768 first=00000000/00000000 tail=7E7E7E7E/7E7E7E7E hash=12377400/12377400 9560v38: verify post PAGE[13] ok=1 va=B0A02000 pa=00000000:00468000 len=32768 first=78E07EE0/78E07EE0 tail=78E078E0/78E078E0 hash=FDE67B52/FDE67B52 9560v38: verify post PAGE[14] ok=1 va=B09FA000 pa=00000000:00470000 len=32768 first=2022C0F1/2022C0F1 tail=78E078E0/78E078E0 hash=B97CB369/B97CB369 9560v38: verify post PAGE[15] ok=1 va=B09F2000 pa=00000000:00478000 len=32768 first=2022C0F1/2022C0F1 tail=7E7E7E7E/7E7E7E7E hash=DF9CC818/DF9CC818 9560v38: verify post PAGE[16] ok=1 va=B09EA000 pa=00000000:004B0000 len=32768 first=2022C0F1/2022C0F1 tail=7E7E7E7E/7E7E7E7E hash=ED458946/ED458946 9560v38: verify post PAGE[17] ok=1 va=B09E2000 pa=00000000:004B8000 len=32768 first=C0F1C1A1/C0F1C1A1 tail=00000100/00000100 hash=C09BC6A3/C09BC6A3 9560v38: verify post PAGE[18] ok=1 va=B09B2000 pa=00000000:004C0000 len=32768 first=00000000/00000000 tail=00000000/00000000 hash=F3CE5FDE/F3CE5FDE 9560v38: verify post PAGE[19] ok=1 va=B0CD2000 pa=00000000:004C8000 len=12288 first=02000000/02000000 tail=7E7E7E7E/7E7E7E7E hash=DB1A0D17/DB1A0D17 9560v38: verify post summary ok=1 ctxt=1 checks=50 failures=0 lmac=15 umac=15 page=20 9560v54: gen3 regs bootctrl_before=00480000 bootctrl_after=00480002 kick_read=00000000 stale=0 ctxt_lo=003EE678 ctxt_hi=00000000 ctxt_ok=1 shadow=802FFFFF dramtbl=00000000 iml_resp=00000001 ltr_skip=2 gp=08040005 nic_fail=0 prph_r=00D05C20/03D05C20/00000000 prph_w=00D05C44/03D05C44/00000001 9560v54: gen3 ltr_before=00000000 ltr_after=88C888C8 msix_before=00000000 msix_after=00000000 int_before=00000000 int_after=00000002 spins=4998 bootstage=00000000 ipc=00000000 umac_pc=C00C09E4 lmac1_pc=00000000 lmac2_pc=00000000 9560v54: bootstrap ctxt ok, fw-load INT enabled before kick, doing integrated-gen3 IML busy spin ltr_before=00000000 ltr_after=88C888C8 iml_resp=00000001 9560v54: post-IML spin ltr=881E881E bootctrl=00480002 int=00000002 fh=00000000 iml_resp=00000001 bootstage=00000000 ipc=00000000 spins=0 umac_pc=8047E450 lmac1_pc=00000000 lmac2_pc=00000000 9560w4: gen3-regs[post-iml] load=00000000 cpu=00000000 pc=8047E450/00000000/00000000 rfh_cfg=0118C25E active=40FA1989 frbdcb=ACFE7B7C:5F708070 widx=07020801 ridx=30506D40 urbdcb=F3C6F7AD:0088001B stts=AC6E7EFF:8B78D315 orb=78DFFB55:C4688C84 Breakpoint 5 hit 9560!WifiEnableBringupInterrupts: b2fca7f0 8bff mov edi,edi 3: kd> g Breakpoint 4 hit 9560!WifiApplyDisintPulse: b2fca9a0 8bff mov edi,edi 3: kd> g 9560L62: disint-pulse[fwload] before=80000001 after_disable=00000000 after_enable=80000001 mask=80000001 9560L62: enable AX210/INTx fwload mask=80000001 9560L54: waiting for ALIVE after context kick on Linux/OpenBSD path Breakpoint 6 hit 9560!WifiWaitForInitialAlive: b2fcaae0 8bff mov edi,edi 3: kd> g 9560L33: dma-snapshot armed regions=10 ctxt=003EE678 rxused=00339000 rxdata=00AE9000 Breakpoint 7 hit 9560!WifiPollBringupState: b2fcc0b0 8bff mov edi,edi 3: kd> g Breakpoint 10 hit 9560!WifiReadAx210BringupInterruptState: b2fcc6d0 8bff mov edi,edi 3: kd> g Breakpoint 9 hit 9560!WifiAckCombinedInterruptState: b2fcc640 8bff mov edi,edi 3: kd> g 9560L32: rx-write[alive-wait] st=0000 hw=0 cur=0 used[cur]=0000/00 used[hw]=0000/00 pkt_ring=-1 lenf=00000000 frame=0 hdr=00/00 idx=00 qid=00 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 Breakpoint 7 hit 9560!WifiPollBringupState: b2fcc0b0 8bff mov edi,edi 3: kd> g 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=00105110 alive=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 9560L40: fw-activity[alive-wait] umac=8047E450 lmac1=00000000 lmac2=00000000 int=00000000 fh=00000000 boot=00000000 ipc=00000000 iml=00000001 rxst=0000 used0=0000/00 data0=00000000 cur=0 hw=0 alive=0 9560v62: poll[alive-wait] ltr=881E881E bootstage=00000000 ipc=00000000 sleep=00000000 rfid=0

@reboot12 I use FPT.efi version 16.1 And I succeed to show all Hidden Devices in the Bios of the Biostar z690A Valkyrie via this hack in via UEFItool extracted system.bin (found with key word administrator) of Bios version Z69CC508.BST 0A821206071300000F0F9110642110000000FFFF00CF272902 ==> 0A821206071301000F0F9110642110000000FFFF00CF272902 And after this, I set ME = disabled Dietmar Here is this Bios. The only thing I changed is to show ALL Hidden Settings in Bios https://www.upload.ee/files/19169056/biosval.rom.html

@reboot12 I want to disable ME and to show all Hidden Entries in the Bios of the Biostar z690A Valkyrie. What version of FPT do I need for to dump and flash the Bios Dietmar