Dietmar

@reboot12 I want to disable ME and to show all Hidden Entries in the Bios of the Biostar z690A Valkyrie. What version of FPT do I need for to dump and flash the Bios Dietmar

@reboot12 Grok tells, that it is impossible to bring a modern Wlan card to life under XP SP3. But I am very near to exact this, the correct(!) firmware is already loaded and started in the 9560 Wlan card Dietmar 9560!WifiEnableBringupInterrupts: b57039a0 8bff mov edi,edi 9560v40: enable INTx bringup mask=80000001 === V51_ALIVE_WAIT === eax=8c965000 ebx=8ca73130 ecx=8052b704 edx=0000002b esi=8c965000 edi=00479000 eip=b5704ac0 esp=b7b6e6b8 ebp=b7b6e71c iopl=0 nv up ei ng nz ac pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000296 9560!WifiWaitForInitialAlive: b5704ac0 8bff mov edi,edi # ChildEBP RetAddr Args to Child 00 b7b6e6b4 b5703582 8c965000 00000000 b7b6e924 9560!WifiWaitForInitialAlive (FPO: [Non-Fpo]) (CONV: stdcall) 01 b7b6e71c b5700d0c 8c965000 8052b704 b7b6e748 9560!WifiAttemptFirmwareBootstrapGen2V2+0x1632 (FPO: [Non-Fpo]) (CONV: stdcall) 02 b7b6e72c b5705959 8c965000 8c965000 00000000 9560!WifiAttemptFirmwareBootstrap+0x3c (FPO: [Non-Fpo]) (CONV: stdcall) 03 b7b6e748 b7bc3dea b7b6e784 b7b6e78c b7bbf200 9560!MiniportInitialize+0x2b9 (FPO: [Non-Fpo]) (CONV: stdcall) 04 b7b6e900 b7bc39cc 8cae4f20 b7b6e924 b7b6e9cc NDIS_b7bb9000!ndisMInitializeAdapter+0x3b7 (FPO: [Non-Fpo]) ;dv /t /v">05 b7b6e9d4 b7bc38ba 8cae4f20 00000000 8cc7b218 NDIS_b7bb9000!ndisInitializeAdapter+0xb9 (FPO: [Non-Fpo]) 06 b7b6ea08 b7bc4daf 8cc180e4 8ca73ae0 8cc18008 NDIS_b7bb9000!ndisPnPStartDevice+0xd6 (FPO: [Non-Fpo]) 07 b7b6ea38 804ef18f 8ca73030 8cc18008 b7b6eab4 NDIS_b7bb9000!ndisPnPDispatch+0x306 (FPO: [Non-Fpo]) 08 b7b6ea48 80592b63 b7b6eab4 8cf4ce50 00000000 nt!IopfCallDriver+0x31 (FPO: [0,0,0]) 09 b7b6ea74 80592be1 8ca73030 b7b6ea90 00000000 nt!IopSynchronousCall+0xb7 (FPO: [Non-Fpo]) 0a b7b6eab8 804f61ea 8cf4ce50 8caf1220 00000001 nt!IopStartDevice+0x4d (FPO: [Non-Fpo]) 0b b7b6ead4 8059229b 8cf4ce50 8caf1201 00000000 nt!PipProcessStartPhase1+0x4e (FPO: [Non-Fpo]) 0c b7b6ed2c 8059276e 8cf049e8 00000001 00000000 nt!PipProcessDevNodeTree+0x1db (FPO: [Non-Fpo]) 0d b7b6ed54 804f6996 00000003 8055b5c0 8056485c nt!PiProcessStartSystemDevices+0x3a (FPO: [Non-Fpo]) 0e b7b6ed7c 8053876d 00000000 00000000 8cf3e020 nt!PipDeviceActionWorker+0x170 (FPO: [Non-Fpo]) 0f b7b6edac 805cff64 00000000 00000000 00000000 nt!ExpWorkerThread+0xef (FPO: [Non-Fpo]) 10 b7b6eddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo]) 11 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 9560v40: poll[alive-wait] ltr=88C888C8 bootstage=00000000 ipc=003B1000 sleep=00000000 rfid=00105110 alive=0 pnvm=0 notif=00/00 seq=0000 len=0 scan=0 cand=0 === V51_RX_SCAN ===

@reboot12 I think, there is a mistake: kdnet.dll is 16384 and kd_02_8086.dll is 17276 Dietmar

@reboot12 I dont have more information about this win8.1 version. I found out with Linux live from USB stick build via Rufus ubuntu-24.04.2-desktop-amd64.iso what is going on with this WLan card. Crazy, I always used the wrong firmware Dietmar Working Firmware 77.f92b5fed.0 so-a0-jf-b0-77.ucode Not working versions of Firmware, which I tested before iwlwifi-so-a0-jf-b0-89.ucode iwlwifi-so-a0-jf-b0-88.ucode iwlwifi-so-a0-jf-b0-87.ucode iwlwifi-so-a0-jf-b0-86.ucode iwlwifi-so-a0-jf-b0-85.ucode iwlwifi-so-a0-jf-b0-84.ucode iwlwifi-so-a0-jf-b0-83.ucode iwlwifi-so-a0-jf-b0-82.ucode iwlwifi-so-a0-jf-b0-81.ucode iwlwifi-so-a0-jf-b0-80.ucode iwlwifi-so-a0-jf-b0-79.ucode iwlwifi-so-a0-jf-b0-78.ucode

@reboot12 For XP SP3 I have a win8.1 x86 version with this files 6.3.9600.17276 (winblue_r2.140808-0433) 64 bit win8.1 I never testet. For the 9560 Wlan card I have also a crazy problem: All seems to be nice, I can already send packages but not get. I fetch the firmware for this card from Linux and I test, that this correct(!) firmware for this chip is loaded to 100% correct to memory at the right place. But I cant boot this firmware. Now I think that maybe ME, ULP, or D3 sleep is blocking the boot of this firmware on an unauthorized driver under XP SP3. This I will check today Dietmar

@Damnation Have you tested it on XP 64bit, if it works for lan debug Dietmar

@Damnation This is answer from ChatGPT, because I am not good in Assembler No — not reliably, and not as written. The original x86 code uses __declspec(naked) plus a raw jmp [tramp], which is a true thunk: it transfers control directly to the target without creating a new call frame. Replacing that with __declspec(noinline) and a normal C call changes the semantics unless the compiler happens to emit a tail jump. But __declspec(noinline) only disables inlining; it does not guarantee a tail call. In MSVC, tail calls are an optimization, and the newer [[msvc::musttail]] is the feature that enforces one, with strict requirements. There is also a second problem: in the KDNET repo the trampoline globals are declared as void*, and the real exported functions do not all have the signature void(void). For example, KdShutdownController is VOID (PVOID Adapter), KdGetRxPacket returns NTSTATUS and takes four parameters, and several others also have non-void returns or arguments. The naked jump works regardless of prototype because it just transfers control, but a C wrapper must use the exact function-pointer type for each stub or you risk wrong x64 argument/return handling. So: KdShutdownController_tramp(); is not even correct as shown, because KdShutdownController_tramp is a void*, not a callable typed function pointer. Even after fixing the type, a normal C wrapper may compile to call ... ; ret instead of a direct jmp. __declspec(naked) itself is unavailable on x64 MSVC, so that original pattern cannot simply be carried over. The safe choices are: Best: write real x64 thunks in a separate MASM .asm file. Acceptable if an extra frame is okay: use properly typed C wrappers for each export. Example of the C-wrapper form that is type-correct: static KD_SHUTDOWN_CONTROLLER KdShutdownController_tramp; VOID KdShutdownController(PVOID Adapter) { KdShutdownController_tramp(Adapter); } And for a return value: static KD_GET_RX_PACKET KdGetRxPacket_tramp; NTSTATUS KdGetRxPacket(PVOID Adapter, PULONG Handle, PVOID *Packet, PULONG Length) { return KdGetRxPacket_tramp(Adapter, Handle, Packet, Length); } So my verdict is: not as a blanket “do this for all inline-asm functions.” It may work for some wrappers after fixing all types and signatures, but it is not a drop-in replacement for the original naked jump thunks. If the goal is to preserve exact thunk behavior on x64, use assembly.

@reboot12 Please put all information in a kd64.zip for ChatGPT Dietmar

@reboot12 Write to me here exact what you did in an kd64.txt file, tell which files you use, what is your compile environment. Just ALL informations. All together, all files and kd64.txt put into a kd64.zip. Doublecheck, that you dont miss any information. I ask ChatGPT, where the error comes from Dietmar

@reboot12 I already succeed to build an 9560.sys, which send packages via Wlan 9560 TX for both different divices VEN_8086&DEV_31DC&SUBSYS_40308086&REV_03 yours is on Gemini board Dell Wyse 5070 VEN_8086&DEV_7AF0&SUBSYS_42348086&REV_11 mine name is on my Alderlake board Biostar z690A Valkyrie Dietmar

@reboot12 I make a try to convert whole @Mov AX, 0xDEAD for KDNET at git from XP bit32 ==> XP bit64 but no garantie Dietmar https://www.upload.ee/files/19162162/kdnet_x64_port.zip.html

@reboot12 Here is first try for Lan KD translated from Bit32 ==>Bit64 XP. It is still not ready, read everything in package. I think, it needs a lot more work and I am not good in Assembler Dietmar https://www.upload.ee/files/19162100/KDforXP64stillnotready.zip.html PS: Thanks for photo, yes this Wlan card I will have soon also.

@reboot12 Please post a photo of your Wlan card from the Wyse 5070 with VEN_8086&DEV_31DC&SUBSYS_40308086&REV_03 because there exist a lot of different models, all with the same name 9560NGW Dietmar

@reboot12 Dont worry. We will mod the Bios of the Dell Wyse 5070 for CSM and then we can use Windbg via the Rj45 Realtek lan-connection on XP Sp3 with the nice tool from @Mov AX, 0xDEAD. I think, with some work we can also build our own tool for XP 64, that will do the same Dietmar

@reboot12 Do you can see now CSM or with other name in Bios Dietmar

@reboot12 And here is my last, fastest free, version of an IRQ driver for i225 under XP SP3. But the polling version and also the IRQ8 version from above are more stable Dietmar https://www.upload.ee/files/19158227/i225IRQlaaastfree.zip.html

@reboot12 I make also an IRQ version of the XP SP3 driver for the Intel i225. It has very small ping <1ms to DHCP router. But compared with the polling version from above it shows more spikes, when you transfer a big file (1.3 GB). Now it is also stable. I look intensive at the Linux operations at the i225, does not make it better at all. So, this is near to the maximum what can be reached under XP SP3 for a driver for i225 Dietmar https://www.upload.ee/files/19158148/i225IRQ8.zip.html

@reboot12 I make a new, now stable Lan driver for the Intel i225 under XP SP3, in this version only polling but stable Dietmar https://www.upload.ee/files/19157631/i225P1.zip.html

@reboot12 "If you could compile the 64-bit driver, I'd be happy :-)" Yes, but just now I rebuild from scratch the i225 driver Dietmar

@reboot12 I just ordered this one and hope, that it is exact the same as yours Dietmar https://www.ebay.de/itm/187871966846

@reboot12 Oh nice..needs Bios hack on the Dell Wyse 5070. When you give me the full name, cpu etc. of your Wyse 5070, I can look at Ebay for one, because now they are not expensive Dietmar EDIT: But remember: Any Bios hack can destroy your compi. Is there a version of FPT, that you can use for to flash on the 5070?

@reboot12 Dell Wyse 5070 has CSM as you can see in Bios: CSMCore, but may be, that it is hidden or under other name Dietmar

@reboot12 Just tell me, if this driver installs for you and you see the symbol "no lan cable connected" Dietmar https://www.upload.ee/files/19156884/9560v1.zip.html

@reboot12 I try the really crazy: To put both (different(!)) Wlan devices in one driver for XP SP3: VEN_8086&DEV_31DC&SUBSYS_40308086&REV_03 yours is on Gemini board Dell Wyse 5070 VEN_8086&DEV_7AF0&SUBSYS_42348086&REV_11 mine name is on my Alderlake board Biostar z690A Valkyrie both with name 9560NGW . And I will send you always the actual version Dietmar

@reboot12 Here is a better version for XP SP3 of the driver i225.sys for Intel i225 devices, now with IRQ means ping to DHCP server <1ms, please test Dietmar https://www.upload.ee/files/19155504/i225v44.zip.html EDIT: Crashes after some time with Bsod 0x000000D1, ndis.sys