Dietmar Posted April 9, 2022 Share Posted April 9, 2022 (edited) @Mov AX, 0xDEAD @Damnation I just test my pci.sys with EB FE. It works. This I can see, when I change the acpi.sys against the for Ryzen hacked acpi.sys. At once I see the endless running bar and I can easy reach the driverentry point of pci.sys. So, ACPIBusIrpStartDevice is never called. Dietmar Edited April 9, 2022 by Dietmar Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 9, 2022 Author Share Posted April 9, 2022 27 minutes ago, Dietmar said: @Mov AX, 0xDEAD But I dont understand, how to set your 4 Breakpoints. Can you please tell me step by step, when Windbg starts, what I have to do for to reach thoses breakpoints 1) instant stop with /BREAK option 2) PDB for pci.sys must be accesable by windbg (i think this is done, it download it from MS Symbol server first time) 2) bu pci!DriverEntry bu acpi!DriverEntry bu acpi!AcpiArbInitializePciRouting bu acpi!ACPIBusIrpStartDevice 3) check breakpoint list bl 4) press g few times until you reach BSOD / Assert question / ACPIBusIrpStartDevice() Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 9, 2022 Author Share Posted April 9, 2022 22 minutes ago, Dietmar said: @Mov AX, 0xDEAD ACPIBusIrpStartDevice cant be called, because this happens after driverentry of pci.sys loading pci.sys may be postponed, so we need be 100% sure about execution order Link to comment Share on other sites More sharing options...
Dietmar Posted April 9, 2022 Share Posted April 9, 2022 Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86 Copyright (c) Microsoft Corporation. All rights reserved. Using NET for debugging Opened WinSock 2.0 Waiting to reconnect... Connected to target 192.168.2.104 on port 50000 on local IP 192.168.2.101. Connected to Windows XP 2600 x86 compatible target at (Sat Apr 9 12:51:17.046 2022 (UTC + 2:00)), ptr64 FALSE Kernel Debugger connection established. ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\Symbols ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\symbolssss Symbol search path is: C:\symbolssss Executable search path is: C:\Symbols Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible Built by: 2600.xpsp.080413-2133 Machine Name: Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8 System Uptime: not available ************* Symbol Path validation summary ************** Response Time (ms) Location OK E:\binaries.x86fre\Symbols ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\Symbols ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\symbolssss OK C:\symbols OK C:\symbolss OK C:\symbolsss OK E:\binaries.x86fre\Symbols Deferred https://msdl.microsoft.com/download/symbols Deferred srv* Break instruction exception - code 80000003 (first chance) nt!DbgBreakPoint: 80ac37e0 cc int 3 kd> bu pci!DriverEntry kd> bu acpi!DriverEntry kd> bu acpi!AcpiArbInitializePciRouting kd> bu acpi!ACPIBusIrpStartDevice kd> bl 0 eu 0001 (0001) (pci!DriverEntry) 1 eu 0001 (0001) (acpi!DriverEntry) 2 eu 0001 (0001) (acpi!AcpiArbInitializePciRouting) 3 eu 0001 (0001) (acpi!ACPIBusIrpStartDevice) kd> g MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F MM: Loader/HAL memory block indicates large pages cannot be used for 810A6000->8258AFFF MM: Disabling large pages for all ranges due to overlap Breakpoint 1 hit ACPI!DriverEntry: ba71bf80 55 push ebp 15: kd> g *** Assertion failed: PciInterfacesInstantiated *** Source File: e:\nt\base\busdrv\acpi\driver\nt\irqarb.c, line 3512 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i *** Assertion failed: pciInterface *** Source File: e:\nt\base\busdrv\acpi\driver\nt\irqarb.c, line 3518 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i PS: Unhandled Kernel Mode Exception Pointers = 0xBACC69DC Code c0000005 Addr BA6CABE4 Info0 00000000 Info1 00000010 Info2 00000010 Info3 8A4E4CA0 *** Fatal System Error: 0x0000007e (0xC0000005,0xBA6CABE4,0xBACC6E90,0xBACC6B8C) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows XP 2600 x86 compatible target at (Sat Apr 9 12:53:39.734 2022 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols .................................... Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7E, {c0000005, ba6cabe4, bacc6e90, bacc6b8c} *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 Probably caused by : ACPI.sys ( ACPI!AcpiArbCrackPRT+f8 ) Followup: MachineOwner --------- nt!RtlpBreakWithStatusInstruction: 80ac37ec cc int 3 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: ba6cabe4, The address that the exception occurred at Arg3: bacc6e90, Exception Record Address Arg4: bacc6b8c, Context Record Address Debugging Details: ------------------ *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 *** No owner thread found for resource 80afd640 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung "0x%08lx" verweist auf Speicher bei "0x%08lx". Die Daten wurden wegen eines E/A-Fehlers in "0x%081x" nicht in den Arbeitsspeicher bertragen. FAULTING_IP: ACPI!AcpiArbCrackPRT+f8 [e:\nt\base\busdrv\acpi\driver\nt\irqarb.c @ 3535] ba6cabe4 ff5710 call dword ptr [edi+10h] EXCEPTION_RECORD: bacc6e90 -- (.exr 0xffffffffbacc6e90) ExceptionAddress: ba6cabe4 (ACPI!AcpiArbCrackPRT+0x000000f8) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000010 Attempt to read from address 00000010 CONTEXT: bacc6b8c -- (.cxr 0xffffffffbacc6b8c;r) eax=bacc7070 ebx=00000000 ecx=0000bb40 edx=00000056 esi=8a4a4728 edi=00000000 eip=ba6cabe4 esp=bacc6f58 ebp=bacc70a0 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 ACPI!AcpiArbCrackPRT+0xf8: ba6cabe4 ff5710 call dword ptr [edi+10h] ds:0023:00000010=???????? Last set context: eax=bacc7070 ebx=00000000 ecx=0000bb40 edx=00000056 esi=8a4a4728 edi=00000000 eip=ba6cabe4 esp=bacc6f58 ebp=bacc70a0 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 ACPI!AcpiArbCrackPRT+0xf8: ba6cabe4 ff5710 call dword ptr [edi+10h] ds:0023:00000010=???????? Resetting default scope PROCESS_NAME: System ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung "0x%08lx" verweist auf Speicher bei "0x%08lx". Die Daten wurden wegen eines E/A-Fehlers in "0x%081x" nicht in den Arbeitsspeicher bertragen. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000010 READ_ADDRESS: 00000010 FOLLOWUP_IP: ACPI!AcpiArbCrackPRT+f8 [e:\nt\base\busdrv\acpi\driver\nt\irqarb.c @ 3535] ba6cabe4 ff5710 call dword ptr [edi+10h] BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre DPC_STACK_BASE: FFFFFFFFBACCC000 LOCK_ADDRESS: 80afd6c0 -- (!locks 80afd6c0) Resource @ nt!IopDeviceTreeLock (0x80afd6c0) Shared 1 owning threads Threads: 8a528da8-01<*> 1 total locks, 1 locks currently held PNP_TRIAGE: Lock address : 0x80afd6c0 Thread Count : 1 Thread address: 0x8a528da8 Thread wait : 0xce LAST_CONTROL_TRANSFER: from 80a30d7b to 80ac37ec STACK_TEXT: bacc70a0 ba70af2a 8a4a4728 bacc70cc bacc70e0 ACPI!AcpiArbCrackPRT+0xf8 [e:\nt\base\busdrv\acpi\driver\nt\irqarb.c @ 3535] bacc70d4 ba71a367 ba700f00 bacc70f0 e12b639c ACPI!AcpiArbAddAllocation+0x9d [e:\nt\base\busdrv\acpi\driver\nt\irqarb.c @ 1474] bacc7158 ba709c7d e101c058 e12b639c ba700f00 ACPI!ArbBootAllocation+0xf5 [e:\nt\base\ntos\arb\arbiter.c @ 1406] bacc716c ba71a3de ba700f00 e12b639c e12b639c ACPI!AcpiArbBootAllocation+0x49 [e:\nt\base\busdrv\acpi\driver\nt\irqarb.c @ 1850] bacc7188 80b6c111 ba700f00 00000009 bacc71a8 ACPI!ArbArbiterHandler+0x52 [e:\nt\base\ntos\arb\arbiter.c @ 1562] bacc71c4 80b6d093 bacc71b8 00000000 80afd1c0 nt!IopBootAllocation+0xbb bacc7208 80b6d80b 00000004 e101c008 e12db5b0 nt!IopAllocateBootResourcesInternal+0xc5 bacc7228 80d38c8b 00000004 8a4a4728 e12db5b0 nt!IopAllocateBootResources+0x75 bacc724c 80b5653a 00000004 8a4a4728 e12db5b0 nt!IopReportBootResources+0x65 bacc727c 80b5cb93 8a4e6ed8 800007b8 00000001 nt!PiQueryAndAllocateBootResources+0x150 bacc736c 80b5d26d 8a4e6ed8 00000000 00000000 nt!PipProcessNewDeviceNode+0xc9d bacc75c4 80a2cff0 8a4f1838 00000000 00000000 nt!PipProcessDevNodeTree+0x1bd bacc7608 80a2d2fb 00000000 00000000 80091138 nt!PipDeviceActionWorker+0xc4 bacc7620 80d37f53 00000000 00000006 00000000 nt!PipRequestDeviceAction+0x13b bacc7684 80d341f1 80085000 bacc76a0 00034000 nt!IopInitializeBootDrivers+0x39b bacc7830 80d31940 80085000 00000000 8a528da8 nt!IoInitSystem+0x82d bacc7dac 80bd81ac 80085000 00000000 00000000 nt!Phase1Initialization+0xb12 bacc7ddc 80ae4212 80d30e2e 80085000 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 FAULTING_SOURCE_LINE: e:\nt\base\busdrv\acpi\driver\nt\irqarb.c FAULTING_SOURCE_FILE: e:\nt\base\busdrv\acpi\driver\nt\irqarb.c FAULTING_SOURCE_LINE_NUMBER: 3535 FAULTING_SOURCE_CODE: 3531: &classCode, 3532: &subClassCode, 3533: &parent, 3534: &routingToken, > 3535: &flags); 3536: 3537: if (!NT_SUCCESS(status)) { 3538: return STATUS_NOT_FOUND; 3539: } 3540: SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: ACPI!AcpiArbCrackPRT+f8 FOLLOWUP_NAME: MachineOwner MODULE_NAME: ACPI IMAGE_NAME: ACPI.sys DEBUG_FLR_IMAGE_TIMESTAMP: 624f31cb IMAGE_VERSION: 5.1.2600.1106 STACK_COMMAND: .cxr 0xffffffffbacc6b8c ; kb FAILURE_BUCKET_ID: 0x7E_ACPI!AcpiArbCrackPRT+f8 BUCKET_ID: 0x7E_ACPI!AcpiArbCrackPRT+f8 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7e_acpi!acpiarbcrackprt+f8 FAILURE_ID_HASH: {30b13d1d-5098-59bf-2bca-ef183c89cfe1} Followup: MachineOwner --------- 0: kd> lm start end module name 80100000 80127780 HAL3 (deferred) 80128000 80150000 kdcom (deferred) 80150000 8017a000 KDSTUB (deferred) 805e8000 8060ef80 pci (pdb symbols) c:\symbolssss\sys\pci.pdb 80a02000 80da3000 nt (pdb symbols) C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\5B9E8A586D3D49D98927B5D5117577231\ntkrpamp.pdb ba448000 ba461b80 Mup (deferred) ba462000 ba48e980 NDIS (deferred) ba48f000 ba51b600 Ntfs (deferred) ba51c000 ba579000 UsbHub3 (deferred) ba579000 ba5be000 USBXHCI (deferred) ba5be000 ba5d4880 KSecDD (deferred) ba5d5000 ba5e6f00 sr (deferred) ba5e7000 ba606b00 fltMgr (deferred) ba607000 ba61c000 amd_sata (deferred) ba61c000 ba635000 storport (deferred) ba635000 ba646000 storahci (deferred) ba646000 ba66ba00 dmio (deferred) ba66c000 ba68ad80 ftdisk (deferred) ba68b000 ba6ba000 ucx01000 (deferred) ba6ba000 ba724b00 ACPI (private pdb symbols) C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\acpi.pdb\65CE5676DFFA4AA68128AB4DCDBDBB5F4\acpi.pdb ba725000 ba7a7000 WDF01_W8 (deferred) ba8a8000 ba8b6000 WDFLDR8 (deferred) ba8b8000 ba8c1300 isapnp (deferred) ba8c8000 ba8d2000 WppRecorder (deferred) ba8d8000 ba8e2580 MountMgr (deferred) ba8e8000 ba8f5200 VolSnap (deferred) ba8f8000 ba903000 amd_xata (deferred) ba908000 ba910e00 disk (deferred) ba918000 ba924180 CLASSPNP (deferred) ba928000 ba931000 USBD_W8 (deferred) bab28000 bab2e800 firadisk (deferred) bab30000 bab34d00 PartMgr (deferred) bacb8000 bacbb000 BOOTVID (deferred) bacbc000 bacbef80 ACPIEC (deferred) bada8000 bada9100 WMILIB (deferred) badaa000 badab700 dmload (deferred) bae70000 bae70d80 OPRGHDLR (deferred) 0: kd> !devnode 0 1 Dumping IopRootDeviceNode (= 0x8a4f1838) DevNode 0x8a4f1838 for PDO 0x8a4f1980 InstancePath is "HTREE\ROOT\0" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a54ac30 for PDO 0x8a54ad90 InstancePath is "Root\ACPI_HAL\0000" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a544378 for PDO 0x8a546cb0 InstancePath is "ACPI_HAL\PNP0C08\0" ServiceName is "ACPI" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a367398 for PDO 0x8a4bf3d8 InstancePath is "ACPI\PNP0C14\AWW" ServiceName is "WmiAcpi" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a367268 for PDO 0x8a54b4b0 InstancePath is "ACPI\PNP0A08\0" ServiceName is "pci" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a367138 for PDO 0x8a4f1dd8 InstancePath is "ACPI\PNP0C0C\aa" State = DeviceNodeDriversAdded (0x303) Previous State = DeviceNodeInitialized (0x302) DevNode 0x8a4e6008 for PDO 0x8a4f1cb8 InstancePath is "ACPI\PNP0103\2&daba3ff&0" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4e6ed8 for PDO 0x8a4a4728 InstancePath is "ACPI\AMDI0030\0" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) Problem = CM_PROB_DISABLED DevNode 0x8a4e6da8 for PDO 0x8a4a4608 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e6c78 for PDO 0x8a4a44e8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e6b48 for PDO 0x8a4a43c8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e6a18 for PDO 0x8a49dd88 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e68e8 for PDO 0x8a49dc68 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e67b8 for PDO 0x8a49db48 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e6688 for PDO 0x8a49da28 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e6558 for PDO 0x8a49d908 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e6428 for PDO 0x8a49d7e8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e62f8 for PDO 0x8a367f18 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e61c8 for PDO 0x8a367df8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e5008 for PDO 0x8a367cd8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e5ed8 for PDO 0x8a367bb8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e5da8 for PDO 0x8a367a98 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e5c78 for PDO 0x8a367978 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e5b48 for PDO 0x8a367858 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e5a18 for PDO 0x8a367738 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e58e8 for PDO 0x8a367618 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a4e57b8 for PDO 0x8a3674f8 State = DeviceNodeUninitialized (0x301) Previous State = Unknown State (0x0) DevNode 0x8a54a8b8 for PDO 0x8a54aa18 InstancePath is "Root\dmio\0000" ServiceName is "dmio" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a54a660 for PDO 0x8a54a7c0 InstancePath is "Root\firadisk\0000" ServiceName is "FiraDisk" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a54a408 for PDO 0x8a54a568 InstancePath is "Root\ftdisk\0000" ServiceName is "ftdisk" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a54a1b0 for PDO 0x8a54a310 InstancePath is "Root\LEGACY_AFD\0000" ServiceName is "AFD" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4f0ed8 for PDO 0x8a4f0038 InstancePath is "Root\LEGACY_BEEP\0000" ServiceName is "Beep" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4f0c80 for PDO 0x8a4f0de0 InstancePath is "Root\LEGACY_CPUZ135\0000" ServiceName is "cpuz135" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4f0a28 for PDO 0x8a4f0b88 InstancePath is "Root\LEGACY_DMBOOT\0000" ServiceName is "dmboot" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4f07d0 for PDO 0x8a4f0930 InstancePath is "Root\LEGACY_DMLOAD\0000" ServiceName is "dmload" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4f0508 for PDO 0x8a4f0668 InstancePath is "Root\LEGACY_FIPS\0000" ServiceName is "Fips" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4f02b0 for PDO 0x8a4f0410 InstancePath is "Root\LEGACY_GPC\0000" ServiceName is "Gpc" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a549008 for PDO 0x8a4f01b8 InstancePath is "Root\LEGACY_HTTP\0000" ServiceName is "HTTP" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a549db0 for PDO 0x8a549f10 InstancePath is "Root\LEGACY_IPNAT\0000" ServiceName is "IpNat" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a549b58 for PDO 0x8a549cb8 InstancePath is "Root\LEGACY_IPSEC\0000" ServiceName is "IPSec" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a549900 for PDO 0x8a549a60 InstancePath is "Root\LEGACY_KSECDD\0000" ServiceName is "ksecdd" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a5496a8 for PDO 0x8a549808 InstancePath is "Root\LEGACY_MNMDD\0000" ServiceName is "mnmdd" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a549450 for PDO 0x8a5495b0 InstancePath is "Root\LEGACY_MOUNTMGR\0000" ServiceName is "mountmgr" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a5491f8 for PDO 0x8a549358 InstancePath is "Root\LEGACY_NDIS\0000" ServiceName is "NDIS" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4efed8 for PDO 0x8a4ef038 InstancePath is "Root\LEGACY_NDISTAPI\0000" ServiceName is "NdisTapi" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4efc80 for PDO 0x8a4efde0 InstancePath is "Root\LEGACY_NDISUIO\0000" ServiceName is "Ndisuio" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4efa28 for PDO 0x8a4efb88 InstancePath is "Root\LEGACY_NDPROXY\0000" ServiceName is "NDProxy" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4ef7d0 for PDO 0x8a4ef930 InstancePath is "Root\LEGACY_NETBT\0000" ServiceName is "NetBT" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4ef578 for PDO 0x8a4ef6d8 InstancePath is "Root\LEGACY_NULL\0000" ServiceName is "Null" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4ef320 for PDO 0x8a4ef480 InstancePath is "Root\LEGACY_PARTMGR\0000" ServiceName is "PartMgr" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a548008 for PDO 0x8a4ef228 InstancePath is "Root\LEGACY_PARVDM\0000" ServiceName is "ParVdm" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a548db0 for PDO 0x8a548f10 InstancePath is "Root\LEGACY_RASACD\0000" ServiceName is "RasAcd" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a548b58 for PDO 0x8a548cb8 InstancePath is "Root\LEGACY_RDPCDD\0000" ServiceName is "RDPCDD" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a548900 for PDO 0x8a548a60 InstancePath is "Root\LEGACY_TCPIP\0000" ServiceName is "Tcpip" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a5486a8 for PDO 0x8a548808 InstancePath is "Root\LEGACY_UCX01000\0000" ServiceName is "UCX01000" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a548450 for PDO 0x8a5485b0 InstancePath is "Root\LEGACY_VGASAVE\0000" ServiceName is "VgaSave" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a5481f8 for PDO 0x8a548358 InstancePath is "Root\LEGACY_VOLSNAP\0000" ServiceName is "VolSnap" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4eeed8 for PDO 0x8a4ee038 InstancePath is "Root\LEGACY_WANARP\0000" ServiceName is "Wanarp" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4eec80 for PDO 0x8a4eede0 InstancePath is "Root\LEGACY_WDF01_W8\0000" ServiceName is "WDF01_W8" State = DeviceNodeStarted (0x308) Previous State = DeviceNodeEnumerateCompletion (0x30d) DevNode 0x8a4eea28 for PDO 0x8a4eeb88 InstancePath is "Root\MEDIA\MS_MMACM" ServiceName is "audstub" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4ee7d0 for PDO 0x8a4ee930 InstancePath is "Root\MEDIA\MS_MMDRV" ServiceName is "audstub" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4ee578 for PDO 0x8a4ee6d8 InstancePath is "Root\MEDIA\MS_MMMCI" ServiceName is "audstub" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4ee320 for PDO 0x8a4ee480 InstancePath is "Root\MEDIA\MS_MMVCD" ServiceName is "audstub" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a547008 for PDO 0x8a4ee228 InstancePath is "Root\MEDIA\MS_MMVID" ServiceName is "audstub" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a547db0 for PDO 0x8a547f10 InstancePath is "Root\MS_L2TPMINIPORT\0000" ServiceName is "Rasl2tp" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a547b58 for PDO 0x8a547cb8 InstancePath is "Root\MS_NDISWANIP\0000" ServiceName is "NdisWan" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a547900 for PDO 0x8a547a60 InstancePath is "Root\MS_PPPOEMINIPORT\0000" ServiceName is "RasPppoe" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a5476a8 for PDO 0x8a547808 InstancePath is "Root\MS_PPTPMINIPORT\0000" ServiceName is "PptpMiniport" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a547450 for PDO 0x8a5475b0 InstancePath is "Root\MS_PSCHEDMP\0000" ServiceName is "PSched" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a5471f8 for PDO 0x8a547358 InstancePath is "Root\MS_PTIMINIPORT\0000" ServiceName is "Raspti" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4eded8 for PDO 0x8a4ed038 InstancePath is "Root\RDPDR\0000" ServiceName is "rdpdr" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4edc80 for PDO 0x8a4edde0 InstancePath is "Root\RDP_KBD\0000" ServiceName is "TermDD" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4eda28 for PDO 0x8a4edb88 InstancePath is "Root\RDP_MOU\0000" ServiceName is "TermDD" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4ed7d0 for PDO 0x8a4ed930 InstancePath is "Root\SYSTEM\0000" ServiceName is "swenum" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4ed578 for PDO 0x8a4ed6d8 InstancePath is "Root\SYSTEM\0001" ServiceName is "update" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) DevNode 0x8a4ed320 for PDO 0x8a4ed480 InstancePath is "Root\SYSTEM\0002" ServiceName is "mssmbios" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) Link to comment Share on other sites More sharing options...
daniel_k Posted April 9, 2022 Share Posted April 9, 2022 3 hours ago, Dietmar said: DevNode 0x8a4e6ed8 for PDO 0x8a4a4728 InstancePath is "ACPI\AMDI0030\0" State = DeviceNodeInitialized (0x302) Previous State = DeviceNodeUninitialized (0x301) Problem = CM_PROB_DISABLED It seems that ACPI goes nuts after processing this device (AMD GPIO controller)? ACPI 5.0 introduced special handling of GPIO controllers. Could it be the issue here? http://www.uefi.org/sites/default/files/resources/ACPI_5_0_Errata_B.pdf Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 9, 2022 Author Share Posted April 9, 2022 3 hours ago, Dietmar said: kd> bl 0 eu 0001 (0001) (pci!DriverEntry) 1 eu 0001 (0001) (acpi!DriverEntry) 2 eu 0001 (0001) (acpi!AcpiArbInitializePciRouting) 3 eu 0001 (0001) (acpi!ACPIBusIrpStartDevice) kd> g MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F MM: Loader/HAL memory block indicates large pages cannot be used for 810A6000->8258AFFF MM: Disabling large pages for all ranges due to overlap Breakpoint 1 hit ACPI!DriverEntry: ba71bf80 55 push ebp 15: kd> g *** Assertion failed: PciInterfacesInstantiated *** Source File: e:\nt\base\busdrv\acpi\driver\nt\irqarb.c, line 3512 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? ii *** Assertion failed: pciInterface *** Source File: e:\nt\base\busdrv\acpi\driver\nt\irqarb.c, line 3518 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i Thanks, seems acpi have problem on dispatcher level or other place, i have no glue at present time, need some time to read source... Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 9, 2022 Author Share Posted April 9, 2022 21 minutes ago, daniel_k said: It seems that ACPI goes nuts after processing this device (AMD GPIO controller)? ACPI 5.0 introduced special handling of GPIO controllers. Could it be the issue here? http://www.uefi.org/sites/default/files/resources/ACPI_5_0_Errata_B.pdf @daniel_k not sure, issue can be anything due async logic in driver, last sucessfull line: Quote 8A32C118 ACPI\AMDI0030-0 (0x8a2bd690): IRP_MN_QUERY_INTERFACE - Res 3 Type = {6c154a92-aacf-11d0-8d2a-00a0c906b244} Someone asked acpi to give GUID of some inteface for this device and responce was OK, (or acpi asked to someone, i dont know details). We dont know what happens after because acpi.driver doesn't have debug output in each functions. We know about calling to AcpiArbCrackPRT(), but there is no pevious call to ACPIBusIrpStartDevice() before Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 9, 2022 Author Share Posted April 9, 2022 I played a little in IDA with XP in Virtualbox with full loading to destop Execution order 1) ntoskrnl.exe.IopBootAllocation() -> nt.ArbArbiterHandler() acpi.DriverEntry() ntoskrnl.exe.IopBootAllocation() -> nt.ArbArbiterHandler() ntoskrnl.exe.IopBootAllocation() -> nt.ArbArbiterHandler() 2) pci.DriverEntry() 3) ACPIDispatchIrp() (pci.sys/ntoskrnl send irp to acpi) -> ACPIInternalGetDispatchTable() - set dispatch table as AcpiPdoIrpDispatch[] -> call dispatchTable->PnpStartDevice() = ACPIBusIrpStartDevice() 4) ntoskrnl.exe.IopBootAllocation() -> pci.ArbArbiterHandler() 5) ntoskrnl.exe.IopBootAllocation() - cycle to run may arbhandlers 1) ->acpi.ArbArbiterHandler(arbiter.lib) ->acpi.AcpiArbBootAllocation() ->acpi.ArbBootAllocation(arbiter.lib) ->acpi.AcpiArbPreprocessEntry() ->acpi.AcpiArbAddAllocation() ->acpi.AcpiArbCrackPRT() 2) -> pci.ArbArbiterHandler() 6) ntoskrnl.exe.IopBootAllocation() ->acpi.ArbArbiterHandler(arbiter.lib) .... ->acpi.AcpiArbCrackPRT() 7) ... IRP from PCI/OS to ACPI: WINDBG>!irp 81BEA008 Irp is active with 2 stacks 1 is current (= 0x81bea078) No Mdl: No System Buffer: Thread 81bcc788: Irp stack trace. cmd flg cl Device File Completion-Context >[ 1b, 0] 0 e1 81b69f18 00000000 f99ac202-f9e6b2b4 Success Error Cancel pending \Driver\ACPI pci!PciSetEventCompletion Args: e1451718 e14539f0 00000000 00000000 [ 1b, 0] 0 0 81b69728 00000000 00000000-00000000 \Driver\PCI Args: e1451718 e14539f0 00000000 00000000 MajorFunction = IRP_MJ_PNP MinorFunction = IRP_MN_START_DEVICE Link to comment Share on other sites More sharing options...
Damnation Posted April 10, 2022 Share Posted April 10, 2022 @Mov AX, 0xDEAD Maybe try comparing nonworking ACPIArbCrackPRT to working LinkNodeCrackPrt to try and find what LinkNodeCrackPrt does differently to avoid the BSOD? 1 Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 10, 2022 Author Share Posted April 10, 2022 1 hour ago, Damnation said: @Mov AX, 0xDEAD Maybe try comparing nonworking ACPIArbCrackPRT to working LinkNodeCrackPrt to try and find what LinkNodeCrackPrt does differently to avoid the BSOD? LinkNodeCrackPrt() rewritten from scratch, we can't use it, without deep debugging there is no possible to find root of problem Workaround for this BSOD, change in irqarb.c ASSERT(PciInterfacesInstantiated); to Quote //ASSERT(PciInterfacesInstantiated); if (!PciInterfacesInstantiated) { // AcpiArbCrackPRT() BSOD 0x7E(c0000005, ...) temp workaround return STATUS_NOT_FOUND; } this simple condition allows AcpiArbCrackPRT() skip processing until pci.sys will not be loaded Link to comment Share on other sites More sharing options...
Dietmar Posted April 10, 2022 Share Posted April 10, 2022 @Mov AX, 0xDEAD Do you have an idea, for what AcpiArbCrackPRT() is needed? The name itself tells something strange. What has happened, that pci.sys is not loaded before AcpiArbCrackPRT() on Ryzen cpu? Because you told via Virtualbox pci.sys Driverentry for pci.sys is reached before AcpiArbCrackPRT() ? Driverentry of pci.sys is not reached. What can make this Dietmar Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 10, 2022 Author Share Posted April 10, 2022 @Dietmar On 4/2/2022 at 10:33 PM, Dietmar said: But now other BSOD appears 0x000000A5 (0x00000002, xxx, 0x00000001, yyy) The "1" in this BSOD means: 1 : ACPI cannot convert the BIOS' resource list into the proper format. This probably represents a flaw in the BIOS' list encoding procedure. Can you prepare logfile before this BSOD ? use Kd_ACPI_Mask 0xFFFFFFFF Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 10, 2022 Author Share Posted April 10, 2022 (edited) 23 minutes ago, Dietmar said: @Mov AX, 0xDEAD Do you have an idea, for what AcpiArbCrackPRT() is needed? The name itself tells something strange. AcpiArbCrackPRT() is decoder for IRQ routing, description tell about some "link nodes" It called many times, so best to keep it running when pci was loaded You can after patching set breakpoint to AcpiArbCrackPRT() and pci!entry to see how ofter it was called before and after loading pci 23 minutes ago, Dietmar said: What has happened, that pci.sys is not loaded before AcpiArbCrackPRT() on Ryzen cpu? i dont know :) i think acpi report to kernel about some device, kernel try to get irq routing for it immediatly 23 minutes ago, Dietmar said: Because you told via Virtualbox pci.sys Driverentry for pci.sys is reached before AcpiArbCrackPRT() ? yes, see kernel is requester to first call to AcpiArbCrackPRT() and always only after pci was started Edited April 10, 2022 by Mov AX, 0xDEAD Link to comment Share on other sites More sharing options...
Dietmar Posted April 10, 2022 Share Posted April 10, 2022 @Mov AX, 0xDEAD "But now other BSOD appears 0x000000A5 (0x00000002, xxx, 0x00000001, yyy)" This Bsod is gone after your patch Ulong ---> Ulong64 very strange but true Dietmar Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 10, 2022 Author Share Posted April 10, 2022 (edited) 11 hours ago, Dietmar said: This Bsod is gone after your patch Ulong ---> Ulong64 very strange but true OK, let assume this bsod was random From my old list there are still some left 1) 0xA5 (0x0000000D, ..., ..., ...) duplicated _HID method for AMD boards 2) 0xA5 (0x11, 0x08, ..., ...) unknow error in _AMLILoadDDB() 3) 0xA5 (0x2001, 0x01, 0xC0000034, ...) Failure to evaluate the _PIC method NotifyHalWithMachineStates() and more binary patches to acpi.sys from Daniel/Dietmar/Daniel/Infuscomus and Patch Integrator Edited April 10, 2022 by Mov AX, 0xDEAD Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now