Mov AX, 0xDEAD Posted April 5, 2022 Author Share Posted April 5, 2022 3 hours ago, Dietmar said: STACK_TEXT: ba551858 80a30d7b 00000003 ba551bb4 00000000 nt!RtlpBreakWithStatusInstruction ba5518a4 80a319e6 00000003 897d7868 898bf000 nt!KiBugCheckDebugBreak+0x19 ba551c84 80a31f77 000000a5 00000003 8989dba4 nt!KeBugCheck2+0x574 ba551ca4 ba732b29 000000a5 00000003 8989dba4 nt!KeBugCheckEx+0x1b ba551cc0 ba75c355 8989dba4 c0140008 00000000 ACPI!ACPIBuildCompleteMustSucceed+0x31 [e:\software\windowssourcecode\microsoft.leaked.source.code.archive_2020-10-04\nt5src\source\xpsp1\nt\base\busdrv\acpi\driver\nt\buildsrc.c @ 431] ba551cf8 ba75a1b5 ba732af8 c0140008 00000000 ACPI!AsyncCallBack+0xe5 [e:\software\windowssourcecode\microsoft.leaked.source.code.archive_2020-10-04\nt5src\source\xpsp1\nt\base\busdrv\acpi\driver\amlinew\sync.c @ 82] ba551d1c ba75d133 c0140008 4556414c 898bf000 ACPI!RunContext+0x1f5 [e:\software\windowssourcecode\microsoft.leaked.source.code.archive_2020-10-04\nt5src\source\xpsp1\nt\base\busdrv\acpi\driver\amlinew\ctxt.c @ 649] ba551d44 ba75d25f 898bf000 00000000 ba77ab08 ACPI!InsertReadyQueue+0x15a [e:\software\windowssourcecode\microsoft.leaked.source.code.archive_2020-10-04\nt5src\source\xpsp1\nt\base\busdrv\acpi\driver\amlinew\sched.c @ 275] ba551d64 ba74e137 897d7a48 00000000 89913020 ACPI!RestartCtxtPassive+0x54 [e:\software\windowssourcecode\microsoft.leaked.source.code.archive_2020-10-04\nt5src\source\xpsp1\nt\base\busdrv\acpi\driver\amlinew\sched.c @ 384] ba551dac 80bd81ac 00000000 00000000 00000000 ACPI!ACPIWorker+0xbf [e:\software\windowssourcecode\microsoft.leaked.source.code.archive_2020-10-04\nt5src\source\xpsp1\nt\base\busdrv\acpi\driver\nt\worker.c @ 302] ba551ddc 80ae4212 ba74e078 00000000 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 Ok, this trace dont show usefull info c0140008 = AMLIERR_UNEXPECTED_ARGTYPE, in all cases AMLIERR_UNEXPECTED_ARGTYPE used with code like this rc = AMLI_LOGERR(AMLIERR_UNEXPECTED_ARGTYPE, ("ValidateArgTypes: expected Arg%d to be type Integer (Type=%s)..); seems AMLI_LOGERR() has some requirement to enable text message, need to change it to show messsage in any case Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 6, 2022 Author Share Posted April 6, 2022 (edited) Hi! 1) Little patch to enable text output of wanted function: In function IsTraceOn() inside trace.c after line: BOOLEAN rc = FALSE; add few lines: if ( !_stricmp(pszProcName, "VALIDATEARGTYPES") || !_stricmp(pszProcName, "VALIDATETARGET") || !_stricmp(pszProcName, "xxx") || !_stricmp(pszProcName, "yyy") ) { rc = TRUE; } You can add/replace xxx/yyy to any wanted function, just look at begin of function for line like TRACENAME("FATAL"), word FATAL is what you need 2) Configure WinDbg: for massive verbose output build acpi.sys debug version configure boot.ini to insta-break /BREAK enable WinDbg output to file: Edit->Opem/Close log file (repeat at every session) bu acpi!DriverEntry - tell to stop at acpi.sys (windbg will save between sessions) g - run kernel before first breakpoint wait for break in acpi, you must see message Breakpoint 0 hit ACPI!DriverEntry: ed Kd_ACPI_Mask 0xFFFFFFFF !amli set spewon verboseon logon traceon g - continue to load windows type Ignore few times if asked, usually this is assertion check, so better to check in source files what condition was triggered wait until desktop loaded, you must see a lot of text commit log file: Edit->Opem/Close log file->Close Edited April 6, 2022 by Mov AX, 0xDEAD Link to comment Share on other sites More sharing options...
Dietmar Posted April 6, 2022 Share Posted April 6, 2022 (edited) @Mov AX, 0xDEAD You mean, that for the trace.c in base\busdrv\acpi\driver\amlinew 1.) I should add after line BOOLEAN rc = FALSE; in this trace.c if ( !_stricmp(pszProcName, "VALIDATEARGTYPES") || !_stricmp(pszProcName, "VALIDATETARGET") || !_stricmp(pszProcName, "xxx") || !_stricmp(pszProcName, "yyy") ) { rc = TRUE; } and then compile acpi.sys debug version new with this new trace.c . But what have I to write for "xxx" and "yyy" ? Dietmar PS: Maybe, that for this BSOD with c0140008 it is enough to add in trace.c only this one if ( !_stricmp(pszProcName, "VALIDATEARGTYPES") || !_stricmp(pszProcName, "VALIDATETARGET") ) { rc = TRUE; } Edited April 6, 2022 by Dietmar Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 6, 2022 Author Share Posted April 6, 2022 2 hours ago, Dietmar said: @Mov AX, 0xDEAD if ( !_stricmp(pszProcName, "VALIDATEARGTYPES") || !_stricmp(pszProcName, "VALIDATETARGET") || !_stricmp(pszProcName, "xxx") || !_stricmp(pszProcName, "yyy") ) and then compile acpi.sys debug version new with this new trace.c . But what have I to write for "xxx" and "yyy" ? @Dietmar You can keep xxx/yyy as is, _stricmp() is string comparator, you can compare anything with anything, results are ORed Link to comment Share on other sites More sharing options...
Dietmar Posted April 6, 2022 Share Posted April 6, 2022 (edited) @Mov AX, 0xDEAD Here is my fresh build of acpi.sys V2 Debug for more TXT output;)). Hope, that I did everything right Dietmar https://ufile.io/jlfv7p71 EDIT: Looong txt is running in Windbg. Edited April 6, 2022 by Dietmar Link to comment Share on other sites More sharing options...
Dietmar Posted April 6, 2022 Share Posted April 6, 2022 (edited) @Mov AX, 0xDEAD Now, loong output stops with know Bsod containing 0xC0140008 . Here is the reason, thanks a lot Dietmar 8989dbf9: { 8989dbf9: CreateQWordField(NBUF=Buffer(0x30){ 0x8a,0x2b,0x00,0x00,0x01,0x10,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x79,0x00},0xe,NBAS)AMLI:| | | | | | | | ValidateArgTypes(pArgs=897680fc,ExpectedTypes=BI) AMLI:| | | | | | | | ValidateArgTypes=0 8989dc04: CreateQWordField(NBUF=Buffer(0x30){ 0x8a,0x2b,0x00,0x00,0x01,0x10,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x79,0x00},0x16,NMAS)AMLI:| | | | | | | | ValidateArgTypes(pArgs=897680fc,ExpectedTypes=BI) AMLI:| | | | | | | | ValidateArgTypes=0 8989dc0f: CreateQWordField(NBUF=Buffer(0x30){ 0x8a,0x2b,0x00,0x00,0x01,0x10,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 0x00,0x00,0x00,0x00,0x79,0x00},0x26,NLEN)AMLI:| | | | | | | | ValidateArgTypes(pArgs=897680fc,ExpectedTypes=BI) AMLI:| | | | | | | | ValidateArgTypes=0 8989dc1a: Store(NHLAACPIAsyncAcquireGlobalLock: Entered with context 897680ac ACPIAsyncAcquireGlobalLock: Got lock immediately, Context 897680ac ACPIReleaseGlobalLock: Lock released by context 897680ac =Buffer(0x8){ 0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00},NBAS)AMLI:| | | | | | | ValidateTarget(pdataTarget=89768110,ExpectedType=DataObject,ppdata=ba55bcd4) AMLI:| | | | | | | ValidateTarget=0 (pdataTarget=89768160) =Buffer(0x8){ 0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00} 8989dc23: Add(NHLAACPIAsyncAcquireGlobalLock: Entered with context 897680ac ACPIAsyncAcquireGlobalLock: Got lock immediately, Context 897680ac ACPIReleaseGlobalLock: Lock released by context 897680ac =Buffer(0x8){ 0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00},Subtract(NHLLACPIAsyncAcquireGlobalLock: Entered with context 897680ac ACPIAsyncAcquireGlobalLock: Got lock immediately, Context 897680ac ACPIReleaseGlobalLock: Lock released by context 897680ac =0x0,One,)AMLI:| | | | | | | ValidateArgTypes(pArgs=8976827c,ExpectedTypes=II) AMLI:| | | | | | | ValidateArgTypes=0 AMLI:| | | | | | | ValidateTarget(pdataTarget=897682a4,ExpectedType=DataObject,ppdata=ba55bcd4) AMLI:| | | | | | | ValidateTarget=0 (pdataTarget=897682a4) =0xffffffff,NMAS)AMLI:| | | | | | | ValidateArgTypes(pArgs=897680fc,ExpectedTypes=II) AMLI_ERROR(c0140008): Unexpected argument type ValidateArgTypes: expected Arg0 to be type Integer (Type=Buffer) AMLI:| | | | | | | ValidateArgTypes=c0140008 8989dc33: } *** Fatal System Error: 0x000000a5 (0x00000003,0x8989DBA4,0xC0140008,0x494E495F) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows XP 2600 x86 compatible target at (Wed Apr 6 13:29:01.796 2022 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ......................... Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A5, {3, 8989dba4, c0140008, 494e495f} Probably caused by : ACPI.sys ( ACPI!ACPIBuildCompleteMustSucceed+31 ) Followup: MachineOwner Edited April 6, 2022 by Dietmar Link to comment Share on other sites More sharing options...
Dietmar Posted April 6, 2022 Share Posted April 6, 2022 (edited) @Mov AX, 0xDEAD NMAS appears in DSDT only in this Method. Here is the whole Windbg output with name otto1 https://ufile.io/9zatgp5y Dietmar Method (_INI, 0, NotSerialized) // _INI: Initialize { CreateQWordField (NBUF, \_SB.PC00.HDAS._Y35._MIN, NBAS) // _MIN: Minimum Base Address CreateQWordField (NBUF, \_SB.PC00.HDAS._Y35._MAX, NMAS) // _MAX: Maximum Base Address CreateQWordField (NBUF, \_SB.PC00.HDAS._Y35._LEN, NLEN) // _LEN: Length NBAS = NHLA /* \NHLA */ NMAS = (NHLA + (NHLL - One)) NLEN = NHLL /* \NHLL */ } Edited April 6, 2022 by Dietmar Link to comment Share on other sites More sharing options...
Dietmar Posted April 6, 2022 Share Posted April 6, 2022 (edited) @Mov AX, 0xDEAD I think, that in the translation of the Acpi2 word CreateQWordField ---> CreateDWordField something went wrong. The first argument in this function is from type buffer and I think, CreateQWordField also returns a value from type buffer. And the Method _INI is parsed from XP, other Method with also CreateQWordField in it may be just not parsed from XP and so no error. This would mean, that any DSDT, that contains a Method _INI and the Acpi2 word CreateQWordField in it would give until now Bsod with BugCheck A5, {3, xxx, c0140008, yyy} Dietmar PS: Maybe, that the same error for the Acpi2 word CreateQWordField also happens in Vista (Longhorn) 5048 acpi.sys . Edited April 6, 2022 by Dietmar Link to comment Share on other sites More sharing options...
Damnation Posted April 6, 2022 Share Posted April 6, 2022 @Dietmar you may as well try my earlier suggestion - 2 Link to comment Share on other sites More sharing options...
WinWord2000 Posted April 6, 2022 Share Posted April 6, 2022 On 4/4/2022 at 10:33 PM, Mov AX, 0xDEAD said: Hi Winword2000, Club This is possible only if someone leak win2000 acpi sources from MS. Second option is binary patching without sources, but you need to find some Bro who interested with this job I think it is also possible if we change the ntoskrnl and hal of Windows 2000 with the ntoskrnl and hal of the leaked XP sp1 , Is that correct ? WinWord2000 (Mox ax,bx) Grazie a tutti ! Link to comment Share on other sites More sharing options...
George King Posted April 6, 2022 Share Posted April 6, 2022 3 minutes ago, WinWord2000 said: I think it is also possible if we change the ntoskrnl and hal of Windows 2000 with the ntoskrnl and hal of the leaked XP sp1 , Is that correct ? WinWord2000 (Mox ax,bx) Grazie a tutti ! You can try to replace Windows 2000 acpi.sys with one that is linked on first page to WinCert. Or try explore that file on running Windows with Depency Walker to see if there are missing import. If no missing import, then you can try to replace it on running system 1 Link to comment Share on other sites More sharing options...
WinWord2000 Posted April 6, 2022 Share Posted April 6, 2022 (edited) 1 hour ago, George King said: You can try to replace Windows 2000 acpi.sys with one that is linked on first page to WinCert. Or try explore that file on running Windows with Depency Walker to see if there are missing import. If no missing import, then you can try to replace it on running system I know someone in another Forum who I think is Damnation here, who started doing this work, but he encountered problems in debugging : https://forum.eclectic4un.me/viewtopic.php?f=25&t=89 . @Damnationdo you know how to handle this error ? If anyone @Dietmar or @Mov AX, 0xDEAD or @George King know of debugging knowledge then help Damnation please Windows 2000 is the only classic system that can run this because of its similarity to XP I don't know about this stuff ,my specialist is Security and Network WinWord2000 (Mox ax,bx in EclecBoard) Grazie a tutti ! Edited April 6, 2022 by WinWord2000 Link to comment Share on other sites More sharing options...
George King Posted April 6, 2022 Share Posted April 6, 2022 (edited) On 4/4/2022 at 10:59 PM, Mov AX, 0xDEAD said: Use official MS way: create separate .asm files in amd64 folder, let's name as amd64_helpers.asm add AMD64_SOURCES= amd64\amd64_helpers.asm to file "sources" of project place inlined __asm {...} code with preprocessor #ifdef _X86_ ...... #endif, it will processed only for x32 builds example of x64 asm: PUBLIC OSNotifyDeviceCheck EXTRN g_AmliHookEnabled:DWORD EXTRN memcpy:PROC EXTRN memset:PROC OSNotifyDeviceCheck PROC ... call memcpy ... OSNotifyDeviceCheck ENDP Can you please prepare x64 ASM for this project? I have no idea how I can do it. I understand these steps except ASM creation.. Or does it mean only to copy current ASM code to standalone file? I would like to compile it for x64 target to give it a try on my machine. EDIT: I have added #ifdef _X86_ to osnotify.c and devpower.c. But now I fail with these warnings, how I can solve variable conversion type? Is there a way to bypass it? Edited April 6, 2022 by George King Link to comment Share on other sites More sharing options...
Dietmar Posted April 6, 2022 Share Posted April 6, 2022 @Mov AX, 0xDEAD Can the trace.c function also be used for the Acpi Bsod 0x000000A5 (0x00000002, xxx, 0x00000001(0), yyy) The "1" in this BSOD means: 1 : ACPI cannot convert the BIOS' resource list into the proper format. This probably represents a flaw in the BIOS' list encoding procedure. Which functions have to be set at this places, for 0x000000A5 (0x00000002, xxx, 0x00000001, yyy) and then later for 0x000000A5 (0x00000002, xxx, 0x00000000, yyy) via if ( !_stricmp(pszProcName, "VALIDATEARGTYPES") || !_stricmp(pszProcName, "VALIDATETARGET") || !_stricmp(pszProcName, "xxx") || !_stricmp(pszProcName, "yyy") ) Dietmar Link to comment Share on other sites More sharing options...
Mov AX, 0xDEAD Posted April 6, 2022 Author Share Posted April 6, 2022 (edited) 10 hours ago, Dietmar said: @Mov AX, 0xDEAD 8989dc1a: Store(NHLAACPIAsyncAcquireGlobalLock: Entered with context 897680ac ACPIAsyncAcquireGlobalLock: Got lock immediately, Context 897680ac ACPIReleaseGlobalLock: Lock released by context 897680ac =Buffer(0x8){ 0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00},NBAS)AMLI:| | | | | | | ValidateTarget(pdataTarget=89768110,ExpectedType=DataObject,ppdata=ba55bcd4) AMLI:| | | | | | | ValidateTarget=0 (pdataTarget=89768160) =Buffer(0x8){ 0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00} 8989dc23: Add(NHLAACPIAsyncAcquireGlobalLock: Entered with context 897680ac ACPIAsyncAcquireGlobalLock: Got lock immediately, Context 897680ac ACPIReleaseGlobalLock: Lock released by context 897680ac =Buffer(0x8){ 0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00},Subtract(NHLLACPIAsyncAcquireGlobalLock: Entered with context 897680ac ACPIAsyncAcquireGlobalLock: Got lock immediately, Context 897680ac ACPIReleaseGlobalLock: Lock released by context 897680ac =0x0,One,)AMLI:| | | | | | | ValidateArgTypes(pArgs=8976827c,ExpectedTypes=II) AMLI:| | | | | | | ValidateArgTypes=0 AMLI:| | | | | | | ValidateTarget(pdataTarget=897682a4,ExpectedType=DataObject,ppdata=ba55bcd4) AMLI:| | | | | | | ValidateTarget=0 (pdataTarget=897682a4) =0xffffffff,NMAS)AMLI:| | | | | | | ValidateArgTypes(pArgs=897680fc,ExpectedTypes=II) AMLI_ERROR(c0140008): Unexpected argument type ValidateArgTypes: expected Arg0 to be type Integer (Type=Buffer) AMLI:| | | | | | | ValidateArgTypes=c0140008 @Dietmar Quote 8989dbf9: CreateQWordField(NBUF=Buffer(0x30){...NBAS) ValidateArgTypes(ExpectedTypes=BI) ValidateArgTypes=0 8989dc04: CreateQWordField(NBUF=Buffer(0x30){...NMAS) ValidateArgTypes(ExpectedTypes=BI) ValidateArgTypes=0 8989dc0f: CreateQWordField(NBUF=Buffer(0x30){...NLEN) ValidateArgTypes(ExpectedTypes=BI) ValidateArgTypes=0 Creating fields was OK Quote 8989dc1a: Store( =Buffer(0x8){0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00},NBAS) ValidateTarget(ExpectedType=DataObject) ValidateTarget=0 =Buffer(0x8){0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00} NBAS = NHLA shows as OK, but NHLA was evaluated as Buffer, must be Integer Quote 8989dc23: Add( =Buffer(0x8){0x00,0xc0,0x26,0x65,0x00,0x00,0x00,0x00} ,Subtract(=0x0,One,) ValidateArgTypes(ExpectedTypes=II) ValidateArgTypes=0 ValidateTarget(ExpectedType=DataObject) ValidateTarget=0 NHLL - One is OK, NHLL evaluated as 0x0 Integer, result = 0 - 1 = -1 = 0xffffffff Quote =0xffffffff,NMAS) ValidateArgTypes(ExpectedTypes=II) AMLI_ERROR(c0140008): Unexpected argument type ValidateArgTypes: expected Arg0 to be type Integer (Type=Buffer) ValidateArgTypes=c0140008 NMAS = (NHLA + (NHLL - One)) is Failed Add() expect two integers, but first argument (Arg0=NHLA) evaluated as Buffer/Field How it was declared (on my bios): Quote OperationRegion (PNVA, SystemMemory, PNVB, PNVL) Field (PNVA, AnyAcc, Lock, Preserve) { ... NHLA, 64, NHLL, 32, .... } NHLL is OK, 32bit field, at Subtract() evaluated as 0x0 Integer NHLA is BAD, seems XP ACPI don't handle 64bit field declaration as Integer and alias it as Buffer type This declaration is not CreateQWordField opcode, it handled in other place(OperationRegion/Buffer opcode i guess ) On my Skylake H110 board this code has OS check, so DSDT authors know about ACPI compatibility Quote Method (_INI, 0, NotSerialized) // _INI: Initialize { If (OSYS >= 0x07D6) { CreateQWordField (NBUF, \_SB.PCI0.HDAS._Y25._MIN, NBAS) // _MIN: Minimum Base Address CreateQWordField (NBUF, \_SB.PCI0.HDAS._Y25._MAX, NMAS) // _MAX: Maximum Base Address CreateQWordField (NBUF, \_SB.PCI0.HDAS._Y25._LEN, NLEN) // _LEN: Length NBAS = NHLA /* \NHLA */ NMAS = (NHLA + (NHLL - One)) NLEN = NHLL /* \NHLL */ If (VDID != 0xFFFFFFFF) { VMMH (Zero, One) } } } Edited April 6, 2022 by Mov AX, 0xDEAD 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now