Mov AX, 0xDEAD Posted December 24, 2022 Author Posted December 24, 2022 2 hours ago, Andalu said: I assume that this error may depend on the different versions of the ntkrpamp.exe and ntkrpamp.pdb files that are present on the Host and Target. However, I have only one ntkrpamp.pdb with SHA-1 0E36280FAD94784C7457E1D05A38E53CB40904D1 linked to ntkrpamp.exe v5.1.2600.7581 (SHA-1 14A56010EDEAED3B171CC9B836BF274DD26D0995). SHA-1 0e36... OK SHA-1 14a5... OK GUID path on screen - Wrong ntkrpamp.exe v5.1.2600.7581 (SHA-1 14A56010EDEAED3B171CC9B836BF274DD26D0995) has PDB info: Quote [SYMCHK] MODULE64 Info ---------------------- [SYMCHK] Struct size: 1680 bytes [SYMCHK] Base: 0x00400000 [SYMCHK] Image size: 2154496 bytes [SYMCHK] Date: 0x5b994292 [SYMCHK] Checksum: 0x001f70bb [SYMCHK] NumSyms: 0 [SYMCHK] SymType: SymPDB [SYMCHK] ModName: ntkrpamp [SYMCHK] ImageName: C:\ACPI\AVX\release\ntkrpamp.exe [SYMCHK] LoadedImage: C:\ACPI\AVX\release\ntkrpamp.exe [SYMCHK] PDB: "c:\ACPI\SYMBOLS\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb" [SYMCHK] CV: RSDS [SYMCHK] CV DWORD: 0x53445352 [SYMCHK] CV Data: ntkrpamp.pdb [SYMCHK] PDB Sig: 0 [SYMCHK] PDB7 Sig: {270E083F-5771-4738-A189-5FE542CFB8DE} [SYMCHK] Age: 1 [SYMCHK] PDB Matched: TRUE [SYMCHK] DBG Matched: TRUE [SYMCHK] Line nubmers: FALSE [SYMCHK] Global syms: FALSE [SYMCHK] Type Info: TRUE [SYMCHK] ------------------------------------ SymbolCheckVersion 0x00000002 Result 0x00130001 DbgFilename DbgTimeDateStamp 0x5b994292 DbgSizeOfImage 0x0020e000 DbgChecksum 0x001f70bb PdbFilename c:\ACPI\SYMBOLS\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb PdbSignature {270E083F-5771-4738-A189-5FE542CFB8DE} PdbDbiAge 0x00000001 [SYMCHK] [ 0x00000000 - 0x00130001 ] Checked "C:\ACPI\AVX\release\ntkrpamp.exe"
Mov AX, 0xDEAD Posted December 24, 2022 Author Posted December 24, 2022 (edited) @Andalu on last screen ntkrpamp.pdb also opened where windbg installed, i think this is wrong, yes windbg create copy of active *.pdf in own directory, but inside folder /sym/name.pdb/*GUID*/name.pdb : Quote c:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\7D6290E03E32455BB0E035E38816124F1\ntkrpamp.pdb Edited December 24, 2022 by Mov AX, 0xDEAD
Andalu Posted December 24, 2022 Posted December 24, 2022 (edited) @Mov AX, 0xDEAD before the image posted above, since filemon highlighted the reference to that specific folder: I followed the easy way: I created it manually as well as copied in windbg the file ntkrpamp.pdb since its missing was also highlighted by filemon. I don't have that version of ntkrpamp.pdb with that specific signature. Edited December 24, 2022 by Andalu
Dietmar Posted December 25, 2022 Posted December 25, 2022 @Andalu Set up all new. Take my files (Symbols, ntos3, hal3), which I send. They work Dietmar
Andalu Posted December 25, 2022 Posted December 25, 2022 @Dietmar the problem did not depend on the files used which are the ones you uploaded but the path of the symbols. I had always extracted the 'Symbolsss.7z' file inside the pre-existing "c:\acpi\symbols" folder and got the missing symbol error for ntkrpamp.exe. Instead now, extracting the .7z file inside the "c:\acpi\Symbolssss" folder, that error no longer appeared: Now though, how should I proceed since the 7F BSOD I get is not necessarily dependent on the nvme driver I am testing? Or rather, the error occurs only when I install that driver on the system nvme disk, then install the video drivers (ATI or nVidia doesn't matter) and finally perform the reboot. No problem when the same driver is installed for an nvme data disk. 1
Dietmar Posted December 25, 2022 Posted December 25, 2022 @Andalu I have this crazy Bsod with 7F also sometimes after installing the nvidia graphikcard. May be, that there is an ressources conflict. For to check this, set up a minimal XP SP3, only with the drivers which you want to test. Disable everything other in Bios and in Device Manager. And then hit just "g" after breakpoint for to see, which driver gives this Bsod Dietmar
Dietmar Posted December 25, 2022 Posted December 25, 2022 (edited) @Andalu Make sure, that you use the latest acpi.sys Dietmar acpi.sys free and debug laast V7 with OSfake https://ufile.io/trphcl2x Edited December 25, 2022 by Dietmar
Andalu Posted December 25, 2022 Posted December 25, 2022 @Dietmar Here is what happens with the crazy nvme driver integrated into the XP ISO: a) with the Integral Edition the installation of XP completed successfully, but the system gives BSOD 7F before accessing the desktop for the first time; b) with the original ISO XP installs and runs smoothly until the video driver is installed. With the video driver installed, the system starts to give BSOD 7F on reboot. I thought the only practicable way to try to understand something about this behavior is to debug situation b), after installing the video driver. How can I do that? To complete the information I would add that the same driver doesn't give any problems when installed for an nvme data disk and that in XP x64 it also works when installed for a system nvme disk.
Dietmar Posted December 25, 2022 Posted December 25, 2022 @Andalu Use the original ISO XP and set up there ntos3.exe and hal3.dll for a debug session. Check, if windbg runs without problem. Then install the graphikdriver and run windbg for to fetch the 7F Bsod Dietmar
Andalu Posted December 26, 2022 Posted December 26, 2022 First input and first error encountered: Quote Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86 Copyright (c) Microsoft Corporation. All rights reserved. Using NET for debugging Opened WinSock 2.0 Waiting to reconnect... Connected to target 192.168.1.3 on port 50000 on local IP 192.168.1.1. Connected to Windows XP 2600 x86 compatible target at (Mon Dec 26 10:06:49.921 2022 (UTC - 6:00)), ptr64 FALSE Kernel Debugger connection established. ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\ACPI\Symbolssss Deferred srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: C:\ACPI\Symbolssss;srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible Built by: 2600.xpsp.080413-2133 Machine Name: Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8 System Uptime: not available Break instruction exception - code 80000003 (first chance) nt!DbgBreakPoint: 80ac37e0 cc int 3 kd> ed Kd_nvme_Mask 0xFFFFFFFF Couldn't resolve error at 'Kd_nvme_Mask 0xFFFFFFFF'
Dietmar Posted December 26, 2022 Posted December 26, 2022 (edited) @Andalu This is the normal break of windbg, for to have a fixed start point. Now you only need to hit "g" in commandline. Later, may be you have to hit "i" again and again, this means nothing. Then you should come to desktop. After this, install without windbg (just use 1. setting in boot,ini) the Nvidia driver. And then use windbg again. Windbg should show to you, which device makes the 7F Bsod Dietmar EDIT: I think, that the command ed Kd_ACPI_Mask 0x7FFFFFFF works only with the debug version of acpi.sys. At the moment, use the normal free acpi.sys because I think, that the error is not acpi related. And that there is no aquivalent for nvme. Edited December 26, 2022 by Dietmar
Andalu Posted December 26, 2022 Posted December 26, 2022 @Dietmar other errors: Quote Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86 Copyright (c) Microsoft Corporation. All rights reserved. Using NET for debugging Opened WinSock 2.0 Waiting to reconnect... Connected to target 192.168.1.3 on port 50000 on local IP 192.168.1.1. Connected to Windows XP 2600 x86 compatible target at (Mon Dec 26 10:06:49.921 2022 (UTC - 6:00)), ptr64 FALSE Kernel Debugger connection established. ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\ACPI\Symbolssss Deferred srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: C:\ACPI\Symbolssss;srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible Built by: 2600.xpsp.080413-2133 Machine Name: Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8 System Uptime: not available Break instruction exception - code 80000003 (first chance) nt!DbgBreakPoint: 80ac37e0 cc int 3 kd> ed Kd_nvme_Mask 0xFFFFFFFF Couldn't resolve error at 'Kd_nvme_Mask 0xFFFFFFFF' kd> g MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F MTRR feature disabled. KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled *** Assertion failed: IopInitHalResources == NULL *** Source File: d:\xpsp\base\ntos\io\pnpmgr\pnpinit.c, line 1455 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)?
Andalu Posted December 26, 2022 Posted December 26, 2022 @Dietmar here the log without the ed Kd_nvme_Mask 0x7FFFFFFF command: Quote Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86 Copyright (c) Microsoft Corporation. All rights reserved. Using NET for debugging Opened WinSock 2.0 Waiting to reconnect... Connected to target 192.168.1.3 on port 50000 on local IP 192.168.1.1. Connected to Windows XP 2600 x86 compatible target at (Mon Dec 26 09:29:29.375 2022 (UTC - 6:00)), ptr64 FALSE Kernel Debugger connection established. ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\ACPI\Symbolssss Deferred srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: C:\ACPI\Symbolssss;srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible Built by: 2600.xpsp.080413-2133 Machine Name: Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8 System Uptime: not available Break instruction exception - code 80000003 (first chance) nt!DbgBreakPoint: 80ac37e0 cc int 3 kd> bu nvme!DriverEntry kd> g MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F *** ERROR: Module load completed but symbols could not be loaded for NVMe.sys Breakpoint 0's offset expression evaluation failed. Check for invalid symbols or bad syntax. nt!DebugService2+0x11: 80acb77b 5d pop ebp
Dietmar Posted December 26, 2022 Posted December 26, 2022 (edited) @Andalu Just hit "g". And then again "i" and again "i".. until Bsod Dietmar PS: Delete the breakpoint for nvme in windbg. Edited December 26, 2022 by Dietmar
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now