Andalu Posted December 26, 2022 Posted December 26, 2022 (edited) @Dietmar I got it: Quote Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86 Copyright (c) Microsoft Corporation. All rights reserved. Using NET for debugging Opened WinSock 2.0 Waiting to reconnect... Connected to target 192.168.1.3 on port 50000 on local IP 192.168.1.1. Connected to Windows XP 2600 x86 compatible target at (Mon Dec 26 10:30:35.421 2022 (UTC - 6:00)), ptr64 FALSE Kernel Debugger connection established. ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\ACPI\Symbolssss Deferred srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: C:\ACPI\Symbolssss;srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible Built by: 2600.xpsp.080413-2133 Machine Name: Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8 System Uptime: not available Break instruction exception - code 80000003 (first chance) nt!DbgBreakPoint: 80ac37e0 cc int 3 kd> sxe ld nvme.sys kd> g MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F nt!DebugService2+0x10: 80acb77a cc int 3 kd> g MTRR feature disabled. KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled *** Assertion failed: IopInitHalResources == NULL *** Source File: d:\xpsp\base\ntos\io\pnpmgr\pnpinit.c, line 1455 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\mm\iosup.c, line 7347 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 163 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i EX: Pageable code called at IRQL 2 *** Assertion failed: FALSE *** Source File: d:\xpsp\base\ntos\ex\rundown.c, line 274 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i *** Assertion failed: IoWorkItem->Size == sizeof( IO_WORKITEM ) *** Source File: d:\xpsp\base\ntos\io\iomgr\misc.c, line 965 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i FSTUB: disk 89F9FAB8 failed to report geometry. *** Assertion failed: IoWorkItem->Size == sizeof( IO_WORKITEM ) *** Source File: d:\xpsp\base\ntos\io\iomgr\misc.c, line 965 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i FSTUB: disk 89F9FAB8 failed to report geometry. *** Assertion failed: IoWorkItem->Size == sizeof( IO_WORKITEM ) *** Source File: d:\xpsp\base\ntos\io\iomgr\misc.c, line 965 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i FSTUB: disk 89F9FAB8 failed to report geometry. *** Assertion failed: IoWorkItem->Size == sizeof( IO_WORKITEM ) *** Source File: d:\xpsp\base\ntos\io\iomgr\misc.c, line 965 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i *** Assertion failed: IoWorkItem->Size == sizeof( IO_WORKITEM ) *** Source File: d:\xpsp\base\ntos\io\iomgr\misc.c, line 965 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i *** Assertion failed: IoWorkItem->Size == sizeof( IO_WORKITEM ) *** Source File: d:\xpsp\base\ntos\io\iomgr\misc.c, line 965 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i FSTUB: disk 89F9FAB8 failed to report geometry. FSTUB: disk 89F9FAB8 failed to report geometry. *** Assertion failed: (MemoryDescriptorList->MdlFlags & ( MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL | MDL_PARTIAL_HAS_BEEN_MAPPED)) == 0 *** Source File: d:\xpsp\base\ntos\mm\iosup.c, line 4412 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i *** Assertion failed: (MemoryDescriptorList->MdlFlags & ( MDL_PAGES_LOCKED | MDL_PARTIAL)) != 0 *** Source File: d:\xpsp\base\ntos\mm\iosup.c, line 4416 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i i MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\drivers\dxg.sys, Address 0xbf000000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati2dvag.dll, Address 0xbf012000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati2cqag.dll, Address 0xbf062000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\atikvmag.dll, Address 0xbf106000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati2dvag.dll, Address 0xbf012000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati2cqag.dll, Address 0xbf062000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\atikvmag.dll, Address 0xbf106000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati2dvag.dll, Address 0xbf012000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati2cqag.dll, Address 0xbf062000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\atikvmag.dll, Address 0xbf106000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\atiok3x2.dll, Address 0xbf1fb000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ati3duag.dll, Address 0xbf29c000 MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\ativvaxx.dll, Address 0xbf9c3000 *** Fatal System Error: 0x0000007f (0x00000008,0xBA368D70,0x00000000,0x00000000) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows XP 2600 x86 compatible target at (Mon Dec 26 10:33:30.453 2022 (UTC - 6:00)), ptr64 FALSE Loading Kernel Symbols ............................................................... ...........................WARNING: Process directory table base 89EC0060 doesn't match CR3 006FC000 WARNING: Process directory table base 89EC0060 doesn't match CR3 006FC000 ........... Loading User Symbols ........ Loading unloaded module list .......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, ba368d70, 0, 0} *** ERROR: Module load completed but symbols could not be loaded for NVMe.sys *** ERROR: Symbol file could not be found. Defaulted to export symbols for storport.sys - *** ERROR: Module load completed but symbols could not be loaded for MirDisk.sys *** ERROR: Module load completed but symbols could not be loaded for ftdisk.sys *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys *** ERROR: Symbol file could not be found. Defaulted to export symbols for win32k.sys - *** ERROR: Symbol file could not be found. Defaulted to export symbols for ativvaxx.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for ati3duag.dll - *** ERROR: Module load completed but symbols could not be loaded for ati2dvag.dll *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys *** ERROR: Symbol file could not be found. Defaulted to export symbols for CSRSRV.dll - Probably caused by : NVMe.sys ( NVMe+13985 ) Followup: MachineOwner --------- nt!RtlpBreakWithStatusInstruction: 80ac37ec cc int 3 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 00000008, EXCEPTION_DOUBLE_FAULT Arg2: ba368d70 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_8 TSS: 00000028 -- (.tss 0x28) eax=ba294e60 ebx=8a006004 ecx=8a1c19ec edx=00000000 esi=8a1c19ec edi=00000000 eip=b9dcf985 esp=ba294e60 ebp=ba295908 iopl=0 vif nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00290286 NVMe+0x13985: b9dcf985 56 push esi Resetting default scope DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: csrss.exe ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre TRAP_FRAME: ba296224 -- (.trap 0xffffffffba296224) ErrCode = 00000000 eax=0000000f ebx=00000000 ecx=c1754400 edx=00000000 esi=ba296314 edi=8a019da8 eip=80b198af esp=ba296298 ebp=ba2962e4 iopl=0 vif nv up ei ng nz ac po cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00290293 nt!CcMapData+0x137: 80b198af 8a0c0a mov cl,byte ptr [edx+ecx] ds:0023:c1754400=eb Resetting default scope LAST_CONTROL_TRANSFER: from b9dcf5e5 to b9dcf985 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. ba295908 b9dcf5e5 89a90298 8a006004 8a1c19ec NVMe+0x13985 ba295930 b9df9672 8a006004 8a1c19ec ba29596c NVMe+0x135e5 ba295940 b9dfb1e6 8a14da90 8a1c19ec 89a90010 storport!DllInitialize+0x2e1 ba29596c b9dfb46a 8a14d9f0 89e78db8 00000000 storport!DllInitialize+0x1e55 ba295984 801055de 8a14d938 00000000 89a90064 storport!DllInitialize+0x20d9 ba2959ac b9dff0b6 00000000 8a14d938 89a90064 HAL3!HalBuildScatterGatherList+0x202 ba2959dc b9dfb506 8a14dba0 8a14d938 8a165fa0 storport!DllInitialize+0x5d25 ba295a1c b9dfb556 8a14dba0 00001000 ba295a4c storport!DllInitialize+0x2175 ba295a2c b9e093d8 8a14d9f0 89a90010 8a16da50 storport!DllInitialize+0x21c5 ba295a4c b9e00692 00000000 8a16da50 ba295a6c storport!StorPortExtendedFunction+0x5fcd ba295a8c b9e06d93 00e78d30 8a16da50 00000000 storport!DllInitialize+0x7301 ba295aac b9e09b29 89e78d30 8a16da50 8a16da50 storport!StorPortExtendedFunction+0x3988 ba295acc b9dff7ec 89e78d30 8a16da50 89e78c78 storport!StorPortExtendedFunction+0x671e ba295ae8 80a21c8d 89e78c78 8a16da50 8a16dae4 storport!DllInitialize+0x645b ba295b00 ba108fdd 00000000 895d2ac8 8a1c1940 nt!IopfCallDriver+0x51 ba295b14 ba108cdc 8a1c1940 8a218b70 895d2c10 CLASSPNP!SubmitTransferPacket+0x82 ba295b44 ba108dcd 00001000 00001000 8a218ab8 CLASSPNP!ServiceTransferRequest+0xe4 ba295b68 80a21c8d 8a218ab8 00000000 895d2c10 CLASSPNP!ClassReadWrite+0xff ba295b80 ba341b6e 89f73118 895d2ac8 00000000 nt!IopfCallDriver+0x51 ba295b94 80a21c8d 89f73118 895d2ac8 89fa8510 MirDisk+0x1b6e ba295bac ba3388bb 00000000 8a1ec170 ba295bf0 nt!IopfCallDriver+0x51 ba295bbc 80a21c8d 89fa8510 895d2ac8 895d2ac8 PartMgr!PmReadWrite+0x2f ba295bd4 b9e881c6 89fa9ba0 895d2ac8 00000000 nt!IopfCallDriver+0x51 ba295bf0 80a21c8d 89fa9ba0 895d2ac8 89b4ad80 ftdisk+0x11c6 ba295c08 ba0e851a 8a1ef2b8 8a1ef2b8 ba295c40 nt!IopfCallDriver+0x51 ba295c18 80a21c8d 89b4ad80 895d2ac8 899c0100 VolSnap!VolSnapRead+0x26 ba295c30 b9bef1c3 ba295f14 895d2ac8 ba295e20 nt!IopfCallDriver+0x51 ba295c40 b9beed26 ba295f14 89b4ad80 c0a94000 Ntfs+0x11c3 ba295e20 b9bf16f6 ba295f14 895d2ac8 89a93e68 Ntfs+0xd26 ba295f00 b9bf100a ba295f14 895d2ac8 00000001 Ntfs+0x36f6 ba2960b0 80a21c8d 899c0020 895d2ac8 89ea5938 Ntfs+0x300a ba2960e8 80a22cab 00000000 8a165f78 8a165f68 nt!IopfCallDriver+0x51 ba2960fc 80a22cd3 89ea5938 8a165f09 8a165f80 nt!IopPageReadInternal+0xf3 ba29611c 80a7eecb 89ab2ea8 8a165fa0 8a165f80 nt!IoPageRead+0x1b ba2961a0 80aa5374 c0033333 c1754400 c060baa0 nt!MiDispatchFault+0x691 ba29620c 80ae20a8 00000000 c1754400 00000000 nt!MmAccessFault+0xdde ba29620c 80b198af 00000000 c1754400 00000000 nt!KiTrap0E+0xdc ba2962e4 b9c14a6e 89ab2ea8 ba296314 00000400 nt!CcMapData+0x137 ba296304 b9c14c89 895f2330 89a93e68 00a94400 Ntfs+0x26a6e ba296378 b9c14b96 895f2330 899c0100 e19d5010 Ntfs+0x26c89 ba2963b0 b9c14aed 895f2330 899c0100 e19d5010 Ntfs+0x26b96 ba2963e8 b9c2373d 895f2330 e19d5008 e19d5010 Ntfs+0x26aed ba296498 b9c2335c 895f2330 00000001 e19d5008 Ntfs+0x3573d ba296570 b9c236f5 895f2330 895d2c88 895d2e18 Ntfs+0x3535c ba2967c8 b9c13f2d 895f2330 895d2c88 ba296820 Ntfs+0x356f5 ba2968ac 80a21c8d 899c0020 895d2c88 895d2c88 Ntfs+0x25f2d ba296910 80b42450 89fa9b88 80102524 896f2900 nt!IopfCallDriver+0x51 ba2969f8 80bbe888 89fa9ba0 00000000 896f2878 nt!IopParseDevice+0xb6a ba296a70 80bb8c28 00000000 ba296ab0 00000240 nt!ObpLookupObjectName+0x590 ba296ac4 80b2f75d 00000000 00000000 8e000100 nt!ObOpenObjectByName+0x140 ba296b40 80b302ca ba296c8c 001200a9 ba296c60 nt!IopCreateFile+0x43b ba296ba0 bf8b669c ba296c8c 001200a9 ba296c60 nt!IoCreateFile+0xd4 ba296eac bf8a6697 e17b0bb0 ba296ec8 00000000 win32k!EngGradientFill+0x7a7e ba296ee8 bf8a88d9 e17b0bb0 e15f8ea8 00000000 win32k!EngQuerySystemAttribute+0xa03 ba296f1c bf8a884e e160ee60 00000000 ba296f90 win32k!EngLoadModule+0x9a ba296f2c bf9cb690 e160ee60 00000000 00006779 win32k!EngLoadModule+0xf ba296f90 bf9f5850 bf9f3fb0 0000001a 0000000c ativvaxx!vMMDLLInitFuncs+0x8290 ba297144 bf9f405f 0000001e 0000174b e1014b70 ativvaxx!vMMDLLInitFuncs+0x32450 ba29716c bf9f152f e151b720 e19d42a8 bf9e711c ativvaxx!vMMDLLInitFuncs+0x30c5f ba297188 bf9dda9a e15a7978 00000018 e15a7978 ativvaxx!vMMDLLInitFuncs+0x2e12f ba29719c bf9e3d85 e15a7978 00000000 00000000 ativvaxx!vMMDLLInitFuncs+0x1a69a ba2971bc bf9d2ae3 ba29723c e15a7978 ba297220 ativvaxx!vMMDLLInitFuncs+0x20985 ba2971cc bf9d2a5f ba29723c 00000000 ba29723c ativvaxx!vMMDLLInitFuncs+0xf6e3 ba297220 bf9c8b34 ba29723c e19b5010 00000000 ativvaxx!vMMDLLInitFuncs+0xf65f ba297308 bf9c9036 8978a040 e17ae080 e19b5010 ativvaxx!vMMDLLInitFuncs+0x5734 ba297324 bf9c8fdc 8978a040 e19b5010 e19b5010 ativvaxx!vMMDLLInitFuncs+0x5c36 ba297338 bf29fb97 8978a040 e17ae080 e19b5010 ativvaxx!vMMDLLInitFuncs+0x5bdc ba297380 bf2a5764 e17a8754 e19c5414 e17a878c ati3duag!bDdHslVideoMemoryFree+0x22e7 ba2975b8 bf29c842 e17a8754 e17ae080 e17a8754 ati3duag!bDdHslVideoMemoryFree+0x7eb4 ba2975d0 bf029b09 e17ae080 e1e414e0 8978a040 ati3duag!bDD4DISPInitDD+0x72 ba2975f8 bf02a070 e17ae080 e1e414e0 8978a040 ati2dvag+0x17b09 ba297970 bf8a6248 e17ae080 e17a8754 ba2979fc ati2dvag+0x18070 ba2979c0 bf008af2 e17ae080 e17a8754 ba2979fc win32k!EngQuerySystemAttribute+0x5b4 ba297a08 bf009033 00000001 e155b9b0 ba297a90 dxg!vDdEnableDriver+0x8a ba297a24 bf888f12 e17a8008 00000001 e160e220 dxg!DxDdEnableDirectDraw+0xbf STACK_COMMAND: .tss 0x28 ; kb FOLLOWUP_IP: NVMe+13985 b9dcf985 56 push esi SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: NVMe+13985 FOLLOWUP_NAME: MachineOwner MODULE_NAME: NVMe IMAGE_NAME: NVMe.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5cddb429 IMAGE_VERSION: 1.1.0.0 FAILURE_BUCKET_ID: 0x7f_8_NVMe+13985 BUCKET_ID: 0x7f_8_NVMe+13985 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_nvme+13985 FAILURE_ID_HASH: {c3920122-be04-796f-ddfc-551749dc2667} Followup: MachineOwner --------- 3: kd> lmvm NVMe start end module name b9dbc000 b9ddd000 NVMe (no symbols) Loaded symbol image file: NVMe.sys Image path: NVMe.sys Image name: NVMe.sys Timestamp: Thu May 16 14:04:09 2019 (5CDDB429) CheckSum: 0002261D ImageSize: 00021000 File version: 1.1.0.0 Product version: 1.1.0.0 File flags: A (Mask 3F) Pre-release Private File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: qwerty ProductName: NVMe Miniport Module InternalName: nvme.sys OriginalFilename: nvme.sys ProductVersion: 1.1.0.0 FileVersion: 1.1.0.0 FileDescription: NVMe Storport Miniport Driver - x86 3: kd> .tss 0x28 eax=ba294e60 ebx=8a006004 ecx=8a1c19ec edx=00000000 esi=8a1c19ec edi=00000000 eip=b9dcf985 esp=ba294e60 ebp=ba295908 iopl=0 vif nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00290286 NVMe+0x13985: b9dcf985 56 push esi Edited December 26, 2022 by Andalu 1
Dietmar Posted December 26, 2022 Posted December 26, 2022 (edited) @Andalu So, now we know for sure, that it is the nvme.sys driver. You can edit the driver entry for nvme with the trick from @Mov AX, 0xDEAD. With IDA Pro change in driverentry of nvme.sys the first bytes against EB FE which gives an endless loop. Hit "break" in windbg. You are at the driverentry, see the EB FE. Then you can change (in the to memory loaded nvme.sys driver) those 2 bytes back to its original ones. At the driver entry of nvme.sys hit again and again "t" until the Bsod. Then, you will get the reason for Kernel Trap (example division by zero) Dietmar PS: Send me this whole nvme driver. I will test also on my compis. Edited December 26, 2022 by Dietmar
Dietmar Posted December 26, 2022 Posted December 26, 2022 @Andalu On the Asrock z370 k6 board, this nvme.sys driver works for me. No Bsod. I test Optane 900p, Samsung 960Pro, Samsung 970 Pro, Toshiba RD400. I use my original XP SP3 german CD with ntoskrn8.sys from Ramsey and all the storport.sys from Ramsey. My Nvidia driver is 344.11-desktop-winxp-32bit-international.exe , from which I think, that it is the best Dietmar PS: Now I try the Asrock z690 Extreme board.
Dietmar Posted December 26, 2022 Posted December 26, 2022 (edited) @Andalu No Bsod on the Asrock Extreme z690 board with 12900k cpu. I test also Intel Optane 905P, Intel 750 Series and Samsung 950Pro. All work. Nice driver. Now I make a try with install of XP of pur Ramsey XP to the 970 Pro on the Asrock Extreme z690 Dietmar PS: First I change in Ramsey XP the acpi.sys to my very laast version with SHA-1 80EE71969EC13FBBC091A17C4A1C8534D3FECA0C EDIT: Ultrafast install of XP, less than 7min. But on last reboot I get the same Bsod 7F as you Edited December 26, 2022 by Dietmar
Dietmar Posted December 26, 2022 Posted December 26, 2022 @Andalu I change the HIVE system from the working XP to the XP with Bsod 7F. On reboot I get the same Bsod 7F. But in "Safe Mode" I get this strange message, have never seen before, and then reboot Dietmar
Dietmar Posted December 26, 2022 Posted December 26, 2022 @Andalu The Bsod seems to be: ACPI_FAILED_PIC_METHOD Dietmar
Andalu Posted December 26, 2022 Posted December 26, 2022 (edited) @Dietmar I, too, would like to get to that information but still haven't figured out how to proceed after changing the first byte in DriverEntry to EB FE: what commands to give, when to give the 'Break', and how "Then you can change (in the to memory loaded nvme.sys driver) those 2 bytes back to its original ones." Never got that message. EDIT: I arrived here: Quote Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86 Copyright (c) Microsoft Corporation. All rights reserved. Using NET for debugging Opened WinSock 2.0 Waiting to reconnect... Connected to target 192.168.1.3 on port 50000 on local IP 192.168.1.1. Connected to Windows XP 2600 x86 compatible target at (Mon Dec 26 17:21:55.015 2022 (UTC - 6:00)), ptr64 FALSE Kernel Debugger connection established. ************* Symbol Path validation summary ************** Response Time (ms) Location OK C:\ACPI\Symbolssss Deferred srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: C:\ACPI\Symbolssss;srv*c:\ACPI\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible Built by: 2600.xpsp.080413-2133 Machine Name: Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8 System Uptime: not available Break instruction exception - code 80000003 (first chance) nt!DbgBreakPoint: 80ac37e0 cc int 3 kd> lm start end module name 80100000 80127780 HAL3 (pdb symbols) c:\acpi\symbolssss\DLL\halmacpi.pdb 80a02000 80da3000 nt (pdb symbols) c:\acpi\symbolssss\exe\ntkrpamp.pdb kd> sxe ld nvme.sys kd> g MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F nt!DebugService2+0x10: 80acb77a cc int 3 kd> sxe ld nvme.sys kd> g MTRR feature disabled. KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled KiInitializeMTRR: OS support for MTRRs disabled *** Assertion failed: IopInitHalResources == NULL *** Source File: d:\xpsp\base\ntos\io\pnpmgr\pnpinit.c, line 1455 Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? t Break instruction exception - code 80000003 (first chance) ******************************************************************************* * * * You are seeing this message because you pressed either * * CTRL+C (if you run console kernel debugger) or, * * CTRL+BREAK (if you run GUI kernel debugger), * * on your debugger machine's keyboard. * * * * THIS IS NOT A BUG OR A SYSTEM CRASH * * * * If you did not intend to break into the debugger, press the "g" key, then * * press the "Enter" key now. This message might immediately reappear. If it * * does, press "g" and "Enter" again. * * * ******************************************************************************* nt!RtlpBreakWithStatusInstruction: 80ac37ec cc int 3 Edited December 26, 2022 by Andalu
Dietmar Posted December 26, 2022 Posted December 26, 2022 @Mov AX, 0xDEAD @Andalu I succeed to see the endless running bar, when I change at driverentry of nvme.sys the first 2 bytes against EB FE. But I cant Pause windbg. With hitting "pause", nothing happens, endless bar continues. But when I hit break, I come back to the point, from where I started. @Mov AX, 0xDEAD any idea, how I can stop the endless running bar, but do not loose the EIP for the driverentry of nvme.sys Dietmar
Mov AX, 0xDEAD Posted December 26, 2022 Author Posted December 26, 2022 16 minutes ago, Dietmar said: @Mov AX, 0xDEAD any idea, how I can stop the endless running bar, but do not loose the EIP for the driverentry of nvme.sys @Dietmar try to disable multi-threads, but it changed OS behaviour boot.ini : /ONECPU
Dietmar Posted December 26, 2022 Posted December 26, 2022 @Mov AX, 0xDEAD Here is the output from acpi LOG. May be, that there cant be enabled an IRQ for the nvme device. For wish from @Andalu, I changed the original driver name to nvme everywhere Dietmar https://ufile.io/kwwj7fx8
Mov AX, 0xDEAD Posted December 26, 2022 Author Posted December 26, 2022 (edited) Quote Indicates that an exception occurs during a call to the handler for a prior exception. Typically, the two exceptions are handled serially. However, there are several exceptions that cannot be handled serially, and in this situation the processor signals a double fault. There are two common causes of a Double Fault: 1. A kernel stack overflow. This overflow occurs when a guard page is hit, and the kernel tries to push a trap frame. Because there is no stack left, a stack overflow results, causing the double fault. If you think this has occurred, use !thread to determine the stack limits, and then use kb (Display Stack Backtrace) with a large parameter (for example, kb 100) to display the full stack. 2. The other common cause is a hardware problem. Quote eax=ba294e60 ebx=8a006004 ecx=8a1c19ec edx=00000000 esi=8a1c19ec edi=00000000 eip=b9dcf985 esp=ba294e60 ebp=ba295908 iopl=0 vif nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00290286 NVMe+0x13985: b9dcf985 56 push esi Seems stack problem, driver push esi to memory at 0xba294e60, but this memory is paged/unavailable and kernel get double fault case EDIT: 0xba294e60 is not aligned to 4K, so there is no stack overflow issue, windbg probably failed to show exact opcode position Example at acpi:DriverEntry(): Quote 1: kd> !thread THREAD 81bca720 Cid 0004.0008 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1 Not impersonating DeviceMap e1003958 Owning Process 0 Image: <Unknown> Attached Process 81bcaa00 Image: System Wait Start TickCount 33 Ticks: 2 (0:00:00:00.031) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.484 Start Address nt!Phase1Initialization (0x8069790c) Stack Init f9dc1000 Current f9dc07d4 Base f9dc1000 Limit f9dbe000 Call 0 1: kd> r eax=ffff78c3 ebx=81be8030 ecx=0000bb40 edx=80554000 esi=00000000 edi=81be9828 eip=f9892d86 esp=f9dc05f0 ebp=f9dc062c iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206 ACPI!DriverEntry: f9892d86 8bff mov edi,edi stack pool size = f9dc1000 - f9dbe000 = 3 * 4K =12kb currently used = f9dc1000 - f9dc07d4 = 0x82C bytes = 2kb why esp <> Current f9dc07d4 i don't know Edited December 26, 2022 by Mov AX, 0xDEAD
Dietmar Posted December 26, 2022 Posted December 26, 2022 (edited) @Mov AX, 0xDEAD I found this place of Bsod in the nvme driver Dietmar PS: @Andalu can send to you the "Source" Code in Assembler. .text:00413976 ; =============== S U B R O U T I N E ======================================= .text:00413976 .text:00413976 ; Attributes: bp-based frame .text:00413976 .text:00413976 sub_413976 proc near ; CODE XREF: sub_401000+57p .text:00413976 ; sub_40173C+38p ... .text:00413976 .text:00413976 var_AA8 = byte ptr -0AA8h .text:00413976 arg_0 = dword ptr 8 .text:00413976 arg_4 = dword ptr 0Ch .text:00413976 arg_8 = dword ptr 10h .text:00413976 .text:00413976 push ebp .text:00413977 mov ebp, esp .text:00413979 sub esp, 0AA8h .text:0041397F lea eax, [ebp+var_AA8] .text:00413985 push esi .text:00413986 push edi .text:00413987 push 0AA8h .text:0041398C push 0 .text:0041398E push eax .text:0041398F call sub_4145B0 .text:00413994 mov edx, [ebp+arg_0] .text:00413997 lea esi, [ebp+var_AA8] .text:0041399D mov eax, [ebp+arg_4] .text:004139A0 add esp, 0Ch .text:004139A3 mov ecx, 2AAh .text:004139A8 mov edi, edx .text:004139AA rep movsd .text:004139AC mov [edx], eax .text:004139AE mov eax, [ebp+arg_8] .text:004139B1 pop edi .text:004139B2 mov [edx+4], eax .text:004139B5 mov dword ptr [edx+0Ch], 1 .text:004139BC pop esi .text:004139BD leave .text:004139BE retn 0Ch .text:004139BE sub_413976 endp .text:004139BE .text:004139BE ; --------------------------------------------------------------------------- .text:004139C1 align 10h .text:004139D0 Edited December 26, 2022 by Dietmar
Dietmar Posted December 27, 2022 Posted December 27, 2022 @Andalu I noticed, that there are errors in your script Options Menu (rxrepl) (MOD x NVMe).cmd . So I make a try with the script from Ramsey and just rename your driver nvme.sys ==> stornvme.sys and copy it in the patch folder for the Microsoft stornvme driver. This overcomes any error in the *.inf definition, because windbg tells me, that acpi cant decide, if it is APIC mode or ACPI mode for the IRQs. I remember that a problem happens with registry entries for MSI. Ok, so with faked stornvme.sys install of Ramsey XP starts. But exact on laast reboot comes the same error Bsod 7F. I think, that it has to do with a problem for to find the correct IRQ for this nvme driver Dietmar PS: Now I start the same fake methode with my german XP SP3 xp.iso, but modded with ramsey.
Dietmar Posted December 27, 2022 Posted December 27, 2022 @Andalu I use for my original XP SP3 xp.iso only my laast free acpi.sys and your nvme driver in clothes for stornvme in Ramsey Integrator. This works. Ultrafast install of this XP in 6 min, boottime to full Desktop with the Samsung 970 Pro is 9 sec. So, may be there is really an IRQ conflict on Setup, which XP cant solve Dietmar
Dietmar Posted December 27, 2022 Posted December 27, 2022 @Andalu I make the same with original Ramsey xp.iso settings in Integrator v3.4.1.11 Options Menu (rxrepl).cmd Customized Option; 2,5 (my laast free acpi.sys and your nvme.sys only) with your nvme.sys ==> stornvme.sys clothes. This gives again Bsod F7 Dietmar PS: Now I check in windows\system32\config the entries in HIVE system against may working ones.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now