Mov AX, 0xDEAD Posted January 8, 2023 Author Posted January 8, 2023 Hi All x64 acpi.sys BSOD 0x000000a5 (..., ..., C0000034, ...) workaround is ready, not published, need more testers. Solved problem with postponed SSDT table loading 3
Dietmar Posted January 8, 2023 Posted January 8, 2023 (edited) There are even more good news about XP SP2 bit 64. Now we have brandnew acpi.sys, intelppm.sys and hal.dll. The timer problem is gone, the big powerconsumption from 54 watt ==> 1.6 Watt on 0% load and the crazy Bsod C0000034, which needs hard work as much as possible with interpreting results of Windbg over COM1 connection Dietmar Edited January 8, 2023 by Dietmar 2
Dietmar Posted January 8, 2023 Posted January 8, 2023 (edited) Here is the patch for hal.dll 5.2.3790.6912 (srv03_sp2_qfe.190711-0601) XP SP2 bit64 , which solves the timer problem Modd vs original 138: 2C B4 139: F3 7A 38881: EB 73 40186: EB 73 Edited January 9, 2023 by Dietmar 1
Dietmar Posted January 8, 2023 Posted January 8, 2023 (edited) And here is the patch for intelppm.sys version 5.2.3790.4143 (srv03_sp2_qfe.070831-1432) Modd vs original 128: CC 4E 129: 7B FC 12A: 01 00 65F2: 4A 8A 65F9: 43 03 65FA: A1 A2 7C1E: 1E 5E 7CD3: 69 29 7CD4: 8A 8B Dietmar Edited January 9, 2023 by Dietmar 1
Mov AX, 0xDEAD Posted January 10, 2023 Author Posted January 10, 2023 Hi All I found serious issue with compiled ACPI.SYS for x64 platform - mismatched kernel headers, e.g. ke.h We have two version of .h files: 1) Leaked W2003 source tree 2) W2003 Windows Research Kernel(WRK) None of these two options match official XP/W2003 x64 SP2 kernels. Issue in the fact is that acpi.sys reads incorrect fields of windows threads. For fixing this issue need to review kernel headers and change it to match MS official x64 kernels
Dietmar Posted January 10, 2023 Posted January 10, 2023 Hi, what does this mean for the acpi.sys for x64 SP2 and can I help you with testing Dietmar
Mov AX, 0xDEAD Posted January 10, 2023 Author Posted January 10, 2023 (edited) 23 minutes ago, Dietmar said: what does this mean for the acpi.sys for x64 SP2 and can I help you with testing This mean this acpi.sys x64 can be used only with kernel, compiled from W2003 RTM or WRK. It run with XP SP2 too, but it may read/write wrong values of kernel structs - process/thread/peb/teb/... Real x64 SP2 decompiled header, struct _KTHREAD, what KeGetCurrentThread() returns: Quote struct _LIST_ENTRY QueueListEntry;// Offset=0x1b8 Size=0x10 struct _KTRAP_FRAME *TrapFrame;// Offset=0x1c8 Size=0x8 void *CallbackStack;// Offset=0x1d0 Size=0x8 unsigned char ApcStateIndex;// Offset=0x1d8 Size=0x1 unsigned char IdealProcessor;// Offset=0x1d9 Size=0x1 unsigned char Preempted;// Offset=0x1da Size=0x1 unsigned char ProcessReadyQueue;// Offset=0x1db Size=0x1 unsigned char KernelStackResident;// Offset=0x1dc Size=0x1 char BasePriority;// Offset=0x1dd Size=0x1 char PriorityDecrement;// Offset=0x1de Size=0x1 char Saturation;// Offset=0x1df Size=0x1 w2003 rtm: Quote LIST_ENTRY QueueListEntry; UCHAR ApcStateIndex; BOOLEAN ApcQueueable; BOOLEAN Preempted; BOOLEAN ProcessReadyQueue; BOOLEAN KernelStackResident; CHAR Saturation; w2003 WRK: Quote LIST_ENTRY QueueListEntry; PKTRAP_FRAME TrapFrame; PVOID CallbackStack; PVOID ServiceTable; #if defined(_AMD64_) ULONG KernelLimit; #endif UCHAR ApcStateIndex; UCHAR IdealProcessor; BOOLEAN Preempted; BOOLEAN ProcessReadyQueue; #if defined(_AMD64_) PVOID Win32kTable; ULONG Win32kLimit; #endif BOOLEAN KernelStackResident; SCHAR BasePriority; SCHAR PriorityDecrement; CHAR Saturation; Edited January 10, 2023 by Mov AX, 0xDEAD
Dietmar Posted January 10, 2023 Posted January 10, 2023 (edited) @Mov AX, 0xDEAD Does the Bsod 0xC0000034 with the HIDD device in XP SP2 bit64 and load only one SSDT table instead of all, belongs to this Dietmar PS: I just compare the ke.h from Sources for XP SP1 with the ke.h of the Win2k3 Sources. There are differences. Edited January 10, 2023 by Dietmar
Mov AX, 0xDEAD Posted January 10, 2023 Author Posted January 10, 2023 12 minutes ago, Dietmar said: PS: I just compare the ke.h from Sources for XP SP1 with the ke.h of the Win2k3 Sources. XP SP1 used only for x32 XP compilation, no point compare with w2003 sorces w2003 soures used for compilation w2003 x32/w2003 x64/XP x64
Mov AX, 0xDEAD Posted January 10, 2023 Author Posted January 10, 2023 (edited) structs_acpi.txt - compiled structs (KTHREAD already reverted) structs_kernel.txt - structs from real ntkrnlmp.exe 5.2.3790.3959 most important kernel things match(TEB/PEB//ETHREAD/KTHREAD), but need to look at all structs_acpi.txt structs_kernel.txt p.s. many kernels structs missed at structs_kernel.txt(.pdb is not full), so this is not 100% way to find mismatches Edited January 10, 2023 by Mov AX, 0xDEAD 1
Mov AX, 0xDEAD Posted January 11, 2023 Author Posted January 11, 2023 (edited) On 1/8/2023 at 11:01 PM, Dietmar said: Here is the patch for hal.dll 5.2.3790.6912 (srv03_sp2_qfe.190711-0601) @Dietmar What is KB number with this update ? Edited January 11, 2023 by Mov AX, 0xDEAD
XPRTM Posted January 11, 2023 Posted January 11, 2023 ^ KB4512787. Check this thread: https://msfn.org/board/topic/182599-nt-5x-windows-update-urls-dump-inc-custom-support-updates/
Dietmar Posted January 11, 2023 Posted January 11, 2023 @Mov AX, 0xDEAD Very interesting, what the header structure tells in this very last update of XP SP2 bit 64 Dietmar
Mov AX, 0xDEAD Posted January 11, 2023 Author Posted January 11, 2023 (edited) 1 hour ago, Dietmar said: @Mov AX, 0xDEAD what the header structure tells in this very last update of XP SP2 bit 64 I think same as first release of SP2 x64 Small updates of ntoskrnl.exe doesn't change .h fields Fields usual changed between sevice packs, so almost files recompiled because kernel offset changes W2003 x64 rtm headers from leak are too old, we need WRK() as base and additional patches to match SP2 kernel I suprised why WRK is not same as SP2, official description: Quote WRK v1.2 includes most of the NTOS kernel sources from the latest released version of Windows, which supports the AMD64 architecture on the Desktop. The kernel sources excluded from the kit are primarily in the areas of plug-and-play, power management, the device verifier, kernel debugger interface, and virtual dos machine. The primary modifications to WRK from the released kernel are related to cleanup and removal of server support, such as code related to the Intel IA64. p.s. WRK is 2003 SP1 sources Edited January 11, 2023 by Mov AX, 0xDEAD 1
canonkong Posted January 12, 2023 Posted January 12, 2023 (edited) Here is some souce code about Intel AMI BIOS: Foxconn: https://github.com/killvxk/LoginDemo/tree/master kabylake: https://github.com/raywu-aaeon/KabyLake_DW08 IceLake-SP: https://github.com/liuwei142536/hamburger_Bios Maybe can help us to modify the bios. Edited January 12, 2023 by canonkong
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now