Dietmar Posted March 1 Posted March 1 @reboot12 Here is new driver and new KD block with settings special for your Industrial board. Please continue with hitting "g", so that your compi comes to desktop and we can see traffic Dietmar https://www.upload.ee/files/19120778/i219v50.zip.html !sym quiet sxd ud bc * bu i219!I219TxRxStart "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXRXSTART; dd @$t1+0x0008 L1; dd @$t1+0x0f28 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXRECLAIM; dd @$t1+0x0008 L1; dd @$t1+0x0f28 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; dd @$t1+0x3810 L2; gc" g
Dietmar Posted March 1 Posted March 1 @reboot12 Win10 helps a lot. Now please use this KD block. Because I notice starnge behavior of this driver, means cut connection, you always have to start compi new Dietmar bc * bu i219!I219TxSendOne "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXONE; dd @$t1+0x0008 L1; dd @$t1+0x0f28 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXRECLAIM; dd @$t1+0x0008 L1; dd @$t1+0x0f28 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g
reboot12 Posted March 1 Posted March 1 (edited) @Dietmar i219v50 cut - https://pastebin.com/eMcWyGzy ping i219 to router make data in WinDBG: TXONE b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000015 b9788828 0341001f b9788840 20000403 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000015 b9788828 0341001f b9788840 20000403 TXONE b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000016 b9788828 0341001f b9788840 20000403 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000016 b9788828 0341001f b9788840 20000403 TXONE b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000017 b9788828 0341001f b9788840 20000403 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000017 b9788828 0341001f b9788840 20000403 TXONE b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000018 b9788828 0341001f b9788840 20000403 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000018 b9788828 0341001f b9788840 20000403 ping from other PC to i219: TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000000 b9788828 0341001f b9788840 20000403 vs7_4_1g_megate_v50: TX watchdog repair regs TDH=00000000 TDT=00000000 TCTL=0104010a TXDCTL=0341001f DMATXCTL=00000000 TDBAL=0ab63000 TDLEN=00000200 TARC0=20000403 IOSFPC=01011108 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000000 b9788828 0341001f b9788840 20000403 vs7_4_1g_megate_v50: TX watchdog repair regs TDH=00000000 TDT=00000000 TCTL=0104010a TXDCTL=0341001f DMATXCTL=00000000 TDBAL=0ab63000 TDLEN=00000200 TARC0=20000403 IOSFPC=01011108 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000000 b9788828 0341001f b9788840 20000403 vs7_4_1g_megate_v50: TX watchdog repair regs TDH=00000000 TDT=00000000 TCTL=0104010a TXDCTL=0341001f DMATXCTL=00000000 TDBAL=0ab63000 TDLEN=00000200 TARC0=20000403 IOSFPC=01011108 TXRECLAIM b9785008 00080603 b9785f28 01011108 b9788410 00000d00 00000000 00000d02 00000000 b9788420 00000d00 b9788810 00000000 b9788818 00000000 b9788828 0341001f b9788840 20000403 vs7_4_1g_megate_v50: TX watchdog repair regs TDH=00000000 TDT=00000000 TCTL=0104010a TXDCTL=0341001f DMATXCTL=00000000 TDBAL=0ab63000 TDLEN=00000200 TARC0=20000403 IOSFPC=01011108 Edited March 1 by reboot12
reboot12 Posted March 1 Posted March 1 (edited) @Dietmar But connection reseting (unpluged and plugged cable info) and no data in WinDbg if ping from i219 to router Edited March 1 by reboot12
Dietmar Posted March 1 Posted March 1 @reboot12 On v50, your colleague already has the same key TX setup as your working machine: IOSFPC = 01011108 TXDCTL = 0341001f TARC0 = 20000403 So the Win10-inspired register pattern itself is in place. So, we need to look for an changing TDH. Use this KD block and type "g" until desktop. You have to start before this KD block compi new, not unplug lan cable Dietmar bc * bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); r $t2=(poi(@$t1+0x4a80)|1); ed @$t1+0x4a80 @$t2; .echo FORCE_DMATXCTL; dd @$t1+0x4a80 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g
reboot12 Posted March 1 Posted March 1 @Dietmar i219v50 next I Break because probably same data in loop - https://pastebin.com/3qGpibJs
Dietmar Posted March 1 Posted March 1 @reboot12 Next KD block Dietmar bc * bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXCHK; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x4a80 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g
Dietmar Posted March 1 Posted March 1 (edited) @reboot12 Here comes next driver with some funtamental changes and test KD block until desktop via hit "g" good luck Dietmar https://www.upload.ee/files/19121064/i219v51.zip.html bc * bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXCHK3590; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g and this bc * bu i219!I219TxProgramUnit "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXPROG; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxSendOne "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXONE; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXRECLAIM; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g and this bc * bu i219!I219TxProgramUnit "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); r $t2=(poi(@$t1+0x3590)|1); ed @$t1+0x3590 @$t2; .echo FORCE3590; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxSendOne "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXONE; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXRECLAIM; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g Edited March 1 by Dietmar
reboot12 Posted March 1 Posted March 1 (edited) @Dietmar i219v51 1 - https://pastebin.com/JsurLkSg i219v51 2 - https://pastebin.com/aD4WEqtH i219v51 3 - https://pastebin.com/HvihJ62k Edited March 1 by reboot12
Dietmar Posted March 1 Posted March 1 @reboot12 Next KD block. test during running ping to router and ping to compi each other Dietmar 0: kd> bc * 0: kd> bu i219!I219TxWatchdog "r $t9=poi(@esp); .echo SKIP_TXWD; r eip=@$t9; r esp=@esp+4; gc" 0: kd> bu i219!I219TxSendOne ".if (poi(@esp+4)==0) { gc } .else { r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .if (@$t1==0) { gc } .else { .echo TXONE_NOWD; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc } }" 0: kd> bu i219!I219TxReclaim ".if (poi(@esp+4)==0) { gc } .else { r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .if (@$t1==0) { gc } .else { .echo TXRECLAIM_NOWD; dd @$t1+0x3590 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc } }" 0: kd> g
reboot12 Posted March 1 Posted March 1 @Dietmar i219v51 next - BSOD D1 - https://pastebin.com/WiZsb85N
Dietmar Posted March 1 Posted March 1 @reboot12 then this !sym quiet .reload /f i219.sys sxd ud bc * r $t9=1 bu i219!I219TxProgramUnit " r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .printf \"TXPROG A=%p R=%p\n\", @$t0, @$t1; .if (@$t9) { r $t2=(poi(@$t1+0x3590)|1); ed @$t1+0x3590 @$t2; .echo FORCE3590; } dd @$t1+0x0008 L1; r $t3=(poi(@$t1+0x0008) & 0x40000000); .printf \"BM_BIT=%08x\n\", @$t3; dd @$t1+0x3590 L4; dd @$t1+0x4a80 L4; dd @$t1+0x5b54 L2; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc " bu i219!I219TxSendOne " r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .printf \"TXONE A=%p R=%p\n\", @$t0, @$t1; dd @$t1+0x0008 L1; r $t3=(poi(@$t1+0x0008) & 0x40000000); .printf \"BM_BIT=%08x\n\", @$t3; dd @$t1+0x3590 L4; dd @$t1+0x4a80 L4; dd @$t1+0x5b54 L2; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc " bu i219!I219TxReclaim " r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .printf \"TXRECL A=%p R=%p\n\", @$t0, @$t1; dd @$t1+0x0008 L1; r $t3=(poi(@$t1+0x0008) & 0x40000000); .printf \"BM_BIT=%08x\n\", @$t3; dd @$t1+0x3590 L4; dd @$t1+0x4a80 L4; dd @$t1+0x5b54 L2; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc " g and this bc * bu i219!I219DoCtrlKickLate "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo CTRLKICK; ? (poi(@$t1+0x0008)&0x40000000); ? (poi(@$t1+0x5b54)&0x01000000); dd @$t1+0x0008 L1; dd @$t1+0x5b00 L1; dd @$t1+0x5b50 L3; dd @$t1+0x3590 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxProgramUnit "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXPROG; ? (poi(@$t1+0x0008)&0x40000000); ? (poi(@$t1+0x5b54)&0x01000000); dd @$t1+0x0008 L1; dd @$t1+0x5b00 L1; dd @$t1+0x5b50 L3; dd @$t1+0x3590 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxSendOne "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXONE; ? (poi(@$t1+0x0008)&0x40000000); ? (poi(@$t1+0x5b54)&0x01000000); dd @$t1+0x0008 L1; dd @$t1+0x5b00 L1; dd @$t1+0x5b50 L3; dd @$t1+0x3590 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" bu i219!I219TxReclaim "r $t0=poi(@esp+4); r $t1=poi($t0+0xDC); .echo TXRECLAIM; ? (poi(@$t1+0x0008)&0x40000000); ? (poi(@$t1+0x5b54)&0x01000000); dd @$t1+0x0008 L1; dd @$t1+0x5b00 L1; dd @$t1+0x5b50 L3; dd @$t1+0x3590 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc" g
Dietmar Posted March 1 Posted March 1 @reboot12 And this 0: kd> bc * 0: kd> bu i219!I219TxSendOne ".if ((poi(@esp+4)==0) || (poi(@esp+4)<0x80000000)) { gc } .else { r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .if ((@$t1==0) || (@$t1<0x80000000)) { gc } .else { ed @$t1+0x4a80 00000001; ed @$t1+0x3828 0341001f; ed @$t1+0x3840 20000403; ed @$t1+0x3590 00000001; .echo TXFORCE4A80; dd @$t1+0x3590 L1; dd @$t1+0x4a80 L1; dd @$t1+0x5b54 L1; dd @$t1+0x5b58 L1; dd @$t1+0x0008 L1; dd @$t1+0x3410 L5; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc } }" 0: kd> bu i219!I219TxReclaim ".if ((poi(@esp+4)==0) || (poi(@esp+4)<0x80000000)) { gc } .else { r $t0=poi(@esp+4); r $t1=poi(@$t0+0xDC); .if ((@$t1==0) || (@$t1<0x80000000)) { gc } .else { .echo TXAFTER4A80; dd @$t1+0x3590 L1; dd @$t1+0x4a80 L1; dd @$t1+0x0008 L1; dd @$t1+0x3810 L1; dd @$t1+0x3818 L1; dd @$t1+0x3828 L1; dd @$t1+0x3840 L1; gc } }" 0: kd> g
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now