Jump to content

NDIS6 support for XP?


Damnation

Recommended Posts


@George King

There are 11 dependencies from  Intel Lan driver for i219 e1d6232.sys,

which have to be integrated in ntoskrn8.sys too

and then also the change of ntoskrnl.exe ---> ntoskrn8.sys in e1d6232.sys

Dietmar

PS: Maybe, that in this night we get a working NDIS6 driver for XP SP3.

Edited by Dietmar
Link to comment
Share on other sites

@Damnation

The link is for the same ntoskrn8.sys as before.

Do you already integrate the 11 functions which Dependency Walker shows for e1d6232.sys (only to ntoskrnl.exe)  into the new ntoskrn8.sys

and change name in e1d6232.sys from ntoskrnl.exe ---> ntoskrn8.sys

Dietmar

Link to comment
Share on other sites

I have compiled it, modded INF, fixed missing exports are redirected to ntoskrnx.exe (one kernel from One-Core-API) / ntoskrn8.sys.

 

@DietmarHere is 32bit driver to try 

i219.png

https://anonfiles.com/d9p63ec4y8/Ported_i219_driver_iso
Edited by George King
Link to comment
Share on other sites

@George King

The dependencies are all fullfilled,

but I got Bsod after installing this driver

Dietmar


Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Using NET for debugging
Opened WinSock 2.0
Waiting to reconnect...
Connected to target 192.168.2.102 on port 50000 on local IP 192.168.2.101.
Connected to Windows XP 2600 x86 compatible target at (Mon May  2 22:39:36.687 2022 (UTC + 2:00)), ptr64 FALSE
Kernel Debugger connection established.

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             C:\Symbols

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             C:\symbolssss
Symbol search path is: C:\symbolssss
Executable search path is: C:\Symbols
Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible
Built by: 2600.xpsp.080413-2133
Machine Name:
Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8
System Uptime: not available

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             E:\binaries.x86fre\Symbols

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             C:\Symbols

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             C:\symbolssss
OK                                             C:\symbols
OK                                             C:\symbolss
OK                                             C:\symbolsss
OK                                             E:\binaries.x86fre\Symbols
Deferred                                       https://msdl.microsoft.com/download/symbols
Deferred                                       srv*
Break instruction exception - code 80000003 (first chance)
nt!DbgBreakPoint:
80ac37e0 cc              int     3
kd> g
MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F
MTRR feature disabled.
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled
KiInitializeMTRR: OS support for MTRRs disabled

*** Assertion failed: NumberOfBytes != 0
***   Source File: d:\xpsp\base\ntos\ex\pool.c, line 1174

Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
i

*** Fatal System Error: 0x000000c2
                       (0x00000000,0x00000000,0x00000001,0xCD637052)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Mon May  2 22:39:48.875 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...................................................
Loading User Symbols

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {0, 0, 1, cd637052}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for msrpc.sys -
Probably caused by : msrpc.sys ( msrpc!I_RpcGetCompleteAndFreeRoutine+22 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
80ac37ec cc              int     3
11: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000000, The caller is requesting a zero byte pool allocation.
Arg2: 00000000, zero.
Arg3: 00000001, the pool type being allocated.
Arg4: cd637052, the pool tag being used.

Debugging Details:
------------------


FAULTING_IP:
msrpc!I_RpcGetCompleteAndFreeRoutine+22
b7673119 5d              pop     ebp

BUGCHECK_STR:  0xc2_0

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from 80a30d7b to 80ac37ec

STACK_TEXT:  
b84c70e8 80a30d7b 00000003 b84c7444 00000000 nt!RtlpBreakWithStatusInstruction
b84c7134 80a319e6 00000003 00000000 00000000 nt!KiBugCheckDebugBreak+0x19
b84c7514 80a31f77 000000c2 00000000 00000000 nt!KeBugCheck2+0x574
b84c7534 80aed772 000000c2 00000000 00000000 nt!KeBugCheckEx+0x1b
b84c75ac 80ad36a4 00000001 00000000 cd637052 nt!ExAllocatePoolWithTag+0xe86
b84c75c8 b7673119 00000001 00000000 cd637052 nt!ExAllocatePoolWithTagPriority+0x58
WARNING: Stack unwind information not available. Following frames may be wrong.
b84c75e0 b7673e8a 00000000 b84c7608 b767825b msrpc!I_RpcGetCompleteAndFreeRoutine+0x22
b84c75ec b767825b 00000000 8b3101d6 00000000 msrpc!UuidEqual+0x16a
b84c7608 b7696024 80b97c38 b84c7624 80084000 msrpc!UuidEqual+0x453b
b84c7634 80d37c99 b7696014 80084000 80084000 msrpc!DllInitialize+0x10
b84c7684 80d341f1 80084000 b84c76a0 00034000 nt!IopInitializeBootDrivers+0xe1
b84c7830 80d31940 80084000 00000000 8b345670 nt!IoInitSystem+0x82d
b84c7dac 80bd81ac 80084000 00000000 00000000 nt!Phase1Initialization+0xb12
b84c7ddc 80ae4212 80d30e2e 80084000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
msrpc!I_RpcGetCompleteAndFreeRoutine+22
b7673119 5d              pop     ebp

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  msrpc!I_RpcGetCompleteAndFreeRoutine+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msrpc

IMAGE_NAME:  msrpc.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  61b814df

IMAGE_VERSION:  6.1.7601.25822

FAILURE_BUCKET_ID:  0xc2_0_msrpc!I_RpcGetCompleteAndFreeRoutine+22

BUCKET_ID:  0xc2_0_msrpc!I_RpcGetCompleteAndFreeRoutine+22

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc2_0_msrpc!i_rpcgetcompleteandfreeroutine+22

FAILURE_ID_HASH:  {7bd0e304-b158-484e-2d37-b2035b12b23c}

Followup: MachineOwner
---------

11: kd> lm
start    end        module name
80100000 80127780   HAL3       (deferred)             
80128000 80150000   kdcom      (deferred)             
80150000 8017a000   KDSTUB     (deferred)             
802d9000 802e9a80   pci        (deferred)             
80a02000 80da3000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\5B9E8A586D3D49D98927B5D5117577231\ntkrpamp.pdb
b7614000 b762de80   Mup        (deferred)             
b762e000 b766d000   NETIO      (deferred)             
b766d000 b7699000   msrpc      (export symbols)       msrpc.sys
b7699000 b7751000   NDIS       (deferred)             
b7751000 b77ddd00   Ntfs       (deferred)             
b77de000 b783b000   UsbHub3    (deferred)             
b783b000 b7880000   USBXHCI    (deferred)             
b7880000 b7896b80   KSecDD     (deferred)             
b7897000 b78a8f00   sr         (deferred)             
b78a9000 b78c8b00   fltMgr     (deferred)             
b78c9000 b78e0880   SCSIPORT   (deferred)             
b78e1000 b792a000   storport   (deferred)             
b792a000 b794db80   ntoskrn8   (deferred)             
b794e000 b7b25e80   ntoskrnx   (deferred)             
b7b26000 b7b39000   storahci   (deferred)             
b7b39000 b7b50900   atapi      (deferred)             
b7b51000 b7e06000   iaStor     (deferred)             
b7e06000 b7e2ba00   dmio       (deferred)             
b7e2c000 b7e4ad80   ftdisk     (deferred)             
b7e4b000 b7e7a000   ucx01000   (deferred)             
b7e7a000 b7ea9d80   ACPI       (deferred)             
b7eaa000 b7f2c000   WDF01_W8   (deferred)             
b7f2c000 b7f4b000   asmthub3   (deferred)             
b7f4b000 b7fa7000   asmtxhci   (deferred)             
b80a8000 b80b6000   WDFLDR8    (deferred)             
b80b8000 b80c1300   isapnp     (deferred)             
b80c8000 b80d2000   WppRecorder   (deferred)             
b80d8000 b80e2580   MountMgr   (deferred)             
b80e8000 b80f5200   VolSnap    (deferred)             
b80f8000 b8106000   stornvme   (deferred)             
b8108000 b8118000   asahci32   (deferred)             
b8118000 b8120e00   disk       (deferred)             
b8128000 b8134180   CLASSPNP   (deferred)             
b8138000 b8141000   USBD_W8    (deferred)             
b8148000 b8157100   ohci1394   (deferred)             
b8158000 b8165080   1394BUS    (deferred)             
b8328000 b832e780   USBSTOR    (deferred)             
b8330000 b8336180   PCIIDEX    (deferred)             
b8338000 b833cd00   PartMgr    (deferred)             
b8340000 b8344c00   storpor8   (deferred)             
b84b8000 b84bb000   BOOTVID    (deferred)             
b84bc000 b84bef80   ACPIEC     (deferred)             
b85a8000 b85a9100   WMILIB     (deferred)             
b85aa000 b85ab500   USBD       (deferred)             
b85ac000 b85ad700   dmload     (deferred)             
b8670000 b8670d00   pciide     (deferred)             
b8671000 b8671d80   OPRGHDLR   (deferred)             
11: kd> !devnode 0 1
Dumping IopRootDeviceNode (= 0x8b314ed8)
DevNode 0x8b314ed8 for PDO 0x8b3672c0
  InstancePath is "HTREE\ROOT\0"
  State = DeviceNodeStarted (0x308)
  Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b314b00 for PDO 0x8b314c60
    InstancePath is "Root\ACPI_HAL\0000"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
    DevNode 0x8b35e650 for PDO 0x8b30d480
      InstancePath is "ACPI_HAL\PNP0C08\0"
      ServiceName is "ACPI"
      State = DeviceNodeInitialized (0x302)
      Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b314788 for PDO 0x8b3148e8
    InstancePath is "Root\dmio\0000"
    ServiceName is "dmio"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b314530 for PDO 0x8b314690
    InstancePath is "Root\ftdisk\0000"
    ServiceName is "ftdisk"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b366008 for PDO 0x8b314438
    InstancePath is "Root\LEGACY_AFD\0000"
    ServiceName is "AFD"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b366db0 for PDO 0x8b366f10
    InstancePath is "Root\LEGACY_AMPA\0000"
    ServiceName is "ampa"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b366b58 for PDO 0x8b366cb8
    InstancePath is "Root\LEGACY_ARP1394\0000"
    ServiceName is "Arp1394"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b366900 for PDO 0x8b366a60
    InstancePath is "Root\LEGACY_ASMTHUB3\0000"
    ServiceName is "asmthub3"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3666a8 for PDO 0x8b366808
    InstancePath is "Root\LEGACY_ASMTXHCI\0000"
    ServiceName is "asmtxhci"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b366450 for PDO 0x8b3665b0
    InstancePath is "Root\LEGACY_BEEP\0000"
    ServiceName is "Beep"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b313008 for PDO 0x8b366278
    InstancePath is "Root\LEGACY_COMMONFX.SYS\0000"
    ServiceName is "COMMONFX.SYS"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b313db0 for PDO 0x8b313f10
    InstancePath is "Root\LEGACY_CPUZ135\0000"
    ServiceName is "cpuz135"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b313b58 for PDO 0x8b313cb8
    InstancePath is "Root\LEGACY_CTAC32K\0000"
    ServiceName is "ctac32k"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b313900 for PDO 0x8b313a60
    InstancePath is "Root\LEGACY_CTAUDFX.SYS\0000"
    ServiceName is "CTAUDFX.SYS"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3136a8 for PDO 0x8b313808
    InstancePath is "Root\LEGACY_CTPRXY2K\0000"
    ServiceName is "ctprxy2k"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b313450 for PDO 0x8b3135b0
    InstancePath is "Root\LEGACY_CTSBLFX.SYS\0000"
    ServiceName is "CTSBLFX.SYS"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3131f8 for PDO 0x8b313358
    InstancePath is "Root\LEGACY_CTSFM2K\0000"
    ServiceName is "ctsfm2k"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b365ed8 for PDO 0x8b365038
    InstancePath is "Root\LEGACY_DMBOOT\0000"
    ServiceName is "dmboot"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b365c80 for PDO 0x8b365de0
    InstancePath is "Root\LEGACY_DMLOAD\0000"
    ServiceName is "dmload"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b365a28 for PDO 0x8b365b88
    InstancePath is "Root\LEGACY_ELBYCDIO\0000"
    ServiceName is "ElbyCDIO"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3657d0 for PDO 0x8b365930
    InstancePath is "Root\LEGACY_EMUPIA\0000"
    ServiceName is "emupia"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b365578 for PDO 0x8b3656d8
    InstancePath is "Root\LEGACY_FIPS\0000"
    ServiceName is "Fips"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b365320 for PDO 0x8b365480
    InstancePath is "Root\LEGACY_GPC\0000"
    ServiceName is "Gpc"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b312008 for PDO 0x8b365228
    InstancePath is "Root\LEGACY_HA10KX2K\0000"
    ServiceName is "ha10kx2k"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b312db0 for PDO 0x8b312f10
    InstancePath is "Root\LEGACY_HAP17V2K\0000"
    ServiceName is "hap17v2k"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b312b58 for PDO 0x8b312cb8
    InstancePath is "Root\LEGACY_HTTP\0000"
    ServiceName is "HTTP"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b312900 for PDO 0x8b312a60
    InstancePath is "Root\LEGACY_IPNAT\0000"
    ServiceName is "IpNat"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3126a8 for PDO 0x8b312808
    InstancePath is "Root\LEGACY_IPSEC\0000"
    ServiceName is "IPSec"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b312450 for PDO 0x8b3125b0
    InstancePath is "Root\LEGACY_KSECDD\0000"
    ServiceName is "ksecdd"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3121f8 for PDO 0x8b312358
    InstancePath is "Root\LEGACY_MNMDD\0000"
    ServiceName is "mnmdd"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b364ed8 for PDO 0x8b364038
    InstancePath is "Root\LEGACY_MOUNTMGR\0000"
    ServiceName is "mountmgr"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b364c80 for PDO 0x8b364de0
    InstancePath is "Root\LEGACY_NDIS\0000"
    ServiceName is "NDIS"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b364a28 for PDO 0x8b364b88
    InstancePath is "Root\LEGACY_NDISTAPI\0000"
    ServiceName is "NdisTapi"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3647d0 for PDO 0x8b364930
    InstancePath is "Root\LEGACY_NDISUIO\0000"
    ServiceName is "Ndisuio"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b364578 for PDO 0x8b3646d8
    InstancePath is "Root\LEGACY_NDPROXY\0000"
    ServiceName is "NDProxy"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b364320 for PDO 0x8b364480
    InstancePath is "Root\LEGACY_NETBT\0000"
    ServiceName is "NetBT"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b311008 for PDO 0x8b364228
    InstancePath is "Root\LEGACY_NULL\0000"
    ServiceName is "Null"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b311db0 for PDO 0x8b311f10
    InstancePath is "Root\LEGACY_OSSRV\0000"
    ServiceName is "ossrv"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b311b58 for PDO 0x8b311cb8
    InstancePath is "Root\LEGACY_PARPORT\0000"
    ServiceName is "Parport"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b311900 for PDO 0x8b311a60
    InstancePath is "Root\LEGACY_PARTMGR\0000"
    ServiceName is "PartMgr"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3116a8 for PDO 0x8b311808
    InstancePath is "Root\LEGACY_PARVDM\0000"
    ServiceName is "ParVdm"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b311450 for PDO 0x8b3115b0
    InstancePath is "Root\LEGACY_RASACD\0000"
    ServiceName is "RasAcd"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3111f8 for PDO 0x8b311358
    InstancePath is "Root\LEGACY_RDPCDD\0000"
    ServiceName is "RDPCDD"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b363ed8 for PDO 0x8b363038
    InstancePath is "Root\LEGACY_TCPIP\0000"
    ServiceName is "Tcpip"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b363c80 for PDO 0x8b363de0
    InstancePath is "Root\LEGACY_UCX01000\0000"
    ServiceName is "UCX01000"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b363a28 for PDO 0x8b363b88
    InstancePath is "Root\LEGACY_USBSTOR\0000"
    ServiceName is "USBSTOR"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b3637d0 for PDO 0x8b363930
    InstancePath is "Root\LEGACY_VBOXDRV\0000"
    ServiceName is "VBoxDrv"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b363578 for PDO 0x8b3636d8
    InstancePath is "Root\LEGACY_VBOXUSBMON\0000"
    ServiceName is "VBoxUSBMon"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b363320 for PDO 0x8b363480
    InstancePath is "Root\LEGACY_VGASAVE\0000"
    ServiceName is "VgaSave"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b310008 for PDO 0x8b363228
    InstancePath is "Root\LEGACY_VOLSNAP\0000"
    ServiceName is "VolSnap"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b310db0 for PDO 0x8b310f10
    InstancePath is "Root\LEGACY_WANARP\0000"
    ServiceName is "Wanarp"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b310b58 for PDO 0x8b310cb8
    InstancePath is "Root\LEGACY_WDF01_W8\0000"
    ServiceName is "WDF01_W8"
    State = DeviceNodeStarted (0x308)
    Previous State = DeviceNodeEnumerateCompletion (0x30d)
  DevNode 0x8b310900 for PDO 0x8b310a60
    InstancePath is "Root\MEDIA\MS_MMACM"
    ServiceName is "audstub"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b3106a8 for PDO 0x8b310808
    InstancePath is "Root\MEDIA\MS_MMDRV"
    ServiceName is "audstub"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b310450 for PDO 0x8b3105b0
    InstancePath is "Root\MEDIA\MS_MMMCI"
    ServiceName is "audstub"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b3101f8 for PDO 0x8b310358
    InstancePath is "Root\MEDIA\MS_MMVCD"
    ServiceName is "audstub"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b362ed8 for PDO 0x8b362038
    InstancePath is "Root\MEDIA\MS_MMVID"
    ServiceName is "audstub"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b362c80 for PDO 0x8b362de0
    InstancePath is "Root\MS_L2TPMINIPORT\0000"
    ServiceName is "Rasl2tp"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b362a28 for PDO 0x8b362b88
    InstancePath is "Root\MS_NDISWANIP\0000"
    ServiceName is "NdisWan"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b3627d0 for PDO 0x8b362930
    InstancePath is "Root\MS_PPPOEMINIPORT\0000"
    ServiceName is "RasPppoe"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b362578 for PDO 0x8b3626d8
    InstancePath is "Root\MS_PPTPMINIPORT\0000"
    ServiceName is "PptpMiniport"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b362320 for PDO 0x8b362480
    InstancePath is "Root\MS_PSCHEDMP\0000"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30f008 for PDO 0x8b362228
    InstancePath is "Root\MS_PSCHEDMP\0001"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30fdb0 for PDO 0x8b30ff10
    InstancePath is "Root\MS_PSCHEDMP\0002"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30fb58 for PDO 0x8b30fcb8
    InstancePath is "Root\MS_PSCHEDMP\0003"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30f900 for PDO 0x8b30fa60
    InstancePath is "Root\MS_PSCHEDMP\0004"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30f6a8 for PDO 0x8b30f808
    InstancePath is "Root\MS_PSCHEDMP\0005"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30f450 for PDO 0x8b30f5b0
    InstancePath is "Root\MS_PSCHEDMP\0006"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30f1f8 for PDO 0x8b30f358
    InstancePath is "Root\MS_PSCHEDMP\0007"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b361ed8 for PDO 0x8b361038
    InstancePath is "Root\MS_PSCHEDMP\0008"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b361c80 for PDO 0x8b361de0
    InstancePath is "Root\MS_PSCHEDMP\0009"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b361a28 for PDO 0x8b361b88
    InstancePath is "Root\MS_PSCHEDMP\0010"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b3617d0 for PDO 0x8b361930
    InstancePath is "Root\MS_PSCHEDMP\0011"
    ServiceName is "PSched"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b361578 for PDO 0x8b3616d8
    InstancePath is "Root\MS_PTIMINIPORT\0000"
    ServiceName is "Raspti"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b361320 for PDO 0x8b361480
    InstancePath is "Root\NET\0000"
    ServiceName is "VBoxNetAdp"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30e008 for PDO 0x8b361228
    InstancePath is "Root\RDPDR\0000"
    ServiceName is "rdpdr"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30edb0 for PDO 0x8b30ef10
    InstancePath is "Root\RDP_KBD\0000"
    ServiceName is "TermDD"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30eb58 for PDO 0x8b30ecb8
    InstancePath is "Root\RDP_MOU\0000"
    ServiceName is "TermDD"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30e900 for PDO 0x8b30ea60
    InstancePath is "Root\SCSIADAPTER\0000"
    ServiceName is "VClone"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30e6a8 for PDO 0x8b30e808
    InstancePath is "Root\SUN_VBOXNETFLTMP\0000"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30e450 for PDO 0x8b30e5b0
    InstancePath is "Root\SUN_VBOXNETFLTMP\0001"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30e1f8 for PDO 0x8b30e358
    InstancePath is "Root\SUN_VBOXNETFLTMP\0002"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b360ed8 for PDO 0x8b360038
    InstancePath is "Root\SUN_VBOXNETFLTMP\0003"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b360c80 for PDO 0x8b360de0
    InstancePath is "Root\SUN_VBOXNETFLTMP\0004"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b360a28 for PDO 0x8b360b88
    InstancePath is "Root\SUN_VBOXNETFLTMP\0005"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b3607d0 for PDO 0x8b360930
    InstancePath is "Root\SUN_VBOXNETFLTMP\0006"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b360578 for PDO 0x8b3606d8
    InstancePath is "Root\SUN_VBOXNETFLTMP\0007"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b360320 for PDO 0x8b360480
    InstancePath is "Root\SUN_VBOXNETFLTMP\0008"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30d008 for PDO 0x8b360228
    InstancePath is "Root\SUN_VBOXNETFLTMP\0009"
    ServiceName is "VBoxNetFlt"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30ddb0 for PDO 0x8b30df10
    InstancePath is "Root\SYSTEM\0000"
    ServiceName is "swenum"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30db58 for PDO 0x8b30dcb8
    InstancePath is "Root\SYSTEM\0001"
    ServiceName is "update"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)
  DevNode 0x8b30d900 for PDO 0x8b30da60
    InstancePath is "Root\SYSTEM\0002"
    ServiceName is "mssmbios"
    State = DeviceNodeInitialized (0x302)
    Previous State = DeviceNodeUninitialized (0x301)

 

Link to comment
Share on other sites

@Dietmar Try it with this msrpc.sys from Vista (no missing exports at all files)

 

https://anonfiles.com/T7A23dc1y0/msrpc_sys

 

Or try to patch it, seems like driver itself doesn't need that function

rpc.png

Edited by George King
Link to comment
Share on other sites

3 minutes ago, Dietmar said:

@Damnation

May be, that it is possible to enable NDIS6 without    msrpc.sys

Dietmar

Then try to remove msrpc imports from netio.sys, Right lick in CFF Explorer and Delete import Descriptor. No idea what happends, just rebuild pe header and save to see if it works or fails

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...