Jump to content

NDIS6 support for XP?


Recommended Posts


I get this BSOD about ntio.sys

And I notice, that storpor8.sys is unloaded


Intel Storage Driver Ver:

*** Fatal System Error: 0x000000d1

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Sun May  8 09:52:14.718 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
Loading User Symbols

Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck D1, {a060005, 2, 0, b781e9f7}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for e1d6232.sys -
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
Probably caused by : NETIO.SYS ( NETIO!NmrpIsEqualNpiId+8 )

Followup: MachineOwner

8052b724 cc              int     3
2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arg1: 0a060005, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: b781e9f7, address which referenced memory

Debugging Details:

*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0

READ_ADDRESS:  0a060005


b781e9f7 8b10            mov     edx,dword ptr [eax]




ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

TRAP_FRAME:  b85535f8 -- (.trap 0xffffffffb85535f8)
ErrCode = 00000000
eax=0a060005 ebx=0a060001 ecx=b78dc6f0 edx=77334855 esi=b78dc6f0 edi=00000000
eip=b781e9f7 esp=b855366c ebp=b855366c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
b781e9f7 8b10            mov     edx,dword ptr [eax]  ds:0023:0a060005=????????
Resetting default scope

LOCK_ADDRESS:  8055b560 -- (!locks 8055b560)

Resource @ nt!IopDeviceTreeLock (0x8055b560)    Shared 1 owning threads
     Threads: 989a5020-01<*>
1 total locks, 1 locks currently held

    Lock address  : 0x8055b560
    Thread Count  : 1
    Thread address: 0x989a5020
    Thread wait   : 0x2c0

LAST_CONTROL_TRANSFER:  from 804f8e95 to 8052b724

b85531ac 804f8e95 00000003 b8553508 00000000 nt!RtlpBreakWithStatusInstruction
b85531f8 804f9a80 00000003 0a060005 b781e9f7 nt!KiBugCheckDebugBreak+0x19
b85535d8 8054483c 0000000a 0a060005 00000002 nt!KeBugCheck2+0x574
b85535d8 b781e9f7 0000000a 0a060005 00000002 nt!KiTrap0E+0x180
b855366c b781ee81 0a060005 b78dc6f0 966b5e48 NETIO!NmrpIsEqualNpiId+0x8
b8553684 b781ed5d 989732c0 00000001 b78de008 NETIO!NmrpFindOrAddRegisteredNpiId+0x22
b85536f0 b781ec91 966b5e48 b8553728 b8553724 NETIO!NmrpRegisterModuleAndGetBindableCandidates+0x33
b8553718 b781ef72 00000002 b78dd018 00000000 NETIO!NmrpRegisterModule+0x3c
b8553740 b78baf2f b78bb6db 00000000 b78de008 NETIO!NmrRegisterProvider+0x4b
b8553764 b78bb6db 00060000 8052e8fc b855378c NDIS!ndisStartNsiProvider+0x4b
b8553780 b78b7db9 b1ec6000 96570228 00060014 NDIS!ndisInitializeNsi+0x50
b8553798 b1e752a3 96570228 966b3000 00000000 NDIS!NdisMRegisterMiniportDriver+0x51
WARNING: Stack unwind information not available. Following frames may be wrong.
b8553814 805813af 96570228 966b3000 00000000 e1d6232!DriverEntry+0x20f
b85538e4 8058f557 800001c4 00000000 b8553900 nt!IopLoadDriver+0x66d
b8553928 805e7b7f e23e1280 00000001 800001c4 nt!PipCallDriverAddDeviceQueryRoutine+0x235
b8553974 805e7f76 e23e1264 00000001 b85539f0 nt!RtlpCallQueryRegistryRoutine+0x37d
b85539fc 80590ddf 00000001 00000084 b8553a24 nt!RtlQueryRegistryValues+0x368
b8553ad0 8059229c 00000000 00000001 b8553d5c nt!PipCallDriverAddDevice+0x261
b8553d2c 805927a6 98970ee8 00000001 00000000 nt!PipProcessDevNodeTree+0x1a4
b8553d54 804f6a32 00000003 8055b5c0 8056485c nt!PiProcessStartSystemDevices+0x3a
b8553d7c 80538921 00000000 00000000 989a5020 nt!PipDeviceActionWorker+0x170
b8553dac 805cffee 00000000 00000000 00000000 nt!ExpWorkerThread+0xef
b8553ddc 8054623e 80538832 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


b781e9f7 8b10            mov     edx,dword ptr [eax]



FOLLOWUP_NAME:  MachineOwner




IMAGE_VERSION:  6.1.7601.24208


BUCKET_ID:  0xD1_NETIO!NmrpIsEqualNpiId+8


FAILURE_ID_HASH_STRING:  km:0xd1_netio!nmrpisequalnpiid+8

FAILURE_ID_HASH:  {1d7ea187-17c8-1608-8471-24546162eb85}

Followup: MachineOwner

2: kd> lm
start    end        module name
80100000 8012a000   KDSTUB     (deferred)             
8028b000 8029ba80   pci        (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d00   hal        (deferred)             
80706000 8072e000   kdcom      (deferred)             
b1e72000 b1edf000   e1d6232    (export symbols)       e1d6232.sys
b517c000 b51a4000   HDAudBus   (deferred)             
b51de000 b51f1f00   VIDEOPRT   (deferred)             
b51f2000 b5e53bc0   nv4_mini   (deferred)             
b5e6c000 b5e71c00   mouclass   (deferred)             
b5e8c000 b5e92280   kbdclass   (deferred)             
b5f34000 b5f40f00   i8042prt   (deferred)             
b7778000 b777bd80   serenum    (deferred)             
b77f4000 b780de80   Mup        (deferred)             
b780e000 b784d000   NETIO      (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\netio.pdb\5BBB5169EEB04D0BB707BFA122C6C9442\netio.pdb
b784d000 b7878000   msrpc      (deferred)             
b7878000 b789b980   ntoskrn8   (deferred)             
b789c000 b7954000   NDIS       (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ndis.pdb\B69DA90026554DB7963D1422C84157172\ndis.pdb
b7954000 b79e0d00   Ntfs       (deferred)             
b79e1000 b7a3e000   UsbHub3    (deferred)             
b7a3e000 b7a83000   USBXHCI    (deferred)             
b7a83000 b7a99b80   KSecDD     (deferred)             
b7a9a000 b7aabf00   sr         (deferred)             
b7aac000 b7acbb00   fltMgr     (deferred)             
b7acc000 b7ae3880   SCSIPORT   (deferred)             
b7ae4000 b7b24000   storport   (deferred)             
b7b4f000 b7e04000   iaStor     (deferred)             
b7e04000 b7e29a00   dmio       (deferred)             
b7e2a000 b7e48d80   ftdisk     (deferred)             
b7e49000 b7e78000   ucx01000   (deferred)             
b7e78000 b7eaa000   ACPI       (deferred)             
b7eaa000 b7f2c000   WDF01_W8   (deferred)             
b7f2c000 b7f4b000   asmthub3   (deferred)             
b7f4b000 b7fa7000   asmtxhci   (deferred)             
b80a8000 b80b6000   WDFLDR8    (deferred)             
b80b8000 b80c1300   isapnp     (deferred)             
b80c8000 b80d2000   WppRecorder   (deferred)             
b80d8000 b80e2580   MountMgr   (deferred)             
b80e8000 b80f5200   VolSnap    (deferred)             
b8108000 b8118000   asahci32   (deferred)             
b8118000 b8120e00   disk       (deferred)             
b8128000 b8134180   CLASSPNP   (deferred)             
b8138000 b8141000   USBD_W8    (deferred)             
b8148000 b8158000   serial     (deferred)             
b8328000 b832e780   USBSTOR    (deferred)             
b8330000 b8336180   PCIIDEX    (deferred)             
b8338000 b833cd00   PartMgr    (deferred)             
b84b8000 b84bb000   BOOTVID    (deferred)             
b85a8000 b85a9100   WMILIB     (deferred)             
b85aa000 b85ab500   USBD       (deferred)             
b85ac000 b85ad700   dmload     (deferred)             
b8671000 b8671d80   OPRGHDLR   (deferred)             

Unloaded modules:
b8158000 b8166000   1394BUS.SYS
b8148000 b8158000   ohci1394.sys
b7b37000 b7b4f000   atapi.sys
b84bc000 b84bf000   ACPIEC.sys
b8670000 b8671000   pciide.sys
b80f8000 b8106000   stornvme.sys
b8340000 b8345000   storpor8.sys
b7b24000 b7b37000   storahci.sys




Link to comment
Share on other sites


It's not the same error at least.

I'm going to implement MmAllocatePagesForMdlEx, KeFreeCalloutStack, KeAllocateCalloutStack, and KeTestSpinLock next with a precompiled objects.

Link to comment
Share on other sites

@Damnation Fully working code will be better as this SD/MMC driver can work on XP - 7 in both architecture. Currently I would like to see it under 7 first. With actual state it can be installed, but "connected disk device" can't be installed / started, I think it's caused by my blank function. 

Link to comment
Share on other sites

@Damnation Thanks, downloaded your updated repo, I have compared it to one I downloaded from GitHub and there are missing some parts in wrk2003.c on your side. Is this code missing by accident or there is a reason for that?


Missing part

	void WRK2003_Init(void)
#if (NTDDI_VERSION < NTDDI_VISTA) && defined(_X86_)
//  KeInvalidateAllCaches
gTramp_KeInvalidateAllCaches = (PFN_BOOLEAN) ModuleHexSearch(MODULE_NTOSKRNL, KeInvalidateAllCaches_magic1, sizeof(KeInvalidateAllCaches_magic1), KeInvalidateAllCaches_magic1mask);
if (!gTramp_KeInvalidateAllCaches)
    gTramp_KeInvalidateAllCaches = (PFN_BOOLEAN) ModuleHexSearch(MODULE_NTOSKRNL, KeInvalidateAllCaches_magic2, sizeof(KeInvalidateAllCaches_magic2), KeInvalidateAllCaches_magic2mask);
    if (!gTramp_KeInvalidateAllCaches)
        gTramp_KeInvalidateAllCaches = (PFN_BOOLEAN) ModuleHexSearch(MODULE_NTOSKRNL, KeInvalidateAllCaches_magic3, sizeof(KeInvalidateAllCaches_magic3), KeInvalidateAllCaches_magic3mask);
            if (!gTramp_KeInvalidateAllCaches)
            gTramp_KeInvalidateAllCaches = (PFN_BOOLEAN) ModuleHexSearch(MODULE_NTOSKRNL, KeInvalidateAllCaches_magic4, sizeof(KeInvalidateAllCaches_magic4), KeInvalidateAllCaches_magic4mask);
                if (!gTramp_KeInvalidateAllCaches)
                    KeBugCheckEx(0xDEADBEEFL, 5, 0, 0, 2);
#endif // WinXP RTM <> SP4
//  KeAlertThread
gTramp_KeAlertThread = (PFN_BOOLEAN_PKTHREAD_KPROCESSOR_MODE) ModuleHexSearch(MODULE_NTOSKRNL, KeAlertThread_magic1, sizeof(KeAlertThread_magic1), KeAlertThread_magic1mask);
if (!gTramp_KeAlertThread)
    gTramp_KeAlertThread = (PFN_BOOLEAN_PKTHREAD_KPROCESSOR_MODE) ModuleHexSearch(MODULE_NTOSKRNL, KeAlertThread_magic2, sizeof(KeAlertThread_magic2), KeAlertThread_magic2mask);
    if (!gTramp_KeAlertThread)
        gTramp_KeAlertThread = (PFN_BOOLEAN_PKTHREAD_KPROCESSOR_MODE) ModuleHexSearch(MODULE_NTOSKRNL, KeAlertThread_magic1chk, sizeof(KeAlertThread_magic1chk), KeAlertThread_magic1chkmask);
        if (!gTramp_KeAlertThread)
            KeBugCheckEx(0xDEADBEEFL, 5, 0, 0, 3);
//  KeTestAlertThread
gTramp_KeTestAlertThread = (PFN_BOOLEAN_KPROCESSOR_MODE) ModuleHexSearch(MODULE_NTOSKRNL, KeTestAlertThread_magic1, sizeof(KeTestAlertThread_magic1), KeTestAlertThread_magic1mask);
if (!gTramp_KeTestAlertThread)
    gTramp_KeTestAlertThread = (PFN_BOOLEAN_KPROCESSOR_MODE) ModuleHexSearch(MODULE_NTOSKRNL, KeTestAlertThread_magic2, sizeof(KeTestAlertThread_magic2), KeTestAlertThread_magic2mask);
    if (!gTramp_KeTestAlertThread)
        gTramp_KeTestAlertThread = (PFN_BOOLEAN_KPROCESSOR_MODE) ModuleHexSearch(MODULE_NTOSKRNL, KeTestAlertThread_magic1chk, sizeof(KeTestAlertThread_magic1chk), KeTestAlertThread_magic1chkmask);
        if (!gTramp_KeTestAlertThread)
            KeBugCheckEx(0xDEADBEEFL, 5, 0, 0, 4);
//  LpcRequestWaitReplyPortEx
gTramp_LpcRequestWaitReplyPortEx = (PFN_NTSTATUS_PVOID_PPORT_MESSAGE_PPORT_MESSAGE) ModuleHexSearch(MODULE_NTOSKRNL, LpcRequestWaitReplyPortEx_magic1, sizeof(LpcRequestWaitReplyPortEx_magic1), LpcRequestWaitReplyPortEx_magic1mask);
if (!gTramp_LpcRequestWaitReplyPortEx)
    gTramp_LpcRequestWaitReplyPortEx = (PFN_NTSTATUS_PVOID_PPORT_MESSAGE_PPORT_MESSAGE) ModuleHexSearch(MODULE_NTOSKRNL, LpcRequestWaitReplyPortEx_magic2, sizeof(LpcRequestWaitReplyPortEx_magic2), LpcRequestWaitReplyPortEx_magic2mask);
    if (!gTramp_LpcRequestWaitReplyPortEx)
        KeBugCheckEx(0xDEADBEEFL, 5, 0, 0, 5);
#endif //  < Vista && x32


P.S. Installing 32bit XP on my testing machine right now to see how it goes. I see method how you created that function for x86 in ASM. I hope it will work, then we will only need x64 ones and rearange your new functions in Extender. For example many of functions you added into < Vista are needed for < 8 too. But polishing process can be done in future 

Link to comment
Share on other sites

1 minute ago, Damnation said:

@George King

That gets rid of the 0xDEADBEEF BSODs from ntoskrnl version mismatch - I got rid of it out of habit since I'd tried porting to windows 2000 earlier.

Yeah I was thinking about that.

Link to comment
Share on other sites

@Damnation I have installed XP 32bit on Asus K53SV and Acer Aspire One, these machines have SD card reader, but not compatible with that Generic driver. I have also Dell Latitude 7440 and here I can't reinstall it and it run Windows 7 x64. I don't know when I can reinstall this machine (my wife's laptop)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...