Jump to content

NDIS6 support for XP?


Damnation
 Share

Recommended Posts

@Dietmar

Sorry, I'm not skilled enough to manually add a new exported function to vista 5048 ndis.sys

implementing this into ntoskrn8.sys won't do anything since it will never be called from there.

making an ndis.sys extender for this version won't work either since we don't have a vista beta DDK to link it to, and the vista RTM version of the ndis.lib library won't link it correctly.

Link to comment
Share on other sites


Posted (edited)

@Damnation

May be it is not so difficult, if we understand how PE Maker and PE_Tool_0.0.5 work.

The function KeQueryActiveProcessorCountEx you already integrate in ntoskrn8.sys.

The function itself we can take from ndis.sys from win7 sp1,

NdisGroupActiveProcessorCount

but I also dont know how to extract this function

Dietmar

PS: Via IdaPro,

the HexValues of this Export function in ndis.sys win7 sp1 bit32 are just

Beginning with to end

 

.text:0001832A ; Exported entry 200. NdisGroupActiveProcessorCount
.text:0001832A
.text:0001832A ; =============== S U B R O U T I N E =======================================
.text:0001832A
.text:0001832A ; Attributes: bp-based frame
.text:0001832A
.text:0001832A ; __stdcall NdisGroupActiveProcessorCount(x)
.text:0001832A                 public _NdisGroupActiveProcessorCount@4
.text:0001832A _NdisGroupActiveProcessorCount@4 proc near
.text:0001832A                                         ; CODE XREF: ndisCreateReceiveWorkerThreadPool()+42p
.text:0001832A                 mov     edi, edi
.text:0001832C                 push    ebp
.text:0001832D                 mov     ebp, esp
.text:0001832F                 pop     ebp
.text:00018330                 jmp     ds:__imp__KeQueryActiveProcessorCountEx@4 ; KeQueryActiveProcessorCountEx(x)
.text:00018330 _NdisGroupActiveProcessorCount@4 endp
.text:00018330
.text:00018330 ; ---------------------------------------------------------------------------

8B FF 55 8B EC 5D FF 25 B4 F0 04 00

Edited by Dietmar
Link to comment
Share on other sites

@Damnation

Now Bsod goes to ntoskrn8.sys

Dietmar

Intel Storage Driver Ver: 11.2.0.1006

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for e1d6232.sys -
Breakpoint 0 hit
e1d6232!DriverEntry:
b6a56094 55              push    ebp
1: kd> g

*** Fatal System Error: 0x0000007f
                       (0x00000008,0xBA330D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 18:14:34.234 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..................WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ba330d70, 0, 0}

Probably caused by : ntoskrn8.sys ( ntoskrn8!_imp__SeQueryInformationToken+2 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba330d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=ba551367 ebx=00020019 ecx=ba550090 edx=e1640008 esi=ba553690 edi=8bc3a9c7
eip=b9973072 esp=e8570689 ebp=ba553658 iopl=0         nv up ei pl nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010217
ntoskrn8!_imp__SeQueryInformationToken+0x2:
b9973072 5e              pop     esi
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from 00000000 to b9973072

UNALIGNED_STACK_POINTER:  e8570689

STACK_TEXT:  
ba553658 00000000 8bc37620 8bc3a9c8 ba553690 ntoskrn8!_imp__SeQueryInformationToken+0x2


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
ntoskrn8!_imp__SeQueryInformationToken+2
b9973072 5e              pop     esi

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntoskrn8!_imp__SeQueryInformationToken+2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntoskrn8

IMAGE_NAME:  ntoskrn8.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  629f7012

IMAGE_VERSION:  5.1.2600.10

FAILURE_BUCKET_ID:  0x7f_8_ntoskrn8!_imp__SeQueryInformationToken+2

BUCKET_ID:  0x7f_8_ntoskrn8!_imp__SeQueryInformationToken+2

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7f_8_ntoskrn8!_imp__sequeryinformationtoken+2

FAILURE_ID_HASH:  {ddac3b4e-42a8-11ea-6936-c7f1f378e5c8}

Followup: MachineOwner
---------

1: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\halmacpi.pdb\253F6CAD95214878B51A88A9B592FD381\halmacpi.pdb
80706000 8072e000   kdcom      (deferred)             
b34d2000 b353f000   e1d6232    (deferred)             
b35ab000 b3608f00   update     (deferred)             
b3609000 b362b700   ks         (deferred)             
b362c000 b365bc80   rdpdr      (deferred)             
b41cb000 b41cbc00   audstub    (deferred)             
b44c7000 b44d0f80   termdd     (deferred)             
b8e01000 b8e09e00   intelppm   (deferred)             
b92b1000 b92b3280   wmiacpi    (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b97f3000 b97f6d80   serenum    (deferred)             
b97fb000 b97fec80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (deferred)             
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec980   ntoskrn8   (private pdb symbols)  C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntoskrn8.pdb\DE5820ED5A0D4BDDAA0BD990F97C228A1\ntoskrn8.pdb
b9aed000 b9ba5000   NDIS       (deferred)             
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba248000 ba254d00   i8042prt   (deferred)             
ba258000 ba267c00   serial     (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba498000 ba49e000   kbdclass   (deferred)             
ba4a0000 ba4a5a00   mouclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba5c0000 ba5c1100   swenum     (deferred)             

Unloaded modules:
b44a7000 b44b7000   cdrom.sys
b97f7000 b97fa000   Sfloppy.SYS
b44b7000 b44c3000   Flpydisk.SYS
b3d67000 b3d6e000   Fdc.SYS
b6a53000 b6ac0000   e1d6232.sys

 

Link to comment
Share on other sites

Posted (edited)

@Damnation

I just test. When you do a trace in Windbg, it is an endless loop after the driver e1d6232.sys is unloaded

This is output from Windbg

Dietmar

Intel Storage Driver Ver: 11.2.0.1006


*** Fatal System Error: 0x0000007f
                       (0x00000008,0xBA330D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 19:29:10.484 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..................WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ba330d70, 0, 0}

Probably caused by : hardware ( ntoskrn8!_imp__KeInitializeMutex+3 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba330d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=ba551367 ebx=00020019 ecx=ba556e90 edx=e1766ea8 esi=ba553690 edi=8bc3a9c7
eip=b9972fef esp=e8570689 ebp=ba553658 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
ntoskrn8!_imp__KeInitializeMutex+0x3:
b9972fef 80340850        xor     byte ptr [eax+ecx],50h     ds:0023:74aa81f7=??
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from 00000000 to b9972fef

MISALIGNED_IP:
ntoskrn8!_imp__KeInitializeMutex+3
b9972fef 80340850        xor     byte ptr [eax+ecx],50h

UNALIGNED_STACK_POINTER:  e8570689

STACK_TEXT:  
ba553658 00000000 8bc37620 8bc3a9c8 ba553690 ntoskrn8!_imp__KeInitializeMutex+0x3


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
ntoskrn8!_imp__KeInitializeMutex+3
b9972fef 80340850        xor     byte ptr [eax+ecx],50h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntoskrn8!_imp__KeInitializeMutex+3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hardware

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  5.1.2600.10

FAILURE_BUCKET_ID:  IP_MISALIGNED_ntoskrn8.sys

BUCKET_ID:  IP_MISALIGNED_ntoskrn8.sys

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:ip_misaligned_ntoskrn8.sys

FAILURE_ID_HASH:  {dbda5822-4532-65a2-14de-bf4f49b55a8c}

Followup: MachineOwner
---------

1: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\halmacpi.pdb\253F6CAD95214878B51A88A9B592FD381\halmacpi.pdb
80706000 8072e000   kdcom      (deferred)             
b693b000 b69a8000   e1d6232    (deferred)             
b6cda000 b6d37f00   update     (deferred)             
b6d38000 b6d5a700   ks         (deferred)             
b6d5b000 b6d8ac80   rdpdr      (deferred)             
b915a000 b9163f80   termdd     (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b9795000 b9797280   wmiacpi    (deferred)             
b97f3000 b97f6d80   serenum    (deferred)             
b97f7000 b97fac80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (deferred)             
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec900   ntoskrn8   (private pdb symbols)  C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntoskrn8.pdb\D8662FF0A5A24F3A82813E44885940221\ntoskrn8.pdb
b9aed000 b9ba5000   NDIS       (deferred)             
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba1e8000 ba1f0e00   intelppm   (deferred)             
ba298000 ba2a4d00   i8042prt   (deferred)             
ba2a8000 ba2b7c00   serial     (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba4a8000 ba4ae000   kbdclass   (deferred)             
ba4b0000 ba4b5a00   mouclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba624000 ba625100   swenum     (deferred)             
ba683000 ba683c00   audstub    (deferred)             

Unloaded modules:
b8dca000 b8dda000   cdrom.sys
b883e000 b8841000   Sfloppy.SYS
b8dda000 b8de6000   Flpydisk.SYS
b8d5a000 b8d61000   Fdc.SYS
b9648000 b96b5000   e1d6232.sys

Edited by Dietmar
Link to comment
Share on other sites

@Dietmar

I just remembered something!

I did not update the security_cookie in ndis/netio/msrpc.sys

IIRC This might be the cause of the 7F BSOD

Give me a few minutes to patch them.

Link to comment
Share on other sites

@Damnation

Same as before

Dietmar

Intel Storage Driver Ver: 11.2.0.1006


*** Fatal System Error: 0x0000007f
                       (0x00000008,0xBA330D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 20:53:44.562 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..................WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ba330d70, 0, 0}

Probably caused by : hardware ( ntoskrn8!_imp__KeInitializeMutex+3 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba330d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=ba551367 ebx=00020019 ecx=ba55da90 edx=e174daa0 esi=ba553690 edi=8bc3a9c7
eip=b9972fef esp=e8570689 ebp=ba553658 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
ntoskrn8!_imp__KeInitializeMutex+0x3:
b9972fef 80340850        xor     byte ptr [eax+ecx],50h     ds:0023:74aaedf7=??
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from 00000000 to b9972fef

MISALIGNED_IP:
ntoskrn8!_imp__KeInitializeMutex+3
b9972fef 80340850        xor     byte ptr [eax+ecx],50h

UNALIGNED_STACK_POINTER:  e8570689

STACK_TEXT:  
ba553658 00000000 8bc37620 8bc3a9c8 ba553690 ntoskrn8!_imp__KeInitializeMutex+0x3


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
ntoskrn8!_imp__KeInitializeMutex+3
b9972fef 80340850        xor     byte ptr [eax+ecx],50h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntoskrn8!_imp__KeInitializeMutex+3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hardware

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  5.1.2600.10

FAILURE_BUCKET_ID:  IP_MISALIGNED_ntoskrn8.sys

BUCKET_ID:  IP_MISALIGNED_ntoskrn8.sys

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:ip_misaligned_ntoskrn8.sys

FAILURE_ID_HASH:  {dbda5822-4532-65a2-14de-bf4f49b55a8c}

Followup: MachineOwner
---------

1: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\halmacpi.pdb\253F6CAD95214878B51A88A9B592FD381\halmacpi.pdb
80706000 8072e000   kdcom      (deferred)             
b5495000 b5502000   e1d6232    (deferred)             
b5b6a000 b5bc7f00   update     (deferred)             
b5bc8000 b5bea700   ks         (deferred)             
b5c13000 b5c42c80   rdpdr      (deferred)             
b76af000 b76afc00   audstub    (deferred)             
b91c1000 b91caf80   termdd     (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b97b9000 b97bb280   wmiacpi    (deferred)             
b97f3000 b97f6d80   serenum    (deferred)             
b97ff000 b9802c80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (deferred)             
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec900   ntoskrn8   (private pdb symbols)  C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntoskrn8.pdb\D8662FF0A5A24F3A82813E44885940221\ntoskrn8.pdb
b9aed000 b9ba5000   NDIS       (deferred)             
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba2c8000 ba2d4d00   i8042prt   (deferred)             
ba2d8000 ba2e7c00   serial     (deferred)             
ba2e8000 ba2f0e00   intelppm   (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba388000 ba38da00   mouclass   (deferred)             
ba4b0000 ba4b6000   kbdclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba614000 ba615100   swenum     (deferred)             

Unloaded modules:
b8ecb000 b8edb000   cdrom.sys
b97f7000 b97fa000   Sfloppy.SYS
b8eeb000 b8ef7000   Flpydisk.SYS
b8dcb000 b8dd2000   Fdc.SYS
b9648000 b96b5000   e1d6232.sys

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...