Jump to content

NDIS6 support for XP?


Damnation
 Share

Recommended Posts


@Damnation

Same as before

Dietmar

Breakpoint 0 hit
e1d6232!DriverEntry:
b5512094 55              push    ebp
11: kd> g

*** Fatal System Error: 0x0000007f
                       (0x00000008,0xBA380D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 21:41:06.218 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..................WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
..........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ba380d70, 0, 0}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntoskrn8.sys -
Probably caused by : ntoskrn8.sys ( ntoskrn8!wcstoul+64bd2 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
11: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba380d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=ba55db67 ebx=00020019 ecx=ba556590 edx=e1796540 esi=ba553690 edi=8bc3a9c8
eip=b9972f6b esp=e8570689 ebp=ba553658 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
ntoskrn8!wcstoul+0x64bd2:
b9972f6b 80340850        xor     byte ptr [eax+ecx],50h     ds:0023:74ab40f7=??
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from 00000000 to b9972f6b

UNALIGNED_STACK_POINTER:  e8570689

STACK_TEXT:  
ba553658 00000000 8bc37620 8bc3a9c8 ba553690 ntoskrn8!wcstoul+0x64bd2


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
ntoskrn8!wcstoul+64bd2
b9972f6b 80340850        xor     byte ptr [eax+ecx],50h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntoskrn8!wcstoul+64bd2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntoskrn8

IMAGE_NAME:  ntoskrn8.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  629fa760

IMAGE_VERSION:  5.1.2600.10

FAILURE_BUCKET_ID:  0x7f_8_ntoskrn8!wcstoul+64bd2

BUCKET_ID:  0x7f_8_ntoskrn8!wcstoul+64bd2

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7f_8_ntoskrn8!wcstoul+64bd2

FAILURE_ID_HASH:  {1fad9cf1-073f-b7e5-0ea1-ef1bf339577a}

Followup: MachineOwner
---------

11: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (deferred)             
80706000 8072e000   kdcom      (deferred)             
b550f000 b557c000   e1d6232    (deferred)             
b5b83000 b5be0f00   update     (deferred)             
b5be1000 b5c03700   ks         (deferred)             
b5c2c000 b5c5bc80   rdpdr      (deferred)             
b7696000 b7696c00   audstub    (deferred)             
b8ecb000 b8edb000   cdrom      (deferred)             
b91c1000 b91caf80   termdd     (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b97b9000 b97bb280   wmiacpi    (deferred)             
b97f3000 b97f6d80   serenum    (deferred)             
b97fb000 b97fec80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (deferred)             
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec880   ntoskrn8   (export symbols)       ntoskrn8.sys
b9aed000 b9ba5000   NDIS       (deferred)             
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba108000 ba114d00   i8042prt   (deferred)             
ba118000 ba127c00   serial     (deferred)             
ba128000 ba130e00   intelppm   (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba388000 ba38e000   kbdclass   (deferred)             
ba398000 ba39da00   mouclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba614000 ba615100   swenum     (deferred)             

Unloaded modules:
b8ecb000 b8edb000   cdrom.sys
b97ef000 b97f2000   Sfloppy.SYS
b8eeb000 b8ef7000   Flpydisk.SYS
b8d8f000 b8d96000   Fdc.SYS
b9648000 b96b5000   e1d6232.sys

Link to comment
Share on other sites

@Dietmar

can you load the PDB symbols for ntoskrn8?

last time it was

Quote

MISALIGNED_IP:
ntoskrn8!_imp__KeInitializeMutex+3
b9972fef 80340850        xor     byte ptr [eax+ecx],50h

has that changed?

Link to comment
Share on other sites

@Damnation

Yepp, I forget. Here is with last *.pdb

Dietmar

Intel Storage Driver Ver: 11.2.0.1006


*** Fatal System Error: 0x0000007f
                       (0x00000008,0xBA330D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 21:58:29.140 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..................WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ba330d70, 0, 0}

Probably caused by : ntoskrn8.sys ( ntoskrn8!_imp__PsReferencePrimaryToken+3 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba330d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=ba55db67 ebx=00020019 ecx=ba55c390 edx=e178c350 esi=ba553690 edi=8bc3a9c8
eip=b9972f6b esp=e8570689 ebp=ba553658 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
ntoskrn8!_imp__PsReferencePrimaryToken+0x3:
b9972f6b 80340850        xor     byte ptr [eax+ecx],50h     ds:0023:74ab9ef7=??
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from 00000000 to b9972f6b

UNALIGNED_STACK_POINTER:  e8570689

STACK_TEXT:  
ba553658 00000000 8bc37620 8bc3a9c8 ba553690 ntoskrn8!_imp__PsReferencePrimaryToken+0x3


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
ntoskrn8!_imp__PsReferencePrimaryToken+3
b9972f6b 80340850        xor     byte ptr [eax+ecx],50h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntoskrn8!_imp__PsReferencePrimaryToken+3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntoskrn8

IMAGE_NAME:  ntoskrn8.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  629fa760

IMAGE_VERSION:  5.1.2600.10

FAILURE_BUCKET_ID:  0x7f_8_ntoskrn8!_imp__PsReferencePrimaryToken+3

BUCKET_ID:  0x7f_8_ntoskrn8!_imp__PsReferencePrimaryToken+3

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7f_8_ntoskrn8!_imp__psreferenceprimarytoken+3

FAILURE_ID_HASH:  {27ce86e3-c6e0-2574-9fa6-ebfd80618e8d}

Followup: MachineOwner
---------

1: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\halmacpi.pdb\253F6CAD95214878B51A88A9B592FD381\halmacpi.pdb
80706000 8072e000   kdcom      (deferred)             
b5a1c000 b5a89000   e1d6232    (deferred)             
b8b39000 b8b96f00   update     (deferred)             
b9326000 b9348700   ks         (deferred)             
b9685000 b96b4c80   rdpdr      (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b9711000 b9714c80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b97f7000 b97fad80   serenum    (deferred)             
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (deferred)             
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec880   ntoskrn8   (private pdb symbols)  C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntoskrn8.pdb\C9467C0DBC594315A0717C5122137D231\ntoskrn8.pdb
b9aed000 b9ba5000   NDIS       (deferred)             
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba118000 ba124d00   i8042prt   (deferred)             
ba128000 ba137c00   serial     (deferred)             
ba138000 ba140e00   intelppm   (deferred)             
ba148000 ba151f80   termdd     (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba388000 ba38e000   kbdclass   (deferred)             
ba398000 ba39da00   mouclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba57c000 ba57e280   wmiacpi    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba5be000 ba5bf100   swenum     (deferred)             
ba7f3000 ba7f3c00   audstub    (deferred)             

Unloaded modules:
b8ef1000 b8f01000   cdrom.sys
b97f3000 b97f6000   Sfloppy.SYS
b8f01000 b8f0d000   Flpydisk.SYS
b8d78000 b8d7f000   Fdc.SYS
b9648000 b96b5000   e1d6232.sys

 

Link to comment
Share on other sites

@Damnation

This one is a little bit other.

On normal XP start it gives endless running bar.

With Windbg I get it

Dietmar

*** Fatal System Error: 0x0000007f
                       (0x00000008,0xBA330D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 22:27:55.343 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..................WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
WARNING: Process directory table base 9E680020 doesn't match CR3 00759000
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, ba330d70, 0, 0}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for e1d6232.sys -
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
Probably caused by : ntoskrn8.sys ( ntoskrn8!_imp__PsReferenceImpersonationToken+3 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba330d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b560

BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=ba553667 ebx=00020019 ecx=ba553290 edx=e15b3290 esi=ba553690 edi=8bc3a9c8
eip=b9972f67 esp=b9904aae ebp=ba553658 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
ntoskrn8!_imp__PsReferenceImpersonationToken+0x3:
b9972f67 80340850        xor     byte ptr [eax+ecx],50h     ds:0023:74aa68f7=??
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LOCK_ADDRESS:  8055b4e0 -- (!locks 8055b4e0)

Resource @ nt!PiEngineLock (0x8055b4e0)    Exclusively owned
    Contention Count = 2
     Threads: 8bc37620-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
    Lock address  : 0x8055b4e0
    Thread Count  : 0
    Thread address: 0x00000000
    Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from b989ec77 to b9972f67

UNALIGNED_STACK_POINTER:  b9904aae

STACK_TEXT:  
ba553658 b989ec77 8bc37620 8bc3a9c8 ba553690 ntoskrn8!_imp__PsReferenceImpersonationToken+0x3
ba5536bc b98a4a0a 00000000 e15b3290 00000000 NETIO!NsipAccessCheck+0x100
ba553728 b9b0b945 ba553740 b9b307c0 00000000 NETIO!NsiRegisterChangeNotificationEx+0x23
ba55375c b9b0c6ea 00060000 8052e8fc ba553784 NDIS!ndisStartNsiClient+0x6b
ba553778 b9b08db9 b1c46000 89b1e950 00060014 NDIS!ndisInitializeNsi+0x5f
ba553790 b1bf52a3 89b1e950 89b53000 00000000 NDIS!NdisMRegisterMiniportDriver+0x51
WARNING: Stack unwind information not available. Following frames may be wrong.
ba55380c 805813af 89b1e950 89b53000 00000000 e1d6232!DriverEntry+0x20f
ba5538dc 8058f557 80000824 00000000 ba553900 nt!IopLoadDriver+0x66d
ba553920 805e7b7f e13ce1c0 00000001 80000824 nt!PipCallDriverAddDeviceQueryRoutine+0x235
ba55396c 805e7f76 e13ce1a4 00000001 ba5539e8 nt!RtlpCallQueryRegistryRoutine+0x37d
ba5539f4 80590ddf 00000001 00000084 ba553a1c nt!RtlQueryRegistryValues+0x368
ba553ac8 8059229c 00000000 00000001 ba553d5c nt!PipCallDriverAddDevice+0x261
ba553d24 80592832 8bb9e168 00000001 00000000 nt!PipProcessDevNodeTree+0x1a4
ba553d54 804f6a2a 00000003 8055b5c0 8056485c nt!PiRestartDevice+0x80
ba553d7c 80538921 00000000 00000000 8bc37620 nt!PipDeviceActionWorker+0x168
ba553dac 805cffee 00000000 00000000 00000000 nt!ExpWorkerThread+0xef
ba553ddc 8054623e 80538832 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
ntoskrn8!_imp__PsReferenceImpersonationToken+3
b9972f67 80340850        xor     byte ptr [eax+ecx],50h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntoskrn8!_imp__PsReferenceImpersonationToken+3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntoskrn8

IMAGE_NAME:  ntoskrn8.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  629faeff

IMAGE_VERSION:  5.1.2600.10

FAILURE_BUCKET_ID:  0x7f_8_ntoskrn8!_imp__PsReferenceImpersonationToken+3

BUCKET_ID:  0x7f_8_ntoskrn8!_imp__PsReferenceImpersonationToken+3

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7f_8_ntoskrn8!_imp__psreferenceimpersonationtoken+3

FAILURE_ID_HASH:  {bee40295-1430-50f2-4e8a-32064dcc7f4a}

Followup: MachineOwner
---------

1: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\halmacpi.pdb\253F6CAD95214878B51A88A9B592FD381\halmacpi.pdb
80706000 8072e000   kdcom      (deferred)             
b1bf2000 b1c5f000   e1d6232    (export symbols)       e1d6232.sys
b3862000 b38bff00   update     (deferred)             
b5105000 b5127700   ks         (deferred)             
b51f9000 b5228c80   rdpdr      (deferred)             
b6de3000 b6de3c00   audstub    (deferred)             
b8e7b000 b8e84f80   termdd     (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b970d000 b9710c80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b97f7000 b97fad80   serenum    (deferred)             
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\netio.pdb\5BBB5169EEB04D0BB707BFA122C6C9442\netio.pdb
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec800   ntoskrn8   (private pdb symbols)  C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntoskrn8.pdb\86B8A4E26A414B788E4F55812BC03C5D1\ntoskrn8.pdb
b9aed000 b9ba5000   NDIS       (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ndis.pdb\B69DA90026554DB7963D1422C84157172\ndis.pdb
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba118000 ba124d00   i8042prt   (deferred)             
ba128000 ba137c00   serial     (deferred)             
ba138000 ba140e00   intelppm   (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba388000 ba38e000   kbdclass   (deferred)             
ba398000 ba39da00   mouclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba57c000 ba57e280   wmiacpi    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba622000 ba623100   swenum     (deferred)             

Unloaded modules:
b2a8b000 b2a9b000   cdrom.sys
b73f4000 b73f7000   Sfloppy.SYS
b2a9b000 b2aa7000   Flpydisk.SYS
b8dcb000 b8dd2000   Fdc.SYS
b9648000 b96b5000   e1d6232.sys

Link to comment
Share on other sites

Posted (edited)

@Damnation

Endless running bar and with Windbg netio.sys Bsod,

the lan driver e1d.. is 5(!) times unloaded, Bsod very late in Boot process, mouse pointer already there

Dietmar

*** Fatal System Error: 0x000000d1
                       (0x00300016,0x00000002,0x00000000,0xB98A99F7)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Tue Jun  7 22:55:08.406 2022 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
.......
Loading User Symbols

Loading unloaded module list
.............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {300016, 2, 0, b98a99f7}

Probably caused by : NETIO.SYS ( NETIO!NmrpIsEqualNpiId+8 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b724 cc              int     3
2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00300016, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: b98a99f7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  00300016

CURRENT_IRQL:  2

FAULTING_IP:
NETIO!NmrpIsEqualNpiId+8
b98a99f7 8b10            mov     edx,dword ptr [eax]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

TRAP_FRAME:  ba54fa38 -- (.trap 0xffffffffba54fa38)
ErrCode = 00000000
eax=00300016 ebx=00300012 ecx=b9b2d6f0 edx=89a1cd30 esi=b9b2d6f0 edi=00000000
eip=b98a99f7 esp=ba54faac ebp=ba54faac iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
NETIO!NmrpIsEqualNpiId+0x8:
b98a99f7 8b10            mov     edx,dword ptr [eax]  ds:0023:00300016=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 804f8e95 to 8052b724

STACK_TEXT:  
ba54f5ec 804f8e95 00000003 ba54f948 00000000 nt!RtlpBreakWithStatusInstruction
ba54f638 804f9a80 00000003 00300016 b98a99f7 nt!KiBugCheckDebugBreak+0x19
ba54fa18 8054483c 0000000a 00300016 00000002 nt!KeBugCheck2+0x574
ba54fa18 b98a99f7 0000000a 00300016 00000002 nt!KiTrap0E+0x180
ba54faac b98a9e81 00300016 b9b2d6f0 89b18280 NETIO!NmrpIsEqualNpiId+0x8
ba54fac4 b98a9d5d 8bc0d208 00000001 b9b2f008 NETIO!NmrpFindOrAddRegisteredNpiId+0x22
ba54fb30 b98a9c91 89b18280 ba54fb68 ba54fb64 NETIO!NmrpRegisterModuleAndGetBindableCandidates+0x33
ba54fb58 b98a9f72 00000002 b9b2e018 00000000 NETIO!NmrpRegisterModule+0x3c
ba54fb80 b9b0bf2f b9b0c6db 00000000 b9b2f008 NETIO!NmrRegisterProvider+0x4b
ba54fba4 b9b0c6db 00000000 ba54fdcc 00000030 NDIS!ndisStartNsiProvider+0x4b
ba54fbc0 b9b645c0 ba54fc64 8981fb90 00000000 NDIS!ndisInitializeNsi+0x50
ba54fbd4 b91d0bd3 ba54fc7c b91d066c ba54fbf8 NDIS!NdisRegisterProtocol+0x18
ba54fc84 805813af 89afac60 89b4c000 00000000 ndisuio!DriverEntry+0x175
ba54fd54 805814bf 80000958 00000001 00000000 nt!IopLoadDriver+0x66d
ba54fd7c 80538921 80000958 00000000 8bc378a0 nt!IopLoadUnloadDriver+0x45
ba54fdac 805cffee b1d9acf4 00000000 00000000 nt!ExpWorkerThread+0xef
ba54fddc 8054623e 80538832 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
NETIO!NmrpIsEqualNpiId+8
b98a99f7 8b10            mov     edx,dword ptr [eax]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  NETIO!NmrpIsEqualNpiId+8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  5b48ef86

IMAGE_VERSION:  6.1.7601.24208

FAILURE_BUCKET_ID:  0xD1_NETIO!NmrpIsEqualNpiId+8

BUCKET_ID:  0xD1_NETIO!NmrpIsEqualNpiId+8

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xd1_netio!nmrpisequalnpiid+8

FAILURE_ID_HASH:  {1d7ea187-17c8-1608-8471-24546162eb85}

Followup: MachineOwner
---------

2: kd> lm
start    end        module name
80062000 80072a80   pci        (deferred)             
80100000 8012a000   KDSTUB     (deferred)             
804d7000 806e5000   nt         (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb
806e5000 80705d80   hal        (deferred)             
80706000 8072e000   kdcom      (deferred)             
b2041000 b2041d00   dxgthk     (deferred)             
b4d38000 b4da7a80   mrxsmb     (deferred)             
b4e15000 b4e3fb00   rdbss      (deferred)             
b4e40000 b4e61d00   afd        (deferred)             
b4e62000 b4e89d80   netbt      (deferred)             
b4e8a000 b4eaf500   ipnat      (deferred)             
b53df000 b5437480   tcpip      (deferred)             
b5478000 b548a600   ipsec      (deferred)             
b54ab000 b54be880   VIDEOPRT   (deferred)             
b5858000 b585a280   rasacd     (deferred)             
b58bc000 b58be900   Dxapi      (deferred)             
b58f7000 b58f8080   RDPCDD     (deferred)             
b5bb2000 b5bb6500   watchdog   (deferred)             
b6d40000 b6d44a80   TDI        (deferred)             
b6d50000 b6d57980   Npfs       (deferred)             
b6d58000 b6d5cb00   Msfs       (deferred)             
b6d60000 b6d65200   vga        (deferred)             
b6d88000 b6d88b80   Null       (deferred)             
b6e1a000 b6e24e00   Fips       (deferred)             
b6e4a000 b6e52780   netbios    (deferred)             
b8e63000 b8e6b900   msgpc      (deferred)             
b91ce000 b91d1900   ndisuio    (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ndisuio.pdb\C49AA8614D0E4F23B14F5894ABB43FD41\ndisuio.pdb
b9604000 b9661f00   update     (deferred)             
b9662000 b9684700   ks         (deferred)             
b9685000 b96b4c80   rdpdr      (deferred)             
b96b5000 b96dd000   HDAudBus   (deferred)             
b97ad000 b97b0c80   mssmbios   (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\mssmbios.pdb\9940673F3B9A4BD682DF9D96A12A355C1\mssmbios.pdb
b97ef000 b97f1400   Fs_Rec     (deferred)             
b97f7000 b97fad80   serenum    (deferred)             
b987f000 b9898e80   Mup        (deferred)             
b9899000 b98d8000   NETIO      (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\netio.pdb\5BBB5169EEB04D0BB707BFA122C6C9442\netio.pdb
b98d8000 b9903000   msrpc      (deferred)             
b9903000 b9aec800   ntoskrn8   (deferred)             
b9aed000 b9ba5000   NDIS       (pdb symbols)          C:\Programme\Windows Kits\8.1\Debuggers\x86\sym\ndis.pdb\B69DA90026554DB7963D1422C84157172\ndis.pdb
b9ba5000 b9c31d00   Ntfs       (deferred)             
b9c32000 b9c48b80   KSecDD     (deferred)             
b9c49000 b9c5af00   sr         (deferred)             
b9c5b000 b9c7ab00   fltMgr     (deferred)             
b9c7b000 b9f30000   iaStor     (deferred)             
b9f30000 b9f55700   dmio       (deferred)             
b9f56000 b9f74880   ftdisk     (deferred)             
b9f75000 b9fa7000   ACPI       (deferred)             
ba0a8000 ba0b1180   isapnp     (deferred)             
ba0b8000 ba0c2700   MountMgr   (deferred)             
ba0c8000 ba0d3000   PartMgr    (deferred)             
ba0d8000 ba0e4c80   VolSnap    (deferred)             
ba0e8000 ba0f8000   disk       (deferred)             
ba0f8000 ba104180   CLASSPNP   (deferred)             
ba118000 ba124d00   i8042prt   (deferred)             
ba128000 ba137c00   serial     (deferred)             
ba138000 ba140e00   intelppm   (deferred)             
ba148000 ba151f80   termdd     (deferred)             
ba328000 ba32e800   firadisk   (deferred)             
ba388000 ba38e000   kbdclass   (deferred)             
ba398000 ba39da00   mouclass   (deferred)             
ba4b8000 ba4bb000   BOOTVID    (deferred)             
ba57c000 ba57e280   wmiacpi    (deferred)             
ba5a8000 ba5a9100   WMILIB     (deferred)             
ba5aa000 ba5ab700   dmload     (deferred)             
ba5be000 ba5bf100   swenum     (deferred)             
ba618000 ba619080   Beep       (deferred)             
ba7d2000 ba7d2c00   audstub    (deferred)             
bf000000 bf011600   dxg        (deferred)             
bf012000 bf05ab00   ATMFD      (deferred)             
bf800000 bf9d3700   win32k     (deferred)             
bff50000 bff52480   framebuf   (deferred)             

Unloaded modules:
b5798000 b579b000   DumpDrv.SYS
b4ccb000 b4d38000   e1d6232.sys
b6e2a000 b6e35000   imapi.sys
b4da8000 b4e15000   e1d6232.sys
b6e3a000 b6e49000   redbook.sys
b553f000 b55ac000   e1d6232.sys
b8d12000 b8d17000   Cdaudio.SYS
b5a1c000 b5a89000   e1d6232.sys
b8e93000 b8ea3000   cdrom.sys
b97f3000 b97f6000   Sfloppy.SYS
b8ea3000 b8eaf000   Flpydisk.SYS
b8d1a000 b8d21000   Fdc.SYS
b9648000 b96b5000   e1d6232.sys

Edited by Dietmar
Link to comment
Share on other sites

Posted (edited)

@Dietmar

I'm out of ideas for now. I'll come back to this later.

If you discover something else that you think might help with this let me know.

Thanks for all the help!

Edited by Damnation
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...