Jump to content

XP/W2k3 x86 on Modern Hardware


George King
 Share

Recommended Posts

@simon73

The only way to find out for sure what the cause is would be to get out the debugger and start crawling through the code to trace the BSOD.

Try disabling devices in device manager while in safe mode, disable anything unnecessary for boot like sound, COM ports etc...

Link to comment
Share on other sites

@simon73

you could try Acronis True Image with its "Universal Restore" feature. It also works from a bootable flash drive.
You just need to add the sata/ahci driver and click on "Show details" and "Ignore all" for the user interactions required during the process.

Link to comment
Share on other sites

5 hours ago, infuscomus said:

@simon73

The only way to find out for sure what the cause is would be to get out the debugger and start crawling through the code to trace the BSOD.

Try disabling devices in device manager while in safe mode, disable anything unnecessary for boot like sound, COM ports etc...

 

2 hours ago, Andalu said:

@simon73

you could try Acronis True Image with its "Universal Restore" feature. It also works from a bootable flash drive.
You just need to add the sata/ahci driver and click on "Show details" and "Ignore all" for the user interactions required during the process.

Finally I find the solution! I disabled some drivers directly in registry (putting Start = 4)...and now XP run fine!

I disabled SoundMax drivers, Intel SMBus driver, Sunix serial PCI driver and some other unknown.

I realized that if XP works in SAFE mode it must works also in NORMAL mode...it's just a matter of the number of kernel driver loaded: in SAFE mode only a limited set of drivers are loaded, excluding all others that could be 'unsafe'. With this in mind I start excluding drivers until Win XP booted fine.

Learned a new lesson, the hard way.

@Andalu: Acronis TI, Macrium Reflect and other similar tools can just restore the bootability of the operating system adapting the registry to start the proper 'Mass Storage Driver'...but if Windows start in safe mode it means that is not a problem of 'Mass Storage Driver'! Here the problem was one (or more?) bad driver(s).

 

Link to comment
Share on other sites

2 hours ago, simon73 said:

@Andalu: Acronis TI, Macrium Reflect and other similar tools can just restore the bootability of the operating system adapting the registry to start the proper 'Mass Storage Driver'...but if Windows start in safe mode it means that is not a problem of 'Mass Storage Driver'! Here the problem was one (or more?) bad driver(s).

Glad to see you solved.

I want to specify that I have no motive and no interest in promoting a commercial software. I thought it appropriate to recommend ATI because with it I was able to get a fully working XP on a Comet Lake system as it was fully working on the Haswell machine where I had installed it in 2017 and of which I restored an image.

Link to comment
Share on other sites

I would like to remind that "mindless" turn off checks in acpi.sys (v6666/v5048) can lead to the fact that part of the AML code will never be executed. Remember skipping error of AMLILoadDDB() or ValidateArgTypes() ? Once you took this short way....

Link to comment
Share on other sites

On 1/17/2022 at 11:15 PM, infuscomus said:

@Mov AX, 0xDEAD

Do you know of a way to properly fix AMLILoadDDB error?

Remote debug with IDA, first learn when AMLILoadDDB(check subprocedures) may produce error, set breakpoints. There is internal "acpi debugger", but i dont know how to use it at boot time

Edited by Mov AX, 0xDEAD
Link to comment
Share on other sites

I have the exact same A5 BSOD problem on windows 8.0 - I made a thread here -

is IDA absolutely necessary? I don't have it installed, can I use windbg?

If IDA is necessary, can you help me setup windows 8.0 pre-install environment for debugging?

Link to comment
Share on other sites

On 1/19/2022 at 4:31 PM, infuscomus said:

is IDA absolutely necessary? I don't have it installed, can I use windbg?

If IDA is necessary, can you help me setup windows 8.0 pre-install environment for debugging?

IDA debugger has same GUI, as standalone Disassembler

i dont have pre-install environment experience, debug config stored in BCD

Link to comment
Share on other sites

@infuscomus

Hi,

I try your Vista-Longhorn acpi.sys.

First I get Bsod A5 (0x00000003,xxx,yyy,zzz).

This Bsod I know and I do for it the same hack as for the very last acpi.sys for Ramsey.

After this hack now

 I get Bsod 0x7E (0xC0000005,xxx,yyy,zzz),

which means, that compi writes in not allowed memory.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s"

For to take a closer look at this 7E Bsod I just now start a Windbg session

Dietmar

 

   
Link to comment
Share on other sites


Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Opened \\.\com1
Waiting to reconnect...
Connected to Windows XP 2600 x86 compatible target at (Sun Jan 23 15:15:56.921 2022 (UTC + 1:00)), ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is: C:\symbols;C:\symbolss;C:\symbolsss
Executable search path is: C:\Symbols
Windows XP Kernel Version 2600 (Service Pack 3) MP (12 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sun Jan 23 15:13:33.125 2022 (UTC + 1:00)
System Uptime: 0 days 0:00:02.109
WARNING: Inaccessible path: 'C:\symbolsssE:\binaries.x86fre\Symbols'
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Sun Jan 23 15:15:58.750 2022 (UTC + 1:00)), ptr64 FALSE
Loading Kernel Symbols
........................
Loading User Symbols

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {c0000005, 806fe37c, bacc70c4, bacc6dc0}

*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
Probably caused by : ACPI.sys ( ACPI!NotifyHalWithMachineStatesAndRetrieveInterruptModel+35b )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
8052b5dc cc              int     3
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806fe37c, The address that the exception occurred at
Arg3: bacc70c4, Exception Record Address
Arg4: bacc6dc0, Context Record Address

Debugging Details:
------------------

*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung "0x%08lx" verweist auf Speicher bei "0x%08lx". Die Daten wurden wegen eines E/A-Fehlers in "0x%081x" nicht in den Arbeitsspeicher  bertragen.

FAULTING_IP:
hal!HaliAcpiMachineStateInit+1e
806fe37c c70001000000    mov     dword ptr [eax],1

EXCEPTION_RECORD:  bacc70c4 -- (.exr 0xffffffffbacc70c4)
ExceptionAddress: 806fe37c (hal!HaliAcpiMachineStateInit+0x0000001e)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 00000000
Attempt to write to address 00000000

CONTEXT:  bacc6dc0 -- (.cxr 0xffffffffbacc6dc0)
eax=00000000 ebx=00000000 ecx=00740002 edx=00730001 esi=bacc7204 edi=8054b2e0
eip=806fe37c esp=bacc718c ebp=bacc71a4 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
hal!HaliAcpiMachineStateInit+0x1e:
806fe37c c70001000000    mov     dword ptr [eax],1    ds:0023:00000000=????????
Resetting default scope

PROCESS_NAME:  System

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung "0x%08lx" verweist auf Speicher bei "0x%08lx". Die Daten wurden wegen eines E/A-Fehlers in "0x%081x" nicht in den Arbeitsspeicher  bertragen.

EXCEPTION_PARAMETER1:  00000001

EXCEPTION_PARAMETER2:  00000000

WRITE_ADDRESS:  00000000

FOLLOWUP_IP:
ACPI!NotifyHalWithMachineStatesAndRetrieveInterruptModel+35b
ba78444d 53              push    ebx

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_DEREFERENCE

LOCK_ADDRESS:  8055b560 -- (!locks 8055b560)

Resource @ nt!IopDeviceTreeLock (0x8055b560)    Shared 1 owning threads
     Threads: 89faf680-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
    Lock address  : 0x8055b560
    Thread Count  : 1
    Thread address: 0x89faf680
    Thread wait   : 0x85

LAST_CONTROL_TRANSFER:  from 804f8df9 to 8052b5dc

STACK_TEXT:  
bacc71a4 ba78444d 89f12718 bacc7204 00000000 hal!HaliAcpiMachineStateInit+0x1e
bacc7234 ba788b6f bacc724c 806e7900 ba782a60 ACPI!NotifyHalWithMachineStatesAndRetrieveInterruptModel+0x35b
bacc7250 ba745458 89fca918 89fca788 00000000 ACPI!ACPIInitialize+0x189
bacc7280 ba78d79a 89fca918 89fcc150 ba78d68e ACPI!ACPIInitStartACPI+0x6a
bacc72ac ba73f9ed 89fca918 89fcc100 89fcc208 ACPI!ACPIRootIrpStartDevice+0x10c
bacc72dc 804ef18f 89fca918 89fca788 bacc7358 ACPI!ACPIDispatchIrp+0xfd
bacc72ec 80592b63 bacc7358 89fcccc0 00000000 nt!IopfCallDriver+0x31
bacc7318 80592be1 89fca918 bacc7334 00000000 nt!IopSynchronousCall+0xb7
bacc735c 804f61ea 89fcccc0 00000000 00000001 nt!IopStartDevice+0x4d
bacc7378 8059229b 89fcccc0 00000000 00000000 nt!PipProcessStartPhase1+0x4e
bacc75d0 804f68d3 89fd0840 00000000 00000000 nt!PipProcessDevNodeTree+0x1db
bacc7614 804f6b78 00000000 00000000 8008fa78 nt!PipDeviceActionWorker+0xad
bacc762c 8069d0ee 00000000 00000006 00000000 nt!PipRequestDeviceAction+0x118
bacc7690 80699f70 80084000 bacc76ac 00034000 nt!IopInitializeBootDrivers+0x376
bacc7838 806983d3 80084000 00000000 89faf680 nt!IoInitSystem+0x712
bacc7dac 805cff64 80084000 00000000 00000000 nt!Phase1Initialization+0xac7
bacc7ddc 805460de 8069790c 80084000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  ACPI!NotifyHalWithMachineStatesAndRetrieveInterruptModel+35b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ACPI

IMAGE_NAME:  ACPI.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  42df0d89

STACK_COMMAND:  .cxr 0xffffffffbacc6dc0 ; kb

FAILURE_BUCKET_ID:  0x7E_ACPI!NotifyHalWithMachineStatesAndRetrieveInterruptModel+35b

BUCKET_ID:  0x7E_ACPI!NotifyHalWithMachineStatesAndRetrieveInterruptModel+35b

Followup: MachineOwner
---------

0: kd> lm
start    end        module name
804d7000 806e5000   nt         (pdb symbols)          c:\symbols\ntkrpamp.pdb\7D6290E03E32455BB0E035E38816124F1\ntkrpamp.pdb
806e5000 80705d00   hal        (pdb symbols)          c:\symbols\halmacpi.pdb\9875FD697ECA4BBB8A475825F6BF885E1\halmacpi.pdb
ba2ea000 ba303b80   Mup        (deferred)             
ba304000 ba330980   NDIS       (deferred)             
ba331000 ba3bd600   Ntfs       (deferred)             
ba3be000 ba3d4880   KSecDD     (deferred)             
ba3d5000 ba3e6f00   sr         (deferred)             
ba3e7000 ba406b00   fltMgr     (deferred)             
ba407000 ba6bc000   iaStor     (deferred)             
ba6bc000 ba6e1a00   dmio       (deferred)             
ba6e2000 ba700d80   ftdisk     (deferred)             
ba701000 ba711a80   pci        (deferred)             
ba712000 ba735d80   ntoskrn8   (deferred)             
ba736000 ba7a7000   ACPI       (pdb symbols)          c:\symbolsss\acpi.pdb
ba8a8000 ba8b1300   isapnp     (deferred)             
ba8b8000 ba8c2580   MountMgr   (deferred)             
ba8c8000 ba8d5200   VolSnap    (deferred)             
ba8d8000 ba8e0e00   disk       (deferred)             
ba8e8000 ba8f4180   CLASSPNP   (deferred)             
bab28000 bab2cd00   PartMgr    (deferred)             
bacb8000 bacbb000   BOOTVID    (deferred)             
bacbc000 bacbf580   HAL8       (deferred)             
bada8000 bada9b80   kdcom      (deferred)             
badaa000 badab100   WMILIB     (deferred)             
badac000 badad700   dmload     (deferred)             

 

Link to comment
Share on other sites

I found the exact place of this Bsod

 

806fe35c cc              int     3
806fe35d cc              int     3
hal!HaliAcpiMachineStateInit:
806fe35e 8bff            mov     edi,edi
806fe360 55              push    ebp
806fe361 8bec            mov     ebp,esp
806fe363 83ec10          sub     esp,10h
806fe366 8b4510          mov     eax,dword ptr [ebp+10h]
806fe369 53              push    ebx
806fe36a 56              push    esi
806fe36b 8b750c          mov     esi,dword ptr [ebp+0Ch]
806fe36e c60520766f8001  mov     byte ptr [hal!HalpWakeupState (806f7620)],1
806fe375 c60521766f8000  mov     byte ptr [hal!HalpWakeupState+0x1 (806f7621)],0
806fe37c c70001000000    mov     dword ptr [eax],1    ds:0023:00000000=????????
806fe382 803e00          cmp     byte ptr [esi],0
806fe385 57              push    edi
806fe386 8b3dd4556e80    mov     edi,dword ptr [hal!_imp__ZwPowerInformation (806e55d4)]
806fe38c bbd8886f80      mov     ebx,offset hal!HaliAcpiSleep (806f88d8)
806fe391 7433            je      hal!HaliAcpiMachineStateInit+0x68 (806fe3c6)
806fe393 33c9            xor     ecx,ecx
806fe395 8a4e02          mov     cl,byte ptr [esi+2]
806fe398 33c0            xor     eax,eax
806fe39a 33d2            xor     edx,edx
806fe39c 8a5601          mov     dl,byte ptr [esi+1]
806fe39f 50              push    eax
806fe3a0 50              push    eax

Link to comment
Share on other sites

@Dietmar

So, from looking at the source code for

VOID
HaliAcpiMachineStateInit(
    IN PPROCESSOR_INIT ProcInit,
    IN PHAL_SLEEP_VAL  SleepValues,
    OUT PULONG         PicVal
    )

The EAX contains *PicVal at this point, and is supposed to be 1 if an APIC HAL and 0 if not.

So is it ACPI driver or HAL reporting that is reporting no APIC?

Link to comment
Share on other sites

And this error belongs to hal.dll

; __stdcall HaliAcpiMachineStateInit(x, x, x)
_HaliAcpiMachineStateInit@12 proc near

InputBuffer= dword ptr -10h
var_C= byte ptr -0Ch
var_8= dword ptr -8
var_4= dword ptr -4
arg_4= dword ptr  0Ch
arg_8= dword ptr  10h

mov     edi, edi
push    ebp
mov     ebp, esp
sub     esp, 10h
mov     eax, [ebp+arg_8]
push    ebx
push    esi
mov     esi, [ebp+arg_4]
mov     _HalpWakeupState, 1
mov     byte_80022621, 0
mov     dword ptr [eax], 1
cmp     byte ptr [esi], 0
push    edi
mov     edi, ds:__imp__ZwPowerInformation@20 ; ZwPowerInformation(x,x,x,x,x)
mov     ebx, offset _HaliAcpiSleep@20 ; HaliAcpiSleep(x,x,x,x,x)
jz      short loc_800293C6

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...