Dietmar

@infuscomus With ntkrpamp the BSOD happens VERY early and cant be caught by normal Windbg Dietmar Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Opened \\.\com1 Waiting to reconnect... Connected to Windows XP 2600 x86 compatible target at (Sat Dec 18 15:10:41.875 2021 (UTC + 1:00)), ptr64 FALSE Kernel Debugger connection established. Symbol search path is: C:\symbols;C:\symbolss Executable search path is: C:\Symbols Windows XP Kernel Version 2600 MP (1 procs) Free x86 compatible Built by: 2600.xpsp_sp3_qfe.180912-0606 Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720 System Uptime: not available Break instruction exception - code 80000003 (first chance) ******************************************************************************* * * * You are seeing this message because you pressed either * * CTRL+C (if you run kd.exe) or, * * CTRL+BREAK (if you run WinDBG), * * on your debugger machine's keyboard. * * * * THIS IS NOT A BUG OR A SYSTEM CRASH * * * * If you did not intend to break into the debugger, press the "g" key, then * * press the "Enter" key now. This message might immediately reappear. If it * * does, press "g" and "Enter" again. * * * ******************************************************************************* nt!RtlpBreakWithStatusInstruction: 8052b724 cc int 3 kd> lm start end module name 804d7000 806e5000 nt (pdb symbols) c:\symbols\ntkrpamp.pdb\270E083F57714738A1895FE542CFB8DE1\ntkrpamp.pdb 806e5000 80709f80 HAL3 (deferred) ba319000 ba332b80 Mup (deferred) ba333000 ba35f980 NDIS (deferred) ba360000 ba3ec600 Ntfs (deferred) ba3ed000 ba403880 KSecDD (deferred) ba404000 ba415f00 sr (deferred) ba416000 ba435b00 fltMgr (deferred) ba436000 ba6eb000 iaStor (deferred) ba6eb000 ba710a00 dmio (deferred) ba711000 ba72fd80 ftdisk (deferred) ba730000 ba740a80 pci (deferred) ba741000 ba763f00 ntoskrn8 (deferred) ba764000 ba7a7000 ACPI (deferred) ba8a8000 ba8b1300 isapnp (deferred) ba8b8000 ba8c2580 MountMgr (deferred) ba8c8000 ba8d5200 VolSnap (deferred) ba8d8000 ba8e0e00 disk (deferred) ba8e8000 ba8f4180 CLASSPNP (deferred) bab28000 bab2cd00 PartMgr (deferred) bacb8000 bacbb000 BOOTVID (deferred) bada8000 bada9b80 kdcom (deferred) badaa000 badab100 WMILIB (deferred) badac000 badad700 dmload (deferred) kd> t nt!RtlpBreakWithStatusInstruction+0x1: 8052b725 c20400 ret 4 kd> t nt!KeUpdateSystemTime+0x175: 80545275 ebb3 jmp nt!KeUpdateSystemTime+0x12a (8054522a) kd> t nt!KeUpdateSystemTime+0x12a: 8054522a 833d1440558000 cmp dword ptr [nt!KiTickOffset (80554014)],0 kd> t nt!KeUpdateSystemTime+0x131: 80545231 7f1f jg nt!KeUpdateSystemTime+0x152 (80545252) kd> t nt!KeUpdateSystemTime+0x133: 80545233 a10c405580 mov eax,dword ptr [nt!KeMaximumIncrement (8055400c)] kd> t nt!KeUpdateSystemTime+0x138: 80545238 010514405580 add dword ptr [nt!KiTickOffset (80554014)],eax kd> t nt!KeUpdateSystemTime+0x13e: 8054523e ff3424 push dword ptr [esp] kd> t nt!KeUpdateSystemTime+0x141: 80545241 e846000000 call nt!KeUpdateRunTime (8054528c) kd> t nt!KeUpdateRunTime: 8054528c 64a11c000000 mov eax,dword ptr fs:[0000001Ch] kd> t nt!KeUpdateRunTime+0x6: 80545292 53 push ebx kd> t nt!KeUpdateRunTime+0x7: 80545293 ff80c4050000 inc dword ptr [eax+5C4h] kd> t nt!KeUpdateRunTime+0xd: 80545299 8b9824010000 mov ebx,dword ptr [eax+124h] kd> t nt!KeUpdateRunTime+0x13: 8054529f 8b4b44 mov ecx,dword ptr [ebx+44h] kd> t nt!KeUpdateRunTime+0x16: 805452a2 f7457000000200 test dword ptr [ebp+70h],20000h kd> t nt!KeUpdateRunTime+0x1d: 805452a9 7541 jne nt!KeUpdateRunTime+0x60 (805452ec) kd> t nt!KeUpdateRunTime+0x1f: 805452ab f6456c01 test byte ptr [ebp+6Ch],1 kd> t nt!KeUpdateRunTime+0x23: 805452af 753b jne nt!KeUpdateRunTime+0x60 (805452ec) kd> t nt!KeUpdateRunTime+0x25: 805452b1 ba00000000 mov edx,0 kd> t nt!KeUpdateRunTime+0x2a: 805452b6 ff80c8050000 inc dword ptr [eax+5C8h] kd> t nt!KeUpdateRunTime+0x30: 805452bc 807c240802 cmp byte ptr [esp+8],2 kd> t nt!KeUpdateRunTime+0x35: 805452c1 721d jb nt!KeUpdateRunTime+0x54 (805452e0) kd> t nt!KeUpdateRunTime+0x54: 805452e0 ff8344010000 inc dword ptr [ebx+144h] kd> t nt!KeUpdateRunTime+0x5a: 805452e6 f0ff4138 lock inc dword ptr [ecx+38h] kd> t nt!KeUpdateRunTime+0x5e: 805452ea eb18 jmp nt!KeUpdateRunTime+0x78 (80545304) kd> t nt!KeUpdateRunTime+0x78: 80545304 833d78c7558000 cmp dword ptr [nt!KiTimeUpdateNotifyRoutine (8055c778)],0 kd> t nt!KeUpdateRunTime+0x7f: 8054530b 7413 je nt!KeUpdateRunTime+0x94 (80545320) kd> t nt!KeUpdateRunTime+0x94: 80545320 8b888c090000 mov ecx,dword ptr [eax+98Ch] kd> t nt!KeUpdateRunTime+0x9a: 80545326 8b909c090000 mov edx,dword ptr [eax+99Ch] kd> t nt!KeUpdateRunTime+0xa0: 8054532c 89889c090000 mov dword ptr [eax+99Ch],ecx kd> t nt!KeUpdateRunTime+0xa6: 80545332 2bca sub ecx,edx kd> t nt!KeUpdateRunTime+0xa8: 80545334 0388a0090000 add ecx,dword ptr [eax+9A0h] kd> t nt!KeUpdateRunTime+0xae: 8054533a d1e9 shr ecx,1 kd> t nt!KeUpdateRunTime+0xb0: 8054533c 8988a0090000 mov dword ptr [eax+9A0h],ecx kd> t nt!KeUpdateRunTime+0xb6: 80545342 83b89009000000 cmp dword ptr [eax+990h],0 kd> t nt!KeUpdateRunTime+0xbd: 80545349 744e je nt!KeUpdateRunTime+0x10d (80545399) kd> t nt!KeUpdateRunTime+0x10d: 80545399 ff88dc050000 dec dword ptr [eax+5DCh] kd> t nt!KeUpdateRunTime+0x113: 8054539f 7523 jne nt!KeUpdateRunTime+0x138 (805453c4) kd> t nt!KeUpdateRunTime+0x138: 805453c4 806b6f03 sub byte ptr [ebx+6Fh],3 kd> t nt!KeUpdateRunTime+0x13c: 805453c8 7f19 jg nt!KeUpdateRunTime+0x157 (805453e3) kd> t nt!KeUpdateRunTime+0x157: 805453e3 5b pop ebx kd> t nt!KeUpdateRunTime+0x158: 805453e4 c20400 ret 4 kd> t nt!KeUpdateSystemTime+0x146: 80545246 fa cli kd> t nt!KeUpdateSystemTime+0x147: 80545247 ff1594804d80 call dword ptr [nt!_imp__HalEndSystemInterrupt (804d8094)] kd> t *** ERROR: Symbol file could not be found. Defaulted to export symbols for HAL3.DLL - HAL3!HalEndSystemInterrupt: 806e8414 33c9 xor ecx,ecx kd> t HAL3!HalEndSystemInterrupt+0x2: 806e8416 8a4c2404 mov cl,byte ptr [esp+4] kd> t HAL3!HalEndSystemInterrupt+0x6: 806e841a 8a8914796e80 mov cl,byte ptr HAL3!HalRequestIpi+0x4c0 (806e7914)[ecx] kd> t HAL3!HalEndSystemInterrupt+0xc: 806e8420 c705b000feff00000000 mov dword ptr ds:[0FFFE00B0h],0 kd> t HAL3!HalEndSystemInterrupt+0x16: 806e842a 80f941 cmp cl,41h kd> t HAL3!HalEndSystemInterrupt+0x19: 806e842d 720f jb HAL3!HalEndSystemInterrupt+0x2a (806e843e) kd> t HAL3!HalEndSystemInterrupt+0x2a: 806e843e 64803d9600000000 cmp byte ptr fs:[96h],0 kd> t HAL3!HalEndSystemInterrupt+0x32: 806e8446 64c6059500000000 mov byte ptr fs:[95h],0 kd> t HAL3!HalEndSystemInterrupt+0x3a: 806e844e 74df je HAL3!HalEndSystemInterrupt+0x1b (806e842f) kd> t HAL3!HalEndSystemInterrupt+0x1b: 806e842f 890d8000feff mov dword ptr ds:[0FFFE0080h],ecx kd> t HAL3!HalEndSystemInterrupt+0x21: 806e8435 8b158000feff mov edx,dword ptr ds:[0FFFE0080h] kd> t HAL3!HalEndSystemInterrupt+0x27: 806e843b c20800 ret 8 kd> t nt!KeUpdateSystemTime+0x14d: 8054524d e94aceffff jmp nt!KiExceptionExit (8054209c) kd> t nt!KiExceptionExit: 8054209c fa cli kd> t nt!Kei386EoiHelper+0x1: 8054209d f7457000000200 test dword ptr [ebp+70h],20000h kd> t nt!Kei386EoiHelper+0x8: 805420a4 7506 jne nt!Kei386EoiHelper+0x10 (805420ac) kd> t nt!Kei386EoiHelper+0xa: 805420a6 f6456c01 test byte ptr [ebp+6Ch],1 kd> t nt!Kei386EoiHelper+0xe: 805420aa 7434 je nt!Kei386EoiHelper+0x44 (805420e0) kd> t nt!Kei386EoiHelper+0x44: 805420e0 8b54244c mov edx,dword ptr [esp+4Ch] kd> t nt!Kei386EoiHelper+0x48: 805420e4 648b1d50000000 mov ebx,dword ptr fs:[50h] kd> t nt!Kei386EoiHelper+0x4f: 805420eb 64891500000000 mov dword ptr fs:[0],edx kd> t nt!Kei386EoiHelper+0x56: 805420f2 f7c3ff000000 test ebx,0FFh kd> t nt!Kei386EoiHelper+0x5c: 805420f8 754e jne nt!Kei386EoiHelper+0xac (80542148) kd> t nt!Kei386EoiHelper+0x5e: 805420fa f744247000000200 test dword ptr [esp+70h],20000h kd> t nt!Kei386EoiHelper+0x66: 80542102 0f85c0000000 jne nt!Kei386EoiHelper+0x12c (805421c8) kd> t nt!Kei386EoiHelper+0x6c: 80542108 66f744246cf9ff test word ptr [esp+6Ch],0FFF9h kd> t nt!Kei386EoiHelper+0x73: 8054210f 7477 je nt!Kei386EoiHelper+0xec (80542188) kd> t nt!Kei386EoiHelper+0x75: 80542111 8b54243c mov edx,dword ptr [esp+3Ch] kd> t nt!Kei386EoiHelper+0x79: 80542115 8b4c2440 mov ecx,dword ptr [esp+40h] kd> t nt!Kei386EoiHelper+0x7d: 80542119 8b442444 mov eax,dword ptr [esp+44h] kd> t nt!Kei386EoiHelper+0x81: 8054211d 66837d6c08 cmp word ptr [ebp+6Ch],8 kd> t nt!Kei386EoiHelper+0x86: 80542122 740c je nt!Kei386EoiHelper+0x94 (80542130) kd> t nt!Kei386EoiHelper+0x94: 80542130 8d6554 lea esp,[ebp+54h] kd> t nt!Kei386EoiHelper+0x97: 80542133 5f pop edi kd> t nt!Kei386EoiHelper+0x98: 80542134 5e pop esi kd> t nt!Kei386EoiHelper+0x99: 80542135 5b pop ebx kd> t nt!Kei386EoiHelper+0x9a: 80542136 5d pop ebp kd> t nt!Kei386EoiHelper+0x9b: 80542137 66817c24088000 cmp word ptr [esp+8],80h kd> t nt!Kei386EoiHelper+0xa2: 8054213e 0f87a0000000 ja nt!Kei386EoiHelper+0x148 (805421e4) kd> t nt!Kei386EoiHelper+0xa8: 80542144 83c404 add esp,4 kd> t nt!Kei386EoiHelper+0xab: 80542147 cf iretd kd> t Illegal instruction - code c000001d (!!! second chance !!!) nt!KeUpdateRunTime+0x59: 805452e5 ff ??? kd> t

@infuscomus This with PDB happens, because I rename the hal and ntoskrnl for debug. No more information I get, the same as above. It seems, that it is not a problem of acpi.sys, because I do not see any output for acpi.sys in Windbg. I notice, that the ntoskrnl that you send to me is ntkrnlmp.exe and not ntkrpamp.exe Dietmar

804dcbd3 42 inc edx 804dcbd4 306689 xor byte ptr [esi-77h],ah 804dcbd7 41 inc ecx 804dcbd8 66c20800 ret 8 804dcbdc 8d4900 lea ecx,[ecx] nt!KiIdleLoop: 804dcbdf 8dab80090000 lea ebp,[ebx+980h] 804dcbe5 eb08 jmp nt!KiIdleLoop+0x10 (804dcbef) 804dcbe7 8d8b500c0000 lea ecx,[ebx+0C50h] 804dcbed ff11 call dword ptr [ecx] 804dcbef f390 pause 804dcbf1 fb sti 804dcbf2 90 nop 804dcbf3 90 nop 804dcbf4 fa cli 804dcbf5 3b6d00 cmp ebp,dword ptr [ebp] 804dcbf8 740d je nt!KiIdleLoop+0x28 (804dcc07) 804dcbfa b102 mov cl,2 804dcbfc ff15b4804d80 call dword ptr [nt!_imp_HalClearSoftwareInterrupt (804d80b4)] 804dcc02 e8ba000000 call nt!KiRetireDpcList (804dccc1) 804dcc07 83bb2801000000 cmp dword ptr [ebx+128h],0 ds:0023:f7747128=00000000 804dcc0e 74d7 je nt!KiIdleLoop+0x8 (804dcbe7) 804dcc10 b91c000000 mov ecx,1Ch 804dcc15 ff152c804d80 call dword ptr [nt!_imp_KfRaiseIrql (804d802c)] 804dcc1b fb sti 804dcc1c 8d8b40050000 lea ecx,[ebx+540h] 804dcc22 e851580000 call nt!KeAcquireQueuedSpinLockAtDpcLevel (804e2478) 804dcc27 8bb328010000 mov esi,dword ptr [ebx+128h] 804dcc2d 8bbb24010000 mov edi,dword ptr [ebx+124h] 804dcc33 807e5000 cmp byte ptr [esi+50h],0 804dcc37 753d jne nt!KiIdleLoop+0x97 (804dcc76) 804dcc39 3bf7 cmp esi,edi 804dcc3b 745a je nt!KiIdleLoop+0xb8 (804dcc97) 804dcc3d 83c901 or ecx,1 804dcc40 89b324010000 mov dword ptr [ebx+124h],esi 804dcc46 26c6462d02 mov byte ptr es:[esi+2Dh],2 804dcc4b c7832801000000000000 mov dword ptr [ebx+128h],0 804dcc55 6860cc4d80 push offset nt!KiIdleLoop+0x81 (804dcc60) 804dcc5a 9c pushfd 804dcc5b e900fdffff jmp nt!SwapContext+0x1e (804dc960) 804dcc60 b902000000 mov ecx,2

@infuscomus I run a Windbg session with your new acpi.sys from Vista. It hangs in a loop via nt!KiIdleLoop and then crashes with 0x7E (write in wrong memory) Dietmar Break instruction exception - code 80000003 (first chance) nt!KiIdleLoop+0x10: 804dcbef f390 pause 4: kd> g *** Fatal System Error: 0x0000007e (0xC0000005,0x00000000,0xF789E168,0xF789DE64) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows XP 2600 x86 compatible target at (Fri Dec 17 19:50:01.687 2021 (UTC + 1:00)), ptr64 FALSE Loading Kernel Symbols ....................... Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7E, {c0000005, 0, f789e168, f789de64} *** ERROR: Symbol file could not be found. Defaulted to export symbols for HAL3.DLL - Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- nt!RtlpBreakWithStatusInstruction: 804e29c2 cc int 3 11: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 00000000, The address that the exception occurred at Arg3: f789e168, Exception Record Address Arg4: f789de64, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung "0x%08lx" verweist auf Speicher bei "0x%08lx". Die Daten wurden wegen eines E/A-Fehlers in "0x%081x" nicht in den Arbeitsspeicher bertragen. FAULTING_IP: +471 00000000 ?? ??? EXCEPTION_RECORD: f789e168 -- (.exr 0xfffffffff789e168) ExceptionAddress: 00000000 ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 CONTEXT: f789de64 -- (.cxr 0xfffffffff789de64) eax=00000000 ebx=80702e40 ecx=54445358 edx=00000001 esi=f75bbb20 edi=80702d70 eip=00000000 esp=f789e230 ebp=f789e250 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 00000000 ?? ??? Resetting default scope DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: System ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung "0x%08lx" verweist auf Speicher bei "0x%08lx". Die Daten wurden wegen eines E/A-Fehlers in "0x%081x" nicht in den Arbeitsspeicher bertragen. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 READ_ADDRESS: 00000000 FOLLOWUP_IP: +471 00000000 ?? ??? FAILED_INSTRUCTION_ADDRESS: +471 00000000 ?? ??? BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from 00000000 to 00000000 STACK_TEXT: f789e22c 00000000 00000000 00000000 f75c04fc 0x0 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 FAILURE_BUCKET_ID: 0x7E_NULL_IP_ANALYSIS_INCONCLUSIVE BUCKET_ID: 0x7E_NULL_IP_ANALYSIS_INCONCLUSIVE Followup: MachineOwner --------- 11: kd> lm start end module name 804d7000 80700000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\2070D15C611B40BDA93F5F7F12CAC76C2\ntkrnlmp.pdb 80700000 80724f80 HAL3 (export symbols) HAL3.DLL bac2e000 bac47b80 Mup (deferred) bac48000 bac74980 NDIS (deferred) bac75000 bad01600 Ntfs (deferred) bad02000 bad18880 KSecDD (deferred) bad19000 bad2af00 sr (deferred) bad2b000 bad4ab00 fltMgr (deferred) bad4b000 bb000000 iaStor (deferred) f747a000 f749fa00 dmio (deferred) f74a0000 f74bed80 ftdisk (deferred) f755f000 f756fa80 pci (deferred) f7570000 f7592f00 ntoskrn8 (deferred) f7593000 f75d6000 ACPI (deferred) f75f7000 f7600300 isapnp (deferred) f7607000 f7611580 MountMgr (deferred) f7617000 f7624200 VolSnap (deferred) f7627000 f762fe00 disk (deferred) f7637000 f7643180 CLASSPNP (deferred) f7707000 f770bd00 PartMgr (deferred) f7897000 f789a000 BOOTVID (deferred) f7987000 f7988b80 kdcom (deferred) f7989000 f798a100 WMILIB (deferred) f798b000 f798c700 dmload (deferred)

I just order a Biostar Z690A Valkyrie board with 12900k cpu. It has CSM support (I hope so, after looking in its Bios), and all drivers for XP SP3, only lan driver ist missing. Soso much fun in my next holidays Dietmar

@infuscomus Send ) Dietmar

@infuscomus I try your new files. On full XP SP3 I get this pic and via Safe Mode F8 the same BSOD 0xC000021a as before Dietmar https://ibb.co/VLMt6ZR

@infuscomus I try your hal and ntoskrnl files from Sources on the Asrock z370 Fatalty Gaming k6 board. With Ntos8 drivers together I get DEADBEEF Bsod. When I replace ntoskrnl and hal on a XP SP3 with iastor 1006, I get very late in boot process Bsod 0xC000021A, also in Safe Mode. The same Bsod happens from an XP SP3 Install CD on 3. reboot(last), when I changed hal and ntoskrnl about yours from Sources on Setup CD (also in SP3.cab I replace them all). I think, that this Bsod goes to WinLogon or CSRSS.exe . So it is not enough for only to replace hal and ntoskrnl from Sources. About BSOD with Extender it may be, that some functions for storport are missed in XP SP1 ntoskrnl. I talked with @daniel_k about this and he makes an storport.sys for me, which works also with XP SP1 for nvme boot and storahci Dietmar

@infuscomus Can you send to me your modded hal and ntoskrnl build from Sources Dietmar

@Dallen I have the z390 dark for myself with all drivers for XP. Very fast board. Only no Sound, so I use the Soundcard Audigy RX for XP SP3. With the nice XP from Ramsey all works https://www.zone94.com/downloads/software/operating-systems/123-windows-xp-professional-sp3-x86-integral-edition Dietmar

I notice, that EDIT: Mistake from me with all its settings for each USB port is missed in "modern AMD DSDT" for USB Dietmar

@infuscomus From @Mov AX, 0xDEAD "also bios may has special acpi init code for controller" , here 149C. May be it is enough, to look at DSDT in a Bios from a board for AMD with 149C USB, that works, and replace it in DSDT Dietmar

@George King Can you repeat your last post to me, because forum was closed before I can read it Dietmar PS: I notice, that the new Asus z690 boards can run Windows XP SP3 with full acpi support. Anybody here, who tested another z690 board under XP?