VOGONS


UniPCemu Windows 95/NT progress and issues

Topic actions

Reply 20 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried again with the optimized version of protection checking, as well as some bugfixes on the new stack checking(it was checking offset+2 for dword accesses and offset+1 for word accesses, resulting in invalid unaligned and even limit overflowing addresses(throwing general protection faults before Windows even gets to boot at all(triple faults even, due to ESP being 0 when pushing a register on the stack)):S ).

But even with said bugfixes, the OS still crashes at the exact same location(Windows 95 OSR 2).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 21 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just had a thought: what if I tried to install Windows NT 3.1? With 12MB of RAM that should work(on the Compaq Deskpro 386 with 12MB and a floppy-based installation)?

Currently at least got as far as formatting the hard disk(actually, the IDE controller reveals it's just reading the disk?) for NTFS. Already working in Protected mode since starting the installer.

If it runs, that will rule out problems of 16-bit/32-bit compatibility layers in Windows 95?
Edit: So far gotten up to floppy disk 2. Format is complete, somehow not NTFS(which I remember I chose), but FAT?
Edit: Disk 3...
Edit: Reached reboot...
Edit: STOP 0x0000007F is encountered? Seems to be somewhere within the ntoskrnl.exe?

Lots of more information compared to Windows 95? It's a double fault according to https://support.microsoft.com/en-us/help/8424 … -a-single-bit-e ?

1014-Windows NT 3.1 crashing BSOD.jpg
Filename
1014-Windows NT 3.1 crashing BSOD.jpg
File size
72.11 KiB
Views
1466 views
File comment
Interesting ntoskrnl.exe BSOD on Windows NT 3.1?
File license
Fair use/fair dealing exception

Edit: Interestingly, I see it invoking a INT3 single-byte instruction(byte CC) just before the blue screen? It's filtered on CPL=0 and non-real mode.

Edit: I see exception #UD on 0FA6, then single step at 0008:801bae71 to kernel 801bae82, then a page fault for access to 0023:00000000(opcode 011A at 0008:80168e00, which is ADD [edx],ebx(EDX=0)?), then a type 3 (CC) interrupt at 80102090(previous opcode was E8) to 0008:801621b0.

Anyone can defer something from this(other than the cause being ntoskrnl.exe)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 22 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Perhaps that page fault is the cause for the BSOD? The first #UD is just CPU detection code(80486 detection like Windows 95 does).

But the [EDX] where EDX=0 is a cause for a BSOD, since it's a NULL-pointer dereference by ntoskrnl.exe(kernel mode)? So why is it doing that? Why is EDX 0?

Edit: Tried generating a log with the dumped data, but the NULL page fault happens at a different location:
CR3=30000, paging enabled.
TR=28:80203000
CS:EIP=0008:80168E00

That information should server well(ignoring the EIP part) for a simple debugger filter to find out why the NULL dereference in the NT kernel(ntoskrnl.exe) happens?

Filename
debugger_windowsNT3.1kernelcrash_UniPCemu_20190128_0022.7z
File size
1.26 MiB
Downloads
78 downloads
File comment
NT kernel NULL #PF dereference
File license
Fair use/fair dealing exception

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 23 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just found a bug in the interrupt handler mechanism. When handling non-present or null descriptors(for IDT or GDT(loading CS)), it's supposed to throw a #NP fault instead of a #GP fault(as is documented in many documentations). UniPCemu throwed a #GP fault instead, which is incorrect(for emulation or loading by the OS).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 24 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Having reworked and simplified the segment descriptor loading(just checking for NULL entries, table limits and paging), Windows 95 gives a quick kernel STUB error, then the It's safe to turn off your computer screen(in orange text).

The final entry in the bootlog.txt reports:

[000DC974] INITCOMPLETESUCCESS = SHELL   

Edit: It says(in text mode): "KernSTUB: Error during boot". Then immediately after that it shows the Windows "It's safe to turn off your computer" screen.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 25 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Improving and simplifying segmentation writes still makes the message occur?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 26 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just improved gate descriptors protection checks according to the CALL instruction documentation.
Also fixed call gates to NULL segment to throw #GP(0) correctly.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 27 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

With the latest improvements, Windows NT now generates a STOP 0000007B inaccessabls boot device? Anyone?

Edit: Interestingly, I see no non-#PF faults anymore. Only lots of page faults(only whatt seems to be stuff like copying memory blocks usimg MOVSD mostly between 000XXXXX and 800XXXXX)? Anyone knows more about this?

1053-NT BSOD.jpg
Filename
1053-NT BSOD.jpg
File size
252.88 KiB
Views
1322 views
File comment
NT 3.1 BSOD
File license
Fair use/fair dealing exception

Anyone can tell me more? Apparently the kernel crashed?

Edit: I added a simple log (temporariiy), logging all page faults.

	dolog("pagefaults","#PF on instruction 0F:%u OP:%02X R/M:%02X at %08X on VA %08X code %04X",CPU[activeCPU].lastopcode0F,CPU[activeCPU].lastopcode,CPU[activeCPU].lastmodrm,CPU[activeCPU].registers->EIP,address,flags);

This resulted in the following log:

00:04:16:65.05184: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1000002 code 0002
00:04:16:99.04240: #PF on instruction 0F:0 OP:FF R/M:D3 at 8016B2A0 on VA 8016B2A0 code 0000
00:04:16:99.05488: #PF on instruction 0F:0 OP:E8 R/M:00 at 80170760 on VA 80170760 code 0000
00:04:17:00.02240: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1000000 code 0002
00:04:17:01.01808: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1001000 code 0002
00:04:17:02.00592: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1002000 code 0002
00:04:17:02.09936: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1003000 code 0002
00:04:17:03.09008: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1004000 code 0002
00:04:17:04.07888: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1005000 code 0002
00:04:17:05.07088: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1006000 code 0002
00:04:17:06.05648: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1007000 code 0002
00:04:17:07.04256: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1008000 code 0002
00:04:17:08.03648: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1009000 code 0002
00:04:17:09.02800: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100A000 code 0002
00:04:17:10.02352: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100B000 code 0002
00:04:17:11.02944: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100C000 code 0002
00:04:17:12.01984: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100D000 code 0002
00:04:17:13.01136: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100E000 code 0002
00:04:17:14.01408: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100F000 code 0002
00:04:17:15.00672: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1010000 code 0002
00:04:17:16.00176: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1011000 code 0002
00:04:17:16.09056: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1012000 code 0002
00:04:17:17.08016: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1013000 code 0002
00:04:17:18.07248: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1014000 code 0002
00:04:17:19.06896: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1015000 code 0002
00:04:17:20.06112: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1016000 code 0002
00:04:17:21.05232: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1017000 code 0002
00:04:17:22.04032: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1018000 code 0002
00:04:17:23.03056: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1019000 code 0002
00:04:17:24.01712: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101A000 code 0002
00:04:17:25.00816: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101B000 code 0002
00:04:17:26.00160: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101C000 code 0002
00:04:17:26.08864: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101D000 code 0002
00:04:17:27.08400: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101E000 code 0002
00:04:17:28.07008: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101F000 code 0002
00:04:17:29.05856: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1020000 code 0002
00:04:17:30.05296: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1021000 code 0002
00:04:17:31.04832: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1022000 code 0002
00:04:17:32.04608: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1023000 code 0002
00:04:17:35.09984: #PF on instruction 0F:0 OP:8B R/M:0F at 8010A4C8 on VA C1000000 code 0000
00:04:17:36.01072: #PF on instruction 0F:0 OP:8B R/M:0F at 8010A4C8 on VA C1011000 code 0000
00:04:17:36.02128: #PF on instruction 0F:0 OP:8B R/M:02 at 8010A579 on VA C1022000 code 0000
00:04:17:36.06368: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00010000 code 0002
00:04:17:37.06176: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1001000 code 0000
00:04:17:37.07312: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00011000 code 0002
00:04:17:38.02864: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1002000 code 0000
00:04:17:38.03824: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00012000 code 0002
00:04:17:38.09056: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1003000 code 0000
00:04:17:39.00032: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00013000 code 0002
00:04:17:39.05568: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1004000 code 0000
00:04:17:39.06512: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00014000 code 0002
00:04:17:40.02208: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1005000 code 0000
00:04:17:40.03216: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00015000 code 0002
00:04:17:40.08688: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1006000 code 0000
00:04:17:40.09664: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00016000 code 0002
00:04:17:41.05008: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1007000 code 0000
00:04:17:41.06464: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00017000 code 0002
00:04:17:42.01984: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1008000 code 0000
00:04:17:42.02960: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00018000 code 0002
00:04:17:42.08384: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1009000 code 0000
Show last 184 lines
00:04:17:42.09344: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00019000 code 0002
00:04:17:43.05264: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100A000 code 0000
00:04:17:43.06240: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001A000 code 0002
00:04:17:44.01760: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100B000 code 0000
00:04:17:44.02736: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001B000 code 0002
00:04:17:44.08096: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100C000 code 0000
00:04:17:44.09040: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001C000 code 0002
00:04:17:45.04864: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100D000 code 0000
00:04:17:45.05904: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001D000 code 0002
00:04:17:46.02048: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100E000 code 0000
00:04:17:46.03168: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001E000 code 0002
00:04:17:46.08880: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100F000 code 0000
00:04:17:47.00304: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001F000 code 0002
00:04:17:47.06128: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1010000 code 0000
00:04:17:47.07728: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00020000 code 0002
00:04:17:48.03184: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00021000 code 0002
00:04:17:48.08848: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1012000 code 0000
00:04:17:48.09824: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00022000 code 0002
00:04:17:49.05264: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1013000 code 0000
00:04:17:49.06240: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00023000 code 0002
00:04:17:50.02512: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1014000 code 0000
00:04:17:50.03760: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00024000 code 0002
00:04:17:50.09936: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1015000 code 0000
00:04:17:51.01600: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00025000 code 0002
00:04:17:51.07600: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1016000 code 0000
00:04:17:51.08576: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00026000 code 0002
00:04:17:52.04544: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1017000 code 0000
00:04:17:52.05536: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00027000 code 0002
00:04:17:53.01648: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1018000 code 0000
00:04:17:53.02592: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00028000 code 0002
00:04:17:53.08496: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1019000 code 0000
00:04:17:53.09456: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00029000 code 0002
00:04:17:54.05232: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101A000 code 0000
00:04:17:54.06304: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002A000 code 0002
00:04:17:55.02112: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101B000 code 0000
00:04:17:55.03072: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002B000 code 0002
00:04:17:55.08992: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101C000 code 0000
00:04:17:56.00400: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002C000 code 0002
00:04:17:56.06304: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101D000 code 0000
00:04:17:56.07808: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002D000 code 0002
00:04:17:57.03840: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101E000 code 0000
00:04:17:57.04800: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002E000 code 0002
00:04:17:58.00848: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101F000 code 0000
00:04:17:58.02032: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002F000 code 0002
00:04:17:58.07712: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1020000 code 0000
00:04:17:58.08864: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00030000 code 0002
00:04:17:59.05344: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1021000 code 0000
00:04:17:59.06336: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00031000 code 0002
00:04:17:60.02176: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00032000 code 0002
00:04:17:60.08720: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1023000 code 0000
00:04:17:60.09696: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00033000 code 0002
00:04:17:63.00752: #PF on instruction 0F:0 OP:E8 R/M:00 at 8016A8E0 on VA 8016A8E0 code 0000
00:04:17:63.03808: #PF on instruction 0F:0 OP:E8 R/M:00 at 8017E990 on VA 8017E990 code 0000
00:04:17:63.04720: #PF on instruction 0F:0 OP:E8 R/M:00 at 8016E460 on VA 8016E460 code 0000
00:04:17:63.06224: #PF on instruction 0F:0 OP:E8 R/M:00 at 80183BF0 on VA 80183BF0 code 0000
00:04:17:63.08480: #PF on instruction 0F:0 OP:C7 R/M:07 at 80183DE6 on VA E1003000 code 0002
00:04:17:64.04256: #PF on instruction 0F:0 OP:E8 R/M:00 at 80185170 on VA 80185170 code 0000
00:04:17:64.06656: #PF on instruction 0F:0 OP:AB R/M:00 at 80185210 on VA E1006000 code 0002
00:04:17:65.06016: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1005000 code 0002
00:04:17:66.03824: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1007002 code 0002
00:04:17:66.08816: #PF on instruction 0F:0 OP:E8 R/M:00 at 80168610 on VA 80168610 code 0000
00:04:17:67.01776: #PF on instruction 0F:0 OP:E8 R/M:00 at 8016C0B0 on VA 8016C0B0 code 0000
00:04:17:67.05056: #PF on instruction 0F:0 OP:E8 R/M:00 at 8016D9E0 on VA 8016D9E0 code 0000
00:04:17:67.06080: #PF on instruction 0F:0 OP:E8 R/M:00 at 80194B10 on VA 80194B10 code 0000
00:04:17:67.08672: #PF on instruction 0F:0 OP:E8 R/M:00 at 8017C1B0 on VA 8017C1B0 code 0000
00:04:17:67.09376: #PF on instruction 0F:0 OP:E8 R/M:00 at 801846A0 on VA 801846A0 code 0000
00:04:17:68.00256: #PF on instruction 0F:0 OP:E8 R/M:00 at 80193EE0 on VA 80193EE0 code 0000
00:04:17:68.04240: #PF on instruction 0F:0 OP:E8 R/M:00 at 80177520 on VA 80177520 code 0000
00:04:17:68.06720: #PF on instruction 0F:0 OP:E8 R/M:00 at 801921D0 on VA 801921D0 code 0000
00:04:17:68.07616: #PF on instruction 0F:0 OP:E8 R/M:00 at 80172520 on VA 80172520 code 0000
00:04:17:69.03088: #PF on instruction 0F:0 OP:E8 R/M:00 at 80176530 on VA 80176530 code 0000
00:04:17:69.05568: #PF on instruction 0F:0 OP:E8 R/M:00 at 8017F320 on VA 8017F320 code 0000
00:04:17:70.04944: #PF on instruction 0F:0 OP:E8 R/M:00 at 8017DDD0 on VA 8017DDD0 code 0000
00:04:17:70.06224: #PF on instruction 0F:0 OP:E8 R/M:00 at 8017B6A0 on VA 8017B6A0 code 0000
00:04:17:71.01344: #PF on instruction 0F:0 OP:FF R/M:50 at 8016F3F0 on VA 8016F3F0 code 0000
00:04:17:73.07584: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1008000 code 0002
00:04:17:74.03792: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1009000 code 0002
00:04:17:75.02304: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100A000 code 0002
00:04:17:76.01024: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100B000 code 0002
00:04:17:76.09568: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100C000 code 0002
00:04:17:78.02288: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100D000 code 0002
00:04:17:79.00912: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100E000 code 0002
00:04:17:79.09728: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100F000 code 0002
00:04:17:80.08816: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1010000 code 0002
00:04:17:81.07056: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1011000 code 0002
00:04:17:82.05472: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1012000 code 0002
00:04:17:83.04320: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1013000 code 0002
00:04:17:84.03488: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1014000 code 0002
00:04:17:85.01696: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1015000 code 0002
00:04:17:86.00160: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1016000 code 0002
00:04:17:86.08480: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1017000 code 0002
00:04:17:87.07680: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1018000 code 0002
00:04:17:88.06560: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1019000 code 0002
00:04:17:89.05456: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101A000 code 0002
00:04:17:90.03744: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101B000 code 0002
00:04:17:91.05152: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101C000 code 0002
00:04:17:92.05616: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101D000 code 0002
00:04:17:93.04224: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101E000 code 0002
00:04:17:94.03056: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101F000 code 0002
00:04:17:95.01744: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1020000 code 0002
00:04:17:96.00592: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1021000 code 0002
00:04:17:96.09312: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1022000 code 0002
00:04:17:97.08048: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1023000 code 0002
00:04:17:98.08816: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1024000 code 0002
00:04:17:99.07776: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1025000 code 0002
00:04:18:00.06288: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1026000 code 0002
00:04:18:01.05152: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1027000 code 0002
00:04:18:02.05120: #PF on instruction 0F:0 OP:AB R/M:00 at 801855FC on VA E1028000 code 0002
00:04:18:07.01536: #PF on instruction 0F:0 OP:E8 R/M:00 at 8017A490 on VA 8017A490 code 0000
00:04:18:88.02032: #PF on instruction 0F:0 OP:E8 R/M:00 at 80180B10 on VA 80180B10 code 0000
00:04:19:71.00352: #PF on instruction 0F:0 OP:E8 R/M:00 at 801799D0 on VA 801799D0 code 0000
00:04:19:75.08512: #PF on instruction 0F:0 OP:AB R/M:00 at 80185210 on VA E102A000 code 0002
00:04:19:76.07024: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1029000 code 0002
00:04:19:77.04528: #PF on instruction 0F:0 OP:E8 R/M:00 at 80169F40 on VA 80169F40 code 0000
00:04:19:79.07376: #PF on instruction 0F:0 OP:E8 R/M:00 at 8018DBB0 on VA 8018DBB0 code 0000
00:04:19:80.06048: #PF on instruction 0F:0 OP:C7 R/M:07 at 80183DE6 on VA E102B000 code 0002
00:04:19:81.07744: #PF on instruction 0F:0 OP:AB R/M:00 at 80185210 on VA E102D000 code 0002
00:04:19:82.06448: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E102C000 code 0002
00:04:19:95.00736: #PF on instruction 0F:0 OP:E8 R/M:00 at 80195800 on VA 80195800 code 0000
00:04:19:97.02320: #PF on instruction 0F:0 OP:AB R/M:00 at 80185210 on VA E102F000 code 0002
00:04:19:98.00768: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E102E000 code 0002
00:04:19:99.07248: #PF on instruction 0F:0 OP:89 R/M:06 at 8017AF74 on VA E1030000 code 0002
00:04:20:05.05152: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1033000 code 0002
00:04:20:14.07856: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1034000 code 0002
00:04:20:23.01680: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1035000 code 0002
00:04:20:33.04624: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1036000 code 0002
00:04:20:41.00208: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1037000 code 0002
00:04:20:48.04848: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1038000 code 0002
00:04:20:55.06032: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1039000 code 0002
00:04:20:64.05840: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E103A000 code 0002
00:04:20:73.02016: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E103B000 code 0002
00:04:20:83.01440: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E103C000 code 0002
00:04:20:90.07360: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E103D000 code 0002
00:04:20:98.09584: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E103E000 code 0002
00:04:21:07.02592: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E103F000 code 0002
00:04:21:16.02016: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1040000 code 0002
00:04:21:25.05472: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1041000 code 0002
00:04:21:34.01104: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1042000 code 0002
00:04:21:43.08304: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1043000 code 0002
00:04:21:53.00016: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1044000 code 0002
00:04:21:62.09648: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1045000 code 0002
00:04:21:72.09024: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1046000 code 0002
00:04:21:82.03840: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1047000 code 0002
00:04:21:90.06144: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1048000 code 0002
00:04:22:01.04704: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1049000 code 0002
00:04:22:10.06784: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E104A000 code 0002
00:04:22:20.03136: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E104B000 code 0002
00:04:22:29.04816: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E104C000 code 0002
00:04:22:43.06128: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E104D000 code 0002
00:04:22:52.02304: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E104E000 code 0002
00:04:22:62.06208: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E104F000 code 0002
00:04:22:69.04384: #PF on instruction 0F:0 OP:C7 R/M:07 at 80183DE6 on VA E1030000 code 0002
00:04:22:70.06576: #PF on instruction 0F:0 OP:AB R/M:00 at 80185210 on VA E1032000 code 0002
00:04:22:71.04704: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1031000 code 0002
00:04:22:84.09104: #PF on instruction 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1050008 code 0002
00:04:23:00.00352: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1054002 code 0002
00:04:23:04.05712: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1054002 code 0002
00:04:23:12.05424: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1055000 code 0002
00:04:23:43.07488: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1054002 code 0002
00:04:23:50.03248: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1054000 code 0002
00:04:23:53.00416: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1056002 code 0002
00:04:23:67.01552: #PF on instruction 0F:0 OP:C7 R/M:40 at 8017E6C4 on VA E1050008 code 0002
00:04:26:41.06976: #PF on instruction 0F:0 OP:89 R/M:06 at 8016F7DC on VA 00040000 code 0002
00:04:26:44.02080: #PF on instruction 0F:0 OP:E8 R/M:00 at 80181FA0 on VA 80181FA0 code 0000
00:04:26:45.00752: #PF on instruction 0F:0 OP:8B R/M:FF at 80182000 on VA 80182000 code 0000
00:04:26:45.01840: #PF on instruction 0F:0 OP:E8 R/M:00 at 8018EFE0 on VA 8018EFE0 code 0000
00:04:26:45.02608: #PF on instruction 0F:0 OP:6A R/M:00 at 8018F000 on VA 8018F000 code 0000
00:04:26:64.05216: #PF on instruction 0F:0 OP:FF R/M:25 at 80186F90 on VA 80186F90 code 0000
00:04:26:64.06224: #PF on instruction 0F:0 OP:E8 R/M:00 at 80188D70 on VA 80188D70 code 0000
00:04:26:65.08464: #PF on instruction 0F:0 OP:AB R/M:00 at 80185210 on VA E1051000 code 0002
00:04:26:66.06608: #PF on instruction 0F:0 OP:C7 R/M:06 at 8018543D on VA E1050000 code 0002
00:04:26:68.08480: #PF on instruction 0F:0 OP:E8 R/M:00 at 80187030 on VA 80187030 code 0000
00:04:26:84.01728: #PF on instruction 0F:0 OP:FF R/M:56 at 801892E0 on VA 801892E0 code 0000
00:04:26:94.08880: #PF on instruction 0F:0 OP:C7 R/M:40 at 801930C5 on VA 00040004 code 0002
00:04:26:96.04720: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:01.04080: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:05.01200: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:06.05088: #PF on instruction 0F:0 OP:89 R/M:06 at 8016F7DC on VA 00040000 code 0002
00:04:27:07.09744: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:10.09856: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:13.08672: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:16.06544: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:04:27:19.05680: #PF on instruction 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002

Anyone can see something that isn't supposed to happen?
Edit: Added ModR/M byte to the log.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 28 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

With the latest bugfixes, I now immediately see it #PF on LA 0 using DS(23h):0 as a pointer after the #UD(using opcode 01h, ADD), which NT doesn't like...

Still typical, fixing one bug, another one pops up(until none are left)!

It happens at 0008:80168E00, opcodes 011A(ADD DWORD [EDX],EBX).

Filename
debugger_WindowsNT_UniPCemu_20190225_2032.7z
File size
1.03 MiB
Downloads
54 downloads
File license
Fair use/fair dealing exception

Edit: Improved XLAT:

Filename
debugger_WindowsNT_UniPCemu_20190226_1308.7z
File size
1.04 MiB
Downloads
55 downloads
File license
Fair use/fair dealing exception

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 29 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

I can trace the invalid return address which tries to use EDX as a pointer(RETF) to:

0008:801bae46 FF 73 0C push dword ds:[ebx+0c]	RealRAM(p):0015ae53=e8(?); RAM(p):001bae53=e8(?); Physical(p):001bae53=e8(?); Paged(p):801bae53=e8(?); Normal(p):801bae53=e8(?); RealRAM(p):0015ae54=10(); RAM(p):001bae54=10(); Physical(p):001bae54=10(); Paged(p):801bae54=10(); Normal(p):801bae54=10(); RealRAM(p):0015ae55=66(f); RAM(p):001bae55=66(f); Physical(p):001bae55=66(f); Paged(p):801bae55=66(f); Normal(p):801bae55=66(f); RealRAM(r):0003540c=00( ); RAM(r):0003540c=00( ); Physical(r):0003540c=00( ); Paged(r):8003540c=00( ); RealRAM(r):0003540d=8e(?); RAM(r):0003540d=8e(?); Physical(r):0003540d=8e(?); Paged(r):8003540d=8e(?); RealRAM(r):0003540e=16(); RAM(r):0003540e=16(); Physical(r):0003540e=16(); Paged(r):8003540e=16(); RealRAM(r):0003540f=80(?); RAM(r):0003540f=80(?); Physical(r):0003540f=80(?); Paged(r):8003540f=80(?); Paged(w):801ac5e0=00( ); Physical(w):001ac5e0=00( ); RAM(w):001ac5e0=00( ); RealRAM(w):0014c5e0=00( ); Paged(w):801ac5e1=8e(?); Physical(w):001ac5e1=8e(?); RAM(w):001ac5e1=8e(?); RealRAM(w):0014c5e1=8e(?); Paged(w):801ac5e2=16(); Physical(w):001ac5e2=16(); RAM(w):001ac5e2=16(); RealRAM(w):0014c5e2=16(); Paged(w):801ac5e3=80(?); Physical(w):001ac5e3=80(?); RAM(w):001ac5e3=80(?); RealRAM(w):0014c5e3=80(?)
Registers:
EAX: 00000000 EBX: 80035400 ECX: 0000ff00 EDX: 00000000
ESP: 801ac5e4 EBP: 801ac74c ESI: 801b5800 EDI: 80035c00
CS: 0008 DS: 0023 ES: 0023 FS: 0030 GS: 0000 SS: 0010 TR: 0028 LDTR: 0000
EIP: 801bae46 EFLAGS: 00000046
CR0: 80000001 CR1: 00000000 CR2: 00000000 CR3: 00030000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008003500003ff IDTR: 00008003540007ff
FLAGSINFO: 00000000000000vr0n00oditsZ0a0P1c

So the origin is at 8003540C?

Edit: So the cause is at 0003540C?

I then arrive at:

0008:801bae76 8F 43 0C pop dword ds:[ebx+0c]	RealRAM(r):0014c5d4=08(); RAM(r):001ac5d4=08(); Physical(r):001ac5d4=08(); Paged(r):801ac5d4=08(); RealRAM(r):0014c5d5=00( ); RAM(r):001ac5d5=00( ); Physical(r):001ac5d5=00( ); Paged(r):801ac5d5=00( ); RealRAM(r):0014c5d6=00( ); RAM(r):001ac5d6=00( ); Physical(r):001ac5d6=00( ); Paged(r):801ac5d6=00( ); RealRAM(r):0014c5d7=00( ); RAM(r):001ac5d7=00( ); Physical(r):001ac5d7=00( ); Paged(r):801ac5d7=00( ); Paged(w):8003540c=08(); Physical(w):0003540c=08(); RAM(w):0003540c=08(); RealRAM(w):0003540c=08(); Paged(w):8003540d=00( ); Physical(w):0003540d=00( ); RAM(w):0003540d=00( ); RealRAM(w):0003540d=00( ); Paged(w):8003540e=00( ); Physical(w):0003540e=00( ); RAM(w):0003540e=00( ); RealRAM(w):0003540e=00( ); Paged(w):8003540f=00( ); Physical(w):0003540f=00( ); RAM(w):0003540f=00( ); RealRAM(w):0003540f=00( )
Registers:
EAX: 0000801b EBX: 80035400 ECX: 00000000 EDX: 00000000
ESP: 801ac5d4 EBP: 801ac74c ESI: 801bae84 EDI: 801ac5de
CS: 0008 DS: 0023 ES: 0023 FS: 0030 GS: 0000 SS: 0010 TR: 0028 LDTR: 0000
EIP: 801bae76 EFLAGS: 00000086
CR0: 80000001 CR1: 00000000 CR2: 00000000 CR3: 00030000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008003500003ff IDTR: 00008003540007ff
FLAGSINFO: 00000000000000vr0n00oditSz0a0P1c

That writes 0x08000000 there? Then why is that weird value when it crashes there?

Edit: Hmmmm... REP MOVSD seems to be the cause:

	RealRAM(p):0015a344=f3(?); RAM(p):001ba344=f3(?); Physical(p):001ba344=f3(?); Paged(p):801ba344=f3(?); Normal(p):801ba344=f3(?); RealRAM(p):0015a345=a5(?); RAM(p):001ba345=a5(?); Physical(p):001ba345=a5(?); Paged(p):801ba345=a5(?); Normal(p):801ba345=a5(?); RealRAM(p):0015a346=8f(?); RAM(p):001ba346=8f(?); Physical(p):001ba346=8f(?); Paged(p):801ba346=8f(?); Normal(p):801ba346=8f(?); RealRAM(p):0015a347=40(@); RAM(p):001ba347=40(@); Physical(p):001ba347=40(@); Paged(p):801ba347=40(@); Normal(p):801ba347=40(@); RealRAM(p):0015a348=14(); RAM(p):001ba348=14(); Physical(p):001ba348=14(); Paged(p):801ba348=14(); Normal(p):801ba348=14(); RealRAM(p):0015a349=8f(?); RAM(p):001ba349=8f(?); Physical(p):001ba349=8f(?); Paged(p):801ba349=8f(?); Normal(p):801ba349=8f(?); RealRAM(p):0015a34a=40(@); RAM(p):001ba34a=40(@); Physical(p):001ba34a=40(@); Paged(p):801ba34a=40(@); Normal(p):801ba34a=40(@); RealRAM(p):0015a34b=10(); RAM(p):001ba34b=10(); Physical(p):001ba34b=10(); Paged(p):801ba34b=10(); Normal(p):801ba34b=10(); RealRAM(p):0015a34c=8f(?); RAM(p):001ba34c=8f(?); Physical(p):001ba34c=8f(?); Paged(p):801ba34c=8f(?); Normal(p):801ba34c=8f(?); RealRAM(p):0015a34d=40(@); RAM(p):001ba34d=40(@); Physical(p):001ba34d=40(@); Paged(p):801ba34d=40(@); Normal(p):801ba34d=40(@); RealRAM(p):0015a34e=44(D); RAM(p):001ba34e=44(D); Physical(p):001ba34e=44(D); Paged(p):801ba34e=44(D); Normal(p):801ba34e=44(D); RealRAM(p):0015a34f=8f(?); RAM(p):001ba34f=8f(?); Physical(p):001ba34f=8f(?); Paged(p):801ba34f=8f(?); Normal(p):801ba34f=8f(?); RealRAM(p):0015a350=40(@); RAM(p):001ba350=40(@); Physical(p):001ba350=40(@); Paged(p):801ba350=40(@); Normal(p):801ba350=40(@); RealRAM(p):0015a351=40(@); RAM(p):001ba351=40(@); Physical(p):001ba351=40(@); Paged(p):801ba351=40(@); Normal(p):801ba351=40(@); RealRAM(p):0015a352=b8(?); RAM(p):001ba352=b8(?); Physical(p):001ba352=b8(?); Paged(p):801ba352=b8(?); Normal(p):801ba352=b8(?); RealRAM(p):0015a353=01(); RAM(p):001ba353=01(); Physical(p):001ba353=01(); Paged(p):801ba353=01(); Normal(p):801ba353=01(); RealRAM(r):00155008=a0(?); RAM(r):001b5008=a0(?); Physical(r):001b5008=a0(?); Paged(r):801b5008=a0(?); RealRAM(r):00155009=1e(); RAM(r):001b5009=1e(); Physical(r):001b5009=1e(); Paged(r):801b5009=1e(); RealRAM(r):0015500a=08(); RAM(r):001b500a=08(); Physical(r):001b500a=08(); Paged(r):801b500a=08(); RealRAM(r):0015500b=00( ); RAM(r):001b500b=00( ); Physical(r):001b500b=00( ); Paged(r):801b500b=00( )
0008:801ba344 F3 A5 rep movsd Paged(w):80035408=a0(?); Physical(w):00035408=a0(?); RAM(w):00035408=a0(?); RealRAM(w):00035408=a0(?); Paged(w):80035409=1e(); Physical(w):00035409=1e(); RAM(w):00035409=1e(); RealRAM(w):00035409=1e(); Paged(w):8003540a=08(); Physical(w):0003540a=08(); RAM(w):0003540a=08(); RealRAM(w):0003540a=08(); Paged(w):8003540b=00( ); Physical(w):0003540b=00( ); RAM(w):0003540b=00( ); RealRAM(w):0003540b=00( )
Registers:
EAX: 80035400 EBX: 80087000 ECX: 00000200 EDX: 801a0008
ESP: 00061434 EBP: 00061468 ESI: 801b5000 EDI: 80035400
CS: 0008 DS: 0023 ES: 0023 FS: 0030 GS: 0000 SS: 0010 TR: 0028 LDTR: 0000
EIP: 801ba344 EFLAGS: 00000016
CR0: 80000001 CR1: 00000000 CR2: 00000000 CR3: 00030000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008003500003ff IDTR: 00008003540007ff
FLAGSINFO: 00000000000000vr0n00oditsz0A0P1c
RealRAM(p):0015a344=f3(?); RAM(p):001ba344=f3(?); Physical(p):001ba344=f3(?); Paged(p):801ba344=f3(?); Normal(p):801ba344=f3(?); RealRAM(p):0015a345=a5(?); RAM(p):001ba345=a5(?); Physical(p):001ba345=a5(?); Paged(p):801ba345=a5(?); Normal(p):801ba345=a5(?); RealRAM(p):0015a346=8f(?); RAM(p):001ba346=8f(?); Physical(p):001ba346=8f(?); Paged(p):801ba346=8f(?); Normal(p):801ba346=8f(?); RealRAM(p):0015a347=40(@); RAM(p):001ba347=40(@); Physical(p):001ba347=40(@); Paged(p):801ba347=40(@); Normal(p):801ba347=40(@); RealRAM(p):0015a348=14(); RAM(p):001ba348=14(); Physical(p):001ba348=14(); Paged(p):801ba348=14(); Normal(p):801ba348=14(); RealRAM(p):0015a349=8f(?); RAM(p):001ba349=8f(?); Physical(p):001ba349=8f(?); Paged(p):801ba349=8f(?); Normal(p):801ba349=8f(?); RealRAM(p):0015a34a=40(@); RAM(p):001ba34a=40(@); Physical(p):001ba34a=40(@); Paged(p):801ba34a=40(@); Normal(p):801ba34a=40(@); RealRAM(p):0015a34b=10(); RAM(p):001ba34b=10(); Physical(p):001ba34b=10(); Paged(p):801ba34b=10(); Normal(p):801ba34b=10(); RealRAM(p):0015a34c=8f(?); RAM(p):001ba34c=8f(?); Physical(p):001ba34c=8f(?); Paged(p):801ba34c=8f(?); Normal(p):801ba34c=8f(?); RealRAM(p):0015a34d=40(@); RAM(p):001ba34d=40(@); Physical(p):001ba34d=40(@); Paged(p):801ba34d=40(@); Normal(p):801ba34d=40(@); RealRAM(p):0015a34e=44(D); RAM(p):001ba34e=44(D); Physical(p):001ba34e=44(D); Paged(p):801ba34e=44(D); Normal(p):801ba34e=44(D); RealRAM(p):0015a34f=8f(?); RAM(p):001ba34f=8f(?); Physical(p):001ba34f=8f(?); Paged(p):801ba34f=8f(?); Normal(p):801ba34f=8f(?); RealRAM(p):0015a350=40(@); RAM(p):001ba350=40(@); Physical(p):001ba350=40(@); Paged(p):801ba350=40(@); Normal(p):801ba350=40(@); RealRAM(p):0015a351=40(@); RAM(p):001ba351=40(@); Physical(p):001ba351=40(@); Paged(p):801ba351=40(@); Normal(p):801ba351=40(@); RealRAM(p):0015a352=b8(?); RAM(p):001ba352=b8(?); Physical(p):001ba352=b8(?); Paged(p):801ba352=b8(?); Normal(p):801ba352=b8(?); RealRAM(p):0015a353=01(); RAM(p):001ba353=01(); Physical(p):001ba353=01(); Paged(p):801ba353=01(); Normal(p):801ba353=01(); RealRAM(r):0015500c=00( ); RAM(r):001b500c=00( ); Physical(r):001b500c=00( ); Paged(r):801b500c=00( ); RealRAM(r):0015500d=8e(?); RAM(r):001b500d=8e(?); Physical(r):001b500d=8e(?); Paged(r):801b500d=8e(?); RealRAM(r):0015500e=16(); RAM(r):001b500e=16(); Physical(r):001b500e=16(); Paged(r):801b500e=16(); RealRAM(r):0015500f=80(?); RAM(r):001b500f=80(?); Physical(r):001b500f=80(?); Paged(r):801b500f=80(?)
0008:801ba344 F3 A5 rep movsd Paged(w):8003540c=00( ); Physical(w):0003540c=00( ); RAM(w):0003540c=00( ); RealRAM(w):0003540c=00( ); Paged(w):8003540d=8e(?); Physical(w):0003540d=8e(?); RAM(w):0003540d=8e(?); RealRAM(w):0003540d=8e(?); Paged(w):8003540e=16(); Physical(w):0003540e=16(); RAM(w):0003540e=16(); RealRAM(w):0003540e=16(); Paged(w):8003540f=80(?); Physical(w):0003540f=80(?); RAM(w):0003540f=80(?); RealRAM(w):0003540f=80(?)
Registers:
EAX: 80035400 EBX: 80087000 ECX: 00000200 EDX: 801a0008
ESP: 00061434 EBP: 00061468 ESI: 801b5000 EDI: 80035400
CS: 0008 DS: 0023 ES: 0023 FS: 0030 GS: 0000 SS: 0010 TR: 0028 LDTR: 0000
EIP: 801ba344 EFLAGS: 00000016
CR0: 80000001 CR1: 00000000 CR2: 00000000 CR3: 00030000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008003500003ff IDTR: 00008003540007ff
FLAGSINFO: 00000000000000vr0n00oditsz0A0P1c

(the registers dumped are as they were before starting to execute the REP MOVSD)

Edit: Hmmmm... 80035400 is the IDTR!!! That's strange...

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 30 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

So Windows NT is trying to RETF to the location in the second DWORD stored in IDT vector 1(single-step interrupt)! That's already setup at the start of the log, which is even weirder!

So the code is using the IDT as something that's supposed to be an instruction or data address' location, and ret-ing to that location incorrectly? I smell a stack problem somehow... (probably some non-stack related error?)

Edit> Hmmmm... Interesting: searching upwards for the invalid EBX load(pointing to the IDT), I find:

0008:801bae3c 64 8B 1D 38 00 00 00 mov ebx,dword fs:[00000038]	RealRAM(p):0015ae4b=ae(?); RAM(p):001bae4b=ae(?); Physical(p):001bae4b=ae(?); Paged(p):801bae4b=ae(?); Normal(p):801bae4b=ae(?); RealRAM(r):00016038=00( ); RAM(r):00016038=00( ); Physical(r):00016038=00( ); Paged(r):ffdff038=00( ); RealRAM(r):00016039=54(T); RAM(r):00016039=54(T); Physical(r):00016039=54(T); Paged(r):ffdff039=54(T); RealRAM(r):0001603a=03(); RAM(r):0001603a=03(); Physical(r):0001603a=03(); Paged(r):ffdff03a=03(); RealRAM(r):0001603b=80(?); RAM(r):0001603b=80(?); Physical(r):0001603b=80(?); Paged(r):ffdff03b=80(?)
Registers:
EAX: 00000000 EBX: 00000086 ECX: 0000ff00 EDX: 00000000
ESP: 801ac5e8 EBP: 801ac74c ESI: 801b5800 EDI: 80035c00
CS: 0008 DS: 0023 ES: 0023 FS: 0030 GS: 0000 SS: 0010 TR: 0028 LDTR: 0000
EIP: 801bae3c EFLAGS: 00000046
CR0: 80000001 CR1: 00000000 CR2: 00000000 CR3: 00030000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008003500003ff IDTR: 00008003540007ff
FLAGSINFO: 00000000000000vr0n00oditsZ0a0P1c

That's byte 0x38 of the TIB it's loading 0x80035400(The IDTR) from?

Edit: According to http://nasutechtips.blogspot.com/2011/01/thre … tib-and-fs.html , that's supposed to be 'last status number'?

Edit: Interestingly, immediately after updating an IDT entry at IDT+0x30(The #UD handler), it executes an 80486 0FA6 and #UD faults.
Edit: It then gets to 801bae33, which it just set up.Then a #UD, which is handled and returning, then some more IDT set-up and then faults on the ds:[edx] dereference.
But before setting up the #UD fault handler, it clears EAX and moves it to EDX. That EDX value is used at the end, page faulting on it?

Filename
debugger_WindowsNT_UniPCemu_20190227_1847.7z
File size
1.04 MiB
Downloads
53 downloads
File license
Fair use/fair dealing exception

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 31 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Interestingly enough, I see only one fault being raised by the CPU before triggering the NULL pointer dereference which causes the BSOD: an INT1 exception is being triggered? That doesn't seem to be supposed to happen?

Edit: It seems to happen because the trap flag is set? The last instruction was a POPF instruction(which seemed to have set said flag).

Edit: So the primary problem in this case is that the trap flag is set when it shouldn't be?
Edit: The OS loader displays 10 dots, then becomes smaller(due to the 50 row height taking effect)...

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 33 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Well, it seems to cause a page fault(null pointer dereference) directly after doing some IDT modifications(80486 CMPXCHG faulting on the 80386 emulation), then setting some more vectors, then setting the Trap flag(by means of an POPF instruction), whose handler(the Trap fault handler) page faults(LA 00000000, cause [EDX], which is cleared when restoring the IDT #UD vector), which executes INT3, which displays the NT BSOD(and waits for some debugger to connect to the modem on COM2).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 34 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

An improved log(with exception 0-8 properly added):
https://www.dropbox.com/s/u5kwrma71o40r9e/deb … 01_0240.7z?dl=0

Hmmmm.... I see the exception handler at 801bae82, but disassembly doesn't match what's read from memory(during the exception)?

Last edited by superfury on 2019-03-01, 10:35. Edited 1 time in total.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 35 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Whoops! That's because the interrupt is incorrectly being handled!

The interrrupt pushes it's data on the stack and jumps to the interrupt handler(the EFLAGS,CS,EIP being pushed).

But once it's starting the first instruction from said handler(initializing instruction phase), the REP bugfix (that's there to reset EIP while repeating for correct behaviour during faults) resets CS:EIP back to the interrupted instruction(without updating the CS descriptor cache and TLB) flushing the PIQ, executing with kernel CS and (user) selector the (user mode) REP instruction again(if paged at least... imagine.... 😖 ).

Edit: Having fixed that, it's back to to 0x7B inaccessable boot device(only page faults).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 36 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

This is what BSOD I'm getting now:

1057-Windows NT BSOD after fixing REP faults..jpg
Filename
1057-Windows NT BSOD after fixing REP faults..jpg
File size
252.79 KiB
Views
1218 views
File comment
Windows NT BSOD after fixing REP faults.
File license
Fair use/fair dealing exception

Edit: Slightly improved the logging of the Page Faults:

dolog("pagefaults","#PF on instruction osize:%u,asize:%u 0F:%u OP:%02X R/M:%02X at %08X on VA %08X code %04X",CPU_Operand_size[activeCPU],CPU_Address_size[activeCPU],CPU[activeCPU].lastopcode0F,CPU[activeCPU].lastopcode,CPU[activeCPU].lastmodrm,CPU[activeCPU].registers->EIP,address,flags);

Edit: This results in the following log:

00:03:34:59.08032: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1000002 code 0002
00:03:35:18.07232: #PF on instruction osize:1,asize:1 0F:0 OP:FF R/M:D3 at 8016B2A0 on VA 8016B2A0 code 0000
00:03:35:19.00544: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80170760 on VA 80170760 code 0000
00:03:35:20.04688: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1000000 code 0002
00:03:35:21.06368: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1001000 code 0002
00:03:35:23.01984: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1002000 code 0002
00:03:35:24.03088: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1003000 code 0002
00:03:35:25.05696: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1004000 code 0002
00:03:35:26.06544: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1005000 code 0002
00:03:35:27.07936: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1006000 code 0002
00:03:35:28.09600: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1007000 code 0002
00:03:35:30.01008: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1008000 code 0002
00:03:35:31.03120: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1009000 code 0002
00:03:35:32.06160: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100A000 code 0002
00:03:35:33.07472: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100B000 code 0002
00:03:35:34.09072: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100C000 code 0002
00:03:35:36.00688: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100D000 code 0002
00:03:35:37.02176: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100E000 code 0002
00:03:35:38.03984: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100F000 code 0002
00:03:35:39.05040: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1010000 code 0002
00:03:35:40.06176: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1011000 code 0002
00:03:35:41.07504: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1012000 code 0002
00:03:35:42.08480: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1013000 code 0002
00:03:35:43.09488: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1014000 code 0002
00:03:35:45.01056: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1015000 code 0002
00:03:35:46.02144: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1016000 code 0002
00:03:35:47.03856: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1017000 code 0002
00:03:35:48.04848: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1018000 code 0002
00:03:35:49.06224: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1019000 code 0002
00:03:35:50.07296: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101A000 code 0002
00:03:35:51.08944: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101B000 code 0002
00:03:35:53.00992: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101C000 code 0002
00:03:35:54.02480: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101D000 code 0002
00:03:35:55.03888: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101E000 code 0002
00:03:35:56.05152: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101F000 code 0002
00:03:35:57.07664: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1020000 code 0002
00:03:35:58.08896: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1021000 code 0002
00:03:35:59.09744: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1022000 code 0002
00:03:35:61.01024: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1023000 code 0002
00:03:35:67.05776: #PF on instruction osize:0,asize:1 0F:0 OP:8B R/M:0F at 8010A4C8 on VA C1000000 code 0000
00:03:35:67.08256: #PF on instruction osize:0,asize:1 0F:0 OP:8B R/M:0F at 8010A4C8 on VA C1011000 code 0000
00:03:35:68.00544: #PF on instruction osize:0,asize:1 0F:0 OP:8B R/M:02 at 8010A579 on VA C1022000 code 0000
00:03:35:68.08448: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00010000 code 0002
00:03:35:70.01168: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1001000 code 0000
00:03:35:70.03664: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00011000 code 0002
00:03:35:71.00992: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1002000 code 0000
00:03:35:71.03008: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00012000 code 0002
00:03:35:72.01600: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1003000 code 0000
00:03:35:72.03712: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00013000 code 0002
00:03:35:73.01696: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1004000 code 0000
00:03:35:73.03856: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00014000 code 0002
00:03:35:74.02112: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1005000 code 0000
00:03:35:74.04544: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00015000 code 0002
00:03:35:75.02528: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1006000 code 0000
00:03:35:75.04784: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00016000 code 0002
00:03:35:76.02544: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1007000 code 0000
00:03:35:76.04768: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00017000 code 0002
00:03:35:77.02912: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1008000 code 0000
00:03:35:77.05056: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00018000 code 0002
00:03:35:78.02848: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1009000 code 0000
Show last 184 lines
00:03:35:78.04832: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00019000 code 0002
00:03:35:79.02464: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100A000 code 0000
00:03:35:79.04544: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001A000 code 0002
00:03:35:80.02496: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100B000 code 0000
00:03:35:80.04848: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001B000 code 0002
00:03:35:81.02528: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100C000 code 0000
00:03:35:81.04608: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001C000 code 0002
00:03:35:82.02816: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100D000 code 0000
00:03:35:82.04976: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001D000 code 0002
00:03:35:83.02576: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100E000 code 0000
00:03:35:83.04608: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001E000 code 0002
00:03:35:84.02544: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C100F000 code 0000
00:03:35:84.04704: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0001F000 code 0002
00:03:35:85.02688: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1010000 code 0000
00:03:35:85.04912: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00020000 code 0002
00:03:35:86.02752: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00021000 code 0002
00:03:35:87.00656: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1012000 code 0000
00:03:35:87.02736: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00022000 code 0002
00:03:35:88.00592: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1013000 code 0000
00:03:35:88.03232: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00023000 code 0002
00:03:35:89.01264: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1014000 code 0000
00:03:35:89.03344: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00024000 code 0002
00:03:35:90.01136: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1015000 code 0000
00:03:35:90.03376: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00025000 code 0002
00:03:35:91.01712: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1016000 code 0000
00:03:35:91.03968: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00026000 code 0002
00:03:35:92.02512: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1017000 code 0000
00:03:35:92.06496: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00027000 code 0002
00:03:35:93.05888: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1018000 code 0000
00:03:35:93.08192: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00028000 code 0002
00:03:35:94.06560: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1019000 code 0000
00:03:35:94.08592: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00029000 code 0002
00:03:35:95.06784: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101A000 code 0000
00:03:35:95.08704: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002A000 code 0002
00:03:35:96.07072: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101B000 code 0000
00:03:35:96.09008: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002B000 code 0002
00:03:35:97.07408: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101C000 code 0000
00:03:35:97.09440: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002C000 code 0002
00:03:35:98.08016: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101D000 code 0000
00:03:35:99.00416: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002D000 code 0002
00:03:35:99.08688: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101E000 code 0000
00:03:36:00.00736: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002E000 code 0002
00:03:36:00.09440: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C101F000 code 0000
00:03:36:01.01504: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 0002F000 code 0002
00:03:36:01.09904: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1020000 code 0000
00:03:36:02.02096: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00030000 code 0002
00:03:36:03.00784: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1021000 code 0000
00:03:36:03.03056: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00031000 code 0002
00:03:36:04.02528: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00032000 code 0002
00:03:36:05.00784: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA C1023000 code 0000
00:03:36:05.02800: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA 00033000 code 0002
00:03:36:08.09008: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8016A8E0 on VA 8016A8E0 code 0000
00:03:36:09.05424: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8017E990 on VA 8017E990 code 0000
00:03:36:09.07024: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8016E460 on VA 8016E460 code 0000
00:03:36:10.00080: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80183BF0 on VA 80183BF0 code 0000
00:03:36:10.04608: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:07 at 80183DE6 on VA E1003000 code 0002
00:03:36:11.02624: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80185170 on VA 80185170 code 0000
00:03:36:11.08096: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 80185210 on VA E1006000 code 0002
00:03:36:12.09520: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1005000 code 0002
00:03:36:14.02528: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1007002 code 0002
00:03:36:14.09616: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80168610 on VA 80168610 code 0000
00:03:36:15.04304: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8016C0B0 on VA 8016C0B0 code 0000
00:03:36:16.00816: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8016D9E0 on VA 8016D9E0 code 0000
00:03:36:16.03392: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80194B10 on VA 80194B10 code 0000
00:03:36:16.08800: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8017C1B0 on VA 8017C1B0 code 0000
00:03:36:17.00464: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 801846A0 on VA 801846A0 code 0000
00:03:36:17.02336: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80193EE0 on VA 80193EE0 code 0000
00:03:36:18.00672: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80177520 on VA 80177520 code 0000
00:03:36:18.06064: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 801921D0 on VA 801921D0 code 0000
00:03:36:18.08480: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80172520 on VA 80172520 code 0000
00:03:36:20.00144: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80176530 on VA 80176530 code 0000
00:03:36:20.05280: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8017F320 on VA 8017F320 code 0000
00:03:36:22.04704: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8017DDD0 on VA 8017DDD0 code 0000
00:03:36:22.06832: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8017B6A0 on VA 8017B6A0 code 0000
00:03:36:23.05952: #PF on instruction osize:1,asize:1 0F:0 OP:FF R/M:50 at 8016F3F0 on VA 8016F3F0 code 0000
00:03:36:29.00656: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1008000 code 0002
00:03:36:29.09216: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1009000 code 0002
00:03:36:31.00368: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100A000 code 0002
00:03:36:32.01376: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100B000 code 0002
00:03:36:33.02976: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100C000 code 0002
00:03:36:34.04288: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100D000 code 0002
00:03:36:35.05056: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100E000 code 0002
00:03:36:36.05392: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E100F000 code 0002
00:03:36:37.06160: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1010000 code 0002
00:03:36:38.07232: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1011000 code 0002
00:03:36:39.08096: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1012000 code 0002
00:03:36:40.08768: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1013000 code 0002
00:03:36:41.09456: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1014000 code 0002
00:03:36:43.00608: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1015000 code 0002
00:03:36:44.01520: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1016000 code 0002
00:03:36:45.02912: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1017000 code 0002
00:03:36:46.04784: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1018000 code 0002
00:03:36:47.05744: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1019000 code 0002
00:03:36:48.05952: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101A000 code 0002
00:03:36:49.06480: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101B000 code 0002
00:03:36:50.07200: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101C000 code 0002
00:03:36:51.07312: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101D000 code 0002
00:03:36:52.07696: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101E000 code 0002
00:03:36:53.09888: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E101F000 code 0002
00:03:36:55.00480: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1020000 code 0002
00:03:36:56.01072: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1021000 code 0002
00:03:36:57.02592: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1022000 code 0002
00:03:36:58.02736: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1023000 code 0002
00:03:36:59.03424: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1024000 code 0002
00:03:36:60.04112: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1025000 code 0002
00:03:36:61.04224: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1026000 code 0002
00:03:36:62.04480: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1027000 code 0002
00:03:36:63.08240: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 801855FC on VA E1028000 code 0002
00:03:36:73.02688: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8017A490 on VA 8017A490 code 0000
00:03:38:58.02528: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80180B10 on VA 80180B10 code 0000
00:03:40:48.06880: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 801799D0 on VA 801799D0 code 0000
00:03:40:58.02816: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 80185210 on VA E102A000 code 0002
00:03:40:59.03568: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1029000 code 0002
00:03:40:60.05936: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80169F40 on VA 80169F40 code 0000
00:03:40:64.08032: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8018DBB0 on VA 8018DBB0 code 0000
00:03:40:66.06272: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:07 at 80183DE6 on VA E102B000 code 0002
00:03:40:68.06896: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 80185210 on VA E102D000 code 0002
00:03:40:69.07056: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E102C000 code 0002
00:03:40:96.03104: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80195800 on VA 80195800 code 0000
00:03:41:00.02400: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 80185210 on VA E102F000 code 0002
00:03:41:01.03120: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E102E000 code 0002
00:03:41:04.05600: #PF on instruction osize:1,asize:1 0F:0 OP:89 R/M:06 at 8017AF74 on VA E1030000 code 0002
00:03:41:16.06480: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1033000 code 0002
00:03:41:36.05536: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1034000 code 0002
00:03:41:54.02864: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1035000 code 0002
00:03:41:76.09168: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1036000 code 0002
00:03:41:90.08256: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1037000 code 0002
00:03:42:05.02240: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1038000 code 0002
00:03:42:20.09360: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1039000 code 0002
00:03:42:40.02416: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E103A000 code 0002
00:03:42:58.08688: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E103B000 code 0002
00:03:42:78.03152: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E103C000 code 0002
00:03:42:95.08160: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E103D000 code 0002
00:03:43:12.08704: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E103E000 code 0002
00:03:43:30.08480: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E103F000 code 0002
00:03:43:50.01120: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1040000 code 0002
00:03:43:70.07344: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1041000 code 0002
00:03:43:89.02416: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1042000 code 0002
00:03:44:10.03536: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1043000 code 0002
00:03:44:29.08608: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1044000 code 0002
00:03:44:51.05520: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1045000 code 0002
00:03:44:73.04160: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1046000 code 0002
00:03:44:92.06912: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1047000 code 0002
00:03:45:10.03136: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1048000 code 0002
00:03:45:27.03888: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1049000 code 0002
00:03:45:47.04608: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E104A000 code 0002
00:03:45:67.09248: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E104B000 code 0002
00:03:45:87.08768: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E104C000 code 0002
00:03:46:08.04928: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E104D000 code 0002
00:03:46:26.08672: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E104E000 code 0002
00:03:46:48.03824: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E104F000 code 0002
00:03:46:62.00464: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:07 at 80183DE6 on VA E1030000 code 0002
00:03:46:64.02128: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 80185210 on VA E1032000 code 0002
00:03:46:65.02048: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1031000 code 0002
00:03:46:92.03216: #PF on instruction osize:1,asize:1 0F:0 OP:A5 R/M:00 at 80111E27 on VA E1050008 code 0002
00:03:47:24.08720: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1054002 code 0002
00:03:47:34.04080: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1054002 code 0002
00:03:47:51.00080: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1055000 code 0002
00:03:48:16.06256: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1054002 code 0002
00:03:48:30.03056: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1054000 code 0002
00:03:48:35.05792: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1056002 code 0002
00:03:48:63.07184: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 8017E6C4 on VA E1050008 code 0002
00:03:53:54.07296: #PF on instruction osize:1,asize:1 0F:0 OP:89 R/M:06 at 8016F7DC on VA 00040000 code 0002
00:03:53:59.07072: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80181FA0 on VA 80181FA0 code 0000
00:03:53:61.03600: #PF on instruction osize:1,asize:1 0F:0 OP:8B R/M:FF at 80182000 on VA 80182000 code 0000
00:03:53:61.05760: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 8018EFE0 on VA 8018EFE0 code 0000
00:03:53:61.07488: #PF on instruction osize:1,asize:1 0F:0 OP:6A R/M:00 at 8018F000 on VA 8018F000 code 0000
00:03:54:00.03872: #PF on instruction osize:1,asize:1 0F:0 OP:FF R/M:25 at 80186F90 on VA 80186F90 code 0000
00:03:54:00.06736: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80188D70 on VA 80188D70 code 0000
00:03:54:02.07984: #PF on instruction osize:1,asize:1 0F:0 OP:AB R/M:00 at 80185210 on VA E1051000 code 0002
00:03:54:03.09248: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:06 at 8018543D on VA E1050000 code 0002
00:03:54:07.09216: #PF on instruction osize:1,asize:1 0F:0 OP:E8 R/M:00 at 80187030 on VA 80187030 code 0000
00:03:54:39.08944: #PF on instruction osize:1,asize:1 0F:0 OP:FF R/M:56 at 801892E0 on VA 801892E0 code 0000
00:03:54:63.01808: #PF on instruction osize:1,asize:1 0F:0 OP:C7 R/M:40 at 801930C5 on VA 00040004 code 0002
00:03:54:66.03888: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:54:76.03360: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:54:84.09664: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:54:87.06016: #PF on instruction osize:1,asize:1 0F:0 OP:89 R/M:06 at 8016F7DC on VA 00040000 code 0002
00:03:54:90.00848: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:54:96.09120: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:55:02.07536: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:55:08.08592: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002
00:03:55:14.05920: #PF on instruction osize:0,asize:1 0F:0 OP:C7 R/M:40 at 80116BA9 on VA E1052002 code 0002

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 37 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried Windows NT 4.0 Workstation, which crashes with the same error message:

1058-Windows NT 4.0 disk 2 BSOD.jpg
Filename
1058-Windows NT 4.0 disk 2 BSOD.jpg
File size
253.71 KiB
Views
1205 views
File comment
Disk 2 of the floppy boot gives a BSOD.
File license
Fair use/fair dealing exception

Interestingly in all cases, I see that some SCSI driver is loaded, but no required ATAPI(for CD-ROM) or ATA(for the HDD) driver is loaded?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 38 of 91, by Stenzek

User metadata
Rank Newbie
Rank
Newbie

I do remember getting the INACCESSIBLE_BOOT_DEVICE error at one point, but tried going back in my commit history and couldn't really find a build where it stopped with that error on NT3.5. The NT4 issue was in the ATA controller interrupt timing/behavior.

Reply 39 of 91, by superfury

User metadata
Rank l33t++
Rank
l33t++

So, how accurate does the timing need to be? Do I need to implement all the ATA-1 timings exactly, or only adjust the interrupt timings?

Edit: It now has:
- 300ms until reset complete.
- 670ns until raising IRQ(after finishing a command).
- 50us for a drive select.

All other timings are 0ns(no delay).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io