BSOD (SYSTEM THREAD NOT HANDLED)

[AidenS-source]

Hey,

everytime i use this EFI file, no matter the driver i get this BSOD error, wierd thing is that it used to work up until a week or two ago but now no matter the driver (KDmapper's Hello World! driver, spoofer drivers, etc.) nothing works and allways resorts to this bluescreen (i tried getting friends to test it and they got this error too), does anyone have a fix for this at all?

Cheers,

[xtremegamer1]

Try commenting out the part where the driver’s entry routine is executed to see if the crash is being caused by the driver or the efi driver

[thethanglol]

weird behaviour, a hello world driver loads with no issue, but the cheat driver bsod.

let me know if you got a fix for this. @xtremegamer1

[thethanglol]

@AidenS-source hey did you fix it?

[kuh4it]

Look at your driver entry point

[thethanglol]

Look at your driver entry point

can i have your discord?

[soy-dev1]

Hello, I know this is a bit of a dead issue but I tried doing what xtremegamer1 said. In mmap.c in the ManualMapArray function i commented out everything under the Call DriverEntry comment and replaced the return with a STATUS_SUCCESS. the bluescreen still occurs. I will play around a bit and see if I can find the issue. Will post here if I find anything useful.

edit: should probably add windows version as well.
Windows 10 build 19044.

[xtremegamer1]

Can you open the crash dump in windbg and post the call stack? Sorry I don't have a windows machine right now so I can't test, I will have one soon

[soy-dev1]

hey thanks for getting back to me! The same issue appears to be happening on my VM, Using windbg I recreated the problem and got a page fault in nonpaged area. I have attached the call stack.

0: kd> k
 # Child-SP          RetAddr               Call Site
00 fffffa85`f4c065e8 fffff802`57317f82     nt!DbgBreakPointWithStatus
01 fffffa85`f4c065f0 fffff802`57317566     nt!KiBugCheckDebugBreak+0x12
02 fffffa85`f4c06650 fffff802`571fd747     nt!KeBugCheck2+0x946
03 fffffa85`f4c06d60 fffff802`57238f6f     nt!KeBugCheckEx+0x107
04 fffffa85`f4c06da0 fffff802`57030730     nt!MiSystemFault+0x1de5ff
05 fffffa85`f4c06ea0 fffff802`5720d1d8     nt!MmAccessFault+0x400
06 fffffa85`f4c07040 ffff9900`bad8a000     nt!KiPageFault+0x358
07 fffffa85`f4c071d8 ffff9900`bad840d5     0xffff9900`bad8a000
08 fffffa85`f4c071e0 fffff802`5c480000     0xffff9900`bad840d5
09 fffffa85`f4c071e8 ffff9900`bad88100     WDFLDR!_osfile
0a fffffa85`f4c071f0 fffff802`5c480000     0xffff9900`bad88100
0b fffffa85`f4c071f8 ffff9900`bad83000     WDFLDR!_osfile
0c fffffa85`f4c07200 ffffd783`15303000     0xffff9900`bad83000
0d fffffa85`f4c07208 fffff802`5e062a62     0xffffd783`15303000
0e fffffa85`f4c07210 00000000`0000a000     0xfffff802`5e062a62
0f fffffa85`f4c07218 ffffd783`15886040     0xa000
10 fffffa85`f4c07220 fffff802`5779300f     0xffffd783`15886040
11 fffffa85`f4c07228 00000000`00000574     nt! ?? ::LBKOJDO::`string' <PERF> (nt+0x99300f)
12 fffffa85`f4c07230 004c0046`00440057     0x574
13 fffffa85`f4c07238 0053002e`00520044     0x004c0046`00440057
14 fffffa85`f4c07240 00650000`00530059     0x0053002e`00520044
15 fffffa85`f4c07248 fffff802`57210000     0x00650000`00530059
16 fffffa85`f4c07250 00000000`00000000     nt!KiDebugServiceTrap+0x40

[xtremegamer1]

Try commenting out the return statement in UEFIMain. I want to rule out protection on the EFI service table as a cause for the bsod. I'll be able to help a lot more tomorrow but it would be a big help if you could rule some things out :)

[xtremegamer1]

Also please share the bugcheck parameters

[soy-dev1]

Hello, sorry I couldn't get back to you earlier. Looking back at my VM crash and the crashing happening on my main machine, they are not the same. Below I have attached my main machine's call stack for the crash as well as the bug check parameters.

15: kd> k
 # Child-SP          RetAddr               Call Site
00 ffffb18d`eb806268 fffff804`7fc180ab     nt!KeBugCheckEx
01 ffffb18d`eb806270 fffff804`7fbcfebf     nt!PspSystemThreadStartup$filt$0+0x44
02 ffffb18d`eb8062b0 fffff804`7fc0671f     nt!_C_specific_handler+0x9f
03 ffffb18d`eb806320 fffff804`7fae5b37     nt!RtlpExecuteHandlerForException+0xf
04 ffffb18d`eb806350 fffff804`7fae7b06     nt!RtlDispatchException+0x297
05 ffffb18d`eb806a70 fffff804`7fc1016c     nt!KiDispatchException+0x186
06 ffffb18d`eb807130 fffff804`7fc0b06f     nt!KiExceptionDispatch+0x12c
07 ffffb18d`eb807310 fffff804`86a682b0     nt!KiSegmentNotPresentFault+0x32f
08 ffffb18d`eb8074a8 fffff804`802489c5     0xfffff804`86a682b0
09 ffffb18d`eb8074b0 fffff804`7ff943cb     nt!IoInitSystem+0x29
0a ffffb18d`eb8074e0 fffff804`7fb268f5     nt!Phase1Initialization+0x3b
0b ffffb18d`eb807510 fffff804`7fc04c68     nt!PspSystemThreadStartup+0x55
0c ffffb18d`eb807560 00000000`00000000     nt!KiStartSystemThread+0x28

bug check parameters
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8064d0682b0, The address that the exception occurred at
Arg3: ffffd886f4807268, Exception Record Address
Arg4: ffffd886f4806aa0, Context Record Address

I also did as you asked before and removed that return statement in UefiMain, and the crashing no longer happens. I just replaced the CreateEvent with status_success if that helps at all.

[noahbel]

I'm getting the same BSOD. I think the issue is related to the Readonly_Copy_Memory statements in Hook_IoInitSystem. I commented everything past the first Readonly_Copy_Memory statement and it ran fine. Didn't load driver though. I downloaded the latest .NET Runtime.

I got SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) with a STATUS_ACCESS_VIOLATION.

In MEMORY.DMP the instruction at nt!IoInitSystem+0x29 caused a kernel BugCheck 7E with the following details:

BugCheck Code 0x7E
Arg1 18446744072635809797
Arg2 18446735295998599856
Arg3 18446651727152183400
Arg4 18446651727152181408

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: fffff80447a822b0
EXCEPTION_STR: 0xc0000005

[soy-dev1]

i have been looking around in windbg, and it seems like somehow the pointer to IoInitSystemHook is not in memory. Maybe somehow the gRT->ConvertPointer is not working? Whatever the case, this is the bug. I will post again if i find a solution.

[kuh4it]

This project is fully detected, confirmed with tests
I got it to work but haven’t experienced BSOD
Just used for fun lol

but yeah if your goal is to be ud p2c don’t sell this

[xtremegamer1]

The whole point is it loads before vanguard obviously you need to write your own bypass 😐

[kuh4it]

The whole point is it loads before vanguard obviously you need to write your own bypass 😐

Yeah sure I guess but I've already found 3 p2c's using this exact thing, I dumped their overwritten bootmgfw and it has the same strings as your mapper

[xtremegamer1]

The whole point is it loads before vanguard obviously you need to write your own bypass 😐

Yeah sure I guess but I've already found 3 p2c's using this exact thing, I dumped their overwritten bootmgfw and it has the same strings as your mapper

How flattering tell them I send my sincerest regards

[kuh4it]

The whole point is it loads before vanguard obviously you need to write your own bypass 😐

Yeah sure I guess but I've already found 3 p2c's using this exact thing, I dumped their overwritten bootmgfw and it has the same strings as your mapper

How flattering tell them I send my sincerest regards

i will sir

[red0x0002]

i have been looking around in windbg, and it seems like somehow the pointer to IoInitSystemHook is not in memory. Maybe somehow the gRT->ConvertPointer is not working? Whatever the case, this is the bug. I will post again if i find a solution.

pretty sure hyper-v causes this, you need to disable it in windows features