heretical.com
| ⇨ |
Solving the Windows NT4 Crash ProblemPart of a collection of arcane technical topics in computing and printingSimon Sheppard |
Problem: Windows NT Setup crashes during installation.
Solution 1: Following a feature added by Intel and their recommendation, many motherboards have an option in the BIOS ‘Limit CPUID to 3’ or similar. Enable this.
To clarify: Once SP6 is installed, NT runs fine whether ‘Limit CPUID’ is enabled or not. The difficulty is that SP6 can only be installed after NT4 is installed.
Solution 2: See below.
Solution 3: NT4 will install in VirtualBox.
Following these steps is not much more involved than a normal NT installation.
Create an active FAT partition 500MB-2GB with DOS on it (e.g. using FORMAT /S). Copy SETCPUID.COM onto it.
Boot DOS and change to the CD-ROM drive (e.g. F:), change to the I386 directory and run WINNT /B. This will extract and copy the installation files to C:. At the end will be ‘The MS-DOS based portion of Setup is complete...’
Before booting to the next stage (pressing Enter or resetting), insert the separate DOS boot device. When DOS has booted, change to the C: drive and run SETCPUID. The program will do a ‘very warm’ reboot whereupon NT Setup will resume.
Again, before booting to the next stage, insert the DOS boot device. When DOS has booted, change to the C: drive and run SETCPUID. NT Setup will resume.
NT4 is now installed. With each boot, BOOT.INI in the root directory gives time to select DOS boot. SETCPUID must be run every time NT is started, until SP6 is installed.
Whether this SETCPUID program will be of any use is unknown. Writing it involved bewildering cycles of processor modes, privilege levels and exception handlers but in the end most of the problems came down to programming in 32 bits using a 16-bit assembler and debugger. It was an academic exercise which became a challenge to complete.
The delay allowing the user to select which OS to boot can be changed by editing BOOT.INI. If BOOT.INI is hidden it can be made visible with ATTRIB. The trickiest part is stage four above, because there is no delay at all, hence it is essential to use the separate DOS boot device. Each Setup stage has a different BOOT.INI, it is only fixed once NT is installed.
If a DOS boot is missed, NT4 will shortly crash and the DOS boot device should be made available for the resulting reboot.
While testing it was discovered that a Dell Dimension 3100 with Leaf 5 CPU actually boots with the Limit CPUID bit set, which is odd. There was no BIOS option. Hence the CPU always reports a maximum leaf of 3.
Leaf 3 is something of a ‘lame leaf’ because this leaf returns the unique processor serial number, a feature which was abandoned after the Pentium III because of its unpopularity. According to current Intel documentation, setting MSR:1A0h bit 22 limits the reported maximum leaf to 2. Older computers (certainly those with max. leaf 5) return 3 when bit 22 is set.
The DOS version used was 6.22 with Oak CD-ROM driver. At one point I lost track of the CD-ROM driver and resorted to a ‘Windows 98 Startup Disk’ which had CD-ROM support but booting this resulted in a mysterious LOCK error during WINNT /B.
Earlier, an attempt was made to patch the NT installation files on the C: drive after running WINNT /B. The code being patched was:
push ebx push esi mov eax,DWORD PTR [esp+0xc] cpuid mov esi,DWORD PTR [esp+0x10] mov DWORD PTR [esi],eax mov esi,DWORD PTR [esp+0x14] mov DWORD PTR [esi],ebx mov esi,DWORD PTR [esp+0x18] mov DWORD PTR [esi],ecx mov esi,DWORD PTR [esp+0x1c] mov DWORD PTR [esi],edx pop esi pop ebx
For reference the 34-byte sequence is:
53 56 8b 44 24 0c 0f a2 8b 74 24 10 89 06 8b 74 24 14 89 1e 8b 74 24 18 89 0e 8b 74 24 1c 89 16 5e 5b
This sequence occurs in thirteen files, of which five are exact duplicates (appearing in both the $WIN_NT$.~BT and $WIN_NT$.~LS directories). However changing the files resulted in an error, presumably a checksum failure, again preventing installation.
Attention may be given in the future to a simple way of booting DOS. As it presently stands, installing an old floppy drive can be the easiest method.
May NT4 live on!
A couple of points have arisen since January when SETCPUID.COM was uploaded. I have seen some strange BIOS-reported CPUID’s, but am not sure these are actual CPUID’s as returned by the CPUID instruction. SETCPUID.COM only displays the least significant byte of the CPUID value returned by the CPU but tests the least significant word. That is, if the returned CPUID is 00000a01h say, this will be interpreted as >3 and SETCPUID will proceed to set MSR:1A0h bit 22 and soft reboot.
The documentation for maximum leaf I have seen only involves the LSB, but what AMD and later Intel CPU’s are doing with CPUID I don’t know. In the future, if circumstances permit, I would like to update SETCPUID.COM to display the full 32-bit value returned by CPUID:0 in EAX. Also test several more recent motherboards to see if NT4 can be installed, using SETCPUID.COM if necessary.