heretical.com
| ⇨ |
Solving the Windows NT4 Crash ProblemPart of a collection of arcane technical topics in computing and printingSimon Sheppard |
Problem: Windows NT Setup crashes during installation.
Solution 1: Following a feature added by Intel and their recommendation, many motherboards have an option in the BIOS ‘Limit CPUID to 3’ or similar. Enable this.
To clarify: Once SP6 is installed, NT runs fine whether ‘Limit CPUID’ is enabled or not. The difficulty is that SP6 can only be installed after NT4 is installed.
Solution 2: See below.
Solution 3: NT4 will install in VirtualBox.
Following these steps is not much more involved than a normal NT installation.
Create an active FAT partition 500MB-2GB with DOS on it (e.g. using FORMAT /S). Copy SETCPUID.COM onto it.
Boot DOS and change to the CD-ROM drive (e.g. F:), change to the I386 directory and run WINNT /B. This will extract and copy the installation files to C:. At the end will be ‘The MS-DOS based portion of Setup is complete...’
Before booting to the next stage (pressing Enter or resetting), insert the separate DOS boot device. When DOS has booted, change to the C: drive and run SETCPUID. The program will do a ‘very warm’ reboot whereupon NT Setup will resume.
Again, before booting to the next stage, insert the DOS boot device. When DOS has booted, change to the C: drive and run SETCPUID. NT Setup will resume.
NT4 is now installed. With each boot, BOOT.INI in the root directory gives time to select DOS boot. SETCPUID must be run every time NT is started, until SP6 is installed.
Whether this SETCPUID program will be of any use is unknown. Writing it involved bewildering cycles of processor modes, privilege levels and exception handlers but in the end most of the problems came down to programming in 32 bits using a 16-bit assembler and debugger. It was an academic exercise which became a challenge to complete.
The delay allowing the user to select which OS to boot can be changed by editing BOOT.INI. If BOOT.INI is hidden it can be made visible with ATTRIB. The trickiest part is stage four above, because there is no delay at all, hence it is essential to use the separate DOS boot device. Each Setup stage has a different BOOT.INI, it is only fixed once NT is installed.
If a DOS boot is missed, NT4 will shortly crash and the DOS boot device should be made available for the resulting reboot.
While testing it was discovered that a Dell Dimension 3100 with Leaf 5 CPU actually boots with the Limit CPUID bit set, which is odd. There was no BIOS option. Hence the CPU always reports a maximum leaf of 3.
Leaf 3 is something of a ‘lame leaf’ because this leaf returns the unique processor serial number, a feature which was abandoned after the Pentium III because of its unpopularity. According to current Intel documentation, setting MSR:1A0h bit 22 limits the reported maximum leaf to 2. Older computers (certainly those with max. leaf 5) return 3 when bit 22 is set.
The DOS version used was 6.22 with Oak CD-ROM driver. At one point I lost track of the CD-ROM driver and resorted to a ‘Windows 98 Startup Disk’ which had CD-ROM support but booting this resulted in a mysterious LOCK error during WINNT /B.
Earlier, an attempt was made to patch the NT installation files on the C: drive after running WINNT /B. The code being patched was:
push ebx push esi mov eax,DWORD PTR [esp+0xc] cpuid mov esi,DWORD PTR [esp+0x10] mov DWORD PTR [esi],eax mov esi,DWORD PTR [esp+0x14] mov DWORD PTR [esi],ebx mov esi,DWORD PTR [esp+0x18] mov DWORD PTR [esi],ecx mov esi,DWORD PTR [esp+0x1c] mov DWORD PTR [esi],edx pop esi pop ebx
For reference the 34-byte sequence is:
53 56 8b 44 24 0c 0f a2 8b 74 24 10 89 06 8b 74 24 14 89 1e 8b 74 24 18 89 0e 8b 74 24 1c 89 16 5e 5b
This sequence occurs in thirteen files, of which five are exact duplicates (appearing in both the $WIN_NT$.~BT and $WIN_NT$.~LS directories). However changing the files resulted in an error, presumably a checksum failure, again preventing installation.
Installing an old floppy drive can be the easiest method of booting DOS from scratch, though DOS CD-ROM and flash drives do exist. Once DOS is recovered, CF (Compact Flash) cards in an IDE or SATA adapter are a convenient OS storage medium, avoiding the complexities of booting from USB. If the CF card formats and lists files but does not boot, use fdisk /mbr. “Half-slim” SATA cards with memory on-board are cheap and convenient, except that fdisk /mbr appears not to work if the SATA interface is set to “IDE compatible” mode. Of course regardless of the memory size of the card, the starting point is a 2Gb partition formatted FAT16. Use format /s /u initially, then format /q if reformatting is required, to minimise unnecessary writes to the flash memory.
May NT4 live on!
Believe it or not, these notes are still being revised with new information. SETCPUID.COM may be updated, or the process simplified further. Work may be resumed at a later date.
A couple of points have arisen since January when SETCPUID.COM was uploaded. To clarify, the “CPUID” displayed by BIOS on start-up is the processor version information present in EDX on reset and returned in EAX with CPUID:1. SETCPUID.COM executes CPUID:0 and apparently only needs to display the least significant byte of the maximum leaf value returned (though it tests the word with a view to “future-proofing”).
Suggestions concerning the program would be welcome. In the future, if circumstances permit, I intend to test some more modern motherboards to see if NT4 can be installed, using SETCPUID.COM as necessary.