Results 1 to 15 of 147

Thread: USB drivers for Win 7 on 8th generation Intel chipset

Hybrid View

  1. #1

    USB drivers for Win 7 on 8th generation Intel chipset

    Hi...have not done much reversing as of late, especially since RCE closed down. Taking an interest in tracing the usbxhci.sys driver for W10 to see if I can adapt it for use on Win 7 on an 8th generation Intel chipset.

    The chipset is an Intel B360 and it seems Intel no longer makes drivers for their own chipsets, having deferred to Micro$oft.

    Bit of history, then questions. I have loaded Win 10 on an Asus B360M-C mobo which uses an i5 - 8200 8th generation processor. I wanted to load an installed win 7 OS which I had on a hard drive. Surprisingly, it booted straight to the logon screen, graphics and all, using stock SP1 drivers. I had to rig USB to PS/2 adapters to get my mouse and keyboard working (another USB keyboard in a USB port to get past the boot screen) but after that I could log in and got straight to the desktop.

    Most of the stock W7 drivers seemed to be working fine....all but the USB drivers which require a USB 3/3.1 driver. Of course, m$oft has crippled W7 by not supplying the USB drivers. They claim to be protecting W7 users due to a lack of updates, but if that's the case, why are they detecting W7 on 7th and 8th gen chipsets and blocking those users from updates? And why do generic drivers work on this mobo for W10 and not W7?

    Questions:

    1)What is currently the best dissassembler/debugger? I have never learned Olly and did get started on Windbg. IDA, of course, is still there and I notice Ilfak has released a free version of IDA 7.

    2)If I start Olly what is the best platform? Does it work on win 7 and 10? The original seems pretty dated but Olly 2 does not seem to be popular for some reason.

    3)If kayaker is still out there, how's the paddling? Fixed ice yet to run on W7?

    4)If blabberer is still out there I could use your help getting going on windbg....again!!!

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15
    Hi Waxford its been a very long time yeah i am still here

    shoot the bangs let me see if i can dot them

  3. #3
    Quote Originally Posted by blabberer View Post
    Hi Waxford its been a very long time yeah i am still here shoot the bangs let me see if i can dot them
    Yeah...I have missed you guys. I regard you and kayaker as old friends, not to mention Woody and some of the other guys. I just saw 'disavowed' mentioned in another thread and believe it or not, a piece from +gthorne. Saw Delta's nym as well.

    Hope you are doing well.

    I have actually made some ground since I made the post a few days ago. Windbg does not seem as intimidating as I last remembered it.

    I am working on finding a way to d/l symbols. Apparently msoft has changed the way it used to allow bulk downloads.

    I am also wondering about the best platform. I have W10 running on an 8th generation board but it won't allow W7 to load USB drivers. I am looking into that as well, primarily to see if it's due to the hardware requirement or whether msoft has just gotten ornery and are forcing people to upgrade to W10.

    I have just been advised by a local supplier that he can get me a really good USB - serial interface. I was hoping I might be able to connect my laptop to windbg on my desktop via the interface and use remote debugging.

    I am running VMWare player ver 15 on W10 but right now I am running version 12 on Win7 with both softice and windbg loaded.

    I was able to run Windbg on the VM (with an XP Pro VM I had available), as far as loading an app and setting a BP to break on Winmain. Then the menu bar disappeared and I had to quit. That's my fault. There is an error windows displayed between start of code and winmain and I guess something got out of whack. It's claiming the OS is wrong...no kidding...but I am just trying to get it to dump its files so I can check to see what drivers it has.

    I am trying to remember our previous discussion on Windbg. Did you claim it was possible to trace right through ring 0 code?

    Also, we had discussion with kayaker about contexts as applied to softice. You have to ensure you are in the proper context before setting a BP.

    Does that apply to windbg as well? Can I simply set a BP at Kernel!_baseprocessstart, after loading an app, as in softice, and break in k32 near the code entry point? Then trace from there?

    In many ways, it seems that windbg may be quite similar to softice in that respect only far more sophisticated.

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,081
    Blog Entries
    5
    Hey Waxford, great to see you around!

    Sorry, no modern Softice port yet, I'm still trying to figure out how to get it to display in a large enough readable size font in an XP image in VMWare Player on a 4K monitor on Win10. Funny enough it's not High DPI aware, imagine that. I'm keeping my old Win 7 box for that kind of emergency old school reversing

    Just a couple of comments for background, I had a quick look at the Asus site for that B360 MB and there's a comment in the FAQ about usb drivers and Win7, something about setting XHCI Hand-off to Enabled in the BIOS, perhaps you're aware of that or it's already set. You're right it seems, searching for "B360" at the Intel driver site doesn't pick up any updated usb drivers, is there any possibility that the Intel® Driver & Support Assistant might detect any updates for your system?

    Oh, I started writing this before reading your last reply. I was going to mention that I'm interested in how you set things up to trace the driver and if you might use VMWare and remote debugging. I was also wondering if you can get USB 3 support with your Win7 image on VMWare Player itself running on that MB. I seem to remember having to get VMWare to update for that when I set it up on my new Win10 system.

    I used to use VirtualKD for remote Windbg debugging, would that be useful? It seems to still be actively developed.

    http://virtualkd.sysprogs.org/


    As a side note, the reason I'm interested in this is that I was just starting to think about researching/reversing to find out which driver(s) trigger the "USB Disconnect" sound you get when you unplug a usb device. For the past few months I've been getting that sound randomly when nothing is happening, sometimes several times a day, sometimes never. I've tried setting up a logging action with EventGhost but that didn't give enough information. I've also tried Procmon to trigger when the .wav file (that I changed to a custom sound file) is accessed. That only showed that Explorer opened the file and played it internally with winmm/PlaySoundW, but not what triggered Explorer to even open.

    It could be a lot of things causing it, but one possibility is an intermittent usb disconnect/reconnect, perhaps related to a wake-on device setting, something related to that was actually a Win7 hotfix at one point. I could simply ignore it or disable the sound, but what's the fun in that?


    Yeah, I was just commenting to blabberer and the others a short time ago about missing all the great discussions we had here. But hey, that doesn't mean we can't still have them! Cheers.

  5. #5
    Quote Originally Posted by Kayaker View Post
    Hey Waxford, great to see you around!
    Yeah...great to hear from you and I hope you are keeping well. I have visited site a few times but did not see much in the way of posts.

    Quote Originally Posted by Kayaker View Post
    Sorry, no modern Softice port yet, I'm still trying to figure out how to get it to display in a large enough readable size font in an XP image in VMWare Player on a 4K monitor on Win10. Funny enough it's not High DPI aware, imagine that. I'm keeping my old Win 7 box for that kind of emergency old school reversing
    I changed width to 160 and lines to 100. I am working on a 22" monitor and i could have gone to 120 lines. Even at that I have to squint bit.

    I have done considerable tracing tonight, however, and with my face close enough to the screen it has not be difficult to see. Had to get some rust out re table command and addr but got an app to break no problem at _baseprocessstart. It's running through ring 0 like nobody's business and very stable.

    Just noticed that my nms files are badly outdated. Go figure, I'm using the XP kernel, etc., and I don't recall msoft updating XP.

    Quote Originally Posted by Kayaker View Post
    Just a couple of comments for background, I had a quick look at the Asus site for that B360 MB and there's a comment in the FAQ about usb drivers and Win7, something about setting XHCI Hand-off to Enabled in the BIOS, perhaps you're aware of that or it's already set. You're right it seems, searching for "B360" at the Intel driver site doesn't pick up any updated usb drivers, is there any possibility that the Intel® Driver & Support Assistant might detect any updates for your system?
    I'm pretty sure I have XHCI handoff enable. Tonight I learned how to turn off Secure Boot in the AMI BIOS and in the boot menu area, an F8 takes you to the Safe Mode menu where there is an item at bottom of list to disable driver certification. Apparently you can turn it off permanently using 'bcdedit.exe /set nointegritychecks on'. I can direct you to a page on that if you like as well as one about certifying your own drivers (Linux-based but from what I've read it could likely be easy to do in Windows).

    Tried the Intel driver support app but no go. I am not claiming Intel is in cahoots with msoft because they were good enough to release W7 drivers for early 300 series chipsets (generation 8 and some 9). However, they have announced that as of Nov 2018 they are no longer issuing driver updates. They are handing off to msoft. I understand they have stopped making mobos as well.

    I tried to load the drivers they supplied for 300 series but mine must be too new. I don't see why they would not work on W7, even with the newer chipset. I have a peripheral card from Vantec, model UGT-PC341 working fine for W7 in and a PCIe slot.

    Quote Originally Posted by Kayaker View Post
    I was going to mention that I'm interested in how you set things up to trace the driver and if you might use VMWare and remote debugging. I was also wondering if you can get USB 3 support with your Win7 image on VMWare Player itself running on that MB. I seem to remember having to get VMWare to update for that when I set it up on my new Win10 system.
    Have not tried tracing the driver yet on Win 10. I have been trying to exhaust some driver loading issues first. As I said in my reply, I am onto a USB-Serial Port adapter that may work for remote debugging between my laptop and the desktop. Also, I have been setting up Windbg with symbols, etc.

    The thing that makes me suspicious is that I had W7 loaded on its own drive. When I plugged it into a SATA port on my new mobo, it fired up fine to the logon screen. Of course, I had no keyboard or mouse since they are both USB. Got past that because luckily my new mobo has PS/2 ports which worked find for logging on. However, to get there I had to get past a boot screen to select W7. I could have disabled it but I had another USB keyboard which I plugged into the new mobos USB port. It worked fine during boot, then the PS/2 setup, using two USB-PS/2 adapters got me the rest of the way.

    In Device Manager, there were hardly any drivers flagged. The video was working on a stock VGA driver which was already loaded and I got 1920 x 1080 resolution no problem. I did change a few drivers but the only outstanding drivera are the USB drivers, which were all missing. They would not simply disappear on their own, somebody had to remove them. I think we know who that someone might be.

    Msoft simply does not want anyone running W7 on newer mobos and processor. The reason seems apparent, W7 is equal to or better than W10 for performance, especially on a newer mobo with a 6 core processor.

    Quote Originally Posted by Kayaker View Post
    I used to use VirtualKD for remote Windbg debugging, would that be useful? It seems to still be actively developed.

    http://virtualkd.sysprogs.org/
    Worth checking out, thanks for link. Was that known as LiveKD as well?


    Quote Originally Posted by Kayaker View Post
    As a side note, the reason I'm interested in this is that I was just starting to think about researching/reversing to find out which driver(s) trigger the "USB Disconnect" sound you get when you unplug a usb device.
    Possible solution:
    https://www.maketecheasier.com/stop-random-usb-connect-noises-windows/

    Quote Originally Posted by Kayaker View Post
    Yeah, I was just commenting to blabberer and the others a short time ago about missing all the great discussions we had here. But hey, that doesn't mean we can't still have them! Cheers.
    I agree.

  6. #6

    re XHCI

    Quote Originally Posted by Kayaker View Post
    I was also wondering if you can get USB 3 support with your Win7 image on VMWare Player itself running on that MB. I seem to remember having to get VMWare to update for that when I set it up on my new Win10 system.
    Sorry, kayaker, I meant to comment on this.

    That's an interesting question but first about another question regarding XHCI Handoff. I am looking at it now in BIOS (AMI Aptio [2018] Version 2.19.1269) and it is enable, along with legacy USB support. Also, CSM is enabled, which deals with legacy devices.

    One thing concerning me is that BIOS also lists:

    USB Controllers: 2 XHCI

    USB Devices: 2 keyboards, 1 Mouse, 3 Hubs.

    I have 2 x XHCI controllers, one for the peripheral card and one I loaded somehow through device installation. However, the only hub showing in Device Manager is for the peripheral USB 3 device.

    I'll have to dig through the registry and sort this out before I go further. I may have a conflict. Also, I am not so sure that two USB hubs can exist together let alone three.

    With regard to VMWare Player, it did not occur to me they may be using their own W7 USB3 drivers. I'll look into that, thanks.

Similar Threads

  1. Key generation
    By rebx in forum The Newbie Forum
    Replies: 4
    Last Post: December 17th, 2011, 12:46
  2. License generation WLSCGEN
    By calvin in forum The Newbie Forum
    Replies: 0
    Last Post: March 2nd, 2010, 04:38
  3. how does certificate generation work ?
    By p_2001 in forum The Newbie Forum
    Replies: 15
    Last Post: March 17th, 2009, 11:57
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  5. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •