Wait until boot ends

Staarblitz · December 27, 2025, 7:53pm

I'm trying to switch cores on my boot-time driver. But it doesn't end well.

Access violation - code c0000005 (!!! second chance !!!)
nt!KiSwapContext+0xf:
fffff800`768a779f 0f29742430      movaps  xmmword ptr [rsp+30h],xmm6

Since its an access violation, not even a bugcheck, something is very wrong.
I tried KeSetSystemGroupAffinityThread and KeSetSystemAffinityThread, both resulted in the same outcome. (since KeSetSystemAffinityThread internally calls the former).

I thought I can wait for Win32 to initialize. There was a callback for that, I read somewhere in MSDN. But could not find it. Since this part of the code is not "critical" and can be delayed, I just want to learn how long to delay it for. Or until at least, the boot ends.

Tim_Roberts · December 28, 2025, 4:41am

Access violation implies that you have run off the end of the stack. Are you calling KiSwapContext directly?

Staarblitz · December 28, 2025, 8:27am

No. Just calling the functions I mentioned.

Staarblitz · December 28, 2025, 1:02pm

Seems like the call wasn't the issue? Anything that touches SIMD registers get an access violation. Even Rust's own library. At least, when its movaps and not movups. So something about alignment? But then, what?

I messed up the stack so now its unaligned. Probably.

yes. that was why

Staarblitz · January 2, 2026, 3:16pm

The main problem is still not solved. How can a boot-start driver wait for win32 subsystem to initialize?
I tried:

PsSetCreateProcessNotifyRoutine to detect when winlogon is launched. Returns STATUS_ACCESS_DENIED
Waiting via KeDelayExecutionThread and re-calling DriverEntry. There is no wait happening, somehow.

Possible "solutions":

Create a device object. Create a user-mode software that sends an IOCTL. Do initialization after the IOCTL. Unelegant. Unprecise. Too late.
Waste cpu cycles via an infinite loop. Same as the other one.

Ideas?

Scott_Noone_OSR · January 2, 2026, 10:02pm

What do you mean by “Win32 subsystem”? What specific functionality are you relying on?

And adding a process create notify routine for sure works in a boot start driver so not sure what that problem is…

MBond2 · January 2, 2026, 11:11pm

re your original question, when you say ‘switch cores’, what exactly do you mean?

It is unlikely that a higher level concept like win32 has anything to do with this

an access violation exception happens when the CPU is instructed to operate on a memory location in a way not consistent with the page protection for that memory. In UM, that could happen without direct bugs in your code, but I don’t think that there is a reasonable way for that to happen in KM without a direct bug in your code

Staarblitz · January 3, 2026, 3:06am

As mentioned, the real question is waiting for win32 to start.
I was thinking thst was why I couldn't switch cores. Turns out thats because an unaligned RSP.

But issue still persists. I can switch cores, good. I need to wait until win32 initializes, still.

Staarblitz · January 3, 2026, 5:48am

Yep. That was because I messed up RSP. I was not experienced im boot-start drivers. So I thought other processors didn't initialize yet.

MBond2 · January 8, 2026, 12:09am

When you say ‘wait until win32 initializes’, what exactly do you want to do after that?