Longhorn Milestone 7.2 (M7.2) bits were handed out at WinHEC. Per Chris sells, the MSDN subscribes should be seeing this soon. You can check out some of the reviews from the WinHEC participants here.
I am now rubbing my hands gleefully and eager to get my hands on it – have to wait for it to show up on the subscriber download at MSDN – will need a new HDD then :). Lets see if my small demos for Tiles survives or not – the PDC build, I run out of memory and finally have to reboot.
In a loosely coupled system (e.g. Service Oriented Architecture i.e. SOA), the dependencies can be either a Real Dependency or an Artificial Dependency.
Real dependencies are the services that you need to fulfil your need, this is something that cannot be eliminated or reduced.
Artificial dependency on the other hand are the features you need to adhere to in order to consume the services you need. Typically these fall in the categories of platform dependencies, API dependencies, language, etc. Although artificial dependencies cannot be eliminated it can be reduced.
A loosely coupled application is on that minimise its Artificial Dependency.
A friend’s (Phil Kerkel) laptop recently got infected with HackerDefender which cost him about a day’s worth of work. Now this seems to be harmless, but something like this invading the system is scary, especially when you have all your data and not to mention in most cases a lot of our client’s data!
Basically, these guys use the FTP services installed on Windows machines running on high speed networks (such as DSL/Cable, or University campuses) to they can use that fat pipe to distribute copyrighted material such as films, games and software etc. Sometimes these ftp servers are protected by a piece of software called HackerDefender, this software is used to hide files, processes and even ports from the user and investigating parties and is particularly difficult to infiltrate.
Detecting It – If a remote port scan says that a port is open and that port can be ftp’d into but aports (http://bagpuss.swan.ac.uk/comms/aports.exe) does not display the port locally you can pretty much assume a version of HackerDefender is installed.
How to Clean It:
Boot windows into Rescue mode, do one of the following:
Insert the Windows OS Installation CD into the Drive.
Boot from the CD
Choose ‘R’ to enter the Rescue Console
Choose the Windows installation you want to Clean from the list presented to you.
Enter the Administrator Password.
Once in the recovery console, you have a few commands for this, including:
listsvc – lists services that can be enabled or disabled
enable – enables a service, with a service type,
disable – disables a service, but prints out the previous
start-type, which should be recorded in case you need to re-enable the service.
Clean up Trojans/payloads protected by HackerDefender:
Once the machine has rebooted search the registry for the name of the service that you disabled in the previous section, this should lead you to the executable for HackerDefender and more importantly it’s .ini file (not necessarily a .ini file, but may have a different extension)
Open/Edit the ini file and in there you should find a number of files, ports and services that HackerDefender is defending. Systematically find each of these services in the registry and delete them (they will probably appear more than once), likewise find all of the referenced files and delete them also.
It’s also worth having a look in the registry for ‘run on boot’ programs too, goto this key…HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Have a look for any of these and delete them if they are present…
Here is the .ini file from Phil (he was Win2K running), as you scan this you will see more things you should look out for:
[Settings] Password=qweqwe BackdoorShell=ddd.exe FileMappingName=_.-=[PokuS]=-._ ServiceName=HackerDefender100 ServiceDisplayName=Windows System Uninstaller ServiceDescription=Microsoft System Service DriverName=HackerDefenderDrv100 DriverFileName=hxdefdrv.sys
The COOL Stuff:
Now, this is the cool part. I found this from another site and don’t want to link to them because who knows they they are running, so this is essentially a copy and paste from them! This is basically how the Trojan works, and it is showing what exploits it used, what API’s and how you can “improve on it“. A very interesting read, but I would recommend not using any of this for other than your own learning!
Essentially everything below is copy and paste with very minor edits:
Hacker defender (hxdef) is rootkit for Windows NT 4.0, Windows 2000 and Windows XP, it may also work on latest NT based systems. Main code is written in Delphi 6. New functions are written in assembler. Driver code is written in C. Backdoor and redirector clients are coded mostly in Delphi 6.
program uses adapted LDE32 LDE32, Length-Disassembler Engine, 32-bit, (x) 1999-2000 Z0MBiE special edition for REVERT tool version 1.05
program uses Superfast/Supertiny Compression/Encryption library Superfast/Supertiny Compression/Encryption library. (c) 1998 by Jacky Qwerty/29A.
=====[ 2.1 Idea ]=====================================
The main idea of this program is to rewrite few memory segments in all running processes. Rewriting of some basic modules cause changes in processes behaviour. Rewriting must not affect the stability of the system or running processes.
Program must be absolutely hidden for all others. Now the user is able to hide files, processes, system services, system drivers, registry keys and values, open ports, cheat with free disk space. Program also masks its changes in memory and hiddes handles of hidden processes. Program installs hidden backdoors, register as hidden system service and installs hidden system driver. The technology of backdoor allowed to do the implantation of redirector.
Default name for inifile is EXENAME.ini where EXENAME is the name of executable of main program without extension. This is used if you run hxdef without specifying the inifile or if you run it with switch (so default inifile is hxdef100.ini).
These switches are available:
-:installonly – only install service, but not run -:refresh – use to update settings from inifile -:noservice – doesn’t install services and run normally -:uninstall – removes hxdef from the memory and kills all running backdoor connections stopping hxdef service does the same now
Example: >;hxdef100.exe -:refresh
Hxdef with its default inifile is ready to run without any change in inifile. But it’s highly recommended to create your own settings. See Inifile section for more information about inifile.
Switches -:refresh and -:uninstall can be called only from original exefile. This mean you have to know the name and path of running hxdef exefile to change settings or to uninstall it.
Inifile must contain nine parts: [Hidden Table], [Root Processes], [Hidden Services], [Hidden RegKeys], [Hidden RegValues], [Startup Run], [Free Space], [Hidden Ports] and [Settings]. In [Hidden Table], [Root Processes], [Hidden Services] a [Hidden RegValues] can be used character * as the wildcard in place of strings end.
Asterisk can be used only on strings end, everything after first asterisks is ignored. All spaces before first and after last another string characters are ignored.
Example: [Hidden Table] hxdef*
this will hide all files, dirs and processes which name start with “hxdef”.
Hidden Table is a list of files, directories and processes which should be hidden. All files and directories in this list will disappear from file managers. Programs in this list will be hidden in tasklist. Make sure main file, inifile, your backdoor file and driver file are mentioned in this list.
Root Processes is a list of programs which will be immune against infection. You can see hidden files, directories and programs only with these root programs. So, root processes are for rootkit admins. To be mentioned in Root Processes doesn’t mean you’re hidden. It is possible to have root process which is not hidden and vice versa.
Hidden Services is a list of service and driver names which will be hidden in the database of installed services and drivers. Service name for the main rootkit program is HackerDefender100 as default, driver name for the main rootkit driver is HackerDefenderDrv100. Both can be changed in the inifile.
Hidden RegKeys is a list of registry keys which will be hidden. Rootkit has four keys in registry: HackerDefender100, LEGACY_HACKERDEFENDER100, HackerDefenderDrv100, LEGACY_HACKERDEFENDERDRV100 as default. If you rename service name or driver name you should also change this list.
First two registry keys for service and driver are the same as its name. Next two are LEGACY_NAME. For example if you change your service name to BoomThisIsMySvc your registry entry will be LEGACY_BOOMTHISISMYSVC.
Hidden RegValues is a list of registry values which will be hidden.
Startup Run is a list of programs which rootkit run after its startup. These programs will have same rights as rootkit. Program name is divided from its arguments with question tag. Do not use ” characters. Programs will terminate after user logon. Use common and well known methods for starting programs after user logon. You can use following shortcuts here: %cmd% – stands for system shell exacutable + path (e.g. C:\winnt\system32\cmd.exe) %cmddir% – stands for system shell executable directory (e.g. C:\winnt\system32\) %sysdir% – stands for system directory (e.g. C:\winnt\system32\) %windir% – stands for Windows directory (e.g. C:\winnt\) %tmpdir% – stands for temporary directory (e.g. C:\winnt\temp\)
netcat-shell is run after rootkit startup and listens on port 100
2) [Startup Run] %cmd%?/c echo Rootkit started at %TIME%>> %tmpdir%starttime.txt
this will put a time stamp to temporary_directory\starttime.txt (e.g. C:\winnt\temp\starttime.txt) everytime rootkit starts(%TIME% works only with Windows 2000 and higher)
Free Space is a list of harddrives and a number of bytes you want to add to a free space. The list item format is X:NUM where X stands for the drive letter and NUM is the number of bytes that will be added to its number of free bytes.
Example: [Free Space] C:123456789
this will add about 123 MB more to shown free disk space of disk C
Hidden Ports is a list of open ports that you want to hide from applications like OpPorts, FPort, Active Ports, Tcp View etc. It has at most 2 lines. First line format is TCP:tppport1, tcpport2, tcpport3 …, second line format is UDP:udpport1,udpport2,udpport3 …
Example: 1) [Hidden Ports] TCP:8080,456
this will hide two ports: 8080/TCP and 456/TCP
2) [Hidden Ports] TCP:8001 UDP:12345
this will hide two ports: 8001/TCP and 12345/UDP
3) [Hidden Ports] TCP: UDP:53,54,55,56,800
this will hide five ports: 53/UDP, 54/UDP, 55/UDP, 56/UDP and 800/UDP
Password which is 16 character string used when working with backdoor or redirector. Password can be shorter, rest is filled with spaces.
BackdoorShell is name for file copy of the system shell which is created by backdoor in temporary directory.
FileMappingName is the name of shared memory where the settings for hooked processes are stored.
ServiceName is the name of rootkit service. ServiceDisplayName is display name for rootkit service.
ServiceDescription is description for rootkit service. DriverName is the name for hxdef driver.
DriverFileName is the name for hxdef driver file.
Example: [Settings] Password=hxdef-rulez BackdoorShell=hxdefá$.exe FileMappingName=_.-=[Hacker Defender]=-._ ServiceName=HackerDefender100 ServiceDisplayName=HXD Service 100 ServiceDescription=powerful NT rootkit DriverName=HackerDefenderDrv100 DriverFileName=hxdefdrv.sys
This mean your backdoor password is “hxdef-rulez”, backdoor will copy system shell file (usually cmd.exe) to “hxdefá$.exe” to temp. Name of shared memory will be “_.-=[Hacker Defender]=-._”. Name of a service is “HackerDefender100”, its display name is “HXD Service 100”, its description is “poweful NT rootkit”. Name of a driver is “HackerDefenderDrv100”. Driver will be stored in a file called “hxdefdrv.sys”.
Extra characters |, <, >, :, \, / and ” are ignored on all lines except [Startup Run], [Free Space] and [Hidden Ports] items and values in [Settings] after first = character. Using extra characters you can make your inifile immune from antivirus systems.
Example: [H<<<idden T>>a/”ble] >h”xdef”*
is the same as
[Hidden Table] hxdef*
see hxdef100.ini and hxdef100.2.ini for more examples
All strings in inifile except those in Settings and Startup Run are case insensitive.
Rootkit hooks some API functions connected with receiving packets from the net. If incoming data equals to 256 bits long key, password and service are verified, the copy of a shell is created in a temp, its instance is created and next incoming data are redirected to this shell.
Because rootkit hooks all process in the system all TCP ports on all servers will be backdoors. For example, if the target has port 80/TCP open for HTTP, then this port will also be available as a backdoor. Exception here is for ports opened by System process which is not hooked. This backdoor will works only on servers where incoming buffer is larger or equal to 256 bits. But this feature is on almost all standard servers like Apache, IIS, Oracle.
Backdoor is hidden because its packets go through common servers on the system. So, you are not able to find it with classic portscanner and this backdoor can easily go through firewall. Exception in this are classic proxies which are protocol oriented for e.g. FTP or HTTP.
During tests on IIS services was found that HTTP server does not log any of this connection, FTP and SMTP servers log only disconnection at the end. So, if you run hxdef on server with IIS web server, the HTTP port is probably the best port for backdoor connection on this machine.
You have to use special client if want to connect to the backdoor. Program bdcli100.exe is used for this.
Redirector is based on backdoor technology. First connection packets are same as in backdoor connection. That mean you use same ports as for backdoor. Next packets are special packets for redirector only. These packets are made by redirectors base which is run on users computer. First packet of redirected connection defines target server and port.
The redirectors base saves its settings into its inifile which name depends on base exefile name (so default is rdrbs100.ini). If this file doesn’t exist when base is run, it is created automatically. It is better not to modify this inifile externaly. All settings can be changed from base console.
If we want to use redirector on server where rootkit is installed, we have to run redirectors base on localhost before. Then in base console we have to create mapped port routed to server with hxdef. Finally we can connect on localhost base on chosen port and transfering data. Redirected data are coded with rootkit password. In this version connection speed is limited with about 256 kBps. Redirector is not determined to be used for hispeed connections in this version. Redirector is also limited with system where rootkit run. Redirector works with TCP protocol only.
In this version the base is controled with 19 commands. These are not case sensitive. Their function is described in HELP command. During the base startup are executed commands in startup-list. Startup-list commands are edited with commands which start with SU.
Redirector differentiate between two connection types (HTTP and other). If connection is other type packets are not changed. If it is HTTP type Host parametr in HTTP header is changed to the target server. Maximum redirectors count on one base is 1000.
Redirector base fully works only on NT boxes. Only on NT program has tray icon and you can hide console with HIDE command. Only on NT base can be run in silent mode where it has no output, no icon and it does only commands in startup-list.
Examples: 1) getting mapped port info
>MPINFO No mapped ports in the list.
2) add command MPINFO to startup-list and get startup-list commands:
>SUADD MPINFO >sulist 0) MPINFO
3) using of HELP command:
>HELP Type HELP COMMAND for command details. Valid commands are: HELP, EXIT, CLS, SAVE, LIST, OPEN, CLOSE, HIDE, MPINFO, ADD, DEL, DETAIL, SULIST, SUADD, SUDEL, SILENT, EDIT, SUEDIT, TEST >HELP ADD Create mapped port. You have to specify domain when using HTTP type. usage: ADD <LOCAL PORT> <MAPPING SERVER> <MAPPING SERVER PORT> <TARGET SERVER> <TARGET SERVER PORT> <PASSWORD> [TYPE] [DOMAIN] >HELP EXIT Kill this application. Use DIS flag to discard unsaved data. usage: EXIT [DIS]
4) add mapped port, we want to listen on localhost on port 100, rootkit is installed on server 18.104.22.168 on port 80, target server is www.google.com on port 80, rootkits password is bIgpWd, connection type is HTTP, ip address of target server (www.google.com) – we always have to know its ip – is 22.214.171.124:
>DETAIL 0 Listening on port: 100 Mapping server address: 126.96.36.199 Mapping server port: 80 Target server address: 188.8.131.52 Target server port: 80 Password: bIgpWd Port type: HTTP Domain name for HTTP Host: www.google.com Current state: CLOSED
8) we can test whether the rootkit is installed with out password on mapping server 184.108.40.206 (but this is not needed if we are sure about it):
>TEST 0 Testing 0) 220.127.116.11:80:bIgpWd – OK
if test failed it returns
Testing 0) 18.104.22.168:80:bIgpWd – FAILED
9) port is still closed and before we can use it, we have to open it with OPEN command, we can close port with CLOSE command when it is open, we can use flag ALL when want to apply these commands on all ports in the list, current state after required action is written after a while:
>OPEN 0 Port number 0 opened. >CLOSE 0 Port number 0 closed.
>OPEN ALL Port number 0 opened.
10) to save current settings and lists we can use SAVE command, this saves all to inifile (saving is also done by command EXIT without DIS flag):
>SAVE Saved successfully.
Open port is all what we need for data transfer. Now you can open your favourite explorer and type http://localhost:100/ as url. If no problems you will see how main page on www.google.com is loaded.
First packets of connection can be delayed up to 5 seconds, but others are limited only by speed of server, your internet connection speed and by redirector technology which is about 256 kBps in this version.
=====[ 6.2 Hooked API ]=====================================
Now this probably has to fall in the News of the Weird category, I would probably have fallen asleep, drooling on the computer, which would have caused something to short circuit and then blow up the machine, and eventually get the house on fire. Hence, not work losing your house over this.
You probably already heard this, but Chris Sells has a new column on MSDN called Longhorn Foghorn, that describes each of the “Pillars of Longhorn” – this is something which IMHO developers would understand and appreicate. In the first article he explains the “Pillars” and then in the next two goes onto build Solitaire. You can download the sample and play with it too.
Karan found this and you can read about all of it in his blog. But I checked and he is right! Gmail does not show me the time of the “origin” of the email only when gmail got it. So taking Karan’s scenario:
Retrieve from external pop3 mailbox
250 new messages
Import 250 Messages
look at inbox, and you have 250 messages received at the same time (1 min ago)
Oh wow! this is just what I need.
This begs the question, is this by design? If so, would it be to thwart the spammers? Personally I would like to see both when was the mail sent, and when did I get it.
Shadowfax is an interesting set of “Reference Solution” that is being worked on by the PAG group at Microsoft. I think this would be a very important piece in the whole SOA (Service Oriented Architecture) space, with getting bits out the door in a quick and reusable fashion. Basically this is a similar implementation of Indigo in todays technologies (i.e. those that are currently shipping such as .NET). This “unifies” the four messaging options you have today:
Per Microsoft here are the goals for this are:
Enable separation between stable service interfaces and possibly volatile and unreliable Service Dispatching (Without the framework one would have to think about how to expose the service first. With the framework one can build a service first and then think about how to expose it.)
Make it possible for developers to keep aspect-like logic, for example monitoring or auditing logic, separate from Service Dispatching logic.
Provide a single, consistent mode of handling service requests regardless of the transport transport on which they came.
Help developers build robust services that can be accessed by client applications through multiple transports.
This is how is translates to Architecture speak:
Provide support for sending service request and receiving service responses over multiple transports (such as Web Services or message queue transport)
Provide multiple, configurable means of dispatching Service Dispatchings.
Provide multiple, configurable means of passing requests to and receiving responses form Service Dispatchings.
Provide configurable means of “inserting” aspect-like logic into request and response flow.
Provide simple means of integration with BizTalk orchestration
And the constraints within which this has to operate are:
The architecture must be logically consistent with the future direction of relevant Microsoft products (Indigo and BizTalk in particular).
The implementation should use the .NET Framework.To be deployed, the architecture must only require the Windows platform with the .NET Framework distributable installed.
The development and modifications of the framework should be done with VS 2003 Enterprise Version.
Again, I think this would be quite a significant advantage before Indigo ships. I just started playing with this, so look out for more details on this in the next few weeks.
I suddenly started getting an error during boot up on one of my machine and could not figure out what it was, after spending a fair amount of time on google, I found this listing of error codes that I feel was very helpful. You can bookmark this post and use it as your reference.
Code Description 01x Undetermined problem errors 02x Power supply errors
1xx System Board Errors 101 System board error – Interrupt failure 102 System board error – Timer failure 103 System board error – Timer interrupt failure 104 System board error – Protected mode failure 105 System board error – Last 8042 command not accepted 106 System board error – Converting logic test 107 System board error – Hot NMI test 108 System board error – Timer bus test 109 Direct memory access test error 110 System board memory 111 Adapter memory 112 (any adapter in system unit) 113 (any adapter in system unit) 121 Unexpected hardware interrupts occurred 131 Cassette wrap test failed 151 System Board Error; Defective battery 152 System Board Error; Real time clock failure 161 System Options Error – (Run SETUP) Battery failure 162 System options not set correctly-(Run SETUP) 163 Time and date not set – (Run SETUP) 164 Memory size error – (Run SETUP) 165 System options not set – (Run SETUP) 166 (any adapter in system unit) 199 User-indicated configuration not correct
2xx Memory (RAM) Errors xxyyyy yyzz 201 bad ram chip in bank xx row zz
301 Keyboard did not respond to software reset correctly, or a stuck key failure was detected. If a stuck key was detected, the scan code for the key is displayed in hexadecimal. For example, the error code 49 301 indicates that Key 73, the PAGE UP key, has failed (49 hex = 73 decimal)
302 User-indicated error from the keyboard test, or AT keylock is locked 303 Keyboard or system unit error 304 Keyboard or system unit error; CMOS does not match system 305 Models 50 and 60 fuse or keyboard cable error 341 Replace keyboard 342 Replace interface cable 343 Replace enhancement card or cable
4xx Monochrome Monitor Errors 401 Monochrome memory test, horizontal synchronous frequency test, or video test failed 408 User-indicated display attributes failure 416 User-indicated character set failure 424 User-indicated 80 X 25 mode failure 432 Parallel port test failed (monochrome adapter)
5xx Color Monitor Errors 501 Color memory test failed, horizontal synchronous frequency test, or video test failed 508 User-indicated display attribute failure 516 User-indicated character set failure 524 User-indicated 80 X 25 mode failure 532 User-indicated 40 X 25 mode failure 540 User-indicated 320 X 200 graphics mode failure 548 User-indicated 640 X 200 graphics mode failure
6xx Floppy Disk Drive Errors 601 Disk power-on diagnostics test failed 602 Disk test failed; boot record is not valid 603 Disk size error 606 Disk verify function failed 607 Write-protected disk 608 Bad command disk status returned 610 Disk initialization failed 611 Timeout – disk status returned 612 Bad NEC (controller) – disk status returned 613 Bad DMA – disk status returned 614 DMA Boundary error 621 Bad seek – disk status returned 622 Bad CRC – disk status returned 623 Record not found – disk status returned 624 Bad address mark – disk status returned 625 Bad NEC (controller) seek – disk status returned 626 Disk data compare error 627 Disk change line error 628 Disk removed
7xx 8087 or 80287 Math Coprocessor Errors 701 Math coprocessor test failed
10xx Reserved for Parallel Printer Adapter 1001 Alt printer Adapter test failed
11xx Asynchronous Communications Adapter Errors 1101 Asynchronous communications adapter test failed 1102 Any serial device (system board) 1106 Any serial device (system board) 1107 Communications cable (system board) 1108 Any serial device (system board) 1109 Any serial device (system board) 1110 Modem status register not clear 1111 Ring indicate failure 1112 Trailing edge ring indicate failure 1113 Receive and delta receive line signal detect failure 1114 Receive line signal detect failure 1115 Delta receive line signal detect failure 1116 Line control register; all bits cannot be set 1117 Line control register; all bits cannot be reset 1118 Xmit holding and/or shift register is stuck on 1119 Data ready stuck on 1120 Interrupt enable register, all bits cannot be set 1121 Interrupt enable register, all bits cannot be reset 1122 Interrupt pending stuck on 1123 Interrupt ID register stuck on 1124 Modem control register, all bits cannot be set 1125 Modem control register, all bits cannot be reset 1126 Modem status register, all bits cannot be set 1127 Modem status register, all bits cannot be reset 1128 Interrupt ID failure 1129 Cannot force overrun error 1130 No modem status interrupt 1131 Invalid interrupt pending 1132 No data ready 1133 No data available interrupt 1134 No transmit holding interrupt 1135 No interrupts 1136 No received line status interrupt 1137 No receive data available 1138 Transmit holding register not empty 1139 No modem status interrupt 1140 Transmit holding register not empty 1141 No interrupts 1142 No IRQ4 interrupt 1143 No IRQ3 interrupt 1144 No data transferred 1145 Maximum BAUD rate failed 1146 Minimum BAUD rate failed 1148 Timeout error 1149 Invalid data returned 1150 Modem status register error 1151 No DSR and Delta DSR 1152 No data set ready 1153 No delta 1154 Modem status register not clear 1155 No CTS and Delta CTS 1156 No clear to send 1157 No delta CTS
12xx Alternate Asynchronous Communications Adapter Errors 1201 Alternate asynchronous communications adapter test failed 1202 Dual Asynchronous Adapter/A (Any serial device) 1206 Dual Asynchronous Adapter/A (Any serial device) 1207 Dual Asynchronous Adapter/A board error 1208 Dual Asynchronous Adapter/A (Any serial device) 1209 Dual Asynchronous Adapter/A (Any serial device)
13xx Game Control Adapter Errors 1301 Game control adapter test failed 1302 Joystick test failed
15xx Synchronous Data Link Control (SDLC) Communications Adapter Errors 1510 8255 Port B failure 1511 8255 Port A failure 1512 8255 Port C failure 1513 8253 Timer 1 did not reach terminal count 1514 8253 Timer 1 stuck on 1515 8253 Timer 0 did not reach terminal count 1516 8253 Timer 0 stuck on 1517 8253 Timer 2 did not reach terminal count 1518 8253 Timer 2 stuck on 1519 8273 Port B error 1520 8273 Port A error 1521 8273 command/read timeout 1522 Interrupt level 4 failure 1523 Ring Indicate stuck on 1524 Receive clock stuck on 1525 Transmit clock stuck on 1526 Test indicate stuck on 1527 Ring indicate not on 1528 Receive clock not on 1529 Transmit clock not on 1530 Test indicate not on 1531 Data set ready not on 1532 Carrier detect not on 1533 Clear to send not on 1534 Data set ready stuck on 1536 Clear to send stuck on 1537 Level 3 interrupt failure 1538 Receive interrupt results error 1539 Wrap data miscompare 1540 DMA channel 1 error 1541 DMA channel 1 error 1542 Error in 8273 error checking or status reporting 1547 Stray interrupt level 4 1548 Stray interrupt level 3 1549 Interrupt presentation sequence timeout
16xx Display Emulation Errors (327x, 5520, 525x)
17xx Fixed Disk Errors The following is a listing of Personal Computer AT Error Codes for the fixed disk drive and fixed disk drive adapter:
1700 Fixed Disk/Adapter 1701 HDD Controller Failure 1702 Time out error 1703 Seek error 1704 Disk adapter error 1705 No record found 1706 Write fault error 1707 Track 0 error 1708 Head select error 1709 Defective ECC 1710 Read buffer overrun 1711 Bad address mark 1712 Error-cause not determined 1713 Data compare error 1714 Drive not ready 1780 Disk 0 failure 1781 Disk 1 failure 1782 Disk adapter error 1790 Disk 0 error 1791 Disk 1 error
18xx I/O Expansion Unit Errors 1801 I/O expansion unit POST error 1810 Enable/Disable failure 1811 Extender card warp test failed (disabled) 1812 High order address lines failure (disabled) 1813 Wait state failure (disabled) 1814 Enable/Disable could not be set on 1815 Wait state failure (disabled) 1816 Extender card warp test failed (enabled) 1817 High order address lines failure (enabled) 1818 Disable not functioning 1819 Wait request switch not set correctly 1820 Receiver card wrap test failure 1821 Receiver high order address lines failure
19xx 3270 PC Attachment Card Errors
20xx Binary Synchronous Communications (BSC) Adapter Errors 2010 8255 Port A failure 2011 8255 Port B failure 2012 8255 Port C failure 2013 8253 Timer 1 did not reach terminal count 2014 8253 Timer 1 stuck on 2016 8253 Timer 2 did not reach terminal count, or timer 2 stuck on 2017 8251 Data set ready failed to come on 2018 8251 Clear to send not sensed 2019 8251 Data set ready stuck on 2020 8251 Clear to send stuck on 2021 8251 Hardware reset failed 2022 8251 Software reset failed 2023 8251 Software “error reset” failed 2024 8251 Transmit ready did not come on 2025 8251 Receive ready did not come on 2026 8251 Could not force “overrun” error status 2027 Interrupt failure – no timer interrupt 2028 Interrupt failure – transmit, replace card or planar 2029 Interrupt failure – transmit, replace card 2030 Interrupt failure – receive, replace card or planar 2031 Interrupt failure – receive, replace card 2033 Ring indicate stuck on 2034 Receive clock stuck on 2035 Transmit clock stuck on 2036 Test indicate stuck on 2037 Ring indicate stuck on 2038 Receive clock not on 2039 Transmit clock not on 2040 Test indicate not on 2041 Data set ready not on 2042 Carrier detect not on 2043 Clear to send not on 2044 Data set ready stuck on 2045 Carrier detect stuck on 2046 Clear to send stuck on 2047 Unexpected transmit interrupt 2048 Unexpected receive interrupt 2049 Transmit data did not equal receive data 2050 8251 detected overrun error 2051 Lost data set ready during data wrap 2052 Receive timeout during data wrap
21xx Alternate Binary Synchronous Communications Adapter Errors 2110 8255 Port A failure 2111 8255 Port B failure 2112 8255 Port C failure 2113 8253 Timer 1 did not reach terminal count 2114 8253 Timer 1 stuck on 2115 8253 Timer 2 did not reach terminal count, or timer 2 stuck on 2116 8251 Data set ready failed to come on 2117 8251 Clear to send not sensed 2118 8251 Data set ready stuck on 2119 8251 Clear to send stuck on 2120 8251 Hardware reset failed 2121 8251 Software reset failed 2122 8251 Software “error reset” failed 2123 8251 Transmit ready did not come on 2124 8251 Receive ready did not come on 2125 8251 Could not force “overrun” error status 2126 Interrupt failure – no timer interrupt 2128 Interrupt failure – transmit, replace card or planar 2129 Interrupt failure – transmit, replace card 2130 Interrupt failure – receive, replace card or planar 2131 Interrupt failure – receive, replace card 2133 Ring indicate stuck on 2134 Receive clock stuck on 2135 Transmit clock stuck on 2136 Test indicate stuck on 2137 Ring indicate stuck on 2138 Receive clock not on 2139 Transmit clock not on 2140 Test indicate not on 2141 Data set ready not on 2142 Carrier detect not on 2143 Clear to send not on 2144 Data set ready stuck on 2145 Carrier detect stuck on 2146 Clear to send stuck on 2147 Unexpected transmit interrupt 2148 Unexpected receive interrupt 2149 Transmit data did not equal receive data 2150 8251 detected overrun error 2151 Lost data set ready during data wrap 2152 Receive timeout during data wrap
22xx Cluster Adapter Errors
24xx Enhanced Graphics Adapter Errors
26xx XT/370 Error Codes
27xx XT/370 Error Codes
29xx Color Matrix Printer Errors 2901 2902 2904
30xx Primary PC Network Adapter Errors 3001 CPU Failure 3002 ROM Failure 3003 ID Failure 3004 RAM Failure 3005 HIC Failure 3006 +/- 12v Failed 3007 Digital Loopback Failure 3008 Host Detected HIC Failure 3009 Synchronous Fail & No Go Bit 3010 HIC Test OK & No Go Bit 3011 Go Bit & No CMD 41 3012 Card not present 3013 Digital Failure ( Fall Through ) 3015 Analog Failure 3041 Hot Carrier (not this card) 3042 Hot Carrier (This Card)
31xx Secondary PC Network Adapter Errors 3101 CPU Failure 3102 ROM Failure 3103 ID Failure 3104 RAM Failure 3105 HIC Failure 3106 +/- 12v Failed 3107 Digital Loopback Failure 3108 Host Detected HIC Failure 3109 Synchronous Fail & No Go Bit 3110 HIC Test OK & No Go Bit 3111 Go Bit & No CMD 41 3112 Card not present 3113 Digital Failure ( Fall Through ) 3115 Analog Failure 3141 Hot Carrier (not this card) 3142 Hot Carrier (THIS CARD !!)
33xx Compact Printer Errors
74xx Display Adapter 8514/A
850x 80286 Expanded Memory Adapter/A
851x 80286 Expanded Memory Adapter/A
852x Memory Module Package on the 8028
6 Expanded Memory Adapter/A
100xx Multiprotocol Adapter/A 10002 Multiprotocol Adapter/A any serial device 10006 Multiprotocol Adapter/A any serial device 10007 Communications cable Multiprotocol Adapter/A 10008 Multiprotocol Adapter/A any serial device 10009 Multiprotocol Adapter/A any serial device
101xx Modem Adapter/A 10102 Modem Adapter/A any serial device 10106 Modem Adapter/A any serial device 10108 Modem Adapter/A any serial device 10109 Modem Adapter/A any serial device
104xx Fixed Disk Adapter (ESDI) Drives 0 or 1 (C or D) 10480 Fixed disk C, adapter (ESDI) or system board error 10481 Fixed disk D, adapter (ESDI) or system board error 10482 Fixed disk C or system board error 10483 Fixed disk adapter (ESDI) or system board error 10490 Fixed disk C or adapter (ESDI) error 10491 Fixed disk C or adapter (ESDI) error
16500 6157 Tape Attachment Adapter
16520 6157 Streaming Tape Drive
16540 6157 Streaming Tape Drive or tape attachment adapter