Computer has reboot from a bugcheck causes by Hal.dll

By Renz_Lyle
in Microsoft (Windows)

 Share

Recommended Posts

Neowinian

Renz_Lyle

Posted
Posted

Hi,

I'm a newbie here. I have experience series of reboot that causes by hal.dll. I haven't done any changes lately but I continue to get bluescreens on an XP  virtual machine running on RHEV. By the way, here's the result in Bluescreen view. Thanks!

BSOD.JPG

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted
1 hour ago, Renz_Lyle said:

Hi,

I'm a newbie here. I have experience series of reboot that causes by hal.dll. I haven't done any changes lately but I continue to get bluescreens on an XP  virtual machine running on RHEV. By the way, here's the result in Bluescreen view. Thanks!

BSOD.JPG

Use windbg to give more info, or if that program can, use it. 

 

I had hal.dll blue screens a couple weeks ago and drilling down in each debug result was memory_corruption. Turns out a 16GB stick of ram went bad. 

Link to comment
Share on other sites
Neowinian

Renz_Lyle

Posted
  • Author
Posted

Hi adrynalyne,

Thank you for looking into my concern. Attached is the screenshot from Bluescreen View.

 

Here's from Windbg:

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 30000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ff7f6, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: win32k

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  48025f2a

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 30000008

CURRENT_IRQL:  2

FAULTING_IP:
nt+287f6
804ff7f6 8b4f14          mov     ecx,dword ptr [edi+14h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

LAST_CONTROL_TRANSFER:  from 806e6ef2 to 804ff7f6

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
bab17a4c 806e6ef2 00000000 00000000 bab17a64 nt+0x287f6
bab17a64 806e6ba4 badb0d00 00000000 00000000 hal+0x2ef2
bab17d30 bf884705 bab07490 00000002 bab17d54 hal+0x2ba4
bab17d40 bf80110a bab07490 bab17d64 0070fff4 win32k+0x84705
bab17d54 8054161c 00000000 00000022 00000000 win32k+0x110a
bab17d64 7c90e506 badb0d00 0070ffec 00000000 nt+0x6a61c
00000000 00000000 00000000 00000000 00000000 0x7c90e506


STACK_COMMAND:  kb

FOLLOWUP_IP:
win32k+84705
bf884705 ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  win32k+84705

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  win32k.sys

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner

BSOD-09022016.JPG

BSOD-09092016.JPG

Link to comment
Share on other sites
Grand Master

Hum

Posted
Posted (edited)

Reseat  your hardware, RAM, graphics card, etc.

 

Update BIOS

 

Update all drivers that you can

 

Check cables for tightness

 

Sometimes cables go bad

 

Could be that hal.dll is corrupt -- only a Reinstall might repair it.

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted (edited)
1 hour ago, Renz_Lyle said:

Can't attached it directly but you can download it here:

 

https://www.dropbox.com/s/whaglreollnbnqf/Desktop.zip?dl=0

 

I'll take a look tomorrow. :)

 

1 hour ago, Hum said:

Reseat  your hardware, RAM, graphics card, etc.

 

Update BIOS

 

Update all drivers that you can

 

Check cables for tightness

 

Sometimes cables go bad

 

Could be that hal.dll is corrupt -- only a Reinstall might repair it.

If Hal.dll was corrupt he wouldn't even be booting. I know you are trying to help, but the approach of throw poo at the wall and see what sticks rarely works. 

Link to comment
Share on other sites
Experienced

John.D

Posted
Posted (edited)

Looks like some of the files on this hdd are out of date. Dameware is from 2008.  This file viostor.sys is from 2012. Looks like this is a linux file. I dont know why it's on your hdd. I think this is also part of a VM program

 

Wouldnt be surprised if one of these Symantec programs are causing it

 

 

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing