Results 1 to 7 of 7

Thread: Win2k -> DS 2.6 BSOD (hal.dll) HELP!?!?

  1. #1

    Win2k -> DS 2.6 BSOD (hal.dll) HELP!?!?

    Hiya,

    I just installed SoftICE Driver Studio 2.6 on my Win2K PC and it works great excepting one mysterious problem... I seem to be getting a fatal BSOD whenever I attempt to restart my PC from within Win2k. It reports the following error:

    ***STOP: 0x0000000A(0x00000020, 0x000000FF, 0x00000001, 0x80069128) IRQL_NOT_LESS_OR_EQUAL
    *** Address 80069128 base at 80062000, Date Stamp 3C989E09 - hal.dll

    Interestingly, the error is only generated on a "restart", NOT on a "shut down". I can shut down windows with no problems whatsoever. Likewise, an "hboot" command issued from within winice restarts my PC without any problems either. Having previously run Win98 as my reversing OS, I lack familiarity with Win2k but I have done some preliminary research with the limited information provided to me... Apparently, the error I am recieving generally corresponds to an invalid memory access and a description of the error follows below:

    _______________________________________________
    One of the more frequent trap codes generated by Windows NT is STOP
    0x0000000A. This STOP message can be caused by both hardware and software
    problems. To determine the specific cause, you must debug the STOP.
    However, some general information can be learned by examining the
    parameters of the STOP message and the STOP screen information.

    MORE INFORMATION
    ================

    STOP 0x0000000A indicates a kernel mode process or driver attempted to
    access a memory address that it did not have permission to access. The most
    common cause of this error is a bad or corrupt pointer that references an
    incorrect location in memory. A pointer is a variable used by a program to
    refer to a block of memory. If the variable has a bad value in it, then the
    program tries to access memory that it should not. When this occurs in a
    user mode application, it generates an access violation. When it occurs in
    kernel mode, it generates a STOP 0x0000000A message.

    To determine what process or driver tried to access memory it should not,
    look at the parameters displayed on the STOP screen information. For
    example, in the following STOP message

    STOP 0x0000000A(0xWWWWWWWW, 0xXXXXXXXX, 0xYYYYYYYY, 0xZZZZZZZZ)
    IRQL_NOT_LESS_OR_EQUAL
    ** Address 0xZZZZZZZZ has base at <address>- <driver>

    The four parameters inside the parenthesis have the following meaning:

    0xWWWWWWWW Address that was referenced improperly
    0xXXXXXXXX IRQL that was required to access the memory
    0xYYYYYYYY Type of access, 0=Read, 1=Write
    0xZZZZZZZZ Address of instruction which attempted to reference
    the memory at 0xWWWWWWWW

    If the last parameter (0xZZZZZZZZ) falls within the address range of
    one of the device drivers loaded on the system, you will know which
    device driver was running when the memory access occurred. This driver is
    often identified in the third line of the STOP screen:

    **Address 0xZZZZZZZZ has base at <address>- <driver name>

    _______________________________________________

    From this description I can conclude...

    Improperly referenced address: 0x00000020
    Access Type: write
    Instruction that atttempted memory reference: 80069128... A disassembly of this address in winice informs me that the fault occured in the HalSetTimeIncrement function.

    Research into the apparently undocumented HalSetTimeIncrement function reveals the following:
    _______________________________________________

    "In hal.dll there is a Funktion named "ULONG HalSetTimeIncrement( IN
    ULONG Increment);". It accepts the requested resolution whith a base
    of 100 ns. (It is undockumented) And it returns the real resolution.
    But try it... It is not dangerous, but you will not get the expected
    results."
    _______________________________________________

    I attempted to set a breakpoint on the faulting address in SI, but it locks my *entire* system up, even beyond BSOD lockup and I must cut the power to recover. I currently have SI set to load in "automatic" mode. Maybe I need to set it to "boot" mode to trace this type of error??? I have also researched the problem on google, microsoft knowledge base, and numega's site without success. I did find one reference to the error here on the mb(http://www.woodmann.net/forum/showthread.php?s=&threadid=3135&highlight=hal.dll), but it lacked response.

    Has anyone else experienced this error??? I would be immensely grateful if someone could point me in the right direction on this one. Hehe, I'm not too confident in my ability to single handedly debug the Win2K kernel

    Here are my system specs if required:

    SoftICE version: Driver Studio 2.6
    OS: Windoze 2000 Professional
    Processor: AMD Athlon XP 2200
    Memory: 512 MB
    Video Card: GForce 4
    Audio: Sound Blaster Live 5.1
    Chipset: VIA KT333

    Thanks In Advance,
    Clandestiny

  2. #2
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815

    heh

    YES! I saw that error too on Win2K, the exact same thing.

    But sorry, I never tried or cared to find out what was happening. BUT I do know that I have service pack 2 installed and I don't get the error, and I have seen that error on win2k before.

    So maybe it is the service pack that fixed it?

    -nt20

  3. #3
    Snatch
    Guest
    OMG I was just about to post the same exact thing. I am on WinXP and I get the same message on restarts. I am hoping DS 2.7 will fix this or WinXP SP1.

    Snatch
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Athlon
    Guest
    Woodmann did you delete my posts or did they disappear again
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,143
    Blog Entries
    5
    Athlon, I deleted the whole series of 4 or 5 off-topic replies your post generated before it degenerated into a flame war. "When are we going to get our hands on DS 2.7", or something to that effect, obviously created a few retorts which you seemed surprised about. Since it didn't contribute anything to solving the original question and is probably better asked on other forums, I deleted them all. I don't really see any surprise here.

    Regards,
    Kayaker

  6. #6
    Athlon
    Guest
    Ok just checkin sorry but I am used to exetools forum which any thing can be dicussed
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    oyang2002
    Guest

    Wink

    Hi Clandestiny:

    I had the same problem on Win2K & WinXP,and I had post
    some message on some forum but none of the answer can
    work it out.


    Some days ago I changed some jumpers on my motherband
    because I thought my CPU wasn't been idntified correctly.
    (BTW I have a AthlonXP 1700+ and KT266A chipset).

    I modified some parameters about freqecne and my CPU was
    identified as 1700+.I found DS2.6 worked fine on W2K now!


    But,It still can't work on WinXP Pro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. BSOD with softice under XP DOS box
    By WaxfordSqueers in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: June 30th, 2009, 22:29
  2. # Syser causes BSOD
    By nezumi-lab in forum Blogs Forum
    Replies: 1
    Last Post: May 11th, 2008, 01:12
  3. Olly BSOD my PC...
    By Maximus in forum OllyDbg Support Forums
    Replies: 10
    Last Post: January 2nd, 2007, 11:56
  4. How to BSOD win2k
    By omega_red in forum Off Topic
    Replies: 3
    Last Post: December 13th, 2005, 20:04
  5. Revirgin and BSOD
    By cps530 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: March 29th, 2004, 00:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •