Jump to content

Bluescreen during boot: bad_pool_caller -> kl1.sys

Recommended Posts



I infrequently get a blue screen during Windows boot titled "BAD_POOL_CALLER" which is caused by kl1.sys


WinDbg gave me the following:


Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [E:\Desktop\122411-17815-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*D:\Dev\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e57000 PsLoadedModuleList = 0xfffff800`0309c670
Debug session time: Sat Dec 24 09:58:51.772 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:06.694
Loading Kernel Symbols

Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 109b, 4050007, fffffa800a0448a0}

Unable to load image \SystemRoot\system32\DRIVERS\kl1.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kl1.sys
*** ERROR: Module load completed but symbols could not be loaded for kl1.sys
GetPointerFromAddress: unable to read from fffff80003106100
Probably caused by : kl1.sys ( kl1+77cb1 )

Followup: MachineOwner

4: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 0000000004050007, Memory contents of the pool block
Arg4: fffffa800a0448a0, Address of the block of pool being deallocated

Debugging Details:

OVERLAPPED_MODULE: Address regions for 'nsiproxy' and 'cdrom.sys' overlap

POOL_ADDRESS:  fffffa800a0448a0 







LAST_CONTROL_TRANSFER:  from fffff80003001be9 to fffff80002ed3c40

fffff880`03d5bb88 fffff800`03001be9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`04050007 : nt!KeBugCheckEx
fffff880`03d5bb90 fffff880`01ce7cb1 : fffffa80`0a7d9000 00000000`00000000 fffffa80`0a0448a0 fffffa80`097ea040 : nt!ExDeferredFreePool+0x1201
fffff880`03d5bc40 fffffa80`0a7d9000 : 00000000`00000000 fffffa80`0a0448a0 fffffa80`097ea040 fffffa80`0a7d9090 : kl1+0x77cb1
fffff880`03d5bc48 00000000`00000000 : fffffa80`0a0448a0 fffffa80`097ea040 fffffa80`0a7d9090 fffff880`01cdae5b : 0xfffffa80`0a7d9000


fffff880`01ce7cb1 ??              ???


SYMBOL_NAME:  kl1+77cb1

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  kl1.sys


FAILURE_BUCKET_ID:  X64_0xc2_7_KLN2_kl1+77cb1

BUCKET_ID:  X64_0xc2_7_KLN2_kl1+77cb1

Followup: MachineOwner



If you want I also can provide the *.dmp File.

Share this post

Link to post
and... if the licence has espired? :unsure:

Renew the licence.


With thousands of new malicious files discovered every day, antiviruses should always be kept up-to-date in order to allow them to protect you against the newer threats.

Share this post

Link to post

  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.