Microsoft-Windows-HAL

20 events across 2 channels

Event ID	Title	Channel
1	Initialization of the High Precision Event Timer failed due to a BIOS …	System
2	Initialization of the High Precision Event Timer failed due to unsupported …	System
3	Initialization of the High Precision Event Timer failed due to an interrupt …	System
4	Due to an unexpected condition, the operating system will use another available …	System
5	Due to an expected condition, the operating system will use another available …	Debug
7	The processor cycle counter on processor TargetProcessor has been probed by …	Debug
8	The processor's cycle counters have been successfully synchronized from …	Debug
9	The processor cycle counter on processor TargetProcessor was synchronized …	Debug
10	The synchronization of the processor's cycle counters was not able to …	Debug
11	The High Precision Event Timer failed to deliver message signalled interrupts.	System
12	The platform firmware has corrupted memory across the previous system power …	System
13	The system watchdog timer was triggered.	System
14	The watchdog wake timer was triggered.	Debug
15	The iommu has detected an error.	System
16	IOMMU fault reporting has been initialized.	System
17	The clock interrupt is backed by a platform timer instead of a per-processor …	System
18	The performance counter is not readable from user mode.	System
19	DMA API failure detected.	System
20	The hardware real-time clock was not queried because evaluation of the ACPI Time …	System
21	The hardware real-time clock was not set because evaluation of the ACPI Time and …	System

Event ID 1 — Initialization of the High Precision Event Timer failed due to a BIOS configuration problem.

Provider: Microsoft-Windows-HAL
Channel: System

Description

Initialization of the High Precision Event Timer failed due to a BIOS configuration problem.

Message #

Initialization of the High Precision Event Timer failed due to a BIOS configuration problem.
The operating system will use another available platform timer in lieu of the High Precision Event Timer.

Contact your system vendor for technical assistance.
Initialization status: %1.

Fields #

Name	Description
`Initialization_status` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 2 — Initialization of the High Precision Event Timer failed due to unsupported hardware.

Provider: Microsoft-Windows-HAL
Channel: System

Description

Initialization of the High Precision Event Timer failed due to unsupported hardware.

Message #

Initialization of the High Precision Event Timer failed due to unsupported hardware.
The operating system will use another available platform timer in lieu of the High Precision Event Timer.

Initialization status: %1.

Fields #

Name	Description
`Initialization_status` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 3 — Initialization of the High Precision Event Timer failed due to an interrupt configuration problem.

Provider: Microsoft-Windows-HAL
Channel: System

Description

Initialization of the High Precision Event Timer failed due to an interrupt configuration problem.

Message #

Initialization of the High Precision Event Timer failed due to an interrupt configuration problem.
The operating system will use another available platform timer in lieu of the High Precision Event Timer.

It may be possible to address this problem with an updated system BIOS.
Contact your system vendor for technical assistance.
Initialization status: %1.

Fields #

Name	Description
`Initialization_status` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 4 — Due to an unexpected condition, the operating system will use another available platform timer in lieu of the processor's cycle counters.

Provider: Microsoft-Windows-HAL
Channel: System

Description

Due to an unexpected condition, the operating system will use another available platform timer in lieu of the processor's cycle counters. Status: Status.

Message #

Due to an unexpected condition, the operating system will use another available platform timer in lieu of the processor's cycle counters.  Status: %1.

Fields #

Name	Description
`Status` UInt32	— NTSTATUS reference

Event ID 5 — Due to an expected condition, the operating system will use another available platform timer in lieu of the processor's cycle counters.

Provider: Microsoft-Windows-HAL
Channel: Debug

Description

Due to an expected condition, the operating system will use another available platform timer in lieu of the processor's cycle counters. Status: Status.

Message #

Due to an expected condition, the operating system will use another available platform timer in lieu of the processor's cycle counters.  Status: %1.

Fields #

Name	Description
`Status` UInt32	— NTSTATUS reference

Event ID 7 — The processor cycle counter on processor TargetProcessor has been probed by processor LeadProcessor.

Provider: Microsoft-Windows-HAL
Channel: Debug

Description

The processor cycle counter on processor TargetProcessor has been probed by processor LeadProcessor. A counter delta of Delta was detected. The approximate communication delay between these processors was detected to be NopCycles.

Message #

The processor cycle counter on processor %2 has been probed by processor %1.  A counter delta of %3 was detected.  The approximate communication delay between these processors was detected to be %4.

Fields #

Name	Description
`LeadProcessor` Int32	—
`TargetProcessor` Int32	—
`Delta` Int64	—
`NopCycles` UInt32	—

Event ID 8 — The processor's cycle counters have been successfully synchronized from processor LeadProcessor within acceptable operating thresholds.

Provider: Microsoft-Windows-HAL
Channel: Debug

Message #

The processor's cycle counters have been successfully synchronized from processor %1 within acceptable operating thresholds.  The maximum positive delta detected was %3 and the maximum negative delta was %4.  Synchronization executed for %5 microseconds.

Fields #

Name	Description
`LeadProcessor` Int32	—
`MaximumPositiveDeltaProcessor` Int32	—
`MaximumPositiveDelta` Int32	—
`MaximumNegativeDelta` Int32	—
`Microseconds` Int32	—

Event ID 9 — The processor cycle counter on processor TargetProcessor was synchronized against processor SourceProcessor using an adjustment of Bias cycles on attempt Wave.

Provider: Microsoft-Windows-HAL
Channel: Debug

Description

The processor cycle counter on processor TargetProcessor was synchronized against processor SourceProcessor using an adjustment of Bias cycles on attempt Wave. This resulted in a delta of Delta cycles.

Message #

The processor cycle counter on processor %2 was synchronized against processor %1 using an adjustment of %4 cycles on attempt %5.  This resulted in a delta of %3 cycles.

Fields #

Name	Description
`SourceProcessor` Int32	—
`TargetProcessor` Int32	—
`Delta` Int64	—
`Bias` Int64	—
`Wave` UInt32	—

Event ID 10 — The synchronization of the processor's cycle counters was not able to synchronize the processors within acceptable operating thresholds.

Provider: Microsoft-Windows-HAL
Channel: Debug

Description

The synchronization of the processor's cycle counters was not able to synchronize the processors within acceptable operating thresholds. Status: Status.

Message #

The synchronization of the processor's cycle counters was not able to synchronize the processors within acceptable operating thresholds.  Status: %1.

Fields #

Name	Description
`Status` UInt32	— NTSTATUS reference

Event ID 11 — The High Precision Event Timer failed to deliver message signalled interrupts.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The High Precision Event Timer failed to deliver message signalled interrupts. The operating system will fall back to line based interrupts for this timer.

Message #

The High Precision Event Timer failed to deliver message signalled interrupts.  The operating system will fall back to line based interrupts for this timer.
Initialization status: %1.

Fields #

Name	Description
`Initialization_status` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 12 — The platform firmware has corrupted memory across the previous system power transition.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Message #

The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Fields #

Name	Description
`Count` UInt32	—
`FirstPage` UInt32	—
`LastPage` UInt32	—

Event ID 13 — The system watchdog timer was triggered.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The system watchdog timer was triggered.

Message #

The system watchdog timer was triggered.

Event ID 14 — The watchdog wake timer was triggered.

Provider: Microsoft-Windows-HAL
Channel: Debug

Description

The watchdog wake timer was triggered.

Message #

The watchdog wake timer was triggered.

Event ID 15 — The iommu has detected an error.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The IOMMU has detected an error.

Message #

The IOMMU has detected an error.

Device: %1
FaultInformation: %2
FaultReason: %3
ExtendedData: %4

Fields #

Name	Description
`SourceId` UInt64	—
`FaultInformation` UInt64	—
`FaultReason` UInt32	—
`ExtendedData` UInt64	—

Event ID 16 — IOMMU fault reporting has been initialized.

Provider: Microsoft-Windows-HAL
Channel: System
Level: Informational

Description

IOMMU fault reporting has been initialized.

Message #

IOMMU fault reporting has been initialized.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-HAL",
    "guid": "63D1E632-95CC-4443-9312-AF927761D52A",
    "event_source_name": "",
    "event_id": 16,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T06:24:57.962026+00:00",
    "event_record_id": 1635,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 17 — The clock interrupt is backed by a platform timer instead of a per-processor source.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The clock interrupt is backed by a platform timer instead of a per-processor source. System performance may be degraded.

Message #

The clock interrupt is backed by a platform timer instead of a per-processor source.  System performance may be degraded.

Event ID 18 — The performance counter is not readable from user mode.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The performance counter is not readable from user mode. System performance may be degraded.

Message #

The performance counter is not readable from user mode.  System performance may be degraded.

Event ID 19 — DMA API failure detected.

Provider: Microsoft-Windows-HAL
Channel: System

Description

DMA API failure detected.

Message #

DMA API failure detected.

APIIndex: %1
ErrorCode: %2
FailureInformation1: %3
FailureInformation2: %4

Fields #

Name	Description
`APIIndex` UInt32	—
`ErrorCode` UInt32	—
`FailureInformation1` UInt64	—
`FailureInformation2` UInt64	—

Event ID 20 — The hardware real-time clock was not queried because evaluation of the ACPI Time and Alarm Device method failed.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The hardware real-time clock was not queried because evaluation of the ACPI Time and Alarm Device method failed. Status: Status.

Message #

The hardware real-time clock was not queried because evaluation of the ACPI Time and Alarm Device method failed.  Status: %1.

Fields #

Name	Description
`Status` UInt32	— NTSTATUS reference

Event ID 21 — The hardware real-time clock was not set because evaluation of the ACPI Time and Alarm Device method failed.

Provider: Microsoft-Windows-HAL
Channel: System

Description

The hardware real-time clock was not set because evaluation of the ACPI Time and Alarm Device method failed. Status: Status.

Message #

The hardware real-time clock was not set because evaluation of the ACPI Time and Alarm Device method failed.  Status: %1.

Fields #

Name	Description
`Status` UInt32	— NTSTATUS reference