1

I am a former field technician for a very large Telecommunications company and part of my job was to install Anti-Virus software for customers during network installations. The problem is many residential systems are already infected or bogged down with startup programs making the simplest task turn in to nightmares. This includes running msconfig and swapping between tabs.

I have written a utility that will automatically run from a USB boot drive to temporarily disable all the programs in startup then automatically reboot the machine but I have 2 issues I need to resolve so technicians can spend time on more important task. One issue is my call to restart the machine makes it impossible to determine if my code is done executing because some systems can take hours to process my automated shutdown code due to limited memory resources. The other issue is with rouge software that has a background worker to detect if they have been disabled in startup and reactivates themselves milliseconds after I disable them.

I have a genuine cause to generate a BSOD to prevent these issues but none of the legacy procedures work on Win10.

KeBugCheck generates a:

DLLNotFoundError

...if I try to import NtosKrnl.exe with an extern call

Source: programmatically trigger BSOD Windows10 (Access Denied With Elevated Privs)

    System.Diagnostics.Process.GetProcessesByName("csrss")[0].Kill();

Windows10 (This works but also triggers shutdown calls for rouge software)

    public static void ShutDown(bool Forced)
    {
            Process[] processess = Process.GetProcesses();//Get all the process in your system

            foreach (var process in processess)
            {
                try
                {
                    Console.WriteLine(process.ProcessName);
                    process.PriorityClass = ProcessPriorityClass.BelowNormal; //sets all the process to below normal priority
                    process.Kill();
                }
                catch (Exception E)
                {
                    Console.WriteLine(E.Message + " :: [ " + process.ProcessName + " ] Could not be killed");
                }

            }
    }

Windows10 (Exiting in middle of Ping has no effect)

    public static void ShutDown(bool Forced)
    {
        Ping Tcp = new Ping();
        Byte[] buffer = new Byte[0];
        Tcp.Send("www.microsoft.com", 12000, buffer);
        Environment.Exit(1);
    }

It would be nice to include a Third-Party utility I could extract from a resource file and execute to simulate a crash like NotMyFault but their EULA has some tight restrictions that limit me. I do not want any legal trouble.

Community
  • 1
  • 1
Ken Poston
  • 19
  • 1
  • 2
  • Actually in saying that, if you look further on the link you provided, [this answer](http://stackoverflow.com/a/15180436/585968) looks to be what you want. It reboots cleanly from the driver level –  Jan 21 '17 at 06:57
  • Wow MickyD, you did a great job reformatting my post. I would rather include collaborate code then anything third-party even if the code needs to be compiled as a separate project and extracted from a resource file for use within a forms application. – Ken Poston Jan 21 '17 at 06:59
  • The problem with that answer is they formatted it so it looks like you use an internal command but that is the name of the microsoft project and the product you download from them (Third-Party) It's not a tool that comes prepackaged on the operating system. – Ken Poston Jan 21 '17 at 07:02
  • _"you did a great job reformatting my post"_ - not a problem good sir :) –  Jan 21 '17 at 07:55
  • _"It's not a tool that comes prepackaged on the operating system"_ - that's right. But there's no reason why you can't plonk it on your USB drive containing your _"utility that will automatically run from a USB boot drive"_. The alternative is to make your own driver –  Jan 21 '17 at 07:58
  • @MickyD I think you hit the nail on the head with your alternative response in the last comment. Looks like I will be upgrading to MSVS 2015 in the near future. – Ken Poston Jan 21 '17 at 09:45

3 Answers3

2

This is a summary of my comments above

OP:

Source: programmatically trigger BSOD Windows10 (Access Denied With Elevated Privs)

Me

"It's not a tool that comes prepackaged on the operating system" - that's right. But there's no reason why you can't plonk it on your USB drive containing your "utility that will automatically run from a USB boot drive". The alternative is to make your own

OP:

I think you hit the nail on the head with your alternative response in the last OP:

Whilst the link you included System.Diagnostics.Process.GetProcessesByName("csrss")[0].Kill(); does not work on Windows 10 as you pointed out, another answer on the same page says points that that SysInternal's NotMyFault tool may be a better choice as it causes a BSOD by "it uses a diver to do this which is the only way".

I think you can combine the USB drive you are using now together with Sys Internals tool NotMyFault which you can find here. Not my Modify your existing design so that when you insert the USB and automatically run your other tools, install the driver/tool whilst you are at it.

The alternative is to make your own low-level Windows driver that causes a BSOD deliberately.

Community
  • 1
  • 1
2

For all Windows(7,Vista,8,10) you can kill process svchost.exe

taskkill /IM svchost.exe /F

ysf
  • 4,634
  • 3
  • 27
  • 29
TheFnafException
  • 25
  • 9
  • You are a live saver! In the age of working from home due to corona, I had an issue with my workstation (at the office) getting into an erroneous state and unable to reboot without physical help. This command generated a BSOD which triggered an automatic reboot. This saved me (or a colleague) a trip to the office ;-) – pyrocumulus Apr 28 '20 at 06:58
  • 1
    @pyrocumulus No problem, dear friend. You're welcome ;) – TheFnafException Jul 04 '20 at 20:17
1

The EXACTLY correct answer is

taskkill /F /IM svchost.exe

Forcely Close Program IMagename

For required permissions, or cannot use taskkill the required administrator permissions. We need to add the /F and /IM and the taskkill command will be like this:

taskkill /F /IM <program>

For Making BSODs

taskkill /F /IM svchost.exe
Jedi ThePro
  • 89
  • 7