2

Possible Duplicate:
Simulating a BlueScreen

Hello SO,

I'm trying to induce a BSOD somehow inline in my C code. My main background is Java but have been fortunate to have been tutored by some coworkers and am helping out with a simple C utility.

There's two sections:
1) write to a hard drive (I finished this, wasn't too bad)
2) Force a blue screen immediately after sending the last SCSI write command

You can probably tell the intent of the program easily now.

I've tried two things so far:
1) Externally calling pskill.exe (windows utility) to manually crash csrss.exe which forces a blue screen every time since csrss.exe is a required service of windows. This doesn't work because it's not fast enough. The call to the external utility takes too long so we need inline code to compile with the write to disk section in order to crash the computer fast enough.

2) Use the windows.h API to call TerminateProcess: http://msdn.microsoft.com/en-us/library/ms686714%28v=vs.85%29.aspx The problem is this function cannot end system related tasks so it can't close csrss.exe

This has left me short on options. I need a clever way to kill csrss.exe in our own native code without an external call or a clever way to force a blue screen in internal code OR I need a very simple driver I can load and call which will blue screen the machine immediately. Could be as short as 1 line calling KeBugCheck http://msdn.microsoft.com/en-us/library/ff551948.aspx

Thanks for your time and input.

Community
  • 1
  • 1
fIwJlxSzApHEZIl
  • 11,861
  • 6
  • 62
  • 71

3 Answers3

2

Your best bet is to write a trivial driver that calls KeBugCheck() as you yourself suggest. You can take the most simple example from the Windows Driver Kit and cut it down to the barebones.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
2

I recomment Not My Fault from sysinternals.

Gabe
  • 84,912
  • 12
  • 139
  • 238
  • Just downloaded it now I will check it out. thanks. – fIwJlxSzApHEZIl Mar 25 '11 at 20:55
  • There seems like a lot of code in here. Speed is of the essence so stripping it down would be a challenge with my limited C knowledge. I'll keep it as something to fall back on. – fIwJlxSzApHEZIl Mar 25 '11 at 21:01
  • May be a lot of code but I don't see any reason why it would necessarily be too slow for your needs. It's only the performance of the path that provokes the STOP that matters. My guess is that most of the other code would not run when you actioned a STOP. – David Heffernan Mar 25 '11 at 21:04
  • good point. I will take a second look at it. – fIwJlxSzApHEZIl Mar 25 '11 at 21:05
1

Here are two ways to get a blue screen when running in kernel mode:

  1. Dereference a null pointer, or
  2. Divide by zero
Joe Friedrichsen
  • 1,976
  • 14
  • 14
  • And use the result of that (for example, print it somewhere) to avoid the compiler optimizing it away. – ninjalj Mar 25 '11 at 20:49
  • Divide by zero causes a STOP in kernel mode? Really? Anyway, there is a dedicated function to provoke a STOP. OP's problem appears to be that he doesn't have any code that runs in kernel mode yet. – David Heffernan Mar 25 '11 at 20:50
  • I know how to do both of these but am unsure how to go about getting in 'kernel' mode and my coworkers have told me it's quite hard to write a driver so I was looking for a simple one I could load whose only purpose is to BSOD. – fIwJlxSzApHEZIl Mar 25 '11 at 20:51
  • You're right -- I read the question as if OP was already running in the kernel. The driver skeleton with a bug check is the most straight-forward approach. – Joe Friedrichsen Mar 25 '11 at 21:18