programmatically trigger BSOD

Question

Purely for academic reasons.

is it possible to programmatically cause a BSOD to occur under windows xp/windows 7 in C#/.NET.

I'm suggesting there's got to be some dirty hack, or some vulnerability to abuse to cause this.

I'm looking for a snippet of code to run that guarantees a BSOD in a finite period of time.

@ChadMoran if you can interface with a driver and trick it into causing a BSOD then that's fair game. I guess it becomes very machine specific then. — Raynos, Apr 20 '11 at 21:59
Well, you can always enable the CrashOnCtrlScroll feature and then programmatically send a Ctrl+ScrollLock+ScrollLock. But that would require you to modify the Windows registry. — Jonas Engström, Apr 20 '11 at 22:06
@Raynos yes, but you have to reboot the machine to make the setting effective. — Jonas Engström, Apr 20 '11 at 22:08
@JonasGulle you can continue to run C# code on startup again, right? Just like an installer. — Raynos, Apr 20 '11 at 22:09
@Raynos of course, use the AppInitDLLs key, RunOnce/Run, Startup or any other autorun feature in Windows. [Autoruns](http://technet.microsoft.com/en-us/sysinternals/bb963902) list all executables that is run automatically, just take your pick :) — Jonas Engström, Apr 20 '11 at 22:13
@Martinho It's actually very useful to collect a memory dump for post-mortem when you're investigating or reproducing some bug in a kernel driver. — Jonas Engström, Apr 20 '11 at 22:16
Presenting a new operating system feature to a large audience usually does the trick. Try finding a old or new beta version of Windows, gather a large audience and call the new API :-) — Danny Varod, Apr 20 '11 at 22:31
I posted an answer for the same question in python. You should be able to easily port the functionality implemented by this script in C#: https://stackoverflow.com/a/71451311/3970359 — McSebi, Mar 16 '22 at 14:48

Matěj Zábský · Accepted Answer · 2011-04-20T22:09:00.657

29

Killing process "csrss.exe" causes BSOD.

But you need Administrator privileges to do this. I'm not sure there is a way to do this purely with restricted privileges.

EDIT:

Yep, it works alright. I cooked myself a nice little BSOD :)

System.Diagnostics.Process.GetProcessesByName("csrss")[0].Kill();

edited Apr 20 '11 at 22:09

answered Apr 20 '11 at 21:59

Matěj Zábský

16,909
15
69
114

2

I'm afraid it has to be a piece of C# code. Having local administrator rights is fair game. – Raynos Apr 20 '11 at 22:01
2

Then [this 'utility'](http://technet.microsoft.com/en-us/sysinternals/bb897558 "BSOD") probably won't do either :] – mousio Apr 20 '11 at 22:06
I guess you can kill the winlogon process aswell to trigger a BSOD – Jonas Engström Apr 20 '11 at 22:17
@mousio Or how about NotMyFault? http://dl.dropbox.com/u/16862782/NotMyFault.zip Run as admin, click "do bug" and BOOM, real bluescreen. – sinni800 May 04 '12 at 11:37
@JonasGulle And wininit.exe but you need to kill all the children processes too. – mekb Aug 24 '19 at 04:36

score 4 · Answer 2 · answered Mar 02 '13 at 22:59

4

Use Process.Start to run the SysInternals NotMyFault tool which causes a BSOD (it uses a diver to do this which is the only way).

Killing csrss.exe would also work currently but that that's an undocumented way that might just go away in future version of Windows. NotMyFault uses a documented and clean way to do it.

answered Mar 02 '13 at 22:59

usr

168,620
35
240
369

Critical processes are documented: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-isprocesscritical, although I suppose it's true that it may not be documented that csrss.exe is one. It's possible to use the service control manager to create critical processes so worst comes to worst, you can create your own and then kill it. – Benj Dec 07 '20 at 11:35

score 0 · Answer 3 · answered Feb 11 '16 at 12:28

0

Create a ping. Kill the program. Instant bsod courtesy of microsoft's tcpip.sys in .net 4.

You'll get a process has locked pages. :)

answered Feb 11 '16 at 12:28

Bryan

1

score 0 · Answer 4 · answered Jul 02 '19 at 18:14

0

For all versions of windows you can kill svchost.exe and you will see the BSoD with Critical_Process_Died

answered Jul 02 '19 at 18:14

TheFnafException

25
9

score 0 · Answer 5 · answered Apr 20 '11 at 22:09

0

I once had "problems" under Windows 7, causing BSOD when using the Ping::Send method during debugging. So Debugger::Attach and then pinging might work for you, as well. :)

answered Apr 20 '11 at 22:09

Yam Marcovic

7,953
1
28
38

score 0 · Answer 6 · edited Aug 09 '20 at 15:05

0

You could make the process critical and then kill it

using System;
using System.Runtime.InteropServices;

then:

[DllImport("ntdll.dll", SetLastError = true)]
private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
System.Diagnostics.Process.EnterDebugMode();
RtlSetProcessIsCritical(1, 0, 0);
System.Diagnostics.Process.GetCurrentProcess().Kill();

edited Aug 09 '20 at 15:05

iknow

8,358
12
41
68

answered Aug 09 '20 at 14:42

Dumbstuff

1

score -11 · Answer 7 · answered Dec 15 '12 at 00:19

-11

Over ping your localhost, it will overload your cpu causing a bsod.

answered Dec 15 '12 at 00:19

Pat

1

programmatically trigger BSOD

7 Answers7

Linked

Related