9

I am trying to make a program that records a whole bunch of things periodically. The specific reason is that if it bluescreens, a developer can go back and check a lot of the environment and see what was going on around that time.

My problem, is their a way to cause a bluescreen? Maybe with a windowsAPI call (ZeroMemory maybe?).

Anywhoo, if you can think of a way to cause a bluescreen on call I would be thankful.

The computer I am testing this on is designed to take stuff like this haha.

by the way the language I am using is C\C++. Thank you

William Brendel
  • 31,712
  • 14
  • 72
  • 77

8 Answers8

12

You can configure a machine to crash on a keystroke (Ctrl-ScrollLock)

Since it appears that there are times when that won't work on some systems with USB keyboards, you can also get the Debugging Tools for Windows, install the kernel debugger, and use the ".crash" command to force a bugcheck.

Michael Burr
  • 333,147
  • 50
  • 533
  • 760
  • The only down side to this is it's a "fake" bluescreen. I don't mean fake as in you can recover, but there's a codepath in windows that specifically bluescreens when you hit the keys, or use the kernel debugger, where killing csrss is actually a crash. – Walden Leverich Mar 20 '09 at 19:36
  • For the keyboard option, the crash is in a driver handling the interrupt - can't get much more non-determinisitic than that. Pretty similar for the kd crash - break into kd using Ctrl-C and the system can be in any state. The CSRSS crash is actually caused by specific code in Windows. – Michael Burr Mar 20 '09 at 19:45
  • @Michael, it's more violent than CSRSS, but still doesn't cause memory corruption etc, and so might be a bit less effective for testing. Though if one wants to be really violent, pulling the plug is effective :) – bdonlan Aug 04 '09 at 00:41
6

In order to cause a BSOD, a driver running in kernel mode needs to cause it. If you really want to do this, you can write a driver which exposes KeBugCheck to usermode.

http://msdn.microsoft.com/en-us/library/ms801640.aspx

Thanks to Andrew below for pointing this utility out:

http://download.sysinternals.com/files/NotMyFault.zip

Jesse Weigert
  • 4,714
  • 5
  • 28
  • 37
  • 1
    SysInternals provides a utility called "[NotMyFault](http://download.sysinternals.com/files/NotMyFault.zip)" that can generate crashes (by calling `KeBugCheckEx` and a variety of other ways) if you don't want to write your own. – nobody Sep 18 '14 at 16:42
4

If you kill the csrss process you'll get a blue-screen rather quickly.

Walden Leverich
  • 4,416
  • 2
  • 21
  • 30
1

First of all, I would advise you to use a Virtual Machine to test this BSOD on. This will allow you to keep a backup just in case the BSOD does some damage to the system. Here's a tip on how to generate a BSOD simply by pressing CTRL+SCROLLLOCK+SCROLLLOCK.

Is there a Windows API to generate one? No, according to this article. Still, if you would call certain API's with invalid data, they could still cause a crash inside the kernel, which would result in your BSOD.

Wim ten Brink
  • 25,901
  • 20
  • 83
  • 149
1

If you want to simulate a hard crash such as a bluescreen, you'd pretty much have to yank the power cord. NOT recommended.

In case of a crash, anything not saved to persistent storage will be lost. If you want to simulate a crash for purposes of logging, write a "kill switch" into your logger, which stops the logging. Now you can simulate a crash by killing the logging and making sure you have the data you would have wanted in case of an actual crash.

Dave Swersky
  • 34,502
  • 9
  • 78
  • 118
  • Their will be really no other programs running on the computer but mine so I am not worried about data loss. I am using this computer specifically for stress testing. I want an actual bluescreen for the accuracy. –  Mar 20 '09 at 19:26
0

If you dont want to write code (driver, IOCTL...) you can use DiskCryptor. Note that no disk encrypting is need.

Just need to install the driver:

dcinst.exe -setup

And then generate a bsod using the DC console:

dccon.exe -bsod

zapador
  • 897
  • 2
  • 11
  • 20
0

Run process as critic and exit http://waleedassar.blogspot.co.uk/2012/03/rtlsetprocessiscritical.html

user956584
  • 5,316
  • 3
  • 40
  • 50
0

I'm not sure exactly what you'd be testing. Since your program runs periodically, surely it's enough to check that the information is being dumped at the frequency that you specify while the system is running? Are you checking that the information stays around after the blue screen? Depending on how you are dumping it (and whether you are flushing buffers), this may not be necessary.

tvanfosson
  • 524,688
  • 99
  • 697
  • 795
  • I am trying to make a program to have developers understand what causes bluescreens. It works by storing a lot of runtime information at certain times. –  Mar 20 '09 at 19:29
  • @dafis -- my point is that the program stores information. since it stores it periodically, not at the time of the blue screen, it ought to be enough to test that the information is stored. I'm not sure what additional benefit you get from causing the blue screen. – tvanfosson Mar 20 '09 at 19:54
  • @tvan, perhaps he wants to see whether the information will be useful at identifying the cause of the bluescreen? – bdonlan Aug 04 '09 at 00:42