Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Create BSOD from user mode?

Tags:

c++

c

kernel

bsod

I was getting bored with my XP box one day, so I decided to try some of the answers to this question to see if any of them would cause a BSOD.
They didn't, and they seemed like they would be the most likely to do that, so I was wondering if it is possible to trigger a BSOD from user-mode in C/C++, and if so, how?

like image 731
Nate Koppenhaver Avatar asked Aug 12 '11 00:08

Nate Koppenhaver


People also ask

How do you trigger a BSOD?

If you're using a laptop that doesn't have a scroll lock key, you can typically trigger it by holding down the Fn key, then double-tapping either the C, K, S, or the F6 key. If you do the key input correctly, your PC will immediately bluescreen.

How do I force a blue screen in Windows 10?

You can trigger a Windows 10 BSoD (or GSoD) in 3 steps: Open Command Prompt, and choose "Run as administrator" Type in the following command: TASKKILL /IM svchost.exe /F. Press Enter.

Can a program cause a bluescreen?

Software: Incompatible software like apps or programs may cause conflicts the result in the BSOD. Hardware: Faulty memory (RAM), hard disk drive (HDD), solid-state drive (SSD), motherboard, processor, or a power supply unit (PSU) can all be responsible for the blue screen crashes.


2 Answers

It's just this:

#include <iostream>
#include <Windows.h>
#include <winternl.h>
using namespace std;
typedef NTSTATUS(NTAPI *pdef_NtRaiseHardError)(NTSTATUS ErrorStatus, ULONG NumberOfParameters, ULONG UnicodeStringParameterMask OPTIONAL, PULONG_PTR Parameters, ULONG ResponseOption, PULONG Response);
typedef NTSTATUS(NTAPI *pdef_RtlAdjustPrivilege)(ULONG Privilege, BOOLEAN Enable, BOOLEAN CurrentThread, PBOOLEAN Enabled);
int main()
{
    BOOLEAN bEnabled;
    ULONG uResp;
    LPVOID lpFuncAddress = GetProcAddress(LoadLibraryA("ntdll.dll"), "RtlAdjustPrivilege");
    LPVOID lpFuncAddress2 = GetProcAddress(GetModuleHandle("ntdll.dll"), "NtRaiseHardError");
    pdef_RtlAdjustPrivilege NtCall = (pdef_RtlAdjustPrivilege)lpFuncAddress;
    pdef_NtRaiseHardError NtCall2 = (pdef_NtRaiseHardError)lpFuncAddress2;
    NTSTATUS NtRet = NtCall(19, TRUE, FALSE, &bEnabled); 
    NtCall2(STATUS_FLOAT_MULTIPLE_FAULTS, 0, 0, 0, 6, &uResp); 
    return 0;
}
like image 96
Петър Петров Avatar answered Sep 23 '22 04:09

Петър Петров


There's the undocumented function NtRaiseHardError.

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Error/NtRaiseHardError.html

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Error/HARDERROR_RESPONSE_OPTION.html

If the fifth parameter is 6 (OptionShutdownSystem), you'll get a BSOD. This requires enabling the shutdown privilege.

like image 42
user933111 Avatar answered Sep 24 '22 04:09

user933111