Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Create BSOD from user mode?

Tags:

c++

c

kernel

bsod

I was getting bored with my XP box one day, so I decided to try some of the answers to this question to see if any of them would cause a BSOD.
They didn't, and they seemed like they would be the most likely to do that, so I was wondering if it is possible to trigger a BSOD from user-mode in C/C++, and if so, how?

like image 731
Nate Koppenhaver Avatar asked Aug 12 '11 00:08

Nate Koppenhaver

People also ask

How do you trigger a BSOD?

If you're using a laptop that doesn't have a scroll lock key, you can typically trigger it by holding down the Fn key, then double-tapping either the C, K, S, or the F6 key. If you do the key input correctly, your PC will immediately bluescreen.

How do I force a blue screen in Windows 10?

You can trigger a Windows 10 BSoD (or GSoD) in 3 steps: Open Command Prompt, and choose "Run as administrator" Type in the following command: TASKKILL /IM svchost.exe /F. Press Enter.

Can a program cause a bluescreen?

Software: Incompatible software like apps or programs may cause conflicts the result in the BSOD. Hardware: Faulty memory (RAM), hard disk drive (HDD), solid-state drive (SSD), motherboard, processor, or a power supply unit (PSU) can all be responsible for the blue screen crashes.

2 Answers

It's just this:

#include <iostream>
#include <Windows.h>
#include <winternl.h>
using namespace std;
typedef NTSTATUS(NTAPI *pdef_NtRaiseHardError)(NTSTATUS ErrorStatus, ULONG NumberOfParameters, ULONG UnicodeStringParameterMask OPTIONAL, PULONG_PTR Parameters, ULONG ResponseOption, PULONG Response);
typedef NTSTATUS(NTAPI *pdef_RtlAdjustPrivilege)(ULONG Privilege, BOOLEAN Enable, BOOLEAN CurrentThread, PBOOLEAN Enabled);
int main()
{
    BOOLEAN bEnabled;
    ULONG uResp;
    LPVOID lpFuncAddress = GetProcAddress(LoadLibraryA("ntdll.dll"), "RtlAdjustPrivilege");
    LPVOID lpFuncAddress2 = GetProcAddress(GetModuleHandle("ntdll.dll"), "NtRaiseHardError");
    pdef_RtlAdjustPrivilege NtCall = (pdef_RtlAdjustPrivilege)lpFuncAddress;
    pdef_NtRaiseHardError NtCall2 = (pdef_NtRaiseHardError)lpFuncAddress2;
    NTSTATUS NtRet = NtCall(19, TRUE, FALSE, &bEnabled); 
    NtCall2(STATUS_FLOAT_MULTIPLE_FAULTS, 0, 0, 0, 6, &uResp); 
    return 0;
}
like image 96
Петър Петров Avatar answered Sep 23 '22 04:09

Петър Петров

There's the undocumented function NtRaiseHardError.

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Error/NtRaiseHardError.html

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Error/HARDERROR_RESPONSE_OPTION.html

If the fifth parameter is 6 (OptionShutdownSystem), you'll get a BSOD. This requires enabling the shutdown privilege.

like image 42
user933111 Avatar answered Sep 24 '22 04:09

user933111
Sign in to Comment

Related questions

Inheritance in C++
Which platform should I use : native C++ or C#? [closed]
Testing the performance of a C++ app
c++ for loop temporary variable use
C++: Multi threading and reference counting
When exactly is the postfix increment operator evaluated in a complex expression?
How to return NULL from a method in a Template Class
Is a logical right shift by a power of 2 faster in AVR?
How can I make swap function faster in c++ ?
why is std::chrono::duration based on seconds
Long strings with newlines
Getting first byte in a char* buffer
Accessors vs. public members
How do I create "undo" in C++?
C++ hex string to unsigned int [duplicate]
how is x&&y||z evaluated?
What is the time complexity of traversing a 2d array
Converting an uint64 to string in C++
How to get std::string from command line arguments in win32 application?
Why methods can not return multiple values

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!