Fastest way to reproduce a Blue Screen of Death (BSOD)?

20

8

As part of a multi-operating system challenge (testing computer integrity), I need to find the fastest way to reproduce a genuine Blue Screen of Death (BSOD) on a Windows machine. Any version that is XP or later will work.

As Shinrai puts it:

So basically you're trying to BSOD a machine as fast as humanly possible, but only once, and you can't touch the machine before the clock starts?

Yep, that's exactly what I'm trying to do.

I'm wondering if there are simple commands or actions that will cause Windows to go haywire and spit out a blue screen. Any pointers would be very helpful.

Constraints:

  • Can't write a script/program
  • Can't mess with hardware
  • Must be able to do it WITHIN windows
  • Can't be fake

I need to be able to boot cleanly into Windows, then I must reproduce a BSOD on the fly. So hardware and required-boot solutions are good but they don't conform to these rules.


CONCLUSIONS
I arrived at the competiton ready to implement Shinrai's method of BSOD. Turns out there were no specific rules about turning your computer on and off, only that you can't mess with the hardware. I checked my keyboard -- it was a USB one, so I knew which key to edit. We were told to start and I quickly found and edited the key and rebooted. Luckily these were bare bones computers and not a lot of services had to be started - resulting in a fairly quick reboot. Looking around, I saw people screwing around with the registry but no one else was restarting their computer. I did the keyboard combination and BOOM windows spewed a beautiful BSOD (something the OS is actually good for).

I ended up winning and I only had one thing to say: "I'm happy to be going home to my linux box".

Thanks to Shinrai for the winning solution!

n0pe

Posted 2011-07-11T17:15:04.943

Reputation: 14 506

5I'll add this as a comment since I'm sure that there are better ways, but on any machine with powershell on it the fastest way that I have found is: Remove-Item HKLM:* -recurse -force – EBGreen – 2011-07-11T17:34:36.377

1@EBGreen - Actually, that's pretty damned effective for this particular situation. – Shinrai – 2011-07-11T17:35:39.920

@EBGreen - that's right along the lines of what I'm looking for. Does XP comes with powershell by default? – n0pe – 2011-07-11T17:38:44.830

Unfortunately no it does not – EBGreen – 2011-07-11T17:39:27.443

@MaxMackie - http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16818

– Shinrai – 2011-07-11T17:39:35.300

I'm going to double check and see if having an Internet connection is alright in the challenge. If not, we still need a solution for Windows' without power shell. – n0pe – 2011-07-11T18:03:06.903

@MaxMackie: Your own question states "Any version post XP". Not "Any version XP or later". You might want to fix that if your solution has to be applicable to XP as well, just in case. – JAB – 2011-07-11T20:30:47.910

Does opening the side of the case count as "messing with the hardware?" If not, just open the case and hold a bright 60-watt lightbulb next to the ram :) – BlueRaja - Danny Pflughoeft – 2011-07-11T22:39:45.343

Also, are you able to edit the BIOS settings? Depending on the motherboard, there may be a number of settings you could change that would BSOD windows immediately upon startup – BlueRaja - Danny Pflughoeft – 2011-07-11T22:42:09.323

1

"Can't WRITE a script/program" Does that mean you can download a program from Sysinternals that does it? If yes: http://dl.dropbox.com/u/16862782/NotMyFault.zip will crash it instantly. AH HAHAHA!

– sinni800 – 2011-07-11T23:15:17.400

@sinni800 - That's funny but alas, we cannot use it :( – n0pe – 2011-07-13T13:57:22.500

1@MaxMackie - What ended up being the winning solution? – Shinrai – 2011-07-22T19:01:47.023

@Shinrai - Unfortunately, none of them fit my requirements 100%. Yours is the closest and I will accept it in a couple days unless something better comes along. – n0pe – 2011-07-22T19:58:34.213

@MaxMackie - I really meant in your competition, not here. :) I assumed it had already happened? – Shinrai – 2011-07-22T20:19:32.860

@Shinrai - Not yet but thanks for asking :) It's next week which is why I'm waiting until then to post results. – n0pe – 2011-07-22T20:46:44.937

@Shinrai - edited my post, thanks again – n0pe – 2011-07-25T17:04:39.703

Answers

21

There is in fact a developer tool built into most versions of Windows to generate a BSOD on command. Here's how you cause it in Windows 7 on either a USB or PS/2 keyboard (I believe it is the same for XP/Vista on USB even though this article doesn't say so, I may be mistaken though):

You must ensure the following three settings before the keyboard can cause a system crash:

If you wish a crash dump file to be written, you must enable such dump files, choose the path and file name, and select the size of the dump file. For more information, see Enabling a Kernel-Mode Dump File.

With PS/2 keyboards, you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters, create a value named CrashOnCtrlScroll, and set it equal to a REG_DWORD value of 0x01.

With USB keyboards, you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters, create a value named CrashOnCtrlScroll, and set it equal to a REG_DWORD value of 0x01.

You must restart the system for these settings to take effect.

After this is completed, the keyboard crash can be initiated by using the following hotkey sequence: Hold down the rightmost CTRL key, and press the SCROLL LOCK key twice.

The system then calls KeBugCheck and issues bug check 0xE2 (MANUALLY_INITIATED_CRASH). Unless crash dumps have been disabled, a crash dump file is written at this point.

If a kernel debugger is attached to the crashed machine, the machine will break into the kernel debugger after the crash dump file has been written.

Shinrai

Posted 2011-07-11T17:15:04.943

Reputation: 18 051

3Good answer for all keyboards, but does still require a lengthy reboot. – n0pe – 2011-07-11T17:26:05.417

@MaxMackie - You only have to reboot the first time you change the setting, I didn't expect that would be a problem. It sounds like you'll be doing a lot of testing from the way you worded the question. :) – Shinrai – 2011-07-11T17:26:59.913

yeah that's my fault for not specifying. I will edit my question and be a little more specific. – n0pe – 2011-07-11T17:27:37.943

@MaxMackie - I see your edit but I don't see why a 'lengthy reboot' is a problem, but maybe I'm reading you wrong. You change the settings, reboot once, and then you can generate blue screens to your hearts content until the end of time (or the machine fails, whichever comes first). Of course, you'll have to reboot after each blue screen but that's true with ANY blue screen... – Shinrai – 2011-07-11T17:30:36.167

1Maybe I'm too vague in my question. This is for a sort of challenge. We need to reproduce a one-time BSOD. It doesn't matter if it only takes 1 reboot, it's only the first occurrence of the BSOD that actually counts. – n0pe – 2011-07-11T17:32:04.633

@MaxMackie - OH. So basically you're trying to BSOD a machine as fast as humanly possible, but only once, and you can't touch the machine before the clock starts? Well that's a very different animal, yes. I was getting the impression that this was for software testing or something. – Shinrai – 2011-07-11T17:33:14.887

Yep, you got it :) I'm going to put that in my question. – n0pe – 2011-07-11T17:35:06.737

5

This is an old documented technique. Should work at least up to Vista:

Find in regedit:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters\

Create a DWORD key named CrashOnCtrlScroll and set it's value to 1.

...

To generate a BSOD, hold the right CTRL and press ScrollLock twice.

A Dwarf

Posted 2011-07-11T17:15:04.943

Reputation: 17 756

This only works for PS/2 keyboards. See my answer for USB as well. – Shinrai – 2011-07-11T17:24:54.767

Seems like this works, but you need to reboot for it to take effect. Pretty long. – n0pe – 2011-07-11T17:25:38.647

2Nice one shinrai. You got +1 – A Dwarf – 2011-07-11T17:35:49.737

3

You can enable manually initiated crashes by performing these registry changes.

If your BIOS can switch your system's hard drive adapter between native SATA and legacy ATA mode (and possibly IRRT), switching to a different mode Windows was installed in will usually produce a BOOT_VOLUME_INACCESSIBLE error. I'm pretty sure disabling ACPI (if possible on your BIOS) when Windows was installed with ACPI enabled will also result in a bluescreen on boot.

Killing winlogon.exe using Sysinternal's Process Explorer produces a blue screen, but it's not the traditional "A problem has been detected and Windows has been shutdown to protect your computer..." screen.

This may also interest you - BlueScreen Screen Saver from Sysinternals.

LawrenceC

Posted 2011-07-11T17:15:04.943

Reputation: 63 487

Rightclick on wininit.exe -> "Kill Process Tree" will create a BSOD with "CRITICAL_PROCESS_DIED" – matthid – 2016-09-24T11:48:26.423

lol at the screensaver, I love that thing. Probably not quite what he wants, though. xD – Shinrai – 2011-07-11T17:31:15.027

After Max's comment on my answer, probably killing winlogon is the best solution to his problem. (I can't think of another app offhand that'll do the same thing but I'm sure there are others.) – Shinrai – 2011-07-11T17:34:41.640

The screensaver is hilarious but yeah I'm not looking for that :) – n0pe – 2011-07-11T17:36:17.470