How do I know if Windows has just recovered from a BSOD?

From http://support.microsoft.com/kb/317277: If Windows XP restarts because of a serious error, the Windows Error Reporting tool prompts you...

How can my app know that "Windows XP has restarted because of a serious error"?

Delphi 2010 BSOD Errors

We ported an application from Delphi 7 over to Delphi 2010 and have had customers encountering intermittent BSOD (blue screen of death) errors while running under Windows XP. The errors are very sporadic and have been very hard to track down. FYI : We are using the built-in memory manager from Delphi 2010.

Our first thought was a hardware issue but upgrading system drivers failed to fix the problem.

Has anyone else encountered BSOD issues under XP with Delphi 2010 generated applications? If so, do you have any suggestions on how we might correct this problem?

Thanks for your assistance!

Simulating a BlueScreen

I am trying to make a program that records a whole bunch of things periodically. The specific reason is that if it bluescreens, a developer can go back and check a lot of the environment and see what was going on around that time.

My problem, is their a way to cause a bluescreen? Maybe with a windowsAPI call (ZeroMemory maybe?).

Anywhoo, if you can think of a way to cause a bluescreen on call I would be thankful.

The computer I am testing this on is designed to take stuff like this haha.

by the way the language I am using is C\C++. Thank you

Invoke Blue Screen of Death using Managed Code

Just curious here: is it possible to invoke a Windows Blue Screen of Death using .net managed code under Windows XP/Vista? And if it is possible, what could the example code be?

Just for the record, this is not for any malicious purpose, I am just wondering what kind of code it would take to actually kill the operating system as specified.

programmatically trigger BSOD

Purely for academic reasons.

is it possible to programmatically cause a BSOD to occur under windows xp/windows 7 in C#/.NET.

I'm suggesting there's got to be some dirty hack, or some vulnerability to abuse to cause this.

I'm looking for a snippet of code to run that guarantees a BSOD in a finite period of time.

Can a simple program be responsible for a BSOD?

I've got a customer who told me that my program (simple user-land program, not a driver) is crashing his system with a Blue Screen Of Death (BSOD). He says he has never encountered that with other program and that he can reproduce it easily with mine.

The BSOD is of type CRITICAL_OBJECT_TERMINATION (0x000000F4) with object type 0x3 (process): A process or thread crucial to system operation has unexpectedly exited or been terminate.

Can a simple program be responsible for a BSOD (even on Vista...) or should he check the hardware or OS installation?

Why does this iframe tag causes Safari on x64 Windows to crash?

In case you have not heard this piece of code will cause a BSoD crash on x64 bit Windows 7 when ran in Safari

<iframe height='18082563'></iframe>

So naturally the question is how exactly does it happen, and why 18082563 and not say "1808256 4" ?

General Protection Fault

How to detect the process that caused a GPF?

BSOD Error Code Explanation

I am retrieving system failure information from the event logs for diagnosis of system crash and displaying a list of possible issues.

In a generic BSOD, what do the four hex values in brackets signify. Is there anyway they can be used for further diagnosis of the problem, beyond the main error code? i.e 0x000000A. If yes, how?

Windows bug check callback not called on 64 bit systems

We have ported our driver successfully to 64 bit systems a while ago.

But one thing is missing, which is not very important but it was a very handy debugging feature.

The callbacks registered with KeRegisterBugCheckReasonCallback is never called. The function returns a TRUE for success, but my callback is never called. I also tried different values for the parameter reason with no success. A try with the older KeRegisterBugCheckCallback also failed.

What I am doing wrong?

Did I missed something in the documentation?

Linux guest makes Windows host BSOD IRQL_NOT_LESS_OR_EQUAL

When I start up my Linux VM (Xubuntu 14.04 aka Trusty) on VMWare Player (v6.0.3), my Windows host (Windows 7 pro x64) makes an IRQL_NOT_LESS_OR_EQUAL blue screen of death.

The fact is that BSOD occurs juste after selecting an entry in my guest's GRUB screen.

How to avoid that?

C# Simulate Key Press

I was looking for a way to simulate pressing the right Ctrl key in C#, it must be the right one. I know this can be done for the left one but I couldn't find anything on the right one. It is so I can simulate the key press for the manually triggered bsod.

Thanks

make a windows 7 machine crash on BSOD

I'm trying to write a windows debug utility and I would need to automatically crash a Windows machine and make a Blue Screen Of Death appear.

I can obviously kill the csrss.exe process from the task manager, but the command TASKKILL /F /IM csrss.exe in a .bat file doesn't work.

Is there another way to make a Windows machine crash on bsod? Maybe some external library able to kill any process.

I would prefer to use a command line approach since I'm more familiar with it.

Retrieving BSOD text from VM

How would you retrieve the BSOD text from a virtualbox vm??

As the BSOD is text, it should be stored in the VM's memory space somewhere and probably somewhere well defined.

I have several VMs that have been configured to stop on blue screens rather than rebooting, and code is in place to take screen shots at regular intervals.

At this point my plan is to difference two images, if there are no differences ( i.e. there have been no changes on the screen) and the pixels in the 4 corners are all blue ( and the right blue) then we attempt extraction of the BSOD text, search the text for the "* STOP:" sequence to confirm it as a BSOD.

I originally planed on a quick and dirty OCR solution to extract text from the image itself, however if we can relatively easily extract it from memory we would remove the possibility of OCR errors.

I've perused the manual and API reference and haven't seen anything that seems to immediately apply.

Is it possible to access the guests memory from the Virtual Box host and retrieve the BSOD text directly from memory?

UPDATE

Just to clarify, I've considered 4 different options at this time

1) Reverse engineering the windows debug protocol and building at least a basic debugger to listen on the vm's serial port

• Requires reverse engineering serial protocol, suspect this would present a fair amount of difficulty

2) Reverse engineering the Virtualbox saved state file and extracting the text from the VESA memory area that I suspect is stored in that file after saving the VM on the BSOD

• I haven't been able to find documentation on this file format outside the source code itself.

3) Running OCR on the output image retrieved using the API

• This may be the best way to go, requires building or setting up and training an ocr solution of some kind, outside my experience. May be relatively simple to do, constant width font/ clean image, only two colours to deal with

4) Access the guests memory directly using either an API call or by creating an extension to access/expose it in some manner

• As pointed out by Warren, there doesn't seem to be an API to access the memory, may be able to write an extension to expose the vm's memory in some manner, but would require understanding of Virtualbox internals.

This is running on Solaris hosts, and some may only have one Windows vm available that may or may not boot. This VM could be any relatively recent version of windows (XP, 2003, 2003 R2, 2008,Vista, 2008 R2). I can spawn an arbitrary number of Linux based VM's, however I cannot spawn additional windows VM's due to licensing concerns. My thought to this point has been that retrieving it directly from the guests memory would be the easiest to implement, perhaps I'm mistaken in that and one of the above methods, or one I haven't thought of, would be easier to implement

SerialPort and the BSOD

I've written some C# code that checks whether a device is present on any SerialPort by issuing a command on the port and listening for a reply. When I just set the port speed, open the port, get the serial stream and start processing, it works 100% of the time. However, some of our devices work at different speeds and I am trying to probe for a device at various speeds to autonegotiate a connection as well as detect device presence.

When I do all this in a single thread there are no problems. However, 3s timeout at ten speeds is 30s per serial port, and there may be several. Hence the desire to probe all ports concurrently.

Sometimes this works. Sometimes Vista bluescreens. When I use threads to probe all the ports simultaneously it nearly always bluescreens. When I force everything to run in one thread it never happens.

A USB-serial Prolific PL-2303 adaptor is in use with x64 drivers.

@Vinko - thanks for the tip on reading minidumps.

As near as I can tell, the crux of the problem is that by starting a new asynchronous I/O operation from a different thread it is possible to give a whole new meaning to overlapped I/O, inducing a race condition inside the driver. Since the driver executes in kernel mode, BLAM!

Epilogue

Except for kicking off, don't use BeginXxx outside of the callback handler and don't call BeginXxx until you've called EndXxx, because you'll induce a race condition in driver code that runs in kernel mode.

Postscript

I have found that this also applies to socket streams.