|<<>>|261 of 275 Show listMobile Mode

Blue Screen Program

Published by marco on

I learned this trick for crashing Windows 2000/XP a while ago. I know, I know, it doesn’t take much. But, seriously, I haven’t gotten a BSOD (Blue Screen Of Death) in Windows 2000 in a long time. I can’t actually remember the last time I got one. This extremely simple program produces a BSOD immediately every time. Your computer will reboot.

It still works today. It’s quite simple: you simply issue one more backspace in a buffer passed to printf than there are characters in the buffer. You also have to compile with VC++ 6.x or 7.x. If you compile with another compiler, like Metrowerks or C++ Builder, there is no problem. The extremely simple program is shown in its entirety below.

Sample Code

#include “stdafx.h”
#include <stdio.h>

int main(int argc, char* argv[])
{
	printf (“\t\b\b”);
	return 0;
}

It seems to me that the reason is twofold.

First, Windows 2000/XP itself must provide some sort of native API to execute printf. This function has a bug that causes it to access invalid memory (e.g. characters in front of the buffer) when passed certain buffers. When processing backspace characters, it doesn’t check whether there are characters in the buffer to backspace over. Probably for performance reasons. Some would argue that performance is significantly degraded recovering from a blue screen, but I digress.

This function does not throw a catchable exception, but instead seems to cause an error deep inside some vital component of Windows, as it halts the system entirely. There is no way a modern operating system should still allow this level of access for a user-accessible function. It’s stunning to think what exactly their implementation of protected memory actually is.

Second, Microsoft’s compiler is the only one that generates code that will blow up in this fashion. This leads me to believe that they are the only ones using this system-level function; the other vendors use their own functions, which don’t throw exceptions, crash or blue-screen the computer. It may also just be a corrupting implementation of printf because if the program is made much more complicated, it doesn’t crash anymore. This may be due to buffers moving around and/or the overwrite error being absorbed in application memory, rather than system memory. However, system memory should never be in danger in the first place!

And these are the guys that will lead us in trustworthy computing. I can’t wait.

Copyright (c) 1999-2024 earthli.com. All Rights Reserved.
Powered by