<a href="{data}/news/old_attachments/images/bsod.gif"><img src="{data}/news/old_attachments/images/bsod_tn.gif" class="frame" align="left"></a>I learned this trick for crashing Windows 2000/XP a while ago. I know, I know, it doesn't take much. But, seriously, I haven't gotten a BSOD (Blue Screen Of Death) in Windows 2000 in a long time. I can't actually remember the last time I got one. This extremely simple program produces a BSOD immediately every time. Your computer <i>will</i> reboot. It still works today. It's quite simple: you simply issue one more backspace in a buffer passed to <span class="reference">printf</span> than there are characters in the buffer. You also have to compile with VC++ 6.x or 7.x. If you compile with another compiler, like Metrowerks or C++ Builder, there is no problem. The extremely simple program is shown in its entirety below. <box title="Sample Code" align="center"><c><pre>#include "stdafx.h" #include int main(int argc, char* argv[]) { printf ("\t\b\b"); return 0; } </pre></c></box> It seems to me that the reason is twofold. First, Windows 2000/XP itself must provide some sort of native API to execute <span class="reference">printf</span>. This function has a bug that causes it to access invalid memory (e.g. characters in front of the buffer) when passed certain buffers. When processing backspace characters, it doesn't check whether there are characters in the buffer to backspace over. Probably for <i>performance</i> reasons. Some would argue that performance is significantly degraded recovering from a blue screen, but I digress. This function does not throw a catchable exception, but instead seems to cause an error deep inside some vital component of Windows, as it halts the system entirely. There is no way a modern operating system should still allow this level of access for a user-accessible function. It's stunning to think what exactly their implementation of protected memory actually is. Second, Microsoft's compiler is the only one that generates code that will blow up in this fashion. This leads me to believe that they are the only ones using this system-level function; the other vendors use their own functions, which don't throw exceptions, crash <i>or</i> blue-screen the computer. It may also just be a corrupting implementation of <span class="reference">printf</span> because if the program is made much more complicated, it doesn't crash anymore. This may be due to buffers moving around and/or the overwrite error being absorbed in application memory, rather than system memory. However, system memory should <i>never</i> be in danger in the first place! And these are the guys that will lead us in <span class="reference">trustworthy computing</span>. I can't wait.