Home » Articole » Articles » Computers » Computer security » Blue screen of death

Blue screen of death

BSoD_in_Windows_8

The so-called blue screen of death, also abbreviated as BSoD, refers to the screen displayed by Microsoft’s Windows operating system when it cannot (or is in danger of being unable to) recover from a system error. There are two Windows error screens that are both referred to as the blue screen of death, with one being significantly more serious than the other.

A BSoD is also a “Stop Error”, as known in the Windows XP manuals.

A “true” blue screen of death occurs when the Windows NT operating system’s kernel cannot recover from an error, and the only action a user can take is to restart the operating system, losing all unsaved work and possibly breaking the integrity of the file system. The information displayed on the blue screen of death is often not enough to determine what went wrong, even for someone with access to the source code (for example, it does not contain a stack dump, and if it did, it would be a lot of work to copy it somewhere else since you cannot save the data displayed on the screen at this point). It only displays at what point the code crashed, which can be completely different from where the error originated, and thus can mislead users into believing it is a hardware error or similar. The blue screen of death usually occurs only after Windows encounters a very serious error. This version of the blue screen of death is present in Windows NT, Windows 2000, and Windows XP, the latter two of which are based on NT.

 In the Windows 9x era, incompatible DLLs or bugs in the operating system kernel could also cause BSoDs.

The less serious blue screen of death occurs in Microsoft’s home desktop operating systems Windows 95, 98, and Me. In these operating systems, the BSoD is the main way for VxDs to report errors to the user. It is internally referred to by the name of “_VWIN32_FaultPopup”. A Windows 9x/Me BSoD gives the user the option to either restart or continue. However, VxDs do not display BSoDs frivolously—they usually indicate a problem which cannot be fixed without restarting the computer, and hence after a BSoD is displayed the system is usually unstable or unresponsive.

The most common reason for BSoD’ing is problems with incompatible versions of DLLs. This cause is sometimes referred to as DLL hell. Windows loads these DLLs into memory when they are needed by application programs; if versions are changed, the next time an application loads the DLL it may be different from what the application expects. These incompatibilities increase over time as more new software is installed, and is one of the main reasons why a freshly-installed copy of Windows is more stable than an “old” one.

The following is a re-creation of a Windows NT/2000/XP BSoD:

*** STOP: 0x0000000A (0x00000000, 0x00000002,
0x00000000, 8038c510) IRQL_NOT_LESS_OR_EQUAL*** Address 8038c510 has
base at 8038c000 – Ntfs.sys

CPUID:AuthenticAMD irq1:1f SYSVER 0xf0000565

 

Dll Base DateStmp – Name
80100000 336546bf – ntoskrnl.exe
80000100 334d3a53 – atapi.sys
802ab000 33013e6b – epst.mpd
802b9000 336015af – CLASS2.SYS
802bd000 33d844be – Floppy.sys
f9328000 31ec6c8d – Siwvid.sys
f9468000 31ed868b – KSecDD.sys
f9348000 335bc82a – i8024prt.sys
f947c000 31ec6c94 – kbdclass.sys
f9370000 33248011 – VIDEOPORT.SYS
f9480000 31ec6c6d – vga.sys
f90f0000 332480d0 – Npfs.sys
a0000000 335157ac – win32k.sys
fe0c9000 335bd30e – Fastfat.SYS
fe108000 31ec6c9b – Serial.sys
f9050000 332480ab – Parallel.sys
 

Dll Base DateStmp – Name
80010000 33247f88 – hal.dll
80007000 33248043 – SCSIPORT.SYS
802b5000 336016a2 – Disk.sys
8038c000 3356d637 – Ntfs.sys
803e4000 33d84553 – viaide.sys
f95c9000 31ec6c99 – Null.SYS
f95cb000 335e60cf – Beep.SYS
f95cb000 3373c39d – ctrl2cap.SYS
f9474000 3324806f – mouclass.sys
fe9d7000 3370e7b9 – NDIS.SYS
f93b0000 332480dd – Msfs.SYS
fe957000 3356da41 – ati.sys
fe914000 334ea144 – ati.dll
fe110000 31ec6c9b – Parport.SYS
f93b4000 31ec7c9d – ParVdm.SYS

 

Address dword dump Build [1314]                                – Name
801afc24 80149905 80149905 ff8e6b8c 80129c2c ff8e6b94 8025c000 –
Ntfs.SYS
801afd24 80129c2c 80129c2c ff8e6b94 00000000 ff8e6b94 80100000 –
ntoskrnl.exe
801afd34 801240f2 80124f02 ff8e6cf4 ff8e6d60 ff8e6c58 80100000 –
ntoskrnl.exe
801afd54 80124a16 80124a16 ff8e6f60 ff8e6c3c 8015ac7e 80100000 –
ntoskrnl.exe
801afd64 8015ac7e 8015ac7e ff8e6cf4 ff8e6f60 ff8e6c58 80100000 –
ntoskrnl.exe
801afc70 80129bda 80129bda 00000000 80088000 80106f60 80100000 –
ntoskrnl.exe

Restart and set the recovery options in the system control panel
or the /CRASHDEBUG system start option. If this message reappears,
contact your system administrator or technical support group.

 

Windows can be set to do a memory dump or restart immediately after this message is displayed.

The following is a re-creation of a Windows 9x/Me BSoD:

 Windows 

 

   A fatal exception 0E has occurred at 0157:BF7FF831. The 
   current application will be terminated.

 

   *  Press any key to terminate the current application.
   *  Press CTRL+ALT+DEL to restart your computer.  You will
      lose any unsaved information in all applications.

 

                    Press any key to continue

 

By default, the display is white (CGA color 0x0F; HTML color #FFFFFF) lettering on a blue (EGA color 0x01; HTML color #0000AA) background, with information about current memory values and register values. Demonstrating a sense of humor, Microsoft has added a utility that allows the user to change a setting in system.ini that controls the colors that the BSoD code uses to any of the 16 CGA colors.

This type of blue screen is no longer seen in Windows NT, 2000, and XP. In the case of these less serious software errors, the program may still crash, but it will not take down the entire operating system with it due to better memory management and decreased legacy support. In these systems, the “true” BSoD is seen only in cases where the entire operating system crashes.

System administrators often use “to bluescreen” or “to BSoD” as a verb, as in: “The server just BSoD’d” or “Windows 2000 doesn’t bluescreen as much as NT 4 did.” (This usage is unrelated to color key special effects in film, also called bluescreen.)

The blue screen of death in one form or another is present in all Windows operating systems since Windows version 2.0.

Some BSoD’s have been caused by WinNuke, which was a very popular way for script kiddies to attack other people and disconnect computers from their internet connections and/or BSoD the computer. The vulnerability WinNuke exploits exists only in Windows 95, and a patch is available.

(From Wikipedia)

Leave a Reply

Your email address will not be published. Required fields are marked *