How to make your computer blue screen

1. Blue Screen Overview

When a very serious system error occurs, the system stops working on a blue screen. If a null pointer or other error occurs in the driver, the blue screen may be triggered. We can write a driver to implement a blue screen bomb.

 

II. Environment Construction

Compiling a driver requires a large number of header files and library files. These files are not included in Visual Studio. Therefore, if you need to write a driver, you must first download and install the windows driver development kit (DDK ). : Download the Windows Driver kit version 7.1.0 and use the virtual optical drive to load and install it.

 

3. Compile the driver

I have excerpted a piece of code from "detailed explanation of windows driver development technology" and pasted it below.

Driver. h

/*************************************** * ***************** </P> <p> * File Name: driver. h <br/> * OPERATOR: Zhang Fan <br/> * completion date: 2007-11-1 <br/> *********************************** * ********************/<br/> # pragma once </P> <p> # ifdef _ _ cplusplus <br/> extern "C" <br/>{< br/> # endif <br/> # include <ntddk. h> <br/> # ifdef _ cplusplus <br/>}< br/> # endif </P> <p> # define pagedcode code_seg ("page ") <br/> # define lockedcode code_seg () <br/> # define initcode code_seg ("init") </P> <p> # define pageddata data_seg ("page ") <br/> # define lockeddata data_seg () <br/> # define initdata data_seg ("init") </P> <p> # define arraysize (P) (sizeof (P)/sizeof (P) [0]) </P> <p> typedef struct _ device_extension {<br/> pdevice_object pdevice; <br/> unicode_string ustrdevicename; // device name <br/> unicode_string ustrsymlinkname; // Symbolic Link name <br/>} device_extension, * pdevice_extension; </P> <p> // function declaration </P> <p> ntstatus createdevice (in pdriver_object pdriverobject); <br/> void helloddkunload (in pdriver_object pdriverobject ); <br/> ntstatus helloddkdispatchroutine (in pdevice_object p1_bj, in pirp );

 

Driver. cpp

/*************************************** * ***** <Br/> * File Name: driver. CPP <br/> * OPERATOR: Zhang Fan <br/> * completion date: 2007-11-1 <br/> *********************************** * *********/</P> <p> # include "driver. H "</P> <p> /****************************** * ********************* <br/> * Function Name: driverEntry <br/> * Function Description: initializes the driver, locates and applies for hardware resources, and creates a kernel object. <br/> * parameter list: <br/> pdriverobject: driver object passed in from the I/O manager <br/> pregistrypath: Path of the driver in the registry <br/> * return value: Initialize the driver <br/> ******************************** * ******************/<br/> # pragma initcode <br/> extern "C" ntstatus DriverEntry (in pdriver_object pdriverobject, <br/> In punicode_string pregistrypath) <br/> {<br/> ntstatus status; <br/> kdprint ("Enter DriverEntry/N ")); <br/> kebugcheckex (0x00000000, 0x12345678, 0x87654321, 0x11223344, 0x55667788 ); <br/> // register other driver call function portals <br/> pdriverobject-> driverunload = Helloddkunload; <br/> pdriverobject-> majorfunction [irp_mj_create] = helloddkdispatchroutine; <br/> pdriverobject-> majorfunction [irp_mj_close] = helloddkdispatchroutine; <br/> pdriverobject-> majorfunction [irp_mj_write] = helloddkdispatchroutine; <br/> pdriverobject-> majorfunction [irp_mj_read] = helloddkdispatchroutine; </P> <p> // create a driver device object <br/> Status = createdevice (pdriverobject); </P> <p> kdprint ("Drive Rentry end/N "); <br/> return status; <br/>}</P> <p> /*************************** * ******************** <br/> * Function Name: createdevice <br/> * Function Description: initialize a device object <br/> * parameter list: <br/> pdriverobject: driver object passed in from the I/O manager <br/> * return value: return the initialization status <br/> ********************************* * **************/<br/> # pragma initcode <br/> ntstatus createdevice (in pdriver_object pdriverobject) <br/>{< br/> ntstatus status; <br/> pdevice_objec T p1_bj; <br/> pdevice_extension pdevext; </P> <p> // create a device name <br/> unicode_string devname; <br/> rtlinitunicodestring (& devname, L "// device // myddkdevice"); </P> <p> // create a device <br/> Status = iocreatedevice (pdriverobject, sizeof (device_extension ), <br/> & (unicode_string) devname, <br/> file_device_unknown, <br/> 0, true, <br/> & p1_bj); <br/> If (! Nt_success (Status) <br/> return status; </P> <p> p1_bj-> flags | = do_buffered_io; <br/> pdevext = (pdevice_extension) p1_bj-> deviceextension; <br/> pdevext-> pdevice = p1_bj; <br/> pdevext-> ustrdevicename = devname; <br/> // create a symbolic link <br/> unicode_string symlinkname; <br/> rtlinitunicodestring (& symlinkname, l "//?? // Helloddk "); <br/> pdevext-> ustrsymlinkname = symlinkname; <br/> Status = iocreatesymboliclink (& symlinkname, & devname); <br/> If (! Nt_success (Status) <br/>{< br/> iodeletedevice (p1_bj); <br/> return status; <br/>}< br/> return STATUS_SUCCESS; <br/>}</P> <p> /*************************** * ******************** <br/> * Function Name: helloddkunload <br/> * Function Description: Detach the driver <br/> * parameter list: <br/> pdriverobject: driver object <br/> * return value: return status <br/> ********************************** * **************/<br/> # pragma pagedcode <br/> void helloddkunload (in pdriver_ob Ject pdriverobject) <br/>{< br/> pdevice_objectpnextobj; <br/> kdprint ("Enter driverunload/N ")); <br/> pnextobj = pdriverobject-> deviceobject; <br/> while (pnextobj! = NULL) <br/>{< br/> pdevice_extension pdevext = (pdevice_extension) <br/> pnextobj-> deviceextension; </P> <p> // Delete the symbolic link <br/> unicode_string plinkname = pdevext-> ustrsymlinkname; <br/> iodeletesymboliclink (& plinkname ); <br/> pnextobj = pnextobj-> nextdevice; <br/> iodeletedevice (pdevext-> pdevice ); <br/>}</P> <p> /********************** * *********************** <br/> * Function Name: helloddkdispatchroutine <br/> * Function Description: Read IRP processing <br/> * parameter list: <br/> p1_bj: feature device object <br/> pirp: returned value from Io request package <br/>: return status <br/> ********************************** * ************/<br/> # pragma pagedcode <br/> ntstatus helloddkdispatchroutine (in pdevice_object p1_bj, in pirp) <br/>{< br/> kdprint ("Enter helloddkdispatchroutine/N"); <br/> ntstatus status = STATUS_SUCCESS; <br/> // complete the IRP <br/> pirp-> iostatus. status = status; <br/> pirp-> iostatus. information = 0; // bytes xfered <br/> iocompleterequest (pirp, io_no_increment); <br/> kdprint ("Leave helloddkdispatchroutine/N ")); <br/> return status; <br/>}

The blue screen is triggered by the kebugcheck or kebugcheckex functions. The two functions are prototype as follows:

Void kebugcheck (in ulong bugcheckcode); <br/> void kebugcheckex (in ulong bugcheckcode, <br/> In ulong_ptr bugcheckparameter1, <br/> In ulong_ptr bugcheckparameter2, <br/> In ulong_ptr bugcheckparameter3, <br/> In ulong_ptr bugcheckparameter4); </P> <p>

The first parameter of the kebugcheckex function is the same as that in the kebugcheck. These parameters can be seen from the following blue screen image.

 

Iv. Compilation

Open the Start Menu, find the DDK directory, expand build environment, and select the compiling environment that matches your computer. For example, my computer is Windows Vista x86. Note that there are two versions checked and free, similar to the debug and release versions in VC ++. Here we select free to remove all debugging symbols and reduce the file size of the Code.

Before compilation, we need to prepare two files, makefile and sources.

Makefile only needs one line:

! Include $ (ntmakeenv)/makefile. Def

Inherit the default DDK Configuration

The sources file must specify the file type and the path of the included files.

Targetname = helloddk <br/> targettype = driver <br/> targetpath = OBJ </P> <p> supported des = $ (basedir)/INC; /<br/> $ (basedir)/INC/DDK;/</P> <p> sources = driver. CPP/

With these files, we can start compiling the driver.

In the command line window of the compiling environment, enter the directory where you store the source code and execute the build command. If the compilation is successful, you can view a new folder in the current directory and enter the innermost layer. Then you can find the helloddk. SYS driver.

 

V. Test

Because the driver is used to make the computer blue screen, although it will not cause any damage to your computer, please save the documents you are working on before testing and exit all the programs. After the blue screen of the computer, you have to restart.

The driver does not run as directly as the application. Therefore, we also need a loader to load the driver. This article will not discuss it in detail. Only program code is provided, which is also from the "windows driver development technology details" book.

# Include <windows. h> <br/> # include <winsvc. h> <br/> # include <conio. h> <br/> # include <stdio. h> </P> <p> # define driver_name "helloddk" <br/> # define driver_path "helloddk. sys "</P> <p> // load the NT driver <br/> bool loadntdriver (char * lpszdrivername, char * lpszdriverpath) <br/>{< br/> char szdriverimagepath [256]; <br/> // obtain the complete driver path <br/> getfullpathname (lpszdriverpath, 256, szdriverimagepath, null); <br/> bool Bret = Fals E; <br/> SC _handle hservicemgr = NULL; // SCM manager handle <br/> SC _handle hserviceddk = NULL; // NT driver Service handle <br/> // open the Service Control Manager <br/> hservicemgr = openscmanager (null, null, SC _manager_all_access ); <br/> If (hservicemgr = NULL) <br/> {<br/> // openscmanager failure <br/> printf ("openscmanager () faild % d! /N ", getlasterror (); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/> {<br/> // openscmanager succeeded <br/> printf ("openscmanager () OK! /N "); <br/>}< br/> // create the service corresponding to the driver <br/> hserviceddk = createservice (hservicemgr, <br/> lpszdrivername, // name of the driver in the registry <br/> lpszdrivername, // displayname value of the registry driver <br/> service_all_access, // load the driver's access permission <br/> service_kernel_driver, // indicates that the loaded service is a driver <br/> service_demand_start, // The start value of the registry driver <br/> service_error_ignore, // The errorcontrol value of the registry driver <br/> szdriverimagepath, // The ImagePath value of the registry driver <br/> Null, null); <br/> DWORD dwrtn; <br/> // determines whether the service has failed <br/> If (hserviceddk = NULL) <br/>{< br/> dwrtn = getlasterror (); <br/> If (dwrtn! = Error_io_pending & dwrtn! = Error_service_exists) <br/>{< br/> // failed to create the service for other reasons <br/> printf ("crateservice () faild % d! /N ", dwrtn); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/>{< br/> // service creation failed, because the service has been created <br/> printf ("crateservice () faild service is error_io_pending or error_service_exists! /N "); <br/>}< br/> // The driver has been loaded. Open <br/> hserviceddk = openservice (hservicemgr, lpszdrivername, service_all_access ); <br/> If (hserviceddk = NULL) <br/>{< br/> // if the service fails to be opened, it indicates an error <br/> dwrtn = getlasterror (); <br/> printf ("openservice () faild % d! /N ", dwrtn); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/> {<br/> printf ("openservice () OK! /N "); <br/>}< br/> else <br/> {<br/> printf (" crateservice () OK! /N "); <br/>}< br/> // enable this service <br/> Bret = startservice (hserviceddk, null, null ); <br/> If (! Bret) <br/>{< br/> DWORD dwrtn = getlasterror (); <br/> If (dwrtn! = Error_io_pending & dwrtn! = Error_service_already_running) <br/>{< br/> printf ("startservice () faild % d! /N ", dwrtn); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/> {<br/> If (dwrtn = error_io_pending) <br/> {<br/> // The device is suspended. <br/> printf ("startservice () faild error_io_pending! /N "); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/> {<br/> // The service is enabled. <br/> printf ("startservice () faild error_service_already_running! /N "); <br/> Bret = true; <br/> goto beforeleave; <br/>}< br/> Bret = true; <br/> // close the handle before leaving <br/> beforeleave: <br/> If (hserviceddk) <br/>{< br/> closeservicehandle (hserviceddk); <br/>}< br/> If (hservicemgr) <br/>{< br/> closeservicehandle (hservicemgr); <br/>}< br/> return Bret; <br/>}< br/> // uninstall the driver <br/> bool unloadntdriver (char * szsvrname) <br/>{< br/> bool Bret = false; <br/> SC _handle hserv Icemgr = NULL; // SCM manager handle <br/> SC _handle hserviceddk = NULL; // Service handle of the NT driver <br/> service_status svrsta; <br/> // open the SCM manager <br/> hservicemgr = openscmanager (null, null, SC _manager_all_access); <br/> If (hservicemgr = NULL) <br/> {<br/> // failed to enable the SCM manager <br/> printf ("openscmanager () faild % d! /N ", getlasterror (); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/> {<br/> // An error occurred while opening the SCM manager. <br/> printf ("openscmanager () OK! /N "); <br/>}< br/> // open the service corresponding to the driver <br/> hserviceddk = openservice (hservicemgr, szsvrname, service_all_access ); </P> <p> If (hserviceddk = NULL) <br/>{< br/> // failed to open the service corresponding to the driver <br/> printf ("openservice () faild % d! /N ", getlasterror (); <br/> Bret = false; <br/> goto beforeleave; <br/>}< br/> else <br/> {<br/> printf ("openservice () OK! /N "); <br/>}< br/> // stop the driver. If the stop fails, it must be restarted before dynamic loading. <Br/> If (! Controlservice (hserviceddk, service_control_stop, & svrsta) <br/>{< br/> printf ("controlservice () faild % d! /N ", getlasterror ()); <br/>}< br/> else <br/> {<br/> // failed to open the driver <br/> printf ("controlservice () OK! /N "); <br/>}< br/> // uninstall the driver dynamically. <Br/> If (! Deleteservice (hserviceddk) <br/>{< br/> // uninstall failed <br/> printf ("deletesrevice () faild % d! /N ", getlasterror ()); <br/>}< br/> else <br/> {<br/> // uninstall successfully <br/> printf ("delserver: eletesrevice () OK! /N "); <br/>}< br/> Bret = true; <br/> beforeleave: <br/> // close the opened handle before leaving <br/> If (hserviceddk) <br/>{< br/> closeservicehandle (hserviceddk ); <br/>}< br/> If (hservicemgr) <br/>{< br/> closeservicehandle (hservicemgr); <br/>}< br/> return Bret; <br/>}< br/> void testdriver () <br/> {<br/> // test the driver <br/> handle hdevice = createfile ("////. // helloddk ", <br/> generic_write | generic_read, <br/> 0, <br/> null, <br/> open_ex Isting, <br/> 0, <br/> null); <br/> If (hdevice! = Invalid_handle_value) <br/>{< br/> printf ("create device OK! /N "); <br/>}< br/> else <br/> {<br/> printf (" create device faild % d! /N ", getlasterror (); <br/>}< br/> closehandle (hdevice); <br/>}< br/> int main (INT argc, char * argv []) <br/>{< br/> // load the driver <br/> bool Bret = loadntdriver (driver_name, driver_path); <br/> If (! Bret) <br/>{< br/> printf ("loadntdriver error/N"); <br/> return 0; <br/>}< br/> // loaded successfully <br/> printf ("press any to create device! /N "); <br/> getch (); <br/> testdriver (); <br/> // you can use the registry, or other software verification for viewing symbolic connections. <Br/> printf ("press any to unload the driver! /N "); <br/> getch (); <br/> // uninstall the driver <br/> unloadntdriver (driver_name); <br/> If (! Bret) <br/>{< br/> printf ("unloadntdriver error/N"); <br/> return 0; <br/>}< br/> return 0; <br/>}

Compile the program and place it in the same directory as the driver. Run the command to display the blue screen.

Did you see the blue screen? Restart ~ (In fact, if the screen is blue, you can't see this sentence ......)