Can a user mode fault cause a Blue Screen of Death?

时间秒杀一切 提交于 2019-12-13 04:29:37

问题


Can a user mode fault cause a Blue Screen of Death (BSOD)? Is it possible that a memory access violation like double freeing memory can cause a blue screen or only a kernel mode exception (like a driver exception) cause Windows to crash?


回答1:


Not directly.

Direct fault will cause an exception and program crash. To cause a BSOD, the user mode application must communicate either directly or indirectly with a kernel mode driver that is possible not robust enough to protect itself from invalid user mode input.




回答2:


Most of the time, no, but there is an exception.

A Blue Screen (known also as a bug check) only occurs when something goes wrong in kernel mode (for example, a driver page faults at DISPATCH_LEVEL) or a hardware error.

User mode code usually cannot bring down the entire system (usually doing something that is not allowed will result in the program crashing or generating an error of some sort).

However, bug check 0xED can be caused directly by a user mode process. If the csrss.exe process is killed (and also wininit.exe in Windows Vista and higher), it will blue screen the computer.

It is possible to kill winlogon.exe without causing bug check 0xC000021A by first killing smss.exe as Mark Russinovich explains in the 2005 article Running Windows with No Services:

The reason we start [killing processes] with Smss.exe is that Smss.exe watches the back of Winlogon, the process it creates during the boot, so if you terminate Winlogon first Smss.exe gets upset and blue screens the machine with an error indicating that the Windows logon process terminated unexpectedly.

This is the only case where a user mode application can directly cause a blue screen.



来源:https://stackoverflow.com/questions/17964598/can-a-user-mode-fault-cause-a-blue-screen-of-death

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!