Blue screens of death are not exactly in short supply on Windows machines lately, but what if you really want to cause your own kernel panic or complete system crash, just because you love that shade of crashy blue? Well, there’s a tool for that called NotMyFault, developed by Mark Russinovich as part of Sysinternals.
NotMyFault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems. The download file includes 32-bit and 64-bit versions, as well as a command-line version that works on Nano Server. Chapter 7 in Windows Internals uses NotMyFault to demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples.
↫ Mark Russinovich
Using this tool, you can select exactly what kind of crash you want to cause, and after clicking the Crash button, your Windows computer will do exactly as it’s told and crash with a lovely blue screen of death. It comes in both a GUI and CLI version, and the latter also works on minimal Windows installations that don’t have the Windows shell installed. A tool like this may seem odd, but it can be particularly useful in situations where you’re trying to troubleshoot an issue, and to learn how to properly diagnose crashes.
Or, you know, you can use it to create a panic at your workplace.
Or you could open task manager, right click the System process and capture a dump.
Back in NT/2000, the only way to investigate kernel behavior was via a debugger, and if a system isn’t already attached to a debugger but something needs investigation, the workaround is to force the system to crash so it dumps its state. We’ve had local machine debugging since XP and live dumps since Windows 8, so loading a driver for this is no longer necessary.
malxau,
I didn’t have a proper windows kernel debugger, I did windows kernel development using mingw, haha. But it worked and there were tools like this that let you output debug messages.
https://learn.microsoft.com/en-us/sysinternals/downloads/debugview
I liked windows kernel development and I probably would have stuck with it if not for Microsoft’s anti-FOSS agenda at the time. I find it ironic that Balmer, the “Developers developers developers developers” guy, failed to keep us interested. Most of us targeted windows for desktop applications because customers expected it. But for back end services when we could choose our own platform, many jumped ship for linux where FOSS ruled the day. Microsoft realizes the importance of FOSS now that it rules the data center, but most of us linux converts are never going back to windows where almost all of us started.
I actually applied to microsoft at a college job fair, they were laying off at the time though. My timing was just awful.
Right, but I think that’s more along the same lines as NotMyFault. The kernel itself doesn’t provide any information. But you can install a driver that hooks the kernel DbgPrint functions and bounces the result to usermode, back in the innocent times when drivers patching kernel functions was considered “normal.” It works, but it suggests there’s a feature gap.
Right, and I think there’s a psychological trap there that given limited imagination, it’d be easy to believe that all software is a desktop application. Coupled with a bit of arrogance, it’s possible to kill the desktop as we knew it.
Yeah, it’s a shame. I’ve been enjoying your comments here for years, and I think you would have enjoyed the experience of working on the guts of an OS.
malxau,
I recall investigating some debuggers, “SoftICE” stands out in my memory. It’s hard to believe the last release was 24 years ago.
https://en.wikipedia.org/wiki/SoftICE
I’m often curious how it would have changed me, haha. Anyway I think it’s awesome to talk to other people right here on osnews who were in those circles. Most of my connections IRL are with local companies. It wouldn’t otherwise be noteworthy, but I once worked at the AGR building, now made famous by the shooter on it’s rooftop…
https://www.cbsnews.com/news/trump-rally-shooting-pennsylvania-gunman-snipers-location-maps/
I heard Crowdstrike was going to purchase the tool as too many people were able to workaround their outage.
“Stay down! Dang it!!”