Blue Screen of Death

Everyone knows that the infamous Blue screen of death is probably one of the most irritating thing that can happen to a computer user. The only known way to get rid of it is to hit the reset button, or rely on the trusty Three fingered salute. It has also been suggested by conspiracy theorists that Microsoft have deliberatly built in a random crash timer into the operating system to make users go out and buy the latest version. However this is driving more and more people to use Linux.

Fun Microsoft Windows Trick: BSOD by Obscure Filename

For people who are using Windows 95 or 98 (but not NT), attempting to open the (nonexistant) file c:\nul\nul will result in a BSOD and a required hard reset. An easy way to test this is to go to the start menu, go to run, and then just type in:

c:\nul\nul

Or, you can go to your browser navigation bar and type in:

file:///c:/nul/nul

What results is a series of BSODs that leave your computer unusable. The first is a "A fatal exception 0E has occurred at ___ in VXD VFAT(1)" (lovely, eh?). After that, you get more BSODs, followed by a "Explorer caused a general protection fault in module KRNL386.EXE". More BSODs, followed by a "Kernel32 caused a general protection fault in module KRNL386.EXE". It's usually at this point that moving the mouse starts making your computer speaker click, and you no longer can do anything useful with your computer without resetting it.

If you are feeling somewhat malicious, this can be a very quick way to crash lots of computers that you have physical access to really quickly. This is particularily useful in malls with Internet kiosks and in stores like Best Buy that have all sorts of computers lined up that you can "try out". I'm not necessarily suggesting that you do this, because it would be incredibly mean to the poor people who are working there and have to reboot everything, but it's just a mischevious suggestion. *blush*

Although not many people know this, before Slashdot disallowed the use of file:// links, as an alternate to http://goatse.cx, some trolls would link to file:///c:/nul/nul. It's also fun to put that in your .sig file, because some HTML-esque mail clients will show it as a link, and allow users to click on it.

I'm sure there's some sort of arcane reason for why this happens or why it was necessary at some point during the Microsoft Development Process, but I just find it incredibly amusing.

The blue screen of death is usually caused (today at least) by bad kernel level items, such as third party device drivers. With that said, a friend of mine had an interesting experience with it.

He had just bought a three button mouse; not a Kensington, or a Logitech one, or a Microsoft one, just some crappy third party (fourth party, if such exists) mouse. This was back when three buttons was all the rage like in 1997. He installed the driver, was playing with it, and all was happy. The only problem it seemed was that the middle button seemed to blue screen the machine. Every time.

It was depressing a first, but like most horrifically annoying instances, it was hysterical after about ten minutes. It became the blue screen button. Need to see blue? Just click here. It was great. Whenever his computer was giving him hell, he'd click that third button. It was a way to threaten the computer.

Eventually he got a new mouse, or a new driver, or what not, but still, it was hysterical seeing the accuracy and the reproducability of that one icky kernel bug. I hope that he still has that mouse around, just as a momento. Maybe the mouse manufacturer only tested their driver for two of the buttons. Who knows. That bug was buggy, and looking back on it, I needed to do more with my friday nights.

As all programmers with a bit of code-fu (excuse the pun) know, truly excellent programs have truly excellent error management. When something goes bump in the night, your program should tell the user "This has gone wrong, and this is what you should do about it." Obviously you should try to write software that doesn't generate errors, but especially with larger pieces of s/w, ie OS's, this is not really feasible. So you should aim to handle errors in a mature and responsible fashion.

Windows 9x handles errors by throwing its hands in the air and screaming "I'm melting! Melting!". The BSOD is a classic example of this. Is it useful? Certainly not. Is it informative? Hell no. Does it really frustrate the user? You're damn right it does. As another example of poor error management, I have actually seen Win98 generate the error message ... wait for it.

An error has occurred.

Oh my god! If I'd written something that bad, I wouldn't be able to look at my own face in the mirror. I'd have to sit in a corner and cry in shame, take a vow of poverty and spend the rest of my life writing Open Source apps in Perl to atone for my sins.

Win9x is not very stable. Surely MS are aware of this. Why then did they not write the OS such that it could handle its instability in a rational and helpful fashion? It wouldn't have been that hard. Not for a company with the kind of resources they have.

blue goo = B = blue wire

Blue Screen of Death n.

[common] This term is closely related to the older Black Screen of Death but much more common (many non-hackers have picked it up). Due to the extreme fragility and bugginess of Microsoft Windows, misbehaving applications can readily crash the OS (and the OS sometimes crashes itself spontaneously). The Blue Screen of Death, sometimes decorated with hex error codes, is what you get when this happens. (Commonly abbreviated BSOD.)

The following entry from the Salon Haiku Contest, seems to have predated popular use of the term:

        Windows NT crashed.
        I am the Blue Screen of Death
        No one hears your screams.

--The Jargon File version 4.3.1, ed. ESR, autonoded by rescdsk.

The reason 9x is so unstable is because it strives to be bug compatible with older dos applications. It lets them do all kinds of things that make life difficult for an operating system - write directly to hardware, memory, etc. etc. Even worse, it allows 3rd-party code to run inside the kernel.

There are many advantages to this - time-critical drivers work better, new hardware can be supported without compiling anything, and without Microsoft even getting involved. However, should said third-party code go pear shaped, it can overwrite the kernel. It's quite difficult to do meaningful error recovery when your program is no longer in memory, and the thing that caused it wasn't written by you, or wasn't even written at all at the time the kernel was written. It does, however try its best - 'I'm broken. Don't know what happened (I wasn't running at the time), but I called this and bang! The duff code came from this VXD file. Sorry.'

And yes, the blue screen is pretty technical, but if you don't understand it, you probably won't understand the solution either.

Windows XP's solution to a blue screen occurring is to identify the driver that caused it, and ask you if you want to look for an upgrade, or back out an recent changes to it. So I'll have no more 'unhelpful error message' complaints...

Preventing the blue screen of death in Windows requires different approaches depending on which version of Microsoft Windows you use. This writeup has two sections: one for Windows 95, Windows 98 (both editions) and Windows Millennium, and one for Windows NT, Windows 2000 and Windows XP.

Both approaches have a common theme, however: BSODs come from faults in device drivers, including virtual devices and software-only devices, or the kernel. While kernel bugs exist of course, nearly all BSODs on modern PCs come from device driver faults of one form or another (including faults caused by the device's own failure). Therefore, preventing the BSOD means preventing device driver faults.

Windows 95/98/ME

• Use devices with the Designed for Windows 95/98/ME logo on the packaging.
  Earning that logo means the designers tested their drivers thoroughly enough under "normal" conditions. You might be surprised to learn that the free virtual cd-rom software you installed was not thoroughly tested. You get what you pay for.
  If a device or driver with this logo is at fault (see Safe Mode below), look for an update from the manufacturer's support web site, or look for a competitor's version of the device.
• Visit Windows Update for critical updates.
  Windows Update has critical updates for IDE disk devices as well as other virtual device drivers. See the Windows Update node to learn how to prevent problems while using it.
• Remove or replace faulty hardware.
  A BSOD reporting an error on a disk device (error on Drive C for instance) most likely means the device in question is about to fail. Removable drives, like floppy drives and CD-ROM drives may need cleaning. Hard drives causing this error are going to crash hard real soon now, so copy what you can and replace it. Windows should identify the name of the driver driving other devices, such as digital cameras, so you can tell which device is failing.
• Check your system drive (usually C:) for errors.
  Windows should automatically do this for you (in Win95 OSR2 and 98/ME) if it crashes to a BSOD and restarts. An error in the file system, notably in the paging file or swap file, can cause a BSOD. If Windows doesn't do this automatically, you can run Scandisk manually. In Windows ME you may have to do this from Safe Mode to prevent Scandisk constantly restarting due to disk access by background programs.
• Update the drivers for your hardware.
  If a certain display mode or game causes a BSOD, most likely it's trying to use features your video driver or audio driver has problems with. Replace the driver (use an older version if necessary) or replace the device.
• Uninstall the software gadgets.
  If you have a systray loaded with icons, or a web browser loaded with toolbars, remove those using their uninstaller. While Windows NT/2K/XP prevents applications from messing with device driver space, Windows 95/98/ME has no such protection.¹ Put them back, one at a time, and try to repeat whatever caused the BSOD. Replace them one at a time until you find the defective gadget, and repeat with the remaining gadgets.
• Update your anti-virus software if you use it.
  Windows 95/98/ME anti-virus software typically uses virtual device drivers to intercept some kernel functions, so they can catch certain types of viruses. Bugs in anti-virus software will easily cause a BSOD.
• Avoid third-party network drivers if possible.
  Specifically, avoid Wingate, EnterNet 300, and new.net. Also avoid other third-party network protocols, VPN software, "software firewalls" and so on. These are all virtual device drivers. You can replace most of these with a hardware firewall, which can act as a router, PPPoE client, Internet sharing device, firewall, VPN client and hub without installing any special software.
• Use Safe Mode to turn off third party drivers, and turn them back on one at a time.
  This helps you pinpoint the troublesome driver. If you disable your video driver, Windows will start in basic VGA mode, so this is usually the first one you turn back on.

Windows NT/2000/XP

Mostly, all of the above with these notable exceptions:

• Don't blame an application.
  Windows NT/2K/XP blocks applications from accessing kernel memory and will terminate the application if it attempts to do so.² This includes games if they tickle bugs in a video driver; the video driver is at fault in this case. It is possible for a badly written application to crash Win95/98/ME but run fine, or crash without crashing the system, on NT/2K/XP.
• Use devices Designed for Windows NT/2K/XP.
  Drivers for 2K and XP require greater testing, and are most often digitally signed by Microsoft after passing these tests. While many well-tested-yet-unsigned drivers exist, you should check unsigned drivers before you check signed ones. If your device came packaged with unsigned drivers, chances are you will find signed drivers on the manufacturer's support web site.
• Turn off Fast User Switching if you don't need it.
  No application or gadget should crash Windows XP if it doesn't work with fast user switching, but if the gadget interacts with a device driver (such as a printer monitor) it could tickle a bug in the driver. This should not happen to devices Designed for Windows XP, but turning this feature off can also save precious memory, avoiding yet-undiscovered bugs in other, unrelated drivers.
• Perform your regular work as a Limited User.
  Limited users can't "accidentally" install or remove device drivers, or otherwise mess with the operating system. Use an administrator account for maintenance, such as installing applications, patches and drivers, and use a limited user account for regular work. Create limited user accounts for each member of your household.
• If your computer supports ACPI, look for a firmware BIOS upgrade.
  Advanced Configuration and Power Interface (ACPI) allows for interrupt sharing, more than sixteen interrupts on supported computers, standby and hibernate support among other things. ACPI is so critical to Windows 2000 and XP that it requires its own HAL driver set, and this is the lowest level of operation in Windows short of the kernel itself.
  A system that ran fine with Win98 may hang or crash Win2K and XP, because 2K/XP requires a more accurate implementation of ACPI. These systems will also hang or crash an ACPI Linux operating system. Updated firmware might not provide complete ACPI support, but it can clearly indicate its capabilities to the operating system.
  In a worst case, you can replace the ACPI HAL with a Standard PC HAL, by performing an in-place upgrade.³ While performing the in-place upgrade, press F5 while "Press F6 to install a third-party mass storage driver" appears and you will be able to choose the "Standard PC" HAL.
• KERNEL_DATA_INPAGE_ERROR means THE_HARD_DRIVE_IS_DYING.
  Windows NT/2K/XP requires a paging file even if there is enough physical RAM free. If the system cannot read and write the paging file, the BSOD KERNEL_DATA_INPAGE_ERROR occurs.
  If your system uses NTFS, which can tolerate file system errors better than FAT, chances are you will need to replace the hard drive. Copy what you can and replace it. If it still uses FAT, you could restart it and let the system run CHKDSK on it to fix any errors. Windows will recreate the paging file, if needed, afterward. Though if this happens more than once, you definitely should replace it.

Among hundreds of machines I work with regularly, the few BSODs that occur come from faulty devices or faulty device drivers. While it's impossible to avoid faulty devices because they can wear out over time, avoiding faulty device drivers ultimately avoids the BSOD.

1. Richter, Jeffrey. Advanced Windows, Third Edition page 119.
2. Richter, Jeffrey. Advanced Windows, Third Edition page 121.
3. Windows XP: http://support.microsoft.com/default.aspx?scid=kb;en-us;315341 Windows 2000: http://support.microsoft.com/default.aspx?scid=kb;en-us;292175

Thanks to the administration for moving this writeup to a proper home. Sorry for the trouble.

Downloads file, a nice, simple wurd file

"OK, this will be easy to update. Just need to correct a few dates, and..." She correct the dates, a few typos, typical distractions occur. The day ends.
"Whoops, hit save, hehehehe, I don't want to lose my work! Finish the last few things tomor..."

She hits save, and automatically hits "ok" for updating to the most recent version.

"What. The. Actual. Fuck?"

Suddenly the world is spinning, most of the fonts have been replaced by "wing-dings", any text remaining is all over and over-lapping in places, the sun has gone black, and somewhere a not-of-this-earth creatures howls balefully.

A loud knock jars her out of her shocked state. It comes from within the screen. Her jaw drops and she slowly back as far away from the laptop until she hits the wall behind her. The screen has become a swirling portal of shimmering darkness.

"WURD HAS BEEN UPDATED AND ACTIVATED!!" A snarling, triumphant voice screeches from the growing shimmer-shadow space. "WURD IS HERE!"

Stammering she tries to say she was just doing her job.

"As am I! BOW TO ME!! World Undone, Retired, Deleted! The TIME IS NOW!!" The screeching continues. She pulls the plug.

Battery at full charge - nothing changes! The darkness is reveling in it's glory, stretching long tendril like things up and through the roof. Desperate, she inches close to the laptop.

::control/alt/delete::

Suddenly there is a shreiking, and the black is sucked back into the cyber-world.

She sits in the back-to-normal world, panting, in shock.

The screen has gone blue.