Create Your Own BSOD: NotMyFault, (Sat, Jul 27th)
2024-7-28 02:10:57 Author: isc.sans.edu(查看原文) 阅读量:8 收藏

With all the Blue Screen Of Death screenshots we saw lately, I got the idea to write about Sysinternals' tool NotMyFault.

Say that you want to practice handling BSODs, or that you need to document and test a procedure to handle BSODs.

How do you cause a BSOD? One method to achieve this, is to use Sysinternals tool NotMyFault (don't do this on a production machine):

Click button Crash to immediately crash the machine (you will lose all unsaved data):

Once the machine is rebooted, you can use the windows debugger WindDBG or BlueScreenView to analyze what caused the crash:

Load the dump:

Type command !analyze -v:

And it tells use that this crash was caused by driver myfault.sys.

If you don't want to install WinDBG, BlueScreenView works without installing:

To perform the analysis on another machine, retrieve c:\windows\memory.dmp and/or c:\windows\minidump\*.dmp files from the crashed machine, and load them in WindDBG or BlueScreenView on another machine.

Once you know what caused the crash, you can disable the driver and start looking for a fix.

Didier Stevens
Senior handler
blog.DidierStevens.com


文章来源: https://isc.sans.edu/diary/rss/31120
如有侵权请联系:admin#unsafe.sh