Blue screen of death (original) (raw)

The so-called blue screen of death, also abbreviated as BSoD, refers to the screen displayed by Microsoft's Windows operating system when it cannot (or is in danger of being unable to) recover from a system error. There are two Windows error screens that are both referred to as the blue screen of death, with one being significantly more serious than the other.

A BSoD is also a "Stop Error", as known in the Windows XP manuals.

A "true" blue screen of death occurs when the Windows NT operating system's kernel cannot recover from an error, and the only action a user can take is to restart the operating system, losing all unsaved work and possibly breaking the integrity of the file system. The information displayed on the blue screen of death is often not enough to determine what went wrong, even for someone with access to the source code (for example, it does not contain a stack dump, and if it did, it would be a lot of work to copy it somewhere else since you cannot save the data displayed on the screen at this point). It only displays at what point the code crashed, which can be completely different from where the error originated, and thus can mislead users into believing it is a hardware error or similar. The blue screen of death usually occurs only after Windows encounters a very serious error. This version of the blue screen of death is present in Windows NT, Windows 2000, and Windows XP, the latter two of which are based on NT.

The less serious blue screen of death occurs in Microsoft's home desktop operating systems Windows 95, 98, and Me. In these operating systems, the BSoD is the main way for VxDs to report errors to the user. It is internally referred to by the name of "_VWIN32_FaultPopup". A Windows 9x/Me BSoD gives the user the option to either restart or continue. However, VxDs do not display BSoDs frivolously—they usually indicate a problem which cannot be fixed without restarting the computer, and hence after a BSoD is displayed the system is usually unstable or unresponsive.

The most common reason for BSoD'ing is problems with incompatible versions of DLLss. This cause is sometimes referred to as DLL hell. Windows loads these DLLss into memory when they are needed by application programs; if versions are changed, the next time an application loads the DLL it may be different from what the application expects. These incompatibilities increase over time as more new software is installed, and is one of the main reasons why a freshly-installed copy of Windows is more stable than an "old" one.

The following is a re-creation of a Windows NT/2000/XP BSoD:

\r\n*** STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000000, 8038c510) IRQL_NOT_LESS_OR_EQUAL*** Address 8038c510 has base at 8038c000 - Ntfs.sys\r\n

\r\nCPUID:AuthenticAMD irq1:1f SYSVER 0xf0000565\r\n

\r\nDll Base DateStmp - Name\r\n80100000 336546bf - ntoskrnl.exe\r\n80000100 334d3a53 - atapi.sys\r\n802ab000 33013e6b - epst.mpd\r\n802b9000 336015af - CLASS2.SYS\r\n802bd000 33d844be - Floppy.sys\r\nf9328000 31ec6c8d - Siwvid.sys\r\nf9468000 31ed868b - KSecDD.sys\r\nf9348000 335bc82a - i8024prt.sys\r\nf947c000 31ec6c94 - kbdclass.sys\r\nf9370000 33248011 - VIDEOPORT.SYS\r\nf9480000 31ec6c6d - vga.sys\r\nf90f0000 332480d0 - Npfs.sys\r\na0000000 335157ac - win32k.sys\r\nfe0c9000 335bd30e - Fastfat.SYS\r\nfe108000 31ec6c9b - Serial.sys\r\nf9050000 332480ab - Parallel.sys\r\n \r\nDll Base DateStmp - Name\r\n80010000 33247f88 - hal.dll\r\n80007000 33248043 - SCSIPORT.SYS\r\n802b5000 336016a2 - Disk.sys\r\n8038c000 3356d637 - Ntfs.sys\r\n803e4000 33d84553 - viaide.sys\r\nf95c9000 31ec6c99 - Null.SYS\r\nf95cb000 335e60cf - Beep.SYS\r\nf95cb000 3373c39d - ctrl2cap.SYS\r\nf9474000 3324806f - mouclass.sys\r\nfe9d7000 3370e7b9 - NDIS.SYS\r\nf93b0000 332480dd - Msfs.SYS\r\nfe957000 3356da41 - ati.sys\r\nfe914000 334ea144 - ati.dll\r\nfe110000 31ec6c9b - Parport.SYS\r\nf93b4000 31ec7c9d - ParVdm.SYS\r\n

\r\nAddress dword dump Build [1314] \r\n- Name
\r\n801afc24 80149905 80149905 ff8e6b8c 80129c2c ff8e6b94 8025c000 - Ntfs.SYS
\r\n801afd24 80129c2c 80129c2c ff8e6b94 00000000 ff8e6b94 80100000 - ntoskrnl.exe
\r\n801afd34 801240f2 80124f02 ff8e6cf4 ff8e6d60 ff8e6c58 80100000 - ntoskrnl.exe
\r\n801afd54 80124a16 80124a16 ff8e6f60 ff8e6c3c 8015ac7e 80100000 - ntoskrnl.exe
\r\n801afd64 8015ac7e 8015ac7e ff8e6cf4 ff8e6f60 ff8e6c58 80100000 - ntoskrnl.exe
\r\n801afc70 80129bda 80129bda 00000000 80088000 80106f60 80100000 - ntoskrnl.exe

\r\nRestart and set the recovery options in the system control panel
\r\nor the /CRASHDEBUG system start option. If this message reappears,
\r\ncontact your system administrator or technical support group.\r\n

Windows can be set to do a memory dump or restart immediately after this message is displayed.

The following is a re-creation of a Windows 9x/Me BSoD:

A fatal exception 0E has occurred at 0157:BF7FF831. The current application will be terminated.

By default, the display is white (CGA color 0x0F; HTML color #FFFFFF) lettering on a blue (EGA color 0x01; HTML color #0000AA) background, with information about current memory values and register values. Demonstrating a sense of humor, Microsoft has added a utility that allows the user to change a setting in system.ini that controls the colors that the BSoD code uses to any of the 16 CGA colors.

This type of blue screen is no longer seen in Windows NT, 2000, and XP. In the case of these less serious software errors, the program may still crash, but it will not take down the entire operating system with it due to better memory management and decreased legacy support. In these systems, the "true" BSoD is seen only in cases where the entire operating system crashes.

System administrators often use "to bluescreen" or "to BSoD" as a verb, as in: "The server just BSoD'd" or "Windows 2000 doesn't bluescreen as much as NT 4 did." (This usage is unrelated to color key special effects in film, also called bluescreen.)

The blue screen of death in one form or another is present in all Windows operating systems since Windows version 2.0.

Some BSoD's have been caused by WinNuke, which was a very popular way for script kiddies to attack other people and disconnect computers from their internet connections and/or BSoD the computer. The vulnerability WinNuke exploits exists only in Windows 95, and a patch is available.