My last blog post described how to use local kernel debugging to change the colors of the Windows crash screen, also known as the “blue screen of death”. No doubt many of you thought that showing off a green screen of death or red screen of death to your friends and family would be fun, but the steps involved too complicated.
Alex Ionescu , one of my coauthors on Windows Internals, 5th Edition (he’s also coauthoring the 6th edition with me and Dave Solomon , which covers Windows 7 and Windows Server 2008 R2 – scheduled for release this summer), suggested that we make it easy for people to enjoy blue screens of any color. We did so by modifying Notmyfault , a buggy driver demonstration tool that I wrote for the book and my crash dump analysis presentations. Simply make your color section in the new BSOD color picker dialog, press the “Do Bug” button, and enjoy your creation:
Here’s the “blue screen” that results from the above color choice:
It’s as easy as that - there’s no need to tweak large-page settings or perform any other system configuration changes like those described in my last blog post .
How does it work? We extended Notmyfault’s kernel-mode driver (named Myfault.sys, as seen on the crash screen, to highlight the fact that user-mode code cannot directly cause a system crash) to register a “ bugcheck callback ”. When the system crashes it invokes driver-registered callbacks so that they can add data to the crash dump that can help troubleshooters get information about device or driver state at the time of a crash. The Myfault.sys callback executes just after the blue screen paints and changes the colors to the ones passed to it by Notmyfault by changing the default VGA palette entries used by the Boot Video driver.
Now with no awkward and error-prone fiddling in a kernel debugger, you can impress your friends and family with a blue screen painted in your favorite colors (though they might be even more impressed if you change the colors by fiddling in the kernel debugger)!
To download the latest copy of Notmyfault (both 32-bit and 64-bit versions) click here .