• CaptainBasculin@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    4 months ago

    Basically, drivers can launch code all the way up to ring 0, the highest level a code can access to. This mean it runs its code with the same priviledges as the kernel itself. The anti-malware solution CrowdStrike makes use of this access to determine what could be going wrong, and deploy solutions accordingly.

    If a code running in that level crashes, Windows will rightfully assume there’s something really fucked up is going on, and give out a BSOD.

    • Blizzard@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      there’s something really fucked up going on

      I would actually prefer this kind of error over the usual and equally uninformative “Oopsie! Something went wrong. We’re sorry :(”

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        The QR code Windows displays usually brings up a documentation page containing more information. Windows also displays a stop code next to the QR code (something like BOOT_DEVICE_NOT_FOUND, MEMORY_MANAGEMENT, CRITICAL_ACCESS_DENIED) and the failing driver’s name (if available).

        If you want to dig into the details, you can run a program like WhoCrashed, or dig into the crash using windbg to analyse the crashdump file on the hard drive.

        I hate the “something went wrong” popups individual applications show (though I admit I’ve written those myself to deal with errors that should never ever happen), but bluescreens are usually quite informative if you read beyond the indicator for regular people.

        Windows used to dump memory locations of the failing driver and even opcodes, the same way Linux does, but that scared a lot of people because they had no hope of understanding any of it. With KASLR the memory addresses are useless anyway, and it’s not like modern drivers come with debug symbols to show the crashing method name, so Windows started hiding unnecessary details, which I think is a good thing.