Blue screen of death

In Windows NT, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, the blue screen of death occurs when the kernel or a driver running in kernel mode encounters an error from which it cannot recover. This is usually caused by an illegal operation being performed. The only safe action the operating system can take in this situation is to restart the computer. As a result, data may be lost, as users are not given an opportunity to save data that has not yet been saved to the hard drive.

Blue screens are known as "Stop errors" in the Windows Resource Kit documentation. They are referred to as "bug checks" in the Windows Software development kit and Driver development kit documentation.

The text on the error screen contains the code of the error as well as its symbolic name (e.g. 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED) along with four error-dependent values in parentheses that are there to help software engineers with fixing the problem that occurred. Depending on the error code, it may display the address where the problem occurred, along with the driver which is loaded at that address. Under Windows NT and 2000, the second and third sections of the screen may contain information on all loaded drivers and a stack dump, respectively. The driver information is in three columns; the first lists the base address of the driver, the second lists the driver's creation date (as a Unix timestamp), and the third lists the name of the driver.^[1]

By default, Windows will create a memory dump file because a blue screen error occurs. Depending on the OS version, there may be several formats this can be saved in, ranging from a 64 KB "mini dump" to a "complete dump" which is effectively a copy of the entire contents of physical RAM. The resulting memory dump file may be debugged later, using a kernel debugger. A debugger is necessary to obtain a stack trace, and may be required to ascertain the true cause of the problem; as the information onscreen is limited and thus possibly misleading, it may hide the true source of the error.

Microsoft Windows can also be configured to send live debugging information to a kernel debugger running on a separate computer. (Windows XP also allows for kernel debugging from the machine that is running the OS.) If a blue screen error is encountered while a live kernel debugger is attached to the system, Windows will halt execution and cause the debugger to "break in", rather than displaying the BSOD. The debugger can then be used to examine the contents of memory and determine the source of the problem.

The Windows debugger is available as a free download from Microsoft.^[2]

Windows includes a feature that can be used to cause a blue screen manually. To enable it, the user must add a value to the Windows registry. After that, a BSOD will appear when the user presses the SCROLL LOCK key twice while holding the right CTRL key.^[3] This feature is primarily useful for obtaining a memory dump of the computer while it is in a given state. As such, it is generally used to aid in troubleshooting system hangs.

By default, Windows XP is configured to save only a 64K minidump when it encounters a blue screen, and then to automatically reboot the computer. Because this process happens very quickly, the blue screen may be seen only for an instant or not at all. Users have sometimes noted this as a random reboot rather than a traditional stop error, and are only aware of an issue after Windows reboots and displays a notification that it has recovered from a serious error.

A BSOD can also be caused by a critical boot loader error, where the operating system is unable to access the boot partition due to incorrect storage drivers or similar problems. The error code in this situation is STOP 0x0000007B (INACCESSIBLE_BOOT_DEVICE). In such cases, there is no memory dump saved. Since the system is unable to boot from the hard drive in this situation, correction of the problem often requires booting from the Microsoft Windows CD. After booting to the CD, it may be possible to correct the problem by performing a repair install or by using the Recovery Console (with CHKDSK).

The color red was chosen because there was a version of Windows NT for the DEC Alpha platform and there the console colors could not be changed in an easy way. For consistency reasons blue became the color for Stop errors on all platforms (alpha/i386/mips/ppc).

ReactOS, an attempt at creating a free software/open source implementation of a Windows NT-compatible operating system, also features its own BSOD similar to the Windows NT/XP one.

The blue screen of death also occurs in Microsoft's home desktop operating systems Windows 95, 98, and Me. Here it is less serious, but more common. In these operating systems, the BSOD is the main way for virtual device drivers to report errors to the user. It is internally referred to by the name of "_VWIN32_FaultPopup". A Windows 9x/Me BSOD gives the user the option either to restart or continue. However, VxDs do not display BSODs frivolously — they usually indicate a problem which cannot be fixed without restarting the computer, and hence after a BSOD is displayed the system is usually unstable or unresponsive.

Two of the most common reasons for BSODs are:

• Problems that occur with incompatible versions of DLLs. This cause is sometimes referred to as DLL hell. Windows loads these DLLs into memory when they are needed by application programs; if versions are changed, the next time an application loads the DLL it may be different from what the application expects. These incompatibilities increase over time as more new software is installed, and is one of the main reasons why a freshly-installed copy of Windows is more stable than an "old" one.

• Faulty or poorly written device drivers, hardware incompatibilities, or damaged hardware may also cause a BSOD. If you have just installed a new piece of hardware, updated a driver, or installed an Operating System update shortly before you see the BSOD, be sure to investigate these causes also.

In Windows 95 and 98, a BSOD occurred when the system attempted to access the file "c:\con\con" on the hard drive. This was often inserted on websites to crash users' machines. Microsoft has released a patch for this.^[4]

The BSOD can appear if a user ejects a removable medium while it is being read on 9x/ME. This is particularly common while using Microsoft Office: if a user simply wants to view a document, he might eject a floppy disk before exiting the program. Since Microsoft Office always creates a temporary file in the same directory, it will trigger a BSOD upon exiting because it will attempt to delete the file on the disk that is no longer in the drive.

This type of blue screen is no longer seen in Windows NT, 2000, and XP. In the case of these less serious software errors, the program may still crash, but it will not take down the entire operating system with it due to better memory management and decreased legacy support. In these systems, the "true" BSOD is seen only in cases where the entire operating system crashes.

The simplest version of the blue screen occurs in Windows CE except the versions for Pocket PC. The blue screen in Windows CE 3.0 is similar to the one in Windows 95 and 98.

Windows for Workgroups' Blue Screen of Death is very similair to the Windows 9x BSoD.

Although the Microsoft Xbox usually shows a Green Screen of Death when a critical error occurs, this model was seen showing a BSOD during the presentation of Forza Motorsport at the CeBIT computer fair in Hannover in March 2005. ^{[citation needed]}

By default, the display is white (EGA color 0x0F; HTML color #FFFFFF) lettering on a blue (EGA color 0x01; HTML color #0000AA) background, with information about current memory values and register values. For visually impaired users, Microsoft has added a utility that allows the user to change a setting in system.ini that controls the colors that the BSOD code uses to any of the 16 EGA colors.

Windows 95, 98 and Me use 80x25 text mode. The Windows NT BSOD uses 80x50 text mode. The screen resolution is 720x400. The XP BSOD uses the Lucida Console font while the Vista BSOD uses the Consolas font.

The Red Screen of Death (abbreviated RSoD, sometimes called "Red Screen of Doom") is a nickname for the error message which existed in some beta versions of Microsoft's latest operating system, Windows Vista. It was dropped in Beta 1 (Build 5112) of Windows Vista. It can also be found (but rarely) in versions of Microsoft's Windows 98 operating system. The red screen of death also appeared in builds of Codename "Memphis". There is no RSoD in the official (current) release of Windows Vista.^{[citation needed]}

The red screen of death appeared when boot loader errors occurred. Windows Vista continues to have blue screens for other types of errors.

The Red Screen of Death also sometimes refers to fatal errors in recent versions of Lotus Notes. These errors are not full-screen like the Microsoft red or blue screens of death, but rather are bright red boxes with black borders.

The Red Screen of Death can also be found on the Atari Jaguar System when an error loading a cartridge occurs. When this occurs, a roaring sound and the red Jaguar logo appear, and the background turns from black to red. This video shows it.

The Red Screen of Death can also be found in some of the more sophisticated flight simulators (such as those of FlightSafety_International). When a pilot crashes the aircraft, every screen in the cockpit turns red. (This is usually accompanied by crashing sounds and a few violent kicks from the motion system.)

System administrators often use "to bluescreen" or "to BSOD" as a verb, as in: "The server just bluescreened", "Oh, great, it's going to BSOD", or "Windows 2000 doesn't bluescreen as much as NT 4 did."

Embedded systems running Microsoft Windows NT Embedded and Windows XP Embedded have also been known to Bluescreen.^[5] Typical examples are Internet payphones, automatic teller machines and information displays.

On an unpatched Windows 95 or Windows NT 4.0 systems, it is possible for a BSOD to occur as a result of various internet attacks, like WinNuke.

Each BSOD usually displays a message such as FILE_SYSTEM as well as a number like 0x00000022. The usual parameters displayed for the BSOD are the following:

number of error (parameter, parameter, parameter, parameter) name of error

Knowing all of the above information is important in understanding and determining the cause of the BSOD.^[6]

While this is mostly a coincidence, a blue screen can occur if the very first version of Windows fails during startup:

• Loading...
  Loading...
• a second later
  a second later

• Spinning wait cursor — A cursor in Mac OS X that commonly means an application is busy. Often referred to as the spinning beach ball of death, or Rainbow wheel of death, a reference to the blue screen of death.
• Screen of Death — Similar critical errors on other version of Windows and other operating systems.
• Kernel panic — A critical failure under UNIX and Unix-like operating systems.
• Guru Meditation — Another type of error messages for Amiga operating systems.

• Official Microsoft BlueScreen Screen Saver v3.2
• Bill Gates gets the BSOD at the unveiling of Windows 98
• MVP Mark Salloway's Windows XP Resource Center - Introduction to Stop Errors
• Original report of RSoD from a Microsoft employee
• BSOD upgrades to RSOD in Longhorn from Joi Ito

Template:Link FA