Fatal system error
||This article needs additional citations for verification. (January 2011)|
In Microsoft Windows, a fatal system error can be deliberately caused from a kernel-mode driver with either the KeBugCheck or KeBugCheckEx function. However, this should only be done as a last option when a critical driver has corrupted data and it is impossible to recover from the problem. This is a design based on the Unix-like way of kernel panicking and logging. Windows is not the first operating system to use the term Bugcheck for this function. For example, VMS used this terminology several years before Windows was developed. Facilities such as these help in debugging error conditions from which the operating system cannot, or decides that it should not attempt to, recover.
When a bug check is issued a crash dump file will be created if the system is configured to create them. This file contains a snapshot of useful low-level information about the system that can be used to debug the root cause of the problem.
If the user has enabled it, the system will write an entry to the system event log. The log entry contains information about the bug check (including the bug check code and its parameters) as well as a link which will report the bug to Microsoft and provide the user with prescriptive suggestions if the cause of the check is definitive and well-known.
Next, if a kernel debugger is connected and active when the bug check occurs, the system will break into the debugger where the cause of the crash can be investigated. If no debugger is attached, then a blue text screen is displayed that contains information about why the error occurred, which is called a blue screen or bug check screen.
The user will only see the blue screen if the system is not configured to Automatically Restart (which became the default setting in Windows XP SP2). Otherwise, it appears as though the system simply rebooted (though a blue screen might be visible for just an instant).
Note that bug checks are only supported by the Windows NT kernel. The corresponding system routine in Windows 9x, named SHELL_SYSMODAL_Message, doesn't halt the system like bug checks do; it just displays a BSoD (Blue Screen of Death) and allows the user to continue execution.
The Windows DDK and the WinDbg documentation both have isipid reference information about most bug checks. The WinDbg package is available as a free download and can be installed by most users. The Windows DDK is larger and more complicated to install.