Video idea: combine NMBC with another driver that lets you read and write to random kernel objects / structures. Then combine it with a random chance corruption algorithm, so it would kinda be like RegFuck but for in-memory kernel structures. Now obviously this would crash 99% of the time but with NMBC I think it could have some cool payloads.
YESSSSSSSSS thats a great idea! I did something like that some time ago, I was trying to defeat BSOD by returning with WinDbg, but it really crashes almost all time, but with a driver it will be more automatic and will create nice glitches
context for classic theme at the end: classic theme is basically windows without a theme. the themesection handle inside winlogon handles theming, winlogon dies so themesection dies with it so windows reverts to classic theme. notice how the scrollbar and all the controls inside process hacker turns into a 95 style once winlogon dies. after that happened, few seconds later dwm dies which makes windows use user/win32k (nt4/xp style) rendering and since themes are dead, it uses classic theme for decorations (normally dwmless windows uses basic theming, but classic theme is used because theming is dead) if anyone knows this better than i do, correct me in the comments, thanks!
@@SOTP. yeah, but if themesection dies it gives classic theme. you can also get the same effect by deleting the resources folder (while you renamed dwminit etc)
Using this is like disabling your house’s circuit breakers, or your car’s fuse box, or, for a bit more of an unusual one, your body’s vomit reflex. All of those are meant to be safety mechanisms, and the Windows BSOD is one too.
7:44 WOW. It really is just Windows NT under the skin. This just shows how those extremely old Windows versions are still making our current Windows versions work.
Seeing the "not responding" process hacker window begs a question I've had since I was a child: How do "not responding" windows actually work behind the scenes - specifically, since it has the transparent white covering the window; the restore up/down button grayed out; and the close button is extremely red even if you aren't hovering over it. (Good luck with IRL, I can't imagine working two jobs and then having to go to class.)
They don't, literally. They don't respond to the OS, hence the "not responding" indicator. The ghost window (transparent white overlay) is a DWM feature to indicate non-responsive windows. The close icon glows red to inform you about the feature that asks you to terminate the non-responding window's process if you click the close button.
@@adex345 I'm no expert, but afaik task manager already has some extreme perms when it comes to killing programs. I guess you could theoretically kill one even faster by just letting a programme unasign the memory and zeroing it out, but idfk whether or not that would work. Probably risks data-damage.
@@adex345 It triggers the " is not responding" pop-up. If you say "Close the program", it terminates the process after the pop-up is closed _(you don't have to wait for Windows diagnostics, you can just close it)._ @dagda1180 Task Manager always runs as Administrator. It doesn't have much more elevation. Win32 has an API to kill any process, even without admin privileges, but you require admin privileges when you want to terminate a process owned by Administrator or higher. Even administrators may not kill some SYSTEM owned processes.
@@DanielClear2 I'm kinda interested in where those protocols for the unique "not responding" window displays are called/stored. I always found it interesting lol
Another excellent peek behind the curtain :) Seriously though, "slacking"? My guy! You have two jobs and uni on top of that! Please, don't ever feel bad about you and your real life first. Your work is a joy to witness, whenever it comes out. We'll be here when things ease up. Take it easy, man.
I know right? Yet people still say that Windows is constantly getting worse - Well, in a lot of areas on an technical level for things unrelated to privacy but just user experience in general, yes, yes it is, but it is also getting more durable in some areas. If Microsoft was a company more respectful of user choices regarding software they wish to use or privacy but also continued with things like this without going to the extremes of open-source such as Linux where anything and everything must be completely open, even at the cost of practical usability, that would be great, but they aren't that.
I wonder if instead of outright removing the BSOD, we could use this to create a more useful bugcheck that doesn't instantly shut down the system and lets the user look through what went wrong right away
You can trigger a BSoD from everywhere as long as you are running your code in kernel mode. The procedure that triggers the BSoD in modern Windows is called KeBugCheck2 but driver developers are advised to only call the officially documented KeBugCheck and KeBugCheckEx calls (which in turn call KeBugCheck2) in case they want to shutdown (crash) the computer if their driver misbehaves. A Windows kernel developer who writes internal kernel code might not give a shit about the wrappers for whatever reason and will just call the main bugcheck function directly. Obviously there’s nothing stopping a driver developer from doing that too but why would they use undocumented calls?
I love there there are different levels to know how badly messed up is your system. You have the: Windows 10 theme - fine. Windows 7 theme - somethings wrong Windows 95 theme - something is VERY VERY wrong
Wow how scary is this? I was literally thinking a few hours ago 'what happens when a Windows PC Blue Screens' then after finishing work and having a look on YT, this video pops up. Awesome. *edit* never had so many likes before. Thanks everyone
That’s quite an extreme way to get the classic theme back, would be nice to at least get a notification that the pc would have given a blue screen, then you can save your work and restart (or grab your phone and film what you have written, so you don’t have to retype from memory)
and we have yet to see what happens to windows when you run taskkill on all svchost processes as admin with NMBC. that was the one thing i was excited for xD
You don't have to apologize for anything. Life happens, and we are grateful for your channel to exist at all. Take your time for uploads if you require it.
you just havent only got windows to continue and ignore a BSoD, you just got your brain to ignore one as well. respect for your cool vids plus hard work plus university!
Windows at times is doing some interesting stuff in the background for many things. I once was able to completely corrupt my windows registry in a late build of pre-release win11, and (predictably) windows crashed. But the BSoD was green instead. I then found out that the background of the BSoD (since win8) is just a value in the registry. why? no clue, but that's what Microsoft did and it is in some way cool to see
Fun fact: you can actually get an idea of what would happen if you managed to completely terminated "csrss.exe" without triggering a blue screen by simply suspending it. Although you'll need to do that with older versions of Windows, As Windows 10 and 11 are programmed to make it near impossible to mess with system processes. But yeah, if you was able to completely terminate the "csrss.exe" and the system didn't blue screen, the system will continue running but everything on the display will stop being updated except for a few things like some of the text (if any) displayed on screen and you'll no longer be able to interact with the system. Like I said the start of this comment, you can simulate this by simply suspending "csrss.exe".
I always love stuff like this. It's crazy how you can break things when you really want to, and know how to. Not that I ever plan on coming back to windows unless I'm dragged there by force, but this type of thing will always fascinate me no matter the OS Anyway, always remember to take care of yourself. I don't think anyone here minds you taking time for your mental health, and doing whatever needs to be done.
Its nice that you uploaded to keep the stupid youtube algorithm from ghosting you and drowning your channel but please also take your time to recover and to focus on your mental health cause we real fans will always watch out for new videos
The old theme on windows 11 looks so weird. Last week I closed adobe illustrator and saw the title bar switch to older themes like crazy. Idk why that happens, guess they never delete/replace, but update over what's done
It's a golden (coocked) goose of content. I was always wandering what happen if bsod will be turn off. But still im wondering if you can make it so bad, so you create corupted code, wich will overwrite itself in ram/disc C? Is it possible to corrupt code so bad, so it will destroy UEFI and bricks computer? Dont end this content with only one video
Hey!, Great Video, Really Enjoyed it while eating my lunch, but i got a question, What keyboard do you use? I thought it was quite a cool keyboard lol.
the program shown in the video is jetbrains clion. its interface is similar to other programs from jetbrains, and android studio is based on jetbrains intellij idea
It's like looking behind a loading screen but not. Funny it shows all individual Window objects in framed windows, even the task bar and maybe its icons!
Hey Mr.Enderman, i really enjoy your videos. But I really enjoy those alot more, where you speak instead of the text on screen. I read your description and you seem to be very busy, so no pressure. Just some feedback. Otherwise, great video as always! Keep up the great work!
Super interesting. I had never thought about what was going on in the background. Although I didn't understand in the end, why you can't start explorer.exe but when you type C: in the run box it actually opens an explorer window. Is the explorer window in Windows 11 separate from the rest of the graphical interface that controls explorer.exe?
@@w.dgaming1 Nope. BSOD is a kernel app which safely shutdowns every app and restart your computer to prevent damages. Explorer.exe is a program running in C:\Windows, and is not related to BSOD
Hey there!
Thank you so much for checking out my project!! I really appreciate it.
I hope to see more great content like this!
Thank you once again!
Wowie
wowza
yoooo nsg here
@@subwayz_qt5 yooo
hi nsg LMAO
Video idea: combine NMBC with another driver that lets you read and write to random kernel objects / structures. Then combine it with a random chance corruption algorithm, so it would kinda be like RegFuck but for in-memory kernel structures. Now obviously this would crash 99% of the time but with NMBC I think it could have some cool payloads.
man pinned already
YESSSSSSSSS thats a great idea! I did something like that some time ago, I was trying to defeat BSOD by returning with WinDbg, but it really crashes almost all time, but with a driver it will be more automatic and will create nice glitches
Windows is so verbose. I want to see what happens with all the safties pulled put
Pinned? Alright.
YEAH!
context for classic theme at the end: classic theme is basically windows without a theme.
the themesection handle inside winlogon handles theming, winlogon dies so themesection dies with it so windows reverts to classic theme.
notice how the scrollbar and all the controls inside process hacker turns into a 95 style once winlogon dies. after that happened, few seconds later dwm dies which makes windows use user/win32k (nt4/xp style) rendering and since themes are dead, it uses classic theme for decorations (normally dwmless windows uses basic theming, but classic theme is used because theming is dead)
if anyone knows this better than i do, correct me in the comments, thanks!
disabling dwm gives you basic theme
@@SOTP. yeah, but if themesection dies it gives classic theme. you can also get the same effect by deleting the resources folder (while you renamed dwminit etc)
@@tflsh exactly!
I wish Windows still had this 'accessible' for user to use.
@@s502russia you can manually enable it but its not recommended
Hey dude, make sure that you priorize your mental health first. If you need a break to do work and uni, most of us will understand. Take care 👋
But UA-cam algorithms will not, sadly.
You know, on UA-cam, when it's a comeback, it always gets popular. @@tapafon_red
Using this is like disabling your house’s circuit breakers, or your car’s fuse box, or, for a bit more of an unusual one, your body’s vomit reflex. All of those are meant to be safety mechanisms, and the Windows BSOD is one too.
7:44 WOW. It really is just Windows NT under the skin. This just shows how those extremely old Windows versions are still making our current Windows versions work.
all windows version share the same kernel since XP, so yeah its all Windows NT with funky skins under the hood
I wonder if there is a way to enable the classic NT skin in windows 10 or 11
@@trabant601eprobably lol
@@trabant601e same im wondering that too, I mean windows xp, vista, and 7 all let you enable the classic theme in the settings
Not really all that surprising. NT was designed to last as long as it has, and there's no point completely re-writing an OS like Windows from scratch.
I wanted to know this since i was a kid, why anyone can explain this on internet?
You re a legend
Huh?
@@mrowlsss you search on internet how bsod works, and you get "bsod is a Windows error", Enderman even explains with code
someone did search him up he is called @laglife
the comment you replied with was removed by youtube btw, can't see it normally
@@uninable oh i was just saying laglife made a video similar to this!
Seeing the "not responding" process hacker window begs a question I've had since I was a child:
How do "not responding" windows actually work behind the scenes - specifically, since it has the transparent white covering the window; the restore up/down button grayed out; and the close button is extremely red even if you aren't hovering over it.
(Good luck with IRL, I can't imagine working two jobs and then having to go to class.)
They don't, literally. They don't respond to the OS, hence the "not responding" indicator.
The ghost window (transparent white overlay) is a DWM feature to indicate non-responsive windows. The close icon glows red to inform you about the feature that asks you to terminate the non-responding window's process if you click the close button.
@@DanielClear2then how to terminate it? It should be possible even with crss terminated.
@@adex345 I'm no expert, but afaik task manager already has some extreme perms when it comes to killing programs. I guess you could theoretically kill one even faster by just letting a programme unasign the memory and zeroing it out, but idfk whether or not that would work. Probably risks data-damage.
@@adex345 It triggers the " is not responding" pop-up. If you say "Close the program", it terminates the process after the pop-up is closed _(you don't have to wait for Windows diagnostics, you can just close it)._
@dagda1180 Task Manager always runs as Administrator. It doesn't have much more elevation. Win32 has an API to kill any process, even without admin privileges, but you require admin privileges when you want to terminate a process owned by Administrator or higher. Even administrators may not kill some SYSTEM owned processes.
@@DanielClear2 I'm kinda interested in where those protocols for the unique "not responding" window displays are called/stored. I always found it interesting lol
8:44 y'all windows 11 with basic theme before gta 6
@@This77577 classic actually
@@cool-jd8hg my bad
Another excellent peek behind the curtain :) Seriously though, "slacking"? My guy! You have two jobs and uni on top of that! Please, don't ever feel bad about you and your real life first. Your work is a joy to witness, whenever it comes out. We'll be here when things ease up. Take it easy, man.
I thought it would just freeze or glitched out wow, modern windows are pretty robust compared to older NT versions
I know right? Yet people still say that Windows is constantly getting worse - Well, in a lot of areas on an technical level for things unrelated to privacy but just user experience in general, yes, yes it is, but it is also getting more durable in some areas. If Microsoft was a company more respectful of user choices regarding software they wish to use or privacy but also continued with things like this without going to the extremes of open-source such as Linux where anything and everything must be completely open, even at the cost of practical usability, that would be great, but they aren't that.
Yeah new versions of windows are very robust against system crashes. Until you update your AMD drivers and your system bootloops
I wonder if instead of outright removing the BSOD, we could use this to create a more useful bugcheck that doesn't instantly shut down the system and lets the user look through what went wrong right away
That would confuse people that don’t have computer knowledge
@@Dogappel they shouldn't use it?
From what i know, windows does throw some crashlog into a folder somewhere
5:29
So BSODs can actually come from different levels of the OS? Is that why older versions of Windows had 2 separate BSODs depending on the crash?
You can trigger a BSoD from everywhere as long as you are running your code in kernel mode. The procedure that triggers the BSoD in modern Windows is called KeBugCheck2 but driver developers are advised to only call the officially documented KeBugCheck and KeBugCheckEx calls (which in turn call KeBugCheck2) in case they want to shutdown (crash) the computer if their driver misbehaves. A Windows kernel developer who writes internal kernel code might not give a shit about the wrappers for whatever reason and will just call the main bugcheck function directly. Obviously there’s nothing stopping a driver developer from doing that too but why would they use undocumented calls?
I love there there are different levels to know how badly messed up is your system.
You have the:
Windows 10 theme - fine.
Windows 7 theme - somethings wrong
Windows 95 theme - something is VERY VERY wrong
Win10 Theme - normal
Win7 Theme - DWM is fucking dead fucking hell
Win95 Theme - DEAR FUCKINJG GOD WHAT HAPPEND
nothing at all- your windows install is cooked
Wow how scary is this? I was literally thinking a few hours ago 'what happens when a Windows PC Blue Screens' then after finishing work and having a look on YT, this video pops up. Awesome.
*edit* never had so many likes before. Thanks everyone
Windows 98 did it better
@@CamelCasee didn't know it was a competition
I love metro lol
@@acasualmusiclistener7919 With windows 98 you can return to windows from a bsod and attempt to use the crashed system
Joke Elon Musk read ur mind and gave it to google
Best of luck with your Uni whatever is going on with it brother
I still remember watching this channel before I knew english, just trying to do the exact same thing that he does for no reason.
For a non native English speaker, your English is very good, better than than some native speakers I've seen
@@novafurrytrue, some people dont know how to type 😭
Your grammar is good, you even use the informal word 'just' to make your points. It's pretty impressive.
@@defautluser0 true bro 💀
@@DapcsMasta solo se leer inglés 😭
That’s quite an extreme way to get the classic theme back, would be nice to at least get a notification that the pc would have given a blue screen, then you can save your work and restart (or grab your phone and film what you have written, so you don’t have to retype from memory)
The brother's keyboard is an ancient piece of history, The brother has stolen the keyboard from a museum.
Finnaly. After days
Days? I thought it was months... I think I am right.
@@75rxREDSTONE 2 months to be exact
Don’t tell him he misspelled
Dont tell him he mispelled
@@75rxREDSTONE it was not exactly 2 month, so I like to just say it days
and we have yet to see what happens to windows when you run taskkill on all svchost processes as admin with NMBC.
that was the one thing i was excited for xD
I wonder what would happen on older versions of Windows? I'm not referring to Windows 9x old, probably Vista or XP at the absolute oldest
Windows 9x isn't even capable of using KeBugCheck since they're not NT versions.
@@avi8aviate I know, which is why I said that
Either not much visible... freezing or instability (lots of error boxes, items not running), or worse, data corruption
9x can't properly bluescreen, you can still get a bsod but you can just close it
Why not Windows NT 3.51 and 4.0?
3:18 nice keyboard
This is like congenital insensitivity to pain for Windows
You don't have to apologize for anything. Life happens, and we are grateful for your channel to exist at all. Take your time for uploads if you require it.
nice to see windows 11 still has a windows 7 looking classic theme under it
Set an app to use Windows Vista and admin compatibility and it shows the Windows 7 theme
you just havent only got windows to continue and ignore a BSoD, you just got your brain to ignore one as well. respect for your cool vids plus hard work plus university!
finally dude, i’ve been waiting for so long. i literally were re-watching your old vids of boredom, hella missed u
imagine deleting system32 and your system just doesn't bluescreen.
That would be hilarious
Your system would still crash without a BSOD, sadly
"Process Hacker" is "System Informer" now. And we have Dark theme support in both.
This is a very 2021-ish video from you
I would LOVE to see what happens if you do this with an unstable over lock causing random memory corruption. I think that would be fascinating!
1:29 quality timing
0:42 litteraly explanation of crowdstrike errors
Windows at times is doing some interesting stuff in the background for many things. I once was able to completely corrupt my windows registry in a late build of pre-release win11, and (predictably) windows crashed. But the BSoD was green instead. I then found out that the background of the BSoD (since win8) is just a value in the registry. why? no clue, but that's what Microsoft did and it is in some way cool to see
windows rn: LET ME DIE, BRIAN
you: nuh-uh
Fun fact: you can actually get an idea of what would happen if you managed to completely terminated "csrss.exe" without triggering a blue screen by simply suspending it. Although you'll need to do that with older versions of Windows, As Windows 10 and 11 are programmed to make it near impossible to mess with system processes.
But yeah, if you was able to completely terminate the "csrss.exe" and the system didn't blue screen, the system will continue running but everything on the display will stop being updated except for a few things like some of the text (if any) displayed on screen and you'll no longer be able to interact with the system. Like I said the start of this comment, you can simulate this by simply suspending "csrss.exe".
What about NoEscape (Trojan) + NMBC? Especially final payload where NoEscape triggers Blue Screen.
Two Great Things Happened today: 1: You uploaded 2: My IPAD Got fixed!
Nice!
Man, I swear! Windows 11 is goated! Mainly because of its unique design, and dope vid, glad to see you back!
nice model m keyboard! i see you took inspiration from danooct1 who uses that as his main keyboard.
-i totally didn’t already make a video on this driver a year ago-
lol
its such a niche project - no way he didnt at least see your video first
i got an idea, What happens if you delete the blue screen trigger file, and just caused a bluescreen?
Great! Now no one who watches this video can ever consider working on ReactOS. What a banger. /s
Lol
Wake up babe, new enderman video dropped
I genuinely love watching your vids
they’re so interesting
Damn... He is using the legendary keyboard.
I always love stuff like this. It's crazy how you can break things when you really want to, and know how to.
Not that I ever plan on coming back to windows unless I'm dragged there by force, but this type of thing will always fascinate me no matter the OS
Anyway, always remember to take care of yourself. I don't think anyone here minds you taking time for your mental health, and doing whatever needs to be done.
You know you went too far when you see the windows 95 interface on a recent build
非常に興味深い動画、助かります!
7:35 クラシックテーマはWindows 11でも健在のようですね。
クラシックテーマに変わったエクスプローラーで右クリックメニュー開いたらどのような見た目になるだろう?
2 jobs, university AND youtube? you're a beast!
Yayy a new video! Definitely enjoyed all these BSOD’s
4:25 Ascence - About you
7:34 is this where it crashed
Its nice that you uploaded to keep the stupid youtube algorithm from ghosting you and drowning your channel but please also take your time to recover and to focus on your mental health cause we real fans will always watch out for new videos
FINALLY YOU POSTED, dude I watched ur videos today AND YOU POST TODAY?
OMG NO WAY U HEARTED MY COMMENT
Another good video released! Anyways, weird to see such modern slang as "cooked" in an Endermanch video.
Love this type of content lol, even if it's useless or useful shit but its interesting.
Make :can you remove the desktop manager (graphical environment) in windows
Plzz it is soo cool
Finally someone did this, i been curious whats behind the blue screen
great video, good luck with the university and the 2 jobs
been here since you were just a tiny channel, great content and goodluck with the semester!
The old theme on windows 11 looks so weird.
Last week I closed adobe illustrator and saw the title bar switch to older themes like crazy. Idk why that happens, guess they never delete/replace, but update over what's done
Amazing vid enderman keep it up :DD
bro be waking up the nostalgia with these songs
Make an noescape 2.0 with this!
Probably the last payload can be seeing the system slowly crumble and glitch out...
It's a golden (coocked) goose of content. I was always wandering what happen if bsod will be turn off. But still im wondering if you can make it so bad, so you create corupted code, wich will overwrite itself in ram/disc C?
Is it possible to corrupt code so bad, so it will destroy UEFI and bricks computer?
Dont end this content with only one video
Hey!, Great Video, Really Enjoyed it while eating my lunch, but i got a question, What keyboard do you use? I thought it was quite a cool keyboard lol.
IBM model M probably
Windows gets angry and refuses to do anything.
Makes sense.
FINALLY YOU MADE A VIDEO I'VE BEEN WANTING FOR AGES!
Glad to see you back! (Algorithm goes brrrr)
thanks for putting songs names and this amazing video of course
YOU ARE BACK :) I am subscribed as always :)
You should use that like wininit trick in powershell if you ever wanted to
i didn't know you played gd??????
>buys snowfall all
>looks inside
>bubbles
He does, and he used a bunch of GD songs in his videos
@@APPLP1E limbo gave it away.
edit: stop asking which video i forgot
@@i_am_called_glitchy nobody asked bro 😭
@@龗 wrong universe, sorry
This is just a PERFECT driver for my pc that crashes every 30min when I play games with music.
1:06 , wait, android studio can edit other things than apks?!
the program shown in the video is jetbrains clion. its interface is similar to other programs from jetbrains, and android studio is based on jetbrains intellij idea
nortchot I was about to say the same thing 💀
Everytime Enderman Uploads, It Makes My Day Better
You never felt a surprise me when it comes to technology
missed your videos man glad your back!
What a great music! And informative video.
Darn... It was interesting to check it out!
Thanks! Good luck with the studies and work! ^&^
I forgot about this channel I'm glad I came across it again
Finally you're back! Make videos more often.
7:20 wow, real cooperative multitasking on windows ;)
Hey good luck with uni bro :)
Take care of urself!!
This is ridiculous! Thank you very much for telling us all of these secretes about windows.
Happy to see that endermanch is back!
this dude and flytech would make an excellent duo
IIRC They did collab before
Welcome back buddo! Love your videos!!
It's like looking behind a loading screen but not. Funny it shows all individual Window objects in framed windows, even the task bar and maybe its icons!
Hey Mr.Enderman, i really enjoy your videos. But I really enjoy those alot more, where you speak instead of the text on screen. I read your description and you seem to be very busy, so no pressure. Just some feedback. Otherwise, great video as always! Keep up the great work!
I wish this video was on the internet in early 2010's... I hated those uniformative crashes...
Super interesting. I had never thought about what was going on in the background.
Although I didn't understand in the end, why you can't start explorer.exe but when you type C: in the run box it actually opens an explorer window. Is the explorer window in Windows 11 separate from the rest of the graphical interface that controls explorer.exe?
Explorer is still running. What he killed was winlogon.exe
If the bsod is a kernel app then explorer.exe is still running
@@w.dgaming1 Nope. BSOD is a kernel app which safely shutdowns every app and restart your computer to prevent damages. Explorer.exe is a program running in C:\Windows, and is not related to BSOD
Omg enderman uploaded!!!
Nice! I've been waiting for this for a while.
not what i expected to see today but i love it
This is something i always wondered about.
7:47 since when do you use the word cooked? (love ur vids, keep it up)
Hey nice video ! Where did you find the Run As Trusted Installer plugin for PH? I cannot find anymore
On their GitHub archive, it's archived now, if I recall correctly, the plugin is considered deprecated