What happens behind the Blue Screen of Death?
Вставка
- Опубліковано 7 лют 2025
- Hello, my friends! Let's hit 20K likes? Check out my website! enderman.ch
Let me preface this by apologizing for not uploading for 80 days. It's been a rough year for me with lots of headache all around - 2 jobs with the university combined is not a joke... Today I am going to show you how the blue screen is called, and what actually happens behind the blue screen of death, completely turning it off in the user-mode space using NoMoreBugCheck by NSG650.
Links:
NoMoreBugcheck - go.enderman.ch...
Windows Defender Remover - go.enderman.ch...
ProcessHacker - go.enderman.ch...
Password:
mysubsarethebest
Still got questions? Don't hesitate, send them to contact@enderman.ch!
Hope you have a great day!
#endermanch #experiments #windows
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Hey there!
Thank you so much for checking out my project!! I really appreciate it.
I hope to see more great content like this!
Thank you once again!
Wowie
wowza
yoooo nsg here
@@subwayz_qt5 yooo
hi nsg LMAO
Video idea: combine NMBC with another driver that lets you read and write to random kernel objects / structures. Then combine it with a random chance corruption algorithm, so it would kinda be like RegFuck but for in-memory kernel structures. Now obviously this would crash 99% of the time but with NMBC I think it could have some cool payloads.
man pinned already
YESSSSSSSSS thats a great idea! I did something like that some time ago, I was trying to defeat BSOD by returning with WinDbg, but it really crashes almost all time, but with a driver it will be more automatic and will create nice glitches
Windows is so verbose. I want to see what happens with all the safties pulled put
Pinned? Alright.
YEAH!
Using this is like disabling your house’s circuit breakers, or your car’s fuse box, or, for a bit more of an unusual one, your body’s vomit reflex. All of those are meant to be safety mechanisms, and the Windows BSOD is one too.
fr
context for classic theme at the end: classic theme is basically windows without a theme.
the themesection handle inside winlogon handles theming, winlogon dies so themesection dies with it so windows reverts to classic theme.
notice how the scrollbar and all the controls inside process hacker turns into a 95 style once winlogon dies. after that happened, few seconds later dwm dies which makes windows use user/win32k (nt4/xp style) rendering and since themes are dead, it uses classic theme for decorations (normally dwmless windows uses basic theming, but classic theme is used because theming is dead)
if anyone knows this better than i do, correct me in the comments, thanks!
disabling dwm gives you basic theme
@@SOTP. yeah, but if themesection dies it gives classic theme. you can also get the same effect by deleting the resources folder (while you renamed dwminit etc)
@@tflsh exactly!
@s502russia you can manually enable it but its not recommended
So windows has themes built in but doesn't give access to the user?
Your vast knowledge of computers and interesting theories you test has added to my desire to learn computing. I have watched you for a really long time and how your content has evolved! Keep up the great work, heartfelt thanks ❤
I wanted to know this since i was a kid, why anyone can explain this on internet?
You re a legend
Huh?
@@mrowlsss you search on internet how bsod works, and you get "bsod is a Windows error", Enderman even explains with code
someone did search him up he is called @laglife
the comment you replied with was removed by youtube btw, can't see it normally
@@uninable oh i was just saying laglife made a video similar to this!
Hey dude, make sure that you priorize your mental health first. If you need a break to do work and uni, most of us will understand. Take care 👋
But UA-cam algorithms will not, sadly.
You know, on UA-cam, when it's a comeback, it always gets popular. @@tapafon_red
7:44 WOW. It really is just Windows NT under the skin. This just shows how those extremely old Windows versions are still making our current Windows versions work.
all windows version share the same kernel since XP, so yeah its all Windows NT with funky skins under the hood
I wonder if there is a way to enable the classic NT skin in windows 10 or 11
@@trabant601eprobably lol
@@trabant601e same im wondering that too, I mean windows xp, vista, and 7 all let you enable the classic theme in the settings
Not really all that surprising. NT was designed to last as long as it has, and there's no point completely re-writing an OS like Windows from scratch.
Another excellent peek behind the curtain :) Seriously though, "slacking"? My guy! You have two jobs and uni on top of that! Please, don't ever feel bad about you and your real life first. Your work is a joy to witness, whenever it comes out. We'll be here when things ease up. Take it easy, man.
Seeing the "not responding" process hacker window begs a question I've had since I was a child:
How do "not responding" windows actually work behind the scenes - specifically, since it has the transparent white covering the window; the restore up/down button grayed out; and the close button is extremely red even if you aren't hovering over it.
(Good luck with IRL, I can't imagine working two jobs and then having to go to class.)
They don't, literally. They don't respond to the OS, hence the "not responding" indicator.
The ghost window (transparent white overlay) is a DWM feature to indicate non-responsive windows. The close icon glows red to inform you about the feature that asks you to terminate the non-responding window's process if you click the close button.
@@DanielClear2then how to terminate it? It should be possible even with crss terminated.
@@adex345 I'm no expert, but afaik task manager already has some extreme perms when it comes to killing programs. I guess you could theoretically kill one even faster by just letting a programme unasign the memory and zeroing it out, but idfk whether or not that would work. Probably risks data-damage.
@@adex345 It triggers the " is not responding" pop-up. If you say "Close the program", it terminates the process after the pop-up is closed _(you don't have to wait for Windows diagnostics, you can just close it)._
@dagda1180 Task Manager always runs as Administrator. It doesn't have much more elevation. Win32 has an API to kill any process, even without admin privileges, but you require admin privileges when you want to terminate a process owned by Administrator or higher. Even administrators may not kill some SYSTEM owned processes.
@@DanielClear2 I'm kinda interested in where those protocols for the unique "not responding" window displays are called/stored. I always found it interesting lol
I love there there are different levels to know how badly messed up is your system.
You have the:
Windows 10 theme - fine.
Windows 7 theme - somethings wrong
Windows 95 theme - something is VERY VERY wrong
Win10 Theme - normal
Win7 Theme - DWM is fucking dead fucking hell
Win95 Theme - DEAR FUCKINJG GOD WHAT HAPPEND
nothing at all- your windows install is cooked
I wonder if instead of outright removing the BSOD, we could use this to create a more useful bugcheck that doesn't instantly shut down the system and lets the user look through what went wrong right away
That would confuse people that don’t have computer knowledge
@@Dogappel they shouldn't use it?
From what i know, windows does throw some crashlog into a folder somewhere
Yeah, Its called crash dump that can be viewed on event viewer. @@linnymiddy
windows rn: LET ME DIE, BRIAN
you: nuh-uh
I thought it would just freeze or glitched out wow, modern windows are pretty robust compared to older NT versions
I know right? Yet people still say that Windows is constantly getting worse - Well, in a lot of areas on an technical level for things unrelated to privacy but just user experience in general, yes, yes it is, but it is also getting more durable in some areas. If Microsoft was a company more respectful of user choices regarding software they wish to use or privacy but also continued with things like this without going to the extremes of open-source such as Linux where anything and everything must be completely open, even at the cost of practical usability, that would be great, but they aren't that.
Yeah new versions of windows are very robust against system crashes. Until you update your AMD drivers and your system bootloops
@@ChocoRainbowCorni was with you until you started hating on open source and conflating copyright licenses with user experience design. you are right in that of Microsoft started respecting user choices and privacy the software would be much better, but you are wrong about copyright licenses having anything to do with user experience or usability. besides, lots of open source software including many linux distros have great UX. there are also bad ones in terms of UX, but there are also bad closed source software in terms of UX too and a lot of it
Wow how scary is this? I was literally thinking a few hours ago 'what happens when a Windows PC Blue Screens' then after finishing work and having a look on YT, this video pops up. Awesome.
*edit* never had so many likes before. Thanks everyone
Windows 98 did it better
@@CamelCasee didn't know it was a competition
I love metro lol
@@acasualmusiclistener7919 With windows 98 you can return to windows from a bsod and attempt to use the crashed system
Joke Elon Musk read ur mind and gave it to google
I still remember watching this channel before I knew english, just trying to do the exact same thing that he does for no reason.
For a non native English speaker, your English is very good, better than than some native speakers I've seen
@@novafurrytrue, some people dont know how to type 😭
Your grammar is good, you even use the informal word 'just' to make your points. It's pretty impressive.
@@defautluser0 true bro 💀
@@DapcsMasta solo se leer inglés 😭
The brother's keyboard is an ancient piece of history, The brother has stolen the keyboard from a museum.
His keyboard gives a little retro feel tbh, but it should sound great probs. I would get one if I ever had the chance to if my keyboard ever breaks or something else happens
5:29
So BSODs can actually come from different levels of the OS? Is that why older versions of Windows had 2 separate BSODs depending on the crash?
You can trigger a BSoD from everywhere as long as you are running your code in kernel mode. The procedure that triggers the BSoD in modern Windows is called KeBugCheck2 but driver developers are advised to only call the officially documented KeBugCheck and KeBugCheckEx calls (which in turn call KeBugCheck2) in case they want to shutdown (crash) the computer if their driver misbehaves. A Windows kernel developer who writes internal kernel code might not give a shit about the wrappers for whatever reason and will just call the main bugcheck function directly. Obviously there’s nothing stopping a driver developer from doing that too but why would they use undocumented calls?
I love how the programs crash the PC when the driver misbehaves, its like putting a misbehaving kid in a timeout lol
@@klausschmidt982
You don't have to apologize for anything. Life happens, and we are grateful for your channel to exist at all. Take your time for uploads if you require it.
Best of luck with your Uni whatever is going on with it brother
This is like congenital insensitivity to pain for Windows
Finnaly. After days
Days? I thought it was months... I think I am right.
@@75rxREDSTONE 2 months to be exact
Don’t tell him he misspelled
Dont tell him he mispelled
@@75rxREDSTONE it was not exactly 2 month, so I like to just say it days
and we have yet to see what happens to windows when you run taskkill on all svchost processes as admin with NMBC.
that was the one thing i was excited for xD
finally dude, i’ve been waiting for so long. i literally were re-watching your old vids of boredom, hella missed u
That’s quite an extreme way to get the classic theme back, would be nice to at least get a notification that the pc would have given a blue screen, then you can save your work and restart (or grab your phone and film what you have written, so you don’t have to retype from memory)
3:18 nice keyboard
nice to see windows 11 still has a windows 7 looking classic theme under it
0:42 litteraly explanation of crowdstrike errors
I wonder what would happen on older versions of Windows? I'm not referring to Windows 9x old, probably Vista or XP at the absolute oldest
Windows 9x isn't even capable of using KeBugCheck since they're not NT versions.
@@avi8aviate I know, which is why I said that
Either not much visible... freezing or instability (lots of error boxes, items not running), or worse, data corruption
9x can't properly bluescreen, you can still get a bsod but you can just close it
Why not Windows NT 3.51 and 4.0?
you just havent only got windows to continue and ignore a BSoD, you just got your brain to ignore one as well. respect for your cool vids plus hard work plus university!
I would LOVE to see what happens if you do this with an unstable overclock causing random memory corruption. I think that would be fascinating!
This is a very 2021-ish video from you
1:29 quality timing
nice model m keyboard! i see you took inspiration from danooct1 who uses that as his main keyboard.
8:44 y'all windows 11 with basic theme before gta 6
@@This77577 classic actually
@@cool-jd8hg my bad
I genuinely love watching your vids
they’re so interesting
Man, I swear! Windows 11 is goated! Mainly because of its unique design, and dope vid, glad to see you back!
bro be waking up the nostalgia with these songs
Windows at times is doing some interesting stuff in the background for many things. I once was able to completely corrupt my windows registry in a late build of pre-release win11, and (predictably) windows crashed. But the BSoD was green instead. I then found out that the background of the BSoD (since win8) is just a value in the registry. why? no clue, but that's what Microsoft did and it is in some way cool to see
"Process Hacker" is "System Informer" now. And we have Dark theme support in both.
I always love stuff like this. It's crazy how you can break things when you really want to, and know how to.
Not that I ever plan on coming back to windows unless I'm dragged there by force, but this type of thing will always fascinate me no matter the OS
Anyway, always remember to take care of yourself. I don't think anyone here minds you taking time for your mental health, and doing whatever needs to be done.
Wake up babe, new enderman video dropped
Its nice that you uploaded to keep the stupid youtube algorithm from ghosting you and drowning your channel but please also take your time to recover and to focus on your mental health cause we real fans will always watch out for new videos
You know you went too far when you see the windows 95 interface on a recent build
Fun fact: you can actually get an idea of what would happen if you managed to completely terminated "csrss.exe" without triggering a blue screen by simply suspending it. Although you'll need to do that with older versions of Windows, As Windows 10 and 11 are programmed to make it near impossible to mess with system processes.
But yeah, if you was able to completely terminate the "csrss.exe" and the system didn't blue screen, the system will continue running but everything on the display will stop being updated except for a few things like some of the text (if any) displayed on screen and you'll no longer be able to interact with the system. Like I said the start of this comment, you can simulate this by simply suspending "csrss.exe".
when BSOD crashes you get a Black Screen of Death (BSOD)
What I want explained is why certain BSOD codes (Especially before Windows 8) display completely differently from others. Stuff like why NTSTATUS codes (Specifically C000XXXX codes) make Windows handle the crash very differently (Often giving little information and not even saving a crash dump), and why 0x80 (NMI_HARDWARE_FAILURE) just says "Hardware Malfunction" (It doesn't even display a Stop code), and why certain error codes display different troubleshooting info than others, alongside why some error codes have significantly different strings attached (Like why does 0xF4 display "A process or thread crucial to system operation has unexpectedly exited or been terminated." as opposed to "CRITICAL_OBJECT_TERMINATION")
Great! Now no one who watches this video can ever consider working on ReactOS. What a banger. /s
Lol
FINALLY YOU POSTED, dude I watched ur videos today AND YOU POST TODAY?
OMG NO WAY U HEARTED MY COMMENT
Yayy a new video! Definitely enjoyed all these BSOD’s
i don't know if i had seen a bsod crashing once but your first mention in the beginning of the video reminded me of my own personal experiences with my first laptop. this is where sometimes i would end up accidently moving the monitor screen on my laptop (somehow), leading to it going unresponsive, but the main thing that this rings a bell to is when my computer randomly crashed, leading to a sudden smaller verison of the screen inverted (i can't tell if it's exactly inverted as even though i had a custom desktop background, it had something like the inverted version of the default windows background) before my screen went black and the computer went unresponsive.
i don't have this computer anymore TECHNICALLY since it stopped accepting any charges and had begun to lag terribly due to something likely failing. it is still in the house but the computer is likely wiped by now. but i don't know if this might be an example of a BSOD crashing or something. since it feels like a BSOD should have been there but didn't happen.
this was on a acer laptop.
Damn... He is using the legendary keyboard.
Enderman: It's fine:
Windows: *in the middle of a panic attack*
4:25 Ascence - About you
The old theme on windows 11 looks so weird.
Last week I closed adobe illustrator and saw the title bar switch to older themes like crazy. Idk why that happens, guess they never delete/replace, but update over what's done
Two Great Things Happened today: 1: You uploaded 2: My IPAD Got fixed!
Nice!
2 jobs, university AND youtube? you're a beast!
Amazing vid enderman keep it up :DD
Finally someone did this, i been curious whats behind the blue screen
been here since you were just a tiny channel, great content and goodluck with the semester!
Love this type of content lol, even if it's useless or useful shit but its interesting.
Another good video released! Anyways, weird to see such modern slang as "cooked" in an Endermanch video.
missed your videos man glad your back!
i got an idea, What happens if you delete the blue screen trigger file, and just caused a bluescreen?
Hey Mr.Enderman, i really enjoy your videos. But I really enjoy those alot more, where you speak instead of the text on screen. I read your description and you seem to be very busy, so no pressure. Just some feedback. Otherwise, great video as always! Keep up the great work!
FINALLY YOU MADE A VIDEO I'VE BEEN WANTING FOR AGES!
Hey!, Great Video, Really Enjoyed it while eating my lunch, but i got a question, What keyboard do you use? I thought it was quite a cool keyboard lol.
IBM model M probably
YOU ARE BACK :) I am subscribed as always :)
Only one, small question: We see this in a lot of your videos where you mess with Windows to such an high degree and everything either breaks apart or just stops working properly, eventually stops working completely - It would appear that the old Windows NT/Classic theme from Windows 2000 and earlier still exists inside of Windows code? Later in the video where you kill several processes and do these other things, the open windows downgrade visually to these old styles. So I'm just curious if the theme still exists or if it's simply the rendering for modern Windows 10/11 themes that's broken. It could be either of those things when we consider just how much old stuff and code exists in Windows even in Windows 11 without ever being touched, but the curiosity remains, like, you know, just what is up with this. I don't have the kind or level of knowledge that you and many people commenting under your videos do, so it makes me curious to know more if you know anything about that.
What should Windows should do but it didnt when Process Hacker Crashed: If an taskbar program crashes windows will throw an window which informs you that the *Program has crashed* and then you have 2 options: 1. *Close it* (Windows will force the program to close) and 2: *Wait for the program to unfreeze* (You can still make Windows force the frozen program to close by terminating it with Task Manager or Process Hacker or other Task manager-styled programs) It hapenned on mine thats why i made this comment
Edit: This took a while to made this comment
Welcome back buddo! Love your videos!!
It's a golden (coocked) goose of content. I was always wandering what happen if bsod will be turn off. But still im wondering if you can make it so bad, so you create corupted code, wich will overwrite itself in ram/disc C?
Is it possible to corrupt code so bad, so it will destroy UEFI and bricks computer?
Dont end this content with only one video
great video, good luck with the university and the 2 jobs
0:21 wow, so even BSODs can BSOD?
Maybe even Bsod's Bsod can Bsod
What about NoEscape (Trojan) + NMBC? Especially final payload where NoEscape triggers Blue Screen.
Lol there's a escape I fx it
Or Solaris. Although, I'm not sure if it would actually do anything more impressive than its actual payload if the system just ignores the bluescreen
Make :can you remove the desktop manager (graphical environment) in windows
Plzz it is soo cool
thanks for putting songs names and this amazing video of course
Nice! I've been waiting for this for a while.
This video just came at a fitting time because I just saw someone else's computer bluescreened by itself before I watched this video.
Hey good luck with uni bro :)
Take care of urself!!
This is just a PERFECT driver for my pc that crashes every 30min when I play games with music.
This music throws me back to easier times wow
非常に興味深い動画、助かります!
7:35 クラシックテーマはWindows 11でも健在のようですね。
クラシックテーマに変わったエクスプローラーで右クリックメニュー開いたらどのような見た目になるだろう?
I wish this video was on the internet in early 2010's... I hated those uniformative crashes...
wow that's actually pretty cool and weird at the same time
U should fix a computer in my school that always crashes
Happy to see that endermanch is back!
Now I love the BSOD and want to hug it.
When recall comes out to windows 11 are you going to make a video about how to completely destroy, obliterate, exterminate, eliminate, and disintegrate it?
good luck with everything you’re dealing with btw
You should use that like wininit trick in powershell if you ever wanted to
The moment when Einfach nur Niko removed the sponsorship...
Windows gets angry and refuses to do anything.
Makes sense.
This is something i always wondered about.
I love these kinds of vids,thanks enderman,make more plzz😊
Darn... It was interesting to check it out!
Thanks! Good luck with the studies and work! ^&^
It's like looking behind a loading screen but not. Funny it shows all individual Window objects in framed windows, even the task bar and maybe its icons!
finally i know what's behind the blue screen!!
Super interesting. I had never thought about what was going on in the background.
Although I didn't understand in the end, why you can't start explorer.exe but when you type C: in the run box it actually opens an explorer window. Is the explorer window in Windows 11 separate from the rest of the graphical interface that controls explorer.exe?
Explorer is still running. What he killed was winlogon.exe
If the bsod is a kernel app then explorer.exe is still running
@@w.dgaming1 Nope. BSOD is a kernel app which safely shutdowns every app and restart your computer to prevent damages. Explorer.exe is a program running in C:\Windows, and is not related to BSOD
the driver works but gives me a critical structure corruption bsod after some time (cant really complain tbh) still very good video
Glad to see you back! (Algorithm goes brrrr)