Normally, a blue screen of death crash (BSOD) in Windows would cause your PC to automatically restart, but programmer NSG650 (via NTDEV) has created a driver that instead makes your PC boot up a Linux emulator. While this driver is more of a novelty than it is actually useful, it’s an ingenious showcase of how to exploit features in software by simply using them in an unintended way.
The way this driver works is actually pretty simple — it just uses the built-in bug check callback feature in Windows. A bug check is just the technical name for a crash or BSOD, and when a bug check happens, Windows wants to know why. As part of the bug check callback routine, drivers can “reset a device to a known state,” per Microsoft’s Windows coding handbook. In other words, it can still run code after a crash.
While most drivers would use this opportunity to add diagnostic data to the crash dump file, NSG650’s driver inserts a RISC-V Linux emulator, which might be a slight misuse of the bug check callback function in Microsoft‘s eyes. To be clear, this is not to be confused with a PC with dual booting, which means it has both Windows and Linux installed.
You won’t be able to do much in this emulator because it’s basically just DOS or a command line operating system rather than something fully fleshed out like Ubuntu or Arch Linux. You can’t even backspace if you make a typo, and you have to use caps lock instead of shift to capitalize; that’s how limited this emulator is.
However, this RISC-V Linux emulator is incredibly tiny and only clocks in at 400 lines of code. By contrast, the full Linux kernel alone has millions of lines. It would seem that either it wasn’t possible to run a full Linux distro, or it was simply too much of a hassle to get it to work, which would be a fair reason given that this isn’t something anyone is likely to seriously use.
While this driver is more or less just a funny joke about Windows and Linux, it does bring up the possibility of doing more with the same bug check callback feature. It’s not clear what you can and can’t do, but if it’s possible to run an emulator after crashing, then surely it’s possible to do other things, too. That’s all assuming Microsoft doesn’t revisit this feature of Windows and concludes it’s just a bit too easy to exploit.
The post Driver hack lets you run Linux after Windows BSODs, no reboot required — bug check fallback allows running programs after the OS crashes | Tom’s Hardware first appeared on www.tomshardware.com