[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] bug in windows "on_reboot = 'preserve'"

Following is a way to make system crash from keyboard.


Forcing a System Crash from the Keyboard

A system crash can be directly caused from most keyboards. In Windows XP, this feature is available on i8042prt ports (PS/2 keyboards), while in Windows Vista and later, it is available on USB keyboards as well. It can also be fully configured to accommodate various keyboards using the registry key settings.

Two preparations must be made before this can be done:

  1. If you wish a crash dump file to be written, you must enable such dump files, choose the path and file name, and select the size of the dump file. For details, see Enabling a Kernel-Mode Dump File.
  2. With PS/2 keyboards, you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters, create a value named CrashOnCtrlScroll, and set it equal to REG_DWORD 0x1 (or any nonzero value).
  3. With USB keyboards, you must set the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters and create a value named CrashOnCtrlScroll, and set it equal to REG_DWORD 0x1 (or any nonzero value).

    Note  There is a limitation with the Kbdhid.sys driver that allows you to generate the memory dump process by using a USB keyboard. The CTRL+SCROLL LOCK+SCROLL LOCK keyboard shortcut does not work if the computer stops responding at a high interrupt request level (IRQL). This limitation exists because the Kbdhid.sys driver operates at a lower IRQL than the i8042prt.sys driver. For more information on using this feature with the USB keyboards, refer to the article  Generate a memory dump file by using the keyboard.

The system must be rebooted before these changes will take effect.

After this has been done, the keyboard crash can be initiated as follows. Hold down the rightmost CTRL key, and press the SCROLL LOCK key twice.

It is possible for a system to freeze in such a way that this CTRL+SCROLL LOCK+SCROLL LOCK sequence will not work. However, this should be a very rare occurrence. The CTRL+SCROLL LOCK+SCROLL LOCK crash initiation will work even in many instances where CTRL+ALT+DELETE does not work.

The system then calls KeBugCheck and issues bug check 0xE2 (MANUALLY_INITIATED_CRASH). Unless crash dumps have been disabled, a crash dump file is written at this point.

If a kernel debugger is attached to the frozen machine, the machine will break into the kernel debugger after the crash dump file has been written.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.