The whole idea of an operating system is that a user program can't crash it under normal conditions. Of course you could still do something like exhaust the disk space on a partition that is used for a swap file and that would impair many operating systems or you could find a known vulnerability but there's no very easy way to reliably crash it.
For Windows one possibility is to write a kernel mode driver which locks some memory pages owned by a process and then terminate that process. Will result in a BSOD "Process has locked pages".
Linux: Even though not strictly crashing the OS, you can quite easily make it unusable by allocating lots of memory (and read/writing it for the allocation to actually become effective and make the OS swap a lot) and by forking lots of processes. "Fork bomb" is the keyword and can even be done in shell script.
在虚拟机(vmware、VirtualBox)内部运行并简单地终止 VM 进程。或者,您可以给它非常低的优先级,删除设备,或以其他方式模拟坏事。
使用具有管理控制台的服务器。这将有一个可以简单地关闭设备的 API。
如果您希望从操作系统本身崩溃,其他许多建议都是很好的。这些软件崩溃可能有助于重现恶意进程。一组类似的与硬件相关的崩溃也可能发生(例如降低可编程风扇的速度和使 CPU 过热)。
您的请求背后的原因实际上非常重要,因为所有不同的故障都会产生略有不同的结果。
I think the reason why you want to crash the OS is relevant here. Are you trying to simulate a condition for testing, or are you just plain curious?
Here are two options if you wish to recreate, and automate, crashing, for the purpose of fault tolerance.
Run insider a virtual machine (vmware, VirtualBox) and simply kill the VM process. Alternately you can give it very low priority, drop devices, or otherwise simulate bad things.
Use servers that have a management console. This will have an API that can simply turn off the device.
The other numerous suggestions are good if you wish to crash from within the OS itself. These software crashes can help reproduce a miscreant process. A similar set of hardware related crashes could also work (such as reducing speed on a programmable fan and overheating the CPU).
The reason behind your request is actually quite important since all the different faults will yield a slightly different result.
int alloced = 0;
for(;;)
{
char *alloc = malloc(10*1024*1024); // alloc 10 MB
if(alloc != NULL)
{
alloced += 10;
// edit: you have to memset the memory otherwise the system will give it back to you next time
memset(alloc, 0xab, 10*1024*1024);
printf(" alloced %d MB\n", alloced);
}
}
Try allocating chunks of memory until you have no free memory:
int alloced = 0;
for(;;)
{
char *alloc = malloc(10*1024*1024); // alloc 10 MB
if(alloc != NULL)
{
alloced += 10;
// edit: you have to memset the memory otherwise the system will give it back to you next time
memset(alloc, 0xab, 10*1024*1024);
printf(" alloced %d MB\n", alloced);
}
}
edit: I actually tried just right now on a 64 bits linux with 2GB of ram and 3.3GB of swap: the screen has frozen, I could allocate 4950MB of ram, but then the process was killed by the system, and linux fell back on its feet gracefully, so, no, this doesnt work :=)
发布评论
评论(10)
Windows 上的 KeBugCheck 是记录的方法出现蓝屏死机。
您还可以尝试使用本机 NT API 删除Windows XP 中的root 注册表项(
\REGISTRY
)。KeBugCheck on Windows is the documented way to get a BSOD.
You can also try deleting the root registry key (
\REGISTRY
) in Windows XP, using the native NT API.编写并加载调用panic()的内核模块或实现其等效项。
或者简单地执行 shutdown 或halt 命令或实现它的系统调用。
Write and load a kernel module that calls panic() or implement equivalent thereof.
Or simply exec the shutdown or halt command or the syscall that implements it.
如果操作系统恰好是 Windows,则创建一个取消引用 NULL 指针的假驱动程序。碰撞!
If the OS happens to be windows, create a fake driver that dereferences a NULL pointer. Crash!
操作系统的整体思想是用户程序在正常情况下不能使其崩溃。当然,您仍然可以执行一些操作,例如耗尽用于交换文件的分区上的磁盘空间,这会损害许多操作系统,或者您可以找到已知的漏洞,但没有非常简单的方法可以可靠地使其崩溃。
The whole idea of an operating system is that a user program can't crash it under normal conditions. Of course you could still do something like exhaust the disk space on a partition that is used for a swap file and that would impair many operating systems or you could find a known vulnerability but there's no very easy way to reliably crash it.
在 Linux 中,Alt-SysRq-C 将使内核崩溃/重新启动。
在 Windows 中,请参阅:https://web.archive.org/web/20110513143420/http://www.dailygyan.com/2008/09/some-methods-to-crash-your-windows.html
[编辑:2021 年 3 月 8 日 - 由于网站关闭,切换到 Archive.org 链接。]
In Linux, Alt-SysRq-C will crash/restart your kernel.
In Windows, see: https://web.archive.org/web/20110513143420/http://www.dailygyan.com/2008/09/some-methods-to-crash-your-windows.html
[Ed: March 8, 2021 - Switch to Archive.org link due to site going down.]
对于 Windows,一种可能性是编写一个内核模式驱动程序,该驱动程序锁定进程拥有的一些内存页,然后终止该进程。将导致 BSOD“进程已锁定页面”。
For Windows one possibility is to write a kernel mode driver which locks some memory pages owned by a process and then terminate that process. Will result in a BSOD "Process has locked pages".
Linux:尽管严格来说不会使操作系统崩溃,但您可以通过分配大量内存(并读/写内存以使分配真正生效并使操作系统进行大量交换)和分叉大量进程来轻松使其变得不可用。 “Fork炸弹”是关键字,甚至可以在shell脚本中完成。
Linux: Even though not strictly crashing the OS, you can quite easily make it unusable by allocating lots of memory (and read/writing it for the allocation to actually become effective and make the OS swap a lot) and by forking lots of processes. "Fork bomb" is the keyword and can even be done in shell script.
我认为你想要使操作系统崩溃的原因与此相关。您是想模拟某种条件进行测试,还是只是出于好奇?
如果您希望重新创建、自动化、崩溃以实现容错,这里有两个选项。
如果您希望从操作系统本身崩溃,其他许多建议都是很好的。这些软件崩溃可能有助于重现恶意进程。一组类似的与硬件相关的崩溃也可能发生(例如降低可编程风扇的速度和使 CPU 过热)。
您的请求背后的原因实际上非常重要,因为所有不同的故障都会产生略有不同的结果。
I think the reason why you want to crash the OS is relevant here. Are you trying to simulate a condition for testing, or are you just plain curious?
Here are two options if you wish to recreate, and automate, crashing, for the purpose of fault tolerance.
The other numerous suggestions are good if you wish to crash from within the OS itself. These software crashes can help reproduce a miscreant process. A similar set of hardware related crashes could also work (such as reducing speed on a programmable fan and overheating the CPU).
The reason behind your request is actually quite important since all the different faults will yield a slightly different result.
尝试分配内存块,直到没有可用内存:
编辑:
实际上,我现在就在具有 2GB 内存和 3.3GB 交换空间的 64 位 Linux 上进行了尝试:屏幕冻结了,我可以分配 4950MB 内存,但随后该进程被系统杀死,Linux 重新站起来优雅地,所以,不,这不起作用:=)
Try allocating chunks of memory until you have no free memory:
edit:
I actually tried just right now on a 64 bits linux with 2GB of ram and 3.3GB of swap: the screen has frozen, I could allocate 4950MB of ram, but then the process was killed by the system, and linux fell back on its feet gracefully, so, no, this doesnt work :=)
使用纯用户模式应用程序使操作系统崩溃意味着内核容易受到攻击。
如果操作系统经过良好测试,则不应发生这种情况。
您可以通过向有问题的第 3 方驱动程序发送垃圾 IO-CONTROL 来攻击它们,从而尝试 BSoD Windows。
DeviceIoControl 函数 (Windows)
http://msdn.microsoft.com/en-us/库/aa363216(VS.85).aspx
Crash an OS using pure user-mode application means the kernel is vulnerable.
If the OS is well tested, then this should not occur.
You can try BSoD Windows by attacking bugous 3rd-party drivers via sending garbage IO-CONTROLs to them.
DeviceIoControl Function (Windows)
http://msdn.microsoft.com/en-us/library/aa363216(VS.85).aspx