How Microsoft's New CrowdStrike BSOD Recovery Tool Works

First test, you must.
Production on test, you don't.
Update Friday, you mustn't.
-Yoda art of opsec

rekire___

Sad to know that the first video you made was corrupted

_SJ

There's a PlayStation one file extension???
Edit: it was PowerShell

Erik_The_grate

Love how despite they're using powershell script, it'll make a batch file at the end😅

mjdevlog

That crowdstrike situation is weird lol

Po_is_pro.

You did it! You finally really did it! YOU MANIACS!!! You blue it up! Damn you! Damn you all to Linux!

ABOhiccups

Dave Plummer of "Dave's Garage" on you tube has done two videos on this to explain it. He's a retired windows engineer. The guy wrote the zipfile handling bits and wrote the task manager. He's also a retired millionaire who could care less about monetizing his channel so he has no sponsors to please, no patreon account to shill, etc.

kaseyboles

Truly a "works on my machine" moment.

AnimatorskiGD

My take on that one viral tweet is that while it does appear to be _some_ kind of null-pointer ultimately triggering the crash, that was just the inevitable result of some underlying (and more interesting!) root cause. As noted, the value being dereferenced is not _strictly_ zero but appear to have been _offset from zero, _ which is typical of accessing static elements of a class object (in this case having a base pointer of zero).

Stratelier

Your Crowdstrike video file was a corrupted file filled with zeroes? Damn that's just poetic

Brixster

So without the bitlocker keys nor the admin credentials, companies still have to rely on their frantic sys admins to fix everything?

ElieZ

According to what I've heard the update delivered contained only zeros, and the "driver" from cloudstrike did not validate it in any way, trying to load and execute as it is, causing the crash

MarcioHuser

the thing I thought was very cool about the Microsoft fix tool was it just runs a cmd file after it gets access to the drive. Let's consider what we can replace that batch file with. Maybe a net user command that creates a new local admin account. Or really anything you can do from a command line that you want to automate from a usb drive. You gotta know I saved an iso for this thing for future use.

rationalbushcraft

I'd not thought about the issue of Bitlocker.

wisteela

A lot of fashion for just 1 del command. Great Job Microsoft 👏🏼

ahq_founder

dave's garage has two really, good detailed explanations!

markgreen

I didn't get a BSOD, but just in case I printed out my work PCs Bitlocker key, 'cause you never know.

sontodosnarcos

Still, this should'nt have been an issue for windows BSOD. They need to fix how drivers in keneral mode so they can't just crash the whole OS. Much like they do in user mode and with graphics drivers, they need to do the same with their party drivers as well. Something like this should've been easy to catch and recover or fail to keep that driver loaded in memory.

adrt

Check out Dave's Garage channel. He was a Microsoft dev for decades. He has a complete breakdown in easy to understand terms about why this happened and the actual mechanism which occurs when your system goes down from this. Absolutely the best explanation which is actually understandable.

noferblatz

Hi Thio Joe, can you please make a video on kernal anti cheats, i once installed PUBG PC via Epic Games and it was granting access for kernal levels, later I thought i did something wrong so uninstalled everything but in recent weeks my laptop is rebooting again and again and event logs show Event Id 41 Kernal power lost. Researched everywhere but didn't found relevant solution

AKJOSHI