@@Samu2010lolcats Yes, it can be used on GNU/Linux OSes. I was using it on a GNU/Linux OS. My PC didn't crash because the bug only affected the Windows version.
Dave Plummer of "Dave's Garage" on you tube has done two videos on this to explain it. He's a retired windows engineer. The guy wrote the zipfile handling bits and wrote the task manager. He's also a retired millionaire who could care less about monetizing his channel so he has no sponsors to please, no patreon account to shill, etc.
And he's also the same guy that was involved in a scam website back in the day, he was even sued for it. Also, his videos contain misinformation sometimes, like he claims that the image on the Start Menu from Windows NT up to Vista in classic theme was native rendered, while in fact it's just a bitmap image. So yeah, don't fully trust him.
My take on that one viral tweet is that while it does appear to be _some_ kind of null-pointer ultimately triggering the crash, that was just the inevitable result of some underlying (and more interesting!) root cause. As noted, the value being dereferenced is not _strictly_ zero but appear to have been _offset from zero,_ which is typical of accessing static elements of a class object (in this case having a base pointer of zero).
Is not their fault, this tool is just a try to do something for anyone. The solution is easy, the problem is the requirement to access the machine and millions of machines. Wait a sys admin or a technician require many days.
According to what I've heard the update delivered contained only zeros, and the "driver" from cloudstrike did not validate it in any way, trying to load and execute as it is, causing the crash
the thing I thought was very cool about the Microsoft fix tool was it just runs a cmd file after it gets access to the drive. Let's consider what we can replace that batch file with. Maybe a net user command that creates a new local admin account. Or really anything you can do from a command line that you want to automate from a usb drive. You gotta know I saved an iso for this thing for future use.
Check out Dave's Garage channel. He was a Microsoft dev for decades. He has a complete breakdown in easy to understand terms about why this happened and the actual mechanism which occurs when your system goes down from this. Absolutely the best explanation which is actually understandable.
Agreed he explains that because the croudstrikes driver runs at the kernel level , is the reason windows blue screened when the was an incorrect value in the driver , as a protection measure
Hi Thio Joe, can you please make a video on kernal anti cheats, i once installed PUBG PC via Epic Games and it was granting access for kernal levels, later I thought i did something wrong so uninstalled everything but in recent weeks my laptop is rebooting again and again and event logs show Event Id 41 Kernal power lost. Researched everywhere but didn't found relevant solution
Still, this should'nt have been an issue for windows BSOD. They need to fix how drivers in keneral mode so they can't just crash the whole OS. Much like they do in user mode and with graphics drivers, they need to do the same with their party drivers as well. Something like this should've been easy to catch and recover or fail to keep that driver loaded in memory.
If the option to repair the Windows boot falure is a file that shall be deleted,and bitlocker is not active, just use a live cd to delete it. I recomend to have a Hirens Boot CD PE and a windows installation media ready to fix such issues.
I'm planning to buy course in an app . It has download option for videos but after the plan expiration the videos will be deleted. Is there any chance I can copy those videos to laptop or something so that I can watch them after subscription too??
I mean you can just download the videos when you buy the course. If it doesn't let you do that, just record over it or something if you really really want to download it.
@@Popcorn_Pillow i downloaded demo video and when i locate it its type is showing as "file" and when i try to open it with vlc and other apps just showing black screen with no audio and screen reording is same just reocrding black screen
Okay, am I the only one here that finds the "safe mode" option idiotic? If I were able to run that batch file that reboots me into safe mode, WOULD I NOT BE IN A FUNCTIONAL DESKTOP?
The problem with that new tool is that it requires the admin credentials, so the IT people still need physical access to the computer. It might make their job faster, but in most cases, the biggest delay was to get the IT on site. They should make a recovery tool that can only reverse updates that are causing bugs without needing any credentials.
I think this is an interesting point. Back in the day you could always telnet into a BSOD to debug, and the Apollo-era computers always had a computer overseeing the computer. You'd think in modern times we'd at least have the ability to at least delete files remotely on BSOD, better still, self-healing, I mean there used to be a 'last known good configuration' which, whilst I understand would not have helped in this case, but maybe something similar - can't be that hard to log/record a boot sequence.
Thio sir, do you know how to remove any Government logo or splash screen from the boot screen in windows 10. I got a old Government PC. Hp Elite Desk 705 G3 SFF. But I am unable to remove the image as it was verry annoying. Please help me if you can or just make a video on this topic. Thank you.
Wondering if anyone else has trouble trusting this guy. (Tips, shortcuts, especially links.) He used to post tips like wrap your network cable around a blank cdr to double your download speed!
Thio please make a video on Microsoft Full battery capacity scam for laptop😢 my laptop goes from 100% to 5 percent in 30 minutes and remains on 3 % for 2 hours 😢😢😢😢
Its no longer a mystery "Daves garage", firmer MS programmer breaks it down so we all can understand. Basically crowd strike is a security software package that operates at the kernel level and the automatic update had a system file that was filled with null characters that made the Os go into a BSOD to protect itself. Hey Thio? Challenge. Can u write a script that takes a look at a Windows dot old folder and parse it to a html output containing a alphabetical list of the programs and media files it finds? Many tines we just want to know what was there to possibly reinstall. Good idea? Thx
so what will happen if you dont solve it? i dont think i have any problem, my computer just does crash every so often. but that is not new. so i dont know if i have the problem.
Unchecked and non validated kernel supporting file, that’s all you need to know. The fact that this beta file got through to feed its parent .dll file is the embarrassing side. The initial blame falls with CrowdStrike but Microsoft validates too and the EU allowed 3rd parties to run in kernel mode in the first place. That’s the true price of “allowing” competition, a weakened MS operating system. I’m sure Apple will use this as ammo (as it should) in future cases to protect its own OS system.
I am not a programmer, only an elderly user, but I wonder how Crowd-strike have been permitted to enter kernel level in the proprietary Windows code? Open source for they, but not for me!
You can literally write your own kernel mode driver for windows. You can also disable the driver signing requirement so windows won’t throw a red warning when installing it. Ring 0 is a concept. Not a barrier to entry.
@@jonathantheyorkie the reason that it bsods windows is, that it is using an driver to access kernel mode to detect malicious software before anything can happen based on system calls. but the problem is if the driver crashes, the kernel crashes, because it is not running in user mode. A detailed explanation is on Dave's Garage here on TH-cam.
I'll never understand why so many affected PCs have Bitlocker on. I understand an enterprise laptop, prevent data theft after a physical theft. But VMs on servers? "Dumb" airport terminal with no data on them? And not forget, Microsoft trying to force Bitlocker on consumer's PC, meaning a lot of lost data because non tech savy people will not backup bitlocker keys (and WILL forgot microsoft account password). Why Bitlocker is so enabled if not needed?
Don't we just miss the good old floppy drive to boot up and delete the bullsh*t they installed ... Ancient knowledge would be much more efficient in dealing with this absurd failure of professionals. (they should be jailed !) Any other person would never see the light of day again if they generate soo much damage as they did ! This smells like a WEF action !!!
Hi Buddy, do u still make fake vids??😂😂😂😂 Anyhow,use to watch your vids long ago. Came back today to check if the channel is still active. I m amazed by how active you r even after so many years..... Theo Joe Supremacy...
You only need it if your computer has crashed, and it will only have crashed if you had the Crowdstrike software installed. And if you don't know what Crowdstrike is, you have nothing to worry about. Get on with your day.
This was a crash in a 3rd party driver called CrowdStrike that is only used in big corporate environments. Not directly related to microsoft and not applicable to home or small business users
Dave'garage has a better explanation of what happened. He is a retired MS engineer and has made a few thing more clear. (His explanation is not complete, but it has way more detail)
TLDR: cloudstrike has a driver that does all the magic. That driver takes some configuration files to do what it has to do and one file (the one causing the crash) is filled with zeros. The driver doesn't properly check the validity of the file, tries to run/load/whatever it does with it and crashes bringing the entire system down with it. (Since it's a kernel driver, a crash in it has big repercusions)
Many people blame Crowdstrike for this billion dollar debacle. They are looking at this from a technical point of view. From a corporate point of view it's Microsoft's problem: Windows isn't functioning properly and our contract is with Microsoft (and not some subcontractor) so you -- Microsoft -- fix it.
0:03 *...the BSOD day-from CrowdStrike-and their **_famous_** update...* Instead, try, "...their _infamous_ update." As we all know, from *The Three Amigos* (1986), infamous¹ means "more than famous". ¯\_(ツ)_/¯ (1) Actually... *in•fa•mous* /ˈinfəməs/ _adjective_ → well known for some bad quality or deed; wicked; abominable. From the Latin, *infamis* → Medieval Latin, infamosus → late Middle English, infamous.
![[กูเพิ่งซื้อมึงปิดหนี] 20 นาที ผมรีวิวเกมที่แย่ที่สุดในโลก CONCORD](http://i.ytimg.com/vi/XhC-3q3Ii7I/mqdefault.jpg)
First test, you must.
Production on test, you don't.
Update Friday, you mustn't.
-Yoda art of opsec
Updaten't
Can you repeat?
Sad to know that the first video you made was corrupted
There's a PlayStation one file extension???
Edit: it was PowerShell
Its a PowerShell Script
Haha it sounds like it
lol
It’s a power shell script, .ps1 is a powershell script
I rename all my ps1 files to ps5 so I have the most modern version of my scripts.
Love how despite they're using powershell script, it'll make a batch file at the end😅
That crowdstrike situation is weird lol
weird is a nice way of putting it lol
Microsoft fixing that for them because they are unable to do that themselves. That's sad af
It exposes the level of corruption in the USA, which is a Good Thing.
You did it! You finally really did it! YOU MANIACS!!! You blue it up! Damn you! Damn you all to Linux!
I use linux and I literally don't know what i did to be damned on
Take your stinking kernal-mode driver off me, you damned dirty update!
Arch Linux
bruh, CS can also be used in Linux (and is crashy there too).
@@Samu2010lolcats Yes, it can be used on GNU/Linux OSes. I was using it on a GNU/Linux OS. My PC didn't crash because the bug only affected the Windows version.
0:29 voice crack lol
Dave Plummer of "Dave's Garage" on you tube has done two videos on this to explain it. He's a retired windows engineer. The guy wrote the zipfile handling bits and wrote the task manager. He's also a retired millionaire who could care less about monetizing his channel so he has no sponsors to please, no patreon account to shill, etc.
Don't forget the Start Menu Windows version bitmap. :P
dave plummer used to run a scam website called softwareonline
And he's also the same guy that was involved in a scam website back in the day, he was even sued for it. Also, his videos contain misinformation sometimes, like he claims that the image on the Start Menu from Windows NT up to Vista in classic theme was native rendered, while in fact it's just a bitmap image. So yeah, don't fully trust him.
@@MatheusMarti yikes, good to know
@@MatheusMarti🐂💩
Truly a "works on my machine" moment.
My take on that one viral tweet is that while it does appear to be _some_ kind of null-pointer ultimately triggering the crash, that was just the inevitable result of some underlying (and more interesting!) root cause. As noted, the value being dereferenced is not _strictly_ zero but appear to have been _offset from zero,_ which is typical of accessing static elements of a class object (in this case having a base pointer of zero).
1:29 what explorer app is this?
Directory Opus, I have a video about it
@@ThioJoe 1 minute ago
@@ThioJoe thank you so much! Awesome content btw as always 😋
Your Crowdstrike video file was a corrupted file filled with zeroes? Damn that's just poetic
00:14 Cute cat
HOW?!
tthis videp released 3 min ago
wtf
This is a wild manul. He would scratch your eyes out if you tried to pet him 🤪
@@Аняна* *pets* *
A lot of fashion for just 1 del command. Great Job Microsoft 👏🏼
Is not their fault, this tool is just a try to do something for anyone. The solution is easy, the problem is the requirement to access the machine and millions of machines. Wait a sys admin or a technician require many days.
So without the bitlocker keys nor the admin credentials, companies still have to rely on their frantic sys admins to fix everything?
According to what I've heard the update delivered contained only zeros, and the "driver" from cloudstrike did not validate it in any way, trying to load and execute as it is, causing the crash
the thing I thought was very cool about the Microsoft fix tool was it just runs a cmd file after it gets access to the drive. Let's consider what we can replace that batch file with. Maybe a net user command that creates a new local admin account. Or really anything you can do from a command line that you want to automate from a usb drive. You gotta know I saved an iso for this thing for future use.
Check out Dave's Garage channel. He was a Microsoft dev for decades. He has a complete breakdown in easy to understand terms about why this happened and the actual mechanism which occurs when your system goes down from this. Absolutely the best explanation which is actually understandable.
Agreed he explains that because the croudstrikes driver runs at the kernel level , is the reason windows blue screened when the was an incorrect value in the driver , as a protection measure
Engineer A: it's null
Engineer B: no, it's uninitialized
Me: it's invalid either way
I'd not thought about the issue of Bitlocker.
Tbh it’s easy to forget you have turned on with how Windows phrased it “just finish setting up your PC”
Hi Thio Joe, can you please make a video on kernal anti cheats, i once installed PUBG PC via Epic Games and it was granting access for kernal levels, later I thought i did something wrong so uninstalled everything but in recent weeks my laptop is rebooting again and again and event logs show Event Id 41 Kernal power lost. Researched everywhere but didn't found relevant solution
dave's garage has two really, good detailed explanations!
You are a saver my guy!
Still, this should'nt have been an issue for windows BSOD. They need to fix how drivers in keneral mode so they can't just crash the whole OS. Much like they do in user mode and with graphics drivers, they need to do the same with their party drivers as well. Something like this should've been easy to catch and recover or fail to keep that driver loaded in memory.
That was sort of the point of ring 2 wasn't it. Intel designed 4 privilege levels into the CPUs but pretty much everyone just uses 2...
It is better to stop responding than to do an arbitrary thing.
Also, you can provide your own kernel debugger to replace the BSOD.
I didn't get a BSOD, but just in case I printed out my work PCs Bitlocker key, 'cause you never know.
If the option to repair the Windows boot falure is a file that shall be deleted,and bitlocker is not active, just use a live cd to delete it. I recomend to have a Hirens Boot CD PE and a windows installation media ready to fix such issues.
I'm planning to buy course in an app . It has download option for videos but after the plan expiration the videos will be deleted. Is there any chance I can copy those videos to laptop or something so that I can watch them after subscription too??
what is the name of the app?
I mean you can just download the videos when you buy the course. If it doesn't let you do that, just record over it or something if you really really want to download it.
@@StephenMcGregor1986 chandan logics. its an app provides content (paid) to prepare for exams
@@Popcorn_Pillow i downloaded demo video and when i locate it its type is showing as "file" and when i try to open it with vlc and other apps just showing black screen with no audio and screen reording is same just reocrding black screen
@@StephenMcGregor1986 its name is chandan logics
So Great!
CROWDSTRIKE ISSUE:
USA = Panic and destruction
UK = Ugh?
i love your content so much you make my day
First! Crowdstrike is an aptly named
Okay, am I the only one here that finds the "safe mode" option idiotic? If I were able to run that batch file that reboots me into safe mode, WOULD I NOT BE IN A FUNCTIONAL DESKTOP?
Safe mode would not load the faulty driver file, allowing you to delete it
if you want to know more about what is going on. I'd suggest Dave's Garage.
He's a retired Microsoft engineer.
The fact that any static analyzer can pick up dereference of a random pointer, and yet it was doing that in a kernel module is concerning.
The crowdstrike update was like the kings royal guard turning on him.
The problem with that new tool is that it requires the admin credentials, so the IT people still need physical access to the computer. It might make their job faster, but in most cases, the biggest delay was to get the IT on site. They should make a recovery tool that can only reverse updates that are causing bugs without needing any credentials.
I think this is an interesting point. Back in the day you could always telnet into a BSOD to debug, and the Apollo-era computers always had a computer overseeing the computer. You'd think in modern times we'd at least have the ability to at least delete files remotely on BSOD, better still, self-healing, I mean there used to be a 'last known good configuration' which, whilst I understand would not have helped in this case, but maybe something similar - can't be that hard to log/record a boot sequence.
First ever Ryzen 4070 related comment in this Video and channel
1:25 there's no similarly or comparable required. .iso files are exactly that, Joe.
btw joe, what is your file explorer replacement? it looks good
Same, id love to know !
I just checked real quick and im 99% sure thats Directory Opus
Thio sir, do you know how to remove any Government logo or splash screen from the boot screen in windows 10. I got a old Government PC. Hp Elite Desk 705 G3 SFF. But I am unable to remove the image as it was verry annoying. Please help me if you can or just make a video on this topic. Thank you.
Wondering if anyone else has trouble trusting this guy. (Tips, shortcuts, especially links.) He used to post tips like wrap your network cable around a blank cdr to double your download speed!
Thio please make a video on Microsoft Full battery capacity scam for laptop😢 my laptop goes from 100% to 5 percent in 30 minutes and remains on 3 % for 2 hours 😢😢😢😢
I got crowd strike update 1 month late 🗿
Check out Dave's Garage video on the crowdstrike outage, excellent in depth explanation on what happened
This thing is like:'How to recover your pc from crowd strike'
Step-1: Log in to your computer
And I'm stuck at step 1
I seem to be the only person concerned as to how easy it is to subvert an Endpoint security kernel driver.
Best presentation I have seen on Crowdstrike.
Which theme do you use in directory opus?
If custom could you share it's config files please
Thanks, great video
I made a video about it a while back and I do share the layout and stuff
I heard somewhere that the driver was corrupted because when they opened to see its hex code, they saw that it was only 00
Its no longer a mystery "Daves garage", firmer MS programmer breaks it down so we all can understand. Basically crowd strike is a security software package that operates at the kernel level and the automatic update had a system file that was filled with null characters that made the Os go into a BSOD to protect itself.
Hey Thio? Challenge. Can u write a script that takes a look at a Windows dot old folder and parse it to a html output containing a alphabetical list of the programs and media files it finds? Many tines we just want to know what was there to possibly reinstall.
Good idea?
Thx
You won’t find anything in the Windows.Old folder. It’s only Windows. Your apps reside in Program Files, appdata and programdata.
@@o0Donuts0o But its "all" of what was in the original installation......isn't it?
The one time you need the safety or backup to work is ALWAYS the one time you didn't use it.
Not first
Same thing that happened to windows 10 not only 11?! About crowdstike BSODing on windows 10
so much for the Crowdstrike stocks. they''re bsod as well
Luckily the update wasn't installed on my laptop in the incident
onetake considering the voicecrack
so what will happen if you dont solve it?
i dont think i have any problem, my computer just does crash every so often. but that is not new. so i dont know if i have the problem.
👍🏿👊🏿
Crowdstrike, hmmm. Name sound familiar. Think it was in the news big time 5-6 yrs back.
When will companies stop providing CrowdStrike and McAfee preinstalled in Windows devices?
probably the same day half life 3 releases. 🙃
Unchecked and non validated kernel supporting file, that’s all you need to know. The fact that this beta file got through to feed its parent .dll file is the embarrassing side. The initial blame falls with CrowdStrike but Microsoft validates too and the EU allowed 3rd parties to run in kernel mode in the first place. That’s the true price of “allowing” competition, a weakened MS operating system. I’m sure Apple will use this as ammo (as it should) in future cases to protect its own OS system.
you can disable internet in one click literally. so scary
dang, crowdstrike struck the crowd really badly this time
I am not a programmer, only an elderly user, but I wonder how Crowd-strike have been permitted to enter kernel level in the proprietary Windows code?
Open source for they, but not for me!
You can literally write your own kernel mode driver for windows. You can also disable the driver signing requirement so windows won’t throw a red warning when installing it. Ring 0 is a concept. Not a barrier to entry.
@@o0Donuts0o Thank you for this information, I honestly didn¨t know about that.
Hi
Finally
NEW OUTLOOK is very good TO HA HA HA
So how does an antivirus bsod windows? Norton never did that. I don't know why they don't use Norton.
Crowdstrike's software does significantly more than Norton. It's like saying replace Microsoft Exel with the Calculator app.
@@davidadams421 I see. But the software still should not be able to bsod a computer.
@@jonathantheyorkie the reason that it bsods windows is, that it is using an driver to access kernel mode to detect malicious software before anything can happen based on system calls. but the problem is if the driver crashes, the kernel crashes, because it is not running in user mode. A detailed explanation is on Dave's Garage here on TH-cam.
@@alexeins8942 Thanks for the info.
I'll never understand why so many affected PCs have Bitlocker on. I understand an enterprise laptop, prevent data theft after a physical theft. But VMs on servers? "Dumb" airport terminal with no data on them? And not forget, Microsoft trying to force Bitlocker on consumer's PC, meaning a lot of lost data because non tech savy people will not backup bitlocker keys (and WILL forgot microsoft account password). Why Bitlocker is so enabled if not needed?
Why there are people typing first? whats point of writing noone is giving them award
Don't we just miss the good old floppy drive to boot up and delete the bullsh*t they installed ...
Ancient knowledge would be much more efficient in dealing with this absurd failure of professionals. (they should be jailed !)
Any other person would never see the light of day again if they generate soo much damage as they did !
This smells like a WEF action !!!
I’m a hour late?!? Gosh dang it :((
Crowdstrike cry, i don't have you
Hi.
second
Hi Buddy, do u still make fake vids??😂😂😂😂
Anyhow,use to watch your vids long ago. Came back today to check if the channel is still active. I m amazed by how active you r even after so many years.....
Theo Joe Supremacy...
out of interest why did you say "so-called" assesment and deployment kit
?
Dave's Garage (youtube channel) goes into what happened, in detail.
Does everybody need to run this on their computer?
Who needs to run the script?
You only need it if your computer has crashed, and it will only have crashed if you had the Crowdstrike software installed. And if you don't know what Crowdstrike is, you have nothing to worry about. Get on with your day.
0:03 bee spot day
As a 71-year-old I should not have to do all this crap, I am just disgusted with Microsoft.
It's Crowdstrikes fault not really Microsoft.
@@silverchairx Microsoft's been full of problems for the Last 5 years.
You think you have CrowdStrike installed? Thats funny.
@@o0Donuts0o no I do not have crowdstrike installed.
This was a crash in a 3rd party driver called CrowdStrike that is only used in big corporate environments. Not directly related to microsoft and not applicable to home or small business users
I was the first
you were not
9 ppl responded before you
So from a BSOD state how do you download said Windoze fix?
From a different device. Crowdstrike is enterprise software, so there shouldn't be consumers with only one device affected
America is ending
Don’t trust Microsoft
It mainly affected corporate PCs that use CrowdStrike and not home users. Also, only a small percentage of PCs were affected
Well there you go
8 views in 1 minute? Bro fell off
Dave'garage has a better explanation of what happened. He is a retired MS engineer and has made a few thing more clear. (His explanation is not complete, but it has way more detail)
TLDR: cloudstrike has a driver that does all the magic. That driver takes some configuration files to do what it has to do and one file (the one causing the crash) is filled with zeros. The driver doesn't properly check the validity of the file, tries to run/load/whatever it does with it and crashes bringing the entire system down with it. (Since it's a kernel driver, a crash in it has big repercusions)
LINUX W!
i cant trust this guy. he made me wash my motherboard...
228 views in 4 minutes? Bro fell off.
@@winterburden so original
@@ryanmattie974 you're just jealous
why notepad++ 😭😭😭
🔻🔻🔻تحيا فلسطين 🔻🔻🔻
🔻🔻Viva Plastenia 🔻🔻
So Microsoft cobbled together some window dressing (ugh! pun) to pretend that they are doing something.
Bro fallen off 3345 in 1 hour
Many people blame Crowdstrike for this billion dollar debacle. They are looking at this from a technical point of view. From a corporate point of view it's Microsoft's problem: Windows isn't functioning properly and our contract is with Microsoft (and not some subcontractor) so you -- Microsoft -- fix it.
So you can't access your computer. If you'll just download this file and create a bootmedia on your comp.... Oh.
TLDR version: It just format's the local drive and installs a clean version of Linux.
Windows is so disgusting
0:03 *...the BSOD day-from CrowdStrike-and their **_famous_** update...*
Instead, try, "...their _infamous_ update." As we all know, from *The Three Amigos* (1986), infamous¹ means "more than famous". ¯\_(ツ)_/¯
(1) Actually... *in•fa•mous* /ˈinfəməs/ _adjective_ → well known for some bad quality or deed; wicked; abominable.
From the Latin, *infamis* → Medieval Latin, infamosus → late Middle English, infamous.