Video idea: combine NMBC with another driver that lets you read and write to random kernel objects / structures. Then combine it with a random chance corruption algorithm, so it would kinda be like RegFuck but for in-memory kernel structures. Now obviously this would crash 99% of the time but with NMBC I think it could have some cool payloads.
YESSSSSSSSS thats a great idea! I did something like that some time ago, I was trying to defeat BSOD by returning with WinDbg, but it really crashes almost all time, but with a driver it will be more automatic and will create nice glitches
Seeing the "not responding" process hacker window begs a question I've had since I was a child: How do "not responding" windows actually work behind the scenes - specifically, since it has the transparent white covering the window; the restore up/down button grayed out; and the close button is extremely red even if you aren't hovering over it. (Good luck with IRL, I can't imagine working two jobs and then having to go to class.)
They don't, literally. They don't respond to the OS, hence the "not responding" indicator. The ghost window (transparent white overlay) is a DWM feature to indicate non-responsive windows. The close icon glows red to inform you about the feature that asks you to terminate the non-responding window's process if you click the close button.
@@adex345 I'm no expert, but afaik task manager already has some extreme perms when it comes to killing programs. I guess you could theoretically kill one even faster by just letting a programme unasign the memory and zeroing it out, but idfk whether or not that would work. Probably risks data-damage.
@@adex345 It triggers the " is not responding" pop-up. If you say "Close the program", it terminates the process after the pop-up is closed _(you don't have to wait for Windows diagnostics, you can just close it)._ @dagda1180 Task Manager always runs as Administrator. It doesn't have much more elevation. Win32 has an API to kill any process, even without admin privileges, but you require admin privileges when you want to terminate a process owned by Administrator or higher. Even administrators may not kill some SYSTEM owned processes.
@@DanielClear2 I'm kinda interested in where those protocols for the unique "not responding" window displays are called/stored. I always found it interesting lol
7:44 WOW. It really is just Windows NT under the skin. This just shows how those extremely old Windows versions are still making our current Windows versions work.
Using this is like disabling your house’s circuit breakers, or your car’s fuse box, or, for a bit more of an unusual one, your body’s vomit reflex. All of those are meant to be safety mechanisms, and the Windows BSOD is one too.
context for classic theme at the end: classic theme is basically windows without a theme. the themesection handle inside winlogon handles theming, winlogon dies so themesection dies with it so windows reverts to classic theme. notice how the scrollbar and all the controls inside process hacker turns into a 95 style once winlogon dies. after that happened, few seconds later dwm dies which makes windows use user/win32k (nt4/xp style) rendering and since themes are dead, it uses classic theme for decorations (normally dwmless windows uses basic theming, but classic theme is used because theming is dead) if anyone knows this better than i do, correct me in the comments, thanks!
@@SOTP. yeah, but if themesection dies it gives classic theme. you can also get the same effect by deleting the resources folder (while you renamed dwminit etc)
I know right? Yet people still say that Windows is constantly getting worse - Well, in a lot of areas on an technical level for things unrelated to privacy but just user experience in general, yes, yes it is, but it is also getting more durable in some areas. If Microsoft was a company more respectful of user choices regarding software they wish to use or privacy but also continued with things like this without going to the extremes of open-source such as Linux where anything and everything must be completely open, even at the cost of practical usability, that would be great, but they aren't that.
You can trigger a BSoD from everywhere as long as you are running your code in kernel mode. The procedure that triggers the BSoD in modern Windows is called KeBugCheck2 but driver developers are advised to only call the officially documented KeBugCheck and KeBugCheckEx calls (which in turn call KeBugCheck2) in case they want to shutdown (crash) the computer if their driver misbehaves. A Windows kernel developer who writes internal kernel code might not give a shit about the wrappers for whatever reason and will just call the main bugcheck function directly. Obviously there’s nothing stopping a driver developer from doing that too but why would they use undocumented calls?
Another excellent peek behind the curtain :) Seriously though, "slacking"? My guy! You have two jobs and uni on top of that! Please, don't ever feel bad about you and your real life first. Your work is a joy to witness, whenever it comes out. We'll be here when things ease up. Take it easy, man.
I wonder if instead of outright removing the BSOD, we could use this to create a more useful bugcheck that doesn't instantly shut down the system and lets the user look through what went wrong right away
Wow how scary is this? I was literally thinking a few hours ago 'what happens when a Windows PC Blue Screens' then after finishing work and having a look on YT, this video pops up. Awesome. *edit* never had so many likes before. Thanks everyone
I love there there are different levels to know how badly messed up is your system. You have the: Windows 10 theme - fine. Windows 7 theme - somethings wrong Windows 95 theme - something is VERY VERY wrong
and we have yet to see what happens to windows when you run taskkill on all svchost processes as admin with NMBC. that was the one thing i was excited for xD
You don't have to apologize for anything. Life happens, and we are grateful for your channel to exist at all. Take your time for uploads if you require it.
That’s quite an extreme way to get the classic theme back, would be nice to at least get a notification that the pc would have given a blue screen, then you can save your work and restart (or grab your phone and film what you have written, so you don’t have to retype from memory)
you just havent only got windows to continue and ignore a BSoD, you just got your brain to ignore one as well. respect for your cool vids plus hard work plus university!
I always love stuff like this. It's crazy how you can break things when you really want to, and know how to. Not that I ever plan on coming back to windows unless I'm dragged there by force, but this type of thing will always fascinate me no matter the OS Anyway, always remember to take care of yourself. I don't think anyone here minds you taking time for your mental health, and doing whatever needs to be done.
Windows at times is doing some interesting stuff in the background for many things. I once was able to completely corrupt my windows registry in a late build of pre-release win11, and (predictably) windows crashed. But the BSoD was green instead. I then found out that the background of the BSoD (since win8) is just a value in the registry. why? no clue, but that's what Microsoft did and it is in some way cool to see
Fun fact: you can actually get an idea of what would happen if you managed to completely terminated "csrss.exe" without triggering a blue screen by simply suspending it. Although you'll need to do that with older versions of Windows, As Windows 10 and 11 are programmed to make it near impossible to mess with system processes. But yeah, if you was able to completely terminate the "csrss.exe" and the system didn't blue screen, the system will continue running but everything on the display will stop being updated except for a few things like some of the text (if any) displayed on screen and you'll no longer be able to interact with the system. Like I said the start of this comment, you can simulate this by simply suspending "csrss.exe".
Its nice that you uploaded to keep the stupid youtube algorithm from ghosting you and drowning your channel but please also take your time to recover and to focus on your mental health cause we real fans will always watch out for new videos
It's a golden (coocked) goose of content. I was always wandering what happen if bsod will be turn off. But still im wondering if you can make it so bad, so you create corupted code, wich will overwrite itself in ram/disc C? Is it possible to corrupt code so bad, so it will destroy UEFI and bricks computer? Dont end this content with only one video
Hey Mr.Enderman, i really enjoy your videos. But I really enjoy those alot more, where you speak instead of the text on screen. I read your description and you seem to be very busy, so no pressure. Just some feedback. Otherwise, great video as always! Keep up the great work!
Hey!, Great Video, Really Enjoyed it while eating my lunch, but i got a question, What keyboard do you use? I thought it was quite a cool keyboard lol.
Sir, if you are focusing on your PhD, don't worry, I'll wait! 🤩 I just back to watch your recent content and realized you're dealing with both work and education at the same time. Great content btw, please stay safe! 🔥
When recall comes out to windows 11 are you going to make a video about how to completely destroy, obliterate, exterminate, eliminate, and disintegrate it? good luck with everything you’re dealing with btw
It's like looking behind a loading screen but not. Funny it shows all individual Window objects in framed windows, even the task bar and maybe its icons!
Finally after years I now know if it was possible to continue operation beyond a BSoD and see what would happen, and now I have the answer! Thank you, Enderman! Next video: Trying to run programs in a BSoD itself! /jk
Hey there!
Thank you so much for checking out my project!! I really appreciate it.
I hope to see more great content like this!
Thank you once again!
Wowie
wowza
yoooo nsg here
@@subwayz_qt5 yooo
hi nsg LMAO
Video idea: combine NMBC with another driver that lets you read and write to random kernel objects / structures. Then combine it with a random chance corruption algorithm, so it would kinda be like RegFuck but for in-memory kernel structures. Now obviously this would crash 99% of the time but with NMBC I think it could have some cool payloads.
man pinned already
YESSSSSSSSS thats a great idea! I did something like that some time ago, I was trying to defeat BSOD by returning with WinDbg, but it really crashes almost all time, but with a driver it will be more automatic and will create nice glitches
Windows is so verbose. I want to see what happens with all the safties pulled put
Pinned? Alright.
YEAH!
Hey dude, make sure that you priorize your mental health first. If you need a break to do work and uni, most of us will understand. Take care 👋
But TH-cam algorithms will not, sadly.
You know, on TH-cam, when it's a comeback, it always gets popular. @@tapafon_red
Seeing the "not responding" process hacker window begs a question I've had since I was a child:
How do "not responding" windows actually work behind the scenes - specifically, since it has the transparent white covering the window; the restore up/down button grayed out; and the close button is extremely red even if you aren't hovering over it.
(Good luck with IRL, I can't imagine working two jobs and then having to go to class.)
They don't, literally. They don't respond to the OS, hence the "not responding" indicator.
The ghost window (transparent white overlay) is a DWM feature to indicate non-responsive windows. The close icon glows red to inform you about the feature that asks you to terminate the non-responding window's process if you click the close button.
@@DanielClear2then how to terminate it? It should be possible even with crss terminated.
@@adex345 I'm no expert, but afaik task manager already has some extreme perms when it comes to killing programs. I guess you could theoretically kill one even faster by just letting a programme unasign the memory and zeroing it out, but idfk whether or not that would work. Probably risks data-damage.
@@adex345 It triggers the " is not responding" pop-up. If you say "Close the program", it terminates the process after the pop-up is closed _(you don't have to wait for Windows diagnostics, you can just close it)._
@dagda1180 Task Manager always runs as Administrator. It doesn't have much more elevation. Win32 has an API to kill any process, even without admin privileges, but you require admin privileges when you want to terminate a process owned by Administrator or higher. Even administrators may not kill some SYSTEM owned processes.
@@DanielClear2 I'm kinda interested in where those protocols for the unique "not responding" window displays are called/stored. I always found it interesting lol
7:44 WOW. It really is just Windows NT under the skin. This just shows how those extremely old Windows versions are still making our current Windows versions work.
all windows version share the same kernel since XP, so yeah its all Windows NT with funky skins under the hood
I wonder if there is a way to enable the classic NT skin in windows 10 or 11
@@trabant601eprobably lol
@@trabant601e same im wondering that too, I mean windows xp, vista, and 7 all let you enable the classic theme in the settings
Not really all that surprising. NT was designed to last as long as it has, and there's no point completely re-writing an OS like Windows from scratch.
I wanted to know this since i was a kid, why anyone can explain this on internet?
You re a legend
Huh?
@@mrowlsss you search on internet how bsod works, and you get "bsod is a Windows error", Enderman even explains with code
someone did search him up he is called @laglife
the comment you replied with was removed by youtube btw, can't see it normally
@@uninable oh i was just saying laglife made a video similar to this!
Using this is like disabling your house’s circuit breakers, or your car’s fuse box, or, for a bit more of an unusual one, your body’s vomit reflex. All of those are meant to be safety mechanisms, and the Windows BSOD is one too.
context for classic theme at the end: classic theme is basically windows without a theme.
the themesection handle inside winlogon handles theming, winlogon dies so themesection dies with it so windows reverts to classic theme.
notice how the scrollbar and all the controls inside process hacker turns into a 95 style once winlogon dies. after that happened, few seconds later dwm dies which makes windows use user/win32k (nt4/xp style) rendering and since themes are dead, it uses classic theme for decorations (normally dwmless windows uses basic theming, but classic theme is used because theming is dead)
if anyone knows this better than i do, correct me in the comments, thanks!
disabling dwm gives you basic theme
@@SOTP. yeah, but if themesection dies it gives classic theme. you can also get the same effect by deleting the resources folder (while you renamed dwminit etc)
@@tflsh exactly!
I wish Windows still had this 'accessible' for user to use.
@@s502russia you can manually enable it but its not recommended
I thought it would just freeze or glitched out wow, modern windows are pretty robust compared to older NT versions
I know right? Yet people still say that Windows is constantly getting worse - Well, in a lot of areas on an technical level for things unrelated to privacy but just user experience in general, yes, yes it is, but it is also getting more durable in some areas. If Microsoft was a company more respectful of user choices regarding software they wish to use or privacy but also continued with things like this without going to the extremes of open-source such as Linux where anything and everything must be completely open, even at the cost of practical usability, that would be great, but they aren't that.
Yeah new versions of windows are very robust against system crashes. Until you update your AMD drivers and your system bootloops
5:29
So BSODs can actually come from different levels of the OS? Is that why older versions of Windows had 2 separate BSODs depending on the crash?
You can trigger a BSoD from everywhere as long as you are running your code in kernel mode. The procedure that triggers the BSoD in modern Windows is called KeBugCheck2 but driver developers are advised to only call the officially documented KeBugCheck and KeBugCheckEx calls (which in turn call KeBugCheck2) in case they want to shutdown (crash) the computer if their driver misbehaves. A Windows kernel developer who writes internal kernel code might not give a shit about the wrappers for whatever reason and will just call the main bugcheck function directly. Obviously there’s nothing stopping a driver developer from doing that too but why would they use undocumented calls?
Another excellent peek behind the curtain :) Seriously though, "slacking"? My guy! You have two jobs and uni on top of that! Please, don't ever feel bad about you and your real life first. Your work is a joy to witness, whenever it comes out. We'll be here when things ease up. Take it easy, man.
8:44 y'all windows 11 with basic theme before gta 6
@@This77577 classic actually
@@cool-jd8hg my bad
I wonder if instead of outright removing the BSOD, we could use this to create a more useful bugcheck that doesn't instantly shut down the system and lets the user look through what went wrong right away
That would confuse people that don’t have computer knowledge
@@Dogappel they shouldn't use it?
From what i know, windows does throw some crashlog into a folder somewhere
Wow how scary is this? I was literally thinking a few hours ago 'what happens when a Windows PC Blue Screens' then after finishing work and having a look on YT, this video pops up. Awesome.
*edit* never had so many likes before. Thanks everyone
Windows 98 did it better
@@CamelCasee didn't know it was a competition
I love metro lol
@@acasualmusiclistener7919 With windows 98 you can return to windows from a bsod and attempt to use the crashed system
Joke Elon Musk read ur mind and gave it to google
Best of luck with your Uni whatever is going on with it brother
I love there there are different levels to know how badly messed up is your system.
You have the:
Windows 10 theme - fine.
Windows 7 theme - somethings wrong
Windows 95 theme - something is VERY VERY wrong
Win10 Theme - normal
Win7 Theme - DWM is fucking dead fucking hell
Win95 Theme - DEAR FUCKINJG GOD WHAT HAPPEND
nothing at all- your windows install is cooked
I still remember watching this channel before I knew english, just trying to do the exact same thing that he does for no reason.
For a non native English speaker, your English is very good, better than than some native speakers I've seen
@@novafurrytrue, some people dont know how to type 😭
Your grammar is good, you even use the informal word 'just' to make your points. It's pretty impressive.
@@defautluser0 true bro 💀
@@DapcsMasta solo se leer inglés 😭
The brother's keyboard is an ancient piece of history, The brother has stolen the keyboard from a museum.
Finnaly. After days
Days? I thought it was months... I think I am right.
@@75rxREDSTONE 2 months to be exact
Don’t tell him he misspelled
Dont tell him he mispelled
@@75rxREDSTONE it was not exactly 2 month, so I like to just say it days
and we have yet to see what happens to windows when you run taskkill on all svchost processes as admin with NMBC.
that was the one thing i was excited for xD
You don't have to apologize for anything. Life happens, and we are grateful for your channel to exist at all. Take your time for uploads if you require it.
I wonder what would happen on older versions of Windows? I'm not referring to Windows 9x old, probably Vista or XP at the absolute oldest
Windows 9x isn't even capable of using KeBugCheck since they're not NT versions.
@@avi8aviate I know, which is why I said that
Either not much visible... freezing or instability (lots of error boxes, items not running), or worse, data corruption
9x can't properly bluescreen, you can still get a bsod but you can just close it
Why not Windows NT 3.51 and 4.0?
That’s quite an extreme way to get the classic theme back, would be nice to at least get a notification that the pc would have given a blue screen, then you can save your work and restart (or grab your phone and film what you have written, so you don’t have to retype from memory)
This is a very 2021-ish video from you
3:18 nice keyboard
finally dude, i’ve been waiting for so long. i literally were re-watching your old vids of boredom, hella missed u
windows rn: LET ME DIE, BRIAN
you: nuh-uh
This is like congenital insensitivity to pain for Windows
imagine deleting system32 and your system just doesn't bluescreen.
That would be hilarious
Your system would still crash without a BSOD, sadly
you just havent only got windows to continue and ignore a BSoD, you just got your brain to ignore one as well. respect for your cool vids plus hard work plus university!
Wake up babe, new enderman video dropped
nice to see windows 11 still has a windows 7 looking classic theme under it
Set an app to use Windows Vista and admin compatibility and it shows the Windows 7 theme
-i totally didn’t already make a video on this driver a year ago-
lol
its such a niche project - no way he didnt at least see your video first
nice model m keyboard! i see you took inspiration from danooct1 who uses that as his main keyboard.
I would LOVE to see what happens if you do this with an unstable over lock causing random memory corruption. I think that would be fascinating!
I genuinely love watching your vids
they’re so interesting
1:29 quality timing
Two Great Things Happened today: 1: You uploaded 2: My IPAD Got fixed!
Nice!
Man, I swear! Windows 11 is goated! Mainly because of its unique design, and dope vid, glad to see you back!
FINALLY YOU POSTED, dude I watched ur videos today AND YOU POST TODAY?
OMG NO WAY U HEARTED MY COMMENT
Great! Now no one who watches this video can ever consider working on ReactOS. What a banger. /s
Lol
I always love stuff like this. It's crazy how you can break things when you really want to, and know how to.
Not that I ever plan on coming back to windows unless I'm dragged there by force, but this type of thing will always fascinate me no matter the OS
Anyway, always remember to take care of yourself. I don't think anyone here minds you taking time for your mental health, and doing whatever needs to be done.
You know you went too far when you see the windows 95 interface on a recent build
0:42 litteraly explanation of crowdstrike errors
Windows at times is doing some interesting stuff in the background for many things. I once was able to completely corrupt my windows registry in a late build of pre-release win11, and (predictably) windows crashed. But the BSoD was green instead. I then found out that the background of the BSoD (since win8) is just a value in the registry. why? no clue, but that's what Microsoft did and it is in some way cool to see
2 jobs, university AND youtube? you're a beast!
"Process Hacker" is "System Informer" now. And we have Dark theme support in both.
Fun fact: you can actually get an idea of what would happen if you managed to completely terminated "csrss.exe" without triggering a blue screen by simply suspending it. Although you'll need to do that with older versions of Windows, As Windows 10 and 11 are programmed to make it near impossible to mess with system processes.
But yeah, if you was able to completely terminate the "csrss.exe" and the system didn't blue screen, the system will continue running but everything on the display will stop being updated except for a few things like some of the text (if any) displayed on screen and you'll no longer be able to interact with the system. Like I said the start of this comment, you can simulate this by simply suspending "csrss.exe".
Yayy a new video! Definitely enjoyed all these BSOD’s
Damn... He is using the legendary keyboard.
i got an idea, What happens if you delete the blue screen trigger file, and just caused a bluescreen?
Another good video released! Anyways, weird to see such modern slang as "cooked" in an Endermanch video.
非常に興味深い動画、助かります!
7:35 クラシックテーマはWindows 11でも健在のようですね。
クラシックテーマに変わったエクスプローラーで右クリックメニュー開いたらどのような見た目になるだろう?
Love this type of content lol, even if it's useless or useful shit but its interesting.
Its nice that you uploaded to keep the stupid youtube algorithm from ghosting you and drowning your channel but please also take your time to recover and to focus on your mental health cause we real fans will always watch out for new videos
i didn't know you played gd??????
>buys snowfall all
>looks inside
>bubbles
He does, and he used a bunch of GD songs in his videos
@@APPLP1E limbo gave it away.
edit: stop asking which video i forgot
@@i_am_called_glitchy nobody asked bro 😭
@@龗 wrong universe, sorry
great video, good luck with the university and the 2 jobs
Finally someone did this, i been curious whats behind the blue screen
Amazing vid enderman keep it up :DD
It's a golden (coocked) goose of content. I was always wandering what happen if bsod will be turn off. But still im wondering if you can make it so bad, so you create corupted code, wich will overwrite itself in ram/disc C?
Is it possible to corrupt code so bad, so it will destroy UEFI and bricks computer?
Dont end this content with only one video
missed your videos man glad your back!
What about NoEscape (Trojan) + NMBC? Especially final payload where NoEscape triggers Blue Screen.
FINALLY YOU MADE A VIDEO I'VE BEEN WANTING FOR AGES!
been here since you were just a tiny channel, great content and goodluck with the semester!
bro be waking up the nostalgia with these songs
YOU ARE BACK :) I am subscribed as always :)
thanks for putting songs names and this amazing video of course
Glad to see you back! (Algorithm goes brrrr)
Finally you're back! Make videos more often.
Hey Mr.Enderman, i really enjoy your videos. But I really enjoy those alot more, where you speak instead of the text on screen. I read your description and you seem to be very busy, so no pressure. Just some feedback. Otherwise, great video as always! Keep up the great work!
Hey!, Great Video, Really Enjoyed it while eating my lunch, but i got a question, What keyboard do you use? I thought it was quite a cool keyboard lol.
IBM model M probably
First
Verified but no replies :(
Welcome back buddo! Love your videos!!
Hey nice video ! Where did you find the Run As Trusted Installer plugin for PH? I cannot find anymore
On their GitHub archive, it's archived now, if I recall correctly, the plugin is considered deprecated
Hey good luck with uni bro :)
Take care of urself!!
Make :can you remove the desktop manager (graphical environment) in windows
Plzz it is soo cool
Nice video as always
You never felt a surprise me when it comes to technology
Omg enderman uploaded!!!
Everytime Enderman Uploads, It Makes My Day Better
BABE WAKE UP NEW ENDERMAN VIDEO!! ‼️🙏🗣️🗣️
This is just a PERFECT driver for my pc that crashes every 30min when I play games with music.
Happy to see that endermanch is back!
What a great music! And informative video.
4:25 Ascence - About you
Love your videos!!
Sir, if you are focusing on your PhD, don't worry, I'll wait! 🤩
I just back to watch your recent content and realized you're dealing with both work and education at the same time. Great content btw, please stay safe! 🔥
When recall comes out to windows 11 are you going to make a video about how to completely destroy, obliterate, exterminate, eliminate, and disintegrate it?
good luck with everything you’re dealing with btw
2:35 Gave me the heebie jeebies.
I forgot about this channel I'm glad I came across it again
It's like looking behind a loading screen but not. Funny it shows all individual Window objects in framed windows, even the task bar and maybe its icons!
This is something i always wondered about.
This was really cool!
7:47 since when do you use the word cooked? (love ur vids, keep it up)
It's cool to see that whenever everything gives up it goes back to it's win9x roots.
good to se you're back🎉
Nice! I've been waiting for this for a while.
This is ridiculous! Thank you very much for telling us all of these secretes about windows.
Yessss Endermanch is back.
Finally after years I now know if it was possible to continue operation beyond a BSoD and see what would happen, and now I have the answer! Thank you, Enderman!
Next video: Trying to run programs in a BSoD itself! /jk
running native programs in a bsod might be possible