Why does Windows still have the BSOD on Ctrl+Scroll+Scroll "feature"?
Solution 1
It's there to allow a break into the Kernel Debugger or generate a kernel-mode dump file. Typically an expert would want to do this when the OS looks locked up and won't even respond to CTRL+ALT+DELETE in order to get the dump file and investigate it for which driver is having trouble.
It's logically equivelent to calling the kernel API KeBugCheck with bugcheck 0xE2 (MANUALLY_INITIATED_CRASH). Also note that the reg values can be set in different reg keys for the USB (kbdhid) keyboard driver versus the ps2 (i8042prt) driver. There is more information on that and customizing which keystoke is used in KB Article 244139.
Since this is implemented in the actual keyboard drivers, I don't expect this would work from and RDP session even if it was enabled.
Solution 2
If we're generous, could it perhaps be used as an over-enthusiastic way of forcing a crash dump for manually investigating the system state? (primarily for debugging)
OK - a pretty weird way to do it, but...
Solution 3
Let's call it an easter egg.
Congratulations.....you found it!
Solution 4
This sounds like a fun practical joke, really.
Solution 5
You should watch Mark Russinovich's videos where he shows how to diagnose system hangs with this "feature". I think it was just set to off in SP2, not removed.
Related videos on Youtube
arxpoetica
Bad programming is easy. Idiots can learn it in 21 days, even if they are dummies. --Teach Yourself Programming In Ten Years
Updated on September 17, 2022Comments
-
arxpoetica over 1 year
Background information
While Windows XP came out I heard about a testing feature that existed to manually cause a BSOD (Blue Screen Of Death). I also heard this was supposed to be removed in XP Service Pack 2. It didn't get removed. It's also in Vista, Windows 7, and all later Windows versions. To enable the feature, navigate to this Registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Add
CrashOnCtrlScroll
as aREG_DWORD
with the value of 1.Next, reboot. Finally, press Right Ctrl+Scroll Lock+Scroll Lock on any PS/2-compatible keyboard. You'll get a BSOD.
My question
Why is this feature still here?
-
DLH almost 15 yearsI think you'll need to ask Microsoft about that one.
-
sangretu almost 15 yearsSince it requires a mandatory registry hack, I don't think there's a downside to leaving it in the system. Nobody's likely to trigger it by mistake.
-
Axxmasterr almost 15 yearsWill the key sequence also work if triggered from an RDP session?
-
arxpoetica almost 15 years@Axxmasterr: I'm pretty sure it would, but I haven't tested it myself.
-
Harley Watson almost 15 yearsThis is probably how apple did this: gizmodo.com/assets/resources/2007/10/171953dc7.jpeg
-
user1686 almost 15 yearsThat is one thing I hate about Apple... not only they use a BSOD screenshot for a (nowadays) pretty stable OS, they even use an outdated one (probably from 98 or ME). (My friend, who is a 100% Linux user, likes Windows 7. That says something.)
-
RBerteig almost 15 yearsSince it has a legitimate use case that matters to the people who actually write and debug the kernel and device drivers, I wouldn't expect to see it removed. Enabling it requires write access to HKLM, and even if enabled all you get is a BSOD.
-
Joey about 14 years@Axxmaster: No, it won't since the key sequence is implemented in the device drivers for keyboards. Those aren't needed or even used in an RDP session.
-
Piotr Dobrogost over 12 yearsI tried it on Windows XP SP3 with USB keyboard (I added
CrashOnCtrlScroll
value toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
key) and it didn't work. -
Jamie Hanrahan about 8 yearsIt didn't work for USB keyboards until Windows 7.
-
-
Axxmasterr almost 15 yearsThat is being very generous indeed. It might be a method that was intended to allow software to crash the system to "stop the bleeding" in case of a serious compromise. Forcing the system to shut down would prevent anyone from stealing data.
-
arxpoetica almost 15 yearsI used to use it a school when my teacher was coming and I was playing a fullsceen game.
-
Joey about 14 yearsIt's also there for hardware and driver developers who need to trap into the debugger at a certain point. And I definitely think this should be the accepted answer.
-
Joey about 14 years@Lucas: Wait, you have administrator access in a place where you're a student? :O
-
arxpoetica about 14 years@Johannes: Yes. It was very lax.
-
Synetech over 8 yearsNo, it was kept because it is an invaluable diagnostic function.
-
Synetech over 8 yearsspoulson, obviously you are not a programmer, or at least not a low-level debugger.
-
Synetech over 8 yearsThis has use for users (well, programmers).