This DLL is used to prevent applications from forcing a Blue Screen of Death on purpose.
Some protected software uses BSOD as an anti-debug or anti-tamper method. This DLL blocks that behavior by hooking a couple of native APIs from ntdll.dll.

The idea is simple: stop the crash before it happens.

---

Used APIs

RtlAdjustPrivilege
This function is usually called to enable sensitive privileges like SeShutdownPrivilege.
Most forced BSOD techniques need this privilege first. If it fails, the crash chain breaks.

NtRaiseHardError
This API is responsible for raising critical system errors.
With the right parameters, it can be abused to intentionally crash the system.

---

Typical Forced BSOD Flow

What many protectors do is basically this:

RtlAdjustPrivilege(SeShutdownPrivilege, TRUE)
then
NtRaiseHardError(STATUS_ASSERTION_FAILURE, …)

Result: system crash (BSOD)

This is not a bug, it’s done on purpose.

---

What This DLL Does

RtlAdjustPrivilege is hooked and always denied.
So even if the application tries to enable crash-related privileges, it fails.

NtRaiseHardError is also hooked.
When it gets called, nothing happens. The function just returns and the crash is skipped.

Because of this, the application loses its ability to force a BSOD.

---

Why Detours

Microsoft Detours is used to hook the functions safely at runtime.
It replaces the original function pointers and restores them when the DLL is unloaded.
Nothing permanent is changed.

---

How It Works in Practice

The DLL is injected into the target process.
On process attach, the hooks are installed.
Any call to RtlAdjustPrivilege or NtRaiseHardError inside that process gets intercepted.
The system never crashes.

---

Notes

This is user-mode only.
Kernel drivers that trigger BSODs are not affected.
Some protectors may detect hooks like this.
It only affects the injected process, not the whole system.

---

Short Summary

This DLL prevents intentional BSODs by blocking privilege escalation and neutralizing NtRaiseHardError calls.
It’s mainly useful when dealing with software that uses forced crashes as a protection or anti-debug technique.

AntiBlueScreenOfDeath.zip

8 minutes ago, cambaz said:

This DLL is used to prevent applications from forcing a Blue Screen of Death on purpose.
Some protected software uses BSOD as an anti-debug or anti-tamper method. This DLL blocks that behavior by hooking a couple of native APIs from ntdll.dll.

The idea is simple: stop the crash before it happens.

---

Used APIs

RtlAdjustPrivilege
This function is usually called to enable sensitive privileges like SeShutdownPrivilege.
Most forced BSOD techniques need this privilege first. If it fails, the crash chain breaks.

NtRaiseHardError
This API is responsible for raising critical system errors.
With the right parameters, it can be abused to intentionally crash the system.

---

Typical Forced BSOD Flow

What many protectors do is basically this:

RtlAdjustPrivilege(SeShutdownPrivilege, TRUE)
then
NtRaiseHardError(STATUS_ASSERTION_FAILURE, …)

Result: system crash (BSOD)

This is not a bug, it’s done on purpose.

---

What This DLL Does

RtlAdjustPrivilege is hooked and always denied.
So even if the application tries to enable crash-related privileges, it fails.

NtRaiseHardError is also hooked.
When it gets called, nothing happens. The function just returns and the crash is skipped.

Because of this, the application loses its ability to force a BSOD.

---

Why Detours

Microsoft Detours is used to hook the functions safely at runtime.
It replaces the original function pointers and restores them when the DLL is unloaded.
Nothing permanent is changed.

---

How It Works in Practice

The DLL is injected into the target process.
On process attach, the hooks are installed.
Any call to RtlAdjustPrivilege or NtRaiseHardError inside that process gets intercepted.
The system never crashes.

---

Notes

This is user-mode only.
Kernel drivers that trigger BSODs are not affected.
Some protectors may detect hooks like this.
It only affects the injected process, not the whole system.

---

Short Summary

This DLL prevents intentional BSODs by blocking privilege escalation and neutralizing NtRaiseHardError calls.
It’s mainly useful when dealing with software that uses forced crashes as a protection or anti-debug technique.

AntiBlueScreenOfDeath.zip

Hocam user mode only yazmışsınızda kernel tarafından bir icotl ile dead spaceace offset tarama yaparsak yine blue screen alıyor muyuz? bunu engellemiyor sanırım?

Edited December 17, 2025Dec 17 by null1

1 minute ago, null1 said:

Hocam user mode only yazmışsınızda kernel tarafından bir icotl ile dead space deadspace yaparsak yine blue screen alıyor muyuz? bunu engellemiyor sanırım?

kernel seviye ileri bir yöntemdir farklı şekilde kancalama yapabilir ama bunu denemende fayda var eğer user moddaki mantığı kullanıyorsa engeller bunu dll olarak derle hedef exe ye inject et

Hayatimda gordugum en sacma sey. Bir adamin programina dll injectliyebiliyorsan zaten buna gerek kalmaz. O adam dll injectlerken seni yakalayip bsod atar zaten. Programini daha dll injectiondan koruyamayan adaminda boyle bsod trap gibi seyleri koymasi da gulunc oluyor.

Edited December 17, 2025Dec 17 by hern0s

34 minutes ago, hern0s said:

Hayatimda gordugum en sacma sey. Bir adamin programina dll injectliyebiliyorsan zaten buna gerek kalmaz. O adam dll injectlerken seni yakalayip bsod atar zaten. Programini daha dll injectiondan koruyamayan adaminda boyle bsod trap gibi seyleri koymasi da gulunc oluyor.

herkes senin gibi düşünse piyasa kan giren olur herkes pro değil :D