Interesting Information on Windows “Blue Screen”

Reasons for Windows Crash

Your Windows system / server can crash due to:
- memory access violation,
- kernel subsystem inconsistencies
- driver operational (e.g. USB, display) inconsistencies
One might argue that Widows might as well (in some cases) isolate the hardware and continue operations, but chances are that it might (generally does) lead to memory space inconsistencies, and hence Windows follows a "fail fast" policy attempting to prevent corruption in RAM from spreading to disk.

The Blue Screen

Could be any reason, but actual function responsible for (managing?) system crash is KeBugCheckEx. It makes use of a "stop code" and four parameters which are interpreted on a per-stop basis. This function then switches resolution to VGA mode with blue background and some comments on what user shall do next. It then calls for KeRegisterBugCheckCallback function allowing drivers opportunity to stop. It then calls KeRegisterCheckBugReasonCallback so drivers can append data to the crash dump.

To summarize:

KeCheckBugEx -> paints the screen blue -> KeRegisterCheckBugCallback -> KeRegisterCheckBugReasonCallback.

In rare occurrences, even the blue screen display stage isn’t reached and server crashes before that.