[BUG] BitDefender and blue screen of death

Started by fixer, June 05, 2018, 10:34:51 AM

Previous topic - Next topic

fixer

BitDefender may crash your operating system with a blue screen of death. It injects its own DLL into other processes and hooks some functions in user-mode using splicing. So when a process calls some function, this function is intercepted by BitDefender, and it inspects the call. There are some functions it doesn't like like CreateRemoteThread or WriteProcessMemory. When it sees calls it doesn't like, it communicates with its driver and terminates the target process (the one a thread is created in or the one memory of which is being written to) from the kernel with code STATUS_ACCESS_DENIED. If the target process is a critical system process, system crashes with a blue screen of death. If it's some other process, other glitches are possible, for example some visual glitches if the process terminated is a GUI process.

But the funny thing is this. If it tries to catch some malicious programs hooking this and that, they don't have problems with these hooks. It's quite easy and trivial to unhook them and no crash will happen. So these hooks are basically useless against malevolent software. But if you develop some good software and need these functions for some reason, you'll have problems. As either you have to face system crashes or you have to get involved into some kind of arms race where you try to bypass their hooks and protections. So it's a good idea to ask yourself "will I live in harmony with other inhabitants?" when such "protections" are implemented and don't try to act like you're the only one here and let any other crash and burn.