"BugCheck2Linux" lets you run Linux after Windows goes BSOD

Alfonso Maruccia

Posts: 763   +259
WTF?! Someone designed an experimental tool that can run a program or even a tiny operating system after a Windows crash. It has many limitations, but the ability to keep working on a PC even after a BSOD might come in handy in many situations.

When Windows experiences a critical, unrecoverable error state, the operating system crashes and displays the infamous Blue Screen of Death (BSOD). Typically, the only solution to a BSOD is to reboot the machine and hope no critical data is lost. It has been an annoying quirk of Windows for over 30 years since Microsoft introduced the error screen with Windows NT 3.1 in 1993.

However, a newly released open-source utility is turning the BSOD tradition upside down, promising users the ability to keep using their PC even after an unrecoverable Windows crash. First spotted by NTDEV, the developer of the Tiny11 Windows mod, the BugCheck2Linux tool can run a "real" Linux shell after a Windows BSOD occurrence.

App developer NSG650 explains that the BugCheck2Linux utility can do its magic by "simply" registering a BugCheck callback. According to Microsoft's official documentation, a driver can use the BugCheck callback function to add driver-specific data to the crash dump file or even reset the device to a known working state.

The BugCheck callback function can also run an executable file or an entire, text-based, non-Windows operating system like in BugCheck2Linux's case. The utility exploits the bootvid.dll driver, a Windows video output driver in VGA mode during the bootstrap routine, for video output and a PS/2 keyboard driver to poll for keyboard input.

BugCheck2Linux runs as a driver within Windows standard environment. After the BSOD, the driver starts a tiny RISC V emulator utilizing a Linux textual shell. The developer credits other open source projects such as mini-rv32ima (the RISC V emulator), the ReactOS project (bootvid documentation), and the OSdev Wiki for the documentation regarding the PS/2 polling system.

Despite providing something unprecedented, like an entire working OS after a Windows crash, NSG650 acknowledges the tool's many limitations. The utility doesn't support ANSI escape sequences. It runs at just a 640x480 resolution in 16 colors. It only works in BIOS mode, so there is currently no support for UEFI systems. It is very sluggish and provides poor keyboard support.

Permalink to story.

Kinda interesting poc, but really, why to do so if you can just run Linux from beginning?
It could be some way in certain corporation use cases to ensure consistency of data, but I think there easier and more accessible ways to do so.
I can't remember the last time windows BSOD on me and I'm a developer so often have multiple copies of Studio, VS Code, SQL Mgmt Studio, Postman, vSphere, 30 Chrome Tabs etc etc etc all running at once. Apps crash sometimes, but unless they have kernel-mode access now they almost never take the OS (BSOD) with them. If you do get regular crashes it's almost always a poorly written driver these days.
So, what's the point of this tool?

The Linux obviously can not be used to recover any in-memory data - especially because it runs on a RISC-V emulator, and therefore has no direct access to the host hardware or memory.