• Heavybell@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    4 months ago

    I don’t believe there was any specific API in use here, for virus scanning or not. I suppose maybe the device driver API? I am not a kernel developer so I don’t know if that’s the right term for it.

    Crowdstrike’s driver was loaded at boot and caused a null pointer dereference error, inside the kernel. In userspace, when this happens, the kernel is there to catch it so only the application that caused it crashes. In kernelspace, you get a BSOD because there’s really nothing else to do.

    https://youtube.com/watch?v=wAzEJxOo1ts

    • kescusay@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 months ago

      I stand corrected. For some reason, I was thinking they used the actual Windows Defender API, which can be called programmatically from third-party applications, but you’re correct, it was a driver loaded at boot. Microsoft isn’t at all at fault, here.