Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - Software Crashes: A New Year's Resolution InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Software Crashes: A New Year's Resolution

Published: 2018-12-31
Last Updated: 2018-12-31 00:03:20 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Recently, I experienced a couple of stop errors (also known as Blue Screen of Death) on a Windows machine, that I was able to fix with the help of NirSoft's BlueScreenView utility. With this utility, I immediately pinpointed the cause of the crashes to a driver that I was able to update.

And that reminded me of another NirSoft tool: AppCrashView.

Like BlueScreenView, AppCrashView is a convenient GUI programs that presents application crash reports found in the WER folder in a table:


I used to take a regular look at the application crashes on my machine, to identify applications who could have security problems, like buffer overflows. Depending on the results and frequency of crashes, I would update or replace the application.
And sometimes, it was the starting point of vulnerability research.

I will make this a habit again, and you could too, as AppCrashView is a simple, convenient program that gives an tabular overview of application crashes, without requiring a debugger.
If you want to do this in a more organized and scalable way, know that application crashes are also recorded in the Windows Application Event log.

Please post a comment if you have tips or suggestions to monitor application crashes.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

1 comment(s)
Diary Archives