A user kindly proposed to do that on PG, so i tried it on GSS We want it at least as good as GP don't we ? The idea is from Sysinternal It was done to test sonny rootkit and "proove" it can be non stable. NtCrash2 test each api of NTOSKERNEL and throw random data to them. http://www.sysinternals.com/blog/2005/11/sonys-rootkit-first-4-internet.html On a normal system, nothing happen and the program only receive an error saying the demand is badly formulated. When the system is hooked by sonny rootkit, their driver fail to process randoom data and crash. So for the sake of science i crashed my computer Basicly all test go well until about 0X28 and then it just force-reboot Maybe i have my compluter configured to reboot instead of BSOD, anyone know how to change that ? So i went in calculator and 0X28 is 40 in decimal. Using the "RootKit Analyser" tools i found nothing at 40 but 41 is NTCreateKey with ghostSec.sys attached to it !!! At the moment it's too soon to conclude at anything As kernel modification is done in chain and Rootkit Analyser only show the first of them. The only other kernel modifier i have is alhohol120%. Yet, this is suspect enought to post this thread as NTCreateKey really sound like regdefend to me. (But the driver concern the whole GSS so i had difficulty in choosing wich forum i'd post this) Basicly i am asking if anyone else (maybee even Jason) try the torture of sending randoom data to windows api and see if a GSS crash occurs.