I'm trying to create a driver that will intercept a certain key sequence and perform a reboot from kernel mode in Windows, similarly to the REISUB key sequence in Linux.
I've created a keyboard hook just like Ctrl2Cap does, and I've tried calling NtShutdownSystem to reboot the system.
The handler does detect the key press, but the problem is that when it actually calls NtShutdownSystem, I get a BSOD with the ATTEMPTED_SWITCH_FROM_DPC error code.
I'm assuming this is because I can't shut down the system from an executing DPC, so I probably need to execute my code from somewhere else. But I don't know where.
So the question is:
If you're troubleshooting system problems, you'll want to perform a full shut down of the kernel to ensure Windows reinitializes things from scratch. To do this, just click the “Restart” option in the menu instead of the “Shut Down” option.
What Is a Kernel-Power Critical Error? The Kernel-Power critical error is a system error that causes your system to crash. The error can trigger under a range of circumstances, though all relate to a power issue.
Provides routines for your driver to work with access control. Implements the core functionality that everything else in the operating system depends upon. The Microsoft Windows kernel provides basic low-level operations such as scheduling threads or routing hardware interrupts.
Event ID: 41 Description: The system has rebooted without cleanly shutting down first. This event indicates that some unexpected activity prevented Windows from shutting down correctly. Such a shutdown might be caused by an interruption in the power supply or by a Stop error.
Ah, I figured out the answer....
Seems like ExQueueWorkItem does the trick:
VOID NTAPI MyShutdownSystem(PVOID) { NtShutdownSystem(1); }
// ... [code] ...
PWORK_QUEUE_ITEM pWorkItem =
    (PWORK_QUEUE_ITEM)ExAllocatePool(NonPagedPool, sizeof(WORK_QUEUE_ITEM));
if (pWorkItem != NULL) {
    ExInitializeWorkItem(pWorkItem, &MyShutdownSystem, NULL);
    ExQueueWorkItem(pWorkItem, DelayedWorkQueue);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With