Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Shutting down Windows from kernel mode?

Tags:

kernel

winapi

I'm trying to create a driver that will intercept a certain key sequence and perform a reboot from kernel mode in Windows, similarly to the REISUB key sequence in Linux.

I've created a keyboard hook just like Ctrl2Cap does, and I've tried calling NtShutdownSystem to reboot the system.

The handler does detect the key press, but the problem is that when it actually calls NtShutdownSystem, I get a BSOD with the ATTEMPTED_SWITCH_FROM_DPC error code.

I'm assuming this is because I can't shut down the system from an executing DPC, so I probably need to execute my code from somewhere else. But I don't know where.

So the question is:

How can I shut down the system upon detecting the key sequence in kernel mode?

like image 996
user541686 Avatar asked Aug 20 '11 22:08

user541686

People also ask

How do I shut down Windows kernel?

If you're troubleshooting system problems, you'll want to perform a full shut down of the kernel to ensure Windows reinitializes things from scratch. To do this, just click the “Restart” option in the menu instead of the “Shut Down” option.

What is kernel power Windows?

What Is a Kernel-Power Critical Error? The Kernel-Power critical error is a system error that causes your system to crash. The error can trigger under a range of circumstances, though all relate to a power issue.

Why does a Windows driver need to run in kernel mode?

Provides routines for your driver to work with access control. Implements the core functionality that everything else in the operating system depends upon. The Microsoft Windows kernel provides basic low-level operations such as scheduling threads or routing hardware interrupts.

What is Event 41 kernel power?

Event ID: 41 Description: The system has rebooted without cleanly shutting down first. This event indicates that some unexpected activity prevented Windows from shutting down correctly. Such a shutdown might be caused by an interruption in the power supply or by a Stop error.

1 Answers

Ah, I figured out the answer....

Seems like ExQueueWorkItem does the trick:

VOID NTAPI MyShutdownSystem(PVOID) { NtShutdownSystem(1); }

// ... [code] ...

PWORK_QUEUE_ITEM pWorkItem =
    (PWORK_QUEUE_ITEM)ExAllocatePool(NonPagedPool, sizeof(WORK_QUEUE_ITEM));

if (pWorkItem != NULL) {
    ExInitializeWorkItem(pWorkItem, &MyShutdownSystem, NULL);
    ExQueueWorkItem(pWorkItem, DelayedWorkQueue);
}
like image 177
user541686 Avatar answered Oct 12 '22 00:10

user541686
Sign in to Comment

Related questions

Reduce Context Switches Between Threads With Same Priority
Why does an overridden non-client area show the default when the window loses focus on win32?
Possible for Win32 App calling an WinRT API?
How to make the group box text to be disabled when group box is disabled?
What is the purpose of LVCOLUMN.iSubItem?
How can i draw to or add a custom button to every window of all applications?
Bypass Clipboard History in the Windows 10 October 2018 Update
Calling Windows API function to set Auto Gain Control
Write to and read from free disk space using Windows API
Windows API spying/hijacking techniques
How to change the order of buttons on the taskbar?
Equivalent of user32.dll on OS X
IFileSaveDialog - choosing folders in Windows 7
Aero Snap not working for my application
Loop without consuming too many CPU cycles and without sleep()?
LNK2022 and LNK2034 linker errors with version 10.0 of the CRT
GetWindowPlacement gives the incorrect window position
PBS_MARQUEE Progressbar WinApi
How to terminate worker thread properly in an injected DLL?
How to change theme DrawThemeTextEx font color?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!