Reputation: 210603
Shutting down Windows from kernel mode?
I'm trying to create a driver that will intercept a certain key sequence and perform a reboot from kernel mode in Windows, similarly to the REISUB key sequence in Linux.
I've created a keyboard hook just like Ctrl2Cap does, and I've tried calling NtShutdownSystem to reboot the system.
The handler does detect the key press, but the problem is that when it actually calls NtShutdownSystem, I get a BSOD with the ATTEMPTED_SWITCH_FROM_DPC error code.
I'm assuming this is because I can't shut down the system from an executing DPC, so I probably need to execute my code from somewhere else. But I don't know where.
So the question is:
How can I shut down the system upon detecting the key sequence in kernel mode?
Upvotes: 7
Views: 1206
Answers (1)
Reputation: 210603
Ah, I figured out the answer....
Seems like ExQueueWorkItem does the trick:
VOID NTAPI MyShutdownSystem(PVOID) { NtShutdownSystem(1); }
// ... [code] ...
PWORK_QUEUE_ITEM pWorkItem =
(PWORK_QUEUE_ITEM)ExAllocatePool(NonPagedPool, sizeof(WORK_QUEUE_ITEM));
if (pWorkItem != NULL) {
ExInitializeWorkItem(pWorkItem, &MyShutdownSystem, NULL);
ExQueueWorkItem(pWorkItem, DelayedWorkQueue);
}
Upvotes: 7
Related Questions
- how to force shutdown computer using cpp program
- How can I shut down Windows?
- Windows shutdown dialog
- How do I shutdown my PC with Win32 API in C?
- Interaction with Windows rebooting/shutdown
- Working with a shut-down state of a user session on Windows?
- How to turn off pc via windows API?
- Windows Shutdown - Shutdown command or ExitWindowsEx
- Win32Shutdown Method of the Win32_OperatingSystem Class
- Win32 API For Shutting Down Another Process Elegantly?