开发者

Shutting down Windows from kernel mode?

问答 作者:

I'm trying to create a driver that will intercept a certa开发者_运维技巧in key sequence and perform a reboot from kernel mode in Windows, similarly to the REISUB key sequence in Linux.

I've created a keyboard hook just like Ctrl2Cap does, and I've tried calling NtShutdownSystem to reboot the system.

The handler does detect the key press, but the problem is that when it actually calls NtShutdownSystem, I get a BSOD with the ATTEMPTED_SWITCH_FROM_DPC error code.

I'm assuming this is because I can't shut down the system from an executing DPC, so I probably need to execute my code from somewhere else. But I don't know where.

So the question is:

How can I shut down the system upon detecting the key sequence in kernel mode?

Ah, I figured out the answer....

Seems like ExQueueWorkItem does the trick:

VOID NTAPI MyShutdownSystem(PVOID) { NtShutdownSystem(1); }

// ... [code] ...

PWORK_QUEUE_ITEM pWorkItem =
    (PWORK_QUEUE_ITEM)ExAllocatePool(NonPagedPool, sizeof(WORK_QUEUE_ITEM));

if (pWorkItem != NULL) {
    ExInitializeWorkItem(pWorkItem, &MyShutdownSystem, NULL);
    ExQueueWorkItem(pWorkItem, DelayedWorkQueue);
}

继续阅读:kernelwinapi

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9