DDK Call for rebooting ?

OSR_Community_User · April 10, 2006, 10:32pm

This probably doesn’t belong in the WinDBG discussion list (since it
isn’t about debugging.)

If you want to lock a process into memory, you could always use
VirtualLock() (see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/
base/virtuallock.asp for a description of this function.) I’ve never
used it personally, but then again, I seldom write user mode code (and
when I do I’m normally writing against the native API.)

Again, there are likely to be a number of ways of achieving this and it
seems as if people are merely throwing out suggestions on how to do it -
but the hard part (figuring out what works for your situation) is likely
to be up to you.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Satya Das
Sent: Monday, April 10, 2006 9:17 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] DDK Call for rebooting ?

Umm… There is no linker flag that I can find that will lock the file
in RAM with no paging out.

Additionally jrichter mentions (at the URL below) that the loader checks
if the file is indeed on the network before doing its special magic for
/swaprun:net option

http://www.microsoft.com/msj/0398/win320398.aspx

It does not seem like this is an alternative solution for OP’s issue.

You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

cidentifier · April 11, 2006, 5:46am

Alex.

i tried the undocumented HalReturnToFirmware(), but nomatter what parameter i specify, for example HalPowerDownRoutine or HalRebootRoutine, the system always restart.

i want to use ‘HalReturnToFirmware’ and parameter ‘HalPowerDownRoutine’ to ‘rudely’ power off the machine from a kernel driver, but it dosen’t seem to work, why?

thx

dong dawoo

ÑÅ»¢1GÃâ·ÑÓÊÏä°Ù·Ö°Ù·ÀÀ¬»øÐÅ
ÑÅ»¢ÖúÊÖ-ËÑË÷¡¢É±¶¾¡¢·ÀÉ§ÈÅ

OSR_Community_User · April 11, 2006, 10:49am

IIRC, VirtualLock is just a hint. The process working set can still be
trimmed.

Isn’t there a way to shut off paging altogether on XP? Isn’t that what
you’d want if you had no local disk?

Beverly

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Monday, April 10, 2006 10:31 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] DDK Call for rebooting ?

This probably doesn’t belong in the WinDBG discussion list (since it
isn’t about debugging.)

If you want to lock a process into memory, you could always use
VirtualLock() (see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/
base/virtuallock.asp for a description of this function.) I’ve never
used it personally, but then again, I seldom write user mode code (and
when I do I’m normally writing against the native API.)

Again, there are likely to be a number of ways of achieving this and it
seems as if people are merely throwing out suggestions on how to do it -
but the hard part (figuring out what works for your situation) is likely
to be up to you.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Satya Das
Sent: Monday, April 10, 2006 9:17 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] DDK Call for rebooting ?

Umm… There is no linker flag that I can find that will lock the file
in RAM with no paging out.

Additionally jrichter mentions (at the URL below) that the loader checks
if the file is indeed on the network before doing its special magic for
/swaprun:net option

http://www.microsoft.com/msj/0398/win320398.aspx

It does not seem like this is an alternative solution for OP’s issue.

You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · April 11, 2006, 2:53pm

JD is the OP. I was merely wondering whether there was any magic switch
on linker to achieve locking in RAM as was stated in this thread. I
could not find any in the documentation. (perhaps there is an
undocumented one, you never know)

Satya

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Monday, April 10, 2006 7:31 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] DDK Call for rebooting ?

This probably doesn’t belong in the WinDBG discussion list (since it
isn’t about debugging.)

If you want to lock a process into memory, you could always use
VirtualLock() (see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/
base/virtuallock.asp for a description of this function.) I’ve never
used it personally, but then again, I seldom write user mode code (and
when I do I’m normally writing against the native API.)

Again, there are likely to be a number of ways of achieving this and it
seems as if people are merely throwing out suggestions on how to do it -
but the hard part (figuring out what works for your situation) is likely
to be up to you.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006.

JD_Willis · April 11, 2006, 5:51pm

Tony Mason wrote:

This probably doesn’t belong in the WinDBG discussion list (since it
isn’t about debugging.)

If you want to lock a process into memory, you could always use
VirtualLock() (see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/
base/virtuallock.asp for a description of this function.) I’ve never
used it personally, but then again, I seldom write user mode code (and
when I do I’m normally writing against the native API.)

Again, there are likely to be a number of ways of achieving this and it
seems as if people are merely throwing out suggestions on how to do it -
but the hard part (figuring out what works for your situation) is likely
to be up to you.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Thank You !
You are correct that there are multiple ideas/methods … It is
having those to consider will help in choosing the right one.

JD_Willis · April 11, 2006, 5:53pm

Thank you Phil.
Very well said.

xxxxx@seagate.com wrote:

I thought about chopping most of that, but I figured I’d leave it as a
good example of how to answer a question the OP didn’t ask.

He’s trying to restart the system because the network storage, which is
the only available storage, is gone. (I think) the design goal is to
reboot rudely instead of BSOD rudely. When you have no storage in which
to gracefully save your state, is there really any difference, except that
it *might* appear a bit smoother to restart? The OP certainly can’t give
the user the opportunity to save anything, since that would entail faking
the save, and the data is gone, anyway. So other than the brief
appearance of a BSOD followed immediately by the system boot, there’s no
functional difference.

This is just for a kiosk or some other read-only application, right? You
don’t actually expect anyone to use this for any data they want to keep?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alex Ionescu
[397670]
Sent: Monday, April 10, 2006 6:47 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] DDK Call for rebooting ?

JD wrote:

>jim wrote:
>
>
>>Well, it IS exported, so could be ok.
>>I belive this is the prototype.
>>If it works, let us know, could come in handy…
>>
>
> Will do ! come monday .
>

That Nt* function is pretty much undocumented, and also requires the
SE_SHUTDOWN_PRIVILEGE. However, since you are in kernel-mode, that
shouldn’t be a problem. Nevertheless, Nt/Zw* functions are native, so if
they are undocumented they usually have a tendency for changing between
releases, or there is a specific reason why they’re not documented. Also
you should be aware of IRQL considerations. Many native functions exist
in PAGED_CODE, so calling them might end up in a catastrophe. If
undocumented APIs are the way you’re going to go, I’d much rather
suggest using:

NTHALAPI
VOID
NTAPI
HalReturnToFirmware(
FIRMWARE_REENTRY Action
);

with

//
// HalShutdownSystem Types
//
typedef enum _FIRMWARE_REENTRY
{
HalHaltRoutine,
HalPowerDownRoutine,
HalRestartRoutine,
HalRebootRoutine,
HalInteractiveModeRoutine,
HalMaximumRoutine
} FIRMWARE_REENTRY, *PFIRMWARE_REENTRY;

The usage of a unoducmented HAL function gives you some aditional
security over using an undocumented native function, in terms of the
function not changing, as well as in the fact that you can be sure it’s
accessible from HIGH_LEVEL and skips all the security checks which are
largely irrelevant in your case.

Nevertheless, you should defintely try having something in user-mode
that listens for a notification and does ExitWindows instead. The reason
that rebooting/shutting down isn’t exported to drivers is because it’s
an extremly rude thing to do to your users, apart from the other
possible considerations. Imagine if some video driver decided it was
time to reboot your system for a reason you’re never told about

Best regards,
Alex Ionescu

You are currently subscribed to windbg as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com