how to restart machine in filter drivers?

verjj · February 16, 2011, 2:08pm

I tried ZwShutdownSystem(), but did not work.

Thanks.

Don_Burn_1 · February 16, 2011, 2:13pm

It is a really bad idea to try to shutdown a system from a kernel mode
driver. There is a lot of user space things that need to be done, so it
is best done from a service. But even there, consider the fact that
users may be very upset if you shutdown the system with no warning, and
do not give them a chance to say no. The few products that did this are
now all on my list of products to never buy again and make sure my
clients know they should never be purchased.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“xxxxx@shaw.ca” wrote in message news:xxxxx@ntfsd:

> I tried ZwShutdownSystem(), but did not work.
>
> Thanks.

OSR_Community_User · February 17, 2011, 2:01am

Before ZwShutdownSystem, you should call RtlAdjustPrivileges. On some systems on which ZwShutdownSystem is hooked, you’d have to depend on the old “out 64h, al” to restart sytem.

Ken_Johnson · February 17, 2011, 2:11am

Neither of these are things that are acceptable to do in a production driver that customers will use. I strongly recommend against pursuing either of these routes.

As Don mentions, shutdown needs to be initiated from user mode to allow for graceful teardown of all components – otherwise you are going to cause the user to lose data.

S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of liyuncheng@163.com
Sent: Wednesday, February 16, 2011 11:03 PM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] how to restart machine in filter drivers?

Before ZwShutdownSystem, you should call RtlAdjustPrivileges. On some systems on which ZwShutdownSystem is hooked, you’d have to depend on the old “out 64h, al” to restart sytem.

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · February 17, 2011, 5:43am

>old “out 64h, al” to restart sytem.

This is called HalReturnToFirmware

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com