I would like to use a Software only KMDF driver to essentially monitor a usermode
application, and if it hangs for any reason for a specified period, issue a safe shutdown command. Don’t want a hard reset or anything that might crash the file system etc.
Similar functionality to calling the following from a usermode application:
System.Diagnostics.Process.Start(@“C:\Windows\system32\Shutdown.exe”);
What is the corresponding call or set of calls to do the same thing from K-Mode?
You don’t do this from kernel mode. there is no way to do it from kernel mode. instead, have a helper application/service that you can tell to initiate the safe shutdown from user mode
>have a helper application/service that you can tell to initiate the
safe shutdown from user mode
Doron,
Thanks for the quick reply. Is it preferable to create a 2nd usermode application that will
query the driver for the “Shutdown” flag, or use a service?
And out of curiosity, why can such an action be performed in the less privileged usermode space,
and not kernel mode
i would do it from a service, easier to make sure only one instance is up and running. it is not a matter of privilege and which mode has more. it is about simplicity and functionality that resides in both. KM is kept simpler, UM is where the complexity and vaste expance of APIs reside. For instance, you cannot just create a process in a driver, most of that logic lives in UM (with help from KM)
I have one more question, just had a crazy thought:
If I call KeBugCheck to cause a BSOD and just allow the system to reboot, it accomplishes the same thing for me.
But is it un-safe as far as the file system or other?
Yes, it is unsafe and will potentially lose data. Your users will probably not accept a product that does this. I would follow Doron’s advice here and use a service.
I have one more question, just had a crazy thought:
If I call KeBugCheck to cause a BSOD and just allow the system to reboot, it accomplishes the same thing for me.
But is it un-safe as far as the file system or other?
The real question that no one has asked the OP is what environment is
this for? If it is for anything other than a dedicated system, having a
driver reboot the system is extremely unfriendly. The OP said they
wanted a reboot if an application hung, is there a reason they are not
terminating the app and restarting it?
> On Thu, 09 Dec 2010 23:16:05 +0100, wrote: > > there is no way to do it from kernel mode. > > Couldn’t drivers use the semi-documented* function ZwInitiatePowerAction > to invoke an orderly shutdown? > > * NtInitiatePowerAction is declared in ntpoapi.h; POWER_ACTION, > SYSTEM_POWER_STATE & POWER_ACTION_POLICY.Flags are officially documented.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Friday, December 10, 2010 7:57 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Issuing a Safe Shutdown command from KMDF
The real question that no one has asked the OP is what environment is
this for? If it is for anything other than a dedicated system, having a
driver reboot the system is extremely unfriendly. The OP said they
wanted a reboot if an application hung, is there a reason they are not
terminating the app and restarting it?
> On Thu, 09 Dec 2010 23:16:05 +0100, wrote: > > there is no way to do it from kernel mode. > > Couldn’t drivers use the semi-documented* function ZwInitiatePowerAction > to invoke an orderly shutdown? > > * NtInitiatePowerAction is declared in ntpoapi.h; POWER_ACTION, > SYSTEM_POWER_STATE & POWER_ACTION_POLICY.Flags are officially documented.
Please do not use this API for that purpose. It is intended to be used after the user mode side of things have mostly shut down and may result in unexpected data loss if you use it directly for purposes of asking for a system shutdown.
S
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Cay Bremer
Sent: Friday, December 10, 2010 4:30 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Issuing a Safe Shutdown command from KMDF
On Thu, 09 Dec 2010 23:16:05 +0100, wrote: > there is no way to do it from kernel mode.
Couldn’t drivers use the semi-documented* function ZwInitiatePowerAction to invoke an orderly shutdown?
* NtInitiatePowerAction is declared in ntpoapi.h; POWER_ACTION, SYSTEM_POWER_STATE & POWER_ACTION_POLICY.Flags are officially documented.
Well at least the more restrictive case of a process with only kernel
mode threads and user space memory definitely works, I was helping a
customer with this recently. I can’t see that anything has changed
recently. Of course saying this does not mean people should run out and
create a process totally in the kernel, unless they have a very good
reason to.
> > Hmmmm… Is this a literally true statement? Or did you mean “You cannot create a Win32 GUI process from a driver”? > > I haven’t done it for while, but I could swear… > > Peter > OSR
>The real question that no one has asked the OP is what environment is
this for? If it is for anything other than a dedicated system, having a
driver reboot the system is extremely unfriendly. The OP said they
wanted a reboot if an application hung, is there a reason they are not
terminating the app and restarting it?
Don Burn (MVP, Windows DKD)
Sorry I didn’t look at the these posts earlier. Didn’t realize my questions had generated this
much discussion. The shutdown mechanism is for a dedicated system that is controlling and monitoring a machine that could be in stuck in a runaway condition, if the usermode application
is incorrectly closed, or hangs for any reason. Shutting down or rebooting the XP-based sytem
will reset the IO to the machine.
The reason for using a k-mode driver is that it will be still alive, even if the usermode space loses
its marbles. It actually should never happen during normal operation.