Hello,
I’m trying to write a native application to run with the BootExecute value. I only want it to run once so I put a mark in the registry and delete it after performing the action I have done.
After the action I need to perform a reboot so I call NtShutdownSystem, but it seems that the minute I call it my changes do not get flushed. I have tried using NtFlushKey and NtFlushBuffersFile on the root volume but to no avail.
My current best attempt:
- RtlDeleteRegistryValue
- NtFlushKey (on \REGISTRY\MACHINE\SYSTEM)
- NtFlushBuffersFile
- NtSystemShutdown
Any tips?