How to initiate reboot of Windows in my driver code?

Hi All,

I want to reboot request for Windows Reboot when I receive some IRPs. in my driver I was searching for an API call to do this in MSDN. Unfortunately, didn’t found one.

Please let me know if there are any such API’s available or there is some other way to achieve it.

Pardon me, this question may seem very basic. I am new to DD.

Thanks,

No way. This needs to be done from something running in user mode.

Though I’ll caution against causing even more reboots, customers seem to really hate rebooting their systems these days (especially servers…especially VM hosts). I’d be curious to know what situation would cause your *driver* to spontaneously think the system needs rebooted.

-scott
OSR
@OSRDrivers

You write a service that is installed with your driver that your driver
notifies to initiate the shutdown.

Mark Roddy

On Wed, Sep 20, 2017 at 3:48 AM, xxxxx@gmx.com
wrote:

> Hi All,
>
>
> I want to reboot request for Windows Reboot when I receive some IRPs. in
> my driver I was searching for an API call to do this in MSDN.
> Unfortunately, didn’t found one.
>
> Please let me know if there are any such API’s available or there is some
> other way to achieve it.
>
> Pardon me, this question may seem very basic. I am new to DD.
>
>
> Thanks,
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

As part of the HLK test, I want to make it mandatory to restart the OS after it processes Surprise remove test.

My problem is, how do I make it mandatory that whenever a device is removed, I want the OS to be rebooted.

Don’t do that. You have no idea what the user is doing, and a forced
reboot could destroy a lot of work. You can consider having a service put
up a prompt recommending a reboot, but even there consider that depending on
the system, no one may see the prompt if it is a server in a lights out
configuration.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmx.com
Sent: Wednesday, September 20, 2017 3:35 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to initiate reboot of Windows in my driver code?

As part of the HLK test, I want to make it mandatory to restart the OS after
it processes Surprise remove test.

My problem is, how do I make it mandatory that whenever a device is removed,
I want the OS to be rebooted.


NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>

thanks Don, for your suggestion.

Is there a way to report the iomanager or pnpmanager that my device is missing?
I want to report that my Bus driver PDO is missing since its FDO gets removed before its PDO which does not seem to get removed. When I manually set the reportmissing to true in the PDO’s device object I get a BugCheck saying that PDO is destroyed before being reported as missing.

This is with respect to the Surprise removal test for bus driver.

Well if is a WDM bus driver you call IoInvalidateDeviceRelations, if it is
KMDF it is trickier. I’ve seen some hacks and people have used ejectable
devices but that is about it.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmx.com
Sent: Wednesday, September 20, 2017 4:00 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to initiate reboot of Windows in my driver code?

thanks Don, for your suggestion.

Is there a way to report the iomanager or pnpmanager that my device is
missing?
I want to report that my Bus driver PDO is missing since its FDO gets
removed before its PDO which does not seem to get removed. When I manually
set the reportmissing to true in the PDO’s device object I get a BugCheck
saying that PDO is destroyed before being reported as missing.

This is with respect to the Surprise removal test for bus driver.


NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>

You can’t force the PDO for your FDO to be reported as missing. You are misunderstanding what needs to happen to restart your FDO

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@windrvr.com
Sent: Wednesday, September 20, 2017 1:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to initiate reboot of Windows in my driver code?

Well if is a WDM bus driver you call IoInvalidateDeviceRelations, if it is
KMDF it is trickier. I’ve seen some hacks and people have used ejectable
devices but that is about it.

Don Burn
Windows Driver Consulting
Website: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.windrvr.com&amp;data=02|01|Doron.Holan%40microsoft.com|cbd0f6b3857a4823599308d500650acf|72f988bf86f141af91ab2d7cd011db47|1|0|636415356330554709&amp;sdata=ZVVWzRmn2O4pIutVzbtX94z1hDrn32PmDvh5LVrllwQ%3D&amp;reserved=0

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmx.com
Sent: Wednesday, September 20, 2017 4:00 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to initiate reboot of Windows in my driver code?

thanks Don, for your suggestion.

Is there a way to report the iomanager or pnpmanager that my device is missing?
I want to report that my Bus driver PDO is missing since its FDO gets removed before its PDO which does not seem to get removed. When I manually set the reportmissing to true in the PDO’s device object I get a BugCheck saying that PDO is destroyed before being reported as missing.

This is with respect to the Surprise removal test for bus driver.


NTDEV is sponsored by OSR

Visit the list online at:
https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:


NTDEV is sponsored by OSR

Visit the list online at: https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:></https:></https:></https:>

Read this:

https://msdn.microsoft.com/en-us/library/windows/hardware/ff549361(v=vs.85).aspx

> how do I make it mandatory that whenever a device is removed, I want the OS to be rebooted.

If you only knew how much I miss “Professor Flounder” sometimes…

You can be 100% sure that he would have responded to the above question by lecturing you about a guest who wants to burn down the host’s house only because he cannot find the toilet paper.

Concerning the rest, you can simply read Mr.Burn’s explanations - I guess there is simply no reason to duplicate his effort. However, foreseeing your most likely reaction (i.e you will say that you want to do it anyway no matter what, which is very typical of posters like you), the whole thing can be achieved simply by writing 0 to CR0 or doing any other stupid thing that automatically resets the CPU. If you want to do it this way you have to publish your name and company so that Mr.Burn advises his clients to stay away from all this crap…

Anton Bassov

xxxxx@gmx.com wrote:

As part of the HLK test, I want to make it mandatory to restart the OS after it processes Surprise remove test.

My problem is, how do I make it mandatory that whenever a device is removed, I want the OS to be rebooted.

That won’t pass the test.  The whole point of the “surprise removal
test” is to make sure you survive the process intact, without requiring
a restart .


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Yes and that api only works for PDOs your driver creates. The parent bus which creates the PDO your FDO attaches to would have to call IoInvalidateDeciceState on itself to make your PDO disappear. You are conflating the two semantics of surprise remove: physical removal and software failure. The hlk forces a surprise remove with the latter. You are trying to force the former. A disable /enable in device manager after your parent is surprise removed (and your driver is unloaded) will bring back your bus driver.

Bent from my phone


From: xxxxx@lists.osr.com on behalf of xxxxx@gmail.com
Sent: Wednesday, September 20, 2017 1:39:58 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to initiate reboot of Windows in my driver code?

Read this:

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fwindows%2Fhardware%2Fff549361(v%3Dvs.85).aspx&amp;data=02|01|Doron.Holan%40microsoft.com|eef125c372044d787ad708d50067be79|72f988bf86f141af91ab2d7cd011db47|1|0|636415367935844354&amp;sdata=amWf6TBN99c%2BckZBbDZhp%2Fia%2Fqb7lCQa43DnFUgFyGc%3D&amp;reserved=0


NTDEV is sponsored by OSR

Visit the list online at: https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>

Thank-you Doron for the details.

The IRP_MN_SURPRISE_REMOVAL IRP is well documented:

https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/handling-an-irp-mn-surprise-removal-request

The HLK test procedure is well documented too:

https://msdn.microsoft.com/en-us/library/windows/hardware/dn941905(v=vs.85).aspx

The driver should just handle the IRP as it should. If the test fails than the driver is not handling the IRP as it should, that’s all we can say:

"As with the previous tests, the test application will attempt to add an upper filter to the target device stack and then restart the stack. If this attempt is not successful, the test restarts the computer.

When triggered by the test application, the filter driver will cause the system to send an IRP_MN_SURPRISE_REMOVAL to the device stack, followed by an IRP_MN_REMOVE_DEVICE. The filter driver will assert that both of these IRPs are completed successfully by lower drivers."

Did you pay attention to this part:

“After the surprise removal test is complete, the device will be
uninstalled and reenumerated, also removing the filter driver from the
stack.”

This should re-establish your device to an operational state. If it doesn’t
then it is the *bus driver* for your device that is not behaving correctly.

Mark Roddy

On Thu, Sep 21, 2017 at 4:24 PM, xxxxx@gmail.com
wrote:

> Thank-you Doron for the details.
>
> The IRP_MN_SURPRISE_REMOVAL IRP is well documented:
>
> https://docs.microsoft.com/en-us/windows-hardware/drivers/
> kernel/handling-an-irp-mn-surprise-removal-request
>
> The HLK test procedure is well documented too:
>
> https://msdn.microsoft.com/en-us/library/windows/hardware/
> dn941905(v=vs.85).aspx
>
> The driver should just handle the IRP as it should. If the test fails than
> the driver is not handling the IRP as it should, that’s all we can say:
>
> “As with the previous tests, the test application will attempt to add an
> upper filter to the target device stack and then restart the stack. If this
> attempt is not successful, the test restarts the computer.
>
> When triggered by the test application, the filter driver will cause the
> system to send an IRP_MN_SURPRISE_REMOVAL to the device stack, followed by
> an IRP_MN_REMOVE_DEVICE. The filter driver will assert that both of these
> IRPs are completed successfully by lower drivers.”
>
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

Mark Roddy, I did focused on that part. To be precise, existing code does what it should do to handle the IRP. Problem is when an IRP_MN_REMOVE_DEVICE comes to the bus FDO after IRP_MN_SURPRISE_REMOVAL, current code deletes all of it’s child PDOs like the network devices, and then remove its FDO.

Once it is done, it gets RestartDevice() then RescanParentDevice() calls to the bus. Problem is after all of this I could see the bus device in the device manager but now it does not have any of its child network devices. And since, it does not have any child network device attached to it, the complete Surprise Removal test result is not transferred to the HLK studio and hence, the test stuck infinitely in the “Running” task in HLK studio.

My problem is I am not sure how to bring up these child devices again.

Note: All of these are virtual devices, and the OS is running in a virtula environment.

xxxxx@gmx.com wrote:

Mark Roddy, I did focused on that part. To be precise, existing code does what it should do to handle the IRP. Problem is when an IRP_MN_REMOVE_DEVICE comes to the bus FDO after IRP_MN_SURPRISE_REMOVAL, current code deletes all of it’s child PDOs like the network devices, and then remove its FDO.

Once it is done, it gets RestartDevice() then RescanParentDevice() calls to the bus. Problem is after all of this I could see the bus device in the device manager but now it does not have any of its child network devices.

Why not?  Think about this as if you were a physical bus, like a USB
bus.  You have 6 devices on your bus.  You tell the system about those 6
devices.

Now, PnP stubbornly tells you that one device was surprise removed, and
restarted, and then you are asked to do a rescan.  You STILL have 6
devices on your bus, althoug the operating system only knows about 5 of
them.  Your JOB during the rescan is to create a new PDO for that one
device to bring the two lists into sync.

What I’m saying is that your knowledge of the devices on your bus is
totally independent from PnP’s concept of the PDOs you have exposed. 
That’s the connection you are missing.  The fact that PnP told you an
FDO was surprise removed does not change ANYTHING about the devices that
are actually on your bus.  All it changes is the REPORTING of those
devices, and it’s your responsibility to bring that reporting into line.

My problem is I am not sure how to bring up these child devices again.

You create a new PDO, just like you did during initialization.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

>when an IRP_MN_REMOVE_DEVICE comes to the bus FDO after IRP_MN_SURPRISE_REMOVAL, current code deletes all of it’s child PDOs like the network devices, and then remove its FDO.

Typically the IRP_MN_REMOVE_DEVICE IRP is sent first to the children devices.

"The PnP manager does the following before sending this IRP to the drivers for a device:

  • Sends IRP_MN_REMOVE_DEVICE requests to the device’s children, if any."

And, because your driver is the parent bus driver for the children, your driver is also responsible for completing IRP_MN_REMOVE_DEVICE requests for these children devices.

So, when your driver receives a remove request for its FDO, it should have already completed the remove requests of the children.

If the device is still present (not physically removed) the bus driver just
completes IRP_MN_REMOVE_DEVICE for the PDO with a success status and should
not delete the PDO. It can continue to report the PDO on subsequent query
operations.

https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/removing-a-device-in-a-bus-driver

Mark Roddy

On Fri, Sep 22, 2017 at 3:12 PM, xxxxx@gmail.com
wrote:

> >when an IRP_MN_REMOVE_DEVICE comes to the bus FDO after
> IRP_MN_SURPRISE_REMOVAL, current code deletes all of it’s child PDOs like
> the network devices, and then remove its FDO.
>
> Typically the IRP_MN_REMOVE_DEVICE IRP is sent first to the children
> devices.
>
> “The PnP manager does the following before sending this IRP to the drivers
> for a device:
>
> - Sends IRP_MN_REMOVE_DEVICE requests to the device’s children, if
> any.”
>
> And, because your driver is the parent bus driver for the children, your
> driver is also responsible for completing IRP_MN_REMOVE_DEVICE requests for
> these children devices.
>
> So, when your driver receives a remove request for its FDO, it should have
> already completed the remove requests of the children.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>