I’m trying to create a driver that will intercept a certain key sequence and

Question

0

Asked: May 24, 20262026-05-24T19:54:21+00:00 2026-05-24T19:54:21+00:00

I’m trying to create a driver that will intercept a certain key sequence and

0

I’m trying to create a driver that will intercept a certain key sequence and perform a reboot from kernel mode in Windows, similarly to the REISUB key sequence in Linux.

I’ve created a keyboard hook just like Ctrl2Cap does, and I’ve tried calling NtShutdownSystem to reboot the system.

The handler does detect the key press, but the problem is that when it actually calls NtShutdownSystem, I get a BSOD with the ATTEMPTED_SWITCH_FROM_DPC error code.

I’m assuming this is because I can’t shut down the system from an executing DPC, so I probably need to execute my code from somewhere else.
But I don’t know where.

So the question is:

How can I shut down the system upon detecting the key sequence in kernel mode?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T19:54:23+00:00

Editorial Team

2026-05-24T19:54:23+00:00Added an answer on May 24, 2026 at 7:54 pm

Ah, I figured out the answer….

Seems like ExQueueWorkItem does the trick:

VOID NTAPI MyShutdownSystem(PVOID) { NtShutdownSystem(1); }

// ... [code] ...

PWORK_QUEUE_ITEM pWorkItem =
    (PWORK_QUEUE_ITEM)ExAllocatePool(NonPagedPool, sizeof(WORK_QUEUE_ITEM));

if (pWorkItem != NULL) {
    ExInitializeWorkItem(pWorkItem, &MyShutdownSystem, NULL);
    ExQueueWorkItem(pWorkItem, DelayedWorkQueue);
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to create a driver that will intercept a certain key sequence and

How can I shut down the system upon detecting the key sequence in kernel mode?

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply