Deep inside the Windows kernel, there crawls many, many undocumented functions. With Microsoft’s secrecy, developers have only been able to document most of them, but not all.
There is one function, however, that has been known to exist but is not documented anywhere (or at least not in any source I’ve seen). That function is NtSetSystemPowerState. It’s known that NtShutdownSystem calls NtSetSystemPowerState at the very last stages of the Windows shutdown process after flushing all Registry hives, clearing the disc cache, etc. NtSetSystemPowerState is then responsible for turning off all plug-and-pray devices and either telling the system to poweroff, reboot, sleep, or hibernate.
The formal definition of NtSetSystemPowerState is the following:
Code»
Note that on systems with NT4.0 or earlier, NtSetSystemPowerState does nothing, and only returns a STATUS_NOT_IMPLEMENTED message.
Both POWER_ACTION and SYSTEM_POWER_STATE are documented on msdn, while flags is simply the reason for shutdown, also documented on msdn.
To read more on how to call this function by using NTDLL.DLL, visit my article on CodeProject:
http://www.codeproject.com/KB/winsdk/Windows_Shutdown.aspx
NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemPowerState(
IN POWER_ACTION SystemAction,
IN SYSTEM_POWER_STATE MinSystemState,
IN ULONG Flags); Powered by Hackadelic Sliding Notes 1.6.5
March 18th, 2009 | 
Written by 
Category: Uncategorized |
I just fixed an error with this article – a PHP script somewhere was throwing a fatal error, so I removed it.
Nice website! I enjoy a couple of of the articles which were written, and especially the comments posted! I am going to definately be returning!