Windows Shutdown Process Analysis and quick Shutdown

Source: Internet
Author: User

Windows boot and shutdown are slow, and many times slow. Especially during embedded development (such as xpe and wince), no one can tolerate the snail speed of the developed device on/off. So we have to accelerate it for her. Using horm is a good solution, because it is to directly restore the system site from the hibernation file, the boot speed is much faster. After the horm scheme is adopted, many steps are completely unnecessary for our devices during the Windows Default shutdown process. We need to directly shut down the power. This article will analyze the Shutdown Process of windows, and then introduce how to use APIs that are not publicly available in Windows to achieve direct power-off.

I. Windows Shutdown Process

 Simply put, the system does the following work when Windows is shut down: 

 1. Soft ProtectionFirst, end allProgramSave User settings and system settings, and then stop system services and most operating system processes.

2. Hard protectionReset hardware, such as resetting the disk head and stopping the hardware driver.

3. Power FailureDisconnect power from the motherboard for each hardware device. Of course, this step requires the power management module of the motherboard. Generally, both the ATX power supply and the motherboard support soft power outages.

During the entire shutdown process, soft protection is the most time-consuming, with less than five or six seconds and more than last minute. The newly installed operating system shuts down very quickly because no driver is installed and additional system services are enabled. When you enable a large number of services, the shutdown will slow down. Especially if a bug driver is installed, the problem may be worse.

Ii. Soft Protection

To ensure data integrity, soft protection is required, whether it is an operating system or a third-party application.

The steps for soft protection are as follows:

1. after the user initiates the shutdown command, the program that initiates the shutdown command will notify windows subsystem CSRSS. EXE, CSRSS. after receiving the notification, the EXE will communicate with Winlogon. EXE performs a data exchange, followed by WinLogon. EXE notifies CSRSS. EXE starts to shut down the system.

2. After receiving a notification from Winlogon. EXE, CSRSS. exe will query user processes with top-level windows in sequence to exit these user processes. If a user process does not exit within 5000 milliseconds (you can set the timeout time by modifying the registry key value HKEY_CURRENT_USER/cont rol panel/desktop/hungapptimeout, in Windows, the End Task dialog box is displayed to ask whether the task is terminated. By default, this dialog box is displayed and remains unchanged without being automatically closed. For the console program, the basic situation is similar, but Windows uses the HK ey_current_user/control panel/desktop/waittokillapptimeout value to set the timeout time.

3. The next step is to terminate the system process. System processes include SMSs. EXE, Winlogon. EXE, and LSASS. EXE. When Windows terminates a system process, it does not prompt the user if the process cannot be terminated within the specified time. Instead, it skips the process to terminate the next system process. The time-out period used is the same as that used in step 1.

Iii. Hard protection and Power Failure

After completing the soft protection process, Winlogon. EXE calls a native API function zwshutdownsystem () or ntshutdownsystem () to run the tail scanning work after the command system, including the hard protection and ATX power failure mentioned above.

During the zwshutdownsystem function call process, the Windows execution subsystem completes the final shutdown operation. For example, the device driver completes some special operations on the driver settings in this stage, the configuration management system writes the modified registry data to the disk. After all subsystems except the power management are completed and exited, the power management completes the final operations, such as restart and shutdown.

4. Respond to shutdown events

Whether you press the power button on the chassis or click the Start Menu> close the computer (logout, shutdown, or restart), our applications can respond to such events, that is, the window message wm_queryendsession and wm_endsession.

The system provides a common API to log out, shut down, and restart the system. Its declaration is as follows:
BoolExitwindowsex (UintUflags,DWORDDwreason);

The uflags parameter can be divided into two types, which can be combined with "|:

1. shutdown: ewx_logoff, ewx_shutdown (do not cut off the power after the system is turned off, even if the motherboard supports ATX power management), ewx_poweroff (shut down, shut down the system and then cut off the power supply, required for motherboard support) and ewx_reboot (restart ).

2. closing strength, which has the following signs: Value 0 (this is the default value when this flag is not used), ewx_forceifhung (force disabled after the application is suspended for a period of time), ewx_force (force disabled, whether the application is suspended or not ).

If the disable intensity sign (ewx_force or ewx_forceifhung) is not used, shutdown is safe, that is, during soft protection of shutdown, the system sends the wm_queryendsession message to each top-level Window Process on the desktop. If no wm_queryendsession message is returned, the End Task dialog box is displayed to check whether the task is completed. By default, this dialog box is displayed and remains unchanged, but it is not automatically closed. if the task is automatically terminated (the HKEY_CURRENT_USER/cont rol panel/desktop/autoendtasks key value is changed to 1 ), if the returned value of the wm_queryendsession message still does not exist after the timeout (hungapptimeout), the task is terminated without displaying the End Task dialog box. If multiple processes respond to wm_queryendsession and are suspended (for example, if a message box asking whether to save is displayed in Notepad), the system processes each process in a serial mode, that is, wait for the first pending process to respond to wm_queryendsession and return it (send wm_endsession immediately to notify users in the same window of the selection <confirm to close>), send wm_queryendsession to the next process, and wait for the pending timeout.

It should be noted that, whether it is the end of the click system pop-upThe confirmation button on the service dialog box, or the system timed out to automatically end all tasks (autoendtasks has been set), then the pending wm_queryendsession and wm_endsession responsesCodeNoWill be executed.

V. Direct power-off

In the above analysis, if you do not care about the data loss of the application and the destruction of the operating system's system files (may not be able to enter the system), you can omit the soft protection process for shutdown, to speed up shutdown. There are already a lot of quick shutdown software on the Internet, that is, directly calling zwshutdownsystem () in Ntdll. dll. Of course, the Windows system also provides such a function that allows you to quickly shut down your system: Open the task manager, press and hold the ctrl key on the keyboard, and click "Shut Down"-"close (or restart) in the menu) ", you can immediately shut down the power in one or two seconds.
The code used by the program to implement power-off is as follows:

 Const   Int Se_shutdown_privilege = 0x13 ;
Typedef Int (_ Stdcall * pfn_rtladjustprivilege) (INT, bool, bool, int *);
Typedef Int (_ Stdcall * pfn_zwshutdownsystem) (INT );
Hmodule =: loadlibrary (_ T (" Ntdll. dll " ));
// Because the functions involved here are not publicly available by Microsoft, they can only be called dynamically.
If (Hmodule! = NULL)
{
Pfn_rtladjustprivilege pfnrtl = (pfn_rtladjustprivilege) getprocaddress (hmodule, " Rtladjustprivilege " );
Pfn_zwshutdownsystem pfnshutdown = (pfn_zwshutdownsystem) getprocaddress (hmodule, " Zwshutdownsystem " );
If (Pfnrtl! = NULL) & (pfnshutdown! = NULL ))
{
Int En = 0 ;
Int Nret = pfnrtl (se_shutdown_privilege, true, true, & en );
If (Nret = 0x0c000007c )
Nret = pfnrtl (se_shutdown_privilege, true, false, & en );
// Sh_shutdown = 0;
// Sh_restart = 1;
// Sh_poweroff = 2;
Const Int Sh_poweroff = 2 ;
Nret = pfnshutdown (sh_poweroff );
}
}

Note the following two messages:Wm_queryendsessionAndWm_endsession.
When testing the program today, because there is a while (1) loop in the main program, and when the computer is shut down, a dialog box appears, later, I found that the wm_destroy message was not processed, and later I found that the system message could not be replaced with a custom message, because my window process was dynamically created, when there is no window, a dialog box is displayed when the system is shut down. Finally, I thought of a method to create two windows, but the wm_destroy message was not captured in the other window. Finally, I found the Windows system shutdown process.Wm_queryendsessionThe message is processed by adding the message in the non-dynamic window. The prompt box is not displayed when the system exits.
Knowledge is learned when problems are discovered, materials are consulted, problems are solved, and records are well recorded.

[Thank you for your reference]
1. Windows Shutdown Process Analysis and quick Shutdown

 

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.