Decipher Posted April 5, 2013 Share Posted April 5, 2013 Please see this post I've started try to code this but I'm having trouble with the DLL syntax and I'd like to be sure that the system is safe to power down before I force it to do so.I've tried:$iReturnValue = DllCall("advapi32.dll", "int", "RegFlushKey", "long", "HKEY_CLASSES_ROOT") if @error Then MsgBox(0, "", "Fail!") MsgBox(0, "Flush Home Key Classes Root", $iReturnValue) $bReturnValue = DllCall("kernel32.dll", "BOOL", "FlushFileBuffers", "HANDLE", "\\.\" & @HomeDrive) if @error Then MsgBox(0, "", "Fail!") MsgBox(0, "Flush System Drive Cache", $iReturnValue);Should return 1=true or 0=false.But I can't determine if these functions are working correctly. Any help is greatly appreciated like always. Spoiler Link to comment Share on other sites More sharing options...
bogQ Posted April 5, 2013 Share Posted April 5, 2013 dllcall return array so instead $iReturnValue try $iReturnValue[0] TCP server and client - Learning about TCP servers and clients connectionAu3 oIrrlicht - Irrlicht projectAu3impact - Another 3D DLL game engine for autoit. (3impact 3Drad related) There are those that believe that the perfect heist lies in the preparation.Some say that it’s all in the timing, seizing the right opportunity. Others even say it’s the ability to leave no trace behind, be a ghost. Link to comment Share on other sites More sharing options...
JohnOne Posted April 5, 2013 Share Posted April 5, 2013 You might also want to take a look at what parameters the API's you are calling actually require , and what you are passing them. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Decipher Posted April 5, 2013 Author Share Posted April 5, 2013 Thanks, I'll try it when I get home. I'm at work on Linux Backtrack. Anonymous Spoiler Link to comment Share on other sites More sharing options...
Decipher Posted April 6, 2013 Author Share Posted April 6, 2013 (edited) I'm still unsure wether the FlushRegistry function is working properly because I've never done DLL calls before and it returns the same no matter what registry key string(i.e. bla) is passed to it. The FlushSystemDriveCache function reports that I'm using an invalid handle... #include <WinAPI.au3> Global Const $ERROR_SUCCESS = 0 Global Const $KEY_ALL_ACCESS = 0xF003F _FlushRegistry() _FlushSystemDriveCache() Func _FlushRegistry() Local Const $aHive[6] = [ _ "HKEY_CLASSES_ROOT", _ "HKEY_CURRENT_CONFIG", _ " HKEY_CURRENT_USER", _ " HKEY_LOCAL_MACHINE", _ " HKEY_PERFORMANCE_DATA", _ "HKEY_USERS"] Local $aReturnValue For $i = 0 To 5 Step 1 $aReturnValue = DllCall("advapi32.dll", "int", "RegFlushKey", "long", $aHive[$i]) If @error Or $aReturnValue[0] <> 0 Then ConsoleWrite("ERROR! Could not flush " & $aHive[$i] & "! " & _WinAPI_GetLastErrorMessage() & @CRLF) EndIf Next EndFunc Func _FlushSystemDriveCache() Local $aReturnValue = DllCall("kernel32.dll", "BOOL", "FlushFileBuffers", "HANDLE", "\\.\" & @HomeDrive) If @error Or $aReturnValue[0] == 0 Then ConsoleWrite("ERROR! Could not flush the system drive. " & _WinAPI_GetLastErrorMessage() & @CRLF) EndIf EndFunc *Edit - to fix code indentations. I just realized that I have to get a handle to the specified hive and pass that instead. This probably the case with the drive param as well. Okay this is where I'm getting confused: LONG WINAPI RegOpenKeyEx( _In_ HKEY hKey, _In_opt_ LPCTSTR lpSubKey, _Reserved_ DWORD ulOptions, _In_ REGSAM samDesired, _Out_ PHKEY phkResult ); What is _In_? Does it just mean that the value is passed to the function and _Out_ should set the value of a variable pointed to by a pointer variable, nothing more? Horrible semantics whats with all the __bla__ing in this diagram? How do I pass a pointer for phkResult? Should I just pass a predeclared variable? Are all the parameters following _In_opt_ also optional or are they mandatory? Does HKEY mean I should pass a handle because I'm using this to try and get a handle....How to pass NULL for an optional parameter is it a string "0" or what? Anonymous Edited April 6, 2013 by Decipher Spoiler Link to comment Share on other sites More sharing options...
KaFu Posted April 6, 2013 Share Posted April 6, 2013 (edited) I think RegFlushKey & FlushFileBuffers only works for the files / keys you opened in your program (to ensure everything is flushed before you exit your app / before you begin the next processing step) and not globally for all keys and files. But this might be interesting for you: expandcollapse popup#cs System Shutdown http://msdn.microsoft.com/en-us/library/windows/desktop/aa376882%28v=vs.85%29.aspx WM_QUERYENDSESSION message http://msdn.microsoft.com/en-us/library/windows/desktop/aa376890%28v=vs.85%29.aspx WM_ENDSESSION message http://msdn.microsoft.com/en-us/library/windows/desktop/aa376889%28v=vs.85%29.aspx Application Shutdown Changes in Windows Vista http://msdn.microsoft.com/en-us/library/ms700677%28VS.85%29.aspx #ce Global Const $HWND_BROADCAST = 0xFFFF Global Const $SMTO_ABORTIFHUNG = 0x0002 Global Const $WM_QUERYENDSESSION = 0x0011 Global Const $WM_ENDSESSION = 0x0016 Global Const $iENDSESSION_CRITICAL = 0x40000000 _WinAPI_SendMessageTimeout($HWND_BROADCAST, $WM_QUERYENDSESSION, 0, $iENDSESSION_CRITICAL, 1000, $SMTO_ABORTIFHUNG) _WinAPI_SendMessageTimeout($HWND_BROADCAST, $WM_ENDSESSION, 1, $iENDSESSION_CRITICAL, 1000, $SMTO_ABORTIFHUNG) ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_SendMessageTimeout ; Description....: Sends the specified message to one of more windows. ; Syntax.........: _WinAPI_SendMessageTimeout ( $hWnd, $iMsg [, $wParam [, $lParam [, $iTimeout [, $iFlags]]]] ) ; Parameters.....: $hWnd - Handle to the window whose window procedure will receive the message. ; $iMsg - The message to be sent. ; $wParam - The message-specific information. ; $lParam - The message-specific information. ; $iTimeout - The duration, in milliseconds, of the time-out period. If the message is a broadcast message, each ; window can use the full time-out period. Default is 1000. ; $iFlags - The flags that specifies how to send the message. This parameter can be one or more of the ; following values. ; ; $SMTO_BLOCK ; $SMTO_NORMAL ; $SMTO_ABORTIFHUNG ; $SMTO_NOTIMEOUTIFNOTHUNG ; $SMTO_ERRORONEXIT ; ; Return values..: Success - The result of the message processing, depends on the message sent. ; Failure - (-1) and sets the @error flag to non-zero. ; Author.........: Yashied ; Modified.......: ; Remarks........: This function does not provide information about individual windows timing out if $HWND_BROADCAST is used. ; ; If times out, function fails. To get extended error information, call _WinAPI_GetLastError(). If _WinAPI_GetLastError() ; returns ERROR_TIMEOUT (1460), then the function timed out. This function considers a thread is not responding if it has ; not responds within five seconds. ; ; The system only does marshalling for system messages (those in the range 0 to (WM_USER-1)). To send other messages ; (those >= WM_USER) to another process, you must do custom marshalling. ; Related........: ; Link...........: @@MsdnLink@@ SendMessageTimeout ; Example........: Yes ; =============================================================================================================================== Func _WinAPI_SendMessageTimeout($hWnd, $iMsg, $wParam = 0, $lParam = 0, $iTimeout = 1000, $iFlags = 0) Local $Ret = DllCall('user32.dll', 'lresult', 'SendMessageTimeoutW', 'hwnd', $hWnd, 'uint', $iMsg, 'wparam', $wParam, 'lparam', $lParam, 'uint', $iFlags, 'uint', $iTimeout, 'dword_ptr*', 0) If (@error) Or (Not $Ret[0]) Then Return SetError(1, 0, -1) EndIf Return $Ret[7] EndFunc ;==>_WinAPI_SendMessageTimeout Edited April 6, 2013 by KaFu OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2024-Oct-13) BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Oct-13) HMW - Hide my Windows (2024-Oct-19) HRC - HotKey Resolution Changer (2012-May-16) ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2024-Oct-20) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
Decipher Posted April 6, 2013 Author Share Posted April 6, 2013 (edited) Yes, it is interesting. This is the same message that is broadcasted to services, CLI, and GUI based applications during a shutdown? However there are some undefined variables. Could you elaborate on what I'm doing wrong with the UDF?*Edit - RegFlushKey documentation states that windows has a lazy flush mechanism to enhance system operations as this process is expensive and that those changes that an application makes are visible to other applications. I may be presuming to much about Microsoft's intelligence but if the unflushed changes are visible to other processes and vice versa then wouldn't it be safe to say that these changes are in sync with other processes i.e. just one queue so that when one application forces the flush the only visible current change between them is written to disk. If this is true then I would assume that this means that when a key is flushed to disk that the process that called the function is irrelevant and that when specifying an entire hive unless a process is actively making changes to that hive, all is well and in sync.Concerning FileFlushBuffers MSDN states: To flush all open files on a volume, call FlushFileBuffers with a handle to the volume. The caller must have administrative privileges. For more information, see Running with Special Privileges. I think this tells the device's cache to be written to disk which is also process irrelevant unless a process is using an unbuffer I/O stream which in that case the process needs to be told to finish what its doing using the function you provided above.Here is the code to flush the system drive's transmit buffer:Func _FlushSystemDriveCache() Local Const $hSystemVolume = _WinAPI_CreateFile("\\.\" & @HomeDrive, 2, 4, 4, 8) If $hSystemVolume Then Return _WinAPI_FlushFileBuffers($hSystemVolume) Else ConsoleWrite("ERROR! Could not retrieve a handle to the system volume." & @CRLF) EndIf EndFunc MsgBox(0, "Should Return True or 1 for success", _FlushSystemDriveCache()) ExitAnonymous Edited April 6, 2013 by Decipher Spoiler Link to comment Share on other sites More sharing options...
KaFu Posted April 6, 2013 Share Posted April 6, 2013 You might be right about the FlushFileBuffers, without documentation the assumption on RegFlushKey stays exactly that. Updated example two posts above with missing consts. #RequireAdmin $iSuccess = _Drive_FlushFileBuffers("c") MsgBox(0, "", $iSuccess & @CRLF & @error) Func _Drive_FlushFileBuffers($DriveLetter) Local $ret = DllCall("kernel32.dll", 'ptr', 'CreateFileW', _ 'wStr', '\\.\' & $DriveLetter & ':', _ 'dword', BitOR(0x40000000, 0x80000000), _ 'dword', 7, _ 'ptr', 0, _ 'dword', 3, _ 'dword', 0, _ 'ptr', 0 _ ) If @error Then Return SetError(1) If $ret[0] = 0xFFFFFFFF Then Return SetError(2) Local $ret2 = DllCall("kernel32.dll", "int", "FlushFileBuffers", "ptr", $ret[0]) If $ret2[0] = 0 Then DllCall("kernel32.dll", 'int', 'CloseHandle', 'hwnd', $ret[0]) Return SetError(3) EndIf DllCall("kernel32.dll", 'int', 'CloseHandle', 'hwnd', $ret[0]) Return 1 EndFunc ;==>_Drive_FlushFileBuffers OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2024-Oct-13) BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Oct-13) HMW - Hide my Windows (2024-Oct-19) HRC - HotKey Resolution Changer (2012-May-16) ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2024-Oct-20) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
Decipher Posted April 6, 2013 Author Share Posted April 6, 2013 (edited) KaFu, I just ran the code to broadcast the WMQueryEndSession message and it worked like a charm! Now you show me how to pass a null value(ptr = 0) and also how to combine multiple dword flags using BitOr..... Question: In your HO, If we broadcat EndSession, set a timeout then kill other nonessential processes, flush the registry, and flush system drive cache then would it be okay to terminate the system processes to force a power down when an emergency shutdown doesn't do the job? Thanks, Anonymous Edited April 6, 2013 by Decipher Spoiler Link to comment Share on other sites More sharing options...
KaFu Posted April 6, 2013 Share Posted April 6, 2013 Well, I would guess that pretty much is done then. Everything essential? I don't know, only Microsoft could tell. Everything the proper way? No, that's what the Shutdown() function is for. OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2024-Oct-13) BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Oct-13) HMW - Hide my Windows (2024-Oct-19) HRC - HotKey Resolution Changer (2012-May-16) ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2024-Oct-20) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
Decipher Posted April 6, 2013 Author Share Posted April 6, 2013 (edited) I can't seem to find anything that says explicitly that RegFlushKey is used during the shutdown procedure. I did however find some information for clearing that paging file or maybe just deleting it and its registration which isn't what we want. It can be deleted using WMI but I keep getting a sharing violation.; Generated by AutoIt Scriptomatic $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Output="" $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_PageFile", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems MsgBox(0, "Change", $objItem.ChangeSecurityPermissions(0x10000, 1)) ; Comment this line to get past the intial object error. MsgBox(0, "Check", $objItem.GetEffectivePermission(0x10000)) MsgBox(0, "Delete", $objItem.Delete()) if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_PageFile" ) Endif*Edit - Added Link ---> Delete Method of the Win32_PageFile Class and see the links @ SECURITY DESCRIPTOR STRUCTURE directly below --> (See Also)*Edit #2 - Here is the alleged code to flush the registry similar to whats done when the system is being shutdown but there is not any documentation to support the theory.#include <WinAPI.au3> Global Const $ERROR_SUCCESS = 0 Global Const $KEY_ALL_ACCESS = 983103 ; ----Verified Handles ------------------------------------------------------------------------------------------------------------------------------------------- Global Enum $HKEY_CLASSES_ROOT, $HKEY_CURRENT_USER, $HKEY_LOCAL_MACHINE, $HKEY_USERS, _ $HKEY_PERFORMANCE_DATA, $HKEY_CURRENT_CONFIG Global Const $HKEY_HANDLES[6] = [0x80000000, 0x80000001, 0x80000002, 0x80000003, 0x80000004, 0x80000005] ; _______________________________________________________________________________________________ _FlushRegistry() Func _FlushRegistry() Local $aReturnValue For $i = 0 To 5 Step 1 $aReturnValue = DllCall("advapi32.dll", "int", "RegFlushKey", "dword", $HKEY_HANDLES[$i]) If @error Or $aReturnValue[0] <> $ERROR_SUCCESS Then MsgBox(0, "", "ERROR! Could not flush hive at " & $HKEY_HANDLES[$i] & _WinAPI_GetLastErrorMessage() & @CRLF) EndIf ConsoleWrite("Hive #" & $i & " Returned: " & $aReturnValue[0] & @TAB & "handle = " & $aReturnValue[1] & @CRLF) Next EndFunc Exit Edited April 6, 2013 by Decipher Spoiler Link to comment Share on other sites More sharing options...
BrewManNH Posted April 6, 2013 Share Posted April 6, 2013 From here:Alternatively, the registry has a 'lazy flush' mechanism that flushes registry modifications to disk at regular intervals of time. In addition to this regular flush operation, registry changes are also flushed to disk at system shutdown. Allowing the 'lazy flush' to flush registry changes is the most efficient way to manage registry writes to the registry store on disk. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Decipher Posted April 6, 2013 Author Share Posted April 6, 2013 (edited) BrewManNH, There is a small controversy about the RegFlushKey API. Do you know of any documentation to support the theory that it is the specific function that is used during the shutdown procedure? This leads some to think that it is only process specific and is a fair conclusion. *Edit - KaFu, This may be to low level bro but do you think that we could broadcast IRP_MJ_SHUTDOWN. Anonymous Edited April 6, 2013 by Decipher Spoiler Link to comment Share on other sites More sharing options...
KaFu Posted April 7, 2013 Share Posted April 7, 2013 This may be to low level bro but do you think that we could broadcast IRP_MJ_SHUTDOWN.From the docs itself I can see that it's really low level, but not what it exactly does. But my assumption is that you can really do some sever damage using this one incorrectly, so I would advise to not investigate this one further. OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2024-Oct-13) BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Oct-13) HMW - Hide my Windows (2024-Oct-19) HRC - HotKey Resolution Changer (2012-May-16) ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2024-Oct-20) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
BrewManNH Posted April 7, 2013 Share Posted April 7, 2013 I'm not understanding what possible difference it could make whether it uses this function or another to flush the registry to disk. I'm also not understanding why you think forcing a shutdown is a good practice. If you just use the facilities that are available to shut the computer down safely you can eliminate doing something stupid to the OS. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Decipher Posted April 8, 2013 Author Share Posted April 8, 2013 KaFu, I figured as much, thanks for checking it out though. Anonymous Spoiler Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now