[Carlbyte]

I created a driver that allocates data in memory, I need to save the data on the hard disk before the system shuts down. Researched enough, already tried several times to make the callback work, but the system is closed and notification is not performed.

When querying the service with "SC", returns the flag IGNORES_SHUTDOWN.

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

According to the ninth paragraph of the microsoft site, all control handlers that have called SetServiceStatus with the SERVICE_ACCEPT_SHUTDOWN control code receive the SERVICE_CONTROL_SHUTDOWN control code.

How do I call SetServiceStatus with the SERVICE_ACCEPT_SHUTDOWN? I searched the internet and can not find how to modify the status of the service.

Any tips? Below is an excerpt of the code I'm using

DRIVER_DISPATCH DispatchShutdown;
NTSTATUS DispatchShutdown(__in struct _DEVICE_OBJECT *DeviceObject, __in struct _IRP *Irp)
{
return 0;
}
...
DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = DispatchShutdown;
...
DeviceObject->Flags |= DO_BUFFERED_IO;

//status = IoRegisterLastChanceShutdownNotification(DeviceObject);
status = IoRegisterShutdownNotification(DeviceObject);

[Carlbyte]

After many tests, I concluded that the call was being executed, but the FLT and ZW functions used in the event is that they were not working.