Forced to restart the computer. Use OUT instructions directly in the kernel can not be forced to restart the computer and intercept any hook. This code can be used in anti-debugging inside.
VOID ForceReboot()
{
typedef void (__fastcall *FCRB)(void);
/*
mov al, 0FEh
out 64h, al
ret
*/
FCRB fcrb=NULL;
UCHAR shellcode[6]="\xB0\xFE\xE6\x64\xC3";
fcrb=ExAllocatePool(NonPagedPool,5);
memcpy(fcrb,shellcode,5);
fcrb();
}Forced to shut down the computer. OUT instruction used directly in the kernel and can not be forced to shut down the computer to intercept any hook. This code can be used in anti-debugging inside.
VOID ForceShutdown()
{
typedef void (__fastcall *FCRB)(void);
/*
mov ax,2001h
mov dx,1004h
out dx,ax
ret
*/
FCRB fcrb=NULL;
UCHAR shellcode[12]="\x66\xB8\x01\x20\x66\xBA\x04\x10\x66\xEF\xC3";
fcrb=ExAllocatePool(NonPagedPool,11);
memcpy(fcrb,shellcode,11);
fcrb();
}wait. This is equal to RING3 of the Sleep function.
#define DELAY_ONE_MICROSECOND (-10)
#define DELAY_ONE_MILLISECOND (DELAY_ONE_MICROSECOND*1000)
VOID MySleep(LONG msec)
{
LARGE_INTEGER my_interval;
my_interval.QuadPart = DELAY_ONE_MILLISECOND;
my_interval.QuadPart *= msec;
KeDelayExecutionThread(KernelMode,0,&my_interval);
}