Win2003 InitiateSystemShutdownEx() question

InitiateSystemShutdownEx() has dwReason parameter which is saved somewhere in the Registry. I need to know this place in the Registry
LVL 1
alex1234Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
griffin36Connect With a Mentor Commented:
I thought it might be worth a shot, like I said, I didn't know if you included the reason or not.

At any rate, I found the following document useful:
http://technet2.microsoft.com/WindowsServer/en/Library/5c6e30b2-6803-418d-a7b5-e4eb79323db51033.mspx?mfr=true

The document describes the mechanism by which the shutdown event tracker knows whether to appear at startup. I had to find the registry values that are used myself, they are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability
->LastAliveStamp
->LastAliveUptime

If you remove these values from the restored registry without allowing the Event Log service to write them back, then you'll be fine. If restoring the backup consists of copying all the "software" and other files back to C:\windows\system32\config, then you can simply load the software registry hive into the active registry at an alternate location such as software.old and then remove the values from that hive. Then, just unload the hive and you should be good to go.
0
 
jkrCommented:
See http://msdn.microsoft.com/library/en-us/sysinfo/base/system_shutdown_reason_codes.asp ("System Shutdown Reason Codes"):

"You can also define your own shutdown reasons and add them to the registry. Each reason code should be stored as a registry value in the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability"
0
 
mannujamCommented:
You can find it yourself , download regmon from www.sysinternals.com.
and execute regmon and your exe which is using the API , it will show you which process is accessing which registry value in whole system.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
alex1234Author Commented:
mannujam,

thanks a lot for the excellent utility, however I can't use it in my case because InitiateSystemShutdownEx() terminates the utility before I have any chance to examine its output

jkr,

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability" does not store 'dwReason' code that I supply to InitiateSystemShutdownEx(), so my question is still opened because I need to know where this value is saved after InitiateSystemShutdownEx() is executed.

0
 
alex1234Author Commented:
What I'm doing is restoring the registry and at the end of the restore I call InitiateSystemShutdownEx() with a 'planned' flag to re-start the PC. When it is re-started it displays "Unplanned shutdown" message because it loads the restored registry which did not contain the 'planned' reboot flag

So, if I knew where the 'planned' stamp goes, I would 'fake' the stamp at the time of restore and place it to the restored registry so the reboot would not have the "Unplanned shutdown" message
0
 
griffin36Commented:
The reason parameter isn't actually stored in the registry; it is stored in the event log located at: C:\WINDOWS\system32\config\SysEvent.Evt

It's possible that the problem could be due to not including reason codes (you only mentioned the planned flag, so I'm not sure if you have others). Windows wants to have major and maybe minor codes in the dwReason parameter, the planned flag is just a toggle to be used in addition to these. If you omitted these codes, the message may appear because Windows wants to be able to store some code. In your case, the following combination of flags may be appropriate:
SHTDN_REASON_MAJOR_OPERATINGSYSTEM | SHTDN_REASON_MINOR_RECONFIG | SHTDN_REASON_FLAG_PLANNED

Hope this helps!
0
 
alex1234Author Commented:
griffin36, I didn't ommit the reason codes. Also, if the 'planned' shutdown was stored in the event log, I wouldn't have this problem because I don't replace the event log. Event log stores these events, this is true, but for the information purposes only
0
 
alex1234Author Commented:
Thanks, griffin36, I'll try your suggestion in a day or so..
0
 
alex1234Author Commented:
LastAliveStamp is the one, LastAliveUptime seems to be not involved.

Thanks!!
0
 
griffin36Commented:
Glad I could help!
0
All Courses

From novice to tech pro — start learning today.