Where is GetThreadExecutionState?
in [Win32 Kernel]
|
Prev: CreateProcessAsUser() : the new process starts and immediately dies
Next: ZwCreate file hooking and opening the file in user space to calculate the md5 sum
From: jimc on 26 Jun 2008 11:41 I am investigating a problem with many computers that refuse to sleep when expected. We have investigated the problem and found that it is caused by an unknown program calling SetThreadExecutionState(SYSTEM_REQUIRED). This most often happens after a long user session BUT if the user logs out the flag stays set forever. You can use SetThreadExecutionState to set the execution state of the current thread. This can be used to prevent the computer sleeping. You can also use CallNTPowerInformation to GET the state for the entire system. There doesn't seem to be a GetThreadExecutionState function. You can use SetThreadExecutionState to determine the state for the current thread but not for an arbitary thread/process. Is there any way to find which process(s) are keeping the system awake by finding the Execution State for a specific process/thread? James
From: Kellie Fitton on 26 Jun 2008 13:16 On Jun 26, 8:41 am, jimc <j...(a)discussions.microsoft.com> wrote: > I am investigating a problem with many computers that refuse to sleep when > expected. We have investigated the problem and found that it is caused by an > unknown program calling SetThreadExecutionState(SYSTEM_REQUIRED). This most > often happens after a long user session BUT if the user logs out the flag > stays set forever. > > You can use SetThreadExecutionState to set the execution state of the > current thread. This can be used to prevent the computer sleeping. You can > also use CallNTPowerInformation to GET the state for the entire system. > > There doesn't seem to be a GetThreadExecutionState function. You can use > SetThreadExecutionState to determine the state for the current thread but > not for an arbitary thread/process. > > Is there any way to find which process(s) are keeping the system awake by > finding the Execution State for a specific process/thread? > > James Hi, Is your application processing the following Windows message: WM_POWERBROADCAST http://msdn.microsoft.com/en-us/library/aa373247(VS.85).aspx Kellie.
From: jimc on 27 Jun 2008 03:54 > Is your application processing the following Windows message: > > WM_POWERBROADCAST > > http://msdn.microsoft.com/en-us/library/aa373247(VS.85).aspx > Yes, I process WM_POWERBROADCAST. I MSDN documentation doesn't mention anything about recieving messages when the SYSTEM_REQUIRED flag is set/unset and I haven't noticed any messages during development. I think you may be hinting that this message will tell me when the status changes - if it does, how would it tell me which process had set/unset the flag? James
From: Volodymyr M. Shcherbyna on 27 Jun 2008 04:43 You can boot suspected machine in debug mode, attach WinDbg, set breakpoint to SetThreadExecutionState and look at the call stack when it is being called. -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "jimc" <jimc(a)discussions.microsoft.com> wrote in message news:C54554EB-2011-4507-B59E-6CAB99802E8E(a)microsoft.com... >> Is your application processing the following Windows message: >> >> WM_POWERBROADCAST >> >> http://msdn.microsoft.com/en-us/library/aa373247(VS.85).aspx >> > > Yes, I process WM_POWERBROADCAST. I MSDN documentation doesn't mention > anything about recieving messages when the SYSTEM_REQUIRED flag is > set/unset > and I haven't noticed any messages during development. I think you may be > hinting that this message will tell me when the status changes - if it > does, > how would it tell me which process had set/unset the flag? > > James
From: jim clark on 27 Jun 2008 04:54
Thank you for the suggestion. I'm not an expert with kernel debugging but I have used WinDbg on a local machine to look at the EThread.PowerState field (which contains this information). If there was a way to do this from user mode I think that would be ideal. However, I don't think setting a breakpoint would be that useful as I need to know the cause of the problem *after* it has happened on a production computer (that is in real-world use). James "Volodymyr M. Shcherbyna" <v_scherbina(a)online.mvps.org> wrote in message news:%23%23aD6HD2IHA.5944(a)TK2MSFTNGP04.phx.gbl... > You can boot suspected machine in debug mode, attach WinDbg, set > breakpoint to SetThreadExecutionState and look at the call stack when it > is being called. > > -- > V. > This posting is provided "AS IS" with no warranties, and confers no > rights. > "jimc" <jimc(a)discussions.microsoft.com> wrote in message > news:C54554EB-2011-4507-B59E-6CAB99802E8E(a)microsoft.com... >>> Is your application processing the following Windows message: >>> >>> WM_POWERBROADCAST >>> >>> http://msdn.microsoft.com/en-us/library/aa373247(VS.85).aspx >>> >> >> Yes, I process WM_POWERBROADCAST. I MSDN documentation doesn't mention >> anything about recieving messages when the SYSTEM_REQUIRED flag is >> set/unset >> and I haven't noticed any messages during development. I think you may be >> hinting that this message will tell me when the status changes - if it >> does, >> how would it tell me which process had set/unset the flag? >> >> James > > |