Jump to content
Sign in to follow this  
joakim

NtCreateKey and DllCall

Recommended Posts

joakim

I am trying to access registry keys by using ntdll.dll, but I'm facing a dreaded ntstatus 0xc0000005 (STATUS_ACCESS_VIOLATION). From the msdn docs; http://msdn.microsoft.com/en-us/library/windows/hardware/ff566425(v=vs.85).aspx it says the RootDirectory can be empty in which case the ObjectName member of the input ObjectAttributes contains the full qualified path, and should start with Registry. A bit stuck, so any help would be appreciated. Here the code;

Global Const $tagIOSTATUSBLOCK = "dword Status;ptr Information"
Global Const $tagOBJECTATTRIBUTES = "ulong Length;hwnd RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService"
Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer"
Global Const $OBJ_CASE_INSENSITIVE = 0x00000040
Global Const $KEY_READ = 0x20019
Global Const $KEY_WRITE = 0x20006
Global Const $KEY_CREATE_LINK = 0x0020
Global Const $KEY_ALL_ACCESS = 0xF003F
Global Const $REG_OPTION_NON_VOLATILE = 0x00000000

$RegKey = "RegistryMachineSOFTWAREClasses"
_NtCreateKey($RegKey)

Func _NtCreateKey($RegKey)
Local $Disposition, $ret, $KeyHandle
Local $hNTDLL = DllOpen("ntdll.dll")
Local $szName = DllStructCreate("wchar[260]")
Local $sUS = DllStructCreate($tagUNICODESTRING)
Local $sOA = DllStructCreate($tagOBJECTATTRIBUTES)
Local $sISB = DllStructCreate($tagIOSTATUSBLOCK)
DllStructSetData($szName, 1, $RegKey)
$ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "ptr", DllStructGetPtr($sUS), "ptr", DllStructGetPtr($szName))
DllStructSetData($sOA, "Length", DllStructGetSize($sOA))
DllStructSetData($sOA, "RootDirectory", Chr(0))
DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS))
DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE)
DllStructSetData($sOA, "SecurityDescriptor", Chr(0))
DllStructSetData($sOA, "SecurityQualityOfService", Chr(0))
$ret = DllCall($hNTDLL, "int", "NtCreateKey", "hwnd", $KeyHandle, "dword", $KEY_ALL_ACCESS, "ptr", DllStructGetPtr($sOA), "ulong", 0, "ulong", 0, "ulong", $REG_OPTION_NON_VOLATILE, "ptr", $Disposition)
If NT_SUCCESS($ret[0]) Then
Return $ret[1]
Else
ConsoleWrite("Ntstatus: NtCreateKey: 0x" & Hex($ret[0],8) & @CRLF)
ConsoleWrite("System error code: " & _LsaNtStatusToWinError($ret[0]) & @CRLF)
Return SetError(1,0,0)
EndIf
EndFunc

Func NT_SUCCESS($status)
If 0 <= $status And $status <= 0x7FFFFFFF Then
     Return True
Else
     Return False
EndIf
EndFunc

Func _LsaNtStatusToWinError($iNtStatus)
Local $iSysError
$iSysError = DllCall("Advapi32.dll", "ulong", "LsaNtStatusToWinError", "dword", $iNtStatus)
Return $iSysError[0]
EndFunc

Btw, parts of the code is taken from wraithdu's ads sample.

Edited by joakim

Share this post


Link to post
Share on other sites
joakim

Nevermind. Turned out all that was missing was a * behind "hwnd". :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • ScriptJunky
      By ScriptJunky
      I noticed a lack of a constants file for _WinAPI_GetSystemMetrics() so I made this for anyone who wants to add it to their library. Enjoy!  (file attached below)
      #include-once ; #INDEX# ======================================================================================================================= ; Title .........: WinAPI GetSystemMetrics Constants ; AutoIt Version : 3.3.14.5 ; Language ......: English ; Description ...: Constants for _WinAPI_GetSystemMetrics(). ; Author(s) .....: ScriptJunky ; =============================================================================================================================== ; #CONSTANTS# =================================================================================================================== ; _WinAPI_GetSystemMetrics() Global Const $ARRANGE = 56 Global Const $CLEANBOOT = 67 Global Const $CMONITORS = 80 Global Const $CMOUSEBUTTONS = 43 Global Const $CONVERTIBLESLATEMODE = 0x2003 Global Const $CXBORDER = 5 Global Const $CXCURSOR = 13 Global Const $CXDLGFRAME = 7 Global Const $CXDOUBLECLK = 36 Global Const $CXDRAG = 68 Global Const $CXEDGE = 45 Global Const $CXFIXEDFRAME = 7 Global Const $CXFOCUSBORDER = 83 Global Const $CXFRAME = 32 Global Const $CXFULLSCREEN = 16 Global Const $CXHSCROLL = 21 Global Const $CXHTHUMB = 10 Global Const $CXICON = 11 Global Const $CXICONSPACING = 38 Global Const $CXMAXIMIZED = 61 Global Const $CXMAXTRACK = 59 Global Const $CXMENUCHECK = 71 Global Const $CXMENUSIZE = 54 Global Const $CXMIN = 28 Global Const $CXMINIMIZED = 57 Global Const $CXMINSPACING = 47 Global Const $CXMINTRACK = 34 Global Const $CXPADDEDBORDER = 92 Global Const $CXSCREEN = 0 Global Const $CXSIZE = 30 Global Const $CXSIZEFRAME = 32 Global Const $CXSMICON = 49 Global Const $CXSMSIZE = 52 Global Const $CXVIRTUALSCREEN = 78 Global Const $CXVSCROLL = 2 Global Const $CYBORDER = 6 Global Const $CYCAPTION = 4 Global Const $CYCURSOR = 14 Global Const $CYDLGFRAME = 8 Global Const $CYDOUBLECLK = 37 Global Const $CYDRAG = 69 Global Const $CYEDGE = 46 Global Const $CYFIXEDFRAME = 8 Global Const $CYFOCUSBORDER = 84 Global Const $CYFRAME = 33 Global Const $CYFULLSCREEN = 17 Global Const $CYHSCROLL = 3 Global Const $CYICON = 12 Global Const $CYICONSPACING = 39 Global Const $CYKANJIWINDOW = 18 Global Const $CYMAXIMIZED = 62 Global Const $CYMAXTRACK = 60 Global Const $CYMENU = 15 Global Const $CYMENUCHECK = 72 Global Const $CYMENUSIZE = 55 Global Const $CYMIN = 29 Global Const $CYMINIMIZED = 58 Global Const $CYMINSPACING = 48 Global Const $CYMINTRACK = 35 Global Const $CYSCREEN = 1 Global Const $CYSIZE = 31 Global Const $CYSIZEFRAME = 33 Global Const $CYSMCAPTION = 51 Global Const $CYSMICON = 50 Global Const $CYSMSIZE = 53 Global Const $CYVIRTUALSCREEN = 79 Global Const $CYVSCROLL = 20 Global Const $CYVTHUMB = 9 Global Const $DBCSENABLED = 42 Global Const $DEBUG = 22 Global Const $DIGITIZER = 94 Global Const $IMMENABLED = 82 Global Const $MAXIMUMTOUCHES = 95 Global Const $MEDIACENTER = 87 Global Const $MENUDROPALIGNMENT = 40 Global Const $MIDEASTENABLED = 74 Global Const $MOUSEPRESENT = 19 Global Const $MOUSEHORIZONTALWHEELPRESENT = 91 Global Const $MOUSEWHEELPRESENT = 75 Global Const $NETWORK = 63 Global Const $PENWINDOWS = 41 Global Const $REMOTECONTROL = 0x2001 Global Const $REMOTESESSION = 0x1000 Global Const $SAMEDISPLAYFORMAT = 81 Global Const $SECURE = 44 Global Const $SERVERR = 289 Global Const $SHOWSOUNDS = 70 Global Const $SHUTTINGDOWN = 0x2000 Global Const $SLOWMACHINE = 73 Global Const $STARTER = 88 Global Const $SWAPBUTTON = 23 Global Const $TABLETPC = 86 Global Const $XVIRTUALSCREEN = 76 Global Const $YVIRTUALSCREEN = 77  
      WinAPISystemMetricsConstants.au3
    • chacoya121
      By chacoya121
      can someone plz explain how WinAPI work and some example script plz
    • Bilgus
      By Bilgus
      So first things first the example in the help file for _WinApi_Enum_Windows has an error
      ;_ArrayDisplay($aResult, "_WinAPI_EnumWindows", Default, Default, Default, Default, "#|Handle|Class|Title|Text|Process") Should Be _ArrayDisplay($aResult, "_WinAPI_EnumWindows", Default, Default, Default, "Handle|Class|Title|Text|Process") Next is a bit of helpful info on LPCSTR in a callback function it needs  to be passed as a PTR
      DllCallbackRegister($sFUNCT, $sRETURN, "ptr") Finally on to my question
      I'd want to call EnumPropsEX and pass a string through lparam + append to it rather than declaring anything globally
      I can Come up with two ways to do this The second it a lot more code but possibly safer but the first way I think Should do
      1. From a bit of testing It seems AutoIt won't overflow a DllStruct?
      2. Are strings passed through DLL call guaranteed to be 'an ANSI string (a minimum of 65536 chars is allocated)' as the Helpfile clearly states?
      #include <Array.au3> #include <WinAPI.au3> Example() Func Example() Local $aWindows = _WinAPI_EnumWindows() Local $aResult[$aWindows[0][0]][6] For $i = 1 To $aWindows[0][0] $aResult[$i - 1][0] = "0x" & Hex($aWindows[$i][0], 8) $aResult[$i - 1][1] = $aWindows[$i][1] $aResult[$i - 1][2] = WinGetTitle($aWindows[$i][0]) $aResult[$i - 1][3] = WinGetText($aWindows[$i][0]) $aResult[$i - 1][4] = WinGetProcess($aWindows[$i][0]) $aResult[$i - 1][5] = _ArrayToString(EnumProps($aWindows[$i][0]), ", ", 1) Next _ArrayDisplay($aResult, "_WinAPI_EnumWindows", Default, Default, Default, "Handle|Class|Title|Text|Process|Properties") EndFunc ;==>Example Func EnumProps($hWnd, $vDLL = 'user32.dll') ; Create callback function. Local $iErr = 0 Local $aProps[1] = [0] Local $hCb = DllCallbackRegister('_PropEnumProcEx', 'int', 'hwnd;ptr;handle;ptr') ; Call EnumPropsEx Local $aRet = DllCall($vDLL, 'int', 'EnumPropsEx', 'HWND', $hWnd, 'ptr', DllCallbackGetPtr($hCb), 'str', "") If @error Or Not $aRet[0] Then $iErr = @error ConsoleWrite("EnumProps Error:" & $iErr & @CRLF) ElseIf $aRet[3] <> "" Then $aProps = StringSplit($aRet[3], ";") EndIf DllCallbackFree($hCb) Return SetError($iErr, 0, $aProps) EndFunc ;==>EnumProps Func _PropEnumProcEx($hWnd, $sProp, $hData, $pStr) Local $iSzStr = _WinAPI_StringLenA($sProp) + 1 ; + Null Char If $iSzStr > 1 Then Local $tProp = DllStructCreate('char[' & $iSzStr & ']', $sProp) Local $tRetn = DllStructCreate('char[65535]', $pStr) DllStructSetData($tRetn, 1, DllStructGetData($tRetn, 1) & DllStructGetData($tProp, 1) & ";") EndIf Return 1 EndFunc ;==>_PropEnumProcEx ;-------------------------------------------------------------------------------------------------------------- Func EnumProps2($hWnd, $iSzBuffer = 4096, $vDLL = 'user32.dll') ; Create callback function. Local $iErr = 0 Local $sProps Local $aProps[1] = [0] Local $hCb = DllCallbackRegister('_PropEnumProcEx', 'int', 'hwnd;ptr;handle;ptr') Local $tProps = DllStructCreate('int;int;char[' & $iSzBuffer & ']') DllStructSetData($tProps, 1, $iSzBuffer) ;BufferSz DllStructSetData($tProps, 2, $iSzBuffer) ;BufferRemaining ; Call EnumPropsEx Local $aRet = DllCall($vDLL, 'int', 'EnumPropsEx', 'HWND', $hWnd, 'ptr', DllCallbackGetPtr($hCb), 'ptr', DllStructGetPtr($tProps)) If @error Or Not $aRet[0] Then $iErr = @error DllStructSetData($tProps, 2, 0) EndIf DllCallbackFree($hCb) $sProps = DllStructGetData($tProps, 3) If DllStructGetData($tProps, 2) > 0 Then If $sProps <> "" Then $aProps = StringSplit(StringTrimRight($sProps, 1), ";") EndIf Else If Not $iErr Then $iErr = 6 ;buffer overflow Return SetError($iErr, -DllStructGetData($tProps, 2), $aProps) EndIf Return $aProps EndFunc ;==>EnumProps2 Func _PropEnumProcEx2($hWnd, $sProp, $hData, $ptProp) Local $iSzStr = _WinAPI_StringLenA($sProp) + 1 Local $tProp = DllStructCreate('char[' & $iSzStr & ']', $sProp) If $iSzStr > 1 Then Local $sRet = DllStructGetData($tProp, 1) Local $iSzBuffer = DllStructGetData(DllStructCreate('int', $ptProp), 1) Local $tRetn = DllStructCreate('int;int;char[' & $iSzBuffer & ']', $ptProp) DllStructSetData($tRetn, 2, DllStructGetData($tRetn, 2) - $iSzStr) If DllStructGetData($tRetn, 2) > 0 Then DllStructSetData($tRetn, 3, DllStructGetData($tRetn, 3) & $sRet & ";") EndIf EndIf Return 1 EndFunc ;==>_PropEnumProcEx2  
    • BigDaddyO
      By BigDaddyO
      Hello,
       
      I'm trying to figure out how to add attributes to a Credentials Store.  I have been using it to store Creds and I was using the Comments to store some limited data but I'd really like to start using the 64 possible Attributes so I don't need to use the Registry to store misc information my script needs.
       
      I have been trying to figure this our for a few days now and I'm able to create the structure, but it fails with Invalid Parameter when trying to add the item to the store.
       
      Any ideas or pointers to where to get some further information on this?
      Thanks,
      Mike
      #include <Crypt.au3> #include <Array.au3> #include <WinAPI.au3> $sEncryptionKey = @ScriptName & 'MyS3cur!tyK3y' & @UserName $sCredName = "AttributeTest" $sUserID = "MyUserID" $sPassword = "SecretP@ssw0rd" $sDatabase = "StoredCommentHere" $sAttribute1 = "ALM.NoReply" $sAttribute2 = "Defect #?BG_BUG_ID in ?PROJECT, Status = ?BG_STATUS, Severity = ?BG_SEVERITY" $sAttribute3 = "C:\Users\MyProfile\Documents\ALM_Reports" $sAttribute4 = "UserName1,QA_Analyst|UserName2,Business_Analyst|UserName3,QA_Analyst|UserName4,QA_Analyst|UserName5,Business_Analyst|UserName6,QA_Analyst" Global $aAttribute[4, 2] = [["eMailFrom", $sAttribute1], ["eMailSubject", $sAttribute2], ["reportFldr", $sAttribute3], ["DefaultUsers", $sAttribute4]] ;Add something to the Credential Store $aAdd = _Cred_Add_WithAttributes($sCredName, $sUserID, StringEncrypt(True, $sPassword, $sEncryptionKey), $sDatabase, 1, $aAttribute) If @error Then MsgBox(0, "Error", "Failed to add credentials to " & $sCredName) Exit EndIf Func _Cred_Add_WithAttributes($sTarget, $sUser, $sPassword, $sComm = "", $iType = 2, $aAttribute = "") ;Type: 2=Domain, 1=Local Local $structTarget = DllStructCreate("wchar[100]") ; Create a structure to hold the Target object name DllStructSetData($structTarget, 1, $sTarget) ; Insert the target name into that Structure Local $structUser = DllStructCreate("wchar[100]") ; Create a structure to hold the UserName to use DllStructSetData($structUser, 1, $sUser) ; Insert the user name into the structure Local $structPwd = DllStructCreate("wchar[100]") ; Create a structure to hold the password to use DllStructSetData($structPwd, 1, $sPassword) ; Insert the password into the structure Local $structComment = DllStructCreate("wchar[100]") ; Comments seem to only work where Type = 1 legacy DllStructSetData($structComment, 1, $sComm) ;-------------------------------------------------------------------------------------------------------------------- ;-- CREDENTIAL_ATTRIBUTE structure https://msdn.microsoft.com/en-us/library/windows/desktop/aa374790(v=vs.85).aspx ;-------------------------------------------------------------------------------------------------------------------- Local $aAttrirb[UBound($aAttribute)] Local $tagCREDENTIAL_ATTRIBUTE = "" & _ "wchar Keyword;" & _ "DWORD Flags;" & _ "DWORD ValueSize;" & _ "wchar Value" For $i = 0 to UBound($aAttribute) - 1 $aAttrirb[$i] = DllStructCreate($tagCREDENTIAL_ATTRIBUTE) If @error Then ConsoleWrite("Error on $aAttrib[" & $i & "] = " & @error & @CRLF) Exit EndIf DllStructSetData($aAttrirb[$i],"Keyword",StringRight($aAttribute[$i][0], 256)) ;Name for the Attribute to use, 256 characters max If @error Then ConsoleWrite("Error adding Keyword to $aAttrib[" & $i & "] = " & @error & @CRLF) DllStructSetData($aAttrirb[$i],"Flags",0) ;Should always be 0 If @error Then ConsoleWrite("Error adding Flags to $aAttrib[" & $i & "] = " & @error & @CRLF) DllStructSetData($aAttrirb[$i],"ValueSize",256) ;Max = 256 If @error Then ConsoleWrite("Error adding ValueSize to $aAttrib[" & $i & "] = " & @error & @CRLF) DllStructSetData($aAttrirb[$i],"Value",StringRight($aAttribute[$i][1], 256)) ;Take the right most 256 characters if they put in to many If @error Then ConsoleWrite("Error adding Value to $aAttrib[" & $i & "] = " & @error & @CRLF) Next ;-------------------------------------------------------------------------------------------------------------------- Local $structCREDENTIAL= "" & _ "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" Local $NewCred = DllStructCreate($structCREDENTIAL) If @error Then MsgBox(0, "NewCred", "Error in DllStructCreate " & @error); Exit EndIf DllStructSetData($NewCred,"Flags",0) DllStructSetData($NewCred,"Type",$iType) ;2 = Domain, 1 = Generic DllStructSetData($NewCred,"TargetName",DllStructGetPtr($structTarget)) DllStructSetData($NewCred,"Persist",3) ;save to roaming profile = 3 ;Problem with this section, as if I comment out, it adds but I need Attributes. DllStructSetData($NewCred,"AttributeCount",UBound($aAttrib)) ;max = 64 If @error Then ConsoleWrite("Error adding AttributeCount (1) = " & @error & @CRLF) For $i = 0 to UBound($aAttrirb) - 1 DllStructSetData($NewCred,"Attributes", DllStructGetPtr($aAttrirb[$i])) If @error Then ConsoleWrite("Error adding Attributes (" & $i + 1 & ") = " & @error & @CRLF) Next DllStructSetData($NewCred,"UserName",DllStructGetPtr($structUser)) DllStructSetData($NewCred,"CredentialBlob",DllStructGetPtr($structPwd)) DllStructSetData($NewCred,"CredintialBlobSize",StringLen($sPassword)*2) DllStructSetData($NewCred,"Comment",DllStructGetPtr($structComment)) Local $hAdvapi32 = DllOpen("Advapi32.dll") If $hAdvapi32 = -1 Then Msgbox(0, "Error", "Failed to connect to the Credentials Store") Exit Endif $aRet = DllCall($hAdvapi32, 'bool', 'CredWriteW', 'ptr', DllStructGetPtr($NewCred), 'dword', 0) If @error Then ConsoleWrite("DllCall Error: " & @error & @CRLF) $NewCred = 0 ConsoleWrite("GetLastError = (" & _WinAPI_GetLastError() & ")" & @CRLF) ;87 = ERROR_INVALID_PARAMETER If IsArray($aRet) Then ConsoleWrite("Successfully performed the CredWriteW DLL call, Return = " & $aRet[0] & @CRLF) if UBound($aRet) > 1 Then _ArrayDisplay($aRet, "DllCall Returned") Return $aRet Else ConsoleWrite("Failed to perform the CredWriteW DLL call" & @CRLF) Return SetError(1) EndIf EndFunc Func _Cred_Get($sTarget, $iType = 2) ;Type: 2=Domain, 1=Local. CAN'T DECRYPT DOMAIN PASSWORDS!!! Local $FuncRet[3] Local $structTarget = DllStructCreate("wchar[100]") DllStructSetData($structTarget,1,$sTarget) Local $hAdvapi32 = DllOpen("Advapi32.dll") If $hAdvapi32 = -1 Then Msgbox(0, "Error", "Failed to connect to the Credentials Store") Exit Endif Local $Ret = DllCall($hAdvapi32, 'bool', 'CredReadW', 'ptr', DllStructGetPtr($structTarget), 'dword', $iType, 'dword', 0, 'ptr*', 0) if $ret[0]=0 then Return SetError(1,0,$FuncRet) Local $structCREDENTIAL= "" & _ "DWORD Flags;" & _ "DWORD Type;" & _ "Ptr TargetName;" & _ "Ptr Comment;" & _ "UINT64 LastWritten;" & _ "DWORD CredintialBlobSize;" & _ "Ptr CredentialBlob;" & _ "DWORD Persist;" & _ "DWORD AttributeCount;" & _ "Ptr Attributes;" & _ "Ptr TargetAlias;" & _ "Ptr Username" Local $tdata=DllStructCreate($structCREDENTIAL, $Ret[4]) Local $userName = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'Username')) Local $User = DllStructGetData($userName, 1) Local $CredentialBlobSize = DllStructGetData($tdata, 'CredintialBlobSize') Local $credentialBlob = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'CredentialBlob')) Local $Password = StringLeft(DllStructGetData($credentialBlob, 1), $CredentialBlobSize/2) ;Once the Add Attributes is working, I need to figure out how to retrieve the Attributes that I want, below is un-tested. ; Local $eMailFrom = DllStructCreate("wchar[256]", DllStructGetData($tdata, 'eMailFrom')) ; Local $eMail = DllStructGetData($eMailFrom, 4) ; Consolewrite("eMailFrom Attribute = (" & $eMail & ")" & @crlf ) Local $Comment = DllStructCreate("wchar[100]", DllStructGetData($tdata, 'Comment')) Local $Comm = DllStructGetData($Comment, 1) Dim $FuncRet[] = [$User, $Password, $Comm] If IsArray($FuncRet) Then Return $FuncRet Else Return SetError(1) EndIf EndFunc  
×