joakim Posted August 13, 2012 Posted August 13, 2012 This time I'm trying another native function called NtCreateFile. Have tried many variations of datatypes but all give the same ntstatus. Here is the sample code; expandcollapse popup; NtCreateFile routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx ; IO_STATUS_BLOCK structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff550671(v=vs.85).aspx ; OBJECT_ATTRIBUTES structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx ; UNICODE_STRING structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx ; InitializeObjectAttributes macro -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx ; RtlInitUnicodeString routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff561934(v=vs.85).aspx Global Const $OBJ_CASE_INSENSITIVE = 0x00000040 Global Const $FILE_RANDOM_ACCESS = 0x00000800 Global Const $FILE_DIRECTORY_FILE = 0x00000002 Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040 Global Const $tagIOSTATUSBLOCK = "ptr Status;ptr Information" Global Const $tagOBJECTATTRIBUTES = "ulong Length;handle RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService" Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer" Global Const $CREATE_NEW = 1 Global Const $TRUNCATE_EXISTING = 5 Global Const $GENERIC_ALL = 0x10000000 Global Const $FILE_SHARE_READ = 0x01 Global Const $FILE_ATTRIBUTE_NORMAL = 0x00000080 $hNTDLL = DllOpen("ntdll.dll") $szName = DllStructCreate("wchar[260]") $sUS = DllStructCreate($tagUNICODESTRING) $sOA = DllStructCreate($tagOBJECTATTRIBUTES) $sISB = DllStructCreate($tagIOSTATUSBLOCK) $File = "\\C:\test\testfile.txt" DllStructSetData($szName, 1, $File) $ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "ptr", DllStructGetPtr($sUS), "ptr", DllStructGetPtr($szName)) DllStructSetData($sOA, "Length", DllStructGetSize($sOA)) DllStructSetData($sOA, "RootDirectory", 0) DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS)) DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE) DllStructSetData($sOA, "SecurityDescriptor", 0) DllStructSetData($sOA, "SecurityQualityOfService", 0) $DesiredAccess = $GENERIC_ALL $AllocationSize = 1024 $FileAttributes = $FILE_ATTRIBUTE_NORMAL $ShareAccess = $FILE_SHARE_READ $CreateDisposition = $CREATE_NEW;$CREATE_ALWAYS $CreateOptions = $FILE_NON_DIRECTORY_FILE $EaBuffer = 0 $EaLength = 0 $ret = DllCall($hNTDLL, "handle", "NtCreateFile", "handle*", "", "ulong", $DesiredAccess, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), "int64", $AllocationSize, "ulong", $FileAttributes, "ulong", $ShareAccess, _ "ulong", $CreateDisposition, "ulong", $CreateOptions, "ptr", $EaBuffer, "ulong", $EaLength) ConsoleWrite("Ntstatus: 0x" & Hex($ret[0],8) & @CRLF) I have a hunch the issue is with IO_STATUS_BLOCK...
JohnOne Posted August 13, 2012 Posted August 13, 2012 $hwndstruct = DllStructCreate("HWND") $hwndptr = DllStructGetPtr($hwndstruct) $ret = DllCall($hNTDLL, "handle", "NtCreateFile", "handle*", $hwndptr, "ulong", $DesiredAccess, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), "int64", $AllocationSize, "ulong", $FileAttributes, "ulong", $ShareAccess, _ "ulong", $CreateDisposition, "ulong", $CreateOptions, "ptr", $EaBuffer, "ulong", $EaLength) AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
joakim Posted August 13, 2012 Author Posted August 13, 2012 I'm still getting 0xC0000005. Did you get a different result?
trancexx Posted August 13, 2012 Posted August 13, 2012 AllocationSize parameter type is wrong. Put "int64*" there (notice asterisk). Also your file path is "??C:testtestfile.txt". ♡♡♡ . eMyvnE
joakim Posted August 13, 2012 Author Posted August 13, 2012 That works! So I guess the P in PLARGE_INTEGER was what made the requirement of the asteriks, and I missed that one.
Mugen Posted September 29, 2015 Posted September 29, 2015 (edited) I know it's a bit old topic, but did anyone get this API working?expandcollapse popup; NtCreateFile routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx ; IO_STATUS_BLOCK structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff550671(v=vs.85).aspx ; OBJECT_ATTRIBUTES structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx ; UNICODE_STRING structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx ; InitializeObjectAttributes macro -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx ; RtlInitUnicodeString routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff561934(v=vs.85).aspx Global Const $OBJ_CASE_INSENSITIVE = 0x00000040 Global Const $FILE_RANDOM_ACCESS = 0x00000800 Global Const $FILE_DIRECTORY_FILE = 0x00000002 Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040 Global Const $tagIOSTATUSBLOCK = "ptr Status;ptr Information" Global Const $tagOBJECTATTRIBUTES = "ulong Length;handle RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService" Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer" Global Const $CREATE_NEW = 1 Global Const $TRUNCATE_EXISTING = 5 Global Const $GENERIC_ALL = 0x10000000 Global Const $FILE_SHARE_READ = 0x01 Global Const $FILE_ATTRIBUTE_NORMAL = 0x00000080 $hNTDLL = DllOpen("ntdll.dll") $szName = DllStructCreate("wchar[260]") $sUS = DllStructCreate($tagUNICODESTRING) $sOA = DllStructCreate($tagOBJECTATTRIBUTES) $sISB = DllStructCreate($tagIOSTATUSBLOCK) $File = "\??\C:\testfile.txt" DllStructSetData($szName, 1, $File) $ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "struct*", $sUS, "struct*", $szName) DllStructSetData($sOA, "Length", DllStructGetSize($sOA)) DllStructSetData($sOA, "RootDirectory", 0) DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS)) DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE) DllStructSetData($sOA, "SecurityDescriptor", 0) DllStructSetData($sOA, "SecurityQualityOfService", 0) $DesiredAccess = $GENERIC_ALL $AllocationSize = 1024 $FileAttributes = $FILE_ATTRIBUTE_NORMAL $ShareAccess = $FILE_SHARE_READ $CreateDisposition = $CREATE_NEW;$CREATE_ALWAYS $CreateOptions = $FILE_NON_DIRECTORY_FILE $EaBuffer = 0 $EaLength = 0 $ret = DllCall($hNTDLL, "handle", "NtCreateFile", _ "handle*", 0, _ "ulong", $DesiredAccess, _ "struct*", $sOA, _ "struct*", $sISB, _ "int64*", $AllocationSize, _ "ulong", $FileAttributes, _ "ulong", $ShareAccess, _ "ulong", $CreateDisposition, _ "ulong", $CreateOptions, _ "ptr", $EaBuffer, _ "ulong", $EaLength) ConsoleWrite("Ntstatus: 0x" & Hex($ret[0],8) & @CRLF)I get "STATUS_OBJECT_NAME_NOT_FOUND" error, but why? Edited September 29, 2015 by Mugen
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now