Jump to content

NtCreateFile returns STATUS_ACCESS_VIOLATION (again)


 Share

Recommended Posts

This time I'm trying another native function called NtCreateFile. Have tried many variations of datatypes but all give the same ntstatus. Here is the sample code;

; NtCreateFile routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx
; IO_STATUS_BLOCK structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff550671(v=vs.85).aspx
; OBJECT_ATTRIBUTES structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx
; UNICODE_STRING structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
; InitializeObjectAttributes macro -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx
; RtlInitUnicodeString routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff561934(v=vs.85).aspx
Global Const $OBJ_CASE_INSENSITIVE = 0x00000040
Global Const $FILE_RANDOM_ACCESS = 0x00000800
Global Const $FILE_DIRECTORY_FILE = 0x00000002
Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040
Global Const $tagIOSTATUSBLOCK = "ptr Status;ptr Information"
Global Const $tagOBJECTATTRIBUTES = "ulong Length;handle RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService"
Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer"
Global Const $CREATE_NEW = 1
Global Const $TRUNCATE_EXISTING = 5
Global Const $GENERIC_ALL = 0x10000000
Global Const $FILE_SHARE_READ = 0x01
Global Const $FILE_ATTRIBUTE_NORMAL = 0x00000080
$hNTDLL = DllOpen("ntdll.dll")
$szName = DllStructCreate("wchar[260]")
$sUS = DllStructCreate($tagUNICODESTRING)
$sOA = DllStructCreate($tagOBJECTATTRIBUTES)
$sISB = DllStructCreate($tagIOSTATUSBLOCK)
$File = "\\C:\test\testfile.txt"
DllStructSetData($szName, 1, $File)
$ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "ptr", DllStructGetPtr($sUS), "ptr", DllStructGetPtr($szName))
DllStructSetData($sOA, "Length", DllStructGetSize($sOA))
DllStructSetData($sOA, "RootDirectory", 0)
DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS))
DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE)
DllStructSetData($sOA, "SecurityDescriptor", 0)
DllStructSetData($sOA, "SecurityQualityOfService", 0)
$DesiredAccess = $GENERIC_ALL
$AllocationSize = 1024
$FileAttributes = $FILE_ATTRIBUTE_NORMAL
$ShareAccess = $FILE_SHARE_READ
$CreateDisposition = $CREATE_NEW;$CREATE_ALWAYS
$CreateOptions = $FILE_NON_DIRECTORY_FILE
$EaBuffer = 0
$EaLength = 0
$ret = DllCall($hNTDLL, "handle", "NtCreateFile", "handle*", "", "ulong", $DesiredAccess, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), "int64", $AllocationSize, "ulong", $FileAttributes, "ulong", $ShareAccess, _
"ulong", $CreateDisposition, "ulong", $CreateOptions, "ptr", $EaBuffer, "ulong", $EaLength)
ConsoleWrite("Ntstatus: 0x" & Hex($ret[0],8) & @CRLF)

I have a hunch the issue is with IO_STATUS_BLOCK...

Link to comment
Share on other sites

:unsure:

$hwndstruct = DllStructCreate("HWND")
$hwndptr = DllStructGetPtr($hwndstruct)
$ret = DllCall($hNTDLL, "handle", "NtCreateFile", "handle*", $hwndptr, "ulong", $DesiredAccess, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), "int64", $AllocationSize, "ulong", $FileAttributes, "ulong", $ShareAccess, _ "ulong", $CreateDisposition, "ulong", $CreateOptions, "ptr", $EaBuffer, "ulong", $EaLength)

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

  • 3 years later...

I know it's a bit old topic, but did anyone get this API working?

; NtCreateFile routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx
; IO_STATUS_BLOCK structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff550671(v=vs.85).aspx
; OBJECT_ATTRIBUTES structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx
; UNICODE_STRING structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
; InitializeObjectAttributes macro -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx
; RtlInitUnicodeString routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff561934(v=vs.85).aspx
Global Const $OBJ_CASE_INSENSITIVE = 0x00000040
Global Const $FILE_RANDOM_ACCESS = 0x00000800
Global Const $FILE_DIRECTORY_FILE = 0x00000002
Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040
Global Const $tagIOSTATUSBLOCK = "ptr Status;ptr Information"
Global Const $tagOBJECTATTRIBUTES = "ulong Length;handle RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService"
Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer"
Global Const $CREATE_NEW = 1
Global Const $TRUNCATE_EXISTING = 5
Global Const $GENERIC_ALL = 0x10000000
Global Const $FILE_SHARE_READ = 0x01
Global Const $FILE_ATTRIBUTE_NORMAL = 0x00000080
$hNTDLL = DllOpen("ntdll.dll")
$szName = DllStructCreate("wchar[260]")
$sUS = DllStructCreate($tagUNICODESTRING)
$sOA = DllStructCreate($tagOBJECTATTRIBUTES)
$sISB = DllStructCreate($tagIOSTATUSBLOCK)
$File = "\??\C:\testfile.txt"
DllStructSetData($szName, 1, $File)
$ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "struct*", $sUS, "struct*", $szName)
DllStructSetData($sOA, "Length", DllStructGetSize($sOA))
DllStructSetData($sOA, "RootDirectory", 0)
DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS))
DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE)
DllStructSetData($sOA, "SecurityDescriptor", 0)
DllStructSetData($sOA, "SecurityQualityOfService", 0)
$DesiredAccess = $GENERIC_ALL
$AllocationSize = 1024
$FileAttributes = $FILE_ATTRIBUTE_NORMAL
$ShareAccess = $FILE_SHARE_READ
$CreateDisposition = $CREATE_NEW;$CREATE_ALWAYS
$CreateOptions = $FILE_NON_DIRECTORY_FILE
$EaBuffer = 0
$EaLength = 0
$ret = DllCall($hNTDLL, "handle", "NtCreateFile", _
    "handle*", 0, _
    "ulong", $DesiredAccess, _
    "struct*", $sOA, _
    "struct*", $sISB, _
    "int64*", $AllocationSize, _
    "ulong", $FileAttributes, _
    "ulong", $ShareAccess, _
    "ulong", $CreateDisposition, _
    "ulong", $CreateOptions, _
    "ptr", $EaBuffer, _
    "ulong", $EaLength)
ConsoleWrite("Ntstatus: 0x" & Hex($ret[0],8) & @CRLF)

I get "STATUS_OBJECT_NAME_NOT_FOUND" error, but why?

Edited by Mugen
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...