joakim Posted August 13, 2012 Share Posted August 13, 2012 This time I'm trying another native function called NtCreateFile. Have tried many variations of datatypes but all give the same ntstatus. Here is the sample code; expandcollapse popup; NtCreateFile routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx ; IO_STATUS_BLOCK structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff550671(v=vs.85).aspx ; OBJECT_ATTRIBUTES structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx ; UNICODE_STRING structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx ; InitializeObjectAttributes macro -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx ; RtlInitUnicodeString routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff561934(v=vs.85).aspx Global Const $OBJ_CASE_INSENSITIVE = 0x00000040 Global Const $FILE_RANDOM_ACCESS = 0x00000800 Global Const $FILE_DIRECTORY_FILE = 0x00000002 Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040 Global Const $tagIOSTATUSBLOCK = "ptr Status;ptr Information" Global Const $tagOBJECTATTRIBUTES = "ulong Length;handle RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService" Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer" Global Const $CREATE_NEW = 1 Global Const $TRUNCATE_EXISTING = 5 Global Const $GENERIC_ALL = 0x10000000 Global Const $FILE_SHARE_READ = 0x01 Global Const $FILE_ATTRIBUTE_NORMAL = 0x00000080 $hNTDLL = DllOpen("ntdll.dll") $szName = DllStructCreate("wchar[260]") $sUS = DllStructCreate($tagUNICODESTRING) $sOA = DllStructCreate($tagOBJECTATTRIBUTES) $sISB = DllStructCreate($tagIOSTATUSBLOCK) $File = "\\C:\test\testfile.txt" DllStructSetData($szName, 1, $File) $ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "ptr", DllStructGetPtr($sUS), "ptr", DllStructGetPtr($szName)) DllStructSetData($sOA, "Length", DllStructGetSize($sOA)) DllStructSetData($sOA, "RootDirectory", 0) DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS)) DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE) DllStructSetData($sOA, "SecurityDescriptor", 0) DllStructSetData($sOA, "SecurityQualityOfService", 0) $DesiredAccess = $GENERIC_ALL $AllocationSize = 1024 $FileAttributes = $FILE_ATTRIBUTE_NORMAL $ShareAccess = $FILE_SHARE_READ $CreateDisposition = $CREATE_NEW;$CREATE_ALWAYS $CreateOptions = $FILE_NON_DIRECTORY_FILE $EaBuffer = 0 $EaLength = 0 $ret = DllCall($hNTDLL, "handle", "NtCreateFile", "handle*", "", "ulong", $DesiredAccess, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), "int64", $AllocationSize, "ulong", $FileAttributes, "ulong", $ShareAccess, _ "ulong", $CreateDisposition, "ulong", $CreateOptions, "ptr", $EaBuffer, "ulong", $EaLength) ConsoleWrite("Ntstatus: 0x" & Hex($ret[0],8) & @CRLF) I have a hunch the issue is with IO_STATUS_BLOCK... Link to comment Share on other sites More sharing options...
JohnOne Posted August 13, 2012 Share Posted August 13, 2012 $hwndstruct = DllStructCreate("HWND") $hwndptr = DllStructGetPtr($hwndstruct) $ret = DllCall($hNTDLL, "handle", "NtCreateFile", "handle*", $hwndptr, "ulong", $DesiredAccess, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), "int64", $AllocationSize, "ulong", $FileAttributes, "ulong", $ShareAccess, _ "ulong", $CreateDisposition, "ulong", $CreateOptions, "ptr", $EaBuffer, "ulong", $EaLength) AutoIt Absolute Beginners  Require a serial  Pause Script  Video Tutorials by Morthawt  ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
joakim Posted August 13, 2012 Author Share Posted August 13, 2012 I'm still getting 0xC0000005. Did you get a different result? Link to comment Share on other sites More sharing options...
trancexx Posted August 13, 2012 Share Posted August 13, 2012 AllocationSize parameter type is wrong. Put "int64*" there (notice asterisk). Also your file path is "??C:testtestfile.txt". ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
joakim Posted August 13, 2012 Author Share Posted August 13, 2012 That works! So I guess the P in PLARGE_INTEGER was what made the requirement of the asteriks, and I missed that one. Link to comment Share on other sites More sharing options...
Mugen Posted September 29, 2015 Share Posted September 29, 2015 (edited) I know it's a bit old topic, but did anyone get this API working?expandcollapse popup; NtCreateFile routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx ; IO_STATUS_BLOCK structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff550671(v=vs.85).aspx ; OBJECT_ATTRIBUTES structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx ; UNICODE_STRING structure -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx ; InitializeObjectAttributes macro -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx ; RtlInitUnicodeString routine -> http://msdn.microsoft.com/en-us/library/windows/hardware/ff561934(v=vs.85).aspx Global Const $OBJ_CASE_INSENSITIVE = 0x00000040 Global Const $FILE_RANDOM_ACCESS = 0x00000800 Global Const $FILE_DIRECTORY_FILE = 0x00000002 Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040 Global Const $tagIOSTATUSBLOCK = "ptr Status;ptr Information" Global Const $tagOBJECTATTRIBUTES = "ulong Length;handle RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService" Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer" Global Const $CREATE_NEW = 1 Global Const $TRUNCATE_EXISTING = 5 Global Const $GENERIC_ALL = 0x10000000 Global Const $FILE_SHARE_READ = 0x01 Global Const $FILE_ATTRIBUTE_NORMAL = 0x00000080 $hNTDLL = DllOpen("ntdll.dll") $szName = DllStructCreate("wchar[260]") $sUS = DllStructCreate($tagUNICODESTRING) $sOA = DllStructCreate($tagOBJECTATTRIBUTES) $sISB = DllStructCreate($tagIOSTATUSBLOCK) $File = "\??\C:\testfile.txt" DllStructSetData($szName, 1, $File) $ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "struct*", $sUS, "struct*", $szName) DllStructSetData($sOA, "Length", DllStructGetSize($sOA)) DllStructSetData($sOA, "RootDirectory", 0) DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS)) DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE) DllStructSetData($sOA, "SecurityDescriptor", 0) DllStructSetData($sOA, "SecurityQualityOfService", 0) $DesiredAccess = $GENERIC_ALL $AllocationSize = 1024 $FileAttributes = $FILE_ATTRIBUTE_NORMAL $ShareAccess = $FILE_SHARE_READ $CreateDisposition = $CREATE_NEW;$CREATE_ALWAYS $CreateOptions = $FILE_NON_DIRECTORY_FILE $EaBuffer = 0 $EaLength = 0 $ret = DllCall($hNTDLL, "handle", "NtCreateFile", _ "handle*", 0, _ "ulong", $DesiredAccess, _ "struct*", $sOA, _ "struct*", $sISB, _ "int64*", $AllocationSize, _ "ulong", $FileAttributes, _ "ulong", $ShareAccess, _ "ulong", $CreateDisposition, _ "ulong", $CreateOptions, _ "ptr", $EaBuffer, _ "ulong", $EaLength) ConsoleWrite("Ntstatus: 0x" & Hex($ret[0],8) & @CRLF)I get "STATUS_OBJECT_NAME_NOT_FOUND" error, but why? Edited September 29, 2015 by Mugen Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now