Biatu Posted May 15, 2015 Posted May 15, 2015 Hello, when using winObj from sysinternals, there is an entry called Arc Names, with entries like this "MULTI(0)DISK(0)RDISK(0)PARTITION(2)" and their respective drive paths. I tried running some debug programs and still can't seem to find a method to get those entries.Can anyone help? What is what? What is what.
water Posted May 15, 2015 Posted May 15, 2015 Maybe this is a good starting point? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Biatu Posted May 15, 2015 Author Posted May 15, 2015 (edited) Maybe this is a good starting point?Thx, but already been there. I've been doing research with functions like zwGetObject, etc...Found this post, but it seems to be abandoned: https://www.autoitscript.com/forum/topic/163449-zwopensymboliclinkobject-failing-with-status_object_type_mismatch/This too: http://www.osronline.com/showThread.cfm?link=60292Edit: TyposEdit2: Another update Edited May 15, 2015 by Biatu What is what? What is what.
argumentum Posted May 15, 2015 Posted May 15, 2015 expandcollapse popup; Generated by AutoIt ScriptOMatic ; Description: The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it. Local $wbemFlagReturnImmediately = 0x10 Local $wbemFlagForwardOnly = 0x20 Local $colItems = "" Local $sComputer = "localhost" Local $sReturn="" FileDelete(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt") ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2") ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_DiskDriveToDiskPartition", _ "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) If IsObj($colItems) Then Local $iCounter = 0 For $objItem In $colItems $iCounter += 1 If Not Mod( $iCounter , 100 ) Then ToolTip("...adding "& $iCounter &" of ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn ) $sReturn = "" EndIf $sReturn &= "Antecedent: " & $objItem.Antecedent & @CRLF $sReturn &= "Dependent: " & $objItem.Dependent & @CRLF $sReturn &= @CRLF Next ;ConsoleWrite($sReturn) FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn ) Run(@ComSpec & " /c start " & @TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt" , @TempDir, @SW_HIDE) Else MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_DiskDriveToDiskPartition" ) EndIf #comments-start List of all the Properties and Methods for \root\CIMV2:Win32_DiskDriveToDiskPartition Win32_DiskDriveToDiskPartition Class Qualifiers ----------------------------------------------- 1. Association = -1 2. Description = The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it. 3. dynamic = -1 4. Locale = 1033 5. provider = CIMWin32 6. UUID = {8502C4F9-5FBB-11D2-AAC1-006008C78BC7} Win32_DiskDriveToDiskPartition Class Properties and Property Qualifiers ----------------------------------------------------------------------- 1. Antecedent 1.1. CIMTYPE = ref:Win32_DiskDrive 1.2. Description = The Antecedent reference represents the Win32_DiskDrive containing the properties of the disk drive where the partition exists. 1.3. key = -1 1.4. MappingStrings = WMI|Win32_DiskDrive 1.5. Override = Antecedent 1.6. read = -1 2. Dependent 2.1. CIMTYPE = ref:Win32_DiskPartition 2.2. Description = The Dependent reference represents the Win32_DiskPartition containing the properties of a disk partition residing on the disk drive. 2.3. key = -1 2.4. MappingStrings = WMI|Win32_DiskPartition 2.5. Override = Dependent 2.6. read = -1 Win32_DiskDriveToDiskPartition Class Methods and Method Qualifiers ------------------------------------------------------------------ #Comments-Endhope this helps Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
argumentum Posted May 15, 2015 Posted May 15, 2015 then this: expandcollapse popup#include "Array.au3" Opt("MustDeclareVars",1) Opt("TrayIconDebug",1) Opt("TrayAutoPause",0) ToolTip("mouse over the icon for debug info.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Local $a = _WMI_Win32_LogicalDiskToPartition( "localhost" ) If @error Then MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_LogicalDiskToPartition" ) Else Switch @extended Case 0 ToolTip("Done.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Case 1 ToolTip("Nothing, you've got nothing."&@CR&@CR&"Adjust the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4) Case 2 ToolTip("More than you can chew."&@CR&@CR&"Adjust the ""$iLimit"" or the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4) EndSwitch _Array_Rotate2D( $a ) _ArrayDisplay( $a ,"ScriptOMatic - ""Win32_LogicalDiskToPartition""") EndIf Func _WMI_Win32_LogicalDiskToPartition( $sComputer = "localhost" , $iLimit = 1000 ) ; Generated by AutoIt ScriptOMatic ; Description: The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on. ; Class Methods: ; ; ( this Class did not list methods ) Local $wbemFlagReturnImmediately = 0x10 Local $wbemFlagForwardOnly = 0x20 Local $colItems = "" Local $sReturn="" Local $iExt = 0 If 1 > Int( $iLimit ) Then $iLimit = 1 Local $aReturn[1000][ Int( $iLimit ) + 1] $aReturn[0][0] = 0 $aReturn[0][1] = 0 ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2") ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_LogicalDiskToPartition", _ "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) If IsObj($colItems) Then ; Class Properties: Names: ; $aReturn[ 1 ][ 0 ] = "Antecedent" $aReturn[ 2 ][ 0 ] = "Dependent" $aReturn[ 3 ][ 0 ] = "EndingAddress" $aReturn[ 4 ][ 0 ] = "StartingAddress" $aReturn[0][0] = 4 For $objItem In $colItems $aReturn[0][1] = $aReturn[0][1] + 1 If Not Mod( $aReturn[0][1] , 100 ) Then ToolTip("...adding "& $aReturn[0][1] &" of "&$iLimit &" ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) If $aReturn[0][1] > $iLimit Then $iExt = 2 ExitLoop EndIf ; Class Properties: Values: ; $aReturn[ 1 ][ $aReturn[0][1] ] = $objItem.Antecedent $aReturn[ 2 ][ $aReturn[0][1] ] = $objItem.Dependent $aReturn[ 3 ][ $aReturn[0][1] ] = $objItem.EndingAddress $aReturn[ 4 ][ $aReturn[0][1] ] = $objItem.StartingAddress Next If $aReturn[0][1] = 0 Then $iExt = 1 ReDim $aReturn[$aReturn[0][0] + 1][$aReturn[0][1] + 1] Return SetError( 0 , $iExt , $aReturn ) Else ReDim $aReturn[1][2] Return SetError( 1 , 99 , $aReturn ) EndIf EndFunc Func _Array_Rotate2D(ByRef $a) Local $u1 = UBound($a, 1) - 1 If @error Then Return SetError(1) Local $u2 = UBound($a, 2) - 1 If @error Then Local $n, $m, $u2 = 1 Local $b[$u2][$u1 + 1] For $n = 0 To $u1 For $m = 0 To 0 $b[$m][$n] = $a[$n] Next Next Else Local $n, $m Local $b[$u2 + 1][$u1 + 1] For $n = 0 To $u1 For $m = 0 To $u2 $b[$m][$n] = $a[$n][$m] Next Next EndIf $a = $b EndFunc ;==>_Array_Rotate2D #comments-start List of all the Properties and Methods for \root\CIMV2:Win32_LogicalDiskToPartition Win32_LogicalDiskToPartition Class Qualifiers --------------------------------------------- 1. Association = -1 2. Description = The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on. 3. dynamic = -1 4. Locale = 1033 5. provider = CIMWin32 6. UUID = {8502C4FB-5FBB-11D2-AAC1-006008C78BC7} Win32_LogicalDiskToPartition Class Properties and Property Qualifiers --------------------------------------------------------------------- 1. Antecedent 1.1. CIMTYPE = ref:Win32_DiskPartition 1.2. Description = The Antecedent reference represents the Win32_DiskPartition containing the properties of a disk partition where the logical disk resides. 1.3. key = -1 1.4. MappingStrings = WMI|Win32_DiskPartition 1.5. Max = 1 1.6. Override = Antecedent 1.7. read = -1 2. Dependent 2.1. CIMTYPE = ref:Win32_LogicalDisk 2.2. Description = The Dependent reference represents the Win32_LogicalDisk containing the properties of a logical disk that resides on a physical disk partition. 2.3. key = -1 2.4. MappingStrings = WMI|Win32_LogicalDisk 2.5. Override = Dependent 2.6. read = -1 3. EndingAddress 3.1. CIMTYPE = uint64 3.2. Description = EndingAddress indicates where in lower level storage, the higher level extent ends. This property is useful when mapping non-contiguous extents into a higher level grouping. 3.3. read = -1 4. StartingAddress 4.1. CIMTYPE = uint64 4.2. Description = StartingAddress indicates where in lower level storage, the higher level extent begins. 4.3. read = -1 Win32_LogicalDiskToPartition Class Methods and Method Qualifiers ---------------------------------------------------------------- #Comments-Endbetween these 2 you can pull what you need ? Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Biatu Posted May 15, 2015 Author Posted May 15, 2015 expandcollapsepopupexpandcollapse popup; Generated by AutoIt ScriptOMatic ; Description: The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it. Local $wbemFlagReturnImmediately = 0x10 Local $wbemFlagForwardOnly = 0x20 Local $colItems = "" Local $sComputer = "localhost" Local $sReturn="" FileDelete(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt") ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2") ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_DiskDriveToDiskPartition", _ "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) If IsObj($colItems) Then Local $iCounter = 0 For $objItem In $colItems $iCounter += 1 If Not Mod( $iCounter , 100 ) Then ToolTip("...adding "& $iCounter &" of ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4) FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn ) $sReturn = "" EndIf $sReturn &= "Antecedent: " & $objItem.Antecedent & @CRLF $sReturn &= "Dependent: " & $objItem.Dependent & @CRLF $sReturn &= @CRLF Next ;ConsoleWrite($sReturn) FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn ) Run(@ComSpec & " /c start " & @TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt" , @TempDir, @SW_HIDE) Else MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_DiskDriveToDiskPartition" ) EndIf #comments-start List of all the Properties and Methods for \root\CIMV2:Win32_DiskDriveToDiskPartition Win32_DiskDriveToDiskPartition Class Qualifiers ----------------------------------------------- 1. Association = -1 2. Description = The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it. 3. dynamic = -1 4. Locale = 1033 5. provider = CIMWin32 6. UUID = {8502C4F9-5FBB-11D2-AAC1-006008C78BC7} Win32_DiskDriveToDiskPartition Class Properties and Property Qualifiers ----------------------------------------------------------------------- 1. Antecedent 1.1. CIMTYPE = ref:Win32_DiskDrive 1.2. Description = The Antecedent reference represents the Win32_DiskDrive containing the properties of the disk drive where the partition exists. 1.3. key = -1 1.4. MappingStrings = WMI|Win32_DiskDrive 1.5. Override = Antecedent 1.6. read = -1 2. Dependent 2.1. CIMTYPE = ref:Win32_DiskPartition 2.2. Description = The Dependent reference represents the Win32_DiskPartition containing the properties of a disk partition residing on the disk drive. 2.3. key = -1 2.4. MappingStrings = WMI|Win32_DiskPartition 2.5. Override = Dependent 2.6. read = -1 Win32_DiskDriveToDiskPartition Class Methods and Method Qualifiers ------------------------------------------------------------------ #Comments-End hope this helpsthen this: expandcollapsepopupexpandcollapse popup#include "Array.au3" Opt("MustDeclareVars",1) Opt("TrayIconDebug",1) Opt("TrayAutoPause",0) ToolTip("mouse over the icon for debug info.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Local $a = _WMI_Win32_LogicalDiskToPartition( "localhost" ) If @error Then MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_LogicalDiskToPartition" ) Else Switch @extended Case 0 ToolTip("Done.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Case 1 ToolTip("Nothing, you've got nothing."&@CR&@CR&"Adjust the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4) Case 2 ToolTip("More than you can chew."&@CR&@CR&"Adjust the ""$iLimit"" or the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4) EndSwitch _Array_Rotate2D( $a ) _ArrayDisplay( $a ,"ScriptOMatic - ""Win32_LogicalDiskToPartition""") EndIf Func _WMI_Win32_LogicalDiskToPartition( $sComputer = "localhost" , $iLimit = 1000 ) ; Generated by AutoIt ScriptOMatic ; Description: The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on. ; Class Methods: ; ; ( this Class did not list methods ) Local $wbemFlagReturnImmediately = 0x10 Local $wbemFlagForwardOnly = 0x20 Local $colItems = "" Local $sReturn="" Local $iExt = 0 If 1 > Int( $iLimit ) Then $iLimit = 1 Local $aReturn[1000][ Int( $iLimit ) + 1] $aReturn[0][0] = 0 $aReturn[0][1] = 0 ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2") ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_LogicalDiskToPartition", _ "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) If IsObj($colItems) Then ; Class Properties: Names: ; $aReturn[ 1 ][ 0 ] = "Antecedent" $aReturn[ 2 ][ 0 ] = "Dependent" $aReturn[ 3 ][ 0 ] = "EndingAddress" $aReturn[ 4 ][ 0 ] = "StartingAddress" $aReturn[0][0] = 4 For $objItem In $colItems $aReturn[0][1] = $aReturn[0][1] + 1 If Not Mod( $aReturn[0][1] , 100 ) Then ToolTip("...adding "& $aReturn[0][1] &" of "&$iLimit &" ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4) If $aReturn[0][1] > $iLimit Then $iExt = 2 ExitLoop EndIf ; Class Properties: Values: ; $aReturn[ 1 ][ $aReturn[0][1] ] = $objItem.Antecedent $aReturn[ 2 ][ $aReturn[0][1] ] = $objItem.Dependent $aReturn[ 3 ][ $aReturn[0][1] ] = $objItem.EndingAddress $aReturn[ 4 ][ $aReturn[0][1] ] = $objItem.StartingAddress Next If $aReturn[0][1] = 0 Then $iExt = 1 ReDim $aReturn[$aReturn[0][0] + 1][$aReturn[0][1] + 1] Return SetError( 0 , $iExt , $aReturn ) Else ReDim $aReturn[1][2] Return SetError( 1 , 99 , $aReturn ) EndIf EndFunc Func _Array_Rotate2D(ByRef $a) Local $u1 = UBound($a, 1) - 1 If @error Then Return SetError(1) Local $u2 = UBound($a, 2) - 1 If @error Then Local $n, $m, $u2 = 1 Local $b[$u2][$u1 + 1] For $n = 0 To $u1 For $m = 0 To 0 $b[$m][$n] = $a[$n] Next Next Else Local $n, $m Local $b[$u2 + 1][$u1 + 1] For $n = 0 To $u1 For $m = 0 To $u2 $b[$m][$n] = $a[$n][$m] Next Next EndIf $a = $b EndFunc ;==>_Array_Rotate2D #comments-start List of all the Properties and Methods for \root\CIMV2:Win32_LogicalDiskToPartition Win32_LogicalDiskToPartition Class Qualifiers --------------------------------------------- 1. Association = -1 2. Description = The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on. 3. dynamic = -1 4. Locale = 1033 5. provider = CIMWin32 6. UUID = {8502C4FB-5FBB-11D2-AAC1-006008C78BC7} Win32_LogicalDiskToPartition Class Properties and Property Qualifiers --------------------------------------------------------------------- 1. Antecedent 1.1. CIMTYPE = ref:Win32_DiskPartition 1.2. Description = The Antecedent reference represents the Win32_DiskPartition containing the properties of a disk partition where the logical disk resides. 1.3. key = -1 1.4. MappingStrings = WMI|Win32_DiskPartition 1.5. Max = 1 1.6. Override = Antecedent 1.7. read = -1 2. Dependent 2.1. CIMTYPE = ref:Win32_LogicalDisk 2.2. Description = The Dependent reference represents the Win32_LogicalDisk containing the properties of a logical disk that resides on a physical disk partition. 2.3. key = -1 2.4. MappingStrings = WMI|Win32_LogicalDisk 2.5. Override = Dependent 2.6. read = -1 3. EndingAddress 3.1. CIMTYPE = uint64 3.2. Description = EndingAddress indicates where in lower level storage, the higher level extent ends. This property is useful when mapping non-contiguous extents into a higher level grouping. 3.3. read = -1 4. StartingAddress 4.1. CIMTYPE = uint64 4.2. Description = StartingAddress indicates where in lower level storage, the higher level extent begins. 4.3. read = -1 Win32_LogicalDiskToPartition Class Methods and Method Qualifiers ---------------------------------------------------------------- #Comments-Endbetween these 2 you can pull what you need ?Thx, I tried ur scripts, and neither of them correlate to arc names. If u get WinObj from SysInternals, u can see them. Another app called ArcPaths Utility does what im attempting. What is what? What is what.
argumentum Posted May 15, 2015 Posted May 15, 2015 Thx, I tried ur scripts, and neither of them correlate to arc names. If u get WinObj from SysInternals, u can see them. Another app called ArcPaths Utility does what im attempting.ok, I'll do. I'm curious Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
argumentum Posted May 15, 2015 Posted May 15, 2015 yeap, no WMI gives info. in those terms. Is a kernel level thing ( https://msdn.microsoft.com/en-us/library/windows/hardware/ff567122(v=vs.85).aspx ) ,the most I get is >root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"<What are you trying to do anyway. Isn't there any way around this ? Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Biatu Posted May 16, 2015 Author Posted May 16, 2015 yeap, no WMI gives info. in those terms. Is a kernel level thing ( https://msdn.microsoft.com/en-us/library/windows/hardware/ff567122(v=vs.85).aspx ) ,the most I get is >root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"<What are you trying to do anyway. Isn't there any way around this ?Well im using WinPE, and im attempting to get the boot wim path. Well it has an ArcPath. So im attempting to convert that to a drive letter.AFAIK no work arounds, and ur right its a kernel level thing. good news is that during some digging around I found out how the ArcPaths utility is working.I ran it with API Monitor (google is ur friend), and after sifting though a ungodly number of API calls, i find four to focus on, that were also referenced in a forum link i posted above...NTOpenDirectoryObjectNTQueryDirectoryObjectNTOpenSymbolicLinkObjectand, lastly NTQuerySymbolicLinkObject.Also in a prior post link DXRW4E has a few functions like this, but since im not familiar with DllCalls very well yet it will take me a minute to interpret them...Here are those funcs... Func _NTAPI_ZwOpenSymbolicLinkObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0) If Not $pObjectAttributes Then Return SetError(87, 87, 0) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess, $SYMBOLIC_LINK_QUERY), "PTR", $pObjectAttributes) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, $arDllCall[1]) EndFunc Func _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $iBuffer = 65534) ;; MaximumLength Limit = 65534 Local $tLinkTarget = DllStructCreate("WCHAR LinkTarget[" & $iBuffer / 2 & "]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer") $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tLinkTarget) If @Error Or $arDllCall[0] Then DllStructSetData($tUNICODE_STRING, 1, 0) ;; "Length" DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tLinkTarget, 1)) ;; "Buffer" Else DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" EndIf $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "STRUCT*", $tUNICODE_STRING, "ULONG*", 0) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[3] > $iBuffer Then Local $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $arDllCall[3]) Return SetError(@Error, @Extended, $sLinkTarget) EndIf Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tLinkTarget, 1)) EndFunc What is what? What is what.
Biatu Posted May 16, 2015 Author Posted May 16, 2015 lol, just found this link after all that...https://randomsourcecode.wordpress.com/2015/03/14/enumerating-deviceobjects-from-user-mode/will check into it more later though...bed Zzzz argumentum 1 What is what? What is what.
Biatu Posted May 16, 2015 Author Posted May 16, 2015 Ok guys, so I modified the source from another topic and I got this, but it mainly only works if you already know the arc path, and I have yet to get the drive letter resolved. expandcollapse popup#RequireAdmin #Region ;Routines Global Static $arDllCall Global Const $OBJ_INHERIT = 0x00000002 Global Const $OBJ_PERMANENT = 0x00000010 Global Const $OBJ_EXCLUSIVE = 0x00000020 Global Const $OBJ_CASE_INSENSITIVE = 0x00000040 Global Const $OBJ_OPENIF = 0x00000080 Global Const $OBJ_OPENLINK = 0x00000100 Global Const $OBJ_KERNEL_HANDLE = 0x00000200 Global Const $OBJ_FORCE_ACCESS_CHECK = 0x00000400 Global Const $OBJ_VALID_ATTRIBUTES = 0x000007F2 Global Const $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE = 0x00000240 Global Const $_STANDARD_RIGHTS_REQUIRED = 0x000F0000 Global Const $SYMBOLIC_LINK_QUERY = 0x0001 Global Const $SYMBOLIC_LINK_ALL_ACCESS = 0x000F0001 ;; BitOR($_STANDARD_RIGHTS_REQUIRED, $SYMBOLIC_LINK_QUERY) ConsoleWrite(ArcNameGetPath()&@CRLF) Func ArcNameGetPath($sArcName="multi(0)disk(0)rdisk(0)") Return GetObject("\ArcName\"&$sArcName) EndFunc Func GetObject($sPath) Local $ulDesiredAccess $pObjectAttributes = _NTAPI_InitializeObjectAttributes($sPath, $OBJ_CASE_INSENSITIVE + $OBJ_KERNEL_HANDLE) $hLinkHandle = _NTAPI_ZwOpenSymbolicLinkObject($pObjectAttributes, $ulDesiredAccess) If @Error Then MsgBox(0, Hex(@Error), $hLinkHandle) $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle) If @Error Then MsgBox(0, Hex(@Error), $sLinkTarget) Return $sLinkTarget EndFunc Func _NTAPI_InitializeObjectAttributes($sObjectName, $ulAttributes = $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE, $hRootDirectory = Null, $pSecurityDescriptor = Null) Static $tObjectName = DllStructCreate("WCHAR ObjectName[256]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer") Static $tOBJECT_ATTRIBUTES = DllStructCreate("ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService") Static $pObjectName = DllStructGetPtr($tObjectName, 1), $POBJECT_ATTRIBUTES = DllStructGetPtr($tOBJECT_ATTRIBUTES, 1), $PUNICODE_STRING = DllStructGetPtr($tUNICODE_STRING, 1) Local $aObjectName, $ulDesiredAccess = 0 If Not $hRootDirectory Then $aObjectName = StringRegExp($sObjectName, "^\h*(?:\\+[^\\]+\\+)?+([^\W\d]*+)((?:32|64)?+(?!\w))\\*+(.*)", 1) If Not @Error Then Switch $aObjectName[0] Case "HKCR","HKEY_CLASSES_ROOT", "CLASSES_ROOT";, "MACHINE\SOFTWARE\Classes" $sObjectName = "\Registry\Machine\SOFTWARE\Classes" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKCU", "HKEY_CURRENT_USER", "CURRENT_USER" $sObjectName = "\Registry\User\CurrentUser" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKLM", "HKEY_LOCAL_MACHINE", "MACHINE" $sObjectName = "\Registry\Machine" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKU", "HKEY_USERS", "USERS" $sObjectName = "\Registry\User" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKCC", "HKEY_CURRENT_CONFIG" ;, "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current" $sObjectName = "\Registry\Machine\SYSTEM\CurrentControlSet\Hardware Profiles\Current" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKLS", "HKEY_CURRENT_USER_LOCAL_SETTINGS" ;, "CURRENT_USER\Software\Classes\Local Settings" $sObjectName = "\Registry\User\CurrentUser\Software\Classes\Local Settings" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") EndSwitch If $aObjectName[1] Then $ulDesiredAccess = $aObjectName[1] == "32" ? 0x200 : 0x100 ;;$KEY_WOW64_64KEY = 0x0100, $KEY_WOW64_32KEY = 0x0200 EndIf EndIf DllStructSetData($tObjectName, 1, $sObjectName) ;; "ObjectName" ;;;;$arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tObjectName) $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "PTR", $PUNICODE_STRING, "PTR", $pObjectName) If @Error Or $arDllCall[0] Then DllStructSetData($tUNICODE_STRING, 1, StringLen($sObjectName) * 2) ;; "Length" DllStructSetData($tUNICODE_STRING, 2, DllStructGetData($tUNICODE_STRING, 1) + 2) ;; "MaximumLength" DllStructSetData($tUNICODE_STRING, 3, $pObjectName) ;; "Buffer" EndIf DllStructSetData($tOBJECT_ATTRIBUTES, 1, DllStructGetSize($tOBJECT_ATTRIBUTES)) ;; "Length" DllStructSetData($tOBJECT_ATTRIBUTES, 2, $hRootDirectory) ;; "RootDirectory" DllStructSetData($tOBJECT_ATTRIBUTES, 3, $PUNICODE_STRING) ;; "ObjectName" DllStructSetData($tOBJECT_ATTRIBUTES, 4, $ulAttributes) ;; "Attributes" ;; BitOR($ulAttributes, 576) ;; 576 = $OBJ_CASE_INSENSITIVE, $OBJ_KERNEL_HANDLE DllStructSetData($tOBJECT_ATTRIBUTES, 5, $pSecurityDescriptor) ;; "SecurityDescriptor" DllStructSetData($tOBJECT_ATTRIBUTES, 6, Null) ;; "SecurityQualityOfService" Return SetExtended($ulDesiredAccess, $POBJECT_ATTRIBUTES) EndFunc Func _NTAPI_ZwOpenKeyEx(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0, $ulOpenOptions = 0) If Not $pObjectAttributes Then Return SetError(87, 87, 0) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenKeyEx", "HANDLE*", 0, "ULONG", $ulDesiredAccess, "PTR", $pObjectAttributes, "ULONG", $ulOpenOptions) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, $arDllCall[1]) EndFunc Func _NTAPI_ZwOpenSymbolicLinkObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0) If Not $pObjectAttributes Then Return SetError(87, 87, 0) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess, $SYMBOLIC_LINK_QUERY), "PTR", $pObjectAttributes) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, $arDllCall[1]) EndFunc Func _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $iBuffer = 65534) ;; MaximumLength Limit = 65534 Local $tLinkTarget = DllStructCreate("WCHAR LinkTarget[" & $iBuffer / 2 & "]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer") $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tLinkTarget) If @Error Or $arDllCall[0] Then DllStructSetData($tUNICODE_STRING, 1, 0) ;; "Length" DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tLinkTarget, 1)) ;; "Buffer" Else DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" EndIf $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "STRUCT*", $tUNICODE_STRING, "ULONG*", 0) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[3] > $iBuffer Then Local $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $arDllCall[3]) Return SetError(@Error, @Extended, $sLinkTarget) EndIf Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tLinkTarget, 1)) EndFunc Func _NTAPI_ZwQueryObject(Const ByRef $hObject, $iObjectInformationClass = 0) Static $tagPUBLIC_OBJECT_BASIC_INFORMATION = "ULONG Attributes;ULONG GrantedAccess;ULONG HandleCount;ULONG PointerCount;ULONG Reserved[10]" Static $tagPUBLIC_OBJECT_TYPE_INFORMATION = "STRUCT;USHORT Length;USHORT MaximumLength;PTR Buffer;ENDSTRUCT;ULONG Reserved[22]" If Not $hObject Or ($iObjectInformationClass <> 0 And $iObjectInformationClass <> 2) Then Return SetError(87, 87, 0) Local $tObjectInformation = $iObjectInformationClass ? DllStructCreate($tagPUBLIC_OBJECT_TYPE_INFORMATION) : DllStructCreate($tagPUBLIC_OBJECT_BASIC_INFORMATION) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", DllStructGetSize($tObjectInformation), "ULONG*", 0) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[0] = 0xC0000004 Then $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", $arDllCall[5], "ULONG*", 0) Return SetError($arDllCall[0], 0, $tObjectInformation) EndFunc Func _NTAPI_ZwClose(Const ByRef $hKeyHandle) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwClose", "HANDLE", $hKeyHandle) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, 0) EndFunc Func _NTAPI_GetRegKeyNameByHandleEx(Const ByRef $hKeyHandle) Local $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[4096]") $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0) If @Error Then Return SetError(@Error, 1, 0) If $arDllCall[5] > $arDllCall[4] Then ;;Or $arDllCall[0] = $STATUS_BUFFER_OVERFLOW Or $arDllCall[0] = $STATUS_BUFFER_TOO_SMALL $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[" & $arDllCall[5] & "]") $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0) EndIf Return SetError($arDllCall[0], ($arDllCall[5] / 2) - 2, DllStructGetData($tKEY_INFORMATION_CLASS, 2)) EndFunc #EndRegion ; Routines What is what? What is what.
Biatu Posted May 16, 2015 Author Posted May 16, 2015 When i get back ima attempt to rebuild this to NTOpenDirectoryObject... Func _NTAPI_ZwQueryObject(Const ByRef $hObject, $iObjectInformationClass = 0) Static $tagPUBLIC_OBJECT_BASIC_INFORMATION = "ULONG Attributes;ULONG GrantedAccess;ULONG HandleCount;ULONG PointerCount;ULONG Reserved[10]" Static $tagPUBLIC_OBJECT_TYPE_INFORMATION = "STRUCT;USHORT Length;USHORT MaximumLength;PTR Buffer;ENDSTRUCT;ULONG Reserved[22]" If Not $hObject Or ($iObjectInformationClass <> 0 And $iObjectInformationClass <> 2) Then Return SetError(87, 87, 0) Local $tObjectInformation = $iObjectInformationClass ? DllStructCreate($tagPUBLIC_OBJECT_TYPE_INFORMATION) : DllStructCreate($tagPUBLIC_OBJECT_BASIC_INFORMATION) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", DllStructGetSize($tObjectInformation), "ULONG*", 0) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[0] = 0xC0000004 Then $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", $arDllCall[5], "ULONG*", 0) Return SetError($arDllCall[0], 0, $tObjectInformation) EndFunc argumentum 1 What is what? What is what.
Biatu Posted May 17, 2015 Author Posted May 17, 2015 (edited) I was successful (I think) at getting a handle from zwOpenDirectoryObject, but cannot get zwQueryDirectoryObject to return anything, keeps getting errors 0xC0000024,(STATUS_OBJECT_TYPE_MISMATCH) And 0xC0000005 (STATUS_ACCESS_VIOLATION).Note: its not unfiltered yet :/Here's script: expandcollapse popup#RequireAdmin #Region ;Routines #Include <WinApiDiag.au3> Global Static $arDllCall Global Const $OBJ_INHERIT=0x00000002 Global Const $OBJ_PERMANENT=0x00000010 Global Const $OBJ_EXCLUSIVE=0x00000020 Global Const $OBJ_CASE_INSENSITIVE=0x00000040 Global Const $OBJ_OPENIF=0x00000080 Global Const $OBJ_OPENLINK=0x00000100 Global Const $OBJ_KERNEL_HANDLE=0x00000200 Global Const $OBJ_FORCE_ACCESS_CHECK=0x00000400 Global Const $OBJ_VALID_ATTRIBUTES=0x000007F2 Global Const $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE=0x00000240 ;Global Const $STANDARD_RIGHTS_REQUIRED=0x000F0000 Global Const $SYMBOLIC_LINK_QUERY=0x0001 Global Const $SYMBOLIC_LINK_ALL_ACCESS=BitOR($STANDARD_RIGHTS_REQUIRED,$SYMBOLIC_LINK_QUERY) Global Const $DIRECTORY_QUERY=0x0001 Global Const $DIRECTORY_TRAVERSE=0x0002 Global Const $DIRECTORY_CREATE_OBJECT=0x0004 Global Const $DIRECTORY_CREATE_SUBDIRECTORY=0x0008 Global Const $DIRECTORY_ALL_ACCESS=BitOR($STANDARD_RIGHTS_REQUIRED,$DIRECTORY_QUERY) Global Const $MAX_PATH=0x00000104 Func ArcNameGetPath($sArcName="multi(0)disk(0)rdisk(0)") Return GetObject("\ArcName\"&$sArcName) EndFunc Test() Func Test($sPath="\") Local $ulDesiredAccess $pObjectAttributes=_NTAPI_InitializeObjectAttributes($sPath, $OBJ_CASE_INSENSITIVE + $OBJ_KERNEL_HANDLE) $hDirectory=_NTAPI_ZwOpenDirectoryObject($pObjectAttributes, $ulDesiredAccess) If @Error Then MsgBox(0, Hex(@Error), $hDirectory) $sDirectory = _NTAPI_ZwQueryDirectoryObject($hDirectory) If @Error Then MsgBox(0, Hex(@Error), $sDirectory) ;MsgBox(64,VarGetType($hDirectory),$hDirectory) Return $sDirectory EndFunc Func GetObject($sPath) Local $ulDesiredAccess $pObjectAttributes = _NTAPI_InitializeObjectAttributes($sPath, $OBJ_CASE_INSENSITIVE + $OBJ_KERNEL_HANDLE) $hLinkHandle = _NTAPI_ZwOpenSymbolicLinkObject($pObjectAttributes, $ulDesiredAccess) If @Error Then MsgBox(0, Hex(@Error), $hLinkHandle) $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle) If @Error Then MsgBox(0, Hex(@Error), $sLinkTarget) Return $sLinkTarget EndFunc Func _NTAPI_InitializeObjectAttributes($sObjectName, $ulAttributes = $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE, $hRootDirectory = Null, $pSecurityDescriptor = Null) Static $tObjectName = DllStructCreate("WCHAR ObjectName[256]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer") Static $tOBJECT_ATTRIBUTES = DllStructCreate("ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService") Static $pObjectName = DllStructGetPtr($tObjectName, 1), $POBJECT_ATTRIBUTES = DllStructGetPtr($tOBJECT_ATTRIBUTES, 1), $PUNICODE_STRING = DllStructGetPtr($tUNICODE_STRING, 1) Local $aObjectName, $ulDesiredAccess = 0 If Not $hRootDirectory Then $aObjectName = StringRegExp($sObjectName, "^\h*(?:\\+[^\\]+\\+)?+([^\W\d]*+)((?:32|64)?+(?!\w))\\*+(.*)", 1) If Not @Error Then Switch $aObjectName[0] Case "HKCR","HKEY_CLASSES_ROOT", "CLASSES_ROOT";, "MACHINE\SOFTWARE\Classes" $sObjectName = "\Registry\Machine\SOFTWARE\Classes" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKCU", "HKEY_CURRENT_USER", "CURRENT_USER" $sObjectName = "\Registry\User\CurrentUser" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKLM", "HKEY_LOCAL_MACHINE", "MACHINE" $sObjectName = "\Registry\Machine" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKU", "HKEY_USERS", "USERS" $sObjectName = "\Registry\User" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKCC", "HKEY_CURRENT_CONFIG" ;, "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current" $sObjectName = "\Registry\Machine\SYSTEM\CurrentControlSet\Hardware Profiles\Current" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") Case "HKLS", "HKEY_CURRENT_USER_LOCAL_SETTINGS" ;, "CURRENT_USER\Software\Classes\Local Settings" $sObjectName = "\Registry\User\CurrentUser\Software\Classes\Local Settings" & StringRegExpReplace($aObjectName[2], "^.", "\\$0") EndSwitch If $aObjectName[1] Then $ulDesiredAccess = $aObjectName[1] == "32" ? 0x200 : 0x100 ;;$KEY_WOW64_64KEY = 0x0100, $KEY_WOW64_32KEY = 0x0200 EndIf EndIf DllStructSetData($tObjectName, 1, $sObjectName) ;; "ObjectName" ;;;;$arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tObjectName) $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "PTR", $PUNICODE_STRING, "PTR", $pObjectName) If @Error Or $arDllCall[0] Then DllStructSetData($tUNICODE_STRING, 1, StringLen($sObjectName) * 2) ;; "Length" DllStructSetData($tUNICODE_STRING, 2, DllStructGetData($tUNICODE_STRING, 1) + 2) ;; "MaximumLength" DllStructSetData($tUNICODE_STRING, 3, $pObjectName) ;; "Buffer" EndIf DllStructSetData($tOBJECT_ATTRIBUTES, 1, DllStructGetSize($tOBJECT_ATTRIBUTES)) ;; "Length" DllStructSetData($tOBJECT_ATTRIBUTES, 2, $hRootDirectory) ;; "RootDirectory" DllStructSetData($tOBJECT_ATTRIBUTES, 3, $PUNICODE_STRING) ;; "ObjectName" DllStructSetData($tOBJECT_ATTRIBUTES, 4, $ulAttributes) ;; "Attributes" ;; BitOR($ulAttributes, 576) ;; 576 = $OBJ_CASE_INSENSITIVE, $OBJ_KERNEL_HANDLE DllStructSetData($tOBJECT_ATTRIBUTES, 5, $pSecurityDescriptor) ;; "SecurityDescriptor" DllStructSetData($tOBJECT_ATTRIBUTES, 6, Null) ;; "SecurityQualityOfService" Return SetExtended($ulDesiredAccess, $POBJECT_ATTRIBUTES) EndFunc Func _NTAPI_ZwOpenKeyEx(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0, $ulOpenOptions = 0) If Not $pObjectAttributes Then Return SetError(87, 87, 0) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenKeyEx", "HANDLE*", 0, "ULONG", $ulDesiredAccess, "PTR", $pObjectAttributes, "ULONG", $ulOpenOptions) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, $arDllCall[1]) EndFunc Func _NTAPI_ZwOpenSymbolicLinkObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0) If Not $pObjectAttributes Then Return SetError(87, 87, 0) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess, $SYMBOLIC_LINK_QUERY), "PTR", $pObjectAttributes) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, $arDllCall[1]) EndFunc Func _NTAPI_ZwOpenDirectoryObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0) If Not $pObjectAttributes Then Return SetError(87, 87, 0) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenDirectoryObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess,$DIRECTORY_QUERY), "PTR", $pObjectAttributes) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, $arDllCall[1]) EndFunc Func _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $iBuffer = 65534) ;; MaximumLength Limit = 65534 Local $tLinkTarget = DllStructCreate("WCHAR LinkTarget[" & $iBuffer / 2 & "]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer") $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tLinkTarget) If @Error Or $arDllCall[0] Then DllStructSetData($tUNICODE_STRING, 1, 0) ;; "Length" DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tLinkTarget, 1)) ;; "Buffer" Else DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" EndIf $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "STRUCT*", $tUNICODE_STRING, "ULONG*", 0) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[3] > $iBuffer Then Local $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $arDllCall[3]) Return SetError(@Error, @Extended, $sLinkTarget) EndIf Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tLinkTarget, 1)) EndFunc Func _NTAPI_ZwQueryDirectoryObject($hDirectory, $iBuffer = 65534) ;; MaximumLength Limit = 65534 Local $tDirectory = DllStructCreate("WCHAR Name["&$iBuffer/2&"]; WCHAR TypeName["&$iBuffer/2&"]"),$tUNICODE_STRING=DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer") $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tDirectory) If @Error Or $arDllCall[0] Then DllStructSetData($tUNICODE_STRING, 1, 0) ;; "Length" DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tDirectory, 1)) ;; "Buffer" Else DllStructSetData($tUNICODE_STRING, 2, $iBuffer) ;; "MaximumLength" EndIf Static $iCurr=0 Static $iRetLen=0 $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryDirectoryObject", "HANDLE", $hDirectory, "STRUCT*", $tUNICODE_STRING, "ULONG",$MAX_PATH,"BOOL",0,"BOOL",0,"ULONG",$iCurr,"ULONG",$iRetLen) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[3] > $iBuffer Then Local $sDirectory = _NTAPI_ZwQueryDirectoryObject($hDirectory, $arDllCall[3]) Return SetError(@Error, @Extended, $sDirectory) EndIf Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tDirectory, 1)) EndFunc Func _NTAPI_ZwQueryObject(Const ByRef $hObject, $iObjectInformationClass = 0) Static $tagPUBLIC_OBJECT_BASIC_INFORMATION = "ULONG Attributes;ULONG GrantedAccess;ULONG HandleCount;ULONG PointerCount;ULONG Reserved[10]" Static $tagPUBLIC_OBJECT_TYPE_INFORMATION = "STRUCT;USHORT Length;USHORT MaximumLength;PTR Buffer;ENDSTRUCT;ULONG Reserved[22]" If Not $hObject Or ($iObjectInformationClass <> 0 And $iObjectInformationClass <> 2) Then Return SetError(87, 87, 0) Local $tObjectInformation = $iObjectInformationClass ? DllStructCreate($tagPUBLIC_OBJECT_TYPE_INFORMATION) : DllStructCreate($tagPUBLIC_OBJECT_BASIC_INFORMATION) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", DllStructGetSize($tObjectInformation), "ULONG*", 0) If @Error Then Return SetError(1, -@Error, 0) If $arDllCall[0] = 0xC0000004 Then $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", $arDllCall[5], "ULONG*", 0) Return SetError($arDllCall[0], 0, $tObjectInformation) EndFunc Func _NTAPI_ZwClose(Const ByRef $hKeyHandle) $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwClose", "HANDLE", $hKeyHandle) If @Error Then Return SetError(1, -@Error, 0) Return SetError($arDllCall[0], 0, 0) EndFunc Func _NTAPI_GetRegKeyNameByHandleEx(Const ByRef $hKeyHandle) Local $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[4096]") $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0) If @Error Then Return SetError(@Error, 1, 0) If $arDllCall[5] > $arDllCall[4] Then ;;Or $arDllCall[0] = $STATUS_BUFFER_OVERFLOW Or $arDllCall[0] = $STATUS_BUFFER_TOO_SMALL $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[" & $arDllCall[5] & "]") $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0) EndIf Return SetError($arDllCall[0], ($arDllCall[5] / 2) - 2, DllStructGetData($tKEY_INFORMATION_CLASS, 2)) EndFunc #EndRegion ; Routines Edited May 17, 2015 by Biatu What is what? What is what.
Danyfirex Posted August 16, 2015 Posted August 16, 2015 A wrote a simple AutoIt example based on this. http://blogs.microsoft.co.il/pavely/2014/02/05/creating-a-winobj-like-tool/ expandcollapse popup#include <Array.au3> Opt("MustDeclareVars", 1) Global Const $DIRECTORY_QUERY = 0x0001 Global Const $DIRECTORY_TRAVERSE = 0x0002 Global Const $sTagUNICODESTRING = "USHORT Length;USHORT MaximumLength;PTR Buffer;" Global Const $sTagOBJECT_ATTRIBUTES="ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService" Local $tUnicodeString = DllStructCreate($sTagUNICODESTRING) Local $pUnicodeString = DllStructGetPtr($tUnicodeString) ConsoleWrite("!$pUnicodeString: " & $pUnicodeString & @CRLF) Local $tSourceString = DllStructCreate("wchar[256]") DllStructSetData($tSourceString, 1, "\ArcName") Local $aRet = DllCall("Ntdll.dll", "NONE", "RtlInitUnicodeString", "ptr", $pUnicodeString, "ptr", DllStructGetPtr($tSourceString)) ConsoleWrite("!$tUnicodeString.Length: " & $tUnicodeString.Length & @CRLF) Local $tObject_Attributes = DllStructCreate($sTagOBJECT_ATTRIBUTES) Local $pObject_Attributes = DllStructGetPtr($tObject_Attributes) ConsoleWrite("!$pObject_Attributes: " & $pObject_Attributes & @CRLF) DllStructSetData($tObject_Attributes, 1, DllStructGetSize($tObject_Attributes)) DllStructSetData($tObject_Attributes, 3, $pUnicodeString) $aRet = DllCall("Ntdll.dll", "LONG", "NtOpenDirectoryObject", "HANDLE*", 0, "ULONG", BitOR($DIRECTORY_TRAVERSE, $DIRECTORY_QUERY), "PTR", $pObject_Attributes) Local $hDirectory = $aRet[1] ConsoleWrite("!$hDirectory: " & $hDirectory & @CRLF) Local $tData = 0 Local $tName = 0 Local $tType = 0 Local $index = 0 Local $bytes = 0 Local $tBuffer = 0 Local $aArcName[0] $tBuffer = DllStructCreate("byte Data[32767]") $aRet = DllCall("Ntdll.dll", "LONG", "NtQueryDirectoryObject", "HANDLE", $hDirectory, "ptr", DllStructGetPtr($tBuffer), "ULONG", 32767, "BOOL", False, "BOOL", True, "ULONG*", 0, "ULONG*", 0) If @error or $aRet[0]<0 then Exit $index = $aRet[6] $bytes = $aRet[7] ConsoleWrite("!index: " & $index & " $bytes: " & $bytes & @CRLF) For $i = 0 To $index - 1 $tData = DllStructCreate($sTagUNICODESTRING & $sTagUNICODESTRING , DllStructGetPtr($tBuffer) + ($i * 16)) $tName = DllStructCreate("wchar wNameString[" & DllStructGetData($tData,1) & "]", DllStructGetData($tData,3)) $tType = DllStructCreate("wChar wTypeString[" & DllStructGetData($tData,4) & "]", DllStructGetData($tData,6)) ConsoleWrite(">" & $i + 1 & @TAB & $tName.wNameString & @TAB & $tType.wTypeString & @CRLF) ReDim $aArcName[UBound($aArcName)+1][2] $aArcName[UBound($aArcName)-1][0]=$tName.wNameString $aArcName[UBound($aArcName)-1][1]=$tType.wTypeString $tType = 0 $tName = 0 $tData = 0 Next _ArrayDisplay($aArcName)I did not implement SimbolicLink. I'm lazy. Saludos argumentum 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
Biatu Posted August 20, 2015 Author Posted August 20, 2015 A wrote a simple AutoIt example based on this. http://blogs.microsoft.co.il/pavely/2014/02/05/creating-a-winobj-like-tool/ expandcollapse popup#include <Array.au3> Opt("MustDeclareVars", 1) Global Const $DIRECTORY_QUERY = 0x0001 Global Const $DIRECTORY_TRAVERSE = 0x0002 Global Const $sTagUNICODESTRING = "USHORT Length;USHORT MaximumLength;PTR Buffer;" Global Const $sTagOBJECT_ATTRIBUTES="ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService" Local $tUnicodeString = DllStructCreate($sTagUNICODESTRING) Local $pUnicodeString = DllStructGetPtr($tUnicodeString) ConsoleWrite("!$pUnicodeString: " & $pUnicodeString & @CRLF) Local $tSourceString = DllStructCreate("wchar[256]") DllStructSetData($tSourceString, 1, "\ArcName") Local $aRet = DllCall("Ntdll.dll", "NONE", "RtlInitUnicodeString", "ptr", $pUnicodeString, "ptr", DllStructGetPtr($tSourceString)) ConsoleWrite("!$tUnicodeString.Length: " & $tUnicodeString.Length & @CRLF) Local $tObject_Attributes = DllStructCreate($sTagOBJECT_ATTRIBUTES) Local $pObject_Attributes = DllStructGetPtr($tObject_Attributes) ConsoleWrite("!$pObject_Attributes: " & $pObject_Attributes & @CRLF) DllStructSetData($tObject_Attributes, 1, DllStructGetSize($tObject_Attributes)) DllStructSetData($tObject_Attributes, 3, $pUnicodeString) $aRet = DllCall("Ntdll.dll", "LONG", "NtOpenDirectoryObject", "HANDLE*", 0, "ULONG", BitOR($DIRECTORY_TRAVERSE, $DIRECTORY_QUERY), "PTR", $pObject_Attributes) Local $hDirectory = $aRet[1] ConsoleWrite("!$hDirectory: " & $hDirectory & @CRLF) Local $tData = 0 Local $tName = 0 Local $tType = 0 Local $index = 0 Local $bytes = 0 Local $tBuffer = 0 Local $aArcName[0] $tBuffer = DllStructCreate("byte Data[32767]") $aRet = DllCall("Ntdll.dll", "LONG", "NtQueryDirectoryObject", "HANDLE", $hDirectory, "ptr", DllStructGetPtr($tBuffer), "ULONG", 32767, "BOOL", False, "BOOL", True, "ULONG*", 0, "ULONG*", 0) If @error or $aRet[0]<0 then Exit $index = $aRet[6] $bytes = $aRet[7] ConsoleWrite("!index: " & $index & " $bytes: " & $bytes & @CRLF) For $i = 0 To $index - 1 $tData = DllStructCreate($sTagUNICODESTRING & $sTagUNICODESTRING , DllStructGetPtr($tBuffer) + ($i * 16)) $tName = DllStructCreate("wchar wNameString[" & DllStructGetData($tData,1) & "]", DllStructGetData($tData,3)) $tType = DllStructCreate("wChar wTypeString[" & DllStructGetData($tData,4) & "]", DllStructGetData($tData,6)) ConsoleWrite(">" & $i + 1 & @TAB & $tName.wNameString & @TAB & $tType.wTypeString & @CRLF) ReDim $aArcName[UBound($aArcName)+1][2] $aArcName[UBound($aArcName)-1][0]=$tName.wNameString $aArcName[UBound($aArcName)-1][1]=$tType.wTypeString $tType = 0 $tName = 0 $tData = 0 Next _ArrayDisplay($aArcName)I did not implement SimbolicLink. I'm lazy. SaludosThanks Danyfirex! What is what? What is what.
Danyfirex Posted August 21, 2015 Posted August 21, 2015 You're wellcome. let me know if need implement SimbolicLink.Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
Biatu Posted September 6, 2015 Author Posted September 6, 2015 You're wellcome. let me know if need implement SimbolicLink.SaludosIf you want, that'd be great What is what? What is what.
Danyfirex Posted September 6, 2015 Posted September 6, 2015 mmm I'm free right now so. I'll wanna eat something first. but I'll back in about 900000 milisegundos with the code I think. Saludos Biatu 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
Danyfirex Posted September 6, 2015 Posted September 6, 2015 it took me more about 1200000 milisegundos expandcollapse popup;Danyfirex 06/09/2015 #include <Array.au3> #include <WinAPI.au3> Opt("MustDeclareVars", 1) Global Const $DIRECTORY_QUERY = 0x0001 Global Const $DIRECTORY_TRAVERSE = 0x0002 Global Const $sTagUNICODESTRING = "USHORT Length;USHORT MaximumLength;PTR Buffer;" Global Const $sTagOBJECT_ATTRIBUTES = "ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService" Local $aSubObject = 0 Local $aObjects = _GetObjects() _ArrayDisplay($aObjects, "\", Default, Default, Default, "Name|Type|SymLink") If IsArray($aObjects) Then For $i = 0 To UBound($aObjects) - 1 If $aObjects[$i][1] = "Directory" Then $aSubObject = _GetObjects($aObjects[$i][0]) If IsArray($aSubObject) Then _ArrayDisplay($aSubObject, $aObjects[$i][0], Default, Default, Default, "Name|Type|SymLink") EndIf EndIf Next EndIf Func _GetObjects($sSource = "\") If $sSource <> "\" Then $sSource = "\" & $sSource Local $tNameSource = _tName($sSource) Local $tUnicodeString = _RtlInitUnicodeString($tNameSource) Local $pUnicodeString = DllStructGetPtr($tUnicodeString) Local $tObject_Attributes = _InitializeObjectAttributes($pUnicodeString) Local $pObject_Attributes = DllStructGetPtr($tObject_Attributes) Local $hDirectory = _NtOpenDirectoryObject($pObject_Attributes, BitOR($DIRECTORY_TRAVERSE, $DIRECTORY_QUERY)) Local $tData = 0 Local $tName = 0 Local $tType = 0 Local $index = 0 Local $bytes = 0 Local $tBuffer = 0 Local $aArcName[0] Local $taName = 0 Local $tStr = 0 Local $tAttr = 0 Local $hLink = 0 Local $taTarget = 0 Local $tTarget = 0 Local $tSTarget = 0 $tBuffer = DllStructCreate("byte Data[32767]") Local $aRet = DllCall("Ntdll.dll", "LONG", "NtQueryDirectoryObject", "HANDLE", $hDirectory, "ptr", DllStructGetPtr($tBuffer), "ULONG", 32767, "BOOL", False, "BOOL", True, "ULONG*", 0, "ULONG*", 0) If @error Or $aRet[0] < 0 Then Return $index = $aRet[6] $bytes = $aRet[7] ConsoleWrite("!index: " & $index & " $bytes: " & $bytes & @CRLF) For $i = 0 To $index - 1 $tData = DllStructCreate($sTagUNICODESTRING & $sTagUNICODESTRING, DllStructGetPtr($tBuffer) + ($i * 16)) $tName = DllStructCreate("wchar wNameString[" & DllStructGetData($tData, 1) & "]", DllStructGetData($tData, 3)) $tType = DllStructCreate("wChar wTypeString[" & DllStructGetData($tData, 4) & "]", DllStructGetData($tData, 6)) $taName = _tName($tName.wNameString) $tStr = _RtlInitUnicodeString($taName) $tAttr = _InitializeObjectAttributes(DllStructGetPtr($tStr), 0, $hDirectory) $hLink = _NtOpenSymbolicLinkObject(DllStructGetPtr($tAttr), $GENERIC_READ) ConsoleWrite("+$hLink: " & $hLink & @CRLF) $taTarget = _tName("") $tTarget = _RtlInitUnicodeString($taTarget) $tTarget.MaximumLength = 512 _NtQuerySymbolicLinkObject($hLink, $tTarget) $tSTarget = DllStructCreate("wchar wString[" & DllStructGetData($tTarget, 1) & "]", DllStructGetData($tTarget, 3)) ReDim $aArcName[UBound($aArcName) + 1][3] $aArcName[UBound($aArcName) - 1][0] = $tName.wNameString $aArcName[UBound($aArcName) - 1][1] = $tType.wTypeString $aArcName[UBound($aArcName) - 1][2] = (IsDllStruct($tSTarget) = 1) ? $tSTarget.wString : "" ;~ ConsoleWrite(">" & $i + 1 & @TAB & $tName.wNameString & @TAB & $tType.wTypeString & @TAB & $tSTarget.wString & @CRLF) $tType = 0 $tName = 0 $tData = 0 $tSTarget = 0 _WinAPI_CloseHandle($hLink) Next Return $aArcName EndFunc ;==>_GetObjects Func _RtlInitUnicodeString($tSourceString) Local $tUnicodeString = DllStructCreate($sTagUNICODESTRING) DllCall("Ntdll.dll", "NONE", "RtlInitUnicodeString", "struct*", $tUnicodeString, "struct*", $tSourceString) If @error Then SetError(@error, 0, 0) Return $tUnicodeString EndFunc ;==>_RtlInitUnicodeString Func _tName($String) Local $t = DllStructCreate("wchar String[512]") DllStructSetData($t, 1, $String) Return $t EndFunc ;==>_tName Func _InitializeObjectAttributes($pObjectName, $ulAttributes = 0, $hRootDirectory = Null, $pSecurityDescriptor = Null) Local $tObject_Attributes = DllStructCreate($sTagOBJECT_ATTRIBUTES) DllStructSetData($tObject_Attributes, 1, DllStructGetSize($tObject_Attributes)) DllStructSetData($tObject_Attributes, 2, $hRootDirectory) DllStructSetData($tObject_Attributes, 3, $pObjectName) Return $tObject_Attributes EndFunc ;==>_InitializeObjectAttributes Func _NtQuerySymbolicLinkObject($hLinkHandle, $tLinkTarget) Local $aRet = DllCall("Ntdll.dll", "LONG", "NtQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "struct*", $tLinkTarget, "ULONG*", 0) If @error Then SetError(@error, 0, 0) If $aRet[0] <> 0 Then SetError(1, 0, 0) EndFunc ;==>_NtQuerySymbolicLinkObject Func _NtOpenDirectoryObject($pObjectAttr, $AccessMask) Local $aRet = DllCall("Ntdll.dll", "LONG", "NtOpenDirectoryObject", "HANDLE*", 0, "ULONG", $AccessMask, "PTR", $pObjectAttr) If @error Then SetError(@error, 0, 0) If $aRet[0] < 0 Or $aRet[1] = 0 Then SetError(1, 0, 0) Return $aRet[1] EndFunc ;==>_NtOpenDirectoryObject ;~ Retur hLink Func _NtOpenSymbolicLinkObject($pObjectAttr, $AccessMask) Local $aRet = DllCall("Ntdll.dll", "LONG", "NtOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", $AccessMask, "PTR", $pObjectAttr) If @error Then Return SetError(@error, 0, 0) If $aRet[0] < 0 Or $aRet[1] = 0 Then Return SetError(1, 0, 0) Return $aRet[1] EndFunc ;==>_NtOpenSymbolicLinkObjectSaludos argumentum and Biatu 2 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now