Jump to content
Biatu

Help getting drive letter from an Arc Path?

Recommended Posts

Biatu

Hello, when using winObj from sysinternals, there is an entry called Arc Names, with entries like this "MULTI(0)DISK(0)RDISK(0)PARTITION(2)" and their respective drive paths. I tried running some debug programs and still can't seem to find a method to get those entries.

Can anyone help?


What is what? What is what.

Share this post


Link to post
Share on other sites
water

Maybe this is a good starting point?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
Biatu

Maybe this is a good starting point?

​Thx, but already been there. I've been doing research with functions like zwGetObject, etc...
Found this post, but it seems to be abandoned: https://www.autoitscript.com/forum/topic/163449-zwopensymboliclinkobject-failing-with-status_object_type_mismatch/

This too: http://www.osronline.com/showThread.cfm?link=60292


Edit: Typos

Edit2: Another update

Edited by Biatu

What is what? What is what.

Share this post


Link to post
Share on other sites
argumentum

; Generated by AutoIt ScriptOMatic

; Description: The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it.

Local $wbemFlagReturnImmediately = 0x10
Local $wbemFlagForwardOnly = 0x20
Local $colItems = ""
Local $sComputer = "localhost"
Local $sReturn=""
FileDelete(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt")
ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2")
ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_DiskDriveToDiskPartition", _
                     "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
If IsObj($colItems) Then

    Local $iCounter = 0
    For $objItem In $colItems
        $iCounter += 1
        If Not Mod( $iCounter , 100 ) Then
            ToolTip("...adding "& $iCounter &" of ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
            FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn )
            $sReturn = ""
        EndIf
        $sReturn &= "Antecedent: " & $objItem.Antecedent & @CRLF
        $sReturn &= "Dependent: " & $objItem.Dependent & @CRLF
        $sReturn &= @CRLF
    Next
    ;ConsoleWrite($sReturn)
    FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn )
    Run(@ComSpec & " /c start " & @TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt" , @TempDir, @SW_HIDE)
Else
    MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_DiskDriveToDiskPartition" )
EndIf





#comments-start

List of all the Properties and Methods for \root\CIMV2:Win32_DiskDriveToDiskPartition


Win32_DiskDriveToDiskPartition Class Qualifiers
-----------------------------------------------

1. Association = -1
2. Description = The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it.
3. dynamic = -1
4. Locale = 1033
5. provider = CIMWin32
6. UUID = {8502C4F9-5FBB-11D2-AAC1-006008C78BC7}


Win32_DiskDriveToDiskPartition Class Properties and Property Qualifiers
-----------------------------------------------------------------------

1. Antecedent
1.1. CIMTYPE = ref:Win32_DiskDrive
1.2. Description = The Antecedent reference represents the Win32_DiskDrive containing the properties of the disk drive where the partition exists.
1.3. key = -1
1.4. MappingStrings = WMI|Win32_DiskDrive
1.5. Override = Antecedent
1.6. read = -1

2. Dependent
2.1. CIMTYPE = ref:Win32_DiskPartition
2.2. Description = The Dependent reference represents the Win32_DiskPartition containing the properties of a disk partition residing on the disk drive.
2.3. key = -1
2.4. MappingStrings = WMI|Win32_DiskPartition
2.5. Override = Dependent
2.6. read = -1


Win32_DiskDriveToDiskPartition Class Methods and Method Qualifiers
------------------------------------------------------------------

#Comments-End

hope this helps

Share this post


Link to post
Share on other sites
argumentum

then this:
 

#include "Array.au3"

Opt("MustDeclareVars",1)
Opt("TrayIconDebug",1)
Opt("TrayAutoPause",0)
ToolTip("mouse over the icon for debug info.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)

Local $a = _WMI_Win32_LogicalDiskToPartition( "localhost" )
If @error Then
    MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_LogicalDiskToPartition" )
Else
    Switch @extended
        Case 0
            ToolTip("Done.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
        Case 1
            ToolTip("Nothing, you've got nothing."&@CR&@CR&"Adjust the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4)
        Case 2
            ToolTip("More than you can chew."&@CR&@CR&"Adjust the ""$iLimit"" or the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4)
    EndSwitch
    _Array_Rotate2D( $a )
    _ArrayDisplay( $a ,"ScriptOMatic - ""Win32_LogicalDiskToPartition""")
EndIf


Func _WMI_Win32_LogicalDiskToPartition( $sComputer = "localhost" , $iLimit = 1000 )

    ; Generated by AutoIt ScriptOMatic

    ; Description: The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on.


    ; Class Methods:
    ;
    ; ( this Class did not list methods )


    Local $wbemFlagReturnImmediately = 0x10
    Local $wbemFlagForwardOnly = 0x20
    Local $colItems = ""
    Local $sReturn=""
    Local $iExt = 0
    If 1 > Int( $iLimit ) Then $iLimit = 1
    Local $aReturn[1000][ Int( $iLimit ) + 1]
    $aReturn[0][0] = 0
    $aReturn[0][1] = 0
    ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
    Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2")
    ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
    Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_LogicalDiskToPartition", _
                         "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
    If IsObj($colItems) Then

        ; Class Properties: Names:
        ;

        $aReturn[ 1 ][ 0 ] = "Antecedent"
        $aReturn[ 2 ][ 0 ] = "Dependent"
        $aReturn[ 3 ][ 0 ] = "EndingAddress"
        $aReturn[ 4 ][ 0 ] = "StartingAddress"
        $aReturn[0][0] = 4
        For $objItem In $colItems
            $aReturn[0][1] = $aReturn[0][1] + 1
            If Not Mod( $aReturn[0][1] , 100 ) Then ToolTip("...adding "& $aReturn[0][1] &" of "&$iLimit &" ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
            If $aReturn[0][1] > $iLimit Then
                $iExt = 2
                ExitLoop
            EndIf

            ; Class Properties: Values:
            ;

            $aReturn[ 1 ][ $aReturn[0][1] ] = $objItem.Antecedent
            $aReturn[ 2 ][ $aReturn[0][1] ] = $objItem.Dependent
            $aReturn[ 3 ][ $aReturn[0][1] ] = $objItem.EndingAddress
            $aReturn[ 4 ][ $aReturn[0][1] ] = $objItem.StartingAddress
        Next
        If $aReturn[0][1] = 0  Then $iExt = 1
        ReDim $aReturn[$aReturn[0][0] + 1][$aReturn[0][1] + 1]
        Return SetError( 0 , $iExt , $aReturn )
    Else
        ReDim $aReturn[1][2]
        Return SetError( 1 , 99 , $aReturn )
    EndIf
EndFunc


Func _Array_Rotate2D(ByRef $a)
    Local $u1 = UBound($a, 1) - 1
    If @error Then Return SetError(1)
    Local $u2 = UBound($a, 2) - 1
    If @error Then
        Local $n, $m, $u2 = 1
        Local $b[$u2][$u1 + 1]
        For $n = 0 To $u1
            For $m = 0 To 0
                $b[$m][$n] = $a[$n]
            Next
        Next
    Else
        Local $n, $m
        Local $b[$u2 + 1][$u1 + 1]
        For $n = 0 To $u1
            For $m = 0 To $u2
                $b[$m][$n] = $a[$n][$m]
            Next
        Next
    EndIf
    $a = $b
EndFunc   ;==>_Array_Rotate2D



#comments-start

List of all the Properties and Methods for \root\CIMV2:Win32_LogicalDiskToPartition


Win32_LogicalDiskToPartition Class Qualifiers
---------------------------------------------

1. Association = -1
2. Description = The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on.
3. dynamic = -1
4. Locale = 1033
5. provider = CIMWin32
6. UUID = {8502C4FB-5FBB-11D2-AAC1-006008C78BC7}


Win32_LogicalDiskToPartition Class Properties and Property Qualifiers
---------------------------------------------------------------------

1. Antecedent
1.1. CIMTYPE = ref:Win32_DiskPartition
1.2. Description = The Antecedent reference represents the Win32_DiskPartition containing the properties of a disk partition where the logical disk resides.
1.3. key = -1
1.4. MappingStrings = WMI|Win32_DiskPartition
1.5. Max = 1
1.6. Override = Antecedent
1.7. read = -1

2. Dependent
2.1. CIMTYPE = ref:Win32_LogicalDisk
2.2. Description = The Dependent reference represents the Win32_LogicalDisk containing the properties of a logical disk that resides on a physical disk partition.
2.3. key = -1
2.4. MappingStrings = WMI|Win32_LogicalDisk
2.5. Override = Dependent
2.6. read = -1

3. EndingAddress
3.1. CIMTYPE = uint64
3.2. Description = EndingAddress indicates where in lower level storage, the higher level extent ends. This property is useful when mapping non-contiguous extents into a higher level grouping.
3.3. read = -1

4. StartingAddress
4.1. CIMTYPE = uint64
4.2. Description = StartingAddress indicates where in lower level storage, the higher level extent begins.
4.3. read = -1


Win32_LogicalDiskToPartition Class Methods and Method Qualifiers
----------------------------------------------------------------

#Comments-End

between these 2 you can pull what you need ?

Share this post


Link to post
Share on other sites
Biatu

 

expandcollapsepopup

; Generated by AutoIt ScriptOMatic

; Description: The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it.

Local $wbemFlagReturnImmediately = 0x10
Local $wbemFlagForwardOnly = 0x20
Local $colItems = ""
Local $sComputer = "localhost"
Local $sReturn=""
FileDelete(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt")
ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2")
ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_DiskDriveToDiskPartition", _
                     "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
If IsObj($colItems) Then

    Local $iCounter = 0
    For $objItem In $colItems
        $iCounter += 1
        If Not Mod( $iCounter , 100 ) Then
            ToolTip("...adding "& $iCounter &" of ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_DiskDriveToDiskPartition",1,4)
            FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn )
            $sReturn = ""
        EndIf
        $sReturn &= "Antecedent: " & $objItem.Antecedent & @CRLF
        $sReturn &= "Dependent: " & $objItem.Dependent & @CRLF
        $sReturn &= @CRLF
    Next
    ;ConsoleWrite($sReturn)
    FileWriteLine(@TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt", $sReturn )
    Run(@ComSpec & " /c start " & @TempDir & "\ScriptOMatic.Win32_DiskDriveToDiskPartition.txt" , @TempDir, @SW_HIDE)
Else
    MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_DiskDriveToDiskPartition" )
EndIf





#comments-start

List of all the Properties and Methods for \root\CIMV2:Win32_DiskDriveToDiskPartition


Win32_DiskDriveToDiskPartition Class Qualifiers
-----------------------------------------------

1. Association = -1
2. Description = The Win32_DiskDriveToDiskPartition class represents an association between a disk drive and a partition existing on it.
3. dynamic = -1
4. Locale = 1033
5. provider = CIMWin32
6. UUID = {8502C4F9-5FBB-11D2-AAC1-006008C78BC7}


Win32_DiskDriveToDiskPartition Class Properties and Property Qualifiers
-----------------------------------------------------------------------

1. Antecedent
1.1. CIMTYPE = ref:Win32_DiskDrive
1.2. Description = The Antecedent reference represents the Win32_DiskDrive containing the properties of the disk drive where the partition exists.
1.3. key = -1
1.4. MappingStrings = WMI|Win32_DiskDrive
1.5. Override = Antecedent
1.6. read = -1

2. Dependent
2.1. CIMTYPE = ref:Win32_DiskPartition
2.2. Description = The Dependent reference represents the Win32_DiskPartition containing the properties of a disk partition residing on the disk drive.
2.3. key = -1
2.4. MappingStrings = WMI|Win32_DiskPartition
2.5. Override = Dependent
2.6. read = -1


Win32_DiskDriveToDiskPartition Class Methods and Method Qualifiers
------------------------------------------------------------------

#Comments-End

 

hope this helps

then this:
 

expandcollapsepopup

#include "Array.au3"

Opt("MustDeclareVars",1)
Opt("TrayIconDebug",1)
Opt("TrayAutoPause",0)
ToolTip("mouse over the icon for debug info.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)

Local $a = _WMI_Win32_LogicalDiskToPartition( "localhost" )
If @error Then
    MsgBox( 262144 ,"WMI Output","No WMI Objects Found for class: " & "Win32_LogicalDiskToPartition" )
Else
    Switch @extended
        Case 0
            ToolTip("Done.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
        Case 1
            ToolTip("Nothing, you've got nothing."&@CR&@CR&"Adjust the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4)
        Case 2
            ToolTip("More than you can chew."&@CR&@CR&"Adjust the ""$iLimit"" or the query", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",2,4)
    EndSwitch
    _Array_Rotate2D( $a )
    _ArrayDisplay( $a ,"ScriptOMatic - ""Win32_LogicalDiskToPartition""")
EndIf


Func _WMI_Win32_LogicalDiskToPartition( $sComputer = "localhost" , $iLimit = 1000 )

    ; Generated by AutoIt ScriptOMatic

    ; Description: The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on.


    ; Class Methods:
    ;
    ; ( this Class did not list methods )


    Local $wbemFlagReturnImmediately = 0x10
    Local $wbemFlagForwardOnly = 0x20
    Local $colItems = ""
    Local $sReturn=""
    Local $iExt = 0
    If 1 > Int( $iLimit ) Then $iLimit = 1
    Local $aReturn[1000][ Int( $iLimit ) + 1]
    $aReturn[0][0] = 0
    $aReturn[0][1] = 0
    ToolTip("...ObjGet", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
    Local $oWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2")
    ToolTip("...ExecQuery", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
    Local $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_LogicalDiskToPartition", _
                         "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    ToolTip("...ExecQuery executed."& @CR &"...waiting for data.", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
    If IsObj($colItems) Then

        ; Class Properties: Names:
        ;

        $aReturn[ 1 ][ 0 ] = "Antecedent"
        $aReturn[ 2 ][ 0 ] = "Dependent"
        $aReturn[ 3 ][ 0 ] = "EndingAddress"
        $aReturn[ 4 ][ 0 ] = "StartingAddress"
        $aReturn[0][0] = 4
        For $objItem In $colItems
            $aReturn[0][1] = $aReturn[0][1] + 1
            If Not Mod( $aReturn[0][1] , 100 ) Then ToolTip("...adding "& $aReturn[0][1] &" of "&$iLimit &" ??", @DesktopWidth - 30,@DesktopHeight - 130, "ScriptOMatic - Win32_LogicalDiskToPartition",1,4)
            If $aReturn[0][1] > $iLimit Then
                $iExt = 2
                ExitLoop
            EndIf

            ; Class Properties: Values:
            ;

            $aReturn[ 1 ][ $aReturn[0][1] ] = $objItem.Antecedent
            $aReturn[ 2 ][ $aReturn[0][1] ] = $objItem.Dependent
            $aReturn[ 3 ][ $aReturn[0][1] ] = $objItem.EndingAddress
            $aReturn[ 4 ][ $aReturn[0][1] ] = $objItem.StartingAddress
        Next
        If $aReturn[0][1] = 0  Then $iExt = 1
        ReDim $aReturn[$aReturn[0][0] + 1][$aReturn[0][1] + 1]
        Return SetError( 0 , $iExt , $aReturn )
    Else
        ReDim $aReturn[1][2]
        Return SetError( 1 , 99 , $aReturn )
    EndIf
EndFunc


Func _Array_Rotate2D(ByRef $a)
    Local $u1 = UBound($a, 1) - 1
    If @error Then Return SetError(1)
    Local $u2 = UBound($a, 2) - 1
    If @error Then
        Local $n, $m, $u2 = 1
        Local $b[$u2][$u1 + 1]
        For $n = 0 To $u1
            For $m = 0 To 0
                $b[$m][$n] = $a[$n]
            Next
        Next
    Else
        Local $n, $m
        Local $b[$u2 + 1][$u1 + 1]
        For $n = 0 To $u1
            For $m = 0 To $u2
                $b[$m][$n] = $a[$n][$m]
            Next
        Next
    EndIf
    $a = $b
EndFunc   ;==>_Array_Rotate2D



#comments-start

List of all the Properties and Methods for \root\CIMV2:Win32_LogicalDiskToPartition


Win32_LogicalDiskToPartition Class Qualifiers
---------------------------------------------

1. Association = -1
2. Description = The Win32_LogicalDiskToPartition class represents an association between a logical disk drive and the disk partition it resides on.
3. dynamic = -1
4. Locale = 1033
5. provider = CIMWin32
6. UUID = {8502C4FB-5FBB-11D2-AAC1-006008C78BC7}


Win32_LogicalDiskToPartition Class Properties and Property Qualifiers
---------------------------------------------------------------------

1. Antecedent
1.1. CIMTYPE = ref:Win32_DiskPartition
1.2. Description = The Antecedent reference represents the Win32_DiskPartition containing the properties of a disk partition where the logical disk resides.
1.3. key = -1
1.4. MappingStrings = WMI|Win32_DiskPartition
1.5. Max = 1
1.6. Override = Antecedent
1.7. read = -1

2. Dependent
2.1. CIMTYPE = ref:Win32_LogicalDisk
2.2. Description = The Dependent reference represents the Win32_LogicalDisk containing the properties of a logical disk that resides on a physical disk partition.
2.3. key = -1
2.4. MappingStrings = WMI|Win32_LogicalDisk
2.5. Override = Dependent
2.6. read = -1

3. EndingAddress
3.1. CIMTYPE = uint64
3.2. Description = EndingAddress indicates where in lower level storage, the higher level extent ends. This property is useful when mapping non-contiguous extents into a higher level grouping.
3.3. read = -1

4. StartingAddress
4.1. CIMTYPE = uint64
4.2. Description = StartingAddress indicates where in lower level storage, the higher level extent begins.
4.3. read = -1


Win32_LogicalDiskToPartition Class Methods and Method Qualifiers
----------------------------------------------------------------

#Comments-End

between these 2 you can pull what you need ?

Thx, I tried ur scripts, and neither of them correlate to arc names. If u get WinObj from SysInternals, u can see them. Another app called ArcPaths Utility does what im attempting.


What is what? What is what.

Share this post


Link to post
Share on other sites
argumentum

Thx, I tried ur scripts, and neither of them correlate to arc names. If u get WinObj from SysInternals, u can see them. Another app called ArcPaths Utility does what im attempting.

​ok, I'll do. I'm curious :)

Share this post


Link to post
Share on other sites
argumentum

yeap, no WMI gives info. in those terms. Is a kernel level thing ( https://msdn.microsoft.com/en-us/library/windows/hardware/ff567122(v=vs.85).aspx ) ,
the most I get is >root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"<
What are you trying to do anyway. Isn't there any way around this ?

Share this post


Link to post
Share on other sites
Biatu

yeap, no WMI gives info. in those terms. Is a kernel level thing ( https://msdn.microsoft.com/en-us/library/windows/hardware/ff567122(v=vs.85).aspx ) ,
the most I get is >root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"<
What are you trying to do anyway. Isn't there any way around this ?

Well im using WinPE, and im attempting to get the boot wim path. Well it has an ArcPath. So im attempting to convert that to a drive letter.
AFAIK no work arounds, and ur right its a kernel level thing. good news is that during some digging around I found out how the ArcPaths utility is working.

I ran it with API Monitor (google is ur friend), and after sifting though a ungodly number of API calls, i find four to focus on, that were also referenced in a forum link i posted above...

NTOpenDirectoryObject
NTQueryDirectoryObject
NTOpenSymbolicLinkObject
and, lastly NTQuerySymbolicLinkObject.

Also in a prior post link DXRW4E has a few functions like this, but since im not familiar with DllCalls very well yet it will take me a minute to interpret them...

Here are those funcs...
 

Func _NTAPI_ZwOpenSymbolicLinkObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0)
    If Not $pObjectAttributes Then Return SetError(87, 87, 0)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess, $SYMBOLIC_LINK_QUERY), "PTR", $pObjectAttributes)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, $arDllCall[1])
EndFunc


Func _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $iBuffer = 65534) ;; MaximumLength Limit = 65534
    Local $tLinkTarget = DllStructCreate("WCHAR LinkTarget[" & $iBuffer / 2 & "]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer")
    $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tLinkTarget)
    If @Error Or $arDllCall[0] Then
        DllStructSetData($tUNICODE_STRING, 1, 0)  ;; "Length"
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
        DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tLinkTarget, 1)) ;; "Buffer"
    Else
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
    EndIf
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "STRUCT*", $tUNICODE_STRING, "ULONG*", 0)
    If @Error Then Return SetError(1, -@Error, 0)
    If $arDllCall[3] > $iBuffer Then
        Local $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $arDllCall[3])
        Return SetError(@Error, @Extended, $sLinkTarget)
    EndIf
    Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tLinkTarget, 1))
EndFunc

 


What is what? What is what.

Share this post


Link to post
Share on other sites
Biatu

Ok guys, so I modified the source from another topic and I got this, but it mainly only works if you already know the arc path, and I have yet to get the drive letter resolved.
 

#RequireAdmin

#Region ;Routines
Global Static $arDllCall
Global Const $OBJ_INHERIT            = 0x00000002
Global Const $OBJ_PERMANENT          = 0x00000010
Global Const $OBJ_EXCLUSIVE          = 0x00000020
Global Const $OBJ_CASE_INSENSITIVE   = 0x00000040
Global Const $OBJ_OPENIF             = 0x00000080
Global Const $OBJ_OPENLINK           = 0x00000100
Global Const $OBJ_KERNEL_HANDLE      = 0x00000200
Global Const $OBJ_FORCE_ACCESS_CHECK = 0x00000400
Global Const $OBJ_VALID_ATTRIBUTES   = 0x000007F2
Global Const $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE   = 0x00000240
Global Const $_STANDARD_RIGHTS_REQUIRED  = 0x000F0000
Global Const $SYMBOLIC_LINK_QUERY       = 0x0001
Global Const $SYMBOLIC_LINK_ALL_ACCESS  = 0x000F0001  ;; BitOR($_STANDARD_RIGHTS_REQUIRED, $SYMBOLIC_LINK_QUERY)

ConsoleWrite(ArcNameGetPath()&@CRLF)

Func ArcNameGetPath($sArcName="multi(0)disk(0)rdisk(0)")
    Return GetObject("\ArcName\"&$sArcName)
EndFunc

Func GetObject($sPath)
    Local $ulDesiredAccess
    $pObjectAttributes = _NTAPI_InitializeObjectAttributes($sPath, $OBJ_CASE_INSENSITIVE + $OBJ_KERNEL_HANDLE)
    $hLinkHandle = _NTAPI_ZwOpenSymbolicLinkObject($pObjectAttributes, $ulDesiredAccess)
    If @Error Then MsgBox(0, Hex(@Error), $hLinkHandle)
    $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle)
    If @Error Then MsgBox(0, Hex(@Error), $sLinkTarget)
    Return $sLinkTarget
EndFunc

Func _NTAPI_InitializeObjectAttributes($sObjectName, $ulAttributes = $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE, $hRootDirectory = Null, $pSecurityDescriptor = Null)
    Static $tObjectName = DllStructCreate("WCHAR ObjectName[256]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer")
    Static $tOBJECT_ATTRIBUTES = DllStructCreate("ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService")
    Static $pObjectName = DllStructGetPtr($tObjectName, 1), $POBJECT_ATTRIBUTES = DllStructGetPtr($tOBJECT_ATTRIBUTES, 1), $PUNICODE_STRING = DllStructGetPtr($tUNICODE_STRING, 1)
    Local $aObjectName, $ulDesiredAccess = 0
    If Not $hRootDirectory Then
        $aObjectName = StringRegExp($sObjectName, "^\h*(?:\\+[^\\]+\\+)?+([^\W\d]*+)((?:32|64)?+(?!\w))\\*+(.*)", 1)
        If Not @Error Then
            Switch $aObjectName[0]
                Case "HKCR","HKEY_CLASSES_ROOT", "CLASSES_ROOT";, "MACHINE\SOFTWARE\Classes"
                    $sObjectName = "\Registry\Machine\SOFTWARE\Classes" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKCU", "HKEY_CURRENT_USER", "CURRENT_USER"
                    $sObjectName = "\Registry\User\CurrentUser" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKLM", "HKEY_LOCAL_MACHINE", "MACHINE"
                    $sObjectName = "\Registry\Machine" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKU", "HKEY_USERS", "USERS"
                    $sObjectName = "\Registry\User" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKCC", "HKEY_CURRENT_CONFIG" ;, "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current"
                    $sObjectName = "\Registry\Machine\SYSTEM\CurrentControlSet\Hardware Profiles\Current" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKLS", "HKEY_CURRENT_USER_LOCAL_SETTINGS" ;, "CURRENT_USER\Software\Classes\Local Settings"
                    $sObjectName = "\Registry\User\CurrentUser\Software\Classes\Local Settings" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
            EndSwitch
            If $aObjectName[1] Then $ulDesiredAccess = $aObjectName[1] == "32" ? 0x200 : 0x100  ;;$KEY_WOW64_64KEY = 0x0100, $KEY_WOW64_32KEY = 0x0200
        EndIf
    EndIf
    DllStructSetData($tObjectName, 1, $sObjectName)  ;; "ObjectName"
    ;;;;$arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tObjectName)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "PTR", $PUNICODE_STRING, "PTR", $pObjectName)
    If @Error Or $arDllCall[0] Then
        DllStructSetData($tUNICODE_STRING, 1, StringLen($sObjectName) * 2)  ;; "Length"
        DllStructSetData($tUNICODE_STRING, 2, DllStructGetData($tUNICODE_STRING, 1) + 2)  ;; "MaximumLength"
        DllStructSetData($tUNICODE_STRING, 3, $pObjectName) ;; "Buffer"
    EndIf
    DllStructSetData($tOBJECT_ATTRIBUTES, 1, DllStructGetSize($tOBJECT_ATTRIBUTES))  ;; "Length"
    DllStructSetData($tOBJECT_ATTRIBUTES, 2, $hRootDirectory)  ;; "RootDirectory"
    DllStructSetData($tOBJECT_ATTRIBUTES, 3, $PUNICODE_STRING)  ;; "ObjectName"
    DllStructSetData($tOBJECT_ATTRIBUTES, 4, $ulAttributes)  ;; "Attributes" ;; BitOR($ulAttributes, 576) ;; 576 = $OBJ_CASE_INSENSITIVE, $OBJ_KERNEL_HANDLE
    DllStructSetData($tOBJECT_ATTRIBUTES, 5, $pSecurityDescriptor)  ;; "SecurityDescriptor"
    DllStructSetData($tOBJECT_ATTRIBUTES, 6, Null)  ;; "SecurityQualityOfService"
    Return SetExtended($ulDesiredAccess, $POBJECT_ATTRIBUTES)
EndFunc


Func _NTAPI_ZwOpenKeyEx(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0, $ulOpenOptions = 0)
    If Not $pObjectAttributes Then Return SetError(87, 87, 0)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenKeyEx", "HANDLE*", 0, "ULONG", $ulDesiredAccess, "PTR", $pObjectAttributes, "ULONG", $ulOpenOptions)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, $arDllCall[1])
EndFunc


Func _NTAPI_ZwOpenSymbolicLinkObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0)
    If Not $pObjectAttributes Then Return SetError(87, 87, 0)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess, $SYMBOLIC_LINK_QUERY), "PTR", $pObjectAttributes)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, $arDllCall[1])
EndFunc


Func _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $iBuffer = 65534) ;; MaximumLength Limit = 65534
    Local $tLinkTarget = DllStructCreate("WCHAR LinkTarget[" & $iBuffer / 2 & "]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer")
    $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tLinkTarget)
    If @Error Or $arDllCall[0] Then
        DllStructSetData($tUNICODE_STRING, 1, 0)  ;; "Length"
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
        DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tLinkTarget, 1)) ;; "Buffer"
    Else
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
    EndIf
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "STRUCT*", $tUNICODE_STRING, "ULONG*", 0)
    If @Error Then Return SetError(1, -@Error, 0)
    If $arDllCall[3] > $iBuffer Then
        Local $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $arDllCall[3])
        Return SetError(@Error, @Extended, $sLinkTarget)
    EndIf
    Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tLinkTarget, 1))
EndFunc


Func _NTAPI_ZwQueryObject(Const ByRef $hObject, $iObjectInformationClass = 0)
    Static $tagPUBLIC_OBJECT_BASIC_INFORMATION = "ULONG Attributes;ULONG GrantedAccess;ULONG HandleCount;ULONG PointerCount;ULONG Reserved[10]"
    Static $tagPUBLIC_OBJECT_TYPE_INFORMATION = "STRUCT;USHORT Length;USHORT MaximumLength;PTR Buffer;ENDSTRUCT;ULONG Reserved[22]"
    If Not $hObject Or ($iObjectInformationClass <> 0 And $iObjectInformationClass <> 2) Then Return SetError(87, 87, 0)
    Local $tObjectInformation = $iObjectInformationClass ? DllStructCreate($tagPUBLIC_OBJECT_TYPE_INFORMATION) : DllStructCreate($tagPUBLIC_OBJECT_BASIC_INFORMATION)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", DllStructGetSize($tObjectInformation), "ULONG*", 0)
    If @Error Then Return SetError(1, -@Error, 0)
    If $arDllCall[0] = 0xC0000004 Then $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", $arDllCall[5], "ULONG*", 0)
    Return SetError($arDllCall[0], 0, $tObjectInformation)
EndFunc


Func _NTAPI_ZwClose(Const ByRef $hKeyHandle)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwClose", "HANDLE", $hKeyHandle)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, 0)
EndFunc


Func _NTAPI_GetRegKeyNameByHandleEx(Const ByRef $hKeyHandle)
    Local $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[4096]")
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0)
    If @Error Then Return SetError(@Error, 1, 0)
    If $arDllCall[5] > $arDllCall[4] Then ;;Or $arDllCall[0] = $STATUS_BUFFER_OVERFLOW Or $arDllCall[0] = $STATUS_BUFFER_TOO_SMALL
        $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[" & $arDllCall[5] & "]")
        $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0)
    EndIf
    Return SetError($arDllCall[0], ($arDllCall[5] / 2) - 2, DllStructGetData($tKEY_INFORMATION_CLASS, 2))
EndFunc

#EndRegion ; Routines



 


What is what? What is what.

Share this post


Link to post
Share on other sites
Biatu

When i get back ima attempt to rebuild this to NTOpenDirectoryObject...

 

Func _NTAPI_ZwQueryObject(Const ByRef $hObject, $iObjectInformationClass = 0)
        Static $tagPUBLIC_OBJECT_BASIC_INFORMATION = "ULONG Attributes;ULONG GrantedAccess;ULONG HandleCount;ULONG PointerCount;ULONG Reserved[10]"
        Static $tagPUBLIC_OBJECT_TYPE_INFORMATION = "STRUCT;USHORT Length;USHORT MaximumLength;PTR Buffer;ENDSTRUCT;ULONG Reserved[22]"
        If Not $hObject Or ($iObjectInformationClass <> 0 And $iObjectInformationClass <> 2) Then Return SetError(87, 87, 0)
        Local $tObjectInformation = $iObjectInformationClass ? DllStructCreate($tagPUBLIC_OBJECT_TYPE_INFORMATION) : DllStructCreate($tagPUBLIC_OBJECT_BASIC_INFORMATION)
        $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", DllStructGetSize($tObjectInformation), "ULONG*", 0)
        If @Error Then Return SetError(1, -@Error, 0)
        If $arDllCall[0] = 0xC0000004 Then $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", $arDllCall[5], "ULONG*", 0)
        Return SetError($arDllCall[0], 0, $tObjectInformation)
    EndFunc

 

  • Like 1

What is what? What is what.

Share this post


Link to post
Share on other sites
Biatu

I was successful (I think) at getting a handle from zwOpenDirectoryObject, but cannot get zwQueryDirectoryObject to return anything, keeps getting errors 0xC0000024,(STATUS_OBJECT_TYPE_MISMATCH) And 0xC0000005 (STATUS_ACCESS_VIOLATION).

Note: its not unfiltered yet :/
Here's script:
 

#RequireAdmin

#Region ;Routines
#Include <WinApiDiag.au3>
Global Static $arDllCall
Global Const $OBJ_INHERIT=0x00000002
Global Const $OBJ_PERMANENT=0x00000010
Global Const $OBJ_EXCLUSIVE=0x00000020
Global Const $OBJ_CASE_INSENSITIVE=0x00000040
Global Const $OBJ_OPENIF=0x00000080
Global Const $OBJ_OPENLINK=0x00000100
Global Const $OBJ_KERNEL_HANDLE=0x00000200
Global Const $OBJ_FORCE_ACCESS_CHECK=0x00000400
Global Const $OBJ_VALID_ATTRIBUTES=0x000007F2
Global Const $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE=0x00000240
;Global Const $STANDARD_RIGHTS_REQUIRED=0x000F0000
Global Const $SYMBOLIC_LINK_QUERY=0x0001
Global Const $SYMBOLIC_LINK_ALL_ACCESS=BitOR($STANDARD_RIGHTS_REQUIRED,$SYMBOLIC_LINK_QUERY)
Global Const $DIRECTORY_QUERY=0x0001
Global Const $DIRECTORY_TRAVERSE=0x0002
Global Const $DIRECTORY_CREATE_OBJECT=0x0004
Global Const $DIRECTORY_CREATE_SUBDIRECTORY=0x0008
Global Const $DIRECTORY_ALL_ACCESS=BitOR($STANDARD_RIGHTS_REQUIRED,$DIRECTORY_QUERY)
Global Const $MAX_PATH=0x00000104
Func ArcNameGetPath($sArcName="multi(0)disk(0)rdisk(0)")
    Return GetObject("\ArcName\"&$sArcName)
EndFunc
Test()
Func Test($sPath="\")
    Local $ulDesiredAccess
    $pObjectAttributes=_NTAPI_InitializeObjectAttributes($sPath, $OBJ_CASE_INSENSITIVE + $OBJ_KERNEL_HANDLE)
    $hDirectory=_NTAPI_ZwOpenDirectoryObject($pObjectAttributes, $ulDesiredAccess)
    If @Error Then MsgBox(0, Hex(@Error), $hDirectory)
    $sDirectory = _NTAPI_ZwQueryDirectoryObject($hDirectory)
    If @Error Then MsgBox(0, Hex(@Error), $sDirectory)
    ;MsgBox(64,VarGetType($hDirectory),$hDirectory)
    Return $sDirectory
EndFunc

Func GetObject($sPath)
    Local $ulDesiredAccess
    $pObjectAttributes = _NTAPI_InitializeObjectAttributes($sPath, $OBJ_CASE_INSENSITIVE + $OBJ_KERNEL_HANDLE)
    $hLinkHandle = _NTAPI_ZwOpenSymbolicLinkObject($pObjectAttributes, $ulDesiredAccess)
    If @Error Then MsgBox(0, Hex(@Error), $hLinkHandle)
    $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle)
    If @Error Then MsgBox(0, Hex(@Error), $sLinkTarget)
    Return $sLinkTarget
EndFunc

Func _NTAPI_InitializeObjectAttributes($sObjectName, $ulAttributes = $OBJ_CASE_INSENSITIVE_KERNEL_HANDLE, $hRootDirectory = Null, $pSecurityDescriptor = Null)
    Static $tObjectName = DllStructCreate("WCHAR ObjectName[256]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer")
    Static $tOBJECT_ATTRIBUTES = DllStructCreate("ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService")
    Static $pObjectName = DllStructGetPtr($tObjectName, 1), $POBJECT_ATTRIBUTES = DllStructGetPtr($tOBJECT_ATTRIBUTES, 1), $PUNICODE_STRING = DllStructGetPtr($tUNICODE_STRING, 1)
    Local $aObjectName, $ulDesiredAccess = 0
    If Not $hRootDirectory Then
        $aObjectName = StringRegExp($sObjectName, "^\h*(?:\\+[^\\]+\\+)?+([^\W\d]*+)((?:32|64)?+(?!\w))\\*+(.*)", 1)
        If Not @Error Then
            Switch $aObjectName[0]
                Case "HKCR","HKEY_CLASSES_ROOT", "CLASSES_ROOT";, "MACHINE\SOFTWARE\Classes"
                    $sObjectName = "\Registry\Machine\SOFTWARE\Classes" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKCU", "HKEY_CURRENT_USER", "CURRENT_USER"
                    $sObjectName = "\Registry\User\CurrentUser" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKLM", "HKEY_LOCAL_MACHINE", "MACHINE"
                    $sObjectName = "\Registry\Machine" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKU", "HKEY_USERS", "USERS"
                    $sObjectName = "\Registry\User" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKCC", "HKEY_CURRENT_CONFIG" ;, "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current"
                    $sObjectName = "\Registry\Machine\SYSTEM\CurrentControlSet\Hardware Profiles\Current" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
                Case "HKLS", "HKEY_CURRENT_USER_LOCAL_SETTINGS" ;, "CURRENT_USER\Software\Classes\Local Settings"
                    $sObjectName = "\Registry\User\CurrentUser\Software\Classes\Local Settings" & StringRegExpReplace($aObjectName[2], "^.", "\\$0")
            EndSwitch
            If $aObjectName[1] Then $ulDesiredAccess = $aObjectName[1] == "32" ? 0x200 : 0x100  ;;$KEY_WOW64_64KEY = 0x0100, $KEY_WOW64_32KEY = 0x0200
        EndIf
    EndIf
    DllStructSetData($tObjectName, 1, $sObjectName)  ;; "ObjectName"
    ;;;;$arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tObjectName)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "PTR", $PUNICODE_STRING, "PTR", $pObjectName)
    If @Error Or $arDllCall[0] Then
        DllStructSetData($tUNICODE_STRING, 1, StringLen($sObjectName) * 2)  ;; "Length"
        DllStructSetData($tUNICODE_STRING, 2, DllStructGetData($tUNICODE_STRING, 1) + 2)  ;; "MaximumLength"
        DllStructSetData($tUNICODE_STRING, 3, $pObjectName) ;; "Buffer"
    EndIf
    DllStructSetData($tOBJECT_ATTRIBUTES, 1, DllStructGetSize($tOBJECT_ATTRIBUTES))  ;; "Length"
    DllStructSetData($tOBJECT_ATTRIBUTES, 2, $hRootDirectory)  ;; "RootDirectory"
    DllStructSetData($tOBJECT_ATTRIBUTES, 3, $PUNICODE_STRING)  ;; "ObjectName"
    DllStructSetData($tOBJECT_ATTRIBUTES, 4, $ulAttributes)  ;; "Attributes" ;; BitOR($ulAttributes, 576) ;; 576 = $OBJ_CASE_INSENSITIVE, $OBJ_KERNEL_HANDLE
    DllStructSetData($tOBJECT_ATTRIBUTES, 5, $pSecurityDescriptor)  ;; "SecurityDescriptor"
    DllStructSetData($tOBJECT_ATTRIBUTES, 6, Null)  ;; "SecurityQualityOfService"
    Return SetExtended($ulDesiredAccess, $POBJECT_ATTRIBUTES)
EndFunc


Func _NTAPI_ZwOpenKeyEx(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0, $ulOpenOptions = 0)
    If Not $pObjectAttributes Then Return SetError(87, 87, 0)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenKeyEx", "HANDLE*", 0, "ULONG", $ulDesiredAccess, "PTR", $pObjectAttributes, "ULONG", $ulOpenOptions)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, $arDllCall[1])
EndFunc


Func _NTAPI_ZwOpenSymbolicLinkObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0)
    If Not $pObjectAttributes Then Return SetError(87, 87, 0)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess, $SYMBOLIC_LINK_QUERY), "PTR", $pObjectAttributes)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, $arDllCall[1])
EndFunc

Func _NTAPI_ZwOpenDirectoryObject(Const ByRef $pObjectAttributes, $ulDesiredAccess = 0)
    If Not $pObjectAttributes Then Return SetError(87, 87, 0)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwOpenDirectoryObject", "HANDLE*", 0, "ULONG", BitOR($ulDesiredAccess,$DIRECTORY_QUERY), "PTR", $pObjectAttributes)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, $arDllCall[1])
EndFunc


Func _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $iBuffer = 65534) ;; MaximumLength Limit = 65534
    Local $tLinkTarget = DllStructCreate("WCHAR LinkTarget[" & $iBuffer / 2 & "]"), $tUNICODE_STRING = DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer")
    $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tLinkTarget)
    If @Error Or $arDllCall[0] Then
        DllStructSetData($tUNICODE_STRING, 1, 0)  ;; "Length"
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
        DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tLinkTarget, 1)) ;; "Buffer"
    Else
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
    EndIf
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "STRUCT*", $tUNICODE_STRING, "ULONG*", 0)
    If @Error Then Return SetError(1, -@Error, 0)
    If $arDllCall[3] > $iBuffer Then
        Local $sLinkTarget = _NTAPI_ZwQuerySymbolicLinkObject($hLinkHandle, $arDllCall[3])
        Return SetError(@Error, @Extended, $sLinkTarget)
    EndIf
    Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tLinkTarget, 1))
EndFunc

Func _NTAPI_ZwQueryDirectoryObject($hDirectory, $iBuffer = 65534) ;; MaximumLength Limit = 65534
    Local $tDirectory = DllStructCreate("WCHAR Name["&$iBuffer/2&"]; WCHAR TypeName["&$iBuffer/2&"]"),$tUNICODE_STRING=DllStructCreate("USHORT Length;USHORT MaximumLength;PTR Buffer")
    $arDllCall = DllCall("Ntdll.dll", "LONG", "RtlInitUnicodeString", "STRUCT*", $tUNICODE_STRING, "STRUCT*", $tDirectory)
    If @Error Or $arDllCall[0] Then
        DllStructSetData($tUNICODE_STRING, 1, 0)  ;; "Length"
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
        DllStructSetData($tUNICODE_STRING, 3, DllStructGetPtr($tDirectory, 1)) ;; "Buffer"
    Else
        DllStructSetData($tUNICODE_STRING, 2, $iBuffer)  ;; "MaximumLength"
    EndIf
    Static $iCurr=0
    Static $iRetLen=0
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryDirectoryObject", "HANDLE", $hDirectory, "STRUCT*", $tUNICODE_STRING, "ULONG",$MAX_PATH,"BOOL",0,"BOOL",0,"ULONG",$iCurr,"ULONG",$iRetLen)
    If @Error Then Return SetError(1, -@Error, 0)
    If $arDllCall[3] > $iBuffer Then
        Local $sDirectory = _NTAPI_ZwQueryDirectoryObject($hDirectory, $arDllCall[3])
        Return SetError(@Error, @Extended, $sDirectory)
    EndIf
    Return SetError($arDllCall[0], $arDllCall[3], DllStructGetData($tDirectory, 1))
EndFunc


Func _NTAPI_ZwQueryObject(Const ByRef $hObject, $iObjectInformationClass = 0)
    Static $tagPUBLIC_OBJECT_BASIC_INFORMATION = "ULONG Attributes;ULONG GrantedAccess;ULONG HandleCount;ULONG PointerCount;ULONG Reserved[10]"
    Static $tagPUBLIC_OBJECT_TYPE_INFORMATION = "STRUCT;USHORT Length;USHORT MaximumLength;PTR Buffer;ENDSTRUCT;ULONG Reserved[22]"
    If Not $hObject Or ($iObjectInformationClass <> 0 And $iObjectInformationClass <> 2) Then Return SetError(87, 87, 0)
    Local $tObjectInformation = $iObjectInformationClass ? DllStructCreate($tagPUBLIC_OBJECT_TYPE_INFORMATION) : DllStructCreate($tagPUBLIC_OBJECT_BASIC_INFORMATION)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", DllStructGetSize($tObjectInformation), "ULONG*", 0)
    If @Error Then Return SetError(1, -@Error, 0)
    If $arDllCall[0] = 0xC0000004 Then $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryObject", "HANDLE", $hObject, "INT", $iObjectInformationClass, "STRUCT*", $tObjectInformation, "ULONG", $arDllCall[5], "ULONG*", 0)
    Return SetError($arDllCall[0], 0, $tObjectInformation)
EndFunc


Func _NTAPI_ZwClose(Const ByRef $hKeyHandle)
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwClose", "HANDLE", $hKeyHandle)
    If @Error Then Return SetError(1, -@Error, 0)
    Return SetError($arDllCall[0], 0, 0)
EndFunc


Func _NTAPI_GetRegKeyNameByHandleEx(Const ByRef $hKeyHandle)
    Local $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[4096]")
    $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0)
    If @Error Then Return SetError(@Error, 1, 0)
    If $arDllCall[5] > $arDllCall[4] Then ;;Or $arDllCall[0] = $STATUS_BUFFER_OVERFLOW Or $arDllCall[0] = $STATUS_BUFFER_TOO_SMALL
        $tKEY_INFORMATION_CLASS = DllStructCreate("ULONG;WCHAR[" & $arDllCall[5] & "]")
        $arDllCall = DllCall("Ntdll.dll", "LONG", "ZwQueryKey", "ULONG_PTR", $hKeyHandle, "INT", 3, "STRUCT*", $tKEY_INFORMATION_CLASS, "ULONG", DllStructGetSize($tKEY_INFORMATION_CLASS), "ULONG*", 0)
    EndIf
    Return SetError($arDllCall[0], ($arDllCall[5] / 2) - 2, DllStructGetData($tKEY_INFORMATION_CLASS, 2))
EndFunc

#EndRegion ; Routines

 

Edited by Biatu

What is what? What is what.

Share this post


Link to post
Share on other sites
Biatu

Anyone?


What is what? What is what.

Share this post


Link to post
Share on other sites
Danyfirex

A wrote a simple AutoIt example based on this. http://blogs.microsoft.co.il/pavely/2014/02/05/creating-a-winobj-like-tool/

 

#include <Array.au3>

Opt("MustDeclareVars", 1)


Global Const $DIRECTORY_QUERY = 0x0001
Global Const $DIRECTORY_TRAVERSE = 0x0002
Global Const $sTagUNICODESTRING = "USHORT Length;USHORT MaximumLength;PTR Buffer;"
Global Const $sTagOBJECT_ATTRIBUTES="ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService"

Local $tUnicodeString = DllStructCreate($sTagUNICODESTRING)
Local $pUnicodeString = DllStructGetPtr($tUnicodeString)

ConsoleWrite("!$pUnicodeString: " & $pUnicodeString & @CRLF)


Local $tSourceString = DllStructCreate("wchar[256]")
DllStructSetData($tSourceString, 1, "\ArcName")

Local $aRet = DllCall("Ntdll.dll", "NONE", "RtlInitUnicodeString", "ptr", $pUnicodeString, "ptr", DllStructGetPtr($tSourceString))

ConsoleWrite("!$tUnicodeString.Length: " & $tUnicodeString.Length & @CRLF)

Local $tObject_Attributes = DllStructCreate($sTagOBJECT_ATTRIBUTES)
Local $pObject_Attributes = DllStructGetPtr($tObject_Attributes)

ConsoleWrite("!$pObject_Attributes: " & $pObject_Attributes & @CRLF)

DllStructSetData($tObject_Attributes, 1, DllStructGetSize($tObject_Attributes))
DllStructSetData($tObject_Attributes, 3, $pUnicodeString)


$aRet = DllCall("Ntdll.dll", "LONG", "NtOpenDirectoryObject", "HANDLE*", 0, "ULONG", BitOR($DIRECTORY_TRAVERSE, $DIRECTORY_QUERY), "PTR", $pObject_Attributes)

Local $hDirectory = $aRet[1]
ConsoleWrite("!$hDirectory: " & $hDirectory & @CRLF)

Local $tData = 0
Local $tName = 0
Local $tType = 0
Local $index = 0
Local $bytes = 0
Local $tBuffer = 0
Local $aArcName[0]

    $tBuffer = DllStructCreate("byte Data[32767]")

    $aRet = DllCall("Ntdll.dll", "LONG", "NtQueryDirectoryObject", "HANDLE", $hDirectory, "ptr", DllStructGetPtr($tBuffer), "ULONG", 32767, "BOOL", False, "BOOL", True, "ULONG*", 0, "ULONG*", 0)

    If @error or $aRet[0]<0 then Exit

    $index = $aRet[6]
    $bytes = $aRet[7]

    ConsoleWrite("!index: " & $index & " $bytes: " & $bytes & @CRLF)

       For $i = 0 To $index - 1
        $tData = DllStructCreate($sTagUNICODESTRING  & $sTagUNICODESTRING , DllStructGetPtr($tBuffer) + ($i * 16))
        $tName = DllStructCreate("wchar wNameString[" & DllStructGetData($tData,1) & "]", DllStructGetData($tData,3))
        $tType = DllStructCreate("wChar wTypeString[" & DllStructGetData($tData,4) & "]", DllStructGetData($tData,6))
       ConsoleWrite(">" & $i + 1 & @TAB & $tName.wNameString & @TAB & $tType.wTypeString & @CRLF)
       ReDim $aArcName[UBound($aArcName)+1][2]
       $aArcName[UBound($aArcName)-1][0]=$tName.wNameString
       $aArcName[UBound($aArcName)-1][1]=$tType.wTypeString
       $tType = 0
        $tName = 0
        $tData = 0
    Next

_ArrayDisplay($aArcName)

I did not implement SimbolicLink. I'm lazy.

 

Saludos

  • Like 1

Share this post


Link to post
Share on other sites
Biatu

A wrote a simple AutoIt example based on this. http://blogs.microsoft.co.il/pavely/2014/02/05/creating-a-winobj-like-tool/

 

#include <Array.au3>

Opt("MustDeclareVars", 1)


Global Const $DIRECTORY_QUERY = 0x0001
Global Const $DIRECTORY_TRAVERSE = 0x0002
Global Const $sTagUNICODESTRING = "USHORT Length;USHORT MaximumLength;PTR Buffer;"
Global Const $sTagOBJECT_ATTRIBUTES="ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService"

Local $tUnicodeString = DllStructCreate($sTagUNICODESTRING)
Local $pUnicodeString = DllStructGetPtr($tUnicodeString)

ConsoleWrite("!$pUnicodeString: " & $pUnicodeString & @CRLF)


Local $tSourceString = DllStructCreate("wchar[256]")
DllStructSetData($tSourceString, 1, "\ArcName")

Local $aRet = DllCall("Ntdll.dll", "NONE", "RtlInitUnicodeString", "ptr", $pUnicodeString, "ptr", DllStructGetPtr($tSourceString))

ConsoleWrite("!$tUnicodeString.Length: " & $tUnicodeString.Length & @CRLF)

Local $tObject_Attributes = DllStructCreate($sTagOBJECT_ATTRIBUTES)
Local $pObject_Attributes = DllStructGetPtr($tObject_Attributes)

ConsoleWrite("!$pObject_Attributes: " & $pObject_Attributes & @CRLF)

DllStructSetData($tObject_Attributes, 1, DllStructGetSize($tObject_Attributes))
DllStructSetData($tObject_Attributes, 3, $pUnicodeString)


$aRet = DllCall("Ntdll.dll", "LONG", "NtOpenDirectoryObject", "HANDLE*", 0, "ULONG", BitOR($DIRECTORY_TRAVERSE, $DIRECTORY_QUERY), "PTR", $pObject_Attributes)

Local $hDirectory = $aRet[1]
ConsoleWrite("!$hDirectory: " & $hDirectory & @CRLF)

Local $tData = 0
Local $tName = 0
Local $tType = 0
Local $index = 0
Local $bytes = 0
Local $tBuffer = 0
Local $aArcName[0]

    $tBuffer = DllStructCreate("byte Data[32767]")

    $aRet = DllCall("Ntdll.dll", "LONG", "NtQueryDirectoryObject", "HANDLE", $hDirectory, "ptr", DllStructGetPtr($tBuffer), "ULONG", 32767, "BOOL", False, "BOOL", True, "ULONG*", 0, "ULONG*", 0)

    If @error or $aRet[0]<0 then Exit

    $index = $aRet[6]
    $bytes = $aRet[7]

    ConsoleWrite("!index: " & $index & " $bytes: " & $bytes & @CRLF)

       For $i = 0 To $index - 1
        $tData = DllStructCreate($sTagUNICODESTRING  & $sTagUNICODESTRING , DllStructGetPtr($tBuffer) + ($i * 16))
        $tName = DllStructCreate("wchar wNameString[" & DllStructGetData($tData,1) & "]", DllStructGetData($tData,3))
        $tType = DllStructCreate("wChar wTypeString[" & DllStructGetData($tData,4) & "]", DllStructGetData($tData,6))
       ConsoleWrite(">" & $i + 1 & @TAB & $tName.wNameString & @TAB & $tType.wTypeString & @CRLF)
       ReDim $aArcName[UBound($aArcName)+1][2]
       $aArcName[UBound($aArcName)-1][0]=$tName.wNameString
       $aArcName[UBound($aArcName)-1][1]=$tType.wTypeString
       $tType = 0
        $tName = 0
        $tData = 0
    Next

_ArrayDisplay($aArcName)

I did not implement SimbolicLink. I'm lazy.

 

Saludos

Thanks Danyfirex!


What is what? What is what.

Share this post


Link to post
Share on other sites
Danyfirex

You're wellcome. let me know if need implement SimbolicLink.

Saludos

Share this post


Link to post
Share on other sites
Biatu

You're wellcome. let me know if need implement SimbolicLink.

Saludos

If you want, that'd be great :)


What is what? What is what.

Share this post


Link to post
Share on other sites
Danyfirex

mmm I'm free right now so. I'll wanna eat something first. but I'll back in about 900000 milisegundos with the code I think.

 

Saludos

  • Like 1

Share this post


Link to post
Share on other sites
Danyfirex

it took me more about 1200000 milisegundos :'(

;Danyfirex 06/09/2015
#include <Array.au3>
#include <WinAPI.au3>
Opt("MustDeclareVars", 1)


Global Const $DIRECTORY_QUERY = 0x0001
Global Const $DIRECTORY_TRAVERSE = 0x0002
Global Const $sTagUNICODESTRING = "USHORT Length;USHORT MaximumLength;PTR Buffer;"
Global Const $sTagOBJECT_ATTRIBUTES = "ULONG Length;HANDLE RootDirectory;PTR ObjectName;ULONG Attributes;PTR SecurityDescriptor;PTR SecurityQualityOfService"

Local $aSubObject = 0
Local $aObjects = _GetObjects()
_ArrayDisplay($aObjects, "\", Default, Default, Default, "Name|Type|SymLink")

If IsArray($aObjects) Then
    For $i = 0 To UBound($aObjects) - 1
        If $aObjects[$i][1] = "Directory" Then
            $aSubObject = _GetObjects($aObjects[$i][0])
            If IsArray($aSubObject) Then
                _ArrayDisplay($aSubObject, $aObjects[$i][0], Default, Default, Default, "Name|Type|SymLink")
            EndIf
        EndIf
    Next

EndIf


Func _GetObjects($sSource = "\")
    If $sSource <> "\" Then $sSource = "\" & $sSource
    Local $tNameSource = _tName($sSource)
    Local $tUnicodeString = _RtlInitUnicodeString($tNameSource)
    Local $pUnicodeString = DllStructGetPtr($tUnicodeString)

    Local $tObject_Attributes = _InitializeObjectAttributes($pUnicodeString)
    Local $pObject_Attributes = DllStructGetPtr($tObject_Attributes)

    Local $hDirectory = _NtOpenDirectoryObject($pObject_Attributes, BitOR($DIRECTORY_TRAVERSE, $DIRECTORY_QUERY))


    Local $tData = 0
    Local $tName = 0
    Local $tType = 0
    Local $index = 0
    Local $bytes = 0
    Local $tBuffer = 0
    Local $aArcName[0]
    Local $taName = 0
    Local $tStr = 0
    Local $tAttr = 0
    Local $hLink = 0
    Local $taTarget = 0
    Local $tTarget = 0
    Local $tSTarget = 0
    $tBuffer = DllStructCreate("byte Data[32767]")

    Local $aRet = DllCall("Ntdll.dll", "LONG", "NtQueryDirectoryObject", "HANDLE", $hDirectory, "ptr", DllStructGetPtr($tBuffer), "ULONG", 32767, "BOOL", False, "BOOL", True, "ULONG*", 0, "ULONG*", 0)

    If @error Or $aRet[0] < 0 Then Return

    $index = $aRet[6]
    $bytes = $aRet[7]

    ConsoleWrite("!index: " & $index & " $bytes: " & $bytes & @CRLF)

    For $i = 0 To $index - 1
        $tData = DllStructCreate($sTagUNICODESTRING & $sTagUNICODESTRING, DllStructGetPtr($tBuffer) + ($i * 16))
        $tName = DllStructCreate("wchar wNameString[" & DllStructGetData($tData, 1) & "]", DllStructGetData($tData, 3))
        $tType = DllStructCreate("wChar wTypeString[" & DllStructGetData($tData, 4) & "]", DllStructGetData($tData, 6))
        $taName = _tName($tName.wNameString)
        $tStr = _RtlInitUnicodeString($taName)
        $tAttr = _InitializeObjectAttributes(DllStructGetPtr($tStr), 0, $hDirectory)
        $hLink = _NtOpenSymbolicLinkObject(DllStructGetPtr($tAttr), $GENERIC_READ)
        ConsoleWrite("+$hLink: " & $hLink & @CRLF)
        $taTarget = _tName("")
        $tTarget = _RtlInitUnicodeString($taTarget)
        $tTarget.MaximumLength = 512
        _NtQuerySymbolicLinkObject($hLink, $tTarget)
        $tSTarget = DllStructCreate("wchar wString[" & DllStructGetData($tTarget, 1) & "]", DllStructGetData($tTarget, 3))
        ReDim $aArcName[UBound($aArcName) + 1][3]
        $aArcName[UBound($aArcName) - 1][0] = $tName.wNameString
        $aArcName[UBound($aArcName) - 1][1] = $tType.wTypeString
        $aArcName[UBound($aArcName) - 1][2] = (IsDllStruct($tSTarget) = 1) ? $tSTarget.wString : ""
;~  ConsoleWrite(">" & $i + 1 & @TAB & $tName.wNameString & @TAB & $tType.wTypeString & @TAB & $tSTarget.wString & @CRLF)
        $tType = 0
        $tName = 0
        $tData = 0
        $tSTarget = 0
        _WinAPI_CloseHandle($hLink)
    Next

    Return $aArcName

EndFunc   ;==>_GetObjects


Func _RtlInitUnicodeString($tSourceString)
    Local $tUnicodeString = DllStructCreate($sTagUNICODESTRING)
    DllCall("Ntdll.dll", "NONE", "RtlInitUnicodeString", "struct*", $tUnicodeString, "struct*", $tSourceString)
    If @error Then SetError(@error, 0, 0)
    Return $tUnicodeString
EndFunc   ;==>_RtlInitUnicodeString

Func _tName($String)
    Local $t = DllStructCreate("wchar String[512]")
    DllStructSetData($t, 1, $String)
    Return $t
EndFunc   ;==>_tName


Func _InitializeObjectAttributes($pObjectName, $ulAttributes = 0, $hRootDirectory = Null, $pSecurityDescriptor = Null)
    Local $tObject_Attributes = DllStructCreate($sTagOBJECT_ATTRIBUTES)
    DllStructSetData($tObject_Attributes, 1, DllStructGetSize($tObject_Attributes))
    DllStructSetData($tObject_Attributes, 2, $hRootDirectory)
    DllStructSetData($tObject_Attributes, 3, $pObjectName)
    Return $tObject_Attributes
EndFunc   ;==>_InitializeObjectAttributes


Func _NtQuerySymbolicLinkObject($hLinkHandle, $tLinkTarget)
    Local $aRet = DllCall("Ntdll.dll", "LONG", "NtQuerySymbolicLinkObject", "HANDLE", $hLinkHandle, "struct*", $tLinkTarget, "ULONG*", 0)
    If @error Then SetError(@error, 0, 0)
    If $aRet[0] <> 0 Then SetError(1, 0, 0)
EndFunc   ;==>_NtQuerySymbolicLinkObject

Func _NtOpenDirectoryObject($pObjectAttr, $AccessMask)
    Local $aRet = DllCall("Ntdll.dll", "LONG", "NtOpenDirectoryObject", "HANDLE*", 0, "ULONG", $AccessMask, "PTR", $pObjectAttr)
    If @error Then SetError(@error, 0, 0)
    If $aRet[0] < 0 Or $aRet[1] = 0 Then SetError(1, 0, 0)
    Return $aRet[1]

EndFunc   ;==>_NtOpenDirectoryObject

;~ Retur hLink
Func _NtOpenSymbolicLinkObject($pObjectAttr, $AccessMask)
    Local $aRet = DllCall("Ntdll.dll", "LONG", "NtOpenSymbolicLinkObject", "HANDLE*", 0, "ULONG", $AccessMask, "PTR", $pObjectAttr)
    If @error Then Return SetError(@error, 0, 0)
    If $aRet[0] < 0 Or $aRet[1] = 0 Then Return SetError(1, 0, 0)
    Return $aRet[1]
EndFunc   ;==>_NtOpenSymbolicLinkObject

Saludos

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×