Jump to content

Help with NtOpenFile

wraithdu

By wraithdu,
in AutoIt Technical Discussion

 Share

Recommended Posts

wraithdu Universalist

wraithdu

Posted
Posted (edited)

EDIT - Awwww, crap. Just figued it out. Stupid.... 1st param in NtOpenFile should be hwnd* :P

I've been trying to get this function working all night, but no luck so far. I keep getting error C0000005 which is STATUS_ACCESS_VIOLATION. Here's the code I have so far. Just create a file 'new.txt' in the same directory as the script. Unfortunately, the "handle" returned by FileOpen is not sufficient to use with the NtQueryInformationFile function.

Any help would be greatly appreciated!

Global Const $FileDirectoryInformation = 1
Global Const $FileFullDirectoryInformation = 2
Global Const $FileBothDirectoryInformation = 3
Global Const $FileBasicInformation = 4
Global Const $FileStandardInformation = 5
Global Const $FileInternalInformation = 6
Global Const $FileEaInformation = 7
Global Const $FileAccessInformation = 8
Global Const $FileNameInformation = 9
Global Const $FileRenameInformation = 10
Global Const $FileLinkInformation = 11
Global Const $FileNamesInformation = 12
Global Const $FileDispositionInformation = 13
Global Const $FilePositionInformation = 14
Global Const $FileFullEaInformation = 15
Global Const $FileModeInformation = 16
Global Const $FileAlignmentInformation = 17
Global Const $FileAllInformation = 18
Global Const $FileAllocationInformation = 19
Global Const $FileEndOfFileInformation = 20
Global Const $FileAlternateNameInformation = 21
Global Const $FileStreamInformation = 22
Global Const $FilePipeInformation = 23
Global Const $FilePipeLocalInformation = 24
Global Const $FilePipeRemoteInformation = 25
Global Const $FileMailslotQueryInformation = 26
Global Const $FileMailslotSetInformation = 27
Global Const $FileCompressionInformation = 28
Global Const $FileCopyOnWriteInformation = 29
Global Const $FileCompletionInformation = 30
Global Const $FileMoveClusterInformation = 31
Global Const $FileQuotaInformation = 32
Global Const $FileReparsePointInformation = 33
Global Const $FileNetworkOpenInformation = 34
Global Const $FileObjectIdInformation = 35
Global Const $FileTrackingInformation = 36
Global Const $FileOleDirectoryInformation = 37
Global Const $FileContentIndexInformation = 38
Global Const $FileInheritContentIndexInformation = 39
Global Const $FileOleInformation = 40
Global Const $FileMaximumInformation = 41

Global Const $READ_CONTROL = 0x20000
Global Const $GENERIC_READ = 0x80000000
Global Const $SYNCHRONIZE = 0x100000
Global Const $OBJ_CASE_INSENSITIVE = 0x00000040
Global Const $OBJ_INHERIT = 0x2
Global Const $FILE_NON_DIRECTORY_FILE = 0x00000040
Global Const $FILE_RANDOM_ACCESS = 0x00000800
Global Const $FILE_SHARE_READ = 0x1

Global Const $tagFILESTREAMINFO = "ulong NextEntryOffset;ulong StreamNameLength;int64 StreamSize;int64 StreamAllocationSize;wchar StreamName"
Global Const $tagIOSTATUSBLOCK = "dword Status;dword Information"
Global Const $tagOBJECTATTRIBUTES = "ulong Length;hwnd RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService"
Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer"

$hNTDLL = DllOpen("ntdll.dll")

$szName = DllStructCreate("wchar[260]")
$sUS = DllStructCreate($tagUNICODESTRING)
$sOA = DllStructCreate($tagOBJECTATTRIBUTES)
$sFSO = DllStructCreate($tagFILESTREAMINFO)
$sISB = DllStructCreate($tagIOSTATUSBLOCK)
$buffer = DllStructCreate("byte[16384]")

$file = "\??\" & @ScriptDir & "\new.txt"
ConsoleWrite($file & @CRLF)

DllStructSetData($szName, 1, $file)
$ret = DllCall($hNTDLL, "none", "RtlInitUnicodeString", "ptr", DllStructGetPtr($sUS), "ptr", DllStructGetPtr($szName))
ConsoleWrite("Length: " & DllStructGetData($sUS, "Length") & @CRLF)
ConsoleWrite("Max: " & DllStructGetData($sUS, "MaximumLength") & @CRLF)
ConsoleWrite("Buff ptr: " & DllStructGetData($sUS, "Buffer") & @CRLF)

DllStructSetData($sOA, "Length", DllStructGetSize($sOA))
DllStructSetData($sOA, "RootDirectory", Chr(0))
DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS))
DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE)
DllStructSetData($sOA, "SecurityDescriptor", Chr(0))
DllStructSetData($sOA, "SecurityQualityOfService", Chr(0))

$ret = DllCall($hNTDLL, "int", "NtOpenFile", "hwnd", "", "dword", $GENERIC_READ, "ptr", DllStructGetPtr($sOA), "ptr", DllStructGetPtr($sISB), _
                            "ulong", $FILE_SHARE_READ, "ulong", BitOR($FILE_NON_DIRECTORY_FILE, $FILE_RANDOM_ACCESS))
ConsoleWrite("Return: " & Hex($ret[0]) & @CRLF)
$hFile = $ret[1]
ConsoleWrite("hFile: " & $hFile & @CRLF)

$ret = DllCall($hNTDLL, "int", "NtClose", "hwnd", $hFile)
ConsoleWrite("Return: " & Hex($ret[0]) & @CRLF)

DllClose($hNTDLL)
Exit

;~ $ret = DllCall($hNTDLL, "int", "NtQueryInformationFile", "hwnd", $hFile, "ptr", DllStructGetPtr($sISB), "ptr", DllStructGetPtr($buffer), _
;~                          "int", 16384, "int", $FileStreamInformation)
;~ If @error Then
;~  ConsoleWrite("->Error querying file." & @error & @CRLF)
;~  Exit
;~ EndIf

;~ ConsoleWrite(">" & Hex($ret[0]) & @CRLF)
;~ If NT_SUCCESS($ret[0]) Then
;~  ConsoleWrite("+>Successful query." & @CRLF)
;~ EndIf

;~ $ret = DllCall($hNTDLL, "int", "NtClose", "hwnd", $hFile)
;~ ConsoleWrite("Return: " & Hex($ret[0]) & @CRLF)

;~ Func NT_SUCCESS($status)
;~  If 0 <= $status And $status <= 0x7FFFFFFF Then
;~      Return True
;~  Else
;~      Return False
;~  EndIf
;~ EndFunc
Edited by wraithdu
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...