NtCreateFile - 似乎无法读取存在的文件
NtCreateFile - can't seem to read a file that exists
我正在尝试使用 NTCreateFile 从磁盘读取 ntdl.dll,但它似乎没有正确读取文件。本机调用没有 return 有效句柄。更熟悉这个本地调用的人能指出这段代码有什么问题吗?谢谢!
FORCEINLINE VOID RtlInitUnicodeString(
_Out_ PUNICODE_STRING DestinationString,
_In_opt_ PWSTR SourceString
)
{
if (SourceString)
DestinationString->MaximumLength = (DestinationString->Length = (USHORT)(wcslen(SourceString) * sizeof(WCHAR))) + sizeof(WCHAR);
else
DestinationString->MaximumLength = DestinationString->Length = 0;
DestinationString->Buffer = SourceString;
}
#define OBJ_CASE_INSENSITIVE 0x00000040
#define FILE_OPEN 0x00000001
#define FILE_DIRECTORY_FILE 0x00000001
#define InitializeObjectAttributes(p, n, a, r, s) { \
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
HANDLE file = NULL;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING f;
UNICODE_STRING fp;
IO_STATUS_BLOCK IoStatusBlock;
WCHAR ntdl[100] = L"\??\\C:\windows\system32\ntdll.dll";
RtlInitUnicodeString(&f, ntdl);
RtlInitUnicodeString(&fp, filepath);
InitializeObjectAttributes(&oa, &f, OBJ_CASE_INSENSITIVE, NULL, NULL);
NtCreateFile(&file, FILE_GENERIC_READ, &oa, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN, FILE_DIRECTORY_FILE, NULL, 0);
- 路径需要是
L"\??\C:\windows\system32\ntdll.dll"
FILE_NON_DIRECTORY_FILE,不是FILE_DIRECTORY_FILE。
我正在尝试使用 NTCreateFile 从磁盘读取 ntdl.dll,但它似乎没有正确读取文件。本机调用没有 return 有效句柄。更熟悉这个本地调用的人能指出这段代码有什么问题吗?谢谢!
FORCEINLINE VOID RtlInitUnicodeString(
_Out_ PUNICODE_STRING DestinationString,
_In_opt_ PWSTR SourceString
)
{
if (SourceString)
DestinationString->MaximumLength = (DestinationString->Length = (USHORT)(wcslen(SourceString) * sizeof(WCHAR))) + sizeof(WCHAR);
else
DestinationString->MaximumLength = DestinationString->Length = 0;
DestinationString->Buffer = SourceString;
}
#define OBJ_CASE_INSENSITIVE 0x00000040
#define FILE_OPEN 0x00000001
#define FILE_DIRECTORY_FILE 0x00000001
#define InitializeObjectAttributes(p, n, a, r, s) { \
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
HANDLE file = NULL;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING f;
UNICODE_STRING fp;
IO_STATUS_BLOCK IoStatusBlock;
WCHAR ntdl[100] = L"\??\\C:\windows\system32\ntdll.dll";
RtlInitUnicodeString(&f, ntdl);
RtlInitUnicodeString(&fp, filepath);
InitializeObjectAttributes(&oa, &f, OBJ_CASE_INSENSITIVE, NULL, NULL);
NtCreateFile(&file, FILE_GENERIC_READ, &oa, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN, FILE_DIRECTORY_FILE, NULL, 0);
- 路径需要是
L"\??\C:\windows\system32\ntdll.dll" FILE_NON_DIRECTORY_FILE,不是FILE_DIRECTORY_FILE。