📄 native.c
字号:
#define _X86_
#include <ntddk.h>
#include "undocnt.h"
#include <stdio.h>
Atoms()
{
ATOM Atom, FindAtom;
NTSTATUS rc;
char Buffer[1000];
return 0;
rc=NtAddAtom(L"Hello",
#ifdef NT50
5,
#endif
&Atom);
if (rc!=0) {
printf("NtAddAtom failed, rc=%x\n", rc);
return 0;
}
printf("Atom=%x\n", Atom);
rc=NtFindAtom(L"Hello",
#ifdef NT50
5,
#endif
&FindAtom);
if (rc!=0) {
printf("NtFindAtom failed, rc=%x\n", rc);
} else {
printf("FindAtom=%x\n", FindAtom);
}
rc=NtQueryInformationAtom(Atom,
AllAtoms,
Buffer,
sizeof(Buffer),
NULL);
if (rc!=0) {
printf("NtQueryInformationAtom with infoclass 'AllAtoms' failed, rc=%x\n", rc);
} else {
PATOMINFOALL pAtomInfoAll;
ULONG i;
pAtomInfoAll=(PATOMINFOALL)Buffer;
for (i=0; i<pAtomInfoAll->TotalNumberOfEntriesInGlobalAtomTable; i++) {
char AnotherBuffer[1024];
printf("%x\n", pAtomInfoAll->AtomValues[i]);
rc=NtQueryInformationAtom(pAtomInfoAll->AtomValues[i],
SingleAtom,
AnotherBuffer,
sizeof(AnotherBuffer),
NULL);
if (rc!=0) {
printf("NtQueryInformationAtom with infoclass 'SingleAtom' failed, rc=%x\n", rc);
} else {
PATOMINFOSINGLE pAtomInfoSingle;
pAtomInfoSingle=(PATOMINFOSINGLE)AnotherBuffer;
printf("\tpAtomInfoSingle->ReferenceCount = %x\n", pAtomInfoSingle->ReferenceCount);
printf("\tpAtomInfoSingle->Unknown = %x\n", pAtomInfoSingle->Unknown);
printf("\tpAtomInfoSingle->AtomStringLength = %x\n", pAtomInfoSingle->AtomStringLength);
printf("\tpAtomInfoSingle->AtomString = %S\n\n", pAtomInfoSingle->AtomString);
}
}
}
rc=NtDeleteAtom(Atom);
if (rc!=0) {
printf("NtDeleteAtom failed, rc=%x\n", rc);
return 0;
}
}
void CreateDirectoryObject()
{
OBJECT_ATTRIBUTES ObjAttr;
UNICODE_STRING uDirectoryName;
HANDLE hDirectory;
NTSTATUS rc;
RtlInitUnicodeString(&uDirectoryName,
L"\\WINDOWS\\Hello");
InitializeObjectAttributes(&ObjAttr,
&uDirectoryName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateDirectoryObject(&hDirectory,
STANDARD_RIGHTS_REQUIRED,
&ObjAttr);
if (rc==STATUS_SUCCESS) {
printf("Directory created\n");
NtClose(hDirectory);
} else {
printf("Directory creation failed, rc=%x\n", rc);
}
}
void OpenDirectoryObject()
{
UNICODE_STRING uDirectoryObject;
OBJECT_ATTRIBUTES ObjAttr;
NTSTATUS rc;
HANDLE hDirectory;
RtlInitUnicodeString(&uDirectoryObject,
L"\\");
InitializeObjectAttributes(&ObjAttr,
&uDirectoryObject,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtOpenDirectoryObject(&hDirectory,
MAXIMUM_ALLOWED,
&ObjAttr);
if (rc==STATUS_SUCCESS) {
printf("NtOpenDirectoryObject: hDirectory = %x\n", hDirectory);
NtClose(hDirectory);
}
}
void QueryDirectoryObject()
{
UNICODE_STRING uDirectoryObject;
OBJECT_ATTRIBUTES ObjAttr;
NTSTATUS rc;
HANDLE hDirectory;
QUERYDIRECTORYOBJECTBUFFER QueryDirectoryObjectBuffer;
ULONG BytesReturned, EntryIndex;
RtlInitUnicodeString(&uDirectoryObject,
L"\\");
InitializeObjectAttributes(&ObjAttr,
&uDirectoryObject,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtOpenDirectoryObject(&hDirectory,
MAXIMUM_ALLOWED,
&ObjAttr);
if (rc==STATUS_SUCCESS) {
printf("NtOpenDirectoryObject: hDirectory = %x\n", hDirectory);
rc=NtQueryDirectoryObject(hDirectory,
&QueryDirectoryObjectBuffer,
sizeof(QueryDirectoryObjectBuffer),
1,
1,
&BytesReturned,
&EntryIndex);
while (rc==STATUS_SUCCESS) {
printf("%x %x %S %S\n", BytesReturned, EntryIndex, QueryDirectoryObjectBuffer.DirectoryEntry.Buffer, QueryDirectoryObjectBuffer.DirectoryEntryType.Buffer);
rc=NtQueryDirectoryObject(hDirectory,
&QueryDirectoryObjectBuffer,
sizeof(QueryDirectoryObjectBuffer),
1,
0,
&BytesReturned,
&EntryIndex);
}
NtClose(hDirectory);
}
}
CreateSymbolicLink()
{
OBJECT_ATTRIBUTES ObjAttr;
UNICODE_STRING uSymbolicLinkName;
UNICODE_STRING uObjectName;
HANDLE hSymbolicLink;
NTSTATUS rc;
RtlInitUnicodeString(&uSymbolicLinkName,
L"\\DosDevices\\M:");
RtlInitUnicodeString(&uObjectName,
L"\\Device\\HardDisk1\\Partition1");
InitializeObjectAttributes(&ObjAttr,
&uSymbolicLinkName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateSymbolicLinkObject(&hSymbolicLink,
SYMBOLIC_LINK_ALL_ACCESS,
&ObjAttr,
&uObjectName);
if (rc==STATUS_SUCCESS) {
printf("Symbolic link created, hSymbolicLink=%x\n", hSymbolicLink);
NtClose(hSymbolicLink);
} else {
printf("NtCreateSymbolicLinkObject failed, rc=%x\n", rc);
}
return 0;
}
OpenSymbolicLink()
{
OBJECT_ATTRIBUTES ObjAttr;
UNICODE_STRING uSymbolicLinkName;
HANDLE hSymbolicLink;
NTSTATUS rc;
RtlInitUnicodeString(&uSymbolicLinkName,
L"\\SystemRoot");
InitializeObjectAttributes(&ObjAttr,
&uSymbolicLinkName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtOpenSymbolicLinkObject(&hSymbolicLink,
MAXIMUM_ALLOWED,
&ObjAttr);
if (rc==STATUS_SUCCESS) {
printf("Symbolic link opened, hSymbolicLink=%x\n", hSymbolicLink);
NtClose(hSymbolicLink);
} else {
printf("NtOpenSymbolicLinkObject failed, rc=%x\n", rc);
}
return 0;
}
QuerySymbolicLink()
{
OBJECT_ATTRIBUTES ObjAttr;
UNICODE_STRING uSymbolicLinkName;
HANDLE hSymbolicLink;
NTSTATUS rc;
UNICODE_STRING uSymbolicLinkContents;
WCHAR Buffer[1000];
RtlInitUnicodeString(&uSymbolicLinkName,
L"\\SystemRoot");
InitializeObjectAttributes(&ObjAttr,
&uSymbolicLinkName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtOpenSymbolicLinkObject(&hSymbolicLink,
MAXIMUM_ALLOWED,
&ObjAttr);
if (rc==STATUS_SUCCESS) {
ULONG BytesReturned;
memset(Buffer, 0, sizeof(Buffer));
RtlInitUnicodeString(&uSymbolicLinkContents, Buffer);
rc=NtQuerySymbolicLinkObject(hSymbolicLink,
&uSymbolicLinkContents,
&BytesReturned);
if (rc==STATUS_SUCCESS) {
printf("Symbolic link contents = %S\n", uSymbolicLinkContents.Buffer);
} else {
printf("NtQuerySymbolicLinkObject failed, rc=%x\n", rc);
}
NtClose(hSymbolicLink);
} else {
printf("NtOpenSymbolicLinkObject failed, rc=%x\n", rc);
}
return 0;
}
QueryObject()
{
NTSTATUS rc;
ULONG BytesReturned;
HANDLE hSemaphore;
ULONG i;
char Buffer[3000];
OBJECT_BASIC_INFO ObjectBasicInfoBuffer;
OBJECT_PROTECTION_INFO ObjectProtectionInfoBuffer;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING SemaphoreName;
RtlInitUnicodeString(&SemaphoreName, L"\\MySemaphore");
InitializeObjectAttributes(&ObjectAttr,
&SemaphoreName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateSemaphore(&hSemaphore,
STANDARD_RIGHTS_REQUIRED|0x03,
&ObjectAttr,
2,
10);
if (rc!=STATUS_SUCCESS) {
printf("Unable to create semaphore\n");
return 0;
}
rc=NtQueryObject(hSemaphore,
ObjectBasicInfo,
&ObjectBasicInfoBuffer,
sizeof(ObjectBasicInfoBuffer),
&BytesReturned);
if (rc==STATUS_SUCCESS) {
printf("NtQueryObject success, BytesReturned=%x\n", BytesReturned);
} else {
printf("NtQueryObject failed, rc=%x\n", rc);
}
rc=NtQueryObject(hSemaphore,
ObjectNameInfo,
Buffer,
sizeof(Buffer),
&BytesReturned);
if (rc==STATUS_SUCCESS) {
POBJECT_NAME_INFO pObjectNameInfoBuffer;
pObjectNameInfoBuffer=(POBJECT_NAME_INFO)Buffer;
printf("NtQueryObject success, BytesReturned=%x\n", BytesReturned);
printf("%S\n", pObjectNameInfoBuffer->ObjectName.Buffer);
} else {
printf("NtQueryObject failed, rc=%x\n", rc);
}
rc=NtQueryObject(hSemaphore,
ObjectTypeInfo,
Buffer,
sizeof(Buffer),
&BytesReturned);
if (rc==STATUS_SUCCESS) {
POBJECT_TYPE_INFO pObjectTypeInfoBuffer;
pObjectTypeInfoBuffer=(POBJECT_TYPE_INFO)Buffer;
printf("NtQueryObject success, BytesReturned=%x\n", BytesReturned);
printf("%S\n", pObjectTypeInfoBuffer->ObjectTypeName.Buffer);
} else {
printf("NtQueryObject failed, rc=%x\n", rc);
}
rc=NtQueryObject(hSemaphore,
ObjectAllTypesInfo,
Buffer,
sizeof(Buffer),
&BytesReturned);
if (rc==STATUS_SUCCESS) {
POBJECT_ALL_TYPES_INFO pObjectAllTypesInfoBuffer;
POBJECT_TYPE_INFO pObjectTypeInfoBuffer;
printf("NtQueryObject success, BytesReturned=%x\n", BytesReturned);
pObjectAllTypesInfoBuffer=(POBJECT_ALL_TYPES_INFO)Buffer;
pObjectTypeInfoBuffer=pObjectAllTypesInfoBuffer->ObjectsTypeInfo;
for (i=0; i<pObjectAllTypesInfoBuffer->NumberOfObjectTypes; i++) {
ULONG Skip;
printf("%S\n", pObjectTypeInfoBuffer->ObjectTypeNameBuffer);
Skip=(ULONG) ((pObjectTypeInfoBuffer->ObjectTypeName.MaximumLength +3)&0xFFFFFFFC);
pObjectTypeInfoBuffer=(POBJECT_TYPE_INFO)(((char *)pObjectTypeInfoBuffer->ObjectTypeName.Buffer)+Skip);
}
} else {
printf("NtQueryObject failed, rc=%x\n", rc);
}
rc=NtQueryObject(hSemaphore,
ObjectProtectionInfo,
&ObjectProtectionInfoBuffer,
sizeof(ObjectProtectionInfoBuffer),
&BytesReturned);
if (rc==STATUS_SUCCESS) {
printf("NtQueryObject success, BytesReturned=%x\n", BytesReturned);
printf("ObjectProtectionInfoBuffer.bInherit = %s\n", ObjectProtectionInfoBuffer.bInherit?"TRUE":"FALSE");
printf("ObjectProtectionInfoBuffer.bProtectHandle = %s\n", ObjectProtectionInfoBuffer.bProtectHandle?"TRUE":"FALSE");
} else {
printf("NtQueryObject failed, rc=%x\n", rc);
}
NtClose(hSemaphore);
return 0;
}
SetObjectInformation()
{
NTSTATUS rc;
HANDLE hSemaphore;
OBJECT_PROTECTION_INFO ObjectProtectionInfoBuffer;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING SemaphoreName;
RtlInitUnicodeString(&SemaphoreName, L"\\MySemaphore");
InitializeObjectAttributes(&ObjectAttr,
&SemaphoreName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateSemaphore(&hSemaphore,
STANDARD_RIGHTS_ALL,
&ObjectAttr,
0,
10);
if (rc!=STATUS_SUCCESS) {
printf("Unable to create semaphore, rc=%x\n", rc);
return 0;
}
ObjectProtectionInfoBuffer.bInherit=TRUE;
ObjectProtectionInfoBuffer.bProtectHandle=TRUE;
rc=NtSetInformationObject(hSemaphore,
ObjectProtectionInfo,
&ObjectProtectionInfoBuffer,
sizeof(ObjectProtectionInfoBuffer));
if (rc==STATUS_SUCCESS) {
printf("NtSetInformationObject success\n");
} else {
printf("NtSetInformationObject failed, rc=%x\n", rc);
}
NtClose(hSemaphore);
return 0;
}
CreateEventObject()
{
NTSTATUS rc;
HANDLE hEvent;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING EventName;
RtlInitUnicodeString(&EventName, L"\\MyEvent");
InitializeObjectAttributes(&ObjectAttr,
&EventName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateEvent(&hEvent,
STANDARD_RIGHTS_ALL,
&ObjectAttr,
SynchronizationEvent,
TRUE);
if (rc!=STATUS_SUCCESS) {
printf("Unable to create event, rc=%x\n", rc);
return 0;
} else {
printf("Event created, hEvent=%x\n", hEvent);
}
NtClose(hEvent);
return 0;
}
OpenEventObject()
{
NTSTATUS rc;
HANDLE hEvent;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING EventName;
RtlInitUnicodeString(&EventName, L"\\BaseNamedObjects\\ScmCreatedEvent");
InitializeObjectAttributes(&ObjectAttr,
&EventName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtOpenEvent(&hEvent,
MAXIMUM_ALLOWED,
&ObjectAttr);
if (rc!=STATUS_SUCCESS) {
printf("Unable to open event, rc=%x\n", rc);
return 0;
} else {
printf("Event opened, hEvent=%x\n", hEvent);
NtClose(hEvent);
}
return 0;
}
void DumpEventInfo(HANDLE hEvent)
{
EVENT_INFO EventInfo;
ULONG BytesReturned;
NTSTATUS rc;
rc=NtQueryEvent(hEvent,
EventBasicInfo,
&EventInfo,
sizeof(EventInfo),
&BytesReturned);
if (rc==STATUS_SUCCESS) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -