📄 native.c
字号:
}
CompletionPort()
{
NTSTATUS rc;
HANDLE hIoCompletionPortCreated, hIoCompletionPortOpened;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING IoCompletionPortName;
ULONG BytesReturned;
IOCOMPLETIONPORT_BASIC_INFO IoCompletionPortBasicInformation;
IO_STATUS_BLOCK IoStatusBlock;
LPOVERLAPPED lpOverLapped=NULL;
OVERLAPPED OverLapped;
ULONG CompletionKey;
RtlInitUnicodeString(&IoCompletionPortName, L"\\MyIoCompletionPort");
InitializeObjectAttributes(&ObjectAttr,
&IoCompletionPortName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateIoCompletion(&hIoCompletionPortCreated,
0x1F0003,
&ObjectAttr,
0);
if (rc!=STATUS_SUCCESS) {
printf("NtCreateIoCompletionPort failed, rc=%x\n", rc);
return 0;
}
printf("hIoCompletionPortCreated=%x\n", hIoCompletionPortCreated);
rc=NtOpenIoCompletion(&hIoCompletionPortOpened,
MAXIMUM_ALLOWED,
&ObjectAttr);
if (rc!=STATUS_SUCCESS) {
printf("NtOpenIoCompletionPort failed, rc=%x\n", rc);
NtClose(hIoCompletionPortCreated);
return 0;
}
printf("hIoCompletionPortOpened=%x\n", hIoCompletionPortOpened);
printf("Address of OverLapped=%x\n", &OverLapped);
rc=NtSetIoCompletion(hIoCompletionPortCreated,
1,
&OverLapped,
STATUS_SUCCESS,
0x10);
if (rc!=STATUS_SUCCESS) {
printf("NtSetIoCompletion failed, rc=%x\n", rc);
goto ExitFunction;
}
rc=NtSetIoCompletion(hIoCompletionPortCreated,
2,
&OverLapped,
STATUS_ACCESS_DENIED,
0x20);
if (rc!=STATUS_SUCCESS) {
printf("NtSetIoCompletion failed, rc=%x\n", rc);
goto ExitFunction;
}
rc=NtQueryIoCompletion(hIoCompletionPortCreated,
IoCompletionPortBasicInfo,
&IoCompletionPortBasicInformation,
sizeof(IoCompletionPortBasicInformation),
&BytesReturned);
if (rc!=STATUS_SUCCESS) {
printf("NtQueryIoCompletion failed, rc=%x\n", rc);
goto ExitFunction;
}
printf("BytesReturned=%x, IoCompletionPortBasicInformation.NumberOfEvents=%x\n", BytesReturned, IoCompletionPortBasicInformation.NumberOfEvents);
rc=NtRemoveIoCompletion(hIoCompletionPortCreated,
&CompletionKey,
&lpOverLapped,
&IoStatusBlock,
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtRemoveIoCompletion failed, rc=%x\n", rc);
goto ExitFunction;
}
printf("CompletionKey = %x\n", CompletionKey);
printf("lpOverLapped = %x\n", lpOverLapped);
printf("IoStatusBlock.Information = %x\n", IoStatusBlock.Information);
printf("IoStatusBlock.Status = %x\n\n", IoStatusBlock.Status);
rc=NtRemoveIoCompletion(hIoCompletionPortCreated,
&CompletionKey,
&lpOverLapped,
&IoStatusBlock,
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtRemoveIoCompletion failed, rc=%x\n", rc);
goto ExitFunction;
}
printf("CompletionKey = %x\n", CompletionKey);
printf("lpOverLapped = %x\n", lpOverLapped);
printf("IoStatusBlock.Information = %x\n", IoStatusBlock.Information);
printf("IoStatusBlock.Status = %x\n", IoStatusBlock.Status);
ExitFunction:
NtClose(hIoCompletionPortCreated);
NtClose(hIoCompletionPortOpened);
}
DeleteFile()
{
UNICODE_STRING FileName;
OBJECT_ATTRIBUTES ObjAttr;
NTSTATUS rc;
RtlInitUnicodeString(&FileName, L"\\??\\h:\\aa");
InitializeObjectAttributes(&ObjAttr,
&FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtDeleteFile(&ObjAttr);
if (rc!=STATUS_SUCCESS) {
printf("NtDeleteFile failed, rc=%x\n", rc);
return 0;
}
printf("File deleted\n");
}
QueryFileAttributes()
{
UNICODE_STRING FileName;
OBJECT_ATTRIBUTES ObjAttr;
NTSTATUS rc;
FILE_BASIC_INFORMATION FileBasicInfo;
printf("%x\n", sizeof(FileBasicInfo));
RtlInitUnicodeString(&FileName, L"\\??\\h:\\aa");
InitializeObjectAttributes(&ObjAttr,
&FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtQueryAttributesFile(&ObjAttr,
&FileBasicInfo);
if (rc!=STATUS_SUCCESS) {
printf("NtQueryAttributesFile failed, rc=%x\n", rc);
return 0;
}
printf("FileBasicInfo.CreationTime = %08x%08x\n", FileBasicInfo.CreationTime);
printf("FileBasicInfo.LastAccessTime = %08x%08x\n", FileBasicInfo.LastAccessTime);
printf("FileBasicInfo.LastWriteTime = %08x%08x\n", FileBasicInfo.LastWriteTime);
printf("FileBasicInfo.ChangeTime = %08x%08x\n", FileBasicInfo.ChangeTime);
printf("FileBasicInfo.FileAttributes = %08x\n", FileBasicInfo.FileAttributes);
}
uuid()
{
LUID Luid;
NTSTATUS rc;
memset(&Luid, 0, sizeof(Luid));
rc=NtAllocateLocallyUniqueId(&Luid);
if (rc!=STATUS_SUCCESS) {
printf("NtAllocateLocallyUniqueId failed, rc=%x\n", rc);
return 0;
}
printf("Luid.LowPart = %x\n", Luid.LowPart);
printf("Luid.HighPart = %x\n", Luid.HighPart);
}
void JobManagement()
{
NTSTATUS rc;
HANDLE hJobCreated, hJobOpened;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING JobName;
PFNNTCREATEJOBOBJECT pfnNtCreateJobObject;
PFNNTOPENJOBOBJECT pfnNtOpenJobObject;
PFNNTASSIGNPROCESSTOJOBOBJECT pfnNtAssignProcessToJobObject;
PFNNTTERMINATEJOBOBJECT pfnNtTerminateJobObject;
PFNNTQUERYINFORMATIONJOBOBJECT pfnNtQueryInformationJobObject;
PFNNTSETINFORMATIONJOBOBJECT pfnNtSetInformationJobObject;
PVOID _stdcall GetProcAddress(PVOID hModule, PCCHAR FunctionName);
PVOID _stdcall GetModuleHandleA(PCCHAR ModuleName);
static char Buffer[4096];
PJOBOBJECT_BASIC_PROCESS_ID_LIST pJobObjectBasicProcessIdList;
PJOBOBJECT_BASIC_UI_RESTRICTIONS pJobObjectBasicUiRestrictions;
ULONG i, BytesReturned;
pfnNtCreateJobObject=(PFNNTCREATEJOBOBJECT)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtCreateJobObject");
if (!pfnNtCreateJobObject) {
return;
}
pfnNtOpenJobObject=(PFNNTOPENJOBOBJECT)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtOpenJobObject");
if (!pfnNtOpenJobObject) {
return;
}
pfnNtAssignProcessToJobObject=(PFNNTASSIGNPROCESSTOJOBOBJECT)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtAssignProcessToJobObject");
if (!pfnNtAssignProcessToJobObject) {
return;
}
pfnNtTerminateJobObject=(PFNNTTERMINATEJOBOBJECT)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtTerminateJobObject");
if (!pfnNtTerminateJobObject) {
return;
}
pfnNtQueryInformationJobObject=(PFNNTQUERYINFORMATIONJOBOBJECT)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtQueryInformationJobObject");
if (!pfnNtQueryInformationJobObject) {
return;
}
pfnNtSetInformationJobObject=(PFNNTSETINFORMATIONJOBOBJECT)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtSetInformationJobObject");
if (!pfnNtSetInformationJobObject) {
return;
}
RtlInitUnicodeString(&JobName, L"\\MyJob");
InitializeObjectAttributes(&ObjectAttr,
&JobName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=pfnNtCreateJobObject(&hJobCreated,
JOB_OBJECT_ALL_ACCESS,
&ObjectAttr);
if (rc!=STATUS_SUCCESS) {
printf("Unable to create job, rc=%x\n", rc);
return;
}
printf("hJobCreated=%x\n", hJobCreated);
rc=pfnNtOpenJobObject(&hJobOpened,
JOB_OBJECT_ALL_ACCESS,
&ObjectAttr);
if (rc!=STATUS_SUCCESS) {
printf("Unable to open job, rc=%x\n", rc);
NtClose(hJobCreated);
return;
}
printf("hJobOpened=%x\n", hJobOpened);
rc=pfnNtAssignProcessToJobObject(hJobCreated,
NtCurrentProcess());
if (rc!=STATUS_SUCCESS) {
printf("NtAssignProcessToJobObject failed, rc=%x\n", rc);
goto ExitFunction;
}
printf("Process assigned to job\n");
rc=pfnNtQueryInformationJobObject(hJobCreated,
JobObjectBasicProcessIdList,
Buffer,
sizeof(Buffer),
&BytesReturned);
if (rc!=STATUS_SUCCESS) {
printf("NtQueryInformationJobObject failed, rc=%x\n", rc);
goto ExitFunction;
}
pJobObjectBasicProcessIdList=(PJOBOBJECT_BASIC_PROCESS_ID_LIST)Buffer;
printf("pJobObjectBasicProcessIdList->NumberOfAssignedProcesses = %x\n", pJobObjectBasicProcessIdList->NumberOfAssignedProcesses);
printf("pJobObjectBasicProcessIdList->NumberOfProcessIdsInList = %x\n", pJobObjectBasicProcessIdList->NumberOfProcessIdsInList);
for (i=0; i<pJobObjectBasicProcessIdList->NumberOfProcessIdsInList; i++) {
printf("%x ", pJobObjectBasicProcessIdList->ProcessIdList[i]);
}
printf("\n");
pJobObjectBasicUiRestrictions=(PJOBOBJECT_BASIC_UI_RESTRICTIONS)Buffer;
pJobObjectBasicUiRestrictions->UIRestrictionsClass=JOB_OBJECT_UILIMIT_DESKTOP;
rc=pfnNtSetInformationJobObject(hJobCreated,
JobObjectBasicUIRestrictions,
pJobObjectBasicUiRestrictions,
sizeof(*pJobObjectBasicUiRestrictions));
if (rc!=STATUS_SUCCESS) {
printf("NtSetInformationJobObject failed, rc=%x\n", rc);
goto ExitFunction;
}
printf("NtSetInformationJobObject success\n");
ExitFunction:
NtClose(hJobOpened);
NtClose(hJobCreated);
}
void Language()
{
PVOID _stdcall GetProcAddress(PVOID hModule, PCCHAR FunctionName);
PVOID _stdcall GetModuleHandleA(PCCHAR ModuleName);
PFNNTQUERYDEFAULTUILANGUAGE pfnNtQueryDefaultUILanguage;
PFNNTSETDEFAULTUILANGUAGE pfnNtSetDefaultUILanguage;
USHORT DefaultUILanguage;
NTSTATUS rc;
pfnNtQueryDefaultUILanguage=(PFNNTQUERYDEFAULTUILANGUAGE)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtQueryDefaultUILanguage");
if (!pfnNtQueryDefaultUILanguage) {
return;
}
pfnNtSetDefaultUILanguage=(PFNNTSETDEFAULTUILANGUAGE)GetProcAddress(GetModuleHandleA("NTDLL.DLL"),
"NtSetDefaultUILanguage");
if (!pfnNtSetDefaultUILanguage) {
return;
}
rc=pfnNtQueryDefaultUILanguage(&DefaultUILanguage);
if (rc!=STATUS_SUCCESS) {
printf("NtQueryDefaultUILanguage failed, rc=%x\n", rc);
return;
}
printf("DefaultUILanguage=%x %x %x\n", DefaultUILanguage, PRIMARYLANGID(DefaultUILanguage), SUBLANGID(DefaultUILanguage));
rc=pfnNtSetDefaultUILanguage((MAKELANGID(LANG_RUSSIAN,SUBLANG_DEFAULT)));
if (rc!=STATUS_SUCCESS) {
printf("NtSetDefaultUILanguage failed, rc=%x\n", rc);
return;
}
}
void PageFile()
{
NTSTATUS rc;
UNICODE_STRING PagingFileName;
LARGE_INTEGER InitialSize;
LARGE_INTEGER MaxSize;
if (!EnableOrDisablePrivilege(SE_CREATE_PAGEFILE_PRIVILEGE, FALSE)) {
printf("Unable to enable SE_CREATE_PAGEFILE_PRIVILEGE\n");
return;
}
InitialSize.QuadPart=4*1024*1024;
MaxSize.QuadPart=10*1024*1024;
RtlInitUnicodeString(&PagingFileName, L"\\??\\C:\\MYPAGEFILE.SYS");
rc=NtCreatePagingFile(&PagingFileName,
&InitialSize,
&MaxSize,
0);
EnableOrDisablePrivilege(SE_CREATE_PAGEFILE_PRIVILEGE, TRUE);
if (rc!=STATUS_SUCCESS) {
printf("NtCreatePagingFile failed, rc=%x\n", rc);
return;
}
printf("Paging file created\n");
}
ProcessManagement()
{
NTSTATUS rc;
HANDLE hProcessCreated, hProcessOpened;
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING ProcessName;
RtlInitUnicodeString(&ProcessName, L"\\MyProcess");
InitializeObjectAttributes(&ObjectAttr,
&ProcessName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
rc=NtCreateProcess(&hProcessCreated,
PROCESS_ALL_ACCESS,
&ObjectAttr,
NtCurrentProcess(),
TRUE,
NULL,
NULL,
NULL);
if (rc!=STATUS_SUCCESS) {
printf("Unable to create process, rc=%x\n", rc);
return 0;
}
printf("hProcessCreated=%x\n", hProcessCreated);
rc=NtOpenProcess(&hProcessOpened,
PROCESS_ALL_ACCESS,
&ObjectAttr,
NULL);
if (rc!=STATUS_SUCCESS) {
printf("Unable to open process, rc=%x\n", rc);
NtClose(hProcessCreated);
return 0;
}
printf("hProcessOpened=%x\n", hProcessOpened);
NtClose(hProcessOpened);
NtClose(hProcessCreated);
}
void Locale()
{
ULONG SystemLocale, ThreadLocale;
NTSTATUS rc;
rc=NtQueryDefaultLocale(FALSE, &SystemLocale);
if (rc!=STATUS_SUCCESS) {
printf("NtQueryDefaultLocale for SystemLocale failed, rc=%x\n", rc);
return;
}
printf("SystemLocale = %x %x %x\n", SystemLocale, PRIMARYLANGID(SystemLocale), SUBLANGID(SystemLocale));
rc=NtQueryDefaultLocale(TRUE, &ThreadLocale);
if (rc!=STATUS_SUCCESS) {
printf("NtQueryDefaultLocale for ThreadLocale failed, rc=%x\n", rc);
return;
}
printf("ThreadLocale = %x\n", ThreadLocale);
rc=NtSetDefaultLocale(TRUE, MAKELANGID(SUBLANG_DEFAULT, SUBLANG_FRENCH));
if (rc!=STATUS_SUCCESS) {
printf("NtSetDefaultLocale for ThreadLocale failed, rc=%x\n", rc);
return;
}
printf("Thread locale set to %x\n", MAKELANGID(SUBLANG_DEFAULT, SUBLANG_FRENCH));
rc=NtSetDefaultLocale(TRUE, ThreadLocale);
if (rc!=STATUS_SUCCESS) {
printf("NtSetDefaultLocale for ThreadLocale failed, rc=%x\n", rc);
return;
}
printf("Thread locale set back to original\n");
}
main()
{
Atoms();
CreateDirectoryObject();
CreateSymbolicLink();
OpenDirectoryObject();
QueryDirectoryObject();
OpenSymbolicLink();
QuerySymbolicLink();
QueryObject();
SetObjectInformation();
CreateEventObject();
OpenEventObject();
EventManagement();
MutantManagement();
SemaphoreManagement();
TimerManagement();
TimerResolution();
PerformanceCounter();
TimeManagement();
KeyManagement();
ThreadManagement();
SectionManagement();
MemoryManagement();
CompletionPort();
DeleteFile();
QueryFileAttributes();
uuid();
JobManagement();
Language();
PageFile();
ProcessManagement();
Locale();
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -