All geek questions in one place

Failed to include ntifs.h in win32 project

I tried using a function called NTCreateFile . When I compiled, he gave me an error saying "The identifier _NTCreateFile was not found." I included the winternl.h header. So I tried using ZwCreatFile , since MSDN included ntifs.h , but I can not include this header. It says: "Unable to open / find directory." I am using V @ 2008. What is the problem? Did I miss something?

EDIT1:

 typedef NTSTATUS (*fp_CreatFile)( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); OBJECT_ATTRIBUTES myAttributes; int _tmain(int argc, _TCHAR* argv[]) { fp_CreatFile myFunction; HMODULE module = LoadLibrary(L"ntdll.dll"); if(NULL != module) { myFunction = (fp_CreatFile)GetProcAddress(module,"NtCreateFile"); } UNICODE_STRING string; IO_STATUS_BLOCK fileStatus; string.Length = 56; string.Buffer = L"C:\\user\\kiddo\\Desktop\\7zFM.exe"; string.MaximumLength = 56; HANDLE fileHandle; myAttributes.ObjectName = &string; myAttributes.Length = sizeof(OBJECT_ATTRIBUTES); long mystatus = myFunction(&fileHandle,FILE_GENERIC_READ,&myAttributes ,&fileStatus,NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ, NULL,NULL,NULL,NULL); return 0; }

When he tries to cause what he gives the following error in the message box. ERROR: Runtime Check Error # 0 - The ESP value was not properly stored during the function call. This is usually the result of calling a function declared with one call, with a function pointer declared with another calling convention.

+4
source share
4 answers

If you read the MSDN documentation , the first paragraph says:

Note. Before using this function, please read the Internal API Call .

Which says that: (I highlighted the important parts)

The Winternl.h header file exposes prototypes of the internal Windows APIs. There is no corresponding import library , therefore, developers should use dynamic linking runtime to call the functions described in this header file.

The functions and structures in Winternl.h are internal to the operating system and can be changed from one release of Windows to the next, and possibly even between service packs for each version. To maintain application compatibility, you should use equivalent public functions. Additional information is available in the header file, Winternl.h and the documentation for each function.

If you use these functions, you can access them through dynamic dynamics using LoadLibrary and GetProcAddress . This gives the code the ability to respond flexibly if the function has been changed or removed from the operating system. Signature changes, however, may not be detectable.

Thus, you will have to load the functions that you want to use from NtDll.dll before you can use them.

Here is an unverified example example:

 typedef NTSTATUS (__stdcall *NtCreateFile)( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); NtCreateFile _NtCreateFile = (NtCreateFile)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtCreateFile"); // You can now use the function _NtCreateFile(/* params */); // Don't forget the release the resources
+4
source

ZwCreateFile is part of the Windows driver suite, not the Windows SDK. You will need to install the driver kit. Some macros and types used by NTCreateFile also require WDK headers. This is clearly indicated in the MSDN documentation.

+1
source

As clearly indicated in the error message, you received the wrong calling convention, you dropped NTAPI. It should be:

 typedef NTSTATUS (__stdcall * fp_CreatFile)( // etc.. );

Proper initialization of myAttributes is usually important. I don’t see you doing anything that could cause a call to an undocumented API function. Stick with CreateFile () as long as you can.

+1
source

Several possibilities:

  • You say the error message is "_NTCreateFile identifier not found". API name NtCreateFile() (note the lowercase "t"). You may be using the wrong name.

  • ntifs.h and related link libraries are included with the Windows Driver Kit (WDK), which can be downloaded here: http://www.microsoft.com/whdc/devtools/wdk/wdkpkg.mspx . You should be able to use WDK to do what you want a little more than using dynamic linking. but then you usually have to buy a new build system or determine how to integrate headers and libraries into your current build.

  • You can use the dynamic linking method described by ereOn .

+1
source

Source: https://habr.com/ru/post/1311715/

More articles:


All Articles