I am trying to call the internal function of the Windows NT API NtOpenProcess. I know that calling internal APIs may be a bad idea, but for this particular tool I need the low level access provided by this API.
My problem is that to use such an internal API, I need to use Runtime Dynamic Linking, as mentioned in this article
To do this, I need to define a pointer to the NtOpenProcess function. Here is my expression:
typedef NTSTATUS (NTAPI *_NtOpenProcess) ( OUT PHANDLE, IN ACCESS_MASK, IN POBJECT_ATTRIBUTES, IN PCLIENT_ID OPTIONAL); class procManager { HINSTANCE hNTDLL; public: procManager() { hNTDLL = LoadLibrary(L"ntdll.dll"); if (!hNTDLL) throw std::runtime_error("NTDLL.DLL failure."); _NtOpenProcess NtOpenProcess; NtOpenProcess = reinterpret_cast <_NtOpenProcess> (GetProcAddress(hNTDLL, L"NtOpenProcess")); if (!NtOpenProcess) throw std::runtime_error("NtOpenProcess not found.");
The problem is that there is an error in my typedef. The compiler returns:
error C2059: syntax error: '__stdcall'
I used the convenient Go to Definition function of my IDE (Visual Studio 2008) and found that the NTAPI in the ad was defined as __stdcall.
Unfortunately, removing NTAPI from my ad by doing this as follows:
typedef NTSTATUS (*_NtOpenProcess) ( OUT PHANDLE, IN ACCESS_MASK, IN POBJECT_ATTRIBUTES, IN PCLIENT_ID OPTIONAL);
leads to another error:
error C2065: '_NtOpenProcess': undeclared identifier
At that moment I say, βOf course, this is undefined, so why is it typedef!β
Does anyone see my mistake in the ad?
c ++ function-pointers
Billy oneal
source share