No Joy with RtlUnicodeString

Question

0.00/5 (No votes)

See more:

Having searched countless threads on this and attempted many variations on the same theme, but as the title sez, no joy. Here's the typedefs, decls:

C++

//unicode string for NTcreatefile fileObject
//typedef VOID (__stdcall *RtlInitUnicodeStringPtr) (
//    IN OUT PUNICODE_STRING  DestinationString,
//    IN wchar_t  *SourceString );

typedef VOID ( NTAPI *my_RtlInitUnicodeString ) (
    PUNICODE_STRING DestinationString,
    PCWSTR SourceString
    );
  NTDLLptr foundNTDLL = NULL; //returns variable here
  UNICODE_STRING fn;

And the code:

C#

HMODULE hdlNtCreateFile = LoadLibraryW(L"Ntdll.dll");
my_RtlInitUnicodeString RtlInitUnicodeString = (my_RtlInitUnicodeString) GetProcAddress(hdlNtCreateFile, "RtlUnicodeString");
//"RtlUnicodeStringinit" also tried here
//currpathW is a calloc'd wchar_t
RtlInitUnicodeString(&fn, currPathW);

And the debug autos:

&fn	0x000000017d50f4a8 struct _UNICODE_STRING fn {Length=0 MaximumLength=0 Buffer=0x0000000000000000 <Bad Ptr> }	_UNICODE_STRING *
Length	0	unsigned short
MaximumLength	0	unsigned short
Buffer	0x0000000000000000 <Bad Ptr>	wchar_t *
GetProcAddress	0x0000000140004cc0 GetProcAddress	void *
RtlInitUnicodeString	0x0000000000000000	void (_UNICODE_STRING *, const wchar_t *)*
currPathW	0x00000000029300b0 "My string\"	wchar_t *
hdlNtCreateFile	0x00000000774e0000 {unused=9460301 }	HINSTANCE__ *
unused	9460301	int

RtlInitUnicodeString always returns 0. Something fundamentally wrong here but what is it?
Thanks. :)

Posted 10-Dec-15 18:26pm

Laurie Stearn

Updated 10-Dec-15 18:27pm

v3

Add a Solution

Comments

Richard MacCutchan 11-Dec-15 4:25am

You should always check the return from GetProcAddress, to ensure you have a valid pointer.

Laurie Stearn 11-Dec-15 5:42am

Absolutely. But in the IDE I'm in the habit of becoming too reliant on the autos. :)

Richard MacCutchan 11-Dec-15 7:57am

Which is one of the reasons why there is so much bad software being used around the world these days.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

User 59241 · Accepted Answer · 2015-12-10T19:42:00

With your code example you will always get NULL for RtlInitUnicodeString because there is no function RtlUnicodeString. Your debugger will tell you this and is indispensable. https://msdn.microsoft.com/en-us/library/ms648420(v=vs.85).aspx[^]

Change the line:

C++

my_RtlInitUnicodeString RtlInitUnicodeString = (my_RtlInitUnicodeString) GetProcAddress(hdlNtCreateFile, "RtlUnicodeString");

to:

C++

my_RtlInitUnicodeString RtlInitUnicodeString = (my_RtlInitUnicodeString) GetProcAddress(hdlNtCreateFile, "RtlInitUnicodeString");

and things may start happening. The code should ideally be written to catch this error.