The aim is to create a directory. Here are the global decls:
typedef NTSTATUS (__stdcall *NTDLLptr)(
PHANDLE FileHandle,
ACCESS_MASK DesiredAccess,
OBJECT_ATTRIBUTES *ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlock,
PLARGE_INTEGER AllocationSize,
ULONG FileAttributes,
ULONG ShareAccess,
ULONG CreateDisposition,
ULONG CreateOptions,
PVOID EaBuffer,
ULONG EaLength );
typedef VOID (__stdcall *my_RtlInitUnicodeString) (
IN OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString );
NTDLLptr foundNTDLL = NULL; UNICODE_STRING fn;
OBJECT_ATTRIBUTES fileObject;
IO_STATUS_BLOCK ioStatus;
NTSTATUS status;
The function call to load the libs:
NTDLLptr DynamicLoader (HWND hwnd, bool progInit)
{
HMODULE hdlNtCreateFile = LoadLibraryW(L"NtDll.dll");
foundNTDLL = (NTDLLptr) GetProcAddress (hdlNtCreateFile, createFnString);
if (foundNTDLL)
{
if (progInit)
{
memset(&ioStatus, 0, sizeof(ioStatus));
memset(&fileObject, 0, sizeof(fileObject));
fileObject.Length = sizeof(fileObject);
fileObject.Attributes = OBJ_CASE_INSENSITIVE;
}
else
{
my_RtlInitUnicodeString RtlInitUnicodeString = (my_RtlInitUnicodeString) GetProcAddress(hdlNtCreateFile, initUnicodeFnString);
RtlInitUnicodeString(&fn, tempDest);
fileObject.ObjectName = &fn; }
return foundNTDLL;
}
else
{
FreeLibrary (hdlNtCreateFile);
return foundNTDLL;
}
}
The call is made at init:
if (!DynamicLoader (hwnd, true)) DisplayError (hwnd, L"The long path function has been removed. Using short path functions...", errorcode, 0);
...
if (foundNTDLL) FreeLibrary ((HMODULE)hdlNtCreateFile);
/pre>
"tempDest" is a calloc'd wchar_t containing the path name. The NTcreatefile call is made here:
<pre lang="c++"> if (DynamicLoader (hwnd, false))
{
NTSTATUS ntStatus;
ntStatus = foundNTDLL (&hdlNTOut, FILE_LIST_DIRECTORY | FILE_TRAVERSE, &fileObject, &ioStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_CREATE, FILE_DIRECTORY_FILE, NULL, 0);
if (!NT_SUCCESS(ntStatus))
....
free(tempDest);
if (foundNTDLL) FreeLibrary ((HMODULE)hdlNtCreateFile);
But hdlNTOut is 0. Here are the autos just after the call:
&fileObject 0x3d91cdcc struct _OBJECT_ATTRIBUTES fileObject {Length=24 RootDirectory=0x00000000 ObjectName=0x3d91cdec ...} _OBJECT_ATTRIBUTES *
Length 24 unsigned long
RootDirectory 0x00000000 void *
ObjectName 0x3d91cdec struct _UNICODE_STRING fn {Length=60 MaximumLength=62 Buffer=0x41300098 "\\?\C:\My path" } _UNICODE_STRING *
Length 60 unsigned short
MaximumLength 62 unsigned short
Buffer 0x41300098 "\\?\C:\My path" wchar_t *
92 L'\' wchar_t
Attributes 64 unsigned long
SecurityDescriptor 0x00000000 void *
SecurityQualityOfService 0x00000000 void *
&hdlNTOut 0x00494320 void * hdlNTOut void * *
&ioStatus 0x3d91cbb0 struct _IO_STATUS_BLOCK ioStatus {Status=0 Pointer=0x00000000 Information=0 } _IO_STATUS_BLOCK *
Status 0 long
Pointer 0x00000000 void *
Information 0 unsigned long
foundNTDLL 0x776e00f4 _NtCreateFile@44 long (void * *, unsigned long, _OBJECT_ATTRIBUTES *, _IO_STATUS_BLOCK *, _LARGE_INTEGER *, unsigned long, unsigned long, unsigned long, unsigned long, void *, unsigned long)*
ntStatus -1073741773 long
A backslash on the end of the path gets the same output. The "L\" in ObjectName.Buffer is the only thing that doesn't look right. All was done without calling Initializeobjectattributes, but was something else missed?
Thanks for reading. :)