// Test.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
typedef NTSTATUS (NTAPI* NTCREATEFILE)(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
typedef NTSTATUS (NTAPI* NTCLOSE)(
IN HANDLE Handle
);
int _tmain(int argc, _TCHAR* argv[])
{
HMODULE hModule = NULL;
NTCREATEFILE NtCreateFile = NULL;
NTCLOSE NtClose = NULL;
UNICODE_STRING FileName = {0};
OBJECT_ATTRIBUTES Oa = {0};
HANDLE hFile1 = NULL;
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
IO_STATUS_BLOCK Iosb = {0};
HANDLE hFile2 = INVALID_HANDLE_VALUE;
PWCHAR pBuffer = NULL;
DWORD dwRet = 0;
__try
{
hModule = LoadLibrary(_T("ntdll.dll"));
if (!hModule)
{
printf("LoadLibrary failed (%d) \n", GetLastError());
__leave;
}
NtCreateFile = (NTCREATEFILE)GetProcAddress(hModule, "NtCreateFile");
if (!NtCreateFile)
{
printf("GetProcAddress NtCreateFile failed (%d) \n", GetLastError());
__leave;
}
NtClose = (NTCLOSE)GetProcAddress(hModule, "NtClose");
if (!NtClose)
{
printf("GetProcAddress NtCLose failed (%d) \n", GetLastError());
__leave;
}
FileName.MaximumLength = MAX_PATH * sizeof(WCHAR);
FileName.Buffer = (PWCHAR)malloc(FileName.MaximumLength);
memset(FileName.Buffer, 0, FileName.MaximumLength);
FileName.Length = wcslen(_T("\\Device\\\HarddiskVolume1\\windows\\system32\\unicode.nls")) * sizeof(WCHAR);
memcpy(FileName.Buffer, _T("\\Device\\HarddiskVolume1\\windows\\system32\\unicode.nls"), FileName.Length);
InitializeObjectAttributes(
&Oa,
&FileName,
OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
ntStatus = NtCreateFile(&hFile1,
FILE_READ_DATA | FILE_LIST_DIRECTORY | FILE_READ_ATTRIBUTES,
&Oa,
&Iosb,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE,
NULL,
0
);
if (!NT_SUCCESS(ntStatus))
{
printf("NtCreateFile failed (%x) \n", ntStatus);
__leave;
}
else
printf("NtCreateFile succeed \n");
hFile2 = ::CreateFile(_T("c:\\windows\\system32\\unicode.nls"),
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (INVALID_HANDLE_VALUE == hFile2)
{
printf("CreateFile failed (%d) \n", GetLastError());
__leave;
}
else
printf("CreateFile succeed \n");
pBuffer = (PWCHAR)malloc(1352);
memset(pBuffer, 0, 1352);
::SetFilePointer(hFile2, 0, NULL, FILE_BEGIN);
if (!::ReadFile(hFile2, pBuffer, 1352, &dwRet, NULL)) // 默认已分配相应大小内存用于存储
{
printf("ReadFile failed (%d) \n", GetLastError());
__leave;
}
else
printf("ReadFile succeed \n");
}
__finally
{
if (hFile2 != INVALID_HANDLE_VALUE)
{
::CloseHandle(hFile2);
hFile2 = INVALID_HANDLE_VALUE;
}
if (hFile1)
{
NtClose(hFile1);
hFile1 = NULL;
}
if (FileName.Buffer)
{
free(FileName.Buffer);
FileName.Buffer = NULL;
}
if (pBuffer)
{
free(pBuffer);
pBuffer = NULL;
}
if (hModule)
{
FreeLibrary(hModule);
hModule = NULL;
}
}
getch();
return 0;
}
