Skip to content

Instantly share code, notes, and snippets.

@core01

core01/test.cpp

Last active February 14, 2025 14:27
Show Gist options
  • Save core01/546ba40233851fa7cd66 to your computer and use it in GitHub Desktop.
Save core01/546ba40233851fa7cd66 to your computer and use it in GitHub Desktop.
Download ZIP
NtOpenFile, NtCreateFile, NtWriteFile, NtOpenKey, NtSetValueKey, NtQueryValueKey
Raw
test.cpp
#include <windows.h>
#include "ntdll.h"
#define __DEBUG__ 1000
#define patternlen MAX_PATH*2
#define masN 2
WCHAR Wmas[2][100]=
{
//1--------02--------03--------04--------05--------06--------07--------08------"
L" .e$$$$$$e. \n",
L" \n"
};
#define bufLen 32768//8192
#define xX 1000
char buf[bufLen]="";
void fileedit (PVOID Peb){
//sysnative.com/forums/programming/8592-ntcreatefile-example.html
#define FILE_OPEN_IF (3)
#define FILE_OVERWRITE_IF 0x00000005
HANDLE h;
NTSTATUS status;
const int allocSize = 2048;
ULONG uSize = 200;
WCHAR Buffer[100] = L"testdatatofile";
WCHAR Readrez[100] = L"";
LARGE_INTEGER largeInteger;
//ULONG FILE_OPEN_IF = FILE_OPEN_IF;
OBJECT_ATTRIBUTES obj;
IO_STATUS_BLOCK isb;
//WCHAR str[MAX_PATH*2]=L"";
UNICODE_STRING str;
WCHAR filepath[100]= L"\\??\\\\C:\\testfilecreate.txt";
WCHAR filepathtoread[100]= L"\\??\\\\C:\\testfilecreate.txt";
RtlInitUnicodeString(&str, filepath);
//FILE_BASIC_INFORMATION DirInformation;
//;
largeInteger.QuadPart = allocSize;
InitializeObjectAttributes(&obj, &str,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtCreateFile(&h, FILE_GENERIC_WRITE, &obj, &isb, 0,
FILE_ATTRIBUTE_NORMAL,FILE_SHARE_WRITE, FILE_OVERWRITE_IF,
FILE_RANDOM_ACCESS|FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
if(status>=0)
{
RtlInitUnicodeString(&str, L"No error while creating file\n\r");
NtDisplayString(&str);
}
else{
_snwprintf(filepath, 100, L"status = %x\n", status);
RtlInitUnicodeString(&str, filepath);
NtDisplayString(&str);
}
status = NtWriteFile(h,NULL,NULL,NULL, &isb, Buffer, uSize, NULL, NULL);
if(status>=0){
RtlInitUnicodeString(&str, L"Data successfully written\n\r");
NtDisplayString(&str);
}
else{
_snwprintf(filepath, 100, L"status = %x\n", status);
RtlInitUnicodeString(&str, filepath);
NtDisplayString(&str);
}
NtClose(h);
RtlInitUnicodeString(&str, filepathtoread);
status = NtCreateFile(&h, FILE_GENERIC_READ, &obj, &isb, 0,
FILE_ATTRIBUTE_NORMAL,FILE_SHARE_WRITE, FILE_OPEN_IF,FILE_RANDOM_ACCESS|FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
if(status>=0){
RtlInitUnicodeString(&str, L"File is open\n\r");
NtDisplayString(&str);
}
else{
_snwprintf(filepath, 100, L"status = %x\n", status);
RtlInitUnicodeString(&str, filepath);
NtDisplayString(&str);
//}
}
status = NtReadFile(h,NULL,NULL,NULL,&isb,Readrez,uSize,0,NULL);
NtClose(h);
if(status>=0)
{
RtlInitUnicodeString(&str, L"File content:\n\r");
NtDisplayString(&str);
RtlInitUnicodeString(&str, Readrez);
NtDisplayString(&str);
}
else{
_snwprintf(filepath, 100, L"status = %x\n", status);
RtlInitUnicodeString(&str, filepath);
NtDisplayString(&str);
}
//if (hFile != NULL) CloseHandle(hFile);
// std::cout << "Done!" << std::endl;
//NtCreateFile(&h, FILE_WRITE_DATA, &obj, isb, );
//NtWriteFile();
}
void regkeyedit(PVOID Peb)
{
HANDLE h;
NTSTATUS status;
UNICODE_STRING UnicodeRegPath;
OBJECT_ATTRIBUTES ObjectAttributes;
ULONG DataSize = 100;
BYTE* pBuffer = 0;
ULONG uSize = 200;
ULONG uRetSize;
//ULONG res;
// Новые переменные
WCHAR Buffer[100] = L"1";
PKEY_VALUE_FULL_INFORMATION pPI=0;
// Путь куда пишем
WCHAR RegPath[100] = L"\\REGISTRY\\MACHINE\\SYSTEM";
RtlInitUnicodeString(&UnicodeRegPath, RegPath);
InitializeObjectAttributes(&ObjectAttributes, &UnicodeRegPath, OBJ_CASE_INSENSITIVE, 0, 0);
status = NtOpenKey(&h,KEY_ALL_ACCESS, &ObjectAttributes);
RtlInitUnicodeString(&UnicodeRegPath, L"START\n\r");
NtDisplayString(&UnicodeRegPath);
//Проверка на ошибки
if(status>=0)
{
RtlInitUnicodeString(&UnicodeRegPath, L"No error\n\r");
NtDisplayString(&UnicodeRegPath);
}
else{
_snwprintf(RegPath, 100, L"status = %x\n", status);
RtlInitUnicodeString(&UnicodeRegPath, RegPath);
NtDisplayString(&UnicodeRegPath);
}
if(status==STATUS_INVALID_HANDLE){
RtlInitUnicodeString(&UnicodeRegPath, L"STATUS INVALID HANDLE\n\r");
NtDisplayString(&UnicodeRegPath);
}
RtlInitUnicodeString(&UnicodeRegPath, L"testkey");
pPI=(PKEY_VALUE_FULL_INFORMATION)Buffer;
wcscpy(RegPath, L"testvalue\0");
status =
NtSetValueKey( h , &UnicodeRegPath, 0, REG_SZ, RegPath, wcslen(RegPath)*2+2 );
if(status>=0){
RtlInitUnicodeString(&UnicodeRegPath, L"Record complete!\n\r");
NtDisplayString(&UnicodeRegPath);
}
else{
_snwprintf(RegPath, 100, L"Error Reg write = %x\n", status);
RtlInitUnicodeString(&UnicodeRegPath, RegPath);
NtDisplayString(&UnicodeRegPath);
}
RtlInitUnicodeString(&UnicodeRegPath, L"testkey");
status = NtQueryValueKey(h, &UnicodeRegPath, KeyValueFullInformation , Buffer, uSize, &uRetSize);
if(status<0){
_snwprintf(RegPath, 100, L"Error registry key read = %x\n", status);
RtlInitUnicodeString(&UnicodeRegPath, RegPath);
NtDisplayString(&UnicodeRegPath);
}
else{
RtlInitUnicodeString(&UnicodeRegPath, L"\n\rKey successfully read\n\r");
NtDisplayString(&UnicodeRegPath);
RtlInitUnicodeString(&UnicodeRegPath, L"\n\r\n\r");
NtDisplayString(&UnicodeRegPath);
pPI=(PKEY_VALUE_FULL_INFORMATION)Buffer;
RtlInitUnicodeString(&UnicodeRegPath, (unsigned short*)((char*)pPI + pPI->DataOffset));
NtDisplayString(&UnicodeRegPath);
}
}
void mainBE(PVOID Peb)
{
WCHAR ShowStr[MAX_PATH*2]=L"";
UNICODE_STRING str;
UINT j;
LARGE_INTEGER t;
for (j=0;j<masN;j++)
{
RtlInitUnicodeString(&str,Wmas[j]);
NtDisplayString(&str);
}
#ifdef __DEBUG__
NtDelayExecution(FALSE,&t);
#endif
return;
}
BOOL mSleep (DWORD msec)
{
HANDLE Event;
LARGE_INTEGER t;
NtCreateEvent(&Event,GENERIC_ALL,0,NotificationEvent,FALSE);
t.LowPart=msec*100000;
t.HighPart=0;
//t.QuadPart=msec*10000;
NtWaitForSingleObject(Event,TRUE,&t);
NtClose(Event);
return TRUE;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment