kernel32!OpenFile与ntdll!NtOpenFile

kernel32!OpenFile与ntdll!NtOpenFile

kernel32!OpenFile并不是直接调用的ntdll!NtOpenFile,其调用的是ntdll!NtCreateFile。

ntdll!NtOpenFile

ntdll!NtOpenFile函数并没有导出,如果要调用的话需要GetProcAddress动态获取。

typedef struct _IO_STATUS_BLOCK {
  union {
    NTSTATUS Status;
    PVOID    Pointer;
  };
  ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;


typedef struct _UNICODE_STRING {
  USHORT Length;
  USHORT MaximumLength;
  PWSTR  Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef struct _OBJECT_ATTRIBUTES {
  ULONG           Length;
  HANDLE          RootDirectory;
  PUNICODE_STRING ObjectName;
  ULONG           Attributes;
  PVOID           SecurityDescriptor;
  PVOID           SecurityQualityOfService;
} OBJECT_ATTRIBUTES;

typedef void( __stdcall* RtlInitUnicodeStringA)(PUNICODE_STRING DestinationString, PCWSTR SourceString);
typedef int (__stdcall *NtOpenFileA)(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, OBJECT_ATTRIBUTES* ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions);


UNICODE_STRING stFileName = { 0 };
RtlInitUnicodeStringA RtlInitUnicodeString =(RtlInitUnicodeStringA) GetProcAddress(LoadLibrary(TEXT("ntdll.dll")), "RtlInitUnicodeString");
NtOpenFileA  NtOpenFile = (NtOpenFileA)GetProcAddress(LoadLibrary(TEXT("ntdll.dll")), "NtOpenFile");
  • ntdll!NtOpenFile返回0xC000003B,说明给出的文件的路径错误。
  • 注意调用ntdll!NtOpenFile给出的文件名需要加上"??"。
  • RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)函数在使用时注意其第二个参数为宽字符。
上一篇:P1090 [NOIP2004 提高组] 合并果子


下一篇:840. 模拟散列表