• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1315
  • Last Modified:

Please help to open executable by NtOpenFile()

I've written a very simple test (in Delphi language):

but "h" at the line selected (see the code) has 0xC0000033 value, what can be translated as "Incorrect folder name" or so. I beleave that something is incorrect in the UNC file naming. But it looks like I've typed it correctly. What is wrong here?
program testopn;
 
uses Windows, SysUtils, NTDLL;
 
var
  r   : NTSTATUS;
  h   : THandle;
  sa  : TNtAnsiString;
  su  : TNtUnicodeString;
  obj : TNtObjectAttributes;
  inf : TIoStatusBlock;
 
 
begin
  RtlInitAnsiString(@sa, PChar('\\?\' + ParamStr(0)));
  RtlAnsiStringToUnicodeString(@su, @sa, true);
  InitializeObjectAttributes(@obj,
                             @su,
                             OBJ_CASE_INSENSITIVE,
                             0,
                             nil);
  r := NtOpenFile(h,
                  GENERIC_READ,
                  obj,
                  inf,
                  FILE_SHARE_READ,
                  OPEN_EXISTING);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// here we have r = 0xC0000033
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  if r = STATUS_SUCCESS then
    NtClose(h);
  RtlFreeUnicodeString(@su);
  RtlFreeAnsiString(@sa);
end.

Open in new window

ntdll.txt
0
abb1
Asked:
abb1
  • 3
  • 2
  • 2
  • +1
1 Solution
 
DanRollinsCommented:
I believe that Delphi uses the convention that to put a backslash into a string literal, you need to "escape" it with another backslash.  So try:

RtlInitAnsiString(@sa, PChar('\\\\?\\' + ParamStr(0)));
0
 
abb1Author Commented:
Pascal language (as well as Delphi) never used such rule. It's a C language rule and it is for all languages like C (Java, etc.). Nevertheless I've tried your suggestion and it returns just the same 0xC0000033 error code.

I gave a sample of code. Why not to try it? Is there anybody with Delphi here? If not, then could anybody extract ntdll.h header from MS DDK and create similar very simple test in C in order to try to compile and test it, if you have only C++ compiler?

Thanks a lot to all answerers!
0
 
jkrCommented:
The '\\?\' notation is OK for 'CreateFile()', I am not sure if that is allowed in an OBJECT_ATTRIBUTES struct. Actually, I tend to say 'no'. What do you get if you omit that?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ThievingSixCommented:
I tried the code and got no errors, but if failed to open the file as well. Where did you get your NTDLL unit from?
0
 
ThievingSixCommented:
Sorry, just saw attachment. Going to try yours.
0
 
abb1Author Commented:
If I'm using single PChar(ParamStr(0)) I'm getting 0xC000003B error.
0
 
abb1Author Commented:
The problem is solved!
I've found my errors.
The corrected code is below. It works OK.

My mistake was in inaccurate reading of MSDN article. Thanks to all who tried to help.

To EE cleanup managers: please delete this question with points refunded.

Thanks.
  RtlInitAnsiString(@sa, PChar('\??\' + ParamStr(0)));
  RtlAnsiStringToUnicodeString(@su, @sa, true);
  InitializeObjectAttributes(@obj,
                             @su,
                             OBJ_CASE_INSENSITIVE,
                             0,
                             nil);
  r := NtOpenFile(h,
                  GENERIC_READ,
                  obj,
                  inf,
                  FILE_SHARE_READ,
                  FILE_NON_DIRECTORY_FILE or FILE_RANDOM_ACCESS);

Open in new window

0
 
DanRollinsCommented:
abb1,
Please click the "Delete Question" link (under your question text) and then choose the "I answered this myself" option.   Also:  Posting the URL to the MSDN article will help improve the value of this thread in the EE Solutions database.  Thanks.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now