Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Needed help with using NtCreateFile()

Posted on 2011-09-20
2
Medium Priority
?
715 Views
Last Modified: 2012-06-21
I have written a program that queries the change journal records and lists them. The change journal returns:

1) filereferencenumber( combination of fileindex.high and fileindex.low) 2) parentfilereferencenumber(same as above except it is for directory) 3) szReason(Reason it appears in the change record) 4) Filename and Filelength.

I want to find the path of this file listed in the change journal. Most of the implementations I have seen keep track of all the filereferencenumber and query it to compare, or they use FindNextFile() functions ot traverse through the entire volume.

I came across a discussion where they say, they can open a file handle using just the filereferencenumber. http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.file_system/2004-11/0244.html

The msdn article says, we have to load a library before calling Internal API's http://msdn.microsoft.com/en-us/library/bb432380%28v=vs.85%29.aspx

Can someone point me in the right direction and tell me exactly what to do? How do I use NtCreateFile()?

Or, is there a way to access file path using just the filereferencenumber?
0
Comment
Question by:zystemsgo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 35

Accepted Solution

by:
sarabande earned 2000 total points
ID: 36571827
those internal functions have no import library. so you not simply can call NtCreateFile aafter including a header but has to load the dll and get a function pointer out of the dll loaded.

that is done like

#include <wininternl.h>
....
HMODULE hdll = LoadLibrary("winnt.dll");
if (hdll == NULL)
{
    long err = GetLastError();
    return err;
}
FUNC_NTCREATEFILE pfunc = GetProcAddress(hdll, "NtCreateFile");
if (pfunc == NULL)
{
    long err = GetLastError();
    return err;
}
// call NtCreateFile 
NTSTATUS = pfunc(&filehandle, ....);

Open in new window


the FUNC_NTCREATEFILE is supposed to be the type of function pointer fitting to NtCreateFile. i don't have a copy of the winternal.h where such kind of  type should be declared. of course it has a different name than that i used.

in the docs to NtCreateFile they mention that the WDK (windows driver kit) would provide ntdll.lib, an import library for ntdll.dll. if you have the WDK installed you could include ntdef.h and call the NtCreateFile directly. you then would need to add ntdll.lib to the linker import modules.

Sara
0
 
LVL 35

Expert Comment

by:sarabande
ID: 36571831
it should have been

NTSTATUS nstat = pfunc(&filehandle, ....);

Sara
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question