如何调用NtOpenFile?
我正在尝试调用NtOpenFile,但失败并显示错误:
STATUS_OBJECT_PATH_SYNTAX_BAD = NTSTATUS($C000003B);对象路径组件不是目录对象。
基本要点是:
//The file we'll test with
filename: UnicodeString := 'C:WindowsExplorer.exe'; //23 characters
//Convert the filename to counted UNICODE_STRING
cs: UNICODE_STRING;
cs.Length := Length(filename) * sizeof(WideChar); //46 bytes
cs.MaximumLength := cs.Length + 2; //48 bytes
cs.Buffer := PWideChar(Filename); //"C:WindowsExplorer.exe"
//Define the OBJECT_ATTRIBUTES
oa: OBJECT_ATTRIBUTES := Default(OBJECT_ATTRIBUTES);
oa.Length := sizeof(OBJECT_ATTRIBUTES); //24 bytes
oa.Attributes := OBJ_CASE_INSENSITIVE;
oa.ObjectName := @cs; //UNICODE_STRING
//Open the file (by Object Attributes) and get a file handle
hFile: THandle;
iosb: IO_STATUS_BLOCK;
status: NTSTATUS := NtOpenFile(@hFile, FILE_READ_ATTRIBUTES, @oa, @iosb, FILE_SHARE_READ, 0);
我究竟做错了什么?
基本要点(C# 风格的伪代码)
//The file we'll test with
UnicodeString filename = "C:WindowsExplorer.exe"; //23 characters
//Convert the filename to counted UNICODE_STRING
UNICODE_STRING cs;
cs.Length = Length(filename) * sizeof(WideChar); //46 bytes
cs.MaximumLength = cs.Length + 2; //48 bytes
cs.Buffer = Filename; //"C:WindowsExplorer.exe"
//Define the OBJECT_ATTRIBUTES
OBJECT_ATTRIBUTES oa = Default(OBJECT_ATTRIBUTES);
oa.Length = sizeof(OBJECT_ATTRIBUTES); //24 bytes
oa.Attributes = OBJ_CASE_INSENSITIVE;
oa.ObjectName = cs; //UNICODE_STRING
//Open the file (by Object Attributes) and get a file handle
THandle hFile;
IO_STATUS_BLOCK iosb;
NTSTATUS status = NtOpenFile(out hFile, FILE_READ_ATTRIBUTES, ref oa, out iosb, FILE_SHARE_READ, 0);
其他样式的文件名
| 文档名称 | 结果 | 描述 |
|---|---|---|
"C:WindowsExplorer.exe" |
STATUS_OBJECT_PATH_SYNTAX_BAD |
对象路径组件 不是目录对象。 |
"global??C:WindowsExplorer.exe" |
0xC0000033 | 对象名称无效 |
"??C:WindowsExplorer.exe" |
0xC0000033 | 对象名称无效 |
回答
找到了。
两件事情:
- 我不知道“NT 路径”与“DOS 路径”不同
"C:WindowsNotepad.exe" ? "??C:WindowsNotepad.exe"
- 给
OBJECT_ATTRIBUTES.ObjectName我分配@PUNICODE_STRING, 而不是@UNICODE_STRING