CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2010
    Posts
    23

    ZwCreatefile/ ZwReadfile

    I need to read a file, and output it's text to the kdbg console.

    For the moment- the main priority is opening a simple text file. The problem is not so much the code- just how to structure and compile it correctly.

    Been trying to break it down into steps, hoping to compile the following code but I can't seem to pinpoint what goes where.
    Any help?
    ----
    Refer to bottom post for continuation:
    Last edited by StriderH2; May 12th, 2011 at 06:46 AM.

  2. #2
    Join Date
    Oct 2010
    Posts
    23

    Re: ZwCreatefile/ ZwReadfile

    Done.

    Code:
    #include <ntddk.h> 
    #define  BUFFER_SIZE 30
    //
        HANDLE   handle;
        NTSTATUS ntstatus;
        IO_STATUS_BLOCK    ioStatusBlock;
        LARGE_INTEGER      byteOffset;
       CHAR     buffer[BUFFER_SIZE];
        size_t  cb;
    
    NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)  
    {
              NTSTATUS NtStatus = STATUS_SUCCESS;
             /////////////////////// THIS SECTION /////////////////////////////////////
    UNICODE_STRING     uniName;
        OBJECT_ATTRIBUTES  objAttr;
        ////////////////////////////////\\SystemRoot\\ or C:\WINDOWS / C:|WINNT
     RtlInitUnicodeString(&uniName, L"\\SystemRoot\\native.txt");  // or L"\\SystemRoot\\example.txt"
        InitializeObjectAttributes(&objAttr, &uniName,
                                   OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                                   NULL, NULL);
    //////////////////////////////////
    
    ///////////////////////////////////
    //Load the buffer (ie. contents of text file to the console)
     ntstatus = ZwCreateFile(&handle,
                                GENERIC_READ,
                                &objAttr, &ioStatusBlock,
                                NULL,
                                FILE_ATTRIBUTE_NORMAL,
                                0,
                                FILE_OPEN, 
                                FILE_SYNCHRONOUS_IO_NONALERT,
                                NULL, 0);
    ///////////////////////////////////////
    if(NT_SUCCESS(ntstatus)) {
            byteOffset.LowPart = byteOffset.HighPart = 0;
            ntstatus = ZwReadFile(handle, NULL, NULL, NULL, &ioStatusBlock,
                                  buffer, BUFFER_SIZE, &byteOffset, NULL);
          buffer[BUFFER_SIZE-1] = '\0';
              KdPrint(("&#37;s\n", buffer)); //Print contents of text file from Windows/Windows NT folder to debug console (Debugview.exe)
              
            }
            ZwClose(handle);
              //DbgPrint("Hello World\n");
      return 0;
        }
    Last edited by StriderH2; May 12th, 2011 at 07:43 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured