Yoshi Posted November 10, 2013 Posted November 10, 2013 (edited) i want to open a .exe file using ZwOpenFile. No i dont want to use OpenFile or other winapi's, just ZwOpenFile. I created a simple project based upon the link down, but when i try to open calc.exe nt-status error = C0000008 == STATUS_INVALID_HANDLE.my code is almost the same as http://www.asmcommunity.net/forums/topic/?id=15345 Edited November 11, 2013 by Yoshi
kao Posted November 10, 2013 Posted November 10, 2013 Your variable names are really really confusing! mov oa.ObjectName,offset ntpath This doesn't look right. I believe it should be "offset dospath". See also http://eretik.omegahg.com/art/04.html (Google Translate, if you don't read Russian). 1
Yoshi Posted November 10, 2013 Author Posted November 10, 2013 (edited) thank you for the reply. not only my variable names are confusing, also the RtlDosPathNameToNtPathName_U structure. The link you gave, the link beneath this line, and some other links are defining the structure of this api all different. http://assarbad.net/stuff/!export/apis_revealed.txt Edited November 11, 2013 by Yoshi
atom0s Posted November 11, 2013 Posted November 11, 2013 Perhaps you need to call 'InitializeObjectAttributes' to prepare your OBJECT_ATTRIBUTES structure?http://msdn.microsoft.com/en-us/library/windows/hardware/ff547804(v=vs.85).aspx 1
Yoshi Posted November 11, 2013 Author Posted November 11, 2013 (edited) the initialization of the OBJECT_ATTRIBUTES strc is done right after the ntpath Edited November 11, 2013 by Yoshi
kao Posted November 11, 2013 Posted November 11, 2013 (edited) After these 2 small fixes, it seems to work for me: xor eax, eax ; provide null ptr, not dospath here! mov oa.RootDirectory,eax mov oa.ObjectName,offset dospath ; already mentioned in my post #2 Edited November 11, 2013 by kao 1
Yoshi Posted November 11, 2013 Author Posted November 11, 2013 (edited) You are da hero kao! So the file can be openend without any problem. However, this was just an demo project. Now i should open the file itself, thus base.exe. but a acces_denied error pops up Edited November 11, 2013 by Yoshi
kao Posted November 11, 2013 Posted November 11, 2013 You're getting parameters wrong. 2nd parameter is DesiredAccess (eg. GENERIC_READ), ShareAccess (FILE_SHARE_xxx) goes into the 5th parameter.. Re-check MS documentation: http://msdn.microsoft.com/en-us/library/windows/hardware/ff567011(v=vs.85).aspx 1
huntingspace Posted November 11, 2013 Posted November 11, 2013 (edited) Catch working project. password is the same. Attachment was removed at topic author's request. Edited November 13, 2013 by huntingspace
Yoshi Posted November 11, 2013 Author Posted November 11, 2013 huntingspace, you are incredible! it seems to work, so thank you, i knew you could fix it also kao very greatfull for your help you guys are amazing
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now