daily pastebin goal
52%
SHARE
TWEET

Untitled

a guest Jun 14th, 2018 58 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. if (DirInformation->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
  2.         {
  3.             //printf("Directory name: %sn", as.Buffer);
  4.             wcscpy(pszDirectoryName, &DirInformation->FileName[0]);
  5.             //wcscat(pszDirectoryName, BACKSLASH);
  6.             _bstr_t b(pszDirectoryName);
  7.             const char* c = b;
  8.             printf("Directory name: %sn", c);
  9.  
  10.             ListDirectory(pszDirectoryName); //<<< start iteration inside of directory found!
  11.         }
  12.    
  13. #include "stdafx.h"
  14. #include <windows.h>
  15. #include <stdio.h>
  16. #include <conio.h>
  17. #include <comdef.h>
  18.  
  19. #define BACKSLASH L"\"
  20.  
  21. typedef LONG NTSTATUS;
  22. typedef NTSTATUS *PNTSTATUS;
  23. typedef DWORD ULONG_PTR;
  24.  
  25. #define STATUS_SUCCESS (NTSTATUS)0x00000000L
  26. #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
  27. #define FILE_OPEN               0x00000001
  28. #define OBJ_CASE_INSENSITIVE    0x00000040L
  29. #define FILE_DIRECTORY_FILE     0x00000001
  30.  
  31. #define InitializeObjectAttributes( p, n, a, r, s ) {    
  32.     (p)->uLength = sizeof(OBJECT_ATTRIBUTES);          
  33.     (p)->hRootDirectory = r;                            
  34.     (p)->uAttributes = a;                                
  35.     (p)->pObjectName = n;                                
  36.     (p)->pSecurityDescriptor = s;                        
  37.     (p)->pSecurityQualityOfService = NULL;              
  38. }
  39.  
  40. typedef struct _UNICODE_STRING {
  41.     USHORT Length;
  42.     USHORT MaximumLength;
  43.     PWSTR  Buffer;
  44. } UNICODE_STRING;
  45.  
  46. typedef UNICODE_STRING *PUNICODE_STRING;
  47. typedef const UNICODE_STRING *PCUNICODE_STRING;
  48. typedef USHORT RTL_STRING_LENGTH_TYPE;
  49.  
  50. typedef struct _STRING {
  51.     USHORT Length;
  52.     USHORT MaximumLength;
  53.     PCHAR Buffer;
  54. } STRING;
  55.  
  56. typedef STRING *PSTRING;
  57. typedef STRING ANSI_STRING;
  58. typedef PSTRING PANSI_STRING;
  59.  
  60. typedef struct _OBJECT_ATTRIBUTES {
  61.     ULONG uLength;
  62.     HANDLE hRootDirectory;
  63.     PUNICODE_STRING pObjectName;
  64.     ULONG uAttributes;
  65.     PVOID pSecurityDescriptor;
  66.     PVOID pSecurityQualityOfService;
  67. } OBJECT_ATTRIBUTES;
  68.  
  69. #define InitializeObjectAttributes( p, n, a, r, s ) {    
  70.     (p)->uLength = sizeof(OBJECT_ATTRIBUTES);          
  71.     (p)->hRootDirectory = r;                            
  72.     (p)->uAttributes = a;                                
  73.     (p)->pObjectName = n;                                
  74.     (p)->pSecurityDescriptor = s;                        
  75.     (p)->pSecurityQualityOfService = NULL;              
  76. }
  77.  
  78. typedef OBJECT_ATTRIBUTES * POBJECT_ATTRIBUTES;
  79.  
  80. typedef struct _IO_STATUS_BLOCK {
  81.     union {
  82.         NTSTATUS Status;
  83.         PVOID Pointer;
  84.     };
  85.     ULONG_PTR Information;
  86. } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
  87.  
  88. typedef VOID(NTAPI *PIO_APC_ROUTINE) (IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved);
  89.  
  90. typedef enum _FILE_INFORMATION_CLASS {
  91.     FileDirectoryInformation = 1,
  92.     FileFullDirectoryInformation,
  93.     FileBothDirectoryInformation,
  94.     FileBasicInformation,
  95.     FileStandardInformation,
  96.     FileInternalInformation,
  97.     FileEaInformation,
  98.     FileAccessInformation,
  99.     FileNameInformation,
  100.     FileRenameInformation,
  101.     FileLinkInformation,
  102.     FileNamesInformation,
  103.     FileDispositionInformation,
  104.     FilePositionInformation,
  105.     FileFullEaInformation,
  106.     FileModeInformation,
  107.     FileAlignmentInformation,
  108.     FileAllInformation,
  109.     FileAllocationInformation,
  110.     FileEndOfFileInformation,
  111.     FileAlternateNameInformation,
  112.     FileStreamInformation,
  113.     FilePipeInformation,
  114.     FilePipeLocalInformation,
  115.     FilePipeRemoteInformation,
  116.     FileMailslotQueryInformation,
  117.     FileMailslotSetInformation,
  118.     FileCompressionInformation,
  119.     FileObjectIdInformation,
  120.     FileCompletionInformation,
  121.     FileMoveClusterInformation,
  122.     FileQuotaInformation,
  123.     FileReparsePointInformation,
  124.     FileNetworkOpenInformation,
  125.     FileAttributeTagInformation,
  126.     FileTrackingInformation,
  127.     FileIdBothDirectoryInformation,
  128.     FileIdFullDirectoryInformation,
  129.     FileValidDataLengthInformation,
  130.     FileShortNameInformation,
  131.     FileMaximumInformation
  132. } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
  133.  
  134. typedef enum _EVENT_TYPE { NotificationEvent, SynchronizationEvent } EVENT_TYPE;
  135.  
  136. typedef struct _FILE_BOTH_DIR_INFORMATION {
  137.     ULONG NextEntryOffset;
  138.     ULONG FileIndex;
  139.     LARGE_INTEGER CreationTime;
  140.     LARGE_INTEGER LastAccessTime;
  141.     LARGE_INTEGER LastWriteTime;
  142.     LARGE_INTEGER ChangeTime;
  143.     LARGE_INTEGER EndOfFile;
  144.     LARGE_INTEGER AllocationSize;
  145.     ULONG FileAttributes;
  146.     ULONG FileNameLength;
  147.     ULONG EaSize;
  148.     CCHAR ShortNameLength;
  149.     WCHAR ShortName[12];
  150.     WCHAR FileName[1];
  151. } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
  152.  
  153. NTSTATUS(WINAPI * pRtlInitUnicodeString)(PUNICODE_STRING, PCWSTR);
  154. NTSTATUS(WINAPI * pNtCreateFile)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG);
  155. NTSTATUS(WINAPI * pNtCreateEvent)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
  156. NTSTATUS(WINAPI * pNtQuerydirectoryFile)(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
  157. NTSTATUS(WINAPI * pNtWaitForSingleobject)(HANDLE, BOOLEAN, PLARGE_INTEGER);
  158. NTSTATUS(WINAPI * pRtlUnicodeStringToAnsiString)(PANSI_STRING, PCUNICODE_STRING, BOOLEAN);
  159. NTSTATUS(WINAPI * pNtClose)(HANDLE);
  160.  
  161. void IntializeNativeFunctions(VOID)
  162. {
  163.     HMODULE hModule = LoadLibrary("Ntdll.dll");
  164.  
  165.     pRtlInitUnicodeString = (NTSTATUS(WINAPI *)(PUNICODE_STRING, PCWSTR)) GetProcAddress(hModule, "RtlInitUnicodeString");
  166.     pNtCreateFile = (NTSTATUS(WINAPI *)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG)) GetProcAddress(hModule, "NtCreateFile");
  167.     pNtCreateEvent = (NTSTATUS(WINAPI *)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN)) GetProcAddress(hModule, "NtCreateEvent");
  168.     pNtQuerydirectoryFile = (NTSTATUS(WINAPI *)(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN)) GetProcAddress(hModule, "NtQueryDirectoryFile");
  169.     pNtWaitForSingleobject = (NTSTATUS(WINAPI *)(HANDLE, BOOLEAN, PLARGE_INTEGER)) GetProcAddress(hModule, "NtWaitForSingleObject");
  170.     pRtlUnicodeStringToAnsiString = (NTSTATUS(WINAPI *)(PANSI_STRING, PCUNICODE_STRING, BOOLEAN)) GetProcAddress(hModule, "RtlUnicodeStringToAnsiString");
  171.     pNtClose = (NTSTATUS(WINAPI *)(HANDLE)) GetProcAddress(hModule, "NtClose");
  172. }
  173.  
  174. NTSTATUS ListDirectory(WCHAR * pszDirectoryName)
  175. {
  176.     UNICODE_STRING RootDirectoryName;
  177.     ANSI_STRING as;
  178.     OBJECT_ATTRIBUTES RootDirectoryAttributes;
  179.     NTSTATUS ntStatus = STATUS_SUCCESS;
  180.     HANDLE RootDirectoryHandle;
  181.     IO_STATUS_BLOCK Iosb;
  182.     HANDLE Event;
  183.     PUCHAR Buffer[65536];
  184.     WCHAR wszBuffer[50];
  185.  
  186.     PFILE_BOTH_DIR_INFORMATION DirInformation;
  187.  
  188.     if (pRtlInitUnicodeString == NULL) return -1;
  189.     if (pRtlUnicodeStringToAnsiString == NULL) return -1;
  190.     _snwprintf(wszBuffer, sizeof(wszBuffer), L"\??\%s\", pszDirectoryName);
  191.  
  192.     ntStatus = ((pRtlInitUnicodeString)(&RootDirectoryName, wszBuffer));
  193.  
  194.     if (!NT_SUCCESS(ntStatus))
  195.         return ntStatus;
  196.  
  197.     InitializeObjectAttributes(&RootDirectoryAttributes, &RootDirectoryName, OBJ_CASE_INSENSITIVE, 0, 0);
  198.  
  199.     if (pNtCreateFile == NULL) return -1;
  200.  
  201.     ntStatus = ((pNtCreateFile)(&RootDirectoryHandle,
  202.         GENERIC_READ,
  203.         &RootDirectoryAttributes,
  204.         &Iosb,
  205.         0,
  206.         FILE_ATTRIBUTE_DIRECTORY,
  207.         FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
  208.         FILE_OPEN,
  209.         FILE_DIRECTORY_FILE,
  210.         0, 0));
  211.  
  212.     if (!NT_SUCCESS(ntStatus))
  213.     {
  214.         printf("Unable to open %s, error = 0x%xn", &RootDirectoryName, ntStatus);
  215.         return ntStatus;
  216.     }
  217.  
  218.     if (pNtCreateEvent == NULL) return -1;
  219.  
  220.     ntStatus = ((pNtCreateEvent)(&Event, GENERIC_ALL, 0, NotificationEvent, FALSE));
  221.  
  222.     if (!NT_SUCCESS(ntStatus))
  223.     {
  224.         printf("Event creation failed with error 0x%xn", ntStatus);
  225.         return ntStatus;
  226.     }
  227.  
  228.     if (pNtQuerydirectoryFile == NULL) return -1;
  229.  
  230.     if (((pNtQuerydirectoryFile)(RootDirectoryHandle,
  231.         Event, 0, 0,
  232.         &Iosb,
  233.         Buffer,
  234.         sizeof(Buffer),
  235.         FileBothDirectoryInformation,
  236.         FALSE,
  237.         NULL,
  238.         FALSE)) == STATUS_PENDING)
  239.     {
  240.         if (pNtWaitForSingleobject == NULL) return -1;
  241.         ntStatus = ((pNtWaitForSingleobject)(Event, TRUE, 0));
  242.     }
  243.  
  244.     if (!NT_SUCCESS(ntStatus))
  245.     {
  246.         printf("Unable to query directory contents, error 0x%xn", ntStatus);
  247.         return ntStatus;
  248.     }
  249.  
  250.     DirInformation = (PFILE_BOTH_DIR_INFORMATION)Buffer;
  251.     while (1)
  252.     {
  253.         UNICODE_STRING EntryName;
  254.         EntryName.MaximumLength = EntryName.Length = (USHORT)DirInformation->FileNameLength;
  255.         EntryName.Buffer = &DirInformation->FileName[0];
  256.         ((pRtlUnicodeStringToAnsiString)(&as, &EntryName, TRUE));
  257.  
  258.         if (DirInformation->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
  259.         {
  260.             //printf("Directory name: %sn", as.Buffer);
  261.             wcscpy(pszDirectoryName, &DirInformation->FileName[0]);
  262.             //wcscat(pszDirectoryName, BACKSLASH);
  263.             _bstr_t b(pszDirectoryName);
  264.             const char* c = b;
  265.             printf("Directory name: %sn", c);
  266.  
  267.             ListDirectory(pszDirectoryName); //<<< start iteration inside of directory found!
  268.         }
  269.  
  270.         else
  271.         {
  272.             printf("Filename: %sn", as.Buffer);
  273.         }
  274.  
  275.         if (0 == DirInformation->NextEntryOffset)
  276.             break;
  277.         else
  278.             DirInformation = (PFILE_BOTH_DIR_INFORMATION)(((PUCHAR)DirInformation) + DirInformation->NextEntryOffset);
  279.     }
  280.  
  281.     ((pNtClose)(RootDirectoryHandle));
  282.     return ntStatus;
  283. }
  284.  
  285. int main(VOID)
  286. {
  287.     WCHAR wszDirectory[] = { L"C:\Program Files\AVAST Software\Avast" };
  288.     IntializeNativeFunctions();
  289.     ListDirectory(wszDirectory);
  290.     _getch();
  291.     return 0;
  292. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top