Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- UNICODE_STRING uniName;
- OBJECT_ATTRIBUTES objAttr;
- RtlInitUnicodeString(&uniName, L"\\DosDevices\\C:\\Users\\rainb\\source\\repos\\testAppForKernel\\x64\\Debug\\usermode.txt"); // or L"\\SystemRoot\\example.txt"
- InitializeObjectAttributes(&objAttr, &uniName,
- OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
- NULL, NULL);
- HANDLE handle;
- NTSTATUS ntstatus;
- IO_STATUS_BLOCK ioStatusBlock;
- if (KeGetCurrentIrql() != PASSIVE_LEVEL)
- return STATUS_INVALID_DEVICE_STATE;
- ntstatus = ZwCreateFile(&handle,
- GENERIC_WRITE,
- &objAttr, &ioStatusBlock, NULL,
- FILE_ATTRIBUTE_NORMAL,
- 0,
- FILE_OVERWRITE_IF,
- FILE_SYNCHRONOUS_IO_NONALERT,
- NULL, 0);
- LARGE_INTEGER byteOffset;
- #define BUFFER_SIZE 30
- CHAR buffer[BUFFER_SIZE];
- ntstatus = ZwCreateFile(&handle,
- GENERIC_READ,
- &objAttr, &ioStatusBlock,
- NULL,
- FILE_ATTRIBUTE_NORMAL,
- 0,
- FILE_OPEN,
- FILE_SYNCHRONOUS_IO_NONALERT,
- NULL, 0);
- if (NT_SUCCESS(ntstatus)) {
- byteOffset.LowPart = byteOffset.HighPart = 0;
- ntstatus = ZwReadFile(handle, NULL, NULL, NULL, &ioStatusBlock,
- buffer, BUFFER_SIZE, &byteOffset, NULL);
- if (NT_SUCCESS(ntstatus)) {
- buffer[BUFFER_SIZE - 1] = '\0';
- DbgPrint("%s\n", buffer);
- }
- ZwClose(handle);
- }
Add Comment
Please, Sign In to add comment
