API tools faq
paste
Guest User

Untitled

a guest
Jun 14th, 2018
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.68 KB | None | 0 0
raw download clone embed print report
  1. if (DirInformation->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
  2. {
  3. //printf("Directory name: %sn", as.Buffer);
  4. wcscpy(pszDirectoryName, &DirInformation->FileName[0]);
  5. //wcscat(pszDirectoryName, BACKSLASH);
  6. _bstr_t b(pszDirectoryName);
  7. const char* c = b;
  8. printf("Directory name: %sn", c);
  9.  
  10. ListDirectory(pszDirectoryName); //<<< start iteration inside of directory found!
  11. }
  12.  
  13. #include "stdafx.h"
  14. #include <windows.h>
  15. #include <stdio.h>
  16. #include <conio.h>
  17. #include <comdef.h>
  18.  
  19. #define BACKSLASH L"\"
  20.  
  21. typedef LONG NTSTATUS;
  22. typedef NTSTATUS *PNTSTATUS;
  23. typedef DWORD ULONG_PTR;
  24.  
  25. #define STATUS_SUCCESS (NTSTATUS)0x00000000L
  26. #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
  27. #define FILE_OPEN 0x00000001
  28. #define OBJ_CASE_INSENSITIVE 0x00000040L
  29. #define FILE_DIRECTORY_FILE 0x00000001
  30.  
  31. #define InitializeObjectAttributes( p, n, a, r, s ) {
  32. (p)->uLength = sizeof(OBJECT_ATTRIBUTES);
  33. (p)->hRootDirectory = r;
  34. (p)->uAttributes = a;
  35. (p)->pObjectName = n;
  36. (p)->pSecurityDescriptor = s;
  37. (p)->pSecurityQualityOfService = NULL;
  38. }
  39.  
  40. typedef struct _UNICODE_STRING {
  41. USHORT Length;
  42. USHORT MaximumLength;
  43. PWSTR Buffer;
  44. } UNICODE_STRING;
  45.  
  46. typedef UNICODE_STRING *PUNICODE_STRING;
  47. typedef const UNICODE_STRING *PCUNICODE_STRING;
  48. typedef USHORT RTL_STRING_LENGTH_TYPE;
  49.  
  50. typedef struct _STRING {
  51. USHORT Length;
  52. USHORT MaximumLength;
  53. PCHAR Buffer;
  54. } STRING;
  55.  
  56. typedef STRING *PSTRING;
  57. typedef STRING ANSI_STRING;
  58. typedef PSTRING PANSI_STRING;
  59.  
  60. typedef struct _OBJECT_ATTRIBUTES {
  61. ULONG uLength;
  62. HANDLE hRootDirectory;
  63. PUNICODE_STRING pObjectName;
  64. ULONG uAttributes;
  65. PVOID pSecurityDescriptor;
  66. PVOID pSecurityQualityOfService;
  67. } OBJECT_ATTRIBUTES;
  68.  
  69. #define InitializeObjectAttributes( p, n, a, r, s ) {
  70. (p)->uLength = sizeof(OBJECT_ATTRIBUTES);
  71. (p)->hRootDirectory = r;
  72. (p)->uAttributes = a;
  73. (p)->pObjectName = n;
  74. (p)->pSecurityDescriptor = s;
  75. (p)->pSecurityQualityOfService = NULL;
  76. }
  77.  
  78. typedef OBJECT_ATTRIBUTES * POBJECT_ATTRIBUTES;
  79.  
  80. typedef struct _IO_STATUS_BLOCK {
  81. union {
  82. NTSTATUS Status;
  83. PVOID Pointer;
  84. };
  85. ULONG_PTR Information;
  86. } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
  87.  
  88. typedef VOID(NTAPI *PIO_APC_ROUTINE) (IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved);
  89.  
  90. typedef enum _FILE_INFORMATION_CLASS {
  91. FileDirectoryInformation = 1,
  92. FileFullDirectoryInformation,
  93. FileBothDirectoryInformation,
  94. FileBasicInformation,
  95. FileStandardInformation,
  96. FileInternalInformation,
  97. FileEaInformation,
  98. FileAccessInformation,
  99. FileNameInformation,
  100. FileRenameInformation,
  101. FileLinkInformation,
  102. FileNamesInformation,
  103. FileDispositionInformation,
  104. FilePositionInformation,
  105. FileFullEaInformation,
  106. FileModeInformation,
  107. FileAlignmentInformation,
  108. FileAllInformation,
  109. FileAllocationInformation,
  110. FileEndOfFileInformation,
  111. FileAlternateNameInformation,
  112. FileStreamInformation,
  113. FilePipeInformation,
  114. FilePipeLocalInformation,
  115. FilePipeRemoteInformation,
  116. FileMailslotQueryInformation,
  117. FileMailslotSetInformation,
  118. FileCompressionInformation,
  119. FileObjectIdInformation,
  120. FileCompletionInformation,
  121. FileMoveClusterInformation,
  122. FileQuotaInformation,
  123. FileReparsePointInformation,
  124. FileNetworkOpenInformation,
  125. FileAttributeTagInformation,
  126. FileTrackingInformation,
  127. FileIdBothDirectoryInformation,
  128. FileIdFullDirectoryInformation,
  129. FileValidDataLengthInformation,
  130. FileShortNameInformation,
  131. FileMaximumInformation
  132. } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
  133.  
  134. typedef enum _EVENT_TYPE { NotificationEvent, SynchronizationEvent } EVENT_TYPE;
  135.  
  136. typedef struct _FILE_BOTH_DIR_INFORMATION {
  137. ULONG NextEntryOffset;
  138. ULONG FileIndex;
  139. LARGE_INTEGER CreationTime;
  140. LARGE_INTEGER LastAccessTime;
  141. LARGE_INTEGER LastWriteTime;
  142. LARGE_INTEGER ChangeTime;
  143. LARGE_INTEGER EndOfFile;
  144. LARGE_INTEGER AllocationSize;
  145. ULONG FileAttributes;
  146. ULONG FileNameLength;
  147. ULONG EaSize;
  148. CCHAR ShortNameLength;
  149. WCHAR ShortName[12];
  150. WCHAR FileName[1];
  151. } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
  152.  
  153. NTSTATUS(WINAPI * pRtlInitUnicodeString)(PUNICODE_STRING, PCWSTR);
  154. NTSTATUS(WINAPI * pNtCreateFile)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG);
  155. NTSTATUS(WINAPI * pNtCreateEvent)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
  156. NTSTATUS(WINAPI * pNtQuerydirectoryFile)(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
  157. NTSTATUS(WINAPI * pNtWaitForSingleobject)(HANDLE, BOOLEAN, PLARGE_INTEGER);
  158. NTSTATUS(WINAPI * pRtlUnicodeStringToAnsiString)(PANSI_STRING, PCUNICODE_STRING, BOOLEAN);
  159. NTSTATUS(WINAPI * pNtClose)(HANDLE);
  160.  
  161. void IntializeNativeFunctions(VOID)
  162. {
  163. HMODULE hModule = LoadLibrary("Ntdll.dll");
  164.  
  165. pRtlInitUnicodeString = (NTSTATUS(WINAPI *)(PUNICODE_STRING, PCWSTR)) GetProcAddress(hModule, "RtlInitUnicodeString");
  166. pNtCreateFile = (NTSTATUS(WINAPI *)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG)) GetProcAddress(hModule, "NtCreateFile");
  167. pNtCreateEvent = (NTSTATUS(WINAPI *)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN)) GetProcAddress(hModule, "NtCreateEvent");
  168. pNtQuerydirectoryFile = (NTSTATUS(WINAPI *)(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN)) GetProcAddress(hModule, "NtQueryDirectoryFile");
  169. pNtWaitForSingleobject = (NTSTATUS(WINAPI *)(HANDLE, BOOLEAN, PLARGE_INTEGER)) GetProcAddress(hModule, "NtWaitForSingleObject");
  170. pRtlUnicodeStringToAnsiString = (NTSTATUS(WINAPI *)(PANSI_STRING, PCUNICODE_STRING, BOOLEAN)) GetProcAddress(hModule, "RtlUnicodeStringToAnsiString");
  171. pNtClose = (NTSTATUS(WINAPI *)(HANDLE)) GetProcAddress(hModule, "NtClose");
  172. }
  173.  
  174. NTSTATUS ListDirectory(WCHAR * pszDirectoryName)
  175. {
  176. UNICODE_STRING RootDirectoryName;
  177. ANSI_STRING as;
  178. OBJECT_ATTRIBUTES RootDirectoryAttributes;
  179. NTSTATUS ntStatus = STATUS_SUCCESS;
  180. HANDLE RootDirectoryHandle;
  181. IO_STATUS_BLOCK Iosb;
  182. HANDLE Event;
  183. PUCHAR Buffer[65536];
  184. WCHAR wszBuffer[50];
  185.  
  186. PFILE_BOTH_DIR_INFORMATION DirInformation;
  187.  
  188. if (pRtlInitUnicodeString == NULL) return -1;
  189. if (pRtlUnicodeStringToAnsiString == NULL) return -1;
  190. _snwprintf(wszBuffer, sizeof(wszBuffer), L"\??\%s\", pszDirectoryName);
  191.  
  192. ntStatus = ((pRtlInitUnicodeString)(&RootDirectoryName, wszBuffer));
  193.  
  194. if (!NT_SUCCESS(ntStatus))
  195. return ntStatus;
  196.  
  197. InitializeObjectAttributes(&RootDirectoryAttributes, &RootDirectoryName, OBJ_CASE_INSENSITIVE, 0, 0);
  198.  
  199. if (pNtCreateFile == NULL) return -1;
  200.  
  201. ntStatus = ((pNtCreateFile)(&RootDirectoryHandle,
  202. GENERIC_READ,
  203. &RootDirectoryAttributes,
  204. &Iosb,
  205. 0,
  206. FILE_ATTRIBUTE_DIRECTORY,
  207. FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
  208. FILE_OPEN,
  209. FILE_DIRECTORY_FILE,
  210. 0, 0));
  211.  
  212. if (!NT_SUCCESS(ntStatus))
  213. {
  214. printf("Unable to open %s, error = 0x%xn", &RootDirectoryName, ntStatus);
  215. return ntStatus;
  216. }
  217.  
  218. if (pNtCreateEvent == NULL) return -1;
  219.  
  220. ntStatus = ((pNtCreateEvent)(&Event, GENERIC_ALL, 0, NotificationEvent, FALSE));
  221.  
  222. if (!NT_SUCCESS(ntStatus))
  223. {
  224. printf("Event creation failed with error 0x%xn", ntStatus);
  225. return ntStatus;
  226. }
  227.  
  228. if (pNtQuerydirectoryFile == NULL) return -1;
  229.  
  230. if (((pNtQuerydirectoryFile)(RootDirectoryHandle,
  231. Event, 0, 0,
  232. &Iosb,
  233. Buffer,
  234. sizeof(Buffer),
  235. FileBothDirectoryInformation,
  236. FALSE,
  237. NULL,
  238. FALSE)) == STATUS_PENDING)
  239. {
  240. if (pNtWaitForSingleobject == NULL) return -1;
  241. ntStatus = ((pNtWaitForSingleobject)(Event, TRUE, 0));
  242. }
  243.  
  244. if (!NT_SUCCESS(ntStatus))
  245. {
  246. printf("Unable to query directory contents, error 0x%xn", ntStatus);
  247. return ntStatus;
  248. }
  249.  
  250. DirInformation = (PFILE_BOTH_DIR_INFORMATION)Buffer;
  251. while (1)
  252. {
  253. UNICODE_STRING EntryName;
  254. EntryName.MaximumLength = EntryName.Length = (USHORT)DirInformation->FileNameLength;
  255. EntryName.Buffer = &DirInformation->FileName[0];
  256. ((pRtlUnicodeStringToAnsiString)(&as, &EntryName, TRUE));
  257.  
  258. if (DirInformation->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
  259. {
  260. //printf("Directory name: %sn", as.Buffer);
  261. wcscpy(pszDirectoryName, &DirInformation->FileName[0]);
  262. //wcscat(pszDirectoryName, BACKSLASH);
  263. _bstr_t b(pszDirectoryName);
  264. const char* c = b;
  265. printf("Directory name: %sn", c);
  266.  
  267. ListDirectory(pszDirectoryName); //<<< start iteration inside of directory found!
  268. }
  269.  
  270. else
  271. {
  272. printf("Filename: %sn", as.Buffer);
  273. }
  274.  
  275. if (0 == DirInformation->NextEntryOffset)
  276. break;
  277. else
  278. DirInformation = (PFILE_BOTH_DIR_INFORMATION)(((PUCHAR)DirInformation) + DirInformation->NextEntryOffset);
  279. }
  280.  
  281. ((pNtClose)(RootDirectoryHandle));
  282. return ntStatus;
  283. }
  284.  
  285. int main(VOID)
  286. {
  287. WCHAR wszDirectory[] = { L"C:\Program Files\AVAST Software\Avast" };
  288. IntializeNativeFunctions();
  289. ListDirectory(wszDirectory);
  290. _getch();
  291. return 0;
  292. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!