无法在win32项目中包含ntifs.h

发布时间：2020-12-14 01:36:45 所属栏目：Windows 来源：网络整理

导读：我试图使用名为NTCreateFile的函数.当我编译它给我一个错误说 “找不到_NTCreateFile标识符”.我包含了标题winternl.h.接下来我尝试使用ZwCreatFile,根据MSDN我包括ntifs.h,但我无法包含该标头.它说“无法打开/找到目录”.我正在使用V @ 2008.问题是什么？我

我试图使用名为NTCreateFile的函数.当我编译它给我一个错误说
“找不到_NTCreateFile标识符”.我包含了标题winternl.h.接下来我尝试使用ZwCreatFile,根据MSDN我包括ntifs.h,但我无法包含该标头.它说“无法打开/找到目录”.我正在使用V @ 2008.问题是什么？我错过了什么吗？

EDIT1：

typedef NTSTATUS (*fp_CreatFile)(
    OUT PHANDLE FileHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,OUT PIO_STATUS_BLOCK IoStatusBlock,IN PLARGE_INTEGER AllocationSize OPTIONAL,IN ULONG FileAttributes,IN ULONG ShareAccess,IN ULONG CreateDisposition,IN ULONG CreateOptions,IN PVOID EaBuffer OPTIONAL,IN ULONG EaLength
    );
OBJECT_ATTRIBUTES myAttributes;

int _tmain(int argc,_TCHAR* argv[])
{
    fp_CreatFile myFunction;
    HMODULE module = LoadLibrary(L"ntdll.dll");
    if(NULL != module)
    {
        myFunction = (fp_CreatFile)GetProcAddress(module,"NtCreateFile");
    }

    UNICODE_STRING string;
    IO_STATUS_BLOCK fileStatus;
    string.Length = 56;
    string.Buffer = L"C:userkiddoDesktop7zFM.exe";
    string.MaximumLength = 56;

    HANDLE fileHandle;
    myAttributes.ObjectName = &string;
    myAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
    long mystatus = myFunction(&fileHandle,FILE_GENERIC_READ,&myAttributes,&fileStatus,NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ,NULL);
    return 0;
}

当它试图调用它在消息框中给出以下错误.
错误：
运行时检查失败#0 – ESP的值未在函数调用中正确保存.这通常是调用使用一个调用约定声明的函数和使用不同调用约定声明的函数指针的结果.

解决方法

如果您阅读 MSDN documentation,第一段说：

Note Before using this function,
please read 07001.

其中说:(我突出了重要部分)

The Winternl.h header file exposes
prototypes of internal Windows APIs.
There is no associated import library,
so developers must use run-time
dynamic linking to call the functions
described in this header file.

The functions and structures in
Winternl.h are internal to the
operating system and subject to change
from one release of Windows to the
next,and possibly even between
service packs for each release. To
maintain the compatibility of your
application,you should use the
equivalent public functions instead.
Further information is available in
the header file,Winternl.h,and the
documentation for each function.

If you do use these functions,you can
access them through run-time dynamic
linking using 07002 and
07003. This gives your code
an opportunity to respond gracefully
if the function has been changed or
removed from the operating system.
Signature changes,however,may not be
detectable.

因此,您必须先从NtDll.dll加载要使用的函数,然后才能使用它们.

这是一个未经测试的示例代码示例：

typedef NTSTATUS (__stdcall *NtCreateFile)(
    OUT PHANDLE FileHandle,IN ULONG EaLength
    );

NtCreateFile _NtCreateFile = (NtCreateFile)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtCreateFile");

// You can now use the function
_NtCreateFile(/* params */);

// Don't forget the release the resources

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!