Skip to content

Instantly share code, notes, and snippets.

@0xbadfca11

0xbadfca11/0.md

Created March 19, 2024 11:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 0xbadfca11/5bde6392f4a402ebb981ba1e16a35956 to your computer and use it in GitHub Desktop.
Save 0xbadfca11/5bde6392f4a402ebb981ba1e16a35956 to your computer and use it in GitHub Desktop.
Download ZIP
Using FileExtd.lib with newer Windows SDK
Raw
0.md
  1. Add kernel32.lib to Ignore Specific Default Libraries.
    But don't remove kernel32.lib from Additional Dependencies.
  2. Set Additional Dependencies to fileextd.lib;ntdll.lib;%(AdditionalDependencies).
    Order is important. fileextd.lib must come before kernel32.lib.
  3. FileExtd.lib was not created with __declspec(dllimport) in mind. Need to take precautions against the _imp__ symbol.
    Do either.
    • #define WINBASEAPI before #include <windows.h>. Although this is easy, keep in mind that it affects the entire source file.
    • Override __imp__SetFileInformationByHandle@16 using assembly.
Raw
fileextd.asm
.MODEL FLAT
EXTERN _SetFileInformationByHandle@16:PROC
PUBLIC __imp__SetFileInformationByHandle@16
.CONST
__imp__SetFileInformationByHandle@16 DD _SetFileInformationByHandle@16
END
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment