NtOpenFile, NtCreateFile, NtWriteFile, NtOpenKey, NtSetValueKey, NtQueryValueKey

test.cpp

#include <windows.h>
#include "ntdll.h"


#define __DEBUG__ 1000


#define patternlen MAX_PATH*2

#define masN 2
WCHAR Wmas[2][100]=
{
//1--------02--------03--------04--------05--------06--------07--------08------"
L"   .e$$$$$$e.                                                            \n",
L"                                                                         \n"   
};




#define bufLen 32768//8192
#define xX	   1000
char buf[bufLen]="";

void fileedit (PVOID Peb){
//sysnative.com/forums/programming/8592-ntcreatefile-example.html
	#define FILE_OPEN_IF (3)
#define FILE_OVERWRITE_IF 0x00000005 
	HANDLE h;
	NTSTATUS status;
	const int allocSize = 2048;
	ULONG uSize = 200;
	WCHAR Buffer[100] = L"testdatatofile";
	WCHAR Readrez[100] = L"";
	LARGE_INTEGER largeInteger;
	//ULONG FILE_OPEN_IF = FILE_OPEN_IF;
	OBJECT_ATTRIBUTES obj;
	IO_STATUS_BLOCK isb;
	//WCHAR str[MAX_PATH*2]=L"";
	UNICODE_STRING str;
	WCHAR filepath[100]= L"\\??\\\\C:\\testfilecreate.txt";
	WCHAR filepathtoread[100]= L"\\??\\\\C:\\testfilecreate.txt";
	RtlInitUnicodeString(&str, filepath);
	//FILE_BASIC_INFORMATION DirInformation;
//;

   
   largeInteger.QuadPart = allocSize;

	InitializeObjectAttributes(&obj, &str, 
	OBJ_CASE_INSENSITIVE, NULL, NULL);

 status = NtCreateFile(&h, FILE_GENERIC_WRITE, &obj, &isb, 0,
	 FILE_ATTRIBUTE_NORMAL,FILE_SHARE_WRITE, FILE_OVERWRITE_IF,
FILE_RANDOM_ACCESS|FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);

 	if(status>=0)
	{
		RtlInitUnicodeString(&str, L"No error while creating file\n\r");
		NtDisplayString(&str);
	}
	else{
		_snwprintf(filepath, 100, L"status = %x\n", status);
		RtlInitUnicodeString(&str, filepath);
		NtDisplayString(&str);
		
		
	}
	status = NtWriteFile(h,NULL,NULL,NULL, &isb, Buffer, uSize, NULL, NULL);
	if(status>=0){
 		RtlInitUnicodeString(&str, L"Data successfully written\n\r");
		NtDisplayString(&str);
	}
	else{
		_snwprintf(filepath, 100, L"status = %x\n", status);
		RtlInitUnicodeString(&str, filepath);
		NtDisplayString(&str);
	}
	NtClose(h);

	RtlInitUnicodeString(&str, filepathtoread);
	 status = NtCreateFile(&h, FILE_GENERIC_READ, &obj, &isb, 0,
	 FILE_ATTRIBUTE_NORMAL,FILE_SHARE_WRITE, FILE_OPEN_IF,FILE_RANDOM_ACCESS|FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
	 if(status>=0){
		RtlInitUnicodeString(&str, L"File is open\n\r");
		NtDisplayString(&str);
	 }
	 else{
		_snwprintf(filepath, 100, L"status = %x\n", status);
		RtlInitUnicodeString(&str, filepath);
		NtDisplayString(&str);
	//}
	 }
	 status = NtReadFile(h,NULL,NULL,NULL,&isb,Readrez,uSize,0,NULL);
	  NtClose(h);
	if(status>=0)
	{
		RtlInitUnicodeString(&str, L"File content:\n\r");
		NtDisplayString(&str);
		RtlInitUnicodeString(&str, Readrez);
		NtDisplayString(&str);
	}
	else{
		_snwprintf(filepath, 100, L"status = %x\n", status);
		RtlInitUnicodeString(&str, filepath);
		NtDisplayString(&str);
		
		
	}
   //if (hFile != NULL) CloseHandle(hFile);
//	std::cout << "Done!" << std::endl;
	//NtCreateFile(&h, FILE_WRITE_DATA, &obj, isb,  );
	//NtWriteFile();


}
void regkeyedit(PVOID Peb)
{
	HANDLE h;
	NTSTATUS status;
	UNICODE_STRING UnicodeRegPath;
	OBJECT_ATTRIBUTES ObjectAttributes;
	ULONG DataSize = 100;
	BYTE* pBuffer = 0;
	ULONG uSize = 200;
	ULONG uRetSize;
	//ULONG res;
	// Новые переменные
	WCHAR Buffer[100] = L"1";
	PKEY_VALUE_FULL_INFORMATION pPI=0;

//	Путь куда пишем
	WCHAR RegPath[100] = L"\\REGISTRY\\MACHINE\\SYSTEM";
	RtlInitUnicodeString(&UnicodeRegPath, RegPath);
	
	InitializeObjectAttributes(&ObjectAttributes, &UnicodeRegPath, OBJ_CASE_INSENSITIVE, 0, 0);
	status = NtOpenKey(&h,KEY_ALL_ACCESS, &ObjectAttributes);
RtlInitUnicodeString(&UnicodeRegPath, L"START\n\r");
		NtDisplayString(&UnicodeRegPath);
		//Проверка на ошибки
	if(status>=0)
	{
		RtlInitUnicodeString(&UnicodeRegPath, L"No error\n\r");
		NtDisplayString(&UnicodeRegPath);
	}
	else{
		_snwprintf(RegPath, 100, L"status = %x\n", status);
		RtlInitUnicodeString(&UnicodeRegPath, RegPath);
		NtDisplayString(&UnicodeRegPath);
		
		
	}
    if(status==STATUS_INVALID_HANDLE){
		RtlInitUnicodeString(&UnicodeRegPath, L"STATUS INVALID HANDLE\n\r");
		NtDisplayString(&UnicodeRegPath);
	}

RtlInitUnicodeString(&UnicodeRegPath, L"testkey");


pPI=(PKEY_VALUE_FULL_INFORMATION)Buffer;
wcscpy(RegPath, L"testvalue\0");
status =
NtSetValueKey( h ,	&UnicodeRegPath, 0, REG_SZ, RegPath, wcslen(RegPath)*2+2 );
if(status>=0){
	RtlInitUnicodeString(&UnicodeRegPath, L"Record complete!\n\r");
	NtDisplayString(&UnicodeRegPath);
}
else{

		_snwprintf(RegPath, 100, L"Error Reg write = %x\n", status);
		RtlInitUnicodeString(&UnicodeRegPath, RegPath);
		NtDisplayString(&UnicodeRegPath);
}
RtlInitUnicodeString(&UnicodeRegPath, L"testkey");

status = NtQueryValueKey(h, &UnicodeRegPath, KeyValueFullInformation , Buffer, uSize, &uRetSize);
if(status<0){
		_snwprintf(RegPath, 100, L"Error registry key read = %x\n", status);
		RtlInitUnicodeString(&UnicodeRegPath, RegPath);
		NtDisplayString(&UnicodeRegPath);
}
else{

	RtlInitUnicodeString(&UnicodeRegPath, L"\n\rKey successfully read\n\r");
	NtDisplayString(&UnicodeRegPath);
	RtlInitUnicodeString(&UnicodeRegPath, L"\n\r\n\r");
	NtDisplayString(&UnicodeRegPath);
	pPI=(PKEY_VALUE_FULL_INFORMATION)Buffer;
	RtlInitUnicodeString(&UnicodeRegPath, (unsigned short*)((char*)pPI + pPI->DataOffset));
	NtDisplayString(&UnicodeRegPath);


}

}



void mainBE(PVOID Peb)
{




	WCHAR ShowStr[MAX_PATH*2]=L"";
	UNICODE_STRING str;
	UINT j;
	LARGE_INTEGER t;

	

	for (j=0;j<masN;j++)
	{
		RtlInitUnicodeString(&str,Wmas[j]);
		NtDisplayString(&str);	
	}	



	#ifdef __DEBUG__
	NtDelayExecution(FALSE,&t);
	#endif


	
	

	return;

}









BOOL mSleep (DWORD msec) 
{
	HANDLE Event;
	LARGE_INTEGER t; 

	NtCreateEvent(&Event,GENERIC_ALL,0,NotificationEvent,FALSE);			
	
	t.LowPart=msec*100000;
	t.HighPart=0;
	//t.QuadPart=msec*10000;

	NtWaitForSingleObject(Event,TRUE,&t);

	NtClose(Event);

	return TRUE;
}