kaganisildak/callingntcreatefile.asm

## callingntcreatefile.asm
format PE GUI
entry start
include 'win32a.inc'
define  OBJ_CASE_INSENSITIVE   0x00000040
FILE_READ_DATA = 0x0001
FILE_READ_ATTRIBUTES = 0x0080
FILE_READ_EA = 0x0008
define FILE_GENERIC_READ  (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA)
define FILE_SUPERSEDE 0x00000000
define FILE_NON_DIRECTORY_FILE 0x00000040
section '.text' code readable executable
start:
mov [fn.Length], FileNameEnd - FileName
mov [fn.MaximumLength], FileNameEnd - FileName
mov [fn.Buffer], FileName
mov [attr.Length],              sizeof.OBJECT_ATTRIBUTES
mov [attr.RootDirectory],       0
mov [attr.Attributes],          OBJ_CASE_INSENSITIVE
mov [attr.ObjectName],          fn
mov [attr.SD],                  0
mov [attr.SQOS],                0
invoke ntCreateFile, hFile,\
[accessMask],\
attr,\
iosb,\
0,\
FILE_ATTRIBUTE_NORMAL,\
FILE_SHARE_READ,\
FILE_SUPERSEDE,\
0,\
0,\
0
ret
section '.data' data writeable readable
accessMask dd 1F01ffh
struct UNICODE_STRING
        Length          dw ?
        MaximumLength   dw ?
        Buffer          dd ?
ends
struct OBJECT_ATTRIBUTES
        Length          dd ?
        RootDirectory   dd ?
        ObjectName      dd ?
        Attributes      dd ?
        SD              dd ?
        SQOS            dd ?
ends
iosb    dd 2 dup (0)
hFile   dd ?
fn      UNICODE_STRING    ?
attr    OBJECT_ATTRIBUTES ?
FileName du '\??\C:\asmtest.txt'
FileNameEnd:
section '.idata' import data readable writeable
library ntdll, "ntdll.dll"
import ntdll, ntCreateFile, "NtCreateFile"
	format PE GUI
	entry start
	include 'win32a.inc'
	define OBJ_CASE_INSENSITIVE 0x00000040
	FILE_READ_DATA = 0x0001
	FILE_READ_ATTRIBUTES = 0x0080
	FILE_READ_EA = 0x0008
	define FILE_GENERIC_READ (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA)
	define FILE_SUPERSEDE 0x00000000
	define FILE_NON_DIRECTORY_FILE 0x00000040
	section '.text' code readable executable
	start:
	mov [fn.Length], FileNameEnd - FileName
	mov [fn.MaximumLength], FileNameEnd - FileName
	mov [fn.Buffer], FileName
	mov [attr.Length], sizeof.OBJECT_ATTRIBUTES
	mov [attr.RootDirectory], 0
	mov [attr.Attributes], OBJ_CASE_INSENSITIVE
	mov [attr.ObjectName], fn
	mov [attr.SD], 0
	mov [attr.SQOS], 0
	invoke ntCreateFile, hFile,\
	[accessMask],\
	attr,\
	iosb,\
	0,\
	FILE_ATTRIBUTE_NORMAL,\
	FILE_SHARE_READ,\
	FILE_SUPERSEDE,\
	0,\
	0,\
	0
	ret
	section '.data' data writeable readable
	accessMask dd 1F01ffh
	struct UNICODE_STRING
	Length dw ?
	MaximumLength dw ?
	Buffer dd ?
	ends
	struct OBJECT_ATTRIBUTES
	Length dd ?
	RootDirectory dd ?
	ObjectName dd ?
	Attributes dd ?
	SD dd ?
	SQOS dd ?
	ends
	iosb dd 2 dup (0)
	hFile dd ?
	fn UNICODE_STRING ?
	attr OBJECT_ATTRIBUTES ?
	FileName du '\??\C:\asmtest.txt'
	FileNameEnd:
	section '.idata' import data readable writeable
	library ntdll, "ntdll.dll"
	import ntdll, ntCreateFile, "NtCreateFile"