NTSTATUS NTAPI RtlCreateUserThread(HANDLE ProcessHandle, /*PSECURITY_DESCRIPTOR*/ PVOID SecurityDescriptor, BOOLEAN CreateSuspended, ULONG StackZeroBits, PULONG StackReserved, PULONG StackCommit, PVOID StartAddress, PVOID StartParameter, PHANDLE ThreadHandle, PCLIENT_ID ClientID) { char desc[1024]; HANDLE th; CHECK_POINTER(ProcessHandle); CHECK_POINTER(StartAddress); CHECK_POINTER(ThreadHandle); snprintf(desc, sizeof(desc), "ThreadProc @%p - param @%p", StartAddress, StartParameter); __CreateHandle(th, HANDLE_TH, desc); th->thread.StartAddress = StartAddress; th->thread.StartParameter = StartParameter; th->thread.ExitStatus = -1; #ifdef THREADED if (pthread_create(&th->thread.tid, NULL, thread_start, (void *) th)) { RtlFreeHeap(HANDLE_HEAP, 0, th); return STATUS_UNSUCCESSFUL; } #else if (!setjmp(env)) thread_start(th); #endif *ThreadHandle = th; return STATUS_SUCCESS; }
NTSTATUS NTAPI NtOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions) { CHECK_POINTER(FileHandle); CHECK_POINTER(IoStatusBlock); #ifdef REDIR_IO { IO_STATUS_BLOCK iob; FILE_STANDARD_INFORMATION fi; DECLAREVARCONV(ObjectAttributesA); HANDLE hFile; NTSTATUS res = ftbl.nt.NtOpenFile(&hFile, DesiredAccess, ObjectAttributes, IoStatusBlock, ShareAccess, OpenOptions); OA2STR(ObjectAttributes); if (res < 0) { Log("ntdll.NtOpenFile(\"%s\", 0x%08x) = 0x%08x\n", ObjectAttributesA, DesiredAccess, res); return res; } __CreateHandle(*FileHandle, HANDLE_FILE, ObjectAttributesA); (*FileHandle)->file.mode = DesiredAccess; (*FileHandle)->file.fh = hFile; res = ftbl.nt.NtQueryInformationFile(hFile, &iob, &fi, sizeof(fi), FileStandardInformation); if (res == STATUS_SUCCESS) (*FileHandle)->file.st.st_size = fi.EndOfFile.QuadPart; else { GET_LENGTH_INFORMATION gli; if ((res = ftbl.nt.NtDeviceIoControlFile(hFile, NULL, NULL, NULL, IoStatusBlock, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &gli, sizeof(GET_LENGTH_INFORMATION))) < 0) { fprintf(stderr, "NtOpenFile() - Unable to get size of %s: 0x%08x\n", ObjectAttributesA, res); abort(); } (*FileHandle)->file.st.st_size = gli.Length.QuadPart; } Log("ntdll.NtOpenFile(\"%s\", 0x%08x)\n", ObjectAttributesA, DesiredAccess); return res; } #else return NtCreateFile(FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, NULL, 0, ShareAccess, OPEN_EXISTING, OpenOptions, NULL, 0); #endif }
NTSTATUS NTAPI NtCreateFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength) { #ifdef _WIN32 HANDLE hFile; LARGE_INTEGER size; #endif DECLAREVARCONV(ObjectAttributesA); CHECK_POINTER(FileHandle); CHECK_POINTER(IoStatusBlock); OA2STR(ObjectAttributes); IoStatusBlock->Information = FILE_DOES_NOT_EXIST; #ifdef REDIR_IO { IO_STATUS_BLOCK iob; FILE_STANDARD_INFORMATION fi; NTSTATUS res = ftbl.nt.NtCreateFile(&hFile, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength); if (res < 0) { Log("ntdll.NtCreateFile(\"%s\", 0x%08x) = 0x%08x\n", ObjectAttributesA, DesiredAccess, res); return res; } __CreateHandle(*FileHandle, HANDLE_FILE, ObjectAttributesA); (*FileHandle)->file.mode = DesiredAccess; (*FileHandle)->file.fh = hFile; res = ftbl.nt.NtQueryInformationFile(hFile, &iob, &fi, sizeof(fi), FileStandardInformation); if (res == STATUS_SUCCESS) (*FileHandle)->file.st.st_size = fi.EndOfFile.QuadPart; else { GET_LENGTH_INFORMATION gli; if ((res = ftbl.nt.NtDeviceIoControlFile(hFile, NULL, NULL, NULL, IoStatusBlock, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &gli, sizeof(GET_LENGTH_INFORMATION))) < 0) { //fprintf(stderr, "NtOpenFile() - Unable to get size of %s: 0x%08x\n", ObjectAttributesA, res); // KeyboardClass etc (*FileHandle)->file.st.st_size = 0; } else (*FileHandle)->file.st.st_size = gli.Length.QuadPart; } } #endif /* REDIR_IO */ Log("ntdll.NtCreateFile(\"%s\", 0x%08x)\n", ObjectAttributesA, DesiredAccess); #ifdef _WIN32 hFile = CreateFileW(ObjectAttributes->ObjectName->Buffer, (DesiredAccess << 8) & 0xf0000000, ShareAccess, NULL, CreateDisposition, FileAttributes, NULL); if (hFile == INVALID_HANDLE_VALUE) { DWORD err = GetLastError(); if (err != 3 /* ERROR_PATH_NOT_FOUND */) fwprintf(stderr, L"CreateFileW '%s' failed with %d\n", ObjectAttributes->ObjectName->Buffer, GetLastError()); return (IoStatusBlock->u.Status = STATUS_OBJECT_NAME_NOT_FOUND); } if (!GetFileSizeEx(hFile, &size)) { fprintf(stderr, "CreateFileW() - Unable to get size of %s: %d\n", ObjectAttributesA, GetLastError()); return (IoStatusBlock->u.Status = STATUS_OBJECT_NAME_NOT_FOUND); } __CreateHandle(*FileHandle, HANDLE_FILE, ObjectAttributesA); (*FileHandle)->file.fh = hFile; (*FileHandle)->file.mode = DesiredAccess; (*FileHandle)->file.st.st_size = size.QuadPart; #else /* _WIN32 */ int fd = unix_open(ObjectAttributesA, ntflags_unix(DesiredAccess)); struct stat st; if ((fd < 0) || (fstat(fd, &st) < 0)) return (IoStatusBlock->u.Status = STATUS_OBJECT_NAME_NOT_FOUND); #if defined(BLKGETSIZE64) if (S_ISBLK(st.st_mode) && (ioctl(fd, BLKGETSIZE64, &st.st_size) < 0)) #elif defined(DIOCGMEDIASIZE) if (S_ISCHR(st.st_mode) && (ioctl(fd, DIOCGMEDIASIZE, &st.st_size) < 0)) #else if (!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) #endif st.st_size = 0; __CreateHandle(*FileHandle, HANDLE_FILE, ObjectAttributesA); (*FileHandle)->file.fh = fd; (*FileHandle)->file.mode = DesiredAccess; memcpy(&(*FileHandle)->file.st, &st, sizeof(st)); #endif /* _WIN32 */ IoStatusBlock->Information = FILE_CREATED; return (IoStatusBlock->u.Status = STATUS_SUCCESS); }