pb 4.30 [x64] RtlFillMemoryUlong doesn't work

Windows specific forum
Post Reply
User avatar
bingo
Enthusiast
Enthusiast
Posts: 210
Joined: Fri Apr 02, 2004 12:21 pm
Location: germany/thueringen
Contact:
Contact bingo

pb 4.30 [x64] RtlFillMemoryUlong doesn't work

Post by bingo »

tested in vista64 ...

Code: Select all

OpenLibrary(0, "ntdll.dll")

Debug GetFunction(0, "RtlCompareMemory") ; ok      
Debug GetFunction(0, "RtlFillMemoryUlong") ; = 0 !
Debug GetFunction(0, "RtlComputeCrc32") ; ok

CloseLibrary(0)
:roll:

RtlFillMemoryUlong is legal api function ...
["1:0>1"]
Top
Fred
Administrator
Administrator
Posts: 18162
Joined: Fri May 17, 2002 4:39 pm
Location: France
Contact:
Contact Fred

Post by Fred »

are you sure it's exported by the ntdll.dll ? sometimes, API are defined as macro in the C headers.
Top
User avatar
bingo
Enthusiast
Enthusiast
Posts: 210
Joined: Fri Apr 02, 2004 12:21 pm
Location: germany/thueringen
Contact:
Contact bingo

Post by bingo »

yes ... i have tested with polib.exe (64)
polib.exe /out:ntdll.lib c:\windows\SysWOW64\ntdll.dll /nound /MACHINE:x64

... RtlEraseUnicodeString RtlExitUserProcess RtlExitUserThread RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings_U RtlExtendMemoryBlockLookaside RtlExtendMemoryZone RtlExtendedIntegerMultiply RtlExtendedLargeIntegerDivide RtlExtendedMagicDivide RtlFillMemory RtlFillMemoryUlong RtlFinalReleaseOutOfProcessMemoryStream RtlFindAceByType RtlFindActivationContextSectionGuid RtlFindActivationContextSectionString RtlFindCharInUnicodeString RtlFindClearBits RtlFindClearBitsAndSet RtlFindClearRuns RtlFindClosestEncodableLength RtlFindLastBackwardRunClear RtlFindLeastSignificantBit RtlFindLongestRunClear RtlFindMessage...
["1:0>1"]
Top
Fred
Administrator
Administrator
Posts: 18162
Joined: Fri May 17, 2002 4:39 pm
Location: France
Contact:
Contact Fred

Post by Fred »

And it's shown by "dependency walker" as well ?
Top
User avatar
bingo
Enthusiast
Enthusiast
Posts: 210
Joined: Fri Apr 02, 2004 12:21 pm
Location: germany/thueringen
Contact:
Contact bingo

Post by bingo »

OpenLibrary(0, "ntdll.dll")

Debug GetFunction(0, "RtlCompareMemory") ; ok
Debug GetFunction(0, "RtlFillMemoryUlong") ; = 0 !
Debug GetFunction(0, "RtlComputeCrc32") ; ok

CloseLibrary(0)

RtlFillMemoryUlong (or RtlFillMemoryUlong_(...) directly) - it works in xp32/vista32 .
["1:0>1"]
Top
User avatar
bingo
Enthusiast
Enthusiast
Posts: 210
Joined: Fri Apr 02, 2004 12:21 pm
Location: germany/thueringen
Contact:
Contact bingo

Post by bingo »

ok and sorry ...
http://www.tipandtrick.net/2008/how-to- ... sysnative/

c:\windows\sysnative is the right 64bit dll folder . RtlFillMemoryUlong is missing in 64bit ntdll.dll :shock:

how can create the right libs from 64bit dll with polib ?
polib.exe and 64bit dll:
Polib: fatal error: Internal error (create_archive_file).

--- edit 22.10. ---
my libs from 64bit dll 8)

1. dumpbin /exports /out:ntdll.def c:\windows\sysnative\ntdll.dll
2. convert def-fomat to polib-def-format (pb tool ) :lol:
3. polib.exe /out:ntdll.lib /machine:x64 /def:ntdll.def

it works !

dumpbin.exe (part of vs c++ 2008)
+ mspdb80.dll
+ install dotnet 3.5 (dotNetFx35setup.exe)
["1:0>1"]
Top
Post Reply

Return to “Windows”