NtOpenKey

Just starting out? Need help? Post your questions and find answers here.
Post Reply
Lite
User
User
Posts: 17
Joined: Fri Dec 21, 2012 7:50 am

NtOpenKey

Post by Lite »

Hello

Need help with "NtOpenKey". below is a working au3 code.

Here is my PB code.

Code: Select all

#OBJ_CASE_INSENSITIVE = $40
#KEY_READ = $20019

Structure UNICODE_lSTRING
  usLength.w
  usMaximumLength.w
  usBuffer.l
EndStructure

Structure OBJECT_ATTRIBUTES
    Length.l
    RootDirectory.l
    *ObjectName
    Attributes.l
    SecurityDescriptor.l
    SecurityQualityOfService.l
EndStructure

status.l
oa.OBJECT_ATTRIBUTES


mydevice.s="\Registry\Machine\SYSTEM\ControlSet001"

usDevName.UNICODE_lSTRING
usDevName\usBuffer = @mydevice
usDevName\usMaximumLength = (Len(mydevice.s) * 2) +2
usDevName\usLength = (Len(mydevice.s) * 2)



   oa\Length = SizeOf(OBJECT_ATTRIBUTES)
   oa\ObjectName = usDevName
   oa\Attributes  = #OBJ_CASE_INSENSITIVE
   oa\SecurityDescriptor = 0
   oa\RootDirectory = 0
   oa\SecurityQualityOfService = 0

   status = NtOpenKey_(pKeyHandle.i,#KEY_READ , @oa)
   Debug Hex(status)+"  "+ Str(status)
Working au3 code:

Code: Select all

#include <String.au3>

Global Const $tagOBJECTATTRIBUTES = "ulong Length;hwnd RootDirectory;ptr ObjectName;ulong Attributes;ptr SecurityDescriptor;ptr SecurityQualityOfService"
Global Const $tagUNICODESTRING = "ushort Length;ushort MaximumLength;ptr Buffer"
Global Const $OBJ_CASE_INSENSITIVE = 0x00000040
Global Const $KEY_READ = 0x20019
Global $hNTDLL = DllOpen("ntdll.dll")

$rootdir="\Registry\Machine\SYSTEM\ControlSet001"
$RootDir = _StrToUnicode($rootdir)

    Local $key, $found = ""
	Local $Disposition, $ret, $KeyHandle, $NameLengthDiff, $ResultLength, $Index, $handle, $handle2, $aCounter = 1, $aTmp, $nLength
	Local $szName = DllStructCreate("byte[520]")
	Local $sUS = DllStructCreate("ushort Length;ushort MaximumLength;ptr Buffer")
	Local $sOA = DllStructCreate($tagOBJECTATTRIBUTES)
	DllStructSetData($szName, 1, "0x"&$RootDir)
	$test=DllStructGetData($szName, 1)
	$nLength = StringLen($RootDir)/2

    DllStructSetData($sUS,"Length",$nLength)
	DllStructSetData($sUS,"MaximumLength",$nLength+4)
	DllStructSetData($sUS,"Buffer",DllStructGetPtr($szName))

	DllStructSetData($sOA, "Length", DllStructGetSize($sOA))
    DllStructSetData($sOA, "RootDirectory", 0)
    DllStructSetData($sOA, "ObjectName", DllStructGetPtr($sUS))
    DllStructSetData($sOA, "Attributes", $OBJ_CASE_INSENSITIVE)
    DllStructSetData($sOA, "SecurityDescriptor", 0)
    DllStructSetData($sOA, "SecurityQualityOfService", 0)

	$ret = DllCall($hNTDLL, "int", "NtOpenKey", "hwnd*", "", "dword", $KEY_READ, "ptr", DllStructGetPtr($sOA))
	;
	If $ret[0] Then
	  MsgBox(0,"NtOpenKey error",$ret[0])
    Else
	  MsgBox(0,"NtOpenKey OK",$ret[0])
	EndIf

   DllCall($hNTDLL, "int", "NtClose", "hwnd", $handle)

Func _StrToUnicode($Inp)
	Local $InpLen, $Tmp, $Appended
	$InpLen = StringLen($Inp)
	For $i = 1 To $InpLen
		$Tmp = _StringToHex(StringMid($Inp,$i,1))
		$Appended &= $Tmp&"00"
	Next
	Return $Appended
EndFunc
maybe someone will find the mistake, thanks

Greetings
Lite
Top
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: NtOpenKey

Post by Dude »

What's the expected output, and the problem? Seems to work here (something is output but I don't know what it is).
Top
Lite
User
User
Posts: 17
Joined: Fri Dec 21, 2012 7:50 am

Re: NtOpenKey

Post by Lite »

The successful return value of status = NtOpenKey_ should be null.
In this example, -073741819 comes back.
Top
fryquez
Enthusiast
Enthusiast
Posts: 391
Joined: Mon Dec 21, 2015 8:12 pm

Re: NtOpenKey

Post by fryquez »

status = NtOpenKey_(@pKeyHandle.i,#KEY_READ , @oa)

BTW: Your structures are not x64 compatible.
Top
Post Reply

Return to “Coding Questions”