C语言在用户模式使用NT函数

来源：互联网发布：高性能网络编程编辑：程序博客网时间：2024/06/14 12:34
C语言要使用NT函数并不像使用库函数那么简单，下面介绍一下使用方法，以NtSetInformationFile为例：
#include <windows.h>#include <stdio.h>//因为NtSetInformationFile方法要用到FILE_INFORMATION_CLASS的值，所以这里全部枚举出来//当然你也可以直接使用1,2,3,这样值代替，只是这样定义以后在后面使用更接近使用一般函数一些。typedef enum _FILE_INFORMATION_CLASS {    FileDirectoryInformation = 1,    FileFullDirectoryInformation,    FileBothDirectoryInformation,    FileBasicInformation,    FileStandardInformation,    FileInternalInformation,    FileEaInformation,    FileAccessInformation,    FileNameInformation,    FileRenameInformation,    FileLinkInformation,    FileNamesInformation,    FileDispositionInformation,    FilePositionInformation,    FileFullEaInformation,    FileModeInformation,    FileAlignmentInformation,    FileAllInformation,    FileAllocationInformation,    FileEndOfFileInformation,    FileAlternateNameInformation,    FileStreamInformation,    FilePipeInformation,    FilePipeLocalInformation,    FilePipeRemoteInformation,    FileMailslotQueryInformation,    FileMailslotSetInformation,    FileCompressionInformation,    FileObjectIdInformation,    FileCompletionInformation,    FileMoveClusterInformation,    FileQuotaInformation,    FileReparsePointInformation,    FileNetworkOpenInformation,    FileAttributeTagInformation,    FileTrackingInformation,    FileIdBothDirectoryInformation,    FileIdFullDirectoryInformation,    FileValidDataLengthInformation,    FileShortNameInformation,    FileIoCompletionNotificationInformation,    FileIoStatusBlockRangeInformation,    FileIoPriorityHintInformation,    FileSfioReserveInformation,    FileSfioVolumeInformation,    FileHardLinkInformation,    FileProcessIdsUsingFileInformation,    FileNormalizedNameInformation,    FileNetworkPhysicalNameInformation,    FileIdGlobalTxDirectoryInformation,    FileIsRemoteDeviceInformation,    FileAttributeCacheInformation,    FileNumaNodeInformation,    FileStandardLinkInformation,    FileRemoteProtocolInformation,    FileMaximumInformation} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;typedef struct _IO_STATUS_BLOCK {    union {        NTSTATUS Status;        PVOID    Pointer;    };    ULONG_PTR Information;} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;typedef struct _FILE_DISPOSITION_INFORMATION {    BOOLEAN DeleteFile;} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;//声明一个与NtSetInformationFile一样的方法，这些方法参数可以参考MSDNtypedef NTSTATUS(__stdcall *NtSetInformationFile)(    HANDLE FileHandle,    PIO_STATUS_BLOCK IoStatusBlock,    PVOID FileInformation,    ULONG Length,    FILE_INFORMATION_CLASS FileInformationClass    );int main(){    FILE_DISPOSITION_INFORMATION  fi = { 1 };    IO_STATUS_BLOCK bs = { 0 };    //想要删除文件，必须要有delete权限，即STANDARD_RIGHTS_ALL，DELETE    //HANDLE hfile = CreateFileA("c:\\Hello.txt", GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);    HANDLE hfile = CreateFileA("c:\\Hello.txt", STANDARD_RIGHTS_ALL, 0, NULL, OPEN_EXISTING, 0, NULL);    //HANDLE hfile = CreateFileA("c:\\Hello.txt", DELETE, 0, NULL, OPEN_EXISTING, 0, NULL);    if (hfile == INVALID_HANDLE_VALUE)    {        printf("open file failed !");    }    //获取NtSetInformationFile    NtSetInformationFile ntSetInformationFile;    ntSetInformationFile = (NtSetInformationFile)GetProcAddress(LoadLibrary(L"ntdll.dll"), "NtSetInformationFile");    //使用NtSetInformationFile，参数如果本地没有，就自己声明定义就自己填上，方法和NtSetInformationFile是一样的    ntSetInformationFile(hfile, &bs, &fi, 1, FileDispositionInformation);//handle要有删除权限    CloseHandle(hfile);    getchar();    return 0;}
阅读全文
0 0