Highest Voted 'nt-native-api' Questions

0

votes

0 answers

What does MmMapLockedPages do in UserMode?

EDIT: while browsing on StackOverflow, I discovered ZwAllocateVirtualMemory and that was not yielded by any google searches or documentation trawling, as it’s under “Previous Versions” of the documentation - does that mean access to this function is…

winapi nt-native-api

asked Feb 22 '21 at 00:41

FShrike

323
1
10

0

votes

1 answer

NtAllocateVirtualMemoryEx definition

I am implementing a memory management tool by hooking into memory APIs, when i come to NtAllocateVirtualMemoryEx, i tried to find its definition on google but found nothing, however NtAllocateVirtualMemory is clearly defined at…

winapi nt-native-api

asked Sep 27 '20 at 04:13

herb

139
8

0

votes

0 answers

Can NtWriteFile() produce a short write?

Consider this snippet (handle was opened with FILE_SYNCHRONOUS_IO_NONALERT flag): IO_STATUS_BLOCK io; NTSTATUS r = NtWriteFile(h, NULL, NULL, NULL, &io, data, data_len, &pos, NULL); if NT_SUCCESS(r) assert(io.Information == data_len); //…

winapi driver windows-kernel nt-native-api

asked Jun 17 '20 at 21:17

C.M.

3,071
1
14
33

0

votes

0 answers

Can NtReadFile() produce a short read without reaching eof?

I was testing NtReadFile() function on my Win7 against NTFS volume and noticed that in following code (handle was opened with FILE_SYNCHRONOUS_IO_NONALERT flag): IO_STATUS_BLOCK io; NTSTATUS r = NtReadFile(h, NULL, NULL, NULL, &io, buf, buf_size,…

winapi driver windows-kernel nt-native-api

asked Jun 17 '20 at 20:41

C.M.

3,071
1
14
33

0

votes

0 answers

NtSetInformationFile(..., FileBasicInformation) fails with STATUS_INVALID_PARAMETER on FAT shares

Stumbled upon a weird problem: let's say we have an SMB share \\\ and we opened it for writing NtSetInformationFile(..., FileBasicInformation) normally succeeds ... but if underlying filesystem is FAT -- it fails with…

winapi driver windows-kernel nt-native-api

asked Jun 01 '20 at 22:40

C.M.

3,071
1
14
33

0

votes

0 answers

HANDLE_TYPE_PROCESS across Windows versions

I can't find any documentation about this. I'm enumerating process handles in another process. I check the value of SYSTEM_HANDLE::ObjectTypeNumber and apparently it's different between versions of Windows. I found this piece of code in a project on…

windows winapi process nt-native-api

asked May 23 '20 at 09:39

shavit

842
1
7
17

0

votes

1 answer

NativeAPI Suspend process

I try to stop some process, I use NativeAPI from ntdll. I wrote some C code, It works: typedef LONG(NTAPI* NtSuspendProcess)(IN HANDLE ProcessHandle); UINT __stdcall Suspend(VOID* processId) { HANDLE processHandle =…

c process masm nt-native-api

asked Feb 13 '20 at 13:04

lostsky25

85
1
10

0

votes

2 answers

Asynchronous NtQueryDirectoryFile?

Has anyone managed to figure out how asynchronous calls to NtQueryDirectoryFile work? By an asynchronous call, I mean calling NtQueryDirectoryFile on directories not opened with FILE_SYNCHRONOUS_IO_ALERT or with FILE_SYNCHRONOUS_IO_NONALERT. For me,…

winapi directory overlapped-io nt-native-api

asked Mar 12 '11 at 09:53

user541686

205,094
128
528
886

0

votes

1 answer

fastest way to retrieve CIFS file metadata

Situation: I am scanning a directory using NtQueryDirectoryFile(..., FileBothDirectoryInformation, ...). In addition to data returned by this call I need security data (typically returned by GetKernelObjectSecurity) and list of alternate streams…

winapi filesystems nt-native-api

asked Jan 26 '18 at 18:19

C.M.

3,071
1
14
33

0

votes

2 answers

How to add managed wifi API to the working project

I'd apologize because of the question , in advance. I'm a little newbie on C# , and I don't know how to use Managed WiFi API and how to add the classes to the working project, anyone helps me ? I've downloaded the Managed WIFI API library and there…

c# nt-native-api

asked Jan 24 '15 at 13:29

Mohammad yummy

111
1
8

0

votes

3 answers

Concatenate large files using Win NT kernel API

I've been looking around for a way to concatenate large files (a few gigabytes) together without having to rewrite one of the files. I am sure the OS does this internally when manipulating the master file table. This is purely for an internal…

c# .net windows-kernel windows-nt nt-native-api

asked Jan 03 '14 at 12:39

Raheel Khan

14,205
13
80
168

-1

votes

3 answers

Get HANDLE to the memory region and what HANDLE actually is

How can i get HANDLE to the memory region or mapped file ? What actually HANDLE is ? Please do not answer like this : A handle is an abstract reference to some resourc,e provided to you by another party (usually the OS), that you can hand back…

windows winapi nt-native-api

asked Sep 01 '13 at 15:46

xdoborax

9
2

-2

votes

1 answer

How can i see contents of buffer and compare with dll file?

I try to write dll injector with nativeApi. For this reason, i wrote this code. NtReadFile function reads something but i cant see anything except for the first value of FileReadBuffer. Also, i dont know anything about how does dll look into buffer.…

c++ visual-c++ inject dll-injection nt-native-api

asked Sep 07 '16 at 00:41

Burak Kocaman

81
1
10

-3

votes

1 answer

How do I hook native windows APIs from managed c# code?

I want to use the following native APIs: NtOpenProcess NtOpenThread NtReadVirtualMemory NtWriteVirtualMemory PsCreateSystemThread KiAttachProcess Is it possible to hook these APIs from managed C# code? If so, can someone provide an example of…

c# .net winapi pinvoke nt-native-api

asked May 06 '12 at 09:55

unbalanced

1,192
5
19
44

Questions tagged [nt-native-api]