forked from zodiacon/KObjects
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathNativeDataStackAPI.cpp
More file actions
29 lines (23 loc) · 1.1 KB
/
Copy pathNativeDataStackAPI.cpp
File metadata and controls
29 lines (23 loc) · 1.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#include "pch.h"
#include "..\KObjects\DataStackConv.h"
#include "..\KObjects\DataStackNativeAPI.h"
#pragma comment(lib, "ntdll")
extern HANDLE g_hDevice;
NTSTATUS NTAPI NtCreateDataStack(_Out_ PHANDLE DataStackHandle, _In_opt_ POBJECT_ATTRIBUTES DataStackAttributes, _In_ ULONG MaxItemSize, _In_ ULONG MaxItemCount, ULONG_PTR MaxSize) {
DataStackCreate data;
data.MaxItemCount = MaxItemCount;
data.MaxItemSize = MaxItemSize;
data.ObjectAttributes = DataStackAttributes;
data.MaxSize = MaxSize;
IO_STATUS_BLOCK ioStatus;
return NtDeviceIoControlFile(g_hDevice, nullptr, nullptr, nullptr, &ioStatus,
IOCTL_DATASTACK_CREATE, &data, sizeof(data), DataStackHandle, sizeof(HANDLE));
}
NTSTATUS NTAPI NtOpenDataStack(_Out_ PHANDLE DataStackHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES DataStackAttributes) {
DataStackOpen data;
data.DesiredAccess = DesiredAccess;
data.ObjectAttributes = DataStackAttributes;
IO_STATUS_BLOCK ioStatus;
return NtDeviceIoControlFile(g_hDevice, nullptr, nullptr, nullptr, &ioStatus,
IOCTL_DATASTACK_OPEN, &data, sizeof(data), DataStackHandle, sizeof(HANDLE));
}