Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

NtSetFileInformation

NtDev_GeekNtDev_Geek Member - All Emails Posts: 97
Is there any way to call/use NtSetFileInformation in usermode. if yes what i can do .

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,017
    > Is there any way to call/use NtSetFileInformation in usermode.

    Yes, the trick is finding the correct DLL - it mighy br in Ntdll.dll (like
    NtCreateFile
    https://msdn.microsoft.com/en-us/library/bb432380(v=vs.85).aspx), dunno

    you might want to start by looking at SetFileInformationByHandle

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa365539(v=vs.85).aspx
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Sure there is. Either link against ntdll.lib, or call it using function pointer obtained by calling GetProcAddress(hNtdll, "NtSetInformationFile").
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,096
    Or, for test purposes, just use FileTest :)

    http://www.zezula.net/en/fstools/filetest.html

    -scott
    OSR
    @OSRDrivers

    wrote in message news:xxxxx@ntfsd...

    Sure there is. Either link against ntdll.lib, or call it using function
    pointer obtained by calling GetProcAddress(hNtdll, "NtSetInformationFile").

    -scott
    OSR

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,017
    > Or, for test purposes, just use FileTest :)

    The single most useful tool in the file system developer's toolkit. Thanks
    again Ladislav..
  • NtDev_GeekNtDev_Geek Member - All Emails Posts: 97
    I tried to use GetProcAddress(hNtdll, "NtSetInformationFile"). but i think ntdll is not exporting the function address that can be used. for rest nt calls i am able to successfully get the values and outputs too.
    I am bit of stuck here!!! i am actually want to rename file streams so i thought it is the only possible way however it seems .. no luck.
    is there any way??
    my filter failing the ifs test of StreamRename test. with the filetest (insanely awesome tool) my filter is not reporting any error for stream rename but ntfs reporting error!!!
    any help will be greatly appreciated.

    Thanks,
  • Slava_ImameevSlava_Imameev Member Posts: 480
    What is a problem with SetFileInformationByHandle which does the same?

    ZwSetInformationFile/NtSetInformationFile is just a stub to a system call with 0x24 ordinal number. You can implement it if for some reasons you are unable to retrieve the address from ntdll .

    ZwSetInformationFile:
    0000000076D6BFA0 mov r10,rcx
    0000000076D6BFA3 mov eax,24h
    0000000076D6BFA8 syscall
    0000000076D6BFAA ret
  • NtDev_GeekNtDev_Geek Member - All Emails Posts: 97
    Thanks for the pointer slava...many thanks.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 25 Feb 2019 OSR Seminar Space
Developing Minifilters 8 April 2019 OSR Seminar Space