ntdll.dll

OSR_Community_User · April 26, 2008, 3:20am

Is there a way where i can call functions in ntdll.dll from applications
written in VC++

Thanks,
Vishnu

OSR_Community_User · April 26, 2008, 6:55am

Yes , u can do it. Here is the code i’ve learned from ImDisk ,
an open source tool to mount disk image file as a virtual driver.

typedef BOOLEAN (CALLBACK* pRtlDosPathNameToNtPathName_U) (IN PCWSTR
DosName,
OUT PUNICODE_STRING NtName,
OUT PCWSTR *DosFilePath OPTIONAL,
OUT PUNICODE_STRING NtFilePath OPTIONAL);
typedef BOOLEAN (CALLBACK *pRtlCreateUnicodeString)(OUT PUNICODE_STRING
DestinationString,IN PCWSTR SourceString);
typedef VOID (CALLBACK *pRtlFreeUnicodeString)(IN PUNICODE_STRING
UnicodeString);
typedef DWORD (CALLBACK* pRTL_INIT_UNICODE_STRING) (PUNICODE_STRING,PCWSTR);

pRTL_INIT_UNICODE_STRING RtlInitUnicodeString = NULL;
pRTL_NT_STATUS_TO_DOS_ERROR RtlNtStatusToDosError = NULL;

pRtlDosPathNameToNtPathName_U RtlDosPathNameToNtPathName_U = NULL;
pRtlCreateUnicodeString RtlCreateUnicodeString = NULL;
pRtlFreeUnicodeString RtlFreeUnicodeString = NULL;

pNtClose NtClose=NULL;
pNtOpenFile NtOpenFile=NULL;

HMODULE g_hNtDLL = NULL;

BOOL InitNTDLL()
{
g_hNtDLL = LoadLibrary( L"ntdll.dll" );
if(!g_hNtDLL)
{
return FALSE;
}
RtlInitUnicodeString = (pRTL_INIT_UNICODE_STRING)
GetProcAddress(g_hNtDLL, “RtlInitUnicodeString”);
NtOpenFile = (pNtOpenFile)
GetProcAddress(g_hNtDLL, “NtOpenFile”);
NtClose = (pNtClose)
GetProcAddress(g_hNtDLL, “NtClose”);
RtlDosPathNameToNtPathName_U = (pRtlDosPathNameToNtPathName_U)
GetProcAddress(g_hNtDLL, “RtlDosPathNameToNtPathName_U”);
RtlCreateUnicodeString = (pRtlCreateUnicodeString)
GetProcAddress(g_hNtDLL, “RtlCreateUnicodeString”);
RtlFreeUnicodeString = (pRtlFreeUnicodeString)
GetProcAddress(g_hNtDLL,“RtlFreeUnicodeString”);
RtlNtStatusToDosError = (pRTL_NT_STATUS_TO_DOS_ERROR)
GetProcAddress(g_hNtDLL,“RtlNtStatusToDosError”);
return TRUE;
}

void CloseNTDLL()
{
if(g_hNtDLL != NULL)
{
FreeLibrary(g_hNtDLL);
}
}

Don_Burn_1 · April 26, 2008, 7:33am

The real question is what are you trying to do that makes you think you need
these undocumented functions that are subject to change?

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

“OSR Online” wrote in message news:xxxxx@ntfsd…
> Is there a way where i can call functions in ntdll.dll from applications
> written in VC++
>
> Thanks,
> Vishnu
>
>

OSR_Community_User · April 26, 2008, 8:53am

> Is there a way where i can call functions in ntdll.dll from applications

written in VC++

I made DLL project “Ntdll”, with a header file with the prototypes
and also fake source file. Then I used that header and LIB generated
by it in my project(s). Good thing about it is that you don’t need
the annoying LoadLibrary/GetProcAddress stuff.

L.

OSR_Community_User · April 26, 2008, 10:31am

This is a very useful paradigm, I think. Although there is an import library for ntdll that comes with the WDK, it doesn’t contain
linker members for everything that ntdll exports, but it may contain those for what you need, which would be the easiest method.

That being said, I echo Don’s point about this only makes sense if you haven’t any other documented choice. Such situations
certainly do exist, but there really aren’t all that many.

Good luck,

mm

Ladislav Zezula wrote:

> Is there a way where i can call functions in ntdll.dll from applications
> written in VC++

I made DLL project “Ntdll”, with a header file with the prototypes
and also fake source file. Then I used that header and LIB generated
by it in my project(s). Good thing about it is that you don’t need
the annoying LoadLibrary/GetProcAddress stuff.

L.