Hi,all
if you have the ntstrsafe.lib(x64), please post here.
thank you in advance
Here you go: https://github.com/mrfearless/UASM-DDK/blob/master/lib/x64/ntstrsafe.lib?raw=true
I re-added the link in case its useful
Hi,fearless
thanks your response.
QuoteAh actually that lib doesnt have RltStringCbPrintf in it, sorry.
Not at all.
May the DLL be with me.
regard.
Hi six_L,
Maybe I am wrong but a Google Search of the word RltStringCbPrintf does not return anything. This is what I found :
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntstrsafe/nf-ntstrsafe-rtlunicodestringprintf
It's an inline function in WDDK/*++
NTSTATUS
RtlStringCbPrintf(
__out_bcount(cbDest) LPTSTR pszDest,
__in size_t cbDest,
__in __format_string LPCTSTR pszFormat,
...
);
Routine Description:
This routine is a safer version of the C built-in function 'sprintf'.
The size of the destination buffer (in bytes) is a parameter and
this function will not write past the end of this buffer and it will
ALWAYS null terminate the destination buffer (unless it is zero length).
This function returns an NTSTATUS value, and not a pointer. It returns
STATUS_SUCCESS if the string was printed without truncation and null terminated,
otherwise it will return a failure code. In failure cases it will return
a truncated version of the ideal result.
Arguments:
pszDest - destination string
cbDest - size of destination buffer in bytes
length must be sufficient to hold the resulting formatted
string, including the null terminator.
pszFormat - format string which must be null terminated
... - additional parameters to be formatted according to
the format string
Notes:
Behavior is undefined if destination, format strings or any arguments
strings overlap.
pszDest and pszFormat should not be NULL. See RtlStringCbPrintfEx if you
require the handling of NULL values.
Return Value:
STATUS_SUCCESS - if there was sufficient space in the dest buffer for
the resultant string and it was null terminated.
failure - the operation did not succeed
STATUS_BUFFER_OVERFLOW
Note: This status has the severity class Warning - IRPs completed with this
status do have their data copied back to user mode
- this return value is an indication that the print
operation failed due to insufficient space. When this
error occurs, the destination buffer is modified to
contain a truncated version of the ideal result and is
null terminated. This is useful for situations where
truncation is ok.
It is strongly recommended to use the NT_SUCCESS() macro to test the
return value of this function
--*/
NTSTRSAFEDDI
RtlStringCbPrintfA(
__out_bcount(cbDest) NTSTRSAFE_PSTR pszDest,
__in size_t cbDest,
__in __format_string NTSTRSAFE_PCSTR pszFormat,
...)
{
NTSTATUS status;
size_t cchDest = cbDest / sizeof(char);
status = RtlStringValidateDestA(pszDest, cchDest, NTSTRSAFE_MAX_CCH);
if (NT_SUCCESS(status))
{
va_list argList;
va_start(argList, pszFormat);
status = RtlStringVPrintfWorkerA(pszDest,
cchDest,
NULL,
pszFormat,
argList);
va_end(argList);
}
return status;
}
From msvc 2010RtlStringCbPrintfA1:
00000000 4C89442418 mov qword ptr [rsp+18h], r8
00000005 4889542410 mov qword ptr [rsp+10h], rdx
0000000A 48894C2408 mov qword ptr [rsp+8h], rcx
0000000F 4C894C2420 mov qword ptr [rsp+20h], r9
00000014 4883EC58 sub rsp, 58h
00000018 488B442468 mov rax, qword ptr [rsp+68h]
0000001D 4889442438 mov qword ptr [rsp+38h], rax
00000022 41B8FFFFFF7F mov r8d, 7FFFFFFFh
00000028 488B542438 mov rdx, qword ptr [rsp+38h]
0000002D 488B4C2460 mov rcx, qword ptr [rsp+60h]
00000032 E800000000 call RtlStringValidateDestA
00000037 89442430 mov dword ptr [rsp+30h], eax
0000003B 837C243000 cmp dword ptr [rsp+30h], 0h
00000040 7C38 jl L_7A
00000042 488D442478 lea rax, [rsp+78h]
00000047 4889442440 mov qword ptr [rsp+40h], rax
0000004C 488B442440 mov rax, qword ptr [rsp+40h]
00000051 4889442420 mov qword ptr [rsp+20h], rax
00000056 4C8B4C2470 mov r9, qword ptr [rsp+70h]
0000005B 4533C0 xor r8d, r8d
0000005E 488B542438 mov rdx, qword ptr [rsp+38h]
00000063 488B4C2460 mov rcx, qword ptr [rsp+60h]
00000068 E800000000 call RtlStringVPrintfWorkerA
0000006D 89442430 mov dword ptr [rsp+30h], eax
00000071 48C744244000000000 mov qword ptr [rsp+40h], 0h
0000007A 8B442430 mov eax, dword ptr [rsp+30h]
0000007E 4883C458 add rsp, 58h
00000082 C3 ret
00000083 CC int3
00000084 CC int3
00000085 CC int3
00000086 CC int3
00000087 CC int3
00000088 CC int3
00000089 CC int3
0000008A CC int3
0000008B CC int3
0000008C CC int3
0000008D CC int3
0000008E CC int3
0000008F CC int3
RtlStringValidateDestA:
00000090 4C89442418 mov qword ptr [rsp+18h], r8
00000095 4889542410 mov qword ptr [rsp+10h], rdx
0000009A 48894C2408 mov qword ptr [rsp+8h], rcx
0000009F 4883EC18 sub rsp, 18h
000000A3 C7042400000000 mov dword ptr [rsp], 0h
000000AA 48837C242800 cmp qword ptr [rsp+28h], 0h
000000B0 740C jz L_BE
000000B2 488B442430 mov rax, qword ptr [rsp+30h]
000000B7 4839442428 cmp qword ptr [rsp+28h], rax
000000BC 7607 jbe L_C5
000000BE C704240D0000C0 mov dword ptr [rsp], -3FFFFFF3h
000000C5 8B0424 mov eax, dword ptr [rsp]
000000C8 4883C418 add rsp, 18h
000000CC C3 ret
000000CD CC int3
000000CE CC int3
000000CF CC int3
000000D0 CC int3
000000D1 CC int3
000000D2 CC int3
000000D3 CC int3
000000D4 CC int3
000000D5 CC int3
000000D6 CC int3
000000D7 CC int3
000000D8 CC int3
000000D9 CC int3
000000DA CC int3
000000DB CC int3
000000DC CC int3
000000DD CC int3
000000DE CC int3
000000DF CC int3
RtlStringVPrintfWorkerA:
000000E0 4C894C2420 mov qword ptr [rsp+20h], r9
000000E5 4C89442418 mov qword ptr [rsp+18h], r8
000000EA 4889542410 mov qword ptr [rsp+10h], rdx
000000EF 48894C2408 mov qword ptr [rsp+8h], rcx
000000F4 4883EC48 sub rsp, 48h
000000F8 C744243400000000 mov dword ptr [rsp+34h], 0h
00000100 48C744242000000000 mov qword ptr [rsp+20h], 0h
00000109 488B442458 mov rax, qword ptr [rsp+58h]
0000010E 48FFC8 dec rax
00000111 4889442428 mov qword ptr [rsp+28h], rax
00000116 4C8B4C2470 mov r9, qword ptr [rsp+70h]
0000011B 4C8B442468 mov r8, qword ptr [rsp+68h]
00000120 488B542428 mov rdx, qword ptr [rsp+28h]
00000125 488B4C2450 mov rcx, qword ptr [rsp+50h]
0000012A E800000000 call _vsnprintf
0000012F 89442430 mov dword ptr [rsp+30h], eax
00000133 837C243000 cmp dword ptr [rsp+30h], 0h
00000138 7C0C jl L_146
0000013A 4863442430 movsxd rax, dword ptr [rsp+30h]
0000013F 483B442428 cmp rax, qword ptr [rsp+28h]
00000144 7631 jbe L_177
00000146 488B442428 mov rax, qword ptr [rsp+28h]
0000014B 488B4C2450 mov rcx, qword ptr [rsp+50h]
00000150 4803C8 add rcx, rax
00000153 488BC1 mov rax, rcx
00000156 4889442450 mov qword ptr [rsp+50h], rax
0000015B 488B442450 mov rax, qword ptr [rsp+50h]
00000160 C60000 mov byte ptr [rax], 0h
00000163 488B442428 mov rax, qword ptr [rsp+28h]
00000168 4889442420 mov qword ptr [rsp+20h], rax
0000016D C744243405000080 mov dword ptr [rsp+34h], -7FFFFFFBh
00000175 EB3F jmp L_1B6
00000177 4863442430 movsxd rax, dword ptr [rsp+30h]
0000017C 483B442428 cmp rax, qword ptr [rsp+28h]
00000181 7529 jnz L_1AC
00000183 488B442428 mov rax, qword ptr [rsp+28h]
00000188 488B4C2450 mov rcx, qword ptr [rsp+50h]
0000018D 4803C8 add rcx, rax
00000190 488BC1 mov rax, rcx
00000193 4889442450 mov qword ptr [rsp+50h], rax
00000198 488B442450 mov rax, qword ptr [rsp+50h]
0000019D C60000 mov byte ptr [rax], 0h
000001A0 488B442428 mov rax, qword ptr [rsp+28h]
000001A5 4889442420 mov qword ptr [rsp+20h], rax
000001AA EB0A jmp L_1B6
000001AC 4863442430 movsxd rax, dword ptr [rsp+30h]
000001B1 4889442420 mov qword ptr [rsp+20h], rax
000001B6 48837C246000 cmp qword ptr [rsp+60h], 0h
000001BC 740D jz L_1CB
000001BE 488B442460 mov rax, qword ptr [rsp+60h]
000001C3 488B4C2420 mov rcx, qword ptr [rsp+20h]
000001C8 488908 mov qword ptr [rax], rcx
000001CB 8B442434 mov eax, dword ptr [rsp+34h]
000001CF 4883C448 add rsp, 48h
000001D3 C3 ret
Hi,Vortex TimoVJL
Thanks your response.
long time ago, a member posted link that had been downloaded UASM-DDK-master files. but unlucky, there was not RltStringCbPrintf in ntstrsafe.lib.
@TimoVJL :
atoq_1.obj : error LNK2019: RltStringCbPrintf in _ProcDlgMain
ntstrsafe.obj : error LNK2019: _vsnprintf in RtlStringVPrintfWorkerA
ntstrsafe.obj : error LNK2019: _vsnwprintf in RtlWideCharArrayVPrintfWorker
ntstrsafe.obj : error LNK2019: memset in RtlUnicodeStringExHandleOtherFlags
Hi,fearless
thanks your help again.
QuoteHere you go: https://github.com/mrfearless/UASM-DDK/blob/master/lib/x64/ntstrsafe.lib?raw=true
happens error when link:
atoq_1.obj : error LNK2019: RltStringCbPrintf in _ProcDlgMain