News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

ZwCreateFile 0xc0000005 STATUS_ACCESS_VIOLATION

Started by bomz, March 01, 2013, 08:57:42 PM

Previous topic - Next topic

bomz

QuoteCCOUNTED_UNICODE_STRING "\\??\\x:\\i386", cusdir, 4

      InitializeObjectAttributes offset DirectoryAttrib, offset cusdir, OBJ_CASE_INSENSITIVE, NULL, NULL
      invoke ZwCreateFile, hDirectory, FILE_LIST_DIRECTORY, addr DirectoryAttrib, addr Iosb,\
      NULL, 0, FILE_SHARE_READ OR FILE_SHARE_WRITE, FILE_OPEN, FILE_DIRECTORY_FILE, NULL, 0
0xc0000005 STATUS_ACCESS_VIOLATION


bomz

Quote;KI_USER_SHARED_DATA   equ 0ffdf0000h
SharedUserData      equ KI_USER_SHARED_DATA

assume ebx: ptr KUSER_SHARED_DATA
mov ebx, KI_USER_SHARED_DATA
               invoke RtlInitUnicodeString, addr dllpath, addr [ebx].NtSystemRoot;KI_USER_SHARED_DATA+30h
assume ebx:NOTHING
????

qWord

Quote from: bomz on March 02, 2013, 06:15:57 AM
Quote;KI_USER_SHARED_DATA   equ 0ffdf0000h
SharedUserData      equ KI_USER_SHARED_DATA

assume ebx: ptr KUSER_SHARED_DATA
mov ebx, KI_USER_SHARED_DATA
               invoke RtlInitUnicodeString, addr dllpath, addr [ebx].NtSystemRoot;KI_USER_SHARED_DATA+30h
assume ebx:NOTHING
????
????
MREAL macros - when you need floating point arithmetic while assembling!


qWord

Quote from: bomz on March 02, 2013, 06:52:10 AM
what wrong?
Is it so hard to formulate useful questions?

AFAIK the ASSUME directive can be used that way. If you have the correct structure definition, a one-liner is possible:

KI_USER_SHARED_DATA   equ 0ffdf0000h

structKI_USER_SHARED_DATA struct
foo DWORD ?
NtSystemRoot PVOID ? ; what ever
structKI_USER_SHARED_DATA ends

invoke RtlInitUnicodeString, addr dllpath, ADDR (structKI_USER_SHARED_DATA ptr DS:[KI_USER_SHARED_DATA]).NtSystemRoot
MREAL macros - when you need floating point arithmetic while assembling!


qWord

MREAL macros - when you need floating point arithmetic while assembling!

bomz

#8
possible need some open function (?)

may be somebody have wxp sp3 RTL_USER_PROCESS_PARAMETERS ?

Vortex

Hi bomz,

Kindly, could you give some details about what are you trying to achieve?

bomz

http://hex.pp.ua/nt-native-create-process.php
I use this code and trying create process in native mode

Vortex

Hi bomz,

I hope you are not trying to walk over thin ice layer.

bomz

I make cd dir lp lm reboot shutdown - now making create process

http://s017.radikal.ru/i414/1303/7b/1eba25a0a326.gif

BogdanOntanu

Sorry but if you do not want to show good will and perform a minimal effort in order to:
1) Formulate a clear and understandable question
2) Explain what you want to do

Then I must lock your thread on suspicions of trying to avoid AV detection

Ambition is a lame excuse for the ones not brave enough to be lazy, www.oby.ro