1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/********************************************************/
/* ntapi: Native API core library */
/* Copyright (C) 2013--2017 Z. Gilboa */
/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
/********************************************************/
#include <ntapi/ntapi.h>
#include <ntapi/nt_file.h>
#include "ntapi_impl.h"
int32_t __stdcall __ntapi_tt_open_physical_parent_directory(
__out void ** hparent,
__in void * hdir,
__out void * buffer,
__in uint32_t buffer_size,
__in uint32_t oattr,
__in uint32_t desired_access,
__in uint32_t share_access,
__in uint32_t open_options,
__out int * reserved)
{
int32_t status;
nt_oa oa;
nt_iosb iosb;
wchar16_t * wch;
wchar16_t * root;
nt_unicode_string * path;
uint32_t len;
int mup;
uintptr_t addr;
uintptr_t addr_cap;
(void)reserved;
addr = (uintptr_t)buffer;
addr_cap = addr + buffer_size;
addr += 0xf;
addr |= 0xf;
addr ^= 0xf;
path = (nt_unicode_string *)addr;
buffer_size = addr_cap - addr;
if ((status = __ntapi->zw_query_object(
hdir,
NT_OBJECT_NAME_INFORMATION,
path,
buffer_size,
&len)))
return status;
/* integrity */
if (len == sizeof(nt_unicode_string))
return NT_STATUS_BAD_FILE_TYPE;
/* device root directory */
root = path->buffer;
wch = path->buffer + (path->strlen / sizeof(uint16_t));
if ((wch < &root[8])
|| (root[0] != '\\')
|| (root[1] != 'D') || (root[2] != 'e')
|| (root[3] != 'v') || (root[4] != 'i')
|| (root[5] != 'c') || (root[6] != 'e')
|| (root[7] != '\\'))
return NT_STATUS_INTERNAL_ERROR;
mup = (wch > &root[11])
&& (root[8]=='M')
&& (root[9]=='u')
&& (root[10]=='p')
&& (root[11]=='\\');
root = mup ? &root[12] : &root[8];
for (; (root<wch) && (*root!='\\'); )
root++;
if (root == wch)
return NT_STATUS_INTERNAL_ERROR;
if (mup)
for (root++; (root<wch) && (*root!='\\'); )
root++;
if (root == wch)
return NT_STATUS_INTERNAL_ERROR;
if (&root[1] == wch)
return NT_STATUS_MORE_PROCESSING_REQUIRED;
if (wch[-1] == '\\')
wch--;
/* physical parent directory path */
for (root++; (wch>=root) && (wch[-1]!='\\'); )
wch--;
path->strlen = (uint16_t)(wch - path->buffer) * sizeof(uint16_t);
path->maxlen = 0;
/* oa */
oa.len = sizeof(nt_oa);
oa.root_dir = 0;
oa.obj_name = path;
oa.obj_attr = oattr,
oa.sec_desc = 0;
oa.sec_qos = 0;
/* default access */
desired_access = desired_access
? desired_access
: NT_SEC_SYNCHRONIZE | NT_FILE_READ_ATTRIBUTES | NT_FILE_READ_ACCESS;
/* open parent directory */
return __ntapi->zw_open_file(
hparent,
desired_access,
&oa,&iosb,
share_access,
open_options | NT_FILE_DIRECTORY_FILE);
}
|
