NtRequestPort - 参数不正确

时间:2014-11-24 12:53:47

标签: windows internals ntdll

我尝试与\ Windows \ SbApiPort端口进行通信。

问题是我从NtRequestPort(0xc000000d - 状态无效参数)收到错误。

PORT_MESSAGE的参数没有记录,所以我不知道我的问题在哪里...... 我试图改变长度,CallbackId,但同样的问题......

感谢您的帮助!

以下是代码:

HANDLE hSection=0;
LARGE_INTEGER SecSize;

SecSize.LowPart=0x10000;
SecSize.HighPart=0x0;

if(NtCreateSection(&hSection, SECTION_ALL_ACCESS, NULL, &SecSize, PAGE_READWRITE,SEC_COMMIT ,NULL))
{
    printf("couldn't create a section");
}

HANDLE hPort;
PORT_VIEW sectionInfo;
REMOTE_PORT_VIEW mapInfo;
byte ConnectDataBuffer[0x100];
DWORD Size = sizeof(ConnectDataBuffer);
UNICODE_STRING uStr;
WCHAR * uString=L"\\Windows\\SbApiPort";
DWORD maxSize;
SECURITY_QUALITY_OF_SERVICE qos;

for (int i=0 ; i < 0x100 ; i++)
{
    ConnectDataBuffer[i]=0xcc;
}

memset(&sectionInfo, 0, sizeof(sectionInfo));
memset(&mapInfo, 0, sizeof(mapInfo));
memset(&mapInfo, 0, sizeof(mapInfo));

memset(&qos, 0, sizeof(qos));

qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
qos.ImpersonationLevel = SecurityImpersonation;
qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
qos.EffectiveOnly = TRUE;

sectionInfo.Length = sizeof(LPC_SECTION_OWNER_MEMORY);
sectionInfo.SectionHandle = hSection;
sectionInfo.SectionOffset = 0;
sectionInfo.ViewSize = 0x10000;
sectionInfo.ViewBase = NULL;
sectionInfo.ViewRemoteBase  = NULL;


mapInfo.Length = sizeof(LPC_SECTION_MEMORY);
mapInfo.ViewSize = 0;
mapInfo.ViewBase = NULL;

uStr.Length = wcslen(uString)*2;
uStr.MaximumLength = wcslen(uString)*2+2;
uStr.Buffer =uString;

NTSTATUS res = NtConnectPort(&hPort,&uStr,&qos,&sectionInfo,&mapInfo,&maxSize,(DWORD*)&ConnectDataBuffer,&Size);
if (res)
{
    printf("Could not connect to LPC port.\n -%x", res);
    return 1;
}

PORT_MESSAGE PortMessage;
ZeroMemory(&PortMessage,sizeof(PORT_MESSAGE));

PortMessage.u1.Length = 0x20;
PortMessage.u2.s2.DataInfoOffset = 15;
PortMessage.u2.ZeroInit = 0x20;
PortMessage.MessageId = LPC_REQUEST;
PortMessage.ClientViewSize = 0x20;
PortMessage.ClientId.UniqueProcess = GetCurrentProcess();
PortMessage.ClientId.UniqueThread = GetCurrentThread();
PortMessage.CallbackId = 0;

res = NtRequestPort(hPort, &PortMessage);
if (res)
{
    printf("Could not request LPC port.\n -%x", res);
    return 1;
}
printf("End\n", res);

0 个答案:

没有答案
相关问题
最新问题