mirrors/rufus
1
0
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2025-05-25 12:14:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

[misc] remove manual hooks into ntdll

Browse source 
* Since we are now liking with ntdll directly, we can remove all the hooks we applied
  and just use regular calls. We also rename process.h to ntdll.h as a result.
This commit is contained in:
Pete Batard 2025-05-14 10:43:45 +01:00
parent 4adfa4f37e
commit 01d18d99de
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
9 changed files with 174 additions and 160 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.vs/rufus.vcxproj
View file

@ -426,7 +426,7 @@
<ClInclude Include="..\src\mbr_types.h" /> <ClInclude Include="..\src\mbr_types.h" />
<ClInclude Include="..\src\missing.h" /> <ClInclude Include="..\src\missing.h" />
<ClInclude Include="..\src\msvc-missing\unistd.h" /> <ClInclude Include="..\src\msvc-missing\unistd.h" />
<ClInclude Include="..\src\process.h" /> <ClInclude Include="..\src\ntdll.h" />
<ClInclude Include="..\src\re.h" /> <ClInclude Include="..\src\re.h" />
<ClInclude Include="..\src\settings.h" /> <ClInclude Include="..\src\settings.h" />
<ClInclude Include="..\src\libcdio\cdio\cdio.h" /> <ClInclude Include="..\src\libcdio\cdio\cdio.h" />

2
.vs/rufus.vcxproj.filters
View file

@ -161,7 +161,7 @@
<ClInclude Include="..\src\db.h"> <ClInclude Include="..\src\db.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\src\process.h"> <ClInclude Include="..\src\ntdll.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\src\ui.h"> <ClInclude Include="..\src\ui.h">

10
src/drive.c
View file

@ -33,6 +33,7 @@
#endif #endif
#include "rufus.h" #include "rufus.h"
#include "ntdll.h"
#include "missing.h" #include "missing.h"
#include "resource.h" #include "resource.h"
#include "settings.h" #include "settings.h"
@ -66,8 +67,6 @@ const IID IID_IVdsVolume = { 0x88306BB2, 0xE71F, 0x478C, { 0x86, 0xA2, 0x79, 0xD
const IID IID_IVdsVolumeMF3 = { 0x6788FAF9, 0x214E, 0x4B85, { 0xBA, 0x59, 0x26, 0x69, 0x53, 0x61, 0x6E, 0x09 } }; const IID IID_IVdsVolumeMF3 = { 0x6788FAF9, 0x214E, 0x4B85, { 0xBA, 0x59, 0x26, 0x69, 0x53, 0x61, 0x6E, 0x09 } };
#endif #endif
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryVolumeInformationFile, (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS));
/* /*
* Globals * Globals
*/ */
@ -1097,15 +1096,13 @@ static BOOL _GetDriveLettersAndType(DWORD DriveIndex, char* drive_letters, UINT*
HANDLE hDrive = INVALID_HANDLE_VALUE, hPhysical = INVALID_HANDLE_VALUE; HANDLE hDrive = INVALID_HANDLE_VALUE, hPhysical = INVALID_HANDLE_VALUE;
UINT _drive_type; UINT _drive_type;
IO_STATUS_BLOCK io_status_block; IO_STATUS_BLOCK io_status_block;
FILE_FS_DEVICE_INFORMATION file_fs_device_info; FILE_FS_DEVICE_INFORMATION file_fs_device_info = { 0 };
BYTE geometry[256] = { 0 }; BYTE geometry[256] = { 0 };
PDISK_GEOMETRY_EX DiskGeometry = (PDISK_GEOMETRY_EX)(void*)geometry; PDISK_GEOMETRY_EX DiskGeometry = (PDISK_GEOMETRY_EX)(void*)geometry;
int i = 0, drives_found = 0, drive_number; int i = 0, drives_found = 0, drive_number;
char *drive, drives[26*4 + 1]; /* "D:\", "E:\", etc., plus one NUL */ char *drive, drives[26*4 + 1]; /* "D:\", "E:\", etc., plus one NUL */
char logical_drive[] = "\\\\.\\#:"; char logical_drive[] = "\\\\.\\#:";
PF_INIT(NtQueryVolumeInformationFile, Ntdll);
if (drive_letters != NULL) if (drive_letters != NULL)
drive_letters[0] = 0; drive_letters[0] = 0;
if (drive_type != NULL) if (drive_type != NULL)
@ -1156,8 +1153,7 @@ static BOOL _GetDriveLettersAndType(DWORD DriveIndex, char* drive_letters, UINT*
} }
// Eliminate floppy drives // Eliminate floppy drives
if ((pfNtQueryVolumeInformationFile != NULL) && if ((NtQueryVolumeInformationFile(hDrive, &io_status_block, &file_fs_device_info,
(pfNtQueryVolumeInformationFile(hDrive, &io_status_block, &file_fs_device_info,
sizeof(file_fs_device_info), FileFsDeviceInformation) == NO_ERROR) && sizeof(file_fs_device_info), FileFsDeviceInformation) == NO_ERROR) &&
(file_fs_device_info.Characteristics & FILE_FLOPPY_DISKETTE) ) { (file_fs_device_info.Characteristics & FILE_FLOPPY_DISKETTE) ) {
continue; continue;

16
src/drive.h
View file

@ -61,22 +61,6 @@
#define VDS_SET_ERROR(hr) do { if (hr != S_OK) { SetLastError((DWORD)hr); ErrorStatus = RUFUS_ERROR(ERROR_GEN_FAILURE); } } while(0) #define VDS_SET_ERROR(hr) do { if (hr != S_OK) { SetLastError((DWORD)hr); ErrorStatus = RUFUS_ERROR(ERROR_GEN_FAILURE); } } while(0)
#if !defined(__MINGW32__)
typedef enum _FSINFOCLASS {
FileFsVolumeInformation = 1,
FileFsLabelInformation,
FileFsSizeInformation,
FileFsDeviceInformation,
FileFsAttributeInformation,
FileFsControlInformation,
FileFsFullSizeInformation,
FileFsObjectIdInformation,
FileFsDriverPathInformation,
FileFsVolumeFlagsInformation,
FileFsMaximumInformation
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
#endif
/* We need a redef of these MS structure */ /* We need a redef of these MS structure */
typedef struct { typedef struct {
DWORD DeviceType; DWORD DeviceType;

63
src/ext2fs/nt_io.c
View file

@ -28,21 +28,12 @@
#include "config.h" #include "config.h"
#include "ext2fs.h" #include "ext2fs.h"
#include "rufus.h" #include "rufus.h"
#include "ntdll.h"
#include "msapi_utf8.h" #include "msapi_utf8.h"
extern char* NtStatusError(NTSTATUS Status); extern char* NtStatusError(NTSTATUS Status);
static DWORD LastWinError = 0; static DWORD LastWinError = 0;
PF_TYPE_DECL(NTAPI, ULONG, RtlNtStatusToDosError, (NTSTATUS));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenFile, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtFlushBuffersFile, (HANDLE, PIO_STATUS_BLOCK));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtReadFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtWriteFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtDeviceIoControlFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtFsControlFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtDelayExecution, (BOOLEAN, PLARGE_INTEGER));
#define ARGUMENT_PRESENT(ArgumentPointer) ((CHAR *)((ULONG_PTR)(ArgumentPointer)) != (CHAR *)(NULL)) #define ARGUMENT_PRESENT(ArgumentPointer) ((CHAR *)((ULONG_PTR)(ArgumentPointer)) != (CHAR *)(NULL))
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L) #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
@ -173,8 +164,7 @@ static unsigned _MapDosError(IN ULONG WinError)
// Map NT status to dos error. // Map NT status to dos error.
static __inline unsigned _MapNtStatus(IN NTSTATUS Status) static __inline unsigned _MapNtStatus(IN NTSTATUS Status)
{ {
PF_INIT(RtlNtStatusToDosError, Ntdll); return _MapDosError(RtlNtStatusToDosError(Status));
return (pfRtlNtStatusToDosError == NULL) ? EFAULT: _MapDosError(pfRtlNtStatusToDosError(Status));
} }
// Return the last Windows Error // Return the last Windows Error
@ -193,8 +183,6 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand
NTSTATUS Status = EFAULT; NTSTATUS Status = EFAULT;
OBJECT_ATTRIBUTES ObjectAttributes; OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtDelayExecution, Ntdll);
PF_INIT_OR_OUT(NtOpenFile, Ntdll);
// Make Unicode name from input string // Make Unicode name from input string
utf8_to_wchar_no_alloc(Name, Buffer, ARRAYSIZE(Buffer)); utf8_to_wchar_no_alloc(Name, Buffer, ARRAYSIZE(Buffer));
@ -209,16 +197,16 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand
if (ARGUMENT_PRESENT(OpenedReadonly)) if (ARGUMENT_PRESENT(OpenedReadonly))
*OpenedReadonly = Readonly; *OpenedReadonly = Readonly;
Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA), Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA),
&ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_NONALERT); FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(Status)) { if (!NT_SUCCESS(Status)) {
// Maybe was just mounted? wait 0.5 sec and retry. // Maybe was just mounted? wait 0.5 sec and retry.
LARGE_INTEGER Interval; LARGE_INTEGER Interval;
Interval.QuadPart = -5000000; // 0.5 sec. from now Interval.QuadPart = -5000000; // 0.5 sec. from now
pfNtDelayExecution(FALSE, &Interval); NtDelayExecution(FALSE, &Interval);
Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA), Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA),
&ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_NONALERT); FILE_SYNCHRONOUS_IO_NONALERT);
@ -227,13 +215,12 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand
if (ARGUMENT_PRESENT(OpenedReadonly)) if (ARGUMENT_PRESENT(OpenedReadonly))
*OpenedReadonly = TRUE; *OpenedReadonly = TRUE;
Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA, &ObjectAttributes, Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA, &ObjectAttributes,
&IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_NONALERT); FILE_SYNCHRONOUS_IO_NONALERT);
} }
} }
out:
return Status; return Status;
} }
@ -247,45 +234,38 @@ static NTSTATUS _OpenDriveLetter(IN CHAR Letter, IN BOOLEAN ReadOnly, OUT PHANDL
static __inline NTSTATUS _FlushDrive(IN HANDLE Handle) static __inline NTSTATUS _FlushDrive(IN HANDLE Handle)
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtFlushBuffersFile, NtDll); return NtFlushBuffersFile(Handle, &IoStatusBlock);
return (pfNtFlushBuffersFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFlushBuffersFile(Handle, &IoStatusBlock);
} }
static __inline NTSTATUS _LockDrive(IN HANDLE Handle) static __inline NTSTATUS _LockDrive(IN HANDLE Handle)
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtFsControlFile, NtDll); return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_LOCK_VOLUME, 0, 0, 0, 0);
return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_LOCK_VOLUME, 0, 0, 0, 0);
} }
static __inline NTSTATUS _UnlockDrive(IN HANDLE Handle) static __inline NTSTATUS _UnlockDrive(IN HANDLE Handle)
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtFsControlFile, NtDll); return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_UNLOCK_VOLUME, 0, 0, 0, 0);
return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_UNLOCK_VOLUME, 0, 0, 0, 0);
} }
static __inline NTSTATUS _DismountDrive(IN HANDLE Handle) static __inline NTSTATUS _DismountDrive(IN HANDLE Handle)
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtFsControlFile, NtDll); return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_DISMOUNT_VOLUME, 0, 0, 0, 0);
return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_DISMOUNT_VOLUME, 0, 0, 0, 0);
} }
static __inline BOOLEAN _IsMounted(IN HANDLE Handle) static __inline BOOLEAN _IsMounted(IN HANDLE Handle)
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtFsControlFile, NtDll); return (BOOLEAN)(NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_IS_VOLUME_MOUNTED, 0, 0, 0, 0) == STATUS_SUCCESS);
return (pfNtFsControlFile == NULL) ? FALSE :
(BOOLEAN)(pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_IS_VOLUME_MOUNTED, 0, 0, 0, 0) == STATUS_SUCCESS);
} }
static __inline NTSTATUS _CloseDisk(IN HANDLE Handle) static __inline NTSTATUS _CloseDisk(IN HANDLE Handle)
{ {
PF_INIT(NtClose, Ntdll); return NtClose(Handle);
return (pfNtClose == NULL) ? STATUS_DLL_NOT_FOUND : pfNtClose(Handle);
} }
static PCSTR _NormalizeDeviceName(IN PCSTR Device, IN PSTR NormalizedDeviceNameBuffer, OUT __u64 *Offset, OUT __u64 *Size) static PCSTR _NormalizeDeviceName(IN PCSTR Device, IN PSTR NormalizedDeviceNameBuffer, OUT __u64 *Offset, OUT __u64 *Size)
@ -320,12 +300,9 @@ static VOID _GetDeviceSize(IN HANDLE h, OUT unsigned __int64 *FsSize)
LARGE_INTEGER li; LARGE_INTEGER li;
*FsSize = 0; *FsSize = 0;
PF_INIT(NtDeviceIoControlFile, NtDll);
if (pfNtDeviceIoControlFile == NULL)
return;
RtlZeroMemory(&pi, sizeof(pi)); RtlZeroMemory(&pi, sizeof(pi));
Status = pfNtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock, Status = NtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock,
IOCTL_DISK_GET_PARTITION_INFO_EX, IOCTL_DISK_GET_PARTITION_INFO_EX,
&pi, sizeof(pi), &pi, sizeof(pi)); &pi, sizeof(pi), &pi, sizeof(pi));
if (NT_SUCCESS(Status)) { if (NT_SUCCESS(Status)) {
@ -334,7 +311,7 @@ static VOID _GetDeviceSize(IN HANDLE h, OUT unsigned __int64 *FsSize)
// No partitions: Try a drive geometry request // No partitions: Try a drive geometry request
RtlZeroMemory(&gi, sizeof(gi)); RtlZeroMemory(&gi, sizeof(gi));
Status = pfNtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock, Status = NtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock,
IOCTL_DISK_GET_DRIVE_GEOMETRY_EX, IOCTL_DISK_GET_DRIVE_GEOMETRY_EX,
&gi, sizeof(gi), &gi, sizeof(gi)); &gi, sizeof(gi), &gi, sizeof(gi));
@ -389,8 +366,6 @@ static BOOLEAN _BlockIo(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
NTSTATUS Status = STATUS_DLL_NOT_FOUND; NTSTATUS Status = STATUS_DLL_NOT_FOUND;
PF_INIT_OR_OUT(NtReadFile, NtDll);
PF_INIT_OR_OUT(NtWriteFile, NtDll);
// Should be aligned // Should be aligned
assert((Bytes % 512) == 0); assert((Bytes % 512) == 0);
@ -399,14 +374,13 @@ static BOOLEAN _BlockIo(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte
LastWinError = 0; LastWinError = 0;
// Perform io // Perform io
if(Read) { if(Read) {
Status = pfNtReadFile(Handle, NULL, NULL, NULL, Status = NtReadFile(Handle, NULL, NULL, NULL,
&IoStatusBlock, Buffer, Bytes, &Offset, NULL); &IoStatusBlock, Buffer, Bytes, &Offset, NULL);
} else { } else {
Status = pfNtWriteFile(Handle, NULL, NULL, NULL, Status = NtWriteFile(Handle, NULL, NULL, NULL,
&IoStatusBlock, Buffer, Bytes, &Offset, NULL); &IoStatusBlock, Buffer, Bytes, &Offset, NULL);
} }
out:
if (!NT_SUCCESS(Status)) { if (!NT_SUCCESS(Status)) {
if (ARGUMENT_PRESENT(Errno)) if (ARGUMENT_PRESENT(Errno))
*Errno = _MapNtStatus(Status); *Errno = _MapNtStatus(Status);
@ -431,10 +405,7 @@ static BOOLEAN _RawRead(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte
static BOOLEAN _SetPartType(IN HANDLE Handle, IN UCHAR Type) static BOOLEAN _SetPartType(IN HANDLE Handle, IN UCHAR Type)
{ {
IO_STATUS_BLOCK IoStatusBlock; IO_STATUS_BLOCK IoStatusBlock;
PF_INIT(NtDeviceIoControlFile, NtDll); return NT_SUCCESS(NtDeviceIoControlFile(Handle, NULL, NULL, NULL, &IoStatusBlock,
if (pfNtDeviceIoControlFile == NULL)
return FALSE;
return NT_SUCCESS(pfNtDeviceIoControlFile(Handle, NULL, NULL, NULL, &IoStatusBlock,
IOCTL_DISK_SET_PARTITION_INFO, &Type, sizeof(Type), NULL, 0)); IOCTL_DISK_SET_PARTITION_INFO, &Type, sizeof(Type), NULL, 0));
} }

123
src/process.h → src/ntdll.h
View file

@ -1,10 +1,10 @@
/* /*
* Rufus: The Reliable USB Formatting Utility * Rufus: The Reliable USB Formatting Utility
* Process search functionality * ntdll definitions & process search functionality
* *
* Modified from System Informer (a.k.a. Process Hacker): * Modified from System Informer (a.k.a. Process Hacker):
* https://github.com/winsiderss/systeminformer * https://github.com/winsiderss/systeminformer
* Copyright © 2017-2023 Pete Batard <pete@akeo.ie> * Copyright © 2017-2025 Pete Batard <pete@akeo.ie>
* Copyright © 2017 dmex * Copyright © 2017 dmex
* Copyright © 2009-2016 wj32 * Copyright © 2009-2016 wj32
* *
@ -318,3 +318,122 @@ typedef struct {
ProcessEntry Process[MAX_BLOCKING_PROCESSES]; // Fixed size process list ProcessEntry Process[MAX_BLOCKING_PROCESSES]; // Fixed size process list
uint32_t nPass; // Incremental counter of how many passes we ran uint32_t nPass; // Incremental counter of how many passes we ran
} BlockingProcess; } BlockingProcess;
#if !defined(__MINGW32__)
typedef enum _FSINFOCLASS {
FileFsVolumeInformation = 1,
FileFsLabelInformation,
FileFsSizeInformation,
FileFsDeviceInformation,
FileFsAttributeInformation,
FileFsControlInformation,
FileFsFullSizeInformation,
FileFsObjectIdInformation,
FileFsDriverPathInformation,
FileFsVolumeFlagsInformation,
FileFsMaximumInformation
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
#endif
NTSYSAPI PVOID NTAPI RtlCreateHeap(
IN ULONG Flags,
IN PVOID HeapBase OPTIONAL,
IN SIZE_T ReserveSize OPTIONAL,
IN SIZE_T CommitSize OPTIONAL,
IN PVOID Lock OPTIONAL,
IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
NTSYSAPI PVOID NTAPI RtlAllocateHeap(
IN HANDLE HeapHandle,
IN ULONG Flags OPTIONAL,
IN SIZE_T Size);
NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(
IN PVOID HeapHandle,
IN ULONG Flags OPTIONAL,
IN PVOID BaseAddress);
NTSYSAPI PVOID NTAPI RtlDestroyHeap(
IN PVOID HeapHandle);
NTSYSAPI NTSTATUS NTAPI NtOpenProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN CLIENT_ID* ClientId);
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken(
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle);
NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(
IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES TokenPrivileges,
IN ULONG PreviousPrivilegesLength,
OUT PTOKEN_PRIVILEGES PreviousPrivileges OPTIONAL,
OUT PULONG RequiredLength OPTIONAL);
NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(
IN HANDLE SourceProcessHandle,
IN PHANDLE SourceHandle,
IN HANDLE TargetProcessHandle,
OUT PHANDLE TargetHandle,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN BOOLEAN InheritHandle,
IN ULONG Options);
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass);
NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
IN FS_INFORMATION_CLASS FsInformationClass);
NTSYSAPI NTSTATUS NTAPI NtReadFile(IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL);
NTSYSAPI NTSTATUS NTAPI NtWriteFile(IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL);
NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock);
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(
IN HANDLE FileHandle,
IN HANDLE Event,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcContext,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG FsControlCode,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferLength);
NTSYSAPI NTSTATUS NTAPI NtDelayExecution(
IN BOOLEAN Alertable,
IN PLARGE_INTEGER DelayInterval);

99
src/process.c
View file

@ -32,26 +32,12 @@
#include "rufus.h" #include "rufus.h"
#include "drive.h" #include "drive.h"
#include "process.h" #include "ntdll.h"
#include "missing.h" #include "missing.h"
#include "msapi_utf8.h" #include "msapi_utf8.h"
PF_TYPE_DECL(NTAPI, PVOID, RtlCreateHeap, (ULONG, PVOID, SIZE_T, SIZE_T, PVOID, PRTL_HEAP_PARAMETERS));
PF_TYPE_DECL(NTAPI, PVOID, RtlDestroyHeap, (PVOID));
PF_TYPE_DECL(NTAPI, PVOID, RtlAllocateHeap, (PVOID, ULONG, SIZE_T));
PF_TYPE_DECL(NTAPI, BOOLEAN, RtlFreeHeap, (PVOID, ULONG, PVOID));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQuerySystemInformation, (SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryInformationFile, (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryInformationProcess, (HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64QueryInformationProcess64, (HANDLE, ULONG, PVOID, ULONG, PULONG)); PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64QueryInformationProcess64, (HANDLE, ULONG, PVOID, ULONG, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64ReadVirtualMemory64, (HANDLE, ULONGLONG, PVOID, ULONG64, PULONG64)); PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64ReadVirtualMemory64, (HANDLE, ULONGLONG, PVOID, ULONG64, PULONG64));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryObject, (HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtDuplicateObject, (HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcess, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, CLIENT_ID*));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcessToken, (HANDLE, ACCESS_MASK, PHANDLE));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtAdjustPrivilegesToken, (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG, PTOKEN_PRIVILEGES, PULONG));
PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE));
static PVOID PhHeapHandle = NULL; static PVOID PhHeapHandle = NULL;
static HANDLE hSearchProcessThread = NULL; static HANDLE hSearchProcessThread = NULL;
@ -118,13 +104,10 @@ static NTSTATUS PhCreateHeap(VOID)
if (PhHeapHandle != NULL) if (PhHeapHandle != NULL)
return STATUS_ALREADY_COMPLETE; return STATUS_ALREADY_COMPLETE;
PF_INIT_OR_SET_STATUS(RtlCreateHeap, Ntdll);
PhHeapHandle = RtlCreateHeap(HEAP_NO_SERIALIZE | HEAP_GROWABLE, NULL, 2 * MB, 1 * MB, NULL, NULL);
if (NT_SUCCESS(status)) { if (PhHeapHandle == NULL)
PhHeapHandle = pfRtlCreateHeap(HEAP_NO_SERIALIZE | HEAP_GROWABLE, NULL, 2 * MB, 1 * MB, NULL, NULL); status = STATUS_UNSUCCESSFUL;
if (PhHeapHandle == NULL)
status = STATUS_UNSUCCESSFUL;
}
return status; return status;
} }
@ -136,14 +119,10 @@ static NTSTATUS PhDestroyHeap(VOID)
if (PhHeapHandle == NULL) if (PhHeapHandle == NULL)
return STATUS_ALREADY_COMPLETE; return STATUS_ALREADY_COMPLETE;
PF_INIT_OR_SET_STATUS(RtlDestroyHeap, Ntdll); if (RtlDestroyHeap(PhHeapHandle) == NULL) {
PhHeapHandle = NULL;
if (NT_SUCCESS(status)) { } else {
if (pfRtlDestroyHeap(PhHeapHandle) == NULL) { status = STATUS_UNSUCCESSFUL;
PhHeapHandle = NULL;
} else {
status = STATUS_UNSUCCESSFUL;
}
} }
return status; return status;
@ -161,11 +140,7 @@ static PVOID PhAllocate(SIZE_T Size)
if (PhHeapHandle == NULL) if (PhHeapHandle == NULL)
return NULL; return NULL;
PF_INIT(RtlAllocateHeap, Ntdll); return RtlAllocateHeap(PhHeapHandle, 0, Size);
if (pfRtlAllocateHeap == NULL)
return NULL;
return pfRtlAllocateHeap(PhHeapHandle, 0, Size);
} }
/** /**
@ -178,9 +153,7 @@ static VOID PhFree(PVOID Memory)
if (PhHeapHandle == NULL) if (PhHeapHandle == NULL)
return; return;
PF_INIT(RtlFreeHeap, Ntdll); RtlFreeHeap(PhHeapHandle, 0, Memory);
if (pfRtlFreeHeap != NULL)
pfRtlFreeHeap(PhHeapHandle, 0, Memory);
} }
/** /**
@ -198,16 +171,12 @@ NTSTATUS PhEnumHandlesEx(PSYSTEM_HANDLE_INFORMATION_EX *Handles)
PVOID buffer; PVOID buffer;
ULONG bufferSize; ULONG bufferSize;
PF_INIT_OR_SET_STATUS(NtQuerySystemInformation, Ntdll);
if (!NT_SUCCESS(status))
return status;
bufferSize = initialBufferSize; bufferSize = initialBufferSize;
buffer = PhAllocate(bufferSize); buffer = PhAllocate(bufferSize);
if (buffer == NULL) if (buffer == NULL)
return STATUS_NO_MEMORY; return STATUS_NO_MEMORY;
while ((status = pfNtQuerySystemInformation(SystemExtendedHandleInformation, while ((status = NtQuerySystemInformation(SystemExtendedHandleInformation,
buffer, bufferSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH) { buffer, bufferSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH) {
PhFree(buffer); PhFree(buffer);
bufferSize *= 2; bufferSize *= 2;
@ -253,15 +222,11 @@ NTSTATUS PhOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, HANDLE
return 0; return 0;
} }
PF_INIT_OR_SET_STATUS(NtOpenProcess, Ntdll);
if (!NT_SUCCESS(status))
return status;
clientId.UniqueProcess = ProcessId; clientId.UniqueProcess = ProcessId;
clientId.UniqueThread = NULL; clientId.UniqueThread = NULL;
InitializeObjectAttributes(&objectAttributes, NULL, 0, NULL, NULL); InitializeObjectAttributes(&objectAttributes, NULL, 0, NULL, NULL);
status = pfNtOpenProcess(ProcessHandle, DesiredAccess, &objectAttributes, &clientId); status = NtOpenProcess(ProcessHandle, DesiredAccess, &objectAttributes, &clientId);
return status; return status;
} }
@ -283,16 +248,12 @@ NTSTATUS PhQueryProcessesUsingVolumeOrFile(HANDLE VolumeOrFileHandle,
ULONG bufferSize; ULONG bufferSize;
IO_STATUS_BLOCK isb; IO_STATUS_BLOCK isb;
PF_INIT_OR_SET_STATUS(NtQueryInformationFile, NtDll);
if (!NT_SUCCESS(status))
return status;
bufferSize = initialBufferSize; bufferSize = initialBufferSize;
buffer = PhAllocate(bufferSize); buffer = PhAllocate(bufferSize);
if (buffer == NULL) if (buffer == NULL)
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
while ((status = pfNtQueryInformationFile(VolumeOrFileHandle, &isb, buffer, bufferSize, while ((status = NtQueryInformationFile(VolumeOrFileHandle, &isb, buffer, bufferSize,
FileProcessIdsUsingFileInformation)) == STATUS_INFO_LENGTH_MISMATCH) { FileProcessIdsUsingFileInformation)) == STATUS_INFO_LENGTH_MISMATCH) {
PhFree(buffer); PhFree(buffer);
bufferSize *= 2; bufferSize *= 2;
@ -390,9 +351,7 @@ static PWSTR GetProcessCommandLine(HANDLE hProcess)
PBYTE* params; PBYTE* params;
UNICODE_STRING* ucmdline; UNICODE_STRING* ucmdline;
PF_INIT_OR_OUT(NtQueryInformationProcess, NtDll); status = NtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL);
status = pfNtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL);
if (!NT_SUCCESS(status)) if (!NT_SUCCESS(status))
goto out; goto out;
@ -454,10 +413,6 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
char cmdline[MAX_PATH] = { 0 }, tmp[64]; char cmdline[MAX_PATH] = { 0 }, tmp[64];
int cur_pid, j, nHandles = 0; int cur_pid, j, nHandles = 0;
PF_INIT_OR_OUT(NtQueryObject, Ntdll);
PF_INIT_OR_OUT(NtDuplicateObject, NtDll);
PF_INIT_OR_OUT(NtClose, NtDll);
// Initialize the blocking process struct // Initialize the blocking process struct
memset(&blocking_process, 0, sizeof(blocking_process)); memset(&blocking_process, 0, sizeof(blocking_process));
hLock = CreateMutexA(NULL, TRUE, NULL); hLock = CreateMutexA(NULL, TRUE, NULL);
@ -558,7 +513,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
if ((dupHandle != NULL) && (processHandle != NtCurrentProcess())) { if ((dupHandle != NULL) && (processHandle != NtCurrentProcess())) {
TRY_AND_HANDLE( TRY_AND_HANDLE(
EXCEPTION_ACCESS_VIOLATION, EXCEPTION_ACCESS_VIOLATION,
{ pfNtClose(dupHandle); }, { NtClose(dupHandle); },
{ continue; } { continue; }
); );
dupHandle = NULL; dupHandle = NULL;
@ -605,7 +560,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
// Close the previous handle // Close the previous handle
if (processHandle != NULL) { if (processHandle != NULL) {
if (processHandle != NtCurrentProcess()) if (processHandle != NtCurrentProcess())
pfNtClose(processHandle); NtClose(processHandle);
processHandle = NULL; processHandle = NULL;
} }
} }
@ -646,7 +601,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
// Now duplicate this handle onto our own process, so that we can access its properties // Now duplicate this handle onto our own process, so that we can access its properties
if (processHandle == NtCurrentProcess()) if (processHandle == NtCurrentProcess())
continue; continue;
status = pfNtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue, status = NtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue,
NtCurrentProcess(), &dupHandle, 0, 0, 0); NtCurrentProcess(), &dupHandle, 0, 0, 0);
if (!NT_SUCCESS(status)) if (!NT_SUCCESS(status))
continue; continue;
@ -659,7 +614,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
do { do {
ULONG returnSize; ULONG returnSize;
// TODO: We might potentially still need a timeout on ObjectName queries, as PH does... // TODO: We might potentially still need a timeout on ObjectName queries, as PH does...
status = pfNtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize); status = NtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize);
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH || if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH ||
status == STATUS_BUFFER_TOO_SMALL) { status == STATUS_BUFFER_TOO_SMALL) {
bufferSize = returnSize; bufferSize = returnSize;
@ -893,15 +848,12 @@ static BOOL IsProcessRunning(uint64_t pid)
BOOL ret = FALSE; BOOL ret = FALSE;
NTSTATUS status; NTSTATUS status;
PF_INIT_OR_OUT(NtClose, NtDll);
status = PhOpenProcess(&hProcess, PROCESS_QUERY_LIMITED_INFORMATION, (HANDLE)(uintptr_t)pid); status = PhOpenProcess(&hProcess, PROCESS_QUERY_LIMITED_INFORMATION, (HANDLE)(uintptr_t)pid);
if (!NT_SUCCESS(status) || (hProcess == NULL)) if (!NT_SUCCESS(status) || (hProcess == NULL))
return FALSE; return FALSE;
if (GetExitCodeProcess(hProcess, &dwExitCode)) if (GetExitCodeProcess(hProcess, &dwExitCode))
ret = (dwExitCode == STILL_ACTIVE); ret = (dwExitCode == STILL_ACTIVE);
pfNtClose(hProcess); NtClose(hProcess);
out:
return ret; return ret;
} }
@ -1039,11 +991,7 @@ BOOL EnablePrivileges(void)
NTSTATUS status = STATUS_NOT_IMPLEMENTED; NTSTATUS status = STATUS_NOT_IMPLEMENTED;
HANDLE tokenHandle; HANDLE tokenHandle;
PF_INIT_OR_OUT(NtClose, NtDll); status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle);
PF_INIT_OR_OUT(NtOpenProcessToken, NtDll);
PF_INIT_OR_OUT(NtAdjustPrivilegesToken, NtDll);
status = pfNtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle);
if (NT_SUCCESS(status)) { if (NT_SUCCESS(status)) {
CHAR privilegesBuffer[FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) + CHAR privilegesBuffer[FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) +
@ -1060,12 +1008,11 @@ BOOL EnablePrivileges(void)
privileges->Privileges[0].Luid.LowPart = requestedPrivileges[i]; privileges->Privileges[0].Luid.LowPart = requestedPrivileges[i];
} }
status = pfNtAdjustPrivilegesToken(tokenHandle, FALSE, privileges, 0, NULL, NULL); status = NtAdjustPrivilegesToken(tokenHandle, FALSE, privileges, 0, NULL, NULL);
pfNtClose(tokenHandle); NtClose(tokenHandle);
} }
out:
if (!NT_SUCCESS(status)) if (!NT_SUCCESS(status))
ubprintf("NOTE: Could not set process privileges: %s", NtStatusError(status)); ubprintf("NOTE: Could not set process privileges: %s", NtStatusError(status));
return NT_SUCCESS(status); return NT_SUCCESS(status);

10
src/rufus.rc
View file

@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 232, 326 IDD_DIALOG DIALOGEX 12, 12, 232, 326
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 4.8.2244" CAPTION "Rufus 4.8.2245"
FONT 9, "Segoe UI Symbol", 400, 0, 0x0 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
BEGIN BEGIN
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -407,8 +407,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 4,8,2244,0 FILEVERSION 4,8,2245,0
PRODUCTVERSION 4,8,2244,0 PRODUCTVERSION 4,8,2245,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -426,13 +426,13 @@ BEGIN
VALUE "Comments", "https://rufus.ie" VALUE "Comments", "https://rufus.ie"
VALUE "CompanyName", "Akeo Consulting" VALUE "CompanyName", "Akeo Consulting"
VALUE "FileDescription", "Rufus" VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "4.8.2244" VALUE "FileVersion", "4.8.2245"
VALUE "InternalName", "Rufus" VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "© 2011-2025 Pete Batard (GPL v3)" VALUE "LegalCopyright", "© 2011-2025 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
VALUE "OriginalFilename", "rufus-4.8.exe" VALUE "OriginalFilename", "rufus-4.8.exe"
VALUE "ProductName", "Rufus" VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "4.8.2244" VALUE "ProductVersion", "4.8.2245"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

9
src/stdio.c
View file

@ -35,6 +35,7 @@
#include <math.h> #include <math.h>
#include "rufus.h" #include "rufus.h"
#include "ntdll.h"
#include "missing.h" #include "missing.h"
#include "settings.h" #include "settings.h"
#include "resource.h" #include "resource.h"
@ -697,9 +698,7 @@ DWORD WaitForSingleObjectWithMessages(HANDLE hHandle, DWORD dwMilliseconds)
#define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock)
#define RtlGetProcessHeap() (NtCurrentPeb()->Reserved4[1]) // NtCurrentPeb()->ProcessHeap, mangled due to deficiencies in winternl.h #define RtlGetProcessHeap() (NtCurrentPeb()->Reserved4[1]) // NtCurrentPeb()->ProcessHeap, mangled due to deficiencies in winternl.h
PF_TYPE_DECL(NTAPI, NTSTATUS, NtCreateFile, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG));
PF_TYPE_DECL(NTAPI, BOOLEAN, RtlDosPathNameToNtPathNameW, (PCWSTR, PUNICODE_STRING, PWSTR*, PVOID)); PF_TYPE_DECL(NTAPI, BOOLEAN, RtlDosPathNameToNtPathNameW, (PCWSTR, PUNICODE_STRING, PWSTR*, PVOID));
PF_TYPE_DECL(NTAPI, BOOLEAN, RtlFreeHeap, (PVOID, ULONG, PVOID));
PF_TYPE_DECL(NTAPI, VOID, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, (NTSTATUS)); PF_TYPE_DECL(NTAPI, VOID, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, (NTSTATUS));
HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess, HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess,
@ -714,9 +713,7 @@ HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess,
LARGE_INTEGER allocationSize; LARGE_INTEGER allocationSize;
NTSTATUS status = STATUS_SUCCESS; NTSTATUS status = STATUS_SUCCESS;
PF_INIT_OR_SET_STATUS(NtCreateFile, Ntdll);
PF_INIT_OR_SET_STATUS(RtlDosPathNameToNtPathNameW, Ntdll); PF_INIT_OR_SET_STATUS(RtlDosPathNameToNtPathNameW, Ntdll);
PF_INIT_OR_SET_STATUS(RtlFreeHeap, Ntdll);
PF_INIT_OR_SET_STATUS(RtlSetLastWin32ErrorAndNtStatusFromNtStatus, Ntdll); PF_INIT_OR_SET_STATUS(RtlSetLastWin32ErrorAndNtStatusFromNtStatus, Ntdll);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
@ -813,10 +810,10 @@ HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess,
allocationSize.QuadPart = fileSize; allocationSize.QuadPart = fileSize;
// Call NtCreateFile // Call NtCreateFile
status = pfNtCreateFile(&fileHandle, dwDesiredAccess, &objectAttributes, &ioStatusBlock, status = NtCreateFile(&fileHandle, dwDesiredAccess, &objectAttributes, &ioStatusBlock,
&allocationSize, fileAttributes, dwShareMode, dwCreationDisposition, flags, NULL, 0); &allocationSize, fileAttributes, dwShareMode, dwCreationDisposition, flags, NULL, 0);
pfRtlFreeHeap(RtlGetProcessHeap(), 0, ntPath.Buffer); RtlFreeHeap(RtlGetProcessHeap(), 0, ntPath.Buffer);
wfree(lpFileName); wfree(lpFileName);
pfRtlSetLastWin32ErrorAndNtStatusFromNtStatus(status); pfRtlSetLastWin32ErrorAndNtStatusFromNtStatus(status);