From d5e229619fb0d57da8ae79ea61b9ae72ed60216d Mon Sep 17 00:00:00 2001 From: midipix Date: Jun 13 2018 16:14:17 +0000 Subject: keyed object directory: use a simplified naming scheme. --- diff --git a/include/ntapi/nt_object.h b/include/ntapi/nt_object.h index 63a3a54..a39974a 100644 --- a/include/ntapi/nt_object.h +++ b/include/ntapi/nt_object.h @@ -402,36 +402,15 @@ typedef struct _nt_directory_basic_information { } nt_directory_basic_information; -typedef struct _nt_ipc_object_directory_guid { - wchar16_t uscore_guid; - wchar16_t pgrp_guid[36]; -} nt_ipc_object_directory_guid, nt_ipc_objdir_guid; - - typedef struct _nt_ipc_object_directory_name { wchar16_t base_named_objects[17]; wchar16_t backslash; wchar16_t prefix[6]; - nt_ipc_objdir_guid objdir_guid; + wchar16_t uscore; + wchar16_t guid[36]; } nt_ipc_object_directory_name, nt_ipc_objdir_name; -typedef struct _nt_keyed_object_directory_guid { - wchar16_t uscore_guid; - wchar16_t pgrp_guid[36]; - wchar16_t uscore_key; -} nt_keyed_object_directory_guid, nt_keyed_objdir_guid; - - -typedef struct _nt_keyed_object_directory_name { - wchar16_t base_named_objects[17]; - wchar16_t backslash; - wchar16_t prefix[6]; - nt_keyed_objdir_guid objdir_guid; - wchar16_t key[8]; -} nt_keyed_object_directory_name, nt_keyed_objdir_name; - - typedef void __stdcall nt_io_apc_routine( void * apc_context, nt_io_status_block * io_status_block, @@ -559,15 +538,13 @@ typedef int32_t __stdcall ntapi_tt_create_dev_object_directory_entry( typedef int32_t __stdcall ntapi_tt_create_keyed_object_directory( __out void ** hdir, __in uint32_t desired_access, - __in const wchar16_t prefix[6], - __in const nt_guid * guid, + __in void * hparent, __in uint32_t key); typedef int32_t __stdcall ntapi_tt_open_keyed_object_directory( __out void ** hdir, __in uint32_t desired_access, - __in const wchar16_t prefix[6], - __in const nt_guid * guid, + __in void * hparent, __in uint32_t key); typedef int32_t __stdcall ntapi_tt_create_keyed_object_directory_entry( diff --git a/src/object/ntapi_tt_keyed_object_directory.c b/src/object/ntapi_tt_keyed_object_directory.c index 77a6aff..705eec9 100644 --- a/src/object/ntapi_tt_keyed_object_directory.c +++ b/src/object/ntapi_tt_keyed_object_directory.c @@ -13,12 +13,46 @@ typedef ntapi_zw_open_directory_object objdir_open_fn; -static nt_keyed_objdir_name __template_name = {__NT_BASED_NAMED_OBJECTS, - 0, - {0,0,0,0,0,0}, - {0,{0},0}, - {0}}; +static void __tt_guid_to_hex_utf16( + __in const nt_guid * guid, + __out wchar16_t * hex_str) +{ + uint16_t key; + + __ntapi_tt_uint32_to_hex_utf16( + guid->data1,&hex_str[0]); + + __ntapi_tt_uint16_to_hex_utf16( + guid->data2,&hex_str[9]); + + __ntapi_tt_uint16_to_hex_utf16( + guid->data3,&hex_str[14]); + + key = guid->data4[0] * 0x100 + guid->data4[1]; + + __ntapi_tt_uint16_to_hex_utf16( + key,&hex_str[19]); + + key = guid->data4[2] * 0x100 + guid->data4[3]; + + __ntapi_tt_uint16_to_hex_utf16( + key,&hex_str[24]); + + key = guid->data4[4] * 0x100 + guid->data4[5]; + __ntapi_tt_uint16_to_hex_utf16( + key,&hex_str[28]); + + key = guid->data4[6] * 0x100 + guid->data4[7]; + + __ntapi_tt_uint16_to_hex_utf16( + key,&hex_str[32]); + + hex_str[8] = '-'; + hex_str[13] = '-'; + hex_str[18] = '-'; + hex_str[23] = '-'; +} static nt_access_allowed_ace * __ipc_ace_init( nt_access_allowed_ace * ace, @@ -111,25 +145,24 @@ static int32_t __stdcall __tt_create_ipc_object_directory( __ipc_sd_init(&sd,1); __ntapi->tt_generic_memcpy( - &objdir_name, - &__template_name, - sizeof(objdir_name)); + objdir_name.base_named_objects, + (wchar16_t[])__NT_BASED_NAMED_OBJECTS, + sizeof(objdir_name.base_named_objects)); __ntapi->tt_memcpy_utf16( objdir_name.prefix, prefix, sizeof(objdir_name.prefix)); - __ntapi->tt_guid_to_string_utf16( - guid, - (nt_guid_str_utf16 *)&objdir_name.objdir_guid); + __tt_guid_to_hex_utf16( + guid,objdir_name.guid); objdir_name.backslash = '\\'; - objdir_name.objdir_guid.uscore_guid = '_'; + objdir_name.uscore = '_'; name.strlen = sizeof(objdir_name); name.maxlen = 0; - name.buffer = (uint16_t *)&objdir_name; + name.buffer = objdir_name.base_named_objects; oa.len = sizeof(oa); oa.root_dir = 0; @@ -152,12 +185,11 @@ static int32_t __stdcall __tt_create_ipc_object_directory( static int32_t __stdcall __tt_create_keyed_object_directory( __out void ** hdir, __in uint32_t desired_access, - __in const wchar16_t prefix[6], - __in const nt_guid * guid, + __in void * hparent, __in uint32_t key, __in objdir_open_fn * openfn) { - nt_keyed_objdir_name objdir_name; + wchar16_t keystr[8]; nt_unicode_string name; nt_sd_common_buffer sd; nt_oa oa; @@ -169,33 +201,15 @@ static int32_t __stdcall __tt_create_keyed_object_directory( __ipc_sd_init(&sd,1); - __ntapi->tt_generic_memcpy( - &objdir_name, - &__template_name, - sizeof(__template_name)); - - __ntapi->tt_memcpy_utf16( - objdir_name.prefix, - prefix, - sizeof(objdir_name.prefix)); - - __ntapi->tt_guid_to_string_utf16( - guid, - (nt_guid_str_utf16 *)&objdir_name.objdir_guid); - __ntapi->tt_uint32_to_hex_utf16( - key,objdir_name.key); - - objdir_name.backslash = '\\'; - objdir_name.objdir_guid.uscore_guid = '_'; - objdir_name.objdir_guid.uscore_key = '_'; + key,keystr); - name.strlen = sizeof(objdir_name); - name.maxlen = 0; - name.buffer = (uint16_t *)&objdir_name; + name.strlen = sizeof(keystr); + name.maxlen = 0; + name.buffer = keystr; oa.len = sizeof(oa); - oa.root_dir = 0; + oa.root_dir = hparent; oa.obj_name = &name; oa.obj_attr = NT_OBJ_INHERIT; oa.sec_desc = &sd.sd; @@ -341,26 +355,24 @@ int32_t __stdcall __ntapi_tt_create_dev_object_directory_entry( int32_t __stdcall __ntapi_tt_create_keyed_object_directory( __out void ** hdir, __in uint32_t desired_access, - __in const wchar16_t prefix[6], - __in const nt_guid * guid, + __in void * hparent, __in uint32_t key) { return __tt_create_keyed_object_directory( hdir,desired_access, - prefix,guid,key, + hparent,key, __ntapi->zw_create_directory_object); } int32_t __stdcall __ntapi_tt_open_keyed_object_directory( __out void ** hdir, __in uint32_t desired_access, - __in const wchar16_t prefix[6], - __in const nt_guid * guid, + __in void * hparent, __in uint32_t key) { return __tt_create_keyed_object_directory( hdir,desired_access, - prefix,guid,key, + hparent,key, __ntapi->zw_open_directory_object); }