ansaurus

Question

Not able to include ntifs.h in win32 project

Answer 1

+1 A:

If you read the MSDN documentation, the first paragraph says:

Note Before using this function, please read Calling Internal APIs.

Which says that: (I highlighted the important parts)

The Winternl.h header file exposes prototypes of internal Windows APIs. There is no associated import library, so developers must use run-time dynamic linking to call the functions described in this header file.

The functions and structures in Winternl.h are internal to the operating system and subject to change from one release of Windows to the next, and possibly even between service packs for each release. To maintain the compatibility of your application, you should use the equivalent public functions instead. Further information is available in the header file, Winternl.h, and the documentation for each function.

If you do use these functions, you can access them through run-time dynamic linking using LoadLibrary and GetProcAddress. This gives your code an opportunity to respond gracefully if the function has been changed or removed from the operating system. Signature changes, however, may not be detectable.

So you'll have to load the functions you want to use from NtDll.dll before being able to use them.

Here is a non-tested example code sample:

typedef NTSTATUS (__stdcall *NtCreateFile)(
    OUT PHANDLE FileHandle,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_ATTRIBUTES ObjectAttributes,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN PLARGE_INTEGER AllocationSize OPTIONAL,
    IN ULONG FileAttributes,
    IN ULONG ShareAccess,
    IN ULONG CreateDisposition,
    IN ULONG CreateOptions,
    IN PVOID EaBuffer OPTIONAL,
    IN ULONG EaLength
    );

NtCreateFile _NtCreateFile = (NtCreateFile)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtCreateFile");

// You can now use the function
_NtCreateFile(/* params */);

// Don't forget the release the resources

ereOn 2010-06-03 10:18:51

thank you for ur response ereOn,I did like what you suggested but there is again an RunTime error..please check my edit further

kiddo 2010-06-03 11:24:32

@kiddo: Your last error is pretty clear: you try to call a method using another "calling convention" than the one it was compiled for. What if you try one of those in front of your function declaration: `__cdecl`, `__stdcall` (**probably this one**) or `__fastcall` ? I edited my answer to add the interesting part.

ereOn 2010-06-03 12:06:00

it worked,but it didnt receive any filehandle..please assist me if u have knowledge about the function NtCreateFile

kiddo 2010-06-03 12:16:47

@kiddo I never used this function. All I can do is somehow "decipher" the documentation for you and give you general advices. If you really are stuck, I suggest your start a new basic sample project to test this. Once you get it to work, you will be able to compare it with your actual code and find out what is wrong with it.

ereOn 2010-06-03 16:11:15

It worked,thank you for assistance..I appreciate it.

kiddo 2010-06-04 03:46:46

@kiddo: You're welcome :)

ereOn 2010-06-04 06:24:18

hey,ereOn..why dont you give me your e-mail id..we will get in touch...if you are interested

kiddo 2010-06-05 05:35:58

Answer 2

+1 A:

ZwCreateFile is part of the Windows Driver Kit, not the Windows SDK. You would need to install the driver kit. Some macros and types used by NTCreateFile also require WDK headers. That is clearly stated in the documentation on MSDN.

Clifford 2010-06-03 10:29:20

Answer 3

+1 A:

As clearly indicated by the error message, you got the calling convention wrong, you dropped NTAPI. It should be:

typedef NTSTATUS (__stdcall * fp_CreatFile)(
  // etc..
);

Properly initializing myAttributes would normally be important. I don't see you do anything that would warrant calling the undocumented native API function. Stick with CreateFile() as long as you can.

Hans Passant 2010-06-03 11:51:09

yup,it worked..but it didnt do anything..do have any idea about this function..NtcreatFile

kiddo 2010-06-03 12:05:06

The native Windows API is undocumented, I'm not supposed to know anything about it. Surely it did *something*, what's the function return value?

Hans Passant 2010-06-03 12:20:12

its a garbage value..some large negative value

kiddo 2010-06-03 12:25:47

NTSTATUS codes are large values, not garbage. They are listed in the ntstatus.h SDK header file.

Hans Passant 2010-06-03 12:43:45

Answer 4

A:

Several possibilities:

You say the error message is "_NTCreateFile identifier not found". The name of the API is NtCreateFile() (note the lowercase 't'). It's possible that you're simply using the wrong name.
ntifs.h and related link libraries are included in the Windows Driver Kit (WDK), which can be downloaded from here: http://www.microsoft.com/whdc/devtools/wdk/wdkpkg.mspx. You should be able to use the WDK to do what you want a bit more directly than using dynamic linking. but then you generally have to buy into a whole new build system or figure out how to integrate the headers and libraries into your current build.
You can use the dynamic linking technique outlined by ereOn.

Michael Burr 2010-06-03 16:08:15

ansaurus

tags:

views:

answers:

Not able to include ntifs.h in win32 project

related questions