Converting the following code from the following code to asm is really hard for me
.....................................................

//ntdef.h

typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
typedef const UNICODE_STRING *PCUNICODE_STRING;
#define UNICODE_NULL ((WCHAR)0) // winnt

//
// Object Attributes structure
//

typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;

.....................................................
//************My c++ code here************

VOID SomeFunction()
{

HANDLE hSection=NULL;
NTSTATUS status;
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING objName;
CALLGATE_DESCRIPTOR *cg;

status = STATUS_SUCCESS;

RtlInitUnicodeString(&objName,L"\\Device\\PhysicalMemory");

InitializeObjectAttributes(&objectAttributes,
&objName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
(PSECURITY_DESCRIPTOR) NULL);

status = ZwOpenSection(&hSection,SECTION_MAP_READ|SECTION_MAP_WRITE,&objectAttributes);
.......................................................................................
.......................................................................................
.......................................................................................

}
_____________________________________________

I defined the following structs in asm.

UNICODE_STRING STRUCT
Leng dw ?
MaximumLength dw ?
Buffer dd ?
UNICODE_STRING ENDS

OBJECT_ATTRIBUTES STRUCT
Leng dd ?
RootDirectory dd ?
ObjectName dd ?
Attributes dd ?
SecurityDescriptor dd ?
SecurityQualityOfService dd ?
OBJECT_ATTRIBUTES ENDS

;**********My asm code here**************
.data
ObjName UNICODE_STRING <>
ObjAtt OBJECT_ATTRIBUTES <>
AnObjName db "\\Device\\PhysicalMemory",0
UnObjName dw 50 dup (0)


.code
Go:
invoke MultiByteToWideChar,0,0,addr AnObjName,-1,addr UnObjName,50

;****InitializeObjName*****

invoke RtlInitUnicodeString,addr ObjName,addr UnObjName

;****InitializeObjectAttributes*****

mov ObjAtt.Leng,sizeof OBJECT_ATTRIBUTES
mov ObjAtt.RootDirectory,NULL
mov eax,OBJ_CASE_INSENSITIVE
or eax,OBJ_KERNEL_HANDLE
mov ObjAtt.Attributes ,eax
mov ObjAtt.ObjectName,offset ObjName
mov ObjAtt.SecurityDescriptor,NULL
mov ObjAtt.SecurityQualityOfService ,NULL

invoke ZwOpenSection,addr hSection,SECTION_MAP_READ or SECTION_MAP_WRITE,addr ObjAtt

....................................
end go

All things work well before i run the exe, I find the returned value of ZwOpenSection is 0x80000002 (=STATUS_DATATYPE_MISALIGNMENT), I wonder how this happened.
Posted on 2003-01-15 12:31:39 by cnambiman