C语言在用户模式使用NT函数_ntsetinformationfile-CSDN博客

本文链接：https://blog.csdn.net/u011311291/article/details/77840923

C语言要使用NT函数并不像使用库函数那么简单，下面介绍一下使用方法，以NtSetInformationFile为例：

#include <windows.h>
#include <stdio.h>

//因为NtSetInformationFile方法要用到FILE_INFORMATION_CLASS的值，所以这里全部枚举出来
//当然你也可以直接使用1,2,3,这样值代替，只是这样定义以后在后面使用更接近使用一般函数一些。
typedef enum _FILE_INFORMATION_CLASS {
    FileDirectoryInformation = 1,
    FileFullDirectoryInformation,
    FileBothDirectoryInformation,
    FileBasicInformation,
    FileStandardInformation,
    FileInternalInformation,
    FileEaInformation,
    FileAccessInformation,
    FileNameInformation,
    FileRenameInformation,
    FileLinkInformation,
    FileNamesInformation,
    FileDispositionInformation,
    FilePositionInformation,
    FileFullEaInformation,
    FileModeInformation,
    FileAlignmentInformation,
    FileAllInformation,
    FileAllocationInformation,
    FileEndOfFileInformation,
    FileAlternateNameInformation,
    FileStreamInformation,
    FilePipeInformation,
    FilePipeLocalInformation,
    FilePipeRemoteInformation,
    FileMailslotQueryInformation,
    FileMailslotSetInformation,
    FileCompressionInformation,
    FileObjectIdInformation,
    FileCompletionInformation,
    FileMoveClusterInformation,
    FileQuotaInformation,
    FileReparsePointInformation,
    FileNetworkOpenInformation,
    FileAttributeTagInformation,
    FileTrackingInformation,
    FileIdBothDirectoryInformation,
    FileIdFullDirectoryInformation,
    FileValidDataLengthInformation,
    FileShortNameInformation,
    FileIoCompletionNotificationInformation,
    FileIoStatusBlockRangeInformation,
    FileIoPriorityHintInformation,
    FileSfioReserveInformation,
    FileSfioVolumeInformation,
    FileHardLinkInformation,
    FileProcessIdsUsingFileInformation,
    FileNormalizedNameInformation,
    FileNetworkPhysicalNameInformation,
    FileIdGlobalTxDirectoryInformation,
    FileIsRemoteDeviceInformation,
    FileAttributeCacheInformation,
    FileNumaNodeInformation,
    FileStandardLinkInformation,
    FileRemoteProtocolInformation,
    FileMaximumInformation
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;

typedef struct _IO_STATUS_BLOCK {
    union {
        NTSTATUS Status;
        PVOID    Pointer;
    };
    ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

typedef struct _FILE_DISPOSITION_INFORMATION {
    BOOLEAN DeleteFile;
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;

//声明一个与NtSetInformationFile一样的方法，这些方法参数可以参考MSDN
typedef NTSTATUS(__stdcall *NtSetInformationFile)(
    HANDLE FileHandle,
    PIO_STATUS_BLOCK IoStatusBlock,
    PVOID FileInformation,
    ULONG Length,
    FILE_INFORMATION_CLASS FileInformationClass
    );

int main()
{
    FILE_DISPOSITION_INFORMATION  fi = { 1 };
    IO_STATUS_BLOCK bs = { 0 };
    //想要删除文件，必须要有delete权限，即STANDARD_RIGHTS_ALL，DELETE
    //HANDLE hfile = CreateFileA("c:\\Hello.txt", GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
    HANDLE hfile = CreateFileA("c:\\Hello.txt", STANDARD_RIGHTS_ALL, 0, NULL, OPEN_EXISTING, 0, NULL);
    //HANDLE hfile = CreateFileA("c:\\Hello.txt", DELETE, 0, NULL, OPEN_EXISTING, 0, NULL);
    if (hfile == INVALID_HANDLE_VALUE)
    {
        printf("open file failed !");

    }
    //获取NtSetInformationFile
    NtSetInformationFile ntSetInformationFile;
    ntSetInformationFile = (NtSetInformationFile)GetProcAddress(LoadLibrary(L"ntdll.dll"), "NtSetInformationFile");
    //使用NtSetInformationFile，参数如果本地没有，就自己声明定义就自己填上，方法和NtSetInformationFile是一样的
    ntSetInformationFile(hfile, &bs, &fi, 1, FileDispositionInformation);//handle要有删除权限
    CloseHandle(hfile);

    getchar();
    return 0;
}