Overwrite a file using WinAPI functions VB.NET

Ask your beginner questions here.
Post Reply
hackr8
Posts: 33
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Wed Mar 27, 2019 8:32 pm

One of my friends and I have been trying to learn more about API calls. At first, we successfully used DeleteFileW to delete files. Then, we tried to call CreateFile and WriteFile from kernel32.dll to overwrite a file. We were trying for a long time, to no avail. We looked for more information on this topic in websites like the microsoft page https://docs.microsoft.com/en-us/dotnet ... ndows-apis
and pinvoke.net , but we got confused. Can somebody say how it's done and help us understand it? Thanks in advance.
My forum: hackrhouse.freeforums.net
User avatar
EP_X0FF
Global Moderator
Posts: 4903
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Thu Mar 28, 2019 4:38 am

It depends on how you open this file with CreateFile, dwDesiredAccess, dwShareMode and dwCreationDisposition parameters. Show your code.
Ring0 - the source of inspiration
hackr8
Posts: 33
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Thu Mar 28, 2019 1:54 pm

Please remember that I want to replace the bytes of the file with null (basically overwrite the file)
I tried the following code with a bit of modification:

Code: Select all

Imports System.IO
Imports System
Imports System.Runtime.InteropServices
Public Class Form
    Private Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
                     Dim b(*numberofbytestooverwrite) As Byte
                    Dim H1 As Microsoft.Win32.SafeHandles.SafeFileHandle = CreateFileW("*filepathhere", "GENERIC_ALL", "FILE_SHARE_READ | FILE_SHARE_WRITE", "NULL", "OPEN_EXISTING", "NULL", "NULL")
                    Dim Retval As Boolean = WriteFile(H1, b, *numberofbytestooverwrite, "NULL", "NULL")
                End Sub
    <DllImport("KERNEL32.DLL", EntryPoint:="CreateFileW", SetLastError:=True, CharSet:=CharSet.Unicode, ExactSpelling:=True, CallingConvention:=CallingConvention.StdCall)> _
    Public Shared Function CreateFileW(ByVal name , ByVal dwDesiredAccess , ByVal dwShareMode , ByVal lpSecurityAttributes , ByVal dwCreationDisposition , ByVal dwFlagsAndAttributes , ByVal hTemplateFile) As Microsoft.Win32.SafeHandles.SafeFileHandle
    End Function
    <DllImport("KERNEL32.DLL", EntryPoint:="WriteFile", SetLastError:=True, CharSet:=CharSet.Unicode, ExactSpelling:=True, CallingConvention:=CallingConvention.StdCall)> _
    Public Shared Function WriteFile(ByVal hFile As Microsoft.Win32.SafeHandles.SafeFileHandle, ByVal lpBuffer, ByVal nNumberOfBytesToWrite, ByVal lpNumberOfBytesWritten, ByVal lpOverlapped) As Boolean
        End Function
End Class
My forum: hackrhouse.freeforums.net
User avatar
EP_X0FF
Global Moderator
Posts: 4903
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Thu Mar 28, 2019 2:12 pm

CreateFileW("*filepathhere", "GENERIC_ALL", "FILE_SHARE_READ | FILE_SHARE_WRITE", "NULL", "OPEN_EXISTING", "NULL", "NULL")

Repalce GENERIC_ALL with GENERIC_WRITE
FILE_SHARE_READ | FILE_SHARE_WRITE with 0


or if
want to replace the bytes of the file with null (basically overwrite the file)
simple use
CreateFile(FilePath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);

WriteFile is not required because file will be always recreated with 0 size.
Ring0 - the source of inspiration
hackr8
Posts: 33
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Thu Mar 28, 2019 2:14 pm

Ok i will try it ASAP. Thanks!
My forum: hackrhouse.freeforums.net
hackr8
Posts: 33
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Thu Mar 28, 2019 2:50 pm

I didn't quite work. Am I doing something wrong? Please help.
I tried it like this:

Code: Select all

Imports System.IO
Imports System
Imports System.Runtime.InteropServices
Public Class Form
    Private Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        If CheckBox1.Checked = True Then
            Dim H1 As Microsoft.Win32.SafeHandles.SafeFileHandle =  _ 
            CreateFileW("C:\Users\User\Desktop\dummy.txt", _
             "GENERIC_WRITE", 0, "NULL", "CREATE_ALWAYS", 0, "NULL")
        End If
    End Sub
    <DllImport("KERNEL32.DLL", EntryPoint:="CreateFileW", SetLastError:=True, CharSet:=CharSet.Unicode, ExactSpelling:=True, CallingConvention:=CallingConvention.StdCall)> _
    Public Shared Function CreateFileW(ByVal name, ByVal dwDesiredAccess, ByVal dwShareMode, ByVal lpSecurityAttributes, ByVal dwCreationDisposition, ByVal dwFlagsAndAttributes, ByVal hTemplateFile) As Microsoft.Win32.SafeHandles.SafeFileHandle
    End Function
End Class
My forum: hackrhouse.freeforums.net
User avatar
EP_X0FF
Global Moderator
Posts: 4903
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Thu Mar 28, 2019 3:17 pm

Your VB prototypes are wrong I guess.

Try this one (it is also not 100% correct, but enough for example). Set path to your file.

Code: Select all

    <DllImport("KERNEL32.DLL", EntryPoint:="CreateFileW", SetLastError:=True, CharSet:=CharSet.Unicode, ExactSpelling:=True, CallingConvention:=CallingConvention.StdCall)>
    Public Shared Function CreateFileW(
                                      ByVal lpFileName As String,
                                      ByVal dwDesiredAccess As Integer,
                                      ByVal dwShareMode As Integer,
                                      ByVal lpSecurityAttributes As IntPtr,
                                      ByVal dwCreationDisposition As Integer,
                                      ByVal dwFlagsAndAttributes As Integer,
                                      ByVal hTemplateFile As Integer) As Microsoft.Win32.SafeHandles.SafeFileHandle
    End Function

Code: Select all

        Dim H1 As Microsoft.Win32.SafeHandles.SafeFileHandle =
            CreateFileW("C:\Test\dummy.txt",
            &H40000000,
            0,
            IntPtr.Zero,
            2,
            0,
            0)
Ring0 - the source of inspiration
hackr8
Posts: 33
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Thu Mar 28, 2019 3:30 pm

Oh, I see what you did there. I never thought of that.
how does &H40000000 work as an integer, though?
BTW, Thanks for the help.
My forum: hackrhouse.freeforums.net
User avatar
EP_X0FF
Global Moderator
Posts: 4903
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Thu Mar 28, 2019 3:31 pm

hackr8 wrote:
Thu Mar 28, 2019 3:30 pm
Oh, I see what you did there. I never thought of that.
how does &H40000000 work as an integer, though?
BTW, Thanks for the help.
It is hexademical representation of GENERIC_WRITE constant (0x40000000).
https://docs.microsoft.com/en-us/dotnet ... characters
Ring0 - the source of inspiration
hackr8
Posts: 33
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Thu Mar 28, 2019 3:50 pm

BTW, it worked perfectly on a dummy after slight modifications (fixed the indentations).
Thanks!
My forum: hackrhouse.freeforums.net
Post Reply