A forum for reverse engineering, OS internals and malware analysis 

problem in using NtSetInformationFile

Forum for discussion about user-mode development.

problem in using NtSetInformationFile

 #7008  by noppy
 Fri Jul 01, 2011 4:19 pm
hello
I have problem in using NtSetInformationFile function, it always return C0000003 error, when I try to set hidden attrib to a file
anybody can help me to understand why this code doesn't work.
Code: Select all
#include <windows.h>
#include <stdio.h>
#include "myntdll.h"

#pragma comment(lib, "C:\\WinDDK\\7600.16385.0\\lib\\win7\\i386\\ntdll.lib")

int main()
{
	HANDLE hFile;
	OBJECT_ATTRIBUTES fileObj;
	IO_STATUS_BLOCK IoStack;
	UNICODE_STRING ObjectName;
	NTSTATUS NtStatus;

	RtlInitUnicodeString(&ObjectName, L"\\DosDevices\\C:\\file.txt");
	memset(&fileObj, 0, sizeof(OBJECT_ATTRIBUTES));
	fileObj.Length = sizeof(OBJECT_ATTRIBUTES);
	fileObj.ObjectName = &ObjectName;
	fileObj.Attributes = OBJ_CASE_INSENSITIVE;

	NtStatus = NtCreateFile(&hFile, 
		GENERIC_WRITE, 
		&fileObj, 
		&IoStack,
		0, 
		FILE_ATTRIBUTE_NORMAL, 
		FILE_SHARE_READ | FILE_SHARE_WRITE, 
		FILE_CREATE, 
		0, 
		NULL, 
		0);

	if ( NT_ERROR(NtStatus) ){
		fprintf(stderr, "cannot open file - error code: %x\n", NtStatus);
		exit(1);
	}

	FILE_ATTRIBUTE_TAG_INFORMATION fileAttrib = {0};
	fileAttrib.FileAttributes = FILE_ATTRIBUTE_HIDDEN;
	//memset(&IoStack, 0, sizeof(IO_STATUS_BLOCK));
	NtStatus = NtSetInformationFile(hFile, 
		&IoStack, 
		&fileAttrib,	
		sizeof(FILE_ATTRIBUTE_TAG_INFORMATION), 
		FileAttributeTagInformation);

	if ( NT_ERROR(NtStatus) ){
		NtClose(hFile);
		fprintf(stderr, "cannot set file attrib - error code: %x\n", NtStatus);
		exit(1);
	}

	NtClose(hFile);

	return 0;
}
thanks

Re: problem in using NtSetInformationFile

 #7010  by EP_X0FF
 Fri Jul 01, 2011 4:45 pm
It's completely incorrect.

http://msdn.microsoft.com/en-us/library ... 85%29.aspx
The FILE_ATTRIBUTE_TAG_INFORMATION structure is used as an argument to ZwQueryInformationFile.
Code: Select all
BOOL SetFileAttributes(LPCWSTR lpFileName,
		   DWORD dwFileAttributes)
{
FILE_BASIC_INFORMATION FileInformation;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING FileName;
HANDLE FileHandle;
NTSTATUS Status;

 if (!RtlDosPathNameToNtPathName_U (lpFileName,
				     &FileName,
				     NULL,
				     NULL))
      return FALSE;

  InitializeObjectAttributes (&ObjectAttributes,
			      &FileName,
			      OBJ_CASE_INSENSITIVE,
			      NULL,
			      NULL);

  Status = NtOpenFile (&FileHandle,
		       SYNCHRONIZE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES,
		       &ObjectAttributes,
		       &IoStatusBlock,
		       FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
		       FILE_SYNCHRONOUS_IO_NONALERT);
  RtlFreeUnicodeString (&FileName);
  if (!NT_SUCCESS (Status))
      return FALSE;

  Status = NtQueryInformationFile(FileHandle,
				  &IoStatusBlock,
				  &FileInformation,
				  sizeof(FILE_BASIC_INFORMATION),
				  FileBasicInformation);
  if (!NT_SUCCESS(Status)) {
      NtClose (FileHandle);
      return FALSE;
  }

  FileInformation.FileAttributes = dwFileAttributes;
  Status = NtSetInformationFile(FileHandle,
				&IoStatusBlock,
				&FileInformation,
				sizeof(FILE_BASIC_INFORMATION),
				FileBasicInformation);
  NtClose (FileHandle);
  if (!NT_SUCCESS(Status))
      return FALSE;

   return TRUE;
}
 Return to “User-Mode Development”