Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Workshop => Topic started by: Finder on January 18, 2010, 05:07:47 AM

Title: Help About CreateFile function
Post by: Finder on January 18, 2010, 05:07:47 AM
Hi,everyone
    Drivers were detected using FileMon, CreateFile function, what is wrong with it, the return value is always FFFFFFFF
                     .386
    .model flat,stdcall
    option casemap:none
include    windows.inc
include    user32.inc
includelib  user32.lib
include    kernel32.inc
includelib     kernel32.lib
    .const
szFileMon       db      '\\.\FILEMON701',0
szCaption       db      'Results",0
szFound         db      'Detected FileMon',0
szNotFound      db      'Not Found FileMon',0
    .code
start:          invoke  CreateFile,addr szFileMon,GENERIC_READ,\
                        FILE_SHARE_READ or FILE_SHARE_WRITE,NULL,\
                        OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
                .if     eax != INVALID_HANDLE_VALUE
                  invoke  CloseHandle,eax
                  invoke  MessageBox,NULL,addr szFound,addr szCaption,MB_OK
                .else
                  invoke  MessageBox,NULL,addr szNotFound,addr szCaption,MB_OK
                .endif
               invoke  ExitProcess,NULL
    end  start
Title: Re: Help About CreateFile function
Post by: BlackVortex on January 18, 2010, 05:54:35 AM
You don't like FileMon ?   :toothy

Anyway, use GetLastError for more info (it may be a permissions problem)
Text only | Text with Images