Hi folks, I very newbie at programming windows api, and I hope some of you can help me a little with these problems.
I'm trying to make a program which prints out files which are protected by windows with the SfcGetNextProtectedFile command and then output the names to the console with WriteConsole. The code is without any error checking, I debugged the program in ollydbg and found out these errors.
This is my problems:
SfcGetNextProtectedFile returns ERROR_IO_PENDING, I don't know why it do that so I hope you can answer me on this one.
WriteConsole returns ERROR_NOT_ENOUGH_MEMORY, I don't know why it does this either because my memory is not full.
It finds many files as I see them in memory in ollydbg, but it doesn't print them in console.
#sfc_check.asm
Invoke GetStdHandle,STD_OUTPUT_HANDLE
mov hBuffer, eax
mov pfd.FileNumber, 0
roll:
Invoke SfcGetNextProtectedFile,0,addr pfd
cmp eax, 0
jz exit
Invoke WriteConsoleW,hBuffer,addr pfd.FileName,addr pfd.FileName,offset NumOfCharsWritten,0
jmp roll
exit:
Invoke CloseHandle,hBuffer
Invoke ExitProcess,0
#sfc_check.inc
Include windows.inc
Include kernel32.inc
Include shell32.inc
Include sfc.inc
Includelib kernel32.lib
Includelib shell32.lib
Includelib sfc.lib
.data
PROTECTED_FILE_DATA STRUCT
FileName db MAX_PATH dup(0)
FileNumber dd ?
PROTECTED_FILE_DATA ENDS
pfd PROTECTED_FILE_DATA <>
hBuffer DWORD ?
NumOfCharsWritten dd ?
If you wonder why I want to write such a unusable program, I don't know why actually, I just found the function and I wanted to test it.
I'm also adding the RadASM project file so it's a little easier to assemble.
Edit: And the reason because I wrote the PROTECTED_FILE_DATA structure was because I couldn't find it in masm32
[attachment deleted by admin]
I'm sure this doesn't help..
Invoke WriteConsoleW,hBuffer,addr pfd.FileName,addr pfd.FileName,offset NumOfCharsWritten,0
Should it be..?
Invoke lstrlen, addr pfd.FileName
Invoke WriteConsoleW,hBuffer,addr pfd.FileName,eax,offset NumOfCharsWritten,0
Quote from: Tedd on May 31, 2005, 09:45:16 AM
I'm sure this doesn't help..
Invoke WriteConsoleW,hBuffer,addr pfd.FileName,addr pfd.FileName,offset NumOfCharsWritten,0
Should it be..?
Invoke lstrlen, addr pfd.FileName
Invoke WriteConsoleW,hBuffer,addr pfd.FileName,eax,offset NumOfCharsWritten,0
Hehe thanks for taking the time to try figure out the problem, when I read your post and looked at my sourcecode again. I noticed that it was a typing fault from my side..
It should be:
Invoke WriteConsoleW,hBuffer,addr pfd.FileName,sizeof pfd.FileName,offset NumOfCharsWritten,0And this leaves me with another error, but I will try debugging some more and see if I can manage to figure out this new problem.
I f anyone have some time to kill, please download the source and try it out, I can't seem to find why the program behaves like it do.
[attachment deleted by admin]
After some playing around..
I'm not entirely sure it is your code that's the problem :wink
I tried re-writing the whole thing, just to see if there was some tiny invisible problem (see attachment.)
It seems that, depending on which directory you try to run the program from, you may 'lose' access to the console. I tried running it in the same directory as I built it, and it worked fine (though obviously there were no protected files.) But in all other directories I tried, I got no output.
In all cases, you get "Started!" printed (before the call to the sfc function), but then it depends whether or not you get anything else, such as "0 files" :dazzled:
I'm assuming it's something to do with permissions, but I tried running as root and it seems to make no difference. Unless there's something to set for program permissions? :eek
[attachment deleted by admin]
After watching your code I rewrote my own, and I got almost the output which I wanted the only problem is that SfcGetNExtProtectedFile returns the filename in UNICODE. So I need a macro or function which can convert the string into a string without the zero words between the characters. I don't know any macros or functions that does this.
[attachment deleted by admin]
I coded a version using a different structure definition and output function, and it seems to work just as it should, regardless of where I run it.
; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
.486 ; create 32 bit code
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
include \masm32\include\sfc.inc
include \masm32\include\msvcrt.inc
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\sfc.lib
includelib \masm32\lib\msvcrt.lib
include \masm32\macros\macros.asm
_PROTECTED_FILE_DATA STRUCT
FileName WORD MAX_PATH dup(?)
FileNumber DWORD ?
_PROTECTED_FILE_DATA ENDS
; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
.data
pfd _PROTECTED_FILE_DATA <>
count dd 0
.code
; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
start:
; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
.REPEAT
invoke SfcGetNextProtectedFile, NULL, ADDR pfd
.IF eax
invoke crt__putws, ADDR pfd.FileName
inc count
.ELSE
invoke GetLastError
.IF eax != ERROR_NO_MORE_FILES
mov ebx, eax
print chr$("unexpected error ")
print ustr$(ebx),13,10
.ENDIF
.BREAK
.ENDIF
.UNTIL 0
print chr$("total files : ")
print ustr$(count),13,10
mov eax, input(13,10,"Press enter to exit...")
exit
; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
end start
On my Windows 2000 SP4 system it returns 2459 files.