News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Help About CreateFile function

Started by Finder, January 18, 2010, 05:07:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Finder

January 18, 2010, 05:07:47 AM
Hi,everyone
    Drivers were detected using FileMon, CreateFile function, what is wrong with it, the return value is always FFFFFFFF
                     .386
    .model flat,stdcall
    option casemap:none
include    windows.inc
include    user32.inc
includelib  user32.lib
include    kernel32.inc
includelib     kernel32.lib
    .const
szFileMon       db      '\\.\FILEMON701',0
szCaption       db      'Results",0
szFound         db      'Detected FileMon',0
szNotFound      db      'Not Found FileMon',0
    .code
start:          invoke  CreateFile,addr szFileMon,GENERIC_READ,\
                        FILE_SHARE_READ or FILE_SHARE_WRITE,NULL,\
                        OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
                .if     eax != INVALID_HANDLE_VALUE
                  invoke  CloseHandle,eax
                  invoke  MessageBox,NULL,addr szFound,addr szCaption,MB_OK
                .else
                  invoke  MessageBox,NULL,addr szNotFound,addr szCaption,MB_OK
                .endif
               invoke  ExitProcess,NULL
    end  start

BlackVortex

#1
January 18, 2010, 05:54:35 AM
You don't like FileMon ?   :toothy

Anyway, use GetLastError for more info (it may be a permissions problem)
Print
Go Up Pages1
User actions