Awesome-Windows-Debug icon indicating copy to clipboard operation
Awesome-Windows-Debug copied to clipboard

Published 20 hours ago verified publisher icon nixawk

[Dev] Windows Kernel - STRING

Open nixawk opened this issue 8 years ago • 2 comments
trafficstars 

RtlCopyBytes
RtlCopyMemory
RtlCopyString
RtlCopyUnicodeString
RtlCreateRegistryKey
RtlCreateSecurityDescriptor
RtlDeleteRegistryValue
RtlDowncaseUnicodeChar
RtlEqualMemory
RtlEqualString
RtlEqualUnicodeString
RtlFillMemory
RtlFindClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
RtlFindFirstRunClear
RtlFindLastBackwardRunClear
RtlFindLeastSignificantBit
RtlFindLongestRunClear
RtlFindMostSignificantBit
RtlFindNextForwardRunClear
RtlFindSetBits
RtlFindSetBitsAndClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGetEnabledExtendedFeatures
RtlGetVersion
RtlGUIDFromString
RtlHashUnicodeString
RtlInitAnsiString
RtlInitializeBitMap
RtlInitString
RtlInitStringEx
RtlInitUnicodeString
RtlInt64ToUnicodeString
RtlIntegerToUnicodeString
RtlIntPtrToUnicodeString
RtlIoDecodeMemIoResource
RtlIoEncodeMemIoResource
RtlIsNtDdiVersionAvailable
RtlIsServicePackVersionInstalled
RtlLengthSecurityDescriptor
RtlMapGenericMask
RtlMoveMemory
RtlNumberOfClearBits
RtlNumberOfSetBits
RtlNumberOfSetBitsUlongPtr
RtlPrefetchMemoryNonTemporal
RtlPrefixUnicodeString
RtlQueryRegistryValues
RtlRunOnceBeginInitialize
RtlRunOnceComplete
RtlRunOnceExecuteOnce
RtlRunOnceInitialize
RtlSecureZeroMemory
RtlSetAllBits
RtlSetBit
RtlSetBits
RtlSetDaclSecurityDescriptor
RtlStringFromGUID
RtlTestBit
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlUlongByteSwap
RtlUlonglongByteSwap
RtlUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnicodeToUTF8N
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
RtlUpperChar
RtlUpperString
RtlUshortByteSwap
RtlUTF8ToUnicodeN
RtlValidRelativeSecurityDescriptor
RtlValidSecurityDescriptor
RtlVerifyVersionInfo
RtlVolumeDeviceToDosName
RtlWriteRegistryValue
RtlxAnsiStringToUnicodeSize
RtlxUnicodeStringToAnsiSize
RtlZeroMemory

RtlInitUnicodeString

UNICODE_STRING str = {0};
RtlInitUnicodeString(&str, L"[*] Hello Driver");
DbgPrint("%wZ\r\n", str);

nixawk avatar Sep 04 '17 23:09 nixawk

RtlInitEmptyUnicodeString && RtlCopyUnicodeString

UNICODE_STRING src = RTL_CONSTANT_STRING(L"SOURCE STRING");
UNICODE_STRING dst;

WCHAR dst_buf[256];  // Only store 256 bytes.

RtlInitEmptyUnicodeString(&dst, dst_buf, 256 * sizeof(WCHAR));
RtlCopyUnicodeString(&dst, &src);

References

  1. https://msdn.microsoft.com/en-us/library/windows/hardware/ff561817(v=vs.85).aspx

nixawk avatar Sep 05 '17 00:09 nixawk

RtlAppendUnicodeToString

UNICODE_STRING src = RTL_CONSTANT_STRING(L"SOURCE STRING");
UNICODE_STRING dst;

WCHAR dst_buf[256];  // Only store 256 bytes.
NTSTATUS ntstatus;

RtlInitEmptyUnicodeString(&dst, dst_buf, 256 * sizeof(WCHAR));
RtlCopyUnicodeString(&dst, &src);

ntstatus = RtlAppendUnicodeToString(&dst, L"APPEND STRING");
if (NT_SUCCESS(ntstatus))
    DbgPrint("Append String Successfully! \r\n");

nixawk avatar Sep 05 '17 00:09 nixawk