// test_rtl.cpp : Test for some Rtl*() APIs in ntdll.dll // #include #include #include #include typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _RTLP_CURDIR_REF { LONG RefCount; HANDLE Handle; } RTLP_CURDIR_REF, *PRTLP_CURDIR_REF; typedef struct _RTL_RELATIVE_NAME_U { UNICODE_STRING RelativeName; HANDLE ContainingDirectory; PRTLP_CURDIR_REF CurDirRef; } RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U; typedef BOOLEAN (NTAPI* PRTL_DOSPATHNAME_TO_NTPATHNAME_U)(IN PCWSTR DosName, OUT PUNICODE_STRING NtName, OUT PCWSTR *PartName, OUT PRTL_RELATIVE_NAME_U RelativeName); int _tmain(int argc, _TCHAR* argv[]) { WCHAR FileName[MAX_PATH] = {UNICODE_NULL}; HMODULE hNTDLL = LoadLibrary(TEXT("ntdll.dll")); if (hNTDLL) { PRTL_DOSPATHNAME_TO_NTPATHNAME_U pRtlDosPathNameToNtPathName_U = (PRTL_DOSPATHNAME_TO_NTPATHNAME_U)GetProcAddress(hNTDLL, "RtlDosPathNameToNtPathName_U"); if (pRtlDosPathNameToNtPathName_U) { UNICODE_STRING NtPath, FilePattern; RTL_RELATIVE_NAME_U RelativePath; printf("Enter a path :\n"); _getws_s(FileName, sizeof(FileName)/sizeof(FileName[0])); if (pRtlDosPathNameToNtPathName_U(FileName, &NtPath, (PCWSTR*)&FilePattern.Buffer, &RelativePath)) { printf("RtlDosPathNameToNtPathName_U() called successfully\n"); printf("\tFileName = '%S'\n" "\tNtPath = '%wZ'\n" "\tFilePattern = '%S'\n" "\tRelativePath = '%wZ'\n", FileName, &NtPath, FilePattern.Buffer, &RelativePath.RelativeName); } else { printf("RtlDosPathNameToNtPathName_U() failed\n"); } } else { printf("ERROR: The RtlDosPathNameToNtPathName_U() API doesn't exist in your version of NTDLL.DLL\n"); } FreeLibrary(hNTDLL); } else { printf("ERROR: Cannot load NTDLL.DLL\n"); } _getch(); return 0; }