问题描述
我需要使用 NtCreateTransaction 中的 ntdll.h API,像这样在 MSDN 中定义
__kernel_entry NTSYSCALLAPI NTSTATUS NtCreateTransaction(
PHANDLE TransactionHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,LPGUID Uow,HANDLE TmHandle,ULONG CreateOptions,ULONG IsolationLevel,ULONG IsolationFlags,PLARGE_INTEGER Timeout,PUNICODE_STRING Description
);
我已经像这样定义了 node-ffi Library 函数对象
var ffi = require('ffi-napi');
var ref = require('ref-napi');
var union = require('ref-union-di')(ref);
var array = require('ref-array-di')(ref);
var struct = require('ref-struct-di')(ref);
var void_ptr = ref.refType(ref.types.void),PUNICODE_STRING = struct(
{
'Length': ref.types.ushort,'MaximumLength': ref.types.ushort,'Buffer': ref.refType(ref.types.uint16)
}),POBJECT_ATTRIBUTES = struct(
{
'Length': ref.types.ulong,'RootDirectory': void_ptr,'ObjectName': ref.refType(PUNICODE_STRING),'Attributes': ref.types.ulong,'SecurityDescriptor': void_ptr,'SecurityQualityOfService': void_ptr
}),LPGUID = struct(
{
'Data1': ref.types.ulong,'Data2': ref.types.ushort,'Data3': ref.types.ushort,'Data': array(ref.types.uchar,8)
}),PLARGE_INTEGER = union(
{
DUMMYSTRUCTNAME: struct(
{
'LowPart': ref.types.ulong,'HighPart': ref.types.long
}),u: struct(
{
'LowPart': ref.types.ulong,'QuadPart': ref.types.longlong
}),ntdll_lib = ffi.Library('C:\\Windows\\System32\\ntdll.dll',{
'NtCreateTransaction': [
ref.types.long,[
ref.refType(void_ptr),// PHANDLE TransactionHandle
ref.types.ulong,// ACCESS_MASK DesiredAccess
ref.refType(POBJECT_ATTRIBUTES),// POBJECT_ATTRIBUTES ObjectAttributes
ref.refType(LPGUID),// LPGUID Uow
void_ptr,// HANDLE TmHandle
ref.types.ulong,// ULONG CreateOptions
ref.types.ulong,// ULONG IsolationLevel
ref.types.ulong,// ULONG IsolationFlags
ref.refType(PLARGE_INTEGER),// PLARGE_INTEGER Timeout
ref.refType(PUNICODE_STRING),// PUNICODE_STRING Description
]
]
});
在 C 中,API 调用看起来像这样
OBJECT_ATTRIBUTES object_attribs;
memset(&object_attribs,sizeof::OBJECT_ATTRIBUTES);
InitializeObjectAttributes(
&object_attribs,OBJ_INHERIT,0);
void* transaction = 0;
long ret = NtCreateTransaction(&transaction,TRANSACTION_ALL_ACCESS,&object_attribs,0);
我尝试在 NodeJS 中复制相同的格式
var object_attribs = new POBJECT_ATTRIBUTES();
object_attribs.Length = 24;
object_attribs.Attributes = 2; // OBJ_INHERIT
object_attribs.RootDirectory = null;
object_attribs.ObjectName = null;
object_attribs.SecurityDescriptor = null;
object_attribs.SecurityQualityOfService = null;
var transaction_handle = ref.alloc(void_ptr);
var ret = ntdll_lib.NtCreateTransaction(transaction_handle.ref(),2031679 /*TRANSACTION_ALL_ACCESS*/,object_attribs.ref(),null,null);
console.log(ret);
但是,ret 的输出似乎是 -1073741811,它代表 MSDN 中的 STATUS_INVALID_ParaMETER 错误代码。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)