search

nixawk / Awesome-Windows-Debug

Debug Windows Application / Kernel
81 stars 34 forks source link

[Dev] Windows Kernel - STRING #10

Open nixawk opened 7 years ago

nixawk commented 7 years ago 
RtlCopyBytes
RtlCopyMemory
RtlCopyString
RtlCopyUnicodeString
RtlCreateRegistryKey
RtlCreateSecurityDescriptor
RtlDeleteRegistryValue
RtlDowncaseUnicodeChar
RtlEqualMemory
RtlEqualString
RtlEqualUnicodeString
RtlFillMemory
RtlFindClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
RtlFindFirstRunClear
RtlFindLastBackwardRunClear
RtlFindLeastSignificantBit
RtlFindLongestRunClear
RtlFindMostSignificantBit
RtlFindNextForwardRunClear
RtlFindSetBits
RtlFindSetBitsAndClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGetEnabledExtendedFeatures
RtlGetVersion
RtlGUIDFromString
RtlHashUnicodeString
RtlInitAnsiString
RtlInitializeBitMap
RtlInitString
RtlInitStringEx
RtlInitUnicodeString
RtlInt64ToUnicodeString
RtlIntegerToUnicodeString
RtlIntPtrToUnicodeString
RtlIoDecodeMemIoResource
RtlIoEncodeMemIoResource
RtlIsNtDdiVersionAvailable
RtlIsServicePackVersionInstalled
RtlLengthSecurityDescriptor
RtlMapGenericMask
RtlMoveMemory
RtlNumberOfClearBits
RtlNumberOfSetBits
RtlNumberOfSetBitsUlongPtr
RtlPrefetchMemoryNonTemporal
RtlPrefixUnicodeString
RtlQueryRegistryValues
RtlRunOnceBeginInitialize
RtlRunOnceComplete
RtlRunOnceExecuteOnce
RtlRunOnceInitialize
RtlSecureZeroMemory
RtlSetAllBits
RtlSetBit
RtlSetBits
RtlSetDaclSecurityDescriptor
RtlStringFromGUID
RtlTestBit
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlUlongByteSwap
RtlUlonglongByteSwap
RtlUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnicodeToUTF8N
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
RtlUpperChar
RtlUpperString
RtlUshortByteSwap
RtlUTF8ToUnicodeN
RtlValidRelativeSecurityDescriptor
RtlValidSecurityDescriptor
RtlVerifyVersionInfo
RtlVolumeDeviceToDosName
RtlWriteRegistryValue
RtlxAnsiStringToUnicodeSize
RtlxUnicodeStringToAnsiSize
RtlZeroMemory

RtlInitUnicodeString

UNICODE_STRING str = {0};
RtlInitUnicodeString(&str, L"[*] Hello Driver");
DbgPrint("%wZ\r\n", str);
nixawk commented 7 years ago

RtlInitEmptyUnicodeString && RtlCopyUnicodeString

UNICODE_STRING src = RTL_CONSTANT_STRING(L"SOURCE STRING");
UNICODE_STRING dst;

WCHAR dst_buf[256];  // Only store 256 bytes.

RtlInitEmptyUnicodeString(&dst, dst_buf, 256 * sizeof(WCHAR));
RtlCopyUnicodeString(&dst, &src);

References

  1. https://msdn.microsoft.com/en-us/library/windows/hardware/ff561817(v=vs.85).aspx
nixawk commented 7 years ago

RtlAppendUnicodeToString

UNICODE_STRING src = RTL_CONSTANT_STRING(L"SOURCE STRING");
UNICODE_STRING dst;

WCHAR dst_buf[256];  // Only store 256 bytes.
NTSTATUS ntstatus;

RtlInitEmptyUnicodeString(&dst, dst_buf, 256 * sizeof(WCHAR));
RtlCopyUnicodeString(&dst, &src);

ntstatus = RtlAppendUnicodeToString(&dst, L"APPEND STRING");
if (NT_SUCCESS(ntstatus))
    DbgPrint("Append String Successfully! \r\n");