Sample code to open a file by its file-id. Had to use it for some tests and thought it might be useful for other people out there.<\/p>\n
\r\n#include windows.h\r\n\r\ntypedef ULONG (__stdcall *pNtCreateFile)(\r\n PHANDLE FileHandle,\r\n ULONG DesiredAccess,\r\n PVOID ObjectAttributes,\r\n PVOID IoStatusBlock,\r\n PLARGE_INTEGER AllocationSize,\r\n ULONG FileAttributes,\r\n ULONG ShareAccess,\r\n ULONG CreateDisposition,\r\n ULONG CreateOptions,\r\n PVOID EaBuffer,\r\n ULONG EaLength\r\n);\r\n\r\ntypedef ULONG (__stdcall *pNtReadFile)(\r\n\tIN HANDLE FileHandle,\r\n\tIN HANDLE Event OPTIONAL,\r\n\tIN PVOID ApcRoutine OPTIONAL,\r\n\tIN PVOID ApcContext OPTIONAL,\r\n\tOUT PVOID IoStatusBlock,\r\n\tOUT PVOID Buffer,\r\n\tIN ULONG Length,\r\n\tIN PLARGE_INTEGER ByteOffset OPTIONAL,\r\n\tIN PULONG Key OPTIONAL );\r\n\r\ntypedef struct _UNICODE_STRING {\r\n\tUSHORT Length, MaximumLength;\r\n\tPWCH Buffer;\r\n} UNICODE_STRING, *PUNICODE_STRING;\r\n\r\ntypedef struct _OBJECT_ATTRIBUTES {\r\n ULONG Length;\r\n HANDLE RootDirectory;\r\n PUNICODE_STRING ObjectName;\r\n ULONG Attributes;\r\n PVOID SecurityDescriptor; \/\/ Points to type SECURITY_DESCRIPTOR\r\n PVOID SecurityQualityOfService; \/\/ Points to type SECURITY_QUALITY_OF_SERVICE\r\n} OBJECT_ATTRIBUTES;\r\n\r\n#define InitializeObjectAttributes( p, n, a, r, s ) { \\\r\n (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \\\r\n (p)->RootDirectory = r; \\\r\n (p)->Attributes = a; \\\r\n (p)->ObjectName = n; \\\r\n (p)->SecurityDescriptor = s; \\\r\n (p)->SecurityQualityOfService = NULL; \\\r\n }\r\n\r\n#define OBJ_CASE_INSENSITIVE\t\t\t\t\t0x00000040L\r\n#define FILE_NON_DIRECTORY_FILE 0x00000040\r\n#define FILE_OPEN_BY_FILE_ID 0x00002000\r\n#define FILE_OPEN\t\t\t\t\t\t\t\t0x00000001\r\n\r\nint main(int argc, char* argv[])\r\n{\r\n\tHANDLE d = CreateFile(L\"\\\\\\\\.\\\\c:\", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0 );\r\n\tBY_HANDLE_FILE_INFORMATION i;\r\n\tHANDLE f = CreateFile(L\"c:\\\\bla.bla\", GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);\r\n\tULONG bla;\r\n\tWriteFile(f, \"helloworld\", 11, &bla, NULL);\r\n\tprintf(\"%x, %d\\n\", f, GetLastError());\r\n\tGetFileInformationByHandle(f, &i);\r\n\tprintf(\"id:%08x-%08x\\n\", i.nFileIndexHigh, i.nFileIndexLow);\r\n\tCloseHandle(f);\r\n\r\n\tpNtCreateFile NtCreatefile = (pNtCreateFile)GetProcAddress(GetModuleHandle(L\"ntdll.dll\"), \"NtCreateFile\");\r\n\tpNtReadFile NtReadFile = (pNtReadFile)GetProcAddress(GetModuleHandle(L\"ntdll.dll\"), \"NtReadFile\");\r\n\r\n\tULONG fid[2] = {i.nFileIndexLow, i.nFileIndexHigh};\r\n\tUNICODE_STRING fidstr = {8, 8, (PWSTR) fid};\r\n\r\n\tOBJECT_ATTRIBUTES oa = {0};\r\n InitializeObjectAttributes (&oa, &fidstr, OBJ_CASE_INSENSITIVE, d, NULL);\r\n\r\n ULONG iosb[2];\r\n ULONG status = NtCreatefile(&f, GENERIC_ALL, &oa, iosb, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_OPEN_BY_FILE_ID | FILE_NON_DIRECTORY_FILE, NULL, 0);\r\n\tprintf(\"status: %X, handle: %x\\n\", status, f);\r\n\tUCHAR buf[11] = {0};\r\n\tLONG Off[2] = {0};\r\n\tstatus = NtReadFile(f, NULL, NULL, NULL, (PVOID)&iosb, (PVOID)buf, sizeof(buf), (PLARGE_INTEGER)&Off, NULL);\r\n\tprintf(\"status: %X, bytes: %d\\n\", status, iosb[1]);\r\n\tprintf(\"buf: %s\\n\", buf);\r\n\tCloseHandle(f);\r\n\tCloseHandle(d);\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Sample code to open a file by its file-id. Had to use it for some tests and thought it might be useful for other people out there. #include windows.h typedef ULONG (__stdcall *pNtCreateFile)( PHANDLE FileHandle, ULONG DesiredAccess, PVOID ObjectAttributes, PVOID IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":""},"categories":[11,7],"tags":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbWKd-30","_links":{"self":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/186"}],"collection":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=186"}],"version-history":[{"count":4,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/186\/revisions"}],"predecessor-version":[{"id":224,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/186\/revisions\/224"}],"wp:attachment":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}