+- +-

+-User

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+-Stats

Members
Total Members: 131
Latest: meriehileard
New This Month: 1
New This Week: 0
New Today: 0
Stats
Total Posts: 320
Total Topics: 161
Most Online Today: 1
Most Online Ever: 159
(June 29, 2021, 10:20:55 pm)
Users Online
Members: 0
Guests: 1
Total: 1

Author Topic: Native API tutorial  (Read 1685 times)

zwclose7

  • Administrator
  • Full Member
  • *****
  • Posts: 155
  • I love anime and science!
    • View Profile
    • My blog
Native API tutorial
« on: February 09, 2017, 08:52:16 pm »
Native API is a low level API used by Win32 API and some system Windows system processes. However, you can also use Native API in your own application.

In this tutorial, I will show you how to use Native API in Visual Studio 2012. To use Native API, you need ntdll.h and ntdll.lib. ntdll.h is the header file for Native API. It defines the functions and data structures of Native API. ntdll.lib is the import library of ntdll.dll, which export the Native API functions.

First, copy ntdll.h and ntdll.lib to your project directory, then include the header and link to ntdll.lib.

To include ntdll.h, add the following code to your application:

Code: [Select]
#include "ntdll.h"
To link to ntdll.lib, add the following code to your application:

Code: [Select]
#pragma comment(lib,"ntdll.lib")
That's all you need for using Native API. Here is an example application that uses Native API functions to get the current system uptime.

Example

Code: [Select]
#include <stdio.h>
#include <Windows.h>
#include "ntdll.h"

#pragma comment(lib,"ntdll.lib")

int main()
{
NTSTATUS status;
SYSTEM_TIMEOFDAY_INFORMATION TimeOfDay;

LONGLONG Uptime;

status=NtQuerySystemInformation(SystemTimeOfDayInformation,&TimeOfDay,sizeof(SYSTEM_TIMEOFDAY_INFORMATION),NULL);

if(!NT_SUCCESS(status))
{
printf("Error: NtQuerySystemInformation failed with status %#x",status);
return 0;
}

Uptime=(TimeOfDay.CurrentTime.QuadPart-TimeOfDay.BootTime.QuadPart)/10000000; // Calculate the system uptime and convert it from 100 nanoseconds intervals to seconds

printf("System uptime: %llu days, %02llu:%02llu:%02llu",Uptime/86400,(Uptime/3600) % 24,(Uptime/60) % 60,Uptime % 60); // Show the uptime
return 0;
}

References

Native API functions and structures:
https://undocumented.ntinternals.net/

NtQuerySystemInformation structures:
http://www.exploit-monday.com/2013/06/undocumented-ntquerysysteminformation.html

Downloads

ntdll.h and ntdll.lib download:
http://www.mediafire.com/file/gj2inoktf6v9qii/ntdll.zip
« Last Edit: February 09, 2017, 09:02:19 pm by zwclose7 »

Share on Facebook Share on Twitter


hMihaiDavid

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Native API tutorial
« Reply #1 on: January 08, 2019, 02:11:02 am »
I was looking for a nice way to call into ntdll without needing GetProcAddress and defining a function pointer type.
Also the link on ntqsi seems so complete. I'll be using this when I have time to work on cool stuff.

Thanks for sharing! :D :D

I'd like to add to the post (because this added info may not deserve its own one) that if you want to generate the import library (.lib) from a dll it can be done like this:

1. dumpbin /EXPORTS ntdll.dll > ntdll.def
the generated ntdll.def should be a file with the name of all the exports of ntdll.dll, one per line.
2. add the word EXPORTS as a first line to the previously generated file. You can delete the functions whose stub you don't want in your .lib
3. run the following commands from the VC/bin directory of Visual Studio (where link.exe is)
 vcvars32.bat
 lib /def:ntdll.def /out:ntdll.lib

This should spit ntdll.lib and ntdll.exp

The tool IMPLIB from a company called digitalmars can also be used.
« Last Edit: January 08, 2019, 03:10:32 am by hMihaiDavid »

 

+-Recent Topics

Power Blast Keto Reviews by meriehileard
September 12, 2021, 07:38:32 pm

Independent Call Girls in Chandigarh by dilpreetkaur
June 21, 2021, 01:02:52 pm

Hi zwclose7. How to create process by using NT apis? by zwclose7
June 01, 2021, 03:09:52 pm

Poison of the Day by zwclose7
March 16, 2020, 06:45:08 pm

IRC by AzeS
February 17, 2020, 08:18:01 am

Native API tutorial by hMihaiDavid
January 08, 2019, 02:11:02 am

The properties of GP nerve agent by xchg
October 19, 2018, 07:40:57 pm

A new route of synthesis for G-series agents by Basquyatti
October 15, 2018, 06:12:57 am

Synthesis of Methylisobutylcarbinylsarin (GH) by APC process by Basquyatti
October 14, 2018, 07:55:33 am

Synthesis conventional of Sarin by Basquyatti
October 02, 2018, 07:57:32 am