Nt_Trans_* - Routine

666VIP1

1. .版本 2
   
2. 
   
3. .局部变量 unicode1_STRING, 长整数型
   
4. .局部变量 unicode2_STRING, 长整数型
   
5. .局部变量 unicode3_STRING, 长整数型
   
6. .局部变量 ansi
   
7. .局部变量 ansi_STRING, 长整数型
   
8. .局部变量 ret
   
9. .局部变量 unicode
   
10. .局部变量 a
    
11. .局部变量 b
    
12. .局部变量 c
    
13. 
    
14. ansi ＝ Asm_GetDataH (“Administrator”)
    
15. 
    
16. Asm_writeWord_1 (ansi_STRING, Asm_len (ansi))
    
17. Asm_writeWord__1 (ansi_STRING, 2, Asm_len (ansi) ＋ 1)
    
18. Asm_writeDword__1 (ansi_STRING, 4, ansi)
    
19. 
    
20. ' 调试输出 (到字节集 (“我”))
    
21. ' 调试输出 (到字节集 (Nt_Trans_RtlAnsiCharToUnicodeChar (Asm_GetH (Asm_GetH (取字节集数据 (到字节集 (“我”), #短整数型, ))))))  ' ansi双字节转Unicode
    
22. 
    
23. ret ＝ Nt_Trans_RtlAnsiStringToUnicodeSize (Asm_GetH (ansi_STRING))  ' ansi转unicode长度
    
24. ' 调试输出 (ret)
    
25. 
    
26. Nt_Trans_RtlAnsiStringToUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (ansi_STRING), 真)  ' 真 由函数在默认堆栈申请内存转换
    
27. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode1_STRING))  ' 释放掉内存 自己也可以释放 Nt_Heap_RtlFreeHeap 默认堆栈传地址就行了
    
28. 
    
29. 
    
30. unicode ＝ Nt_Heap_RtlAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), ret)
    
31. 
    
32. Asm_writeWord_1 (unicode1_STRING, 0)
    
33. Asm_writeWord__1 (unicode1_STRING, 2, ret)
    
34. Asm_writeDword__1 (unicode1_STRING, 4, unicode)
    
35. Nt_Trans_RtlAnsiStringToUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (ansi_STRING), 假)  ' 假 自己可控指针位置
    
36. 
    
37. ' MessageBoxW (0, Asm_readDword__1 (unicode1_STRING, 4), 0, 0)
    
38. 
    
39. ansi ＝ Asm_GetDataH (“|我的Administrator”)
    
40. Asm_writeWord_1 (ansi_STRING, Asm_len (ansi))
    
41. Asm_writeWord__1 (ansi_STRING, 2, Asm_len (ansi) ＋ 1)
    
42. Asm_writeDword__1 (ansi_STRING, 4, ansi)
    
43. 
    
44. unicode ＝ Nt_Heap_RtlReAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), unicode, Asm_add (Nt_Heap_RtlSizeHeap (g_heap, 0, unicode), Nt_Trans_RtlAnsiStringToUnicodeSize (Asm_GetH (ansi_STRING)) － 2))
    
45. Asm_writeWord__1 (unicode1_STRING, 2, Nt_Heap_RtlSizeHeap (g_heap, 0, unicode))
    
46. Asm_writeDword__1 (unicode1_STRING, 4, unicode)
    
47. 
    
48. Nt_Trans_RtlAnsiStringToUnicodeString (Asm_GetH (unicode2_STRING), Asm_GetH (ansi_STRING), 真)  ' 真 由函数在默认堆栈申请内存转换
    
49. 
    
50. Nt_Trans_RtlAppendUnicodeToString (Asm_GetH (unicode1_STRING), Asm_readDword__1 (unicode2_STRING, 4))
    
51. 
    
52. ' MessageBoxW (0, Asm_readDword__1 (unicode1_STRING, 4), 0, 0)
    
53. 
    
54. unicode ＝ Nt_Heap_RtlReAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), unicode, Asm_add (Nt_Heap_RtlSizeHeap (g_heap, 0, unicode), Nt_Trans_RtlAnsiStringToUnicodeSize (Asm_GetH (ansi_STRING)) － 2))
    
55. Asm_writeWord__1 (unicode1_STRING, 2, Nt_Heap_RtlSizeHeap (g_heap, 0, unicode))
    
56. Asm_writeDword__1 (unicode1_STRING, 4, unicode)
    
57. 
    
58. 
    
59. Nt_Trans_RtlAppendUnicodeToString (Asm_GetH (unicode1_STRING), Asm_readDword__1 (unicode2_STRING, 4))
    
60. 
    
61. 
    
62. 
    
63. ' MessageBoxW (0, Asm_readDword__1 (unicode1_STRING, 4), 0, 0)
    
64. ' 输出调试文本 (Asm_readWord__1 (unicode1_STRING, 0))
    
65. ' 输出调试文本 (Asm_readWord__1 (unicode2_STRING, 0))
    
66. 
    
67. 
    
68. ' 输出调试文本 (Nt_Trans_RtlCompareUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING), 假))
    
69. ' 输出调试文本 (Nt_Trans_RtlEqualUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING), 假))
    
70. Nt_Trans_RtlCopyUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING))  ' 复制
    
71. ' 输出调试文本 (Nt_Trans_RtlEqualUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING), 假))
    
72. ' 输出调试文本 (Nt_Trans_RtlCompareUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING), 假))
    
73. 
    
74. 
    
75. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode1_STRING))  ' 释放掉内存
    
76. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode2_STRING))  ' 释放掉内存
    
77. ' -------------------------------------------------------------
    
78. 
    
79. Nt_Trans_RtlCreateUnicodeString (Asm_GetH (unicode1_STRING), Asm_GetBinH ({ 97, 0, 98, 0, 99, 0, 0, 0 }))
    
80. ' MessageBoxW (0, Asm_readDword__1 (unicode1_STRING, 4), 0, 0)
    
81. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode1_STRING))  ' 释放掉内存
    
82. 
    
83. Nt_Trans_RtlCreateUnicodeStringFromAsciiz (Asm_GetH (unicode1_STRING), Asm_GetDataH (“ABC”))
    
84. ' MessageBoxW (0, Asm_readDword__1 (unicode1_STRING, 4), 0, 0)
    
85. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode1_STRING))  ' 释放掉内存
    
86. 
    
87. ' 调试输出 (到字节集 (“A”))
    
88. ' 输出调试文本 (字符 (Nt_Trans_RtlDowncaseUnicodeChar (65))) '单字符转换
    
89. 
    
90. Nt_Trans_RtlCreateUnicodeStringFromAsciiz (Asm_GetH (unicode1_STRING), Asm_GetDataH (“ABC”))
    
91. 
    
92. Nt_Trans_RtlDowncaseUnicodeString (Asm_GetH (unicode2_STRING), Asm_GetH (unicode1_STRING), 真)
    
93. 
    
94. Asm_writeDword__1 (unicode2_STRING, 4, Nt_Heap_RtlReAllocateHeap (g_heap, 位或 (#HEAP_ZERO_MEMORY, #HEAP_GENERATE_EXCEPTIONS), Asm_readDword__1 (unicode2_STRING, 4), Asm_add (Nt_Heap_RtlSizeHeap (g_heap, 0, Asm_readDword__1 (unicode2_STRING, 4)), 2)))
    
95. Asm_writeWord__1 (unicode2_STRING, 2, Nt_Heap_RtlSizeHeap (g_heap, 0, Asm_readDword__1 (unicode2_STRING, 4)))
    
96. ' MessageBoxW (0, Asm_readDword__1 (unicode2_STRING, 4), 0, 0)
    
97. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode2_STRING))  ' 释放掉内存
    
98. 
    
99. ' Nt_Trans_RtlCreateUnicodeStringFromAsciiz (Asm_GetH (unicode1_STRING), Asm_GetDataH (“ABC”))
    
100. ' 输出调试文本 (Nt_Trans_RtlEraseUnicodeString (Asm_GetH (unicode1_STRING)))
     
101. ' 调试输出 (到字节集 (unicode1_STRING))
     
102. 
     
103. Nt_Trans_RtlCreateUnicodeStringFromAsciiz (Asm_GetH (unicode1_STRING), Asm_GetDataH (“abcd”))
     
104. Nt_Trans_RtlCreateUnicodeStringFromAsciiz (Asm_GetH (unicode2_STRING), Asm_GetDataH (“d”))
     
105. Nt_Trans_RtlFindCharInUnicodeString (0, Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING), Asm_GetH (ret))
     
106. ' 输出调试文本 (ret)
     
107. Nt_Trans_RtlFindUnicodeSubstring (Asm_GetH (unicode1_STRING), Asm_GetH (unicode2_STRING), Asm_GetH (ret))
     
108. ' 输出调试文本 (ret)
     
109. 
     
110. ' 输出调试文本 (Nt_Trans_RtlHashUnicodeString (Asm_GetH (unicode1_STRING), 假, 0, Asm_GetH (ret)))
     
111. ' 调试输出 (到字节集 (ret))
     
112. 
     
113. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode1_STRING))  ' 释放掉内存
     
114. Nt_Trans_RtlFreeUnicodeString (Asm_GetH (unicode2_STRING))  ' 释放掉内存
     
115. 
     
116. 
     
117. Nt_Trans_RtlCreateUnicodeStringFromAsciiz (Asm_GetH (unicode1_STRING), Asm_GetDataH (“www.我爱你.com”))
     
118. 
     
119. a ＝ Nt_Heap_RtlAllocateHeap (g_heap, 12, 255)
     
120. ret ＝ 255
     
121. Nt_Trans_RtlIdnToAscii (1, Asm_readDword__1 (unicode1_STRING, 4), -1, a, Asm_GetH (ret))
     
122. ' 调试输出 (指针到字节集 (a, ret × 2))
     
123. 
     
124. b ＝ Nt_Heap_RtlAllocateHeap (g_heap, 12, 255)
     
125. c ＝ ret
     
126. ret ＝ 255
     
127. Nt_Trans_RtlIdnToUnicode (1, a, c, b, Asm_GetH (ret))
     
128. ' 调试输出 (指针到字节集 (b, ret × 2))
     
129. 
     
130. Nt_RtlZeroMemory (a, 255)
     
131. 
     
132. ret ＝ 255
     
133. Nt_Trans_RtlIdnToNameprepUnicode (1, b, -1, a, Asm_GetH (ret))
     
134. ' 调试输出 (指针到字节集 (a, ret × 2))
     
135. Nt_Heap_RtlFreeHeap (g_heap, 0, b)
     
136. 
     
137. Nt_Trans_RtlMultiByteToUnicodeSize (Asm_GetH (ret), Asm_GetDataH (“123你好”), Asm_len (Asm_GetDataH (“123你好”)))
     
138. ' 输出调试文本 (ret)
     

复制代码

.版本 2

' RtlAnsiCharToUnicodeChar
' RtlAnsiStringToUnicodeSize
' RtlAnsiStringToUnicodeString
' RtlAppendAsciizToString
' RtlAppendStringToString
' RtlAppendUnicodeStringToString
' RtlAppendUnicodeToString
' RtlCharToInteger
' RtlCompareString
' RtlCompareUnicodeString
' RtlCompareUnicodeStrings
' RtlConsoleMultiByteToUnicodeN'放弃
' RtlConvertDeviceFamilyInfoToString'放弃
' RtlConvertLCIDToString'放弃
' RtlConvertSidToUnicodeString'放弃
' RtlCopyString
' RtlCopyUnicodeString
' RtlCreateUnicodeString
' RtlCreateUnicodeStringFromAsciiz
' RtlCustomCPToUnicodeN'该RtlCustomCPToUnicodeN程序保留给系统使用。请参见RtlMultiByteToUnicodeN和RtlOemToUnicodeN。
' RtlDowncaseUnicodeChar
' RtlDowncaseUnicodeString
' RtlDuplicateUnicodeString
' RtlEqualString
' RtlEqualUnicodeString
' RtlEraseUnicodeString
' RtlFindCharInUnicodeString
' RtlFindUnicodeSubstring
' RtlFreeAnsiString
' RtlFreeOemString
' RtlFreeUTF8String
' RtlFreeUnicodeString
' RtlGUIDFromString
' RtlStringFromGUIDEx
' RtlHashUnicodeString
' RtlIdnToNameprepUnicode
' RtlIdnToUnicode
' RtlIdnToAscii
' RtlInitAnsiString
' RtlInitAnsiStringEx
' RtlInitString
' RtlInitStringEx
' RtlInitUTF8String
' RtlInitUTF8StringEx
' RtlInitUnicodeString
' RtlInitUnicodeStringEx
' RtlInt64ToUnicodeString
' RtlIntegerToChar
' RtlIntegerToUnicodeString
' RtlIsTextUnicode '放弃
' RtlLargeIntegerToChar '放弃
' RtlLengthSidAsUnicodeString
' RtlMultiAppendUnicodeStringBuffer'放弃
' RtlMultiByteToUnicodeN
' RtlMultiByteToUnicodeSize
' RtlNormalizeString'放弃
' RtlOemStringToUnicodeSize
' RtlOemStringToUnicodeString
' RtlOemToUnicodeN
' RtlPrefixString
' RtlPrefixUnicodeString
' RtlRunDecodeUnicodeString
' RtlRunEncodeUnicodeString
' RtlUTF8StringToUnicodeString
' RtlUTF8ToUnicodeN
' RtlUnicodeStringToAnsiSize
' RtlUnicodeStringToAnsiString
' RtlUnicodeStringToCountedOemString
' RtlUnicodeStringToInteger
' RtlUnicodeStringToOemSize
' RtlUnicodeStringToOemString
' RtlUnicodeStringToUTF8String
' RtlUnicodeToCustomCPN'该RtlUnicodeToCustomCPN程序保留给系统使用。
' RtlUnicodeToMultiByteN
' RtlUnicodeToMultiByteSize
' RtlUnicodeToOemN
' RtlUnicodeToUTF8N
' RtlUpcaseUnicodeChar
' RtlUpcaseUnicodeString
' RtlUpcaseUnicodeStringToAnsiString
' RtlUpcaseUnicodeStringToCountedOemString
' RtlUpcaseUnicodeStringToOemString
' RtlUpcaseUnicodeToCustomCPN'该RtlUpcaseUnicodeToCustomCPN程序保留给系统使用。
' RtlUpcaseUnicodeToMultiByteN
' RtlUpcaseUnicodeToOemN
' RtlUpperChar
' RtlUpperString
' RtlValidateUnicodeString
' RtlxAnsiStringToUnicodeSize
' RtlxOemStringToUnicodeSize
' RtlxUnicodeStringToAnsiSize
' RtlxUnicodeStringToOemSize