S
swqrqw sdgasd
Guest
Hello,
I am working about change pagefile.sys size in c++ and without reboot.
I did this with SendingMessages to buttons (c:\windows\syswow64\SystemPropertiesPerformance.exe) but this is not very cool way. (This method or manuelly open SystemPropertiesPerformance.exe and change size doesn't require to reboot. Because pagefile size extending not creating. I want this in c++)
I am searching i found some function i think i need to use them but i couldn't. These functions i found;
NtExtendSection
NtCreateSection
bHere is my code, extendSection func returns -1073741788
#include <iostream>
#include <Windows.h>
#include <Psapi.h>
#pragma comment(lib, "ntdll")
#pragma comment (lib, "wintrust")
#pragma comment (lib, "Psapi")
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, * PUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
PVOID RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
/*NTSTATUS
ZwQuerySystemInformation(
SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
ULONG* ReturnLength);*/
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSection(
OUT PHANDLE SectionHandle,
IN ULONG DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG PageAttributess,
IN ULONG SectionAttributes,
IN HANDLE FileHandle OPTIONAL);
/*NTSTATUS
NtCreatePagingFile(
PUNICODE_STRING PageFileName,
PLARGE_INTEGER MinimumSize,
PLARGE_INTEGER MaximumSize,
ULONG Flags);*/
NTSYSAPI NTSTATUS ZwCreateSection(
PHANDLE SectionHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PLARGE_INTEGER MaximumSize,
ULONG SectionPageProtection,
ULONG AllocationAttributes,
HANDLE FileHandle
);
typedef NTSTATUS(NTAPI* _NtCreatePagingFile)(
UNICODE_STRING PageFileName,
PLARGE_INTEGER MinimumSize,
PLARGE_INTEGER MaximumSize,
ULONG Flags
);
typedef NTSTATUS(NTAPI* _NtExtendSection)(
IN HANDLE SectionHandle,
IN PLARGE_INTEGER NewSectionSize
);
#define NT_SUCCESS(x) ((signed int)(x) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH 0xc0000004
static BOOL EnablePrivilege();
int main()
{
EnablePrivilege();
//NtCreateSection createSec= (NtCreateSection)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtCreateSection");
_NtCreatePagingFile pagingFile = (_NtCreatePagingFile)(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtCreatePagingFile"));
_NtExtendSection extendSection = (_NtExtendSection)(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtExtendSection"));
HANDLE file = CreateFileA("F:\\pagefile.sys", GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
int hata = GetLastError();
printf("last er: %d", hata);
auto ZwCreateSection = (NTSTATUS(NTAPI*)(
PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG,
HANDLE))GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwCreateSection");
HANDLE hSection;
int status;
PLARGE_INTEGER maxSize = (PLARGE_INTEGER)malloc(sizeof(PLARGE_INTEGER));
maxSize->QuadPart = 9594128896;
maxSize->HighPart = 9594128896;
maxSize->LowPart= 9594128896;
LARGE_INTEGER maxSizeCreate;
maxSizeCreate.HighPart = 0;
maxSizeCreate.LowPart = 0x1000;
/*if ((status = ZwCreateSection(&hSection, SECTION_ALL_ACCESS, NULL, &maxSizeCreate,
PAGE_EXECUTE_READWRITE, SEC_COMMIT, NULL)) !=
0) {
return -1;
}*/
int sonucextend = extendSection(file, maxSize);
printf("sonucextend: %d", sonucextend);
//printf("createsection returned: %d", status);
/*auto map = CreateFileMappingA(file, NULL, PAGE_READONLY, 0, 0, NULL);
CloseHandle(file);
auto ret = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
CloseHandle(map);
printf("\nlasterr: %d\n", GetLastError());*/
CloseHandle(file);
system("pause");
//ZwCreateSection(INVALID_HANDLE_VALUE, SECTION_EXTEND_SIZE, )
PLARGE_INTEGER min= (PLARGE_INTEGER)malloc(sizeof(PLARGE_INTEGER));
min->QuadPart = 0x1200000;
min->LowPart = 0x1200000;
min->HighPart = 0x1200000;
//min->u = 0x1200000;
PLARGE_INTEGER max=(PLARGE_INTEGER)malloc(sizeof(PLARGE_INTEGER));
max->QuadPart = 0x1500000;
max->LowPart = 0x1500000;
max->HighPart = 0x1500000;
/*std::string str = "C:\\pagefile2.sys";
std::wstring wstr(str.length(), 0);
char text[] = "C:\\pagefile2.sys";
wchar_t wtext[16];
mbstowcs(wtext, text, strlen(text) + 1);//Plus null
LPWSTR ptr = wtext;
//MultiByteToWideChar(CP_UTF8, 0, &str[0], (int)str.size(), &wstr[0], str.length());
//PUNICODE_STRING yol = (PUNICODE_STRING)"C:\\pagefile2.sys";
*/
UNICODE_STRING yol;
TCHAR Disk[25];
//TCHAR Dir = "C:\\";
//QueryDosDevice("C:\\pagefile2.sys", Disk, 25);
//StringCbPrintf(pagefile, MAX_PATH, L"%S\\%S", Disk, &FileName[3]);
//int len = lstrlenW(pagefile);
//const wchar_t *pagefilestr = GetWC("C:\\pagefile2.sys");
//PUNICODE_STRING yol = (PUNICODE_STRING)malloc(sizeof(PUNICODE_STRING));
yol.Buffer = PWSTR("c:\\pagefile2.sys");
yol.Length = 16;
yol.MaximumLength = 16;
long cikti = pagingFile(yol, min, max, 0);
printf("LAST ERR: %d --- >> Cikti: %ld\n", GetLastError(), cikti);
system("pause");
}
static BOOL EnablePrivilege()
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
// Get a token for this process.
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
// Get the LUID for the shutdown privilege.
LookupPrivilegeValue(NULL, SE_CREATE_PAGEFILE_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, 0);
DWORD ret = GetLastError();
return ret == ERROR_SUCCESS;
}
Thanks everyone
struct bilgiler { string ad =&quot;Emre Demircan&quot;; int yıl = 2000; string fb = &quot;fb.com/DeatSlayer&quot;; }bilgi;
Continue reading...
I am working about change pagefile.sys size in c++ and without reboot.
I did this with SendingMessages to buttons (c:\windows\syswow64\SystemPropertiesPerformance.exe) but this is not very cool way. (This method or manuelly open SystemPropertiesPerformance.exe and change size doesn't require to reboot. Because pagefile size extending not creating. I want this in c++)
I am searching i found some function i think i need to use them but i couldn't. These functions i found;
NtExtendSection
NtCreateSection
bHere is my code, extendSection func returns -1073741788
#include <iostream>
#include <Windows.h>
#include <Psapi.h>
#pragma comment(lib, "ntdll")
#pragma comment (lib, "wintrust")
#pragma comment (lib, "Psapi")
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, * PUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
PVOID RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
/*NTSTATUS
ZwQuerySystemInformation(
SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
ULONG* ReturnLength);*/
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSection(
OUT PHANDLE SectionHandle,
IN ULONG DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG PageAttributess,
IN ULONG SectionAttributes,
IN HANDLE FileHandle OPTIONAL);
/*NTSTATUS
NtCreatePagingFile(
PUNICODE_STRING PageFileName,
PLARGE_INTEGER MinimumSize,
PLARGE_INTEGER MaximumSize,
ULONG Flags);*/
NTSYSAPI NTSTATUS ZwCreateSection(
PHANDLE SectionHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PLARGE_INTEGER MaximumSize,
ULONG SectionPageProtection,
ULONG AllocationAttributes,
HANDLE FileHandle
);
typedef NTSTATUS(NTAPI* _NtCreatePagingFile)(
UNICODE_STRING PageFileName,
PLARGE_INTEGER MinimumSize,
PLARGE_INTEGER MaximumSize,
ULONG Flags
);
typedef NTSTATUS(NTAPI* _NtExtendSection)(
IN HANDLE SectionHandle,
IN PLARGE_INTEGER NewSectionSize
);
#define NT_SUCCESS(x) ((signed int)(x) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH 0xc0000004
static BOOL EnablePrivilege();
int main()
{
EnablePrivilege();
//NtCreateSection createSec= (NtCreateSection)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtCreateSection");
_NtCreatePagingFile pagingFile = (_NtCreatePagingFile)(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtCreatePagingFile"));
_NtExtendSection extendSection = (_NtExtendSection)(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtExtendSection"));
HANDLE file = CreateFileA("F:\\pagefile.sys", GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
int hata = GetLastError();
printf("last er: %d", hata);
auto ZwCreateSection = (NTSTATUS(NTAPI*)(
PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG,
HANDLE))GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwCreateSection");
HANDLE hSection;
int status;
PLARGE_INTEGER maxSize = (PLARGE_INTEGER)malloc(sizeof(PLARGE_INTEGER));
maxSize->QuadPart = 9594128896;
maxSize->HighPart = 9594128896;
maxSize->LowPart= 9594128896;
LARGE_INTEGER maxSizeCreate;
maxSizeCreate.HighPart = 0;
maxSizeCreate.LowPart = 0x1000;
/*if ((status = ZwCreateSection(&hSection, SECTION_ALL_ACCESS, NULL, &maxSizeCreate,
PAGE_EXECUTE_READWRITE, SEC_COMMIT, NULL)) !=
0) {
return -1;
}*/
int sonucextend = extendSection(file, maxSize);
printf("sonucextend: %d", sonucextend);
//printf("createsection returned: %d", status);
/*auto map = CreateFileMappingA(file, NULL, PAGE_READONLY, 0, 0, NULL);
CloseHandle(file);
auto ret = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
CloseHandle(map);
printf("\nlasterr: %d\n", GetLastError());*/
CloseHandle(file);
system("pause");
//ZwCreateSection(INVALID_HANDLE_VALUE, SECTION_EXTEND_SIZE, )
PLARGE_INTEGER min= (PLARGE_INTEGER)malloc(sizeof(PLARGE_INTEGER));
min->QuadPart = 0x1200000;
min->LowPart = 0x1200000;
min->HighPart = 0x1200000;
//min->u = 0x1200000;
PLARGE_INTEGER max=(PLARGE_INTEGER)malloc(sizeof(PLARGE_INTEGER));
max->QuadPart = 0x1500000;
max->LowPart = 0x1500000;
max->HighPart = 0x1500000;
/*std::string str = "C:\\pagefile2.sys";
std::wstring wstr(str.length(), 0);
char text[] = "C:\\pagefile2.sys";
wchar_t wtext[16];
mbstowcs(wtext, text, strlen(text) + 1);//Plus null
LPWSTR ptr = wtext;
//MultiByteToWideChar(CP_UTF8, 0, &str[0], (int)str.size(), &wstr[0], str.length());
//PUNICODE_STRING yol = (PUNICODE_STRING)"C:\\pagefile2.sys";
*/
UNICODE_STRING yol;
TCHAR Disk[25];
//TCHAR Dir = "C:\\";
//QueryDosDevice("C:\\pagefile2.sys", Disk, 25);
//StringCbPrintf(pagefile, MAX_PATH, L"%S\\%S", Disk, &FileName[3]);
//int len = lstrlenW(pagefile);
//const wchar_t *pagefilestr = GetWC("C:\\pagefile2.sys");
//PUNICODE_STRING yol = (PUNICODE_STRING)malloc(sizeof(PUNICODE_STRING));
yol.Buffer = PWSTR("c:\\pagefile2.sys");
yol.Length = 16;
yol.MaximumLength = 16;
long cikti = pagingFile(yol, min, max, 0);
printf("LAST ERR: %d --- >> Cikti: %ld\n", GetLastError(), cikti);
system("pause");
}
static BOOL EnablePrivilege()
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
// Get a token for this process.
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
// Get the LUID for the shutdown privilege.
LookupPrivilegeValue(NULL, SE_CREATE_PAGEFILE_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, 0);
DWORD ret = GetLastError();
return ret == ERROR_SUCCESS;
}
Thanks everyone
struct bilgiler { string ad =&quot;Emre Demircan&quot;; int yıl = 2000; string fb = &quot;fb.com/DeatSlayer&quot;; }bilgi;
Continue reading...
