"API" file operation programming-createfile, WriteFile, SetFilePointer

1. Description

Many of the hacker tools are implemented by reading and writing files, and the file read and write operation is essentially a call to API functions.

2. Correlation function CreateFile:

Create or open a file or I/O device. The most commonly used I/O devices are the following: files, file streams, directories, Physical disk volumes, console buffers, tape drives, communication resources, mail slots, and tubes. The function returns a handle that can access various types of I/O files or devices based on the file or device and the specified flags and attributes.

HANDLE WINAPI CreateFile(  _In_      LPCTSTR lpFileName,  _In_      DWORD dwDesiredAccess,  _In_      DWORD dwShareMode,  _In_opt_  LPSECURITY_ATTRIBUTES lpSecurityAttributes,  _In_      DWORD dwCreationDisposition,  _In_      DWORD dwFlagsAndAttributes,  _In_opt_  HANDLE hTemplateFile);

Field Description:

• inch LPCTSTR lpFileName,

The name of the file or device to create or open

• inch DWORD dwDesiredAccess,

Requests access to the file or device, which can be summarized as read, write, or not 0.

• inch DWORD dwShareMode,

Request sharing mode for a file or device that can read, write, delete, all, or all

• in_opt Lpsecurity_attributes lpSecurityAttributes,

A pointer to the SECURITY_ATTRIBUTES structure contains two independent but related data members: An optional security descriptor, and a Boolean value that determines whether the returned handle can be inherited by the child process.

• inch DWORD dwCreationDisposition,

An action taken on a file or device that exists or does not exist.

• inch DWORD dwFlagsAndAttributes,

File or device properties and flags

• in_opt HANDLE hTemplateFile

hTemplateFile is a file or device handle that indicates that the handle given by this parameter creates a file for the template (that is, the handle file is copied to the path specified by lpFileName and then opened).

return value:

If the function succeeds, the return value is the open handle to the specified file, device, named pipe, or mail slot.

If the function fails, the return value is Invalid_handle_value.

SetFilePointer

Moves the file pointer of the specified file.

DWORD WINAPI SetFilePointer(  _In_         HANDLE hFile,  _In_         LONG lDistanceToMove,  _Inout_opt_  PLONG lpDistanceToMoveHigh,  _In_         DWORD dwMoveMethod);

Field Description:

• inch HANDLE hfile, file handle
• inch A LONG ldistancetomove that specifies the number of bytes to move the file pointer.
• inout_opt Plong lpDistanceToMoveHigh, Pointer to a high 32-bit position that points to the 64-bit moving distance of the symbol. If the higher order 32 bits are not required, the pointer must be set to NULL.
• inch The starting point for the DWORD dwmovemethod file pointer movement.

WriteFile

BOOL WriteFile(   HANDLE hFile,   LPCVOID lpBuffer,   DWORD nNumberOfBytesToWrite,   LPDWORD lpNumberOfBytesWritten,   LPOVERLAPPED lpOverlapped);

Field Description:

• HANDLE hfile, the handle to the file to be written.
• Lpcvoid lpbuffer, pointer to the buffer that contains the data written to the file.
• DWORD Nnumberofbytestowrite, the number of bytes written to the file.
• Lpdword Lpnumberofbyteswritten, pointer to the number of bytes written by the function call.
• lpoverlapped lpoverlapped pointers to overlapping structures that contain information used in asynchronous input and output.

3. Code

// 20180218_文件操作编程-CreateFile、WriteFile、SetFilePointer.cpp : 定义控制台应用程序的入口点。//#include "stdafx.h"#include <windows.h>#include <stdio.h>int wmain(int argc, wchar_t *argv[]){    //调用CreateFile函数以只写方式打开一个文件    HANDLE hFile = CreateFile(argv[1], GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);    if (hFile == INVALID_HANDLE_VALUE)    {        printf("CreateFile error\n");        return 0;    }    //调用SetFilePointer函数调整文件指针位置，移动到文件末尾    if (SetFilePointer(hFile, 0, NULL, FILE_END) == -1)    {        printf("SetFilePointer error \n");        return 0;    }    char buff[256] = "配置信息_URL_information";    DWORD dwWrite;    //把buff中的内容写入到文件末尾    if (!WriteFile(hFile, &buff, strlen(buff), &dwWrite, NULL))    {        printf("WriteFile error \n");        return 0;    }    printf("往%ls中写入数据成功\n", argv[1]);    CloseHandle(hFile);    return 0;}

4. Effect

API file Operation programming-createfile, WriteFile, SetFilePointer