Есть код Four-F'а, Код (Text): ReadFile proc local oa:OBJECT_ATTRIBUTES local iosb:IO_STATUS_BLOCK local hFile:HANDLE local p:PVOID local cb:DWORD local fsi:FILE_STANDARD_INFORMATION invoke DbgPrint, $CTA0("\nFileWorks: Opening file for reading\n") InitializeObjectAttributes addr oa, addr g_usFileName, \ OBJ_CASE_INSENSITIVE + OBJ_KERNEL_HANDLE, NULL, NULL invoke ZwOpenFile, addr hFile, FILE_READ_DATA + SYNCHRONIZE, addr oa, addr iosb, \ FILE_SHARE_READ + FILE_SHARE_WRITE + FILE_SHARE_DELETE, FILE_SYNCHRONOUS_IO_NONALERT .if eax == STATUS_SUCCESS invoke DbgPrint, $CTA0("FileWorks: File openeded\n") invoke ZwQueryInformationFile, hFile, addr iosb, addr fsi, sizeof fsi, FileStandardInformation .if eax == STATUS_SUCCESS mov eax, fsi.EndOfFile.LowPart inc eax ; one byte more for terminating zero mov cb, eax invoke ExAllocatePool, PagedPool, cb .if eax != NULL mov p, eax invoke RtlZeroMemory, p, cb invoke ZwReadFile, hFile, 0, NULL, NULL, addr iosb, p, cb, 0, NULL .if eax == STATUS_SUCCESS invoke DbgPrint, $CTA0("FileWorks: File content: \=%s\=\n"), p .else invoke DbgPrint, $CTA0("FileWorks: Can't read from the file. Status: %08X\n"), eax .endif invoke ExFreePool, p .else invoke DbgPrint, $CTA0("FileWorks: Can't allocate memory. Status: %08X\n"), eax .endif .else invoke DbgPrint, $CTA0("FileWorks: Can't query file size. Status: %08X\n"), eax .endif invoke ZwClose, hFile .else invoke DbgPrint, $CTA0("FileWorks: Can't open file. Status: %08X\n"), eax .endif ret ReadFile endp Как перевести на Си следующую строку Код (Text): invoke DbgPrint, $CTA0("FileWorks: File content: \=%s\=\n"), p Туплю, выдает левый результат.
Блин, стоит запостить как сразу прозрел, сила васма Забыл узнать длину файла не выполнял Код (Text): invoke ZwQueryInformationFile, hFile, addr iosb, addr fsi, sizeof fsi, FileStandardInformation
