8000 Author, read this. This is not another "it doesn't work for me...". You haven't implemented NtFlushBuffersFileEx. · Issue #169 · i486/VxKex · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Author, read this. This is not another "it doesn't work for me...". You haven't implemented NtFlushBuffersFileEx. #169
New issue
New issue
Open
Open
Author, read this. This is not another "it doesn't work for me...". You haven't implemented NtFlushBuffersFileEx.#169
@Alex-ASF

Description

@Alex-ASF
Alex-ASF
opened on Jun 25, 2025

Since no hook on NtFlushBuffersFileEx is implemented (or is implemented with an error), then dbms may not work and do not work (for example, postgres 17), but you never know where it may appear. Below is an example of a hook. minHook_134 was used, but of course it can be done differently.

//
// hookNtFlush.cpp
// cl /LD hookNtF.cpp "minhook\build\Release\MinHook.x64.lib" /link /OUT:hook.dll /NODEFAULTLIB:MSVCRT
//

#include <windows.h>
#include "minHook\include\minhook.h"

#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)

typedef struct _IO_STATUS_BLOCK {
    union { NTSTATUS Status; PVOID Pointer; };
    ULONG_PTR Information;
} * PIO_STATUS_BLOCK;

typedef NTSTATUS 
    (NTAPI *NtFlushBuffersFileEx_t)
    (HANDLE FileHandle, ULONG Flags, PVOID Parameters, ULONG ParameterSize, PIO_STATUS_BLOCK IoStatusBlock);

static NtFlushBuffersFileEx_t real_NtFlushBuffersFileEx = NULL;
 
NTSTATUS NTAPI hook_NtFlushBuffersFileEx(HANDLE FileHandle, ULONG Flags, PVOID Parameters, ULONG ParameterSize,
    PIO_STATUS_BLOCK IoStatusBlock)
{
    BOOL result = FlushFileBuffers(FileHandle);
    NTSTATUS status = result ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;

    if (IoStatusBlock)
    {
        IoStatusBlock->Status = status;
        IoStatusBlock->Information = 0;
    }
    return status;
}

static FARPROC (WINAPI *real_GetProcAddress)(HMODULE hModule, LPCSTR lpProcName) = NULL;

FARPROC WINAPI hook_GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
{
    if (lpProcName && strcmp(lpProcName, "NtFlushBuffersFileEx") == 0)
    {
        return (FARPROC)hook_NtFlushBuffersFileEx;
    }
    return real_GetProcAddress(hModule, lpProcName);
}

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD reason, LPVOID reserved)
{
    if (reason == DLL_PROCESS_ATTACH)
    {
        char procPath[MAX_PATH]; char dllPath[MAX_PATH];
        GetModuleFileNameA(NULL, procPath, MAX_PATH); GetModuleFileNameA(hinst, dllPath, MAX_PATH);
        char procLongPath[MAX_PATH]; char dllLongPath[MAX_PATH];
        GetLongPathNameA(procPath, procLongPath, MAX_PATH); GetLongPathNameA(dllPath, dllLongPath, MAX_PATH);
        char* procDirEnd = strrchr(procLongPath, '\\'); char* dllDirEnd = strrchr(dllLongPath, '\\');
        if (procDirEnd && dllDirEnd)
        {
            *dllDirEnd = '\0';
            *procDirEnd = '\0';
            if (_stricmp(procLongPath, dllLongPath) != 0) return FALSE;
        }
        DisableThreadLibraryCalls(hinst);
        MH_Initialize();

        HMODULE kernel32 = GetModuleHandleA("kernel32.dll");
        real_GetProcAddress = (FARPROC (WINAPI *)(HMODULE, LPCSTR))GetProcAddress(kernel32, "GetProcAddress");

        MH_CreateHook((LPVOID)real_GetProcAddress, hook_GetProcAddress, (LPVOID*)&real_GetProcAddress);
        MH_EnableHook(MH_ALL_HOOKS);

    } else if (reason == DLL_PROCESS_DETACH)
    {
        MH_DisableHook(MH_ALL_HOOKS);
        MH_Uninitialize();
    }
    return TRUE;
}

For everyone. You can compile this hook and put the dll in the folder with your non-working application. And then in
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
add a link to this dll like...
"AppInit_DLLs"="C:\\PROGRA~1\\POSTGR~2\\BIN\\HOOK.DLL"
Short names are required.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0