分区序列号修改工具.rar (643 K) 下载次数:0 G"J
8�i�|~ QQ377718625
m,5m'9��dj 1 求个修改系统分区卷GUID C++源码(编译后能改成功的)
abV�Ei�[nP 2 下面内容里面的有问题仅供参考。
QeQw����mI 3 执行到下面标记位置程序就秒退了。
�}uD*���\. #define _CRT_SECURE_NO_WARNINGS
L$Xkx03lz> #include <windows.h>
j`�u��2\ ; #include <winternl.h>
K_���j*�9@ #include <stdio.h>
2e,cE6r��� ����1A�]�� //
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ne-wdm-_fsinfoclass �KVC1�8"|f &4t=�Y`]SL typedef enum _FSINFOCLASS {
��G #$r)S� FileFsVolumeInformation = 1,
�Y�qKQm+�G FileFsLabelInformation,
7O�����r?$ FileFsSizeInformation,
n��Fw�g pT FileFsDeviceInformation,
�)CH\]>-FO FileFsAttributeInformation,
OS~�Z@'E�g FileFsControlInformation,
AG�lFb�c(L FileFsFullSizeInformation,
�
m�2�%��� FileFsObjectIdInformation,
�!':y�8(Ou FileFsDriverPathInformation,
'cN3Vv���k FileFsMaximumInformation
�h�^�zc�M_ } FS_INFORMATION_CLASS, * PFS_INFORMATION_CLASS;
Ta8lc %0w3 ],�<p�Z1V; typedef NTSTATUS(*FZwSetVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
��T~l
��Hm TY+Ro�l�;! typedef NTSTATUS(*FZwQueryVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
uMFV^&Z��F x�s�)�SKG* int main(int argc, char* argv[])
/z1-4:^`A[ {
s�kLr6Cs|� const wchar_t* device = L"\\.\c:";
q\s�>O�e6$ _P�_�R`A)" HANDLE h = CreateFileW(device, 0x40000000, 3, 0, 3, 0x80, 0);
�K��?�S5C8 if (h == INVALID_HANDLE_VALUE) return 0;
Wsw�/��� D printf("handle is %d \n", h);
hs�)_h^P
� '8^>Z.�~�V HMODULE m = GetModuleHandleW(L"ntdll.dll");
0d�,&���)� if (!m) return 0;
>� W^"��*B printf("module is %p \n", m);
%Bn�n\�{Az #9(iu S+BU FZwSetVolumeInformationFile _ZwSetVolumeInformationFile = (FZwSetVolumeInformationFile)GetProcAddress(m, "ZwSetVolumeInformationFile");
w�x/*un%�2 FZwQueryVolumeInformationFile _ZwQueryVolumeInformationFile = (FZwQueryVolumeInformationFile)GetProcAddress(m, "ZwQueryVolumeInformationFile");
�Un�Tvot6~ if (!_ZwSetVolumeInformationFile || !_ZwQueryVolumeInformationFile) return 0;
R"`<ZY6(Ou printf("_ZwSetVolumeInformationFile %p \n", _ZwSetVolumeInformationFile);
Cj)*JZV��G printf("_ZwQueryVolumeInformationFile %p \n", _ZwQueryVolumeInformationFile);
+o�6
"��Z) �@o�Ro6Y<- NTSTATUS s;
�(Ixmg=C6y const int size = 1024 * 10;
t�%s(xz�#1 char* buf = new char[size];
X5)�]�.�[d memset(buf, 0, size);
K}dvXO@=|c IO_STATUS_BLOCK status{ 0 };
�C�oe%R(x5 �G{'`L)~3N typedef struct _FILE_FS_VOLUME_INFORMATION {
=6,��w~|�W LARGE_INTEGER VolumeCreationTime;
]1
bN�cq2I ULONG VolumeSerialNumber;
(ap,3$��hS ULONG VolumeLabelLength;
U)S!�@�2(4 BOOLEAN SupportsObjects;
�/a-�OB��U WCHAR VolumeLabel[1];
"���V4ru&a } FILE_FS_VOLUME_INFORMATION, * PFILE_FS_VOLUME_INFORMATION;
G�/Yqvu,2! s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsVolumeInformation);
3��r2e_?�m PFILE_FS_VOLUME_INFORMATION p1 = (PFILE_FS_VOLUME_INFORMATION)buf;
^hwTnW9Z1: p1->VolumeSerialNumber = 0;
OLJ|�gunA# p1->VolumeLabel[0] = L'\0';
r[&/�*�~xL s = _ZwSetVolumeInformationFile(h, &status, p1, size, FileFsVolumeInformation);
d��J,,y�A* printf("%p \n", s);
3��5�#"]l" w�2]��]##J typedef struct _FILE_FS_OBJECTID_INFORMATION {
@�����ojV8 UCHAR ObjectId[16];
/pgn?e'l�k UCHAR ExtendedInfo[48];
D�89�(u.�h } FILE_FS_OBJECTID_INFORMATION, * PFILE_FS_OBJECTID_INFORMATION;
/n�1H;�~f] s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsObjectIdInformation);//秒退了。**************
-[A=\]Rf�J PFILE_FS_OBJECTID_INFORMATION p2 = (PFILE_FS_OBJECTID_INFORMATION)buf;
�YLNJ4�n�E p2->ObjectId[0] = 55;
*�edhJU�T� p2->ObjectId[1] = 55;
eB�l�B0P�
p2->ObjectId[2] = 55;
2$�>
<�r�B p2->ObjectId[3] = 55;
�Z&Z=�24q_ p2->ObjectId[4] = 55;
n
xx&aq(._ p2->ObjectId[5] = 55;
^' b[#DG>F p2->ObjectId[6] = 55;
�'C�jc�FP� p2->ObjectId[7] = 55;
Z2{G{�]EV( s = _ZwSetVolumeInformationFile(h, &status, p2, size, FileFsObjectIdInformation);//秒退了。**************
lDtl6�r�/� printf("%p \n", s);
3Yf!H-(\uB ,6T3:qkkvF //typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
";�/,�FUJJ // BOOLEAN DriverInPath;
VL@e�R9}9K // ULONG DriverNameLength;
6�������8a // WCHAR DriverName[1];
|(��"�zW7g //} FILE_FS_DRIVER_PATH_INFORMATION, * PFILE_FS_DRIVER_PATH_INFORMATION;
�"x�Mn�D(p //PFILE_FS_DRIVER_PATH_INFORMATION p3 = (PFILE_FS_DRIVER_PATH_INFORMATION)buf;
��}�F�AO�. //p3->DriverInPath = TRUE;
d�j:6c@��n //p3->DriverNameLength = 0x200;
p�M_oIH'8: //wcscpy(p3->DriverName, L"\\\\?\\Volume{c6708e20-53cd-4265-a031-af74f04ca24b}");
5�PT�*b}g@ //s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsDriverPathInformation);
U�V)!z�g�P $tca:
b}Mk CloseHandle(h);
|D[4�G�6�& system("pause");
I�aYy5R�w� return 0;
a.G�;s2�>� }
