分区序列号修改工具.rar (643 K) 下载次数:0 fH��e�0�W QQ377718625
$rpTs?j*K$ 1 求个修改系统分区卷GUID C++源码(编译后能改成功的)
�
�]a�6O(] 2 下面内容里面的有问题仅供参考。
�FfxX�)p1t 3 执行到下面标记位置程序就秒退了。
��P A�6KX5 #define _CRT_SECURE_NO_WARNINGS
��{
#1j�"� #include <windows.h>
Go\} A:|�s #include <winternl.h>
,>
(b�t%�b #include <stdio.h>
&H��4uvJ_< (!VMnLlXRK //
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ne-wdm-_fsinfoclass `!omzE*bk5 ?l�,
X!o6� typedef enum _FSINFOCLASS {
UhS�h(E8p> FileFsVolumeInformation = 1,
^\[LrPq��e FileFsLabelInformation,
�!<=%;�+�� FileFsSizeInformation,
+eBMn(7Cgv FileFsDeviceInformation,
\%Ah^�U)gS FileFsAttributeInformation,
~S^�X�"8(U FileFsControlInformation,
HLSfoQ&
)v FileFsFullSizeInformation,
3cCK"k�r�� FileFsObjectIdInformation,
88#�qu�.�� FileFsDriverPathInformation,
-4?xwz9o$7 FileFsMaximumInformation
O�S"{"�P�� } FS_INFORMATION_CLASS, * PFS_INFORMATION_CLASS;
�i�'�Y'H�I �7O+Ij9+{n typedef NTSTATUS(*FZwSetVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
\U!@OX.R'M pdi=6<�?bd typedef NTSTATUS(*FZwQueryVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
lbB.�*oQ�� �"s>fV9YyZ int main(int argc, char* argv[])
'z-;*�!A}j {
b@�wBR9�s const wchar_t* device = L"\\.\c:";
HC�J�8@nki Vq
D[G<|9T HANDLE h = CreateFileW(device, 0x40000000, 3, 0, 3, 0x80, 0);
7��bonOt
Y if (h == INVALID_HANDLE_VALUE) return 0;
^)O�Z`u��8 printf("handle is %d \n", h);
lHc��Z��i� 9P7xoXJ
@y HMODULE m = GetModuleHandleW(L"ntdll.dll");
`&�u�<aLA� if (!m) return 0;
0�\cn�c^Z� printf("module is %p \n", m);
rmPne8D=c( QOT)�x4�!) FZwSetVolumeInformationFile _ZwSetVolumeInformationFile = (FZwSetVolumeInformationFile)GetProcAddress(m, "ZwSetVolumeInformationFile");
Z#4JA/c��! FZwQueryVolumeInformationFile _ZwQueryVolumeInformationFile = (FZwQueryVolumeInformationFile)GetProcAddress(m, "ZwQueryVolumeInformationFile");
my�\o P(e\ if (!_ZwSetVolumeInformationFile || !_ZwQueryVolumeInformationFile) return 0;
�vQK��n��= printf("_ZwSetVolumeInformationFile %p \n", _ZwSetVolumeInformationFile);
��
Hz]4A�S printf("_ZwQueryVolumeInformationFile %p \n", _ZwQueryVolumeInformationFile);
-7I��1Lh#M ��s�-C!uq� NTSTATUS s;
kUn2�RZ6$# const int size = 1024 * 10;
�m�sc 1^2 char* buf = new char[size];
A,m4WO_�q3 memset(buf, 0, size);
egI{!bZg'\ IO_STATUS_BLOCK status{ 0 };
��Q�(I�JD4 X(GmiH� /E typedef struct _FILE_FS_VOLUME_INFORMATION {
&r'{(O�8$N LARGE_INTEGER VolumeCreationTime;
~5r=FF6��� ULONG VolumeSerialNumber;
rb:<�N�%*t ULONG VolumeLabelLength;
�b|sc'eP#? BOOLEAN SupportsObjects;
w.J�%qWJq WCHAR VolumeLabel[1];
c$Xe.:��QY } FILE_FS_VOLUME_INFORMATION, * PFILE_FS_VOLUME_INFORMATION;
|;A�9A'��s s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsVolumeInformation);
='dLsh4P2N PFILE_FS_VOLUME_INFORMATION p1 = (PFILE_FS_VOLUME_INFORMATION)buf;
Hs"�%�
�S� p1->VolumeSerialNumber = 0;
�cxXb��o a p1->VolumeLabel[0] = L'\0';
��=��PNdP� s = _ZwSetVolumeInformationFile(h, &status, p1, size, FileFsVolumeInformation);
�;�.ysC��F printf("%p \n", s);
N
>d�|A]zH �0��1LZE,. typedef struct _FILE_FS_OBJECTID_INFORMATION {
I!f
�B1aq- UCHAR ObjectId[16];
�zBk_�-�'z UCHAR ExtendedInfo[48];
lo�+xo;�Nd } FILE_FS_OBJECTID_INFORMATION, * PFILE_FS_OBJECTID_INFORMATION;
y)�3~]h\�a s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsObjectIdInformation);//秒退了。**************
&l�.��x:eD PFILE_FS_OBJECTID_INFORMATION p2 = (PFILE_FS_OBJECTID_INFORMATION)buf;
8pYyG
|��\ p2->ObjectId[0] = 55;
[�3j$ 4rP� p2->ObjectId[1] = 55;
^uyN�v-'F� p2->ObjectId[2] = 55;
87^�:<\p�p p2->ObjectId[3] = 55;
8��W~
lU~- p2->ObjectId[4] = 55;
-6rf�( ER
p2->ObjectId[5] = 55;
SkiJ�pMN� p2->ObjectId[6] = 55;
eM?rc5�5�| p2->ObjectId[7] = 55;
�ug^om�{e- s = _ZwSetVolumeInformationFile(h, &status, p2, size, FileFsObjectIdInformation);//秒退了。**************
;W7���hc! printf("%p \n", s);
Md8(�`@`o� �g!1I21M1~ //typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
�koOy���Z> // BOOLEAN DriverInPath;
2�9�"�mE;j // ULONG DriverNameLength;
H<`�^w)��? // WCHAR DriverName[1];
V�~�OUE]]Q //} FILE_FS_DRIVER_PATH_INFORMATION, * PFILE_FS_DRIVER_PATH_INFORMATION;
44|deE3Z
� //PFILE_FS_DRIVER_PATH_INFORMATION p3 = (PFILE_FS_DRIVER_PATH_INFORMATION)buf;
|EF>Y��9
� //p3->DriverInPath = TRUE;
<�9ma(�PFa //p3->DriverNameLength = 0x200;
L�n
~4mN�^ //wcscpy(p3->DriverName, L"\\\\?\\Volume{c6708e20-53cd-4265-a031-af74f04ca24b}");
N0=-7wMk(Z //s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsDriverPathInformation);
J�Ac@S20v\ f��%2%T�'Q CloseHandle(h);
1^ayk�rnQ> system("pause");
DVObrL)znL return 0;
OuB�2 x=B� }
