分区序列号修改工具.rar (643 K) 下载次数:0 #�;<Y[hR{P QQ377718625
�KSL`W��2} 1 求个修改系统分区卷GUID C++源码(编译后能改成功的)
}\�L�Q3y"[ 2 下面内容里面的有问题仅供参考。
F��!d�o~Z� 3 执行到下面标记位置程序就秒退了。
W>LR\]Ti�@ #define _CRT_SECURE_NO_WARNINGS
,0k�;!��YK #include <windows.h>
E'�8;�10s #include <winternl.h>
�/O9EQ�Pm( #include <stdio.h>
= /��8�cp� 3a�|\dav%� //
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ne-wdm-_fsinfoclass c����n�Lro ��4I7>f]=) typedef enum _FSINFOCLASS {
�W8<%�[-�r FileFsVolumeInformation = 1,
nP$9�CA��� FileFsLabelInformation,
g=�rbP��bu FileFsSizeInformation,
54/=�G(F�� FileFsDeviceInformation,
~�5g�~;f[4 FileFsAttributeInformation,
�s�aAF+H/= FileFsControlInformation,
<u�J@:oWG7 FileFsFullSizeInformation,
�])�!��*�_ FileFsObjectIdInformation,
7�d vnupLh FileFsDriverPathInformation,
wS*�E(IAl� FileFsMaximumInformation
�#Dac~�>a' } FS_INFORMATION_CLASS, * PFS_INFORMATION_CLASS;
��
@�8
6f� (#��'>(t(4 typedef NTSTATUS(*FZwSetVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
<}�L�C�~B! 5X+A"X
;�C typedef NTSTATUS(*FZwQueryVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
�*�`U~�?q} �9�VT�;e�p int main(int argc, char* argv[])
J�e{ykL�?N {
o}!P�Q�#`M const wchar_t* device = L"\\.\c:";
a9�G8q>h]O Xeaj�xcop# HANDLE h = CreateFileW(device, 0x40000000, 3, 0, 3, 0x80, 0);
Ls%MGs9PI� if (h == INVALID_HANDLE_VALUE) return 0;
T;�uX4�,|( printf("handle is %d \n", h);
F5Va+z,j�g �u4j�5���w HMODULE m = GetModuleHandleW(L"ntdll.dll");
B1STG�L`nK if (!m) return 0;
7I�x��973^ printf("module is %p \n", m);
�6�wxs1�G� f5�r0\7�y0 FZwSetVolumeInformationFile _ZwSetVolumeInformationFile = (FZwSetVolumeInformationFile)GetProcAddress(m, "ZwSetVolumeInformationFile");
�Z}QB.
$& FZwQueryVolumeInformationFile _ZwQueryVolumeInformationFile = (FZwQueryVolumeInformationFile)GetProcAddress(m, "ZwQueryVolumeInformationFile");
:S�ma�`U�& if (!_ZwSetVolumeInformationFile || !_ZwQueryVolumeInformationFile) return 0;
>V�~E]P%�@ printf("_ZwSetVolumeInformationFile %p \n", _ZwSetVolumeInformationFile);
�|^aKs#�va printf("_ZwQueryVolumeInformationFile %p \n", _ZwQueryVolumeInformationFile);
A�R=�]=��8 z�:;�CX@)* NTSTATUS s;
�$^�P0F9~0 const int size = 1024 * 10;
VE24ToI?W" char* buf = new char[size];
M�Jvp���6n memset(buf, 0, size);
c|%6e(g"�L IO_STATUS_BLOCK status{ 0 };
�^s=8!�=A( �C�]#,+q*� typedef struct _FILE_FS_VOLUME_INFORMATION {
R��Z7@cQY
LARGE_INTEGER VolumeCreationTime;
>�/|*DI-HJ ULONG VolumeSerialNumber;
�:��r�[`.` ULONG VolumeLabelLength;
OY�d �!v`< BOOLEAN SupportsObjects;
]oxZ77ciL� WCHAR VolumeLabel[1];
p�utrSSL}� } FILE_FS_VOLUME_INFORMATION, * PFILE_FS_VOLUME_INFORMATION;
:>*�7=�q=� s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsVolumeInformation);
r,udO,Yi=c PFILE_FS_VOLUME_INFORMATION p1 = (PFILE_FS_VOLUME_INFORMATION)buf;
;fJ.8C���� p1->VolumeSerialNumber = 0;
/NlGFO�*Z p1->VolumeLabel[0] = L'\0';
q7!{?\�T�% s = _ZwSetVolumeInformationFile(h, &status, p1, size, FileFsVolumeInformation);
OH88�n�69� printf("%p \n", s);
�Z�7#+pPt! N0lC0
N?_J typedef struct _FILE_FS_OBJECTID_INFORMATION {
�Z�h,71Umz UCHAR ObjectId[16];
,'+�kBZOv UCHAR ExtendedInfo[48];
:
�'c&,oLY } FILE_FS_OBJECTID_INFORMATION, * PFILE_FS_OBJECTID_INFORMATION;
xmG<]W�F>E s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsObjectIdInformation);//秒退了。**************
T�|p�"0b A PFILE_FS_OBJECTID_INFORMATION p2 = (PFILE_FS_OBJECTID_INFORMATION)buf;
]q.0!lh+WL p2->ObjectId[0] = 55;
�~`/V(�r;o p2->ObjectId[1] = 55;
s���>��en� p2->ObjectId[2] = 55;
xmX 4q�tAL p2->ObjectId[3] = 55;
p[-O�( 3�Y p2->ObjectId[4] = 55;
g*Ph�v�|kI p2->ObjectId[5] = 55;
K8~�d^��G
p2->ObjectId[6] = 55;
zTp�"AuNHN p2->ObjectId[7] = 55;
OP�i���0~s s = _ZwSetVolumeInformationFile(h, &status, p2, size, FileFsObjectIdInformation);//秒退了。**************
K
P"+e:a%� printf("%p \n", s);
j6YO���KJX ;,TF�r}p`� //typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
�74u��&%Rj // BOOLEAN DriverInPath;
Si7*&� dw= // ULONG DriverNameLength;
nEf�K53i_
// WCHAR DriverName[1];
H[gWG�bPq7 //} FILE_FS_DRIVER_PATH_INFORMATION, * PFILE_FS_DRIVER_PATH_INFORMATION;
rU���l�+� //PFILE_FS_DRIVER_PATH_INFORMATION p3 = (PFILE_FS_DRIVER_PATH_INFORMATION)buf;
�U(Zq= M� //p3->DriverInPath = TRUE;
9z0p5)]n>� //p3->DriverNameLength = 0x200;
=I4�lL]
>� //wcscpy(p3->DriverName, L"\\\\?\\Volume{c6708e20-53cd-4265-a031-af74f04ca24b}");
�y2v^-�q3� //s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsDriverPathInformation);
4JE�pl'5^Q pJ=#zsE0�� CloseHandle(h);
nNm`��Hfi� system("pause");
#QPjk�R|\� return 0;
,b����d_:� }
