elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.


 


Tema destacado: 4n4lDetector v1.3: herramienta de análisis estático de malware


+  Foro de elhacker.net
|-+  Programación
| |-+  Programación Visual Basic (Moderadores: LeandroA, seba123neo)
| | |-+  Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll  (Leído 841 veces)
Progmasterbr

Desconectado Desconectado

Mensajes: 18


Ver Perfil
Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll
« en: 11 Junio 2017, 15:18 »

Hello,

i have th following declaration of RtlGetNtVersionNumber:

Código:
Public Declare Sub RtlGetNtVersionNumber Lib "ntdll.dll" (ByRef MajorVersion As Long, ByRef MinorVersion As Long, ByRef BuildNumber As Integer)

and using like this:

Código
  1.  
  2. Dim OsBuild As Integer
  3. Dim MaN As Long, MiN As Long
  4. Dim FilePath As String
  5.  
  6. Call RtlGetNtVersionNumber(MaN, MiN, OsBuild)
  7. Select Case OsBuild
  8.    Case 2600
  9.        FilePath = "\WinXPSssdt.txt"
  10.    Case 3750
  11.        FilePath = "\Win2k3x86Sssdt.txt"
  12.    Case 6000
  13.        FilePath = "\VistaX86Sssdt.txt"
  14.    Case 7600
  15.        FilePath = "\Win7x86Sssdt.txt"
  16.    Case 9200
  17.        FilePath = "\Win8x86Sssdt.txt"
  18.    Case 9600
  19.        FilePath = "\Win81x86Sssdt.txt"
  20.    Case 10240
  21.        FilePath = "\Win10Th1x86Sssdt.txt"
  22.    Case 10586
  23.        FilePath = "\Win10Th2x86Sssdt.txt"
  24.    Case Else
  25.        MsgBox "Current System is not supported", vbExclamation, "Error": End
  26. End Select
  27.  

but i'm getting this error saying:

"Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll"

some idea how solve?

thank you by any suggestion.




« Última modificación: 11 Junio 2017, 16:07 por Eleкtro » En línea

Eleкtro
Novato Astral y
Moderador Global
***
Desconectado Desconectado

Mensajes: 9.152


El sentido común es el menos común de los sentidos


Ver Perfil
Re: Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll
« Respuesta #1 en: 11 Junio 2017, 16:30 »

i'm getting this error saying:

"Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll"

some idea how solve?

Hi.

The error message its self-explanatory, it doesn't exists any exported function with the name "RtlGetNtVersionNumber" in the dll that you are trying to import, in other words: that function name doesn't exists (at least as an export) inside of your specific version of the ntdll.dll file.

Anyways the Windows API function names that starts with "Rtl*" are system reserved (and may be unavailable in newer versions of the operating system), mostly not documented because those functions are not intended to be used by the end-user.

To retrieve the build number of the current O.S you could use GetVersion function instead, or GetVersionEx function + OSVERSIONINFO structure:

Once said this, be aware that if your purpose is to determine which is the current release (NT) version of Windows, then your code is wrong because you are just checking the build number, then it will not determine a Windows NT version properly, instead it just will accept the build numbers that you are handling and it will fail producing the error messagebox that you have specified in your code for any other build number that is not handled. That is not the way to do it, you must evaluate only the major and minor version numbers (wich both in conjunction defines the value to determine Windows version), not the build/compilation number.

For a reference of the Windows NT versioning, read this:

Also take into account that you could simplify the job by replacing all your Select Case for a Select case that evaluates the value returned by the operating system's version helper (boolean) functions:
...from recent Windows version to least recent.

PS: Finally, ensure to don't miss in the MSDN articles the Windows 10 version checking warnings when using GetVersionEx/GetVersion or IsWindows10OrGreater functions if you want to prevent false positives.

Regards.


« Última modificación: 11 Junio 2017, 16:46 por Eleкtro » En línea


Progmasterbr

Desconectado Desconectado

Mensajes: 18


Ver Perfil
Re: Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll
« Respuesta #2 en: 11 Junio 2017, 17:12 »

Elektro, thank you very much.
En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
Ofuscar Entry Point
Análisis y Diseño de Malware
alegoria 1 853 Último mensaje 28 Septiembre 2006, 15:20
por daperci
Cambiar entry point en dev cpp
Programación C/C++
dark_hat 1 964 Último mensaje 20 Febrero 2008, 15:28
por Eternal Idol
Change PE Entry Point [SRC] « 1 2 »
Programación Visual Basic
cobein 10 3,579 Último mensaje 4 Diciembre 2008, 14:50
por ~~
Entry Point « 1 2 »
ASM
Eternal Idol 12 23,309 Último mensaje 9 Marzo 2012, 14:35
por _Enko
Entry point en VB apps
Ingeniería Inversa
Rvck 6 1,731 Último mensaje 16 Agosto 2013, 21:06
por MCKSys Argentina
Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines