I'm writing an application that can disable and enable a given network
adapter (NIC) using C#. I realize that this can be handled using
netsh.exe, but I don't want to call a process for an external
executable if I don't have to. To do this, I can't figure out any way
save using an interop to call a function in ntdll.dll. The function
(NtUnloadDriver or ZwUnloadDriver) is not a documented function, but
doing a bit of searching you find the following:
NTSYSAPI NTSTATUS NTAPI NtUnloadDriver(IN PUNICODE_STRING
DriverServiceName);
I'm not completely sure what the three words in caps designate in the
beginning of that function, nor am I completely sure what a pUnicode
value type is. Suffice it to say, I don't believe my string contains
any unicode values within it. My C# implementation looks like this:
[DllImport("NTDLL.DLL",
EntryPoint="ZwUnloadDriver",
SetLastError=true,
CharSet=CharSet.Unicode,
ExactSpelling=true,
CallingConvention=CallingConvention.Winapi)]
private static extern int ZwUnloadDriver(string DriverServiceName);
From there, I simply created a public function to call the return from
the ZwUnloadDriver static. The problem is that I'm getting an obscure
error (-1073741773) that I have no idea what to do with. The
DriverServiceName variable is being defined from the command line:
"//registry//machine//SYSTEM//CurrentControlSet//Services//"
I read somewhere that the DriverServiceName needed to be in "system
format," but I'm only guessing from some examples I saw.
I've seen the NTDLL.DLL used in other interop functions with success,
so I know it's possible. It could be a security issue if I need to be
acquiring some privilege from kernel32.dll before talking to ntdll.dll,
but I'm not certain on that. Let me know what you think.
