I am doing a P/Invoke on Ntdll.dll!NtWriteFile and while reading the Buffer (PVOID), I'm getting unrecognizable characters. I tried different encoding with no change. I'm also monitoring the process using API Monitor from Rohitab so I see the correct value I'm trying to retrieve. Anyone run into this issue?
NtWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL );
Example of output:
笍^稌ƭ덾塾畿浽ꭼɿݾ浼굺ꥻꥻ Āጀ‘℀
萰퓶픊茚 缊<縌葿繾륿뙾孿퍿Ϳ큾靾≿≿
缊f縌ϲ橿筿偿᱿㽿ꅿ왿ѿ豿豿 笍^稌ƭ덾塾畿浽ꭼɿݾ浼굺ꥻꥻ 缊<縌葿繾륿뙾孿퍿Ϳ큾靾≿≿ 缊f縌ϲ橿筿偿᱿㽿ꅿ왿ѿ豿豿 缷舆ⴀᣢ
I was able to encode the text by using the below.
Byte[] bytes = Encoding.Unicode.GetBytes(p);
var bUTF8 = Encoding.UTF8.GetString(bytes);