FormatMessage from NTdll.dll

[Davidca]

I get error code 1812. I got 1812 loading ntdll.dll and then tried ntdll.dll.mui also with1812.

1812=The specified image file did not contain a resource section.

I've inspected ntdll.dll.mui and it has a message table.

Even though FormatMessage works with the system error list, loading kernel32.dll.mui and trying to print the same message using Kernel32.dll.mui FORMAT_MESSAGE_FROM_HMODULE doesn't.

Here is the code in vb6. Paste into a module.

Public Declare Function RtlNtStatusToDosError Lib "ntdll.dll" (ByVal status As Long) As Long
Public Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Long, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Public Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Public Const FORMAT_MESSAGE_IGNORE_INSERTS = &H200
Public Const FORMAT_MESSAGE_FROM_HMODULE = &H800
Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long

Sub Main()
Dim x As Long
Dim hNtdll As Long
x = RtlNtStatusToDosError(&HC0000022)
Dim RetStr As String
RetStr = Space(1020)
' Ret = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM + FORMAT_MESSAGE_IGNORE_INSERTS, vbNull, 1812, 1033, RetStr, 1020, 0)

hNtdll = LoadLibrary("C:\Windows\System32\en-US\ntdll.dll.mui")
Ret = FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS + FORMAT_MESSAGE_FROM_HMODULE, hNtdll, &HC0000022, 1033, RetStr, 1020, 0)

MsgBox Err.LastDllError
MsgBox Ret & " " & hNtdll & vbCrLf & x & vbCrLf & RetStr
End Sub

[Doogle]

The API signature is a little incorrect, you need ByVal for lpSource

Code:

Public Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" _
                (ByVal dwFlags As Long, _
                 ByVal lpSource As Long, _
                 ByVal dwMessageId As Long, _
                 ByVal dwLanguageId As Long, _
                 ByVal lpBuffer As String, _
                 ByVal nSize As Long, Arguments As Long) As Long

When I run the code with that change I get:

Code:

109 1621295104
5
{Access Denied}
A process has requested access to an object, but has not been granted those access rights.

[Davidca]

Thank you. All is fine.

[Davidca]

Here is a barebones NTStatus decoder.

Public Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As Long, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Public Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Public Const FORMAT_MESSAGE_IGNORE_INSERTS = &H200
Public Const FORMAT_MESSAGE_FROM_HMODULE = &H800
Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long

Sub Main()
Dim x As Long
Dim hNtdll As Long
Dim WinError As Long
Dim NTSTatus As Long
Dim Ret As Long
Dim RetStr As String
RetStr = Space(1020)
Dim RetStr1 As String
RetStr1 = Space(1020)
NTSTatus = Val(InputBox("Enter NTStatus code", "", "&hc0000005"))
WinError = RtlNtStatusToDosError(NTSTatus)
Ret = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM + FORMAT_MESSAGE_IGNORE_INSERTS, vbNull, WinError, 0, RetStr, 1020, 0)
RetStr = Left(RetStr, Ret)
hNtdll = LoadLibrary("C:\Windows\System32\en-US\ntdll.dll.mui")
Ret = FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS + FORMAT_MESSAGE_FROM_HMODULE, hNtdll, NTSTatus, 0, RetStr1, 1020, 0)
RetStr = "NT Status Message:" & vbCrLf & Left(RetStr1, Ret) & vbCrLf & vbCrLf & "Windows Error Message:" & vbCrLf & RetStr
MsgBox "NT Status 0x" & Hex(NTSTatus) & " (" & NTSTatus & ")" & vbCrLf & "Windows Error 0x" & Hex(WinError) & " (" & WinError & ")" & vbCrLf & vbCrLf & RetStr
End Sub