📄 native.pas
字号:
RegistryQuotaInUse: ULONG;
PagedPoolSize: ULONG;
end;
SYSTEM_REGISTRY_QUOTA_INFORMATION = _SYSTEM_REGISTRY_QUOTA_INFORMATION;
PSYSTEM_REGISTRY_QUOTA_INFORMATION = ^SYSTEM_REGISTRY_QUOTA_INFORMATION;
_SYSTEM_LOAD_AND_CALL_IMAGE = record // Information Class 38
ModuleName: UNICODE_STRING;
end;
SYSTEM_LOAD_AND_CALL_IMAGE = _SYSTEM_LOAD_AND_CALL_IMAGE;
PSYSTEM_LOAD_AND_CALL_IMAGE = ^SYSTEM_LOAD_AND_CALL_IMAGE;
_SYSTEM_PRIORITY_SEPARATION = record // Information Class 39
PrioritySeparation: ULONG;
end;
SYSTEM_PRIORITY_SEPARATION = _SYSTEM_PRIORITY_SEPARATION;
PSYSTEM_PRIORITY_SEPARATION = ^SYSTEM_PRIORITY_SEPARATION;
_SYSTEM_TIME_ZONE_INFORMATION = record // Information Class 44
Bias: LONG;
StandardName: array [0..31] of WCHAR;
StandardDate: SYSTEMTIME;
StandardBias: LONG;
DaylightName: array [0..31] of WCHAR;
DaylightDate: SYSTEMTIME;
DaylightBias: LONG;
end;
SYSTEM_TIME_ZONE_INFORMATION = _SYSTEM_TIME_ZONE_INFORMATION;
PSYSTEM_TIME_ZONE_INFORMATION = ^SYSTEM_TIME_ZONE_INFORMATION;
_SYSTEM_LOOKASIDE_INFORMATION = record // Information Class 45
Depth: USHORT;
MaximumDepth: USHORT;
TotalAllocates: ULONG;
AllocateMisses: ULONG;
TotalFrees: ULONG;
FreeMisses: ULONG;
Type_: POOL_TYPE;
Tag: ULONG;
Size: ULONG;
end;
SYSTEM_LOOKASIDE_INFORMATION = _SYSTEM_LOOKASIDE_INFORMATION;
PSYSTEM_LOOKASIDE_INFORMATION = ^SYSTEM_LOOKASIDE_INFORMATION;
_SYSTEM_SET_TIME_SLIP_EVENT = record // Information Class 46
TimeSlipEvent: HANDLE;
end;
SYSTEM_SET_TIME_SLIP_EVENT = _SYSTEM_SET_TIME_SLIP_EVENT;
PSYSTEM_SET_TIME_SLIP_EVENT = ^SYSTEM_SET_TIME_SLIP_EVENT;
_SYSTEM_CREATE_SESSION = record // Information Class 47
Session: ULONG;
end;
SYSTEM_CREATE_SESSION = _SYSTEM_CREATE_SESSION;
PSYSTEM_CREATE_SESSION = ^SYSTEM_CREATE_SESSION;
_SYSTEM_DELETE_SESSION = record // Information Class 48
Session: ULONG;
end;
SYSTEM_DELETE_SESSION = _SYSTEM_DELETE_SESSION;
PSYSTEM_DELETE_SESSION = ^SYSTEM_DELETE_SESSION;
_SYSTEM_RANGE_START_INFORMATION = record // Information Class 50
SystemRangeStart: PVOID;
end;
SYSTEM_RANGE_START_INFORMATION = _SYSTEM_RANGE_START_INFORMATION;
PSYSTEM_RANGE_START_INFORMATION = ^SYSTEM_RANGE_START_INFORMATION;
_SYSTEM_POOL_BLOCK = record
Allocated: ByteBool;
Unknown: USHORT;
Size: ULONG;
Tag: array [0..3] of CHAR;
end;
SYSTEM_POOL_BLOCK = _SYSTEM_POOL_BLOCK;
PSYSTEM_POOL_BLOCK = ^SYSTEM_POOL_BLOCK;
_SYSTEM_POOL_BLOCKS_INFORMATION = record // Info Classes 14 and 15
PoolSize: ULONG;
PoolBase: PVOID;
Unknown: USHORT;
NumberOfBlocks: ULONG;
PoolBlocks: array [0..0] of SYSTEM_POOL_BLOCK;
end;
SYSTEM_POOL_BLOCKS_INFORMATION = _SYSTEM_POOL_BLOCKS_INFORMATION;
PSYSTEM_POOL_BLOCKS_INFORMATION = ^SYSTEM_POOL_BLOCKS_INFORMATION;
_SYSTEM_MEMORY_USAGE = record
Name: PVOID;
Valid: USHORT;
Standby: USHORT;
Modified: USHORT;
PageTables: USHORT;
end;
SYSTEM_MEMORY_USAGE = _SYSTEM_MEMORY_USAGE;
PSYSTEM_MEMORY_USAGE = ^SYSTEM_MEMORY_USAGE;
_SYSTEM_MEMORY_USAGE_INFORMATION = record // Info Classes 25 and 29
Reserved: ULONG;
EndOfData: PVOID;
MemoryUsage: array [0..0] of SYSTEM_MEMORY_USAGE;
end;
SYSTEM_MEMORY_USAGE_INFORMATION = _SYSTEM_MEMORY_USAGE_INFORMATION;
PSYSTEM_MEMORY_USAGE_INFORMATION = ^SYSTEM_MEMORY_USAGE_INFORMATION;
function NtQuerySystemEnvironmentValue(Name: PUNICODE_STRING; Value: PVOID; ValueLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtSetSystemEnvironmentValue(Name: PUNICODE_STRING; Value: PUNICODE_STRING): NTSTATUS; stdcall;
type
_SHUTDOWN_ACTION = (
ShutdownNoReboot,
ShutdownReboot,
ShutdownPowerOff);
SHUTDOWN_ACTION = _SHUTDOWN_ACTION;
function NtShutdownSystem(Action: SHUTDOWN_ACTION): NTSTATUS; stdcall;
type
_DEBUG_CONTROL_CODE = (
DebugFiller0,
DebugGetTraceInformation,
DebugSetInternalBreakpoint,
DebugSetSpecialCall,
DebugClearSpecialCalls,
DebugQuerySpecialCalls,
DebugDbgBreakPoint);
DEBUG_CONTROL_CODE = _DEBUG_CONTROL_CODE;
function NtSystemDebugControl(ControlCode: DEBUG_CONTROL_CODE; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
type
_OBJECT_INFORMATION_CLASS = (
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllTypesInformation,
ObjectHandleInformation);
OBJECT_INFORMATION_CLASS = _OBJECT_INFORMATION_CLASS;
function NtQueryObject(ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtSetInformationObject(ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG): NTSTATUS; stdcall;
type
_OBJECT_BASIC_INFORMATION = record // Information Class 0
Attributes: ULONG;
GrantedAccess: ACCESS_MASK;
HandleCount: ULONG;
PointerCount: ULONG;
PagedPoolUsage: ULONG;
NonPagedPoolUsage: ULONG;
Reserved: array [0..2] of ULONG;
NameInformationLength: ULONG;
TypeInformationLength: ULONG;
SecurityDescriptorLength: ULONG;
CreateTime: LARGE_INTEGER;
end;
_OBJECT_NAME_INFORMATION = record // Information Class 1
Name: UNICODE_STRING;
end;
OBJECT_NAME_INFORMATION = _OBJECT_NAME_INFORMATION;
POBJECT_NAME_INFORMATION = ^OBJECT_NAME_INFORMATION;
_OBJECT_TYPE_INFORMATION = record // Information Class 2
Name: UNICODE_STRING;
ObjectCount: ULONG;
HandleCount: ULONG;
Reserved1: array [0..3] of ULONG;
PeakObjectCount: ULONG;
PeakHandleCount: ULONG;
Reserved2: array [0..3] of ULONG;
InvalidAttributes: ULONG;
GenericMapping: GENERIC_MAPPING;
ValidAccess: ULONG;
Unknown: UCHAR;
MaintainHandleDatabase: ByteBool;
Reserved3: array [0..1] of UCHAR;
PoolType: POOL_TYPE;
PagedPoolUsage: ULONG;
NonPagedPoolUsage: ULONG;
end;
OBJECT_TYPE_INFORMATION = _OBJECT_TYPE_INFORMATION;
POBJECT_TYPE_INFORMATION = ^OBJECT_TYPE_INFORMATION;
_OBJECT_ALL_TYPES_INFORMATION = record // Information Class 3
NumberOfTypes: ULONG;
TypeInformation: OBJECT_TYPE_INFORMATION;
end;
OBJECT_ALL_TYPES_INFORMATION = _OBJECT_ALL_TYPES_INFORMATION;
POBJECT_ALL_TYPES_INFORMATION = ^OBJECT_ALL_TYPES_INFORMATION;
_OBJECT_HANDLE_ATTRIBUTE_INFORMATION = record // Information Class 4
Inherit: ByteBool;
ProtectFromClose: ByteBool;
end;
OBJECT_HANDLE_ATTRIBUTE_INFORMATION = _OBJECT_HANDLE_ATTRIBUTE_INFORMATION;
POBJECT_HANDLE_ATTRIBUTE_INFORMATION = ^OBJECT_HANDLE_ATTRIBUTE_INFORMATION;
function NtDuplicateObject(SourceProcessHandle: HANDLE; SourceHandle: HANDLE; TargetProcessHandle: HANDLE; TargetHandle: PHANDLE; DesiredAccess: ACCESS_MASK; Attributes: ULONG; Options: ULONG): NTSTATUS; stdcall;
function NtMakeTemporaryObject(Handle: HANDLE): NTSTATUS; stdcall;
function NtClose(Handle: HANDLE): NTSTATUS; stdcall;
function NtQuerySecurityObject(Handle: HANDLE; RequestedInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR; SecurityDescriptorLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtSetSecurityObject(Handle: HANDLE; SecurityInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR): NTSTATUS; stdcall;
function NtCreateDirectoryObject(DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
function NtOpenDirectoryObject(DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
function NtQueryDirectoryObject(DirectoryHandle: HANDLE; Buffer: PVOID; BufferLength: ULONG; ReturnSingleEntry: ByteBool; RestartScan: ByteBool; Context: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
type
_DIRECTORY_BASIC_INFORMATION = record
ObjectName: UNICODE_STRING;
ObjectTypeName: UNICODE_STRING;
end;
DIRECTORY_BASIC_INFORMATION = _DIRECTORY_BASIC_INFORMATION;
PDIRECTORY_BASIC_INFORMATION = ^DIRECTORY_BASIC_INFORMATION;
function NtCreateSymbolicLinkObject(SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TargetName: PUNICODE_STRING): NTSTATUS; stdcall;
function NtOpenSymbolicLinkObject(SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
function NtQuerySymbolicLinkObject(SymbolicLinkHandle: HANDLE; TargetName: PUNICODE_STRING; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtAllocateVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; AllocationSize: PULONG; AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall;
function NtFreeVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; FreeSize: PULONG; FreeType: ULONG): NTSTATUS; stdcall;
type
_MEMORY_INFORMATION_CLASS = (
MemoryBasicInformation,
MemoryWorkingSetList,
MemorySectionName,
MemoryBasicVlmInformation);
MEMORY_INFORMATION_CLASS = _MEMORY_INFORMATION_CLASS;
function NtQueryVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; MemoryInformationClass: MEMORY_INFORMATION_CLASS; MemoryInformation: PVOID; MemoryInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
type
_MEMORY_BASIC_INFORMATION = record // Information Class 0
BaseAddress: PVOID;
AllocationBase: PVOID;
AllocationProtect: ULONG;
RegionSize: ULONG;
State: ULONG;
Protect: ULONG;
Type_: ULONG;
end;
MEMORY_BASIC_INFORMATION = _MEMORY_BASIC_INFORMATION;
PMEMORY_BASIC_INFORMATION = ^MEMORY_BASIC_INFORMATION;
_MEMORY_WORKING_SET_LIST = record // Information Class 1
NumberOfPages: ULONG;
WorkingSetList: array [0..0] of ULONG;
end;
MEMORY_WORKING_SET_LIST = _MEMORY_WORKING_SET_LIST;
PMEMORY_WORKING_SET_LIST = ^MEMORY_WORKING_SET_LIST;
_MEMORY_SECTION_NAME = record // Information Class 2
SectionFileName: UNICODE_STRING;
end;
MEMORY_SECTION_NAME = _MEMORY_SECTION_NAME;
PMEMORY_SECTION_NAME = ^MEMORY_SECTION_NAME;
function NtLockVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall;
function NtUnlockVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall;
function NtReadVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtWriteVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtProtectVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; ProtectSize: PULONG; NewProtect: ULONG; OldProtect: PULONG): NTSTATUS; stdcall;
function NtFlushVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; FlushSize: PULONG; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall;
function NtAllocateUserPhysicalPages(ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
function NtFreeUserPhysicalPages(ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
function NtMapUserPhysicalPages(BaseAddress: PVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
function NtMapUserPhysicalPagesScatter(BaseAddresses: PPVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
function NtGetWriteWatch(ProcessHandle: HANDLE; Flags: ULONG; BaseAddress: PVOID; RegionSize: ULONG; Buffer: PULONG; BufferEntries: PULONG; Granularity: PULONG): NTSTATUS; stdcall;
function NtResetWriteWatch(ProcessHandle: HANDLE; BaseAddress: PVOID; RegionSize: ULONG): NTSTATUS; stdcall;
function NtCreateSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; SectionSize: PLARGE_INTEGER; Protect: ULONG; Attributes: ULONG; FileHandle: HANDLE): NTSTATUS; stdcall;
function NtOpenSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
type
_SECTION_INFORMATION_CLASS = (
SectionBasicInformation,
SectionImageInformation);
SECTION_INFORMATION_CLASS = _SECTION_INFORMATION_CLASS;
function NtQuerySection(SectionHandle: HANDLE; SectionInformationClass: SECTION_INFORMATION_CLASS; SectionInformation: PVOID; SectionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
type
_SECTION_BASIC_INFORMATION = record // Information Class 0
BaseAddress: PVOID;
Attributes: ULONG;
Size: LARGE_INTEGER;
end;
SECTION_BASIC_INFORMATION = _SECTION_BASIC_INFORMATION;
PSECTION_BASIC_INFORMATION = ^SECTION_BASIC_INFORMATION;
_SECTION_IMAGE_INFORMATION = record // Information Class 1
EntryPoint: PVOID;
Unknown1: ULONG;
StackReserve: ULONG;
StackCommit: ULONG;
Subsystem: ULONG;
MinorSubsystemVersion: USHORT;
MajorSubsystemVersion: USHORT;
Unknown2: ULONG;
Characteristics: ULONG;
ImageNumber: USHORT;
Executable: ByteBool;
Unknown3: UCHAR;
Unknown4: array [0..2] of ULONG;
end;
SECTION_IMAGE_INFORMATION = _SECTION_IMAGE_INFORMATION;
PSECTION_IMAGE_INFORMATION = ^SECTION_IMAGE_INFORMATION;
function NtExtendSection(SectionHandle: HANDLE; SectionSize: PLARGE_INTEGER): NTSTATUS; stdcall;
function NtMapViewOfSection(SectionHandle: HANDLE; ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; CommitSize: ULONG; SectionOffset: PLARGE_INTEGER; ViewSize: PULONG; InheritDisposition: SECTION_INHERIT; AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall;
function NtUnmapViewOfSection(ProcessHandle: HANDLE; BaseAddress: PVOID): NTSTATUS; stdcall;
function NtAreMappedFilesTheSame(Address1: PVOID; Address2: PVOID): NTSTATUS; stdcall;
type
_USER_STACK = record
FixedStackBase: PVOID;
FixedStackLimit: PVOID;
ExpandableStackBase: PVOID;
ExpandableStackLimit: PVOID;
ExpandableStackBottom: PVOID;
end;
USER_STACK = _USER_STACK;
PUSER_STACK = ^USER_STACK;
function NtCreateThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ProcessHandle: HANDLE; ClientId: PCLIENT_ID; ThreadContext: PCONTEXT; UserStack: PUSER_STACK; CreateSuspended: ByteBool): NTSTATUS; stdcall;
function NtOpenThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall;
function NtTerminateThread(ThreadHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall;
function NtQueryInformationThread(ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
function NtSetInformationThread(ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG): NTSTATUS; stdcall;
type
_THREAD_BASIC_INFORMATION = record // Information Class 0
ExitStatus: NTSTATUS;
TebBaseAddress: PNT_TIB;
ClientId: CLIENT_ID;
AffinityMask: KAFFINITY;
Priority: KPRIORITY;
BasePriority: KPRIORITY;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -