📄 native.pas
字号:
//
// The NATIVE NT API definitions.
//
unit native;
interface
uses windows;
const
ntdll = 'ntdll.dll';
STATUS_SUCCESS = 0;
// Define the create disposition values
//
FILE_SUPERSEDE = $00000000;
FILE_OPEN = $00000001;
FILE_CREATE = $00000002;
FILE_OPEN_IF = $00000003;
FILE_OVERWRITE = $00000004;
FILE_OVERWRITE_IF = $00000005;
FILE_MAXIMUM_DISPOSITION = $00000005;
//
// Define the create/open option flags
//
FILE_DIRECTORY_FILE = $00000001;
FILE_WRITE_THROUGH = $00000002;
FILE_SEQUENTIAL_ONLY = $00000004;
FILE_NO_INTERMEDIATE_BUFFERING = 00000008;
// Valid values for the Attributes field
//
OBJ_INHERIT = $00000002;
OBJ_PERMANENT = $00000010;
OBJ_EXCLUSIVE = $00000020;
OBJ_CASE_INSENSITIVE = $00000040;
OBJ_OPENIF = $00000080;
OBJ_OPENLINK = $00000100;
OBJ_KERNEL_HANDLE = $00000200;
OBJ_FORCE_ACCESS_CHECK = $00000400;
OBJ_VALID_ATTRIBUTES = $000007F2;
type
PNTSTATUS = ^NTSTATUS;
NTSTATUS = Integer;
ULONG_PTR = Longword;
USHORT = Word;
PWSTR = LPWSTR;
HANDLE = THandle;
PVOID = Pointer;
CCHAR = Char;
LONG = Longint;
PUNICODE_STRING = ^UNICODE_STRING;
_UNICODE_STRING = record
Length: USHORT;
MaximumLength: USHORT;
Buffer: PWSTR;
end;
UNICODE_STRING = _UNICODE_STRING;
PCUNICODE_STRING = ^UNICODE_STRING;
TUnicodeString = UNICODE_STRING;
PUnicodeString = PUNICODE_STRING;
PString = ^TString;
_STRING = record
Length: USHORT;
MaximumLength: USHORT;
Buffer: PCHAR;
end;
TString = _STRING;
ANSI_STRING = _STRING;
PANSI_STRING = PSTRING;
LPLARGE_INTEGER = ^LARGE_INTEGER;
{$IFDEF USE_DELPHI_TYPES}
_LARGE_INTEGER = Windows._LARGE_INTEGER;
LARGE_INTEGER = Windows.LARGE_INTEGER;
TLargeInteger = Windows.TLargeInteger;
{$ELSE}
_LARGE_INTEGER = record
case Integer of
0: (
LowPart: DWORD;
HighPart: LONG);
1: (
QuadPart: LONGLONG);
end;
LARGE_INTEGER = _LARGE_INTEGER;
TLargeInteger = LARGE_INTEGER;
{$ENDIF}
PLARGE_INTEGER = ^LARGE_INTEGER;
PLargeInteger = LPLARGE_INTEGER;
LPULARGE_INTEGER = ^ULARGE_INTEGER;
{$IFDEF USE_DELPHI_TYPES}
ULARGE_INTEGER = Windows.ULARGE_INTEGER;
TULargeInteger = Windows.TULargeInteger;
PULargeInteger = Windows.PULargeInteger;
{$ELSE}
ULARGE_INTEGER = record
case Integer of
0: (
LowPart: DWORD;
HighPart: DWORD);
1: (
QuadPart: LONGLONG);
end;
TULargeInteger = ULARGE_INTEGER;
PULargeInteger = LPULARGE_INTEGER;
{$ENDIF}
PULARGE_INTEGER = ^ULARGE_INTEGER;
POBJECT_ATTRIBUTES = ^OBJECT_ATTRIBUTES;
_OBJECT_ATTRIBUTES = record
Length: ULONG;
RootDirectory: HANDLE;
ObjectName: PUNICODE_STRING;
Attributes: ULONG;
SecurityDescriptor: PVOID; // Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService: PVOID; // Points to type SECURITY_QUALITY_OF_SERVICE
end;
OBJECT_ATTRIBUTES = _OBJECT_ATTRIBUTES;
TObjectAttributes = OBJECT_ATTRIBUTES;
PObjectAttributes = POBJECT_ATTRIBUTES;
_IO_STATUS_BLOCK = record
//union {
Status: NTSTATUS;
// PVOID Pointer;
//}
Information: ULONG_PTR;
end;
IO_STATUS_BLOCK = _IO_STATUS_BLOCK;
PIO_STATUS_BLOCK = ^IO_STATUS_BLOCK;
TIOStatusBlock = IO_STATUS_BLOCK;
PIOStatusBlock = PIO_STATUS_BLOCK;
PIO_APC_ROUTINE = procedure (ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Reserved: ULONG); stdcall;
_EVENT_TYPE = (NotificationEvent, SynchronizationEvent);
EVENT_TYPE = _EVENT_TYPE;
PEVENT_TYPE = ^EVENT_TYPE;
_FILE_INFORMATION_CLASS = (
FileFiller0,
FileDirectoryInformation, // 1
FileFullDirectoryInformation, // 2
FileBothDirectoryInformation, // 3
FileBasicInformation, // 4 wdm
FileStandardInformation, // 5 wdm
FileInternalInformation, // 6
FileEaInformation, // 7
FileAccessInformation, // 8
FileNameInformation, // 9
FileRenameInformation, // 10
FileLinkInformation, // 11
FileNamesInformation, // 12
FileDispositionInformation, // 13
FilePositionInformation, // 14 wdm
FileFullEaInformation, // 15
FileModeInformation, // 16
FileAlignmentInformation, // 17
FileAllInformation, // 18
FileAllocationInformation, // 19
FileEndOfFileInformation, // 20 wdm
FileAlternateNameInformation, // 21
FileStreamInformation, // 22
FilePipeInformation, // 23
FilePipeLocalInformation, // 24
FilePipeRemoteInformation, // 25
FileMailslotQueryInformation, // 26
FileMailslotSetInformation, // 27
FileCompressionInformation, // 28
FileObjectIdInformation, // 29
FileCompletionInformation, // 30
FileMoveClusterInformation, // 31
FileQuotaInformation, // 32
FileReparsePointInformation, // 33
FileNetworkOpenInformation, // 34
FileAttributeTagInformation, // 35
FileTrackingInformation, // 36
FileMaximumInformation);
FILE_INFORMATION_CLASS = _FILE_INFORMATION_CLASS;
PFILE_INFORMATION_CLASS = ^FILE_INFORMATION_CLASS;
type
FILE_DIRECTORY_INFORMATION = packed record
NextEntryOffset: ULONG;
Unknown: ULONG;
CreationTime,
LastAccessTime,
LastWriteTime,
ChangeTime,
EndOfFile,
AllocationSize: int64;
FileAttributes: ULONG;
FileNameLength: ULONG;
FileName: PWideChar;
end;
PFILE_DIRECTORY_INFORMATION = ^FILE_DIRECTORY_INFORMATION;
_FILE_BOTH_DIR_INFORMATION = record
NextEntryOffset : ULONG;
FileIndex : ULONG;
CreationTime : LARGE_INTEGER;
LastAccessTime : LARGE_INTEGER;
LastWriteTime : LARGE_INTEGER;
ChangeTime : LARGE_INTEGER;
EndOfFile : LARGE_INTEGER;
AllocationSize : LARGE_INTEGER;
FileAttributes : ULONG;
FileNameLength : ULONG;
EaSize : ULONG;
ShortNameLength : CCHAR;
ShortName : array[0..11] of WCHAR;
FileName : array[0..0] of WCHAR;
end;
FILE_BOTH_DIR_INFORMATION = _FILE_BOTH_DIR_INFORMATION;
TFileBothDirInformation = FILE_BOTH_DIR_INFORMATION;
function NT_SUCCESS(Status:NTSTATUS):boolean;
procedure InitializeObjectAttributes(p: POBJECT_ATTRIBUTES; n: PUNICODE_STRING;
a: ULONG; r: HANDLE; s: PVOID{PSECURITY_DESCRIPTOR});
function NtCreateFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES;
IoStatusBlock: PIO_STATUS_BLOCK; AllocationSize: PLARGE_INTEGER; FileAttributes: ULONG;
ShareAccess: ULONG; CreateDisposition: ULONG; CreateOptions: ULONG; EaBuffer: PVOID;
EaLength: ULONG): NTSTATUS; stdcall;
function NtQueryDirectoryFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID;
IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG;
FileInformationClass: FILE_INFORMATION_CLASS; ReturnSingleEntry: ByteBool; FileName: PUNICODE_STRING;
RestartScan: ByteBool): NTSTATUS; stdcall;
function NtCreateEvent(EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EventType: EVENT_TYPE;
InitialState: ByteBool): NTSTATUS; stdcall;
function NtWaitForSingleObject(Handle: HANDLE; Alertable: ByteBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
procedure RtlInitUnicodeString(DestinationString: PUNICODE_STRING; SourceString: LPCWSTR); stdcall;
function RtlUnicodeStringToAnsiString(DestinationString: PANSI_STRING; SourceString: PUNICODE_STRING;
AllocateDestinationString: ByteBool): NTSTATUS; stdcall;
implementation
function NT_SUCCESS(Status:NTSTATUS):boolean;
begin
result:=Status >= 0
end;
procedure InitializeObjectAttributes(p: POBJECT_ATTRIBUTES; n: PUNICODE_STRING;
a: ULONG; r: HANDLE; s: PVOID{PSECURITY_DESCRIPTOR});
begin
p^.Length := sizeof(OBJECT_ATTRIBUTES);
p^.RootDirectory := r;
p^.Attributes := a;
p^.ObjectName := n;
p^.SecurityDescriptor := s;
p^.SecurityQualityOfService := nil;
end;
function NtCreateFile; external ntdll name 'NtCreateFile';
function NtQueryDirectoryFile; external ntdll name 'NtQueryDirectoryFile';
function NtCreateEvent; external ntdll name 'NtCreateEvent';
function NtWaitForSingleObject; external ntdll name 'NtWaitForSingleObject';
procedure RtlInitUnicodeString; external ntdll name 'RtlInitUnicodeString';
function RtlUnicodeStringToAnsiString; external ntdll name 'RtlUnicodeStringToAnsiString';
end.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -