API tools faq
paste
Advertisement
Guest User

ntdll_.pas

a guest
Feb 8th, 2017
344
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Delphi 47.27 KB | None | 0 0
raw download clone embed print report
  1. // ntdll.dll functions definitions - NT Native API
  2. // Some of these functions are described in Win NT/2000 DDK (Rtl*,Zw* functions)
  3. // see also http://www.sysinternals.com/ntdll.htm
  4.  
  5. unit ntdll_;
  6.  
  7. interface
  8.  
  9. uses Windows;
  10.  
  11. type
  12.       PLARGE_INTEGER = ^LARGE_INTEGER;
  13.  
  14. //-------------------------------------------------------------
  15. type
  16.       NTSTATUS = LongInt;
  17.  
  18. const
  19.       STATUS_SUCCESS           = NTSTATUS(0);
  20.  
  21.       STATUS_NO_MORE_DATA      = NTSTATUS($8000001a);
  22.       STATUS_NO_MORE_FILES     = NTSTATUS($80000006);
  23.       STATUS_INVALID_PARAMETER = NTSTATUS($C000000D);
  24.  
  25. function RtlNtStatusToDosError( const Status : NTSTATUS ) : DWORD; stdcall;
  26.  
  27. //-------------------------------------------------------------
  28. // Counted String
  29. type
  30.       TNtAnsiString = packed record
  31.             Length        : Word;
  32.             MaximumLength : Word;
  33.             Buffer        : PChar;
  34.       end;
  35.       PNtAnsiString = ^TNtAnsiString;
  36.       ANSI_STRING = TNtAnsiString;
  37.  
  38.       TNtUnicodeString = packed record
  39.             Length        : Word;
  40.             MaximumLength : Word;
  41.             Buffer        : PWideChar;
  42.       end;
  43.       UNICODE_STRING = TNtUnicodeString;
  44.       PNtUnicodeString = ^TNtUnicodeString;
  45.  
  46. procedure RtlInitString( DestinationString : PNtAnsiString; SourceString : PChar ); stdcall;
  47. procedure RtlInitAnsiString( DestinationString : PNtAnsiString; SourceString : PChar ); stdcall;
  48. procedure RtlCopyString( DestinationString : PNtAnsiString; SourceString : PNtAnsiString ); stdcall;
  49. function  RtlUpperChar ( Character : Char ) : Char; stdcall;
  50. function  RtlCompareString( String1, String2 : PNtAnsiString; CaseInSensitive : Boolean ) : LongInt; stdcall;
  51. function  RtlEqualString( String1, String2 : PNtAnsiString; CaseInSensitive : Boolean ) : Boolean; stdcall;
  52. procedure RtlUpperString( DestinationString : PNtAnsiString; SourceString : PNtAnsiString ); stdcall;
  53. procedure RtlFreeAnsiString( NtAnsiString : PNtAnsiString ); stdcall;
  54.  
  55. //-------------------------------------------------------------
  56. // NLS String functions
  57. procedure RtlInitUnicodeString( DestinationString : PNtAnsiString; SourceString : PWideChar ); stdcall;
  58. function  RtlAnsiStringToUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtAnsiString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
  59. function  RtlUnicodeStringToAnsiString( DestinationString : PNtAnsiString; SourceString : PNtUnicodeString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
  60. function  RtlCompareUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : LongInt; stdcall;
  61. function  RtlEqualCompareUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : Boolean; stdcall;
  62. function  RtlPrefixUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : Boolean; stdcall;
  63. function  RtlUpcaseUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
  64. procedure RtlCopyUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString ); stdcall;
  65. function  RtlAppendUnicodeStringToString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString ): NTSTATUS; stdcall;
  66. function  RtlAppendUnicodeToString( DestinationString : PNtUnicodeString; SourceString : PWideChar ): NTSTATUS; stdcall;
  67. function  RtlUpcaseUnicodeChar( SourceCharacter : WideChar ) : WideChar; stdcall;
  68. procedure RtlFreeUnicodeString( UnicodeString : PNtUnicodeString ); stdcall;
  69. function  RtlxAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
  70. function  RtlAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
  71.  
  72.  
  73. //=============================================================
  74. // The following are definitions for documented and undocumented native APIs
  75. // and structures.
  76.  
  77. type
  78.  
  79.       TNtObjectAttributes = packed record
  80.             Length                   : ULONG; // = SizeOf(OBJECT_ATTRIBUTES)
  81.  
  82.             // Optionally specifies a handle to a directory obtained by a preceding call to NtCreateFile.
  83.             // If this value is NULL, the ObjectName member must be a fully qualified file specification
  84.             // that includes the full path to the target file.
  85.             // If this value is nonNULL, the ObjectName member specifies a file name relative to this directory.
  86.             RootDirectory            : THandle;
  87.  
  88.             ObjectName               : PNtUnicodeString;
  89.  
  90.             Attributes               : ULONG;
  91.             SecurityDescriptor       : Pointer; // Points to type SECURITY_DESCRIPTOR
  92.             SecurityQualityOfService : Pointer; // Points to type SECURITY_QUALITY_OF_SERVICE
  93.       end;
  94.       OBJECT_ATTRIBUTES = TNtObjectAttributes;
  95.       PNtObjectAttributes = ^TNtObjectAttributes;
  96.  
  97. // TNtObjectAttributes.Attributes
  98. const
  99.       OBJ_INHERIT          = $00000002;
  100.       OBJ_PERMANENT        = $00000010;
  101.       OBJ_EXCLUSIVE        = $00000020;
  102.       OBJ_CASE_INSENSITIVE = $00000040;
  103.       OBJ_OPENIF           = $00000080;
  104.       OBJ_OPENLINK         = $00000100;
  105.       OBJ_VALID_ATTRIBUTES = $000001F2;
  106.       OBJ_KERNEL_HANDLE    = $00000200;
  107.  
  108. //-------------------------------------------------------------
  109. type
  110.       TIoStatusBlock = packed record
  111.             Status      : NTSTATUS;
  112.             Information : ULONG;
  113.       end;
  114.       IO_STATUS_BLOCK = TIoStatusBlock;
  115.       PIoStatusBlock = ^TIoStatusBlock;
  116.  
  117. // TIoStatusBlock.Information value
  118. // Define the I/O status information return values for NtCreateFile/NtOpenFile
  119. const
  120.   FILE_SUPERSEDED     = $00000000;
  121.   FILE_OPENED         = $00000001;
  122.   FILE_CREATED        = $00000002;
  123.   FILE_OVERWRITTEN    = $00000003;
  124.   FILE_EXISTS         = $00000004;
  125.   FILE_DOES_NOT_EXIST = $00000005;
  126.  
  127.  
  128. //-------------------------------------------------------------
  129. // Define the file attributes values
  130. //
  131. // Note:  0x00000008 is reserved for use for the old DOS VOLID (volume ID)
  132. //        and is therefore not considered valid in NT.
  133. //
  134. // Note:  0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
  135. //        and is therefore not considered valid in NT.  This flag has
  136. //        been disassociated with file attributes since the other flags are
  137. //        protected with READ_ and WRITE_ATTRIBUTES access to the file.
  138. //
  139. // Note:  Note also that the order of these flags is set to allow both the
  140. //        FAT and the Pinball File Systems to directly set the attributes
  141. //        flags in attributes words without having to pick each flag out
  142. //        individually.  The order of these flags should not be changed!
  143. //
  144. const
  145.       FILE_ATTRIBUTE_READONLY            = $00000001;
  146.       FILE_ATTRIBUTE_HIDDEN              = $00000002;
  147.       FILE_ATTRIBUTE_SYSTEM              = $00000004;
  148. //OLD DOS VOLID                        $00000008
  149.       FILE_ATTRIBUTE_DIRECTORY           = $00000010;
  150.       FILE_ATTRIBUTE_ARCHIVE             = $00000020;
  151.       FILE_ATTRIBUTE_DEVICE              = $00000040;
  152.       FILE_ATTRIBUTE_NORMAL              = $00000080;
  153.  
  154.       FILE_ATTRIBUTE_TEMPORARY           = $00000100;
  155.       FILE_ATTRIBUTE_SPARSE_FILE         = $00000200;
  156.       FILE_ATTRIBUTE_REPARSE_POINT       = $00000400;
  157.       FILE_ATTRIBUTE_COMPRESSED          = $00000800;
  158.  
  159.       FILE_ATTRIBUTE_OFFLINE             = $00001000;
  160.       FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = $00002000;
  161.       FILE_ATTRIBUTE_ENCRYPTED           = $00004000;
  162.  
  163.       FILE_ATTRIBUTE_VALID_FLAGS     = $00007fb7;
  164.       FILE_ATTRIBUTE_VALID_SET_FLAGS = $000031a7;
  165. //-------------------------------------------------------------
  166.  
  167. const
  168.       FILE_READ_DATA        = $0001; // file & pipe
  169.       FILE_LIST_DIRECTORY   = $0001; // directory
  170.  
  171.       FILE_WRITE_DATA       = $0002; // file & pipe
  172.       FILE_ADD_FILE         = $0002; // directory
  173.  
  174.       FILE_APPEND_DATA          = $0004; // file
  175.       FILE_ADD_SUBDIRECTORY     = $0004; // directory
  176.       FILE_CREATE_PIPE_INSTANCE = $0004; // named pipe
  177.  
  178.       FILE_READ_EA              = $0008; // file & directory
  179.       FILE_WRITE_EA             = $0010; // file & directory
  180.  
  181.       FILE_EXECUTE              = $0020; // file
  182.       FILE_TRAVERSE             = $0020; // directory
  183.  
  184.       FILE_DELETE_CHILD         = $0040; // directory
  185.       FILE_READ_ATTRIBUTES      = $0080; // all
  186.       FILE_WRITE_ATTRIBUTES     = $0100; // all
  187.  
  188.       FILE_ALL_ACCESS      = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $01FF;
  189.       FILE_GENERIC_READ    = STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE;
  190.       FILE_GENERIC_WRITE   = STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE;
  191.       FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE;
  192.  
  193.  
  194. //-------------------------------------------------------------
  195. // Define the create disposition values
  196.       FILE_SUPERSEDE           = $00000000;
  197.       FILE_OPEN                = $00000001;
  198.       FILE_CREATE              = $00000002;
  199.       FILE_OPEN_IF             = $00000003;
  200.       FILE_OVERWRITE           = $00000004;
  201.       FILE_OVERWRITE_IF        = $00000005;
  202.       FILE_MAXIMUM_DISPOSITION = $00000005;
  203.  
  204. //-------------------------------------------------------------
  205. // Define the create/open option flags
  206. const
  207.       FILE_DIRECTORY_FILE              = $00000001;
  208.       FILE_WRITE_THROUGH               = $00000002;
  209.       FILE_SEQUENTIAL_ONLY             = $00000004;
  210.       FILE_NO_INTERMEDIATE_BUFFERING   = $00000008;
  211.  
  212.       FILE_SYNCHRONOUS_IO_ALERT        = $00000010;
  213.       FILE_SYNCHRONOUS_IO_NONALERT     = $00000020;
  214.       FILE_NON_DIRECTORY_FILE          = $00000040;
  215.       FILE_CREATE_TREE_CONNECTION      = $00000080;
  216.  
  217.       FILE_COMPLETE_IF_OPLOCKED        = $00000100;
  218.       FILE_NO_EA_KNOWLEDGE             = $00000200;
  219.       FILE_OPEN_FOR_RECOVERY           = $00000400;
  220.       FILE_RANDOM_ACCESS               = $00000800;
  221.  
  222.       FILE_DELETE_ON_CLOSE             = $00001000;
  223.       FILE_OPEN_BY_FILE_ID             = $00002000;
  224.       FILE_OPEN_FOR_BACKUP_INTENT      = $00004000;
  225.       FILE_NO_COMPRESSION              = $00008000;
  226.  
  227.       FILE_RESERVE_OPFILTER            = $00100000;
  228.       FILE_OPEN_REPARSE_POINT          = $00200000;
  229.       FILE_OPEN_NO_RECALL              = $00400000;
  230.       FILE_OPEN_FOR_FREE_SPACE_QUERY   = $00800000;
  231.  
  232.       FILE_COPY_STRUCTURED_STORAGE     = $00000041;
  233.       FILE_STRUCTURED_STORAGE          = $00000441;
  234.  
  235.       FILE_VALID_OPTION_FLAGS          = $00ffffff;
  236.       FILE_VALID_PIPE_OPTION_FLAGS     = $00000032;
  237.       FILE_VALID_MAILSLOT_OPTION_FLAGS = $00000032;
  238.       FILE_VALID_SET_FLAGS             = $00000036;
  239.  
  240. //-------------------------------------------------------------
  241. // Object Manager Object Type Specific Access Rights.
  242. const
  243.       OBJECT_TYPE_CREATE     = $0001;
  244.       OBJECT_TYPE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;
  245.  
  246. // Object Manager Directory Specific Access Rights.
  247.       DIRECTORY_QUERY               = $0001;
  248.       DIRECTORY_TRAVERSE            = $0002;
  249.       DIRECTORY_CREATE_OBJECT       = $0004;
  250.       DIRECTORY_CREATE_SUBDIRECTORY = $0008;
  251.       DIRECTORY_ALL_ACCESS          = STANDARD_RIGHTS_REQUIRED or $F;
  252.  
  253. // Object Manager Symbolic Link Specific Access Rights.
  254.       SYMBOLIC_LINK_QUERY      = $0001;
  255.       SYMBOLIC_LINK_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;
  256.  
  257. type
  258.       TNtObjectNameInformation = packed record
  259.     Name : UNICODE_STRING;
  260.   end;
  261.       OBJECT_NAME_INFORMATION = TNtObjectNameInformation;
  262.       PNtObjectNameInformation = ^TNtObjectNameInformation;
  263.  
  264. const
  265.       DUPLICATE_CLOSE_SOURCE    = $00000001;
  266.       DUPLICATE_SAME_ACCESS     = $00000002;
  267.       DUPLICATE_SAME_ATTRIBUTES = $00000004;
  268.  
  269. //-------------------------------------------------------------
  270. // Section Information Structures.
  271. type
  272.       TSectionInherit = (ViewNone,ViewShare,ViewUnmap);
  273.       SECTION_INHERIT = TSectionInherit;
  274.  
  275. // Section Access Rights.
  276. const
  277.       SECTION_QUERY       = $0001;
  278.       SECTION_MAP_WRITE   = $0002;
  279.       SECTION_MAP_READ    = $0004;
  280.       SECTION_MAP_EXECUTE = $0008;
  281.       SECTION_EXTEND_SIZE = $0010;
  282.  
  283.       SECTION_ALL_ACCESS  = STANDARD_RIGHTS_REQUIRED or SECTION_QUERY or SECTION_MAP_WRITE or SECTION_MAP_READ or SECTION_MAP_EXECUTE or SECTION_EXTEND_SIZE;
  284.       SEGMENT_ALL_ACCESS  = SECTION_ALL_ACCESS;
  285.  
  286.       PAGE_NOACCESS          = $01;
  287.       PAGE_READONLY          = $02;
  288.       PAGE_READWRITE         = $04;
  289.       PAGE_WRITECOPY         = $08;
  290.       PAGE_EXECUTE           = $10;
  291.       PAGE_EXECUTE_READ      = $20;
  292.       PAGE_EXECUTE_READWRITE = $40;
  293.       PAGE_EXECUTE_WRITECOPY = $80;
  294.       PAGE_GUARD             = $100;
  295.       PAGE_NOCACHE           = $200;
  296.       PAGE_WRITECOMBINE      = $400;
  297.  
  298.       MEM_COMMIT             = $1000;
  299.       MEM_RESERVE            = $2000;
  300.       MEM_DECOMMIT           = $4000;
  301.       MEM_RELEASE            = $8000;
  302.       MEM_FREE               = $10000;
  303.       MEM_PRIVATE            = $20000;
  304.       MEM_MAPPED             = $40000;
  305.       MEM_RESET              = $80000;
  306.       MEM_TOP_DOWN           = $100000;
  307.       MEM_LARGE_PAGES        = $20000000;
  308.       MEM_4MB_PAGES          = $80000000;
  309.       SEC_RESERVE            = $4000000;
  310.       PROCESS_DUP_HANDLE     = $0040;
  311.       PROCESS_ALL_ACCESS     = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $FFF;
  312. //-------------------------------------------------------------
  313. // Process Information Classes
  314. type
  315.       TProcessInfoClass = (ProcessBasicInformation,ProcessQuotaLimits,
  316.             ProcessIoCounters,ProcessVmCounters,
  317.             ProcessTimes,ProcessBasePriority,ProcessRaisePriority,
  318.             ProcessDebugPort,ProcessExceptionPort,
  319.             ProcessAccessToken,ProcessLdtInformation,
  320.             ProcessLdtSize,ProcessDefaultHardErrorMode,
  321.             ProcessIoPortHandlers,ProcessPooledUsageAndLimits,
  322.             ProcessWorkingSetWatch,ProcessUserModeIOPL,
  323.             ProcessEnableAlignmentFaultFixup,ProcessPriorityClass,
  324.             ProcessWx86Information,ProcessHandleCount,
  325.             ProcessAffinityMask,ProcessPriorityBoost,
  326.             ProcessDeviceMap,ProcessSessionInformation,
  327.             ProcessForegroundInformation,ProcessWow64Information,
  328.             MaxProcessInfoClass);
  329.       PROCESSINFOCLASS =  TProcessInfoClass;
  330.  
  331. // Thread Information Classes
  332.       TThreadInfoClass = (ThreadBasicInformation,ThreadTimes,ThreadPriority,
  333.             ThreadBasePriority,ThreadAffinityMask,
  334.             ThreadImpersonationToken,ThreadDescriptorTableEntry,
  335.             ThreadEnableAlignmentFaultFixup,ThreadEventPair_Reusable,
  336.             ThreadQuerySetWin32StartAddress,ThreadZeroTlsCell,
  337.             ThreadPerformanceCount,ThreadAmILastThread,
  338.             ThreadIdealProcessor,ThreadPriorityBoost,
  339.             ThreadSetTlsArrayAddress,ThreadIsIoPending,
  340.             ThreadHideFromDebugger,MaxThreadInfoClass);
  341.       THREADINFOCLASS = TThreadInfoClass;
  342.  
  343. //-------------------------------------------------------------
  344. type
  345.       TFileInformationClass = (__FileInformationNone,FileDirectoryInformation,
  346.             FileFullDirectoryInformation,FileBothDirectoryInformation,
  347.             FileBasicInformation,FileStandardInformation,
  348.             FileInternalInformation,FileEaInformation,
  349.             FileAccessInformation,FileNameInformation,
  350.             FileRenameInformation,FileLinkInformation,
  351.             FileNamesInformation,FileDispositionInformation,
  352.             FilePositionInformation,FileFullEaInformation,
  353.             FileModeInformation,FileAlignmentInformation,
  354.             FileAllInformation,FileAllocationInformation,
  355.             FileEndOfFileInformation,FileAlternateNameInformation,
  356.             FileStreamInformation,FilePipeInformation,
  357.             FilePipeLocalInformation,FilePipeRemoteInformation,
  358.             FileMailslotQueryInformation,FileMailslotSetInformation,
  359.             FileCompressionInformation,FileCopyOnWriteInformation,
  360.             FileCompletionInformation,FileMoveClusterInformation,
  361.             FileOleClassIdInformation,FileOleStateBitsInformation,
  362.             FileNetworkOpenInformation,FileObjectIdInformation,
  363.             FileOleAllInformation,FileOleDirectoryInformation,
  364.             FileContentIndexInformation,FileInheritContentIndexInformation,
  365.             FileOleInformation,FileMaximumInformation
  366.       );
  367.       FILE_INFORMATION_CLASS = TFileInformationClass;
  368.       PFileInformationClass = ^TFileInformationClass;
  369.  
  370. // Define the various structures which are returned on query operations
  371. type
  372.       TFileBasicInformation = record
  373.             CreationTime   : LARGE_INTEGER;
  374.             LastAccessTime : LARGE_INTEGER;
  375.             LastWriteTime  : LARGE_INTEGER;
  376.             ChangeTime     : LARGE_INTEGER;
  377.             FileAttributes : ULONG;
  378.       end;
  379.       FILE_BASIC_INFORMATION = TFileBasicInformation;
  380.       PFileBasicInformation = ^TFileBasicInformation;
  381.  
  382.       TFileStandardInformation = packed record
  383.             AllocationSize : LARGE_INTEGER;
  384.             EndOfFile      : LARGE_INTEGER;
  385.             NumberOfLinks  : ULONG;
  386.             DeletePending  : Boolean;
  387.             Directory      : Boolean;
  388.       end;
  389.       FILE_STANDARD_INFORMATION = TFileStandardInformation;
  390.       PFileStandardInformation = ^TFileStandardInformation;
  391.  
  392.       TFilePositionInformation = record
  393.             CurrentByteOffset : LARGE_INTEGER;
  394.       end;
  395.       FILE_POSITION_INFORMATION = TFilePositionInformation;
  396.       PFilePositionInformation = ^TFilePositionInformation;
  397.  
  398.       TFileAlignmentInformation = record
  399.             AlignmentRequirement : ULONG;
  400.       end;
  401.       FILE_ALIGNMENT_INFORMATION = TFileAlignmentInformation;
  402.       PFileAlignmentInformation = ^TFileAlignmentInformation;
  403.  
  404.       TFileNameInformation = packed record
  405.             FileNameLength : ULONG;
  406.             FileName       : Array[0..0] of WideChar;
  407.       end;
  408.       FILE_NAME_INFORMATION = TFileNameInformation;
  409.       PFileNameInformation = ^TFileNameInformation;
  410.  
  411.       TFileNetworkOpenInformation = record
  412.             CreationTime   : LARGE_INTEGER;
  413.             LastAccessTime : LARGE_INTEGER;
  414.             LastWriteTime  : LARGE_INTEGER;
  415.             ChangeTime     : LARGE_INTEGER;
  416.             AllocationSize : LARGE_INTEGER;
  417.             EndOfFile      : LARGE_INTEGER;
  418.             FileAttributes : ULONG;
  419.       end;
  420.       FILE_NETWORK_OPEN_INFORMATION = TFileNetworkOpenInformation;
  421.       PFileNetworkOpenInformation = ^TFileNetworkOpenInformation;
  422.  
  423.       TFileAttributeTagInformation = packed record
  424.             FileAttributes : ULONG;
  425.             ReparseTag : ULONG;
  426.       end;
  427.       FILE_ATTRIBUTE_TAG_INFORMATION = TFileAttributeTagInformation;
  428.       PFileAttributeTagInformation = ^TFileAttributeTagInformation;
  429.  
  430.       TFileDispositionInformation = packed record
  431.             DeleteFile : Boolean;
  432.       end;
  433.       FILE_DISPOSITION_INFORMATION = TFileDispositionInformation;
  434.       PFileDispositionInformation = ^TFileDispositionInformation;
  435.  
  436.       TFileEndOfFileInformation = record
  437.             EndOfFile : LARGE_INTEGER;
  438.       end;
  439.       FILE_END_OF_FILE_INFORMATION = TFileEndOfFileInformation;
  440.       PFileEndOfFileInformation = ^TFileEndOfFileInformation;
  441.  
  442.       TFileFullEAIinformation = packed record
  443.             NextEntryOffset : ULONG;
  444.             Flags           : Byte;
  445.             EaNameLength    : Byte;
  446.             EaValueLength   : Word;
  447.             EaName          : Array[0..0] of Char;
  448.       end;
  449.       FILE_FULL_EA_INFORMATION = TFileFullEAIinformation;
  450.       PFileFullEAIinformation = ^TFileFullEAIinformation;
  451.  
  452. type
  453.       TFileDirectoryInformation = packed record
  454.             NextEntryOffset : ULONG;
  455.             FileIndex       : ULONG;
  456.             CreationTime    : LARGE_INTEGER;
  457.             LastAccessTime  : LARGE_INTEGER;
  458.             LastWriteTime   : LARGE_INTEGER;
  459.             ChangeTime      : LARGE_INTEGER;
  460.             EndOfFile       : LARGE_INTEGER;
  461.             AllocationSize  : LARGE_INTEGER;
  462.             FileAttributes  : ULONG;
  463.             FileNameLength  : ULONG;
  464.             FileName : Array[0..0] of WideChar;
  465.       end;
  466.       FILE_DIRECTORY_INFORMATION = TFileDirectoryInformation;
  467.       PFileDirectoryInformation = ^TFileDirectoryInformation;
  468.  
  469. type
  470.       TIoApcRoutine = procedure ( ApcContext : Pointer; IoStatusBlock : PIoStatusBlock; Reserved : ULONG ); stdcall;
  471.  
  472.  
  473.  
  474. //-------------------------------------------------------------
  475. // NtCreateFile either causes a new file or directory to be created,
  476. // or it opens an existing file, device, directory, or volume,
  477. // giving the caller a handle for the file object.
  478. // This handle can be used by subsequent calls to manipulate data
  479. // within the file or the file object's state or attributes.
  480. // For example, a driver might call this routine during initialization
  481. //      to open a file of microcode for its device.
  482. function NtCreateFile(
  483.       // Points to a variable that receives the file handle if the call is successful.
  484.       var FileHandle      : THandle;
  485.  
  486.       // Specifies the type of access that the caller requires to the file or directory.
  487.       const DesiredAccess : ACCESS_MASK;
  488.  
  489.       // Pointer to a structure that a caller initializes with InitializeObjectAttributes
  490.       var ObjectAttributes    : TNtObjectAttributes;
  491.  
  492.       // Points to a variable that receives the final completion status
  493.       // and information about the requested operation.
  494.       var IoStatusBlock   : TIoStatusBlock;
  495.  
  496.       // Optionally specifies the initial allocation size in bytes for the file.
  497.       // A nonzero value has no effect unless the file is being created, overwritten,
  498.       // or superseded.
  499.       AllocationSize      : PLARGE_INTEGER;
  500.  
  501.       // Explicitly specified attributes are applied only when the file is created,
  502.       // superseded, or, in some cases, overwritten.
  503.   const FileAttributes: ULONG;
  504.  
  505.       // Specifies the type of share access that the caller would like to the file.
  506.       // Device and intermediate drivers usually set ShareAccess to zero, which gives
  507.       // the caller exclusive access to the open file.
  508.       const ShareAccess       : ULONG;
  509.  
  510.       // Specifies what to do, depending on whether the file already exists
  511.       const CreateDisposition : ULONG;
  512.  
  513.       // Specifies the options to be applied when creating or opening the file
  514.       const CreateOptions     : ULONG;
  515.  
  516.       // For device and intermediate drivers, this parameter must be a NULL pointer
  517.       EaBuffer          : Pointer;
  518.  
  519.       // For device and intermediate drivers, this parameter must be zero
  520.       EaLength          : ULONG
  521.  
  522. ) : NTSTATUS; stdcall;
  523.  
  524. //-------------------------------------------------------------
  525. // NtOpenFile opens an existing file, device, directory, or volume,
  526. // and returns a handle for the file object
  527. function NtOpenFile(
  528.       // Points to a variable that receives the file handle if the call is successful.
  529.       var FileHandle : THandle;
  530.  
  531.       // Specifies the type of access that the caller requires to the file or directory.
  532.       const      DesiredAccess : ACCESS_MASK;
  533.  
  534.       // Pointer to a structure that a caller initializes with InitializeObjectAttributes
  535.       var ObjectAttributes : TNtObjectAttributes;
  536.  
  537.       // Points to a variable that receives the final completion status
  538.       // and information about the requested operation.
  539.       var IoStatusBlock : TIoStatusBlock;
  540.  
  541.       // Specifies the type of share access that the caller would like to the file.
  542.       // Device and intermediate drivers usually set ShareAccess to zero, which gives
  543.       // the caller exclusive access to the open file.
  544.       const ShareAccess : ULONG;
  545.  
  546.       // Specifies the options to be applied when opening the file
  547.       const OpenOptions : ULONG
  548. ) : NTSTATUS; stdcall;
  549.  
  550. //-------------------------------------------------------------
  551. // NtQueryInformationFile returns various kinds of information about a given file object
  552. function NtQueryInformationFile(
  553.       const FileHandle : THandle;
  554.  
  555.       // Points to a variable that receives the final completion status and information about the operation.
  556.       var IoStatusBlock : TIoStatusBlock;
  557.  
  558.       // Points to a caller-allocated buffer or variable that receives the desired information about the file.
  559.       // The contents of FileInformation are defined by the FileInformationClass parameter.
  560.       FileInformation : Pointer;
  561.  
  562.       // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
  563.       Length : ULONG;
  564.  
  565.       // Specifies the type of information to be returned about the file.
  566.       FileInformationClass : TFileInformationClass
  567. ) : NTSTATUS; stdcall;
  568.  
  569. //-------------------------------------------------------------
  570. // NtSetInformationFile changes various kinds of information about a given file object.
  571. function NtSetInformationFile(
  572.       FileHandle : THandle;
  573.  
  574.       // Points to a variable that receives the final completion status and information about the operation.
  575.       var IoStatusBlock : TIoStatusBlock;
  576.  
  577.       // Points to a buffer or variable containing the information to be set for the file.
  578.       // The contents of FileInformation are defined by the FileInformationClass parameter.
  579.       // Setting any member of the structure in this buffer or variable to zero tells NtSetInformationFile
  580.       // to leave the current information about the file for that member unchanged.
  581.       FileInformation : Pointer;
  582.  
  583.       // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
  584.       Length : ULONG;
  585.  
  586.       // Specifies the type of information to be reset for file.
  587.       FileInformationClass: TFileInformationClass
  588. ) : NTSTATUS; stdcall;
  589.  
  590.  
  591. //-------------------------------------------------------------
  592. // Data can be read from an opened file using NtReadFile
  593. function NtReadFile(
  594.       FileHandle : THandle;
  595.  
  596.       // Specifies an optional handle for an event to be set to the signaled
  597.       // state after the read operation completes.
  598.       // Device and intermediate drivers should set this parameter to NULL.
  599.       Event : THandle;
  600.  
  601.       // Device and intermediate drivers should set this pointer to NULL.
  602.       ApcRoutine : TIoApcRoutine;
  603.  
  604.       // Device and intermediate drivers should set this pointer to NULL.
  605.       ApcContext:Pointer;
  606.  
  607.       // Points to a variable that receives the final completion status and information about the operation.
  608.       var IoStatusBlock : TIoStatusBlock;
  609.  
  610.       // Pointer to a caller-allocated buffer that receives the data read from the file.
  611.       Buffer : Pointer;
  612.  
  613.       // Specifies the size in bytes of the given Buffer.
  614.       // A successful call to ZwReadFile returns the given number of bytes from the file,
  615.       // unless this routine reaches the end of file first.
  616.       Length : ULONG;
  617.  
  618.       // Pointer to a variable that specifies the starting byte offset in the file
  619.       // where the read operation will begin.
  620.       // If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
  621.       ByteOffset : PLARGE_INTEGER;
  622.  
  623.       // Device and intermediate drivers should set this pointer to NULL.
  624.       Key : PDWORD
  625. ) : NTSTATUS; stdcall;
  626.  
  627. //-------------------------------------------------------------
  628. // Data can be written to an open file using NtWriteFile.
  629. function NtWriteFile(
  630.       FileHandle : THandle;
  631.  
  632.       // Specifies an optional handle for an event to be set to the signaled
  633.       // state after operation completes.
  634.       // Device and intermediate drivers should set this parameter to NULL.
  635.       Event : THandle;
  636.  
  637.       // Device and intermediate drivers should set this pointer to NULL.
  638.       ApcRoutine : TIoApcRoutine;
  639.  
  640.       // Device and intermediate drivers should set this pointer to NULL.
  641.       ApcContext:Pointer;
  642.  
  643.       // Points to a variable that receives the final completion status and information about the operation.
  644.       var IoStatusBlock : TIoStatusBlock;
  645.  
  646.       // Pointer to a caller-allocated buffer containing the data to be written to the file.
  647.       Buffer : Pointer;
  648.  
  649.       // Specifies the size in bytes of the given Buffer.
  650.       // A successful call to NtWriteFile transfers the given number of bytes to the file.
  651.       // If necessary, the length of the file is extended.
  652.       Length : ULONG;
  653.  
  654.       // Pointer to a variable that specifies the starting byte offset in the file
  655.       // where the read operation will begin.
  656.       // If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
  657.       ByteOffset : PLARGE_INTEGER;
  658.  
  659.       // Device and intermediate drivers should set this pointer to NULL.
  660.       Key : PDWORD
  661. ) : NTSTATUS; stdcall;
  662.  
  663. //-------------------------------------------------------------
  664. // NtClose closes object handles.
  665. // A named object is not actually deleted until all of its valid handles are closed
  666. // and no referenced pointers remain.
  667. function NtClose( Handle : THandle ) : NTSTATUS; stdcall;
  668.  
  669. //-------------------------------------------------------------
  670. // NtCreateDirectoryObject creates or opens a directory object, which is a container for other objects.
  671. function NtCreateDirectoryObject(
  672.       // Points to a variable that receives the directory object handle if the call is successful.
  673.       var DirectoryHandle : THandle;
  674.  
  675.       // Specifies the type of access that the caller requires to the directory object.
  676.       // This value is compared with the granted access on an existing directory object.
  677.       const DesiredAccess : ACCESS_MASK;
  678.  
  679.       // Points to a structure that specifies the object's attributes,
  680.       // which has already been initialized with InitializeObjectAttributes.
  681.       var ObjectAttributes : TNtObjectAttributes
  682. ) : NTSTATUS; stdcall;
  683.  
  684. //-------------------------------------------------------------
  685. // NtOpenDirectoryObject opens a directory object, which is a container for other objects.
  686. function NtOpenDirectoryObject(
  687.       // Points to a variable that receives the directory object handle if the call is successful.
  688.       var DirectoryHandle : THandle;
  689.  
  690.       // Specifies the type of access that the caller requires to the directory object.
  691.       // This value is compared with the granted access on an existing directory object.
  692.       const DesiredAccess : ACCESS_MASK;
  693.  
  694.       // Points to a structure that specifies the object's attributes,
  695.       // which has already been initialized with InitializeObjectAttributes.
  696.       var ObjectAttributes : TNtObjectAttributes
  697. ) : NTSTATUS; stdcall;
  698.  
  699. //-------------------------------------------------------------
  700. // warning: reconstruction
  701. //
  702. // NtQueryDirectoryObject returns various kinds of information about a given directory object
  703. type
  704.       TDirectoryInformationClass = TFileInformationClass; // !!!! It is wrong
  705.  
  706.       TDirectoryInformationType1 = packed record
  707.             ObjectName     : TNtUnicodeString;
  708.             ObjectTypeName : TNtUnicodeString;
  709.       end;
  710.  
  711. function NtQueryDirectoryObject(
  712.       const FileHandle : THandle;
  713.  
  714.       // Points to a caller-allocated buffer or variable that receives the desired information about the directory.
  715.       // The contents of FileInformation are defined by the FileInformationClass parameter.
  716.       DirectoryInformation : Pointer;
  717.  
  718.       // Specifies the size in bytes of DirectoryInformation,
  719.       // which the caller should set according to the given DirectoryInformationClass.
  720.       const Length : ULONG;
  721.  
  722.       // Specifies the type of information to be returned about the file.
  723.       DirectoryInformationClass : TDirectoryInformationClass; // ??? = 1
  724.  
  725.       // False for first call
  726.   RestartScan : Boolean;
  727.  
  728.       var dwIndex : DWORD;
  729.  
  730.       var cbBytesReturned : DWORD
  731.  
  732. ) : NTSTATUS; stdcall;
  733.  
  734.  
  735. //-------------------------------------------------------------
  736. function NtQueryDirectoryFile(
  737.       const FileHandle : THandle;
  738.  
  739.       // Specifies an optional handle for an event to be set to the signaled
  740.       // state after operation completes.
  741.       // Device and intermediate drivers should set this parameter to NULL.
  742.       const Event : THandle;
  743.  
  744.       // set this pointer to NULL.
  745.       ApcRoutine : TIoApcRoutine;
  746.  
  747.       // set this pointer to NULL.
  748.       ApcContext : Pointer;
  749.  
  750.       // Points to a variable that receives the final completion status and information about the operation.
  751.       var IoStatusBlock : TIoStatusBlock;
  752.  
  753.       // Points to a caller-allocated buffer or variable that receives the desired information about file from directory.
  754.       // The contents of FileInformation are defined by the FileInformationClass parameter.
  755.       FileInformation : Pointer;
  756.  
  757.       // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
  758.       Length : ULONG;
  759.  
  760.       // Specifies the type of information to be returned about the file.
  761.       FileInformationClass: TFileInformationClass;
  762.  
  763.       ReturnSingleEntry : Boolean;
  764.  
  765.       FileName : PNtUnicodeString;
  766.  
  767.       // False for first call
  768.   RestartScan : Boolean
  769. ) : NTSTATUS; stdcall;
  770.  
  771. //-------------------------------------------------------------
  772. // NtMakeTemporaryObject changes the attributes of an object to make it temporary.
  773. function NtMakeTemporaryObject( Handle : THandle ) : NTSTATUS; stdcall;
  774.  
  775. //-------------------------------------------------------------
  776. // NtOpenSection opens a handle for an existing section object.
  777. function NtOpenSection(
  778.       // Points to a variable that will receive the section object handle if this call is successful.
  779.       out SectionHandle : THandle;
  780.  
  781.       // Specifies a mask representing the requested access to the object.
  782.       const DesiredAccess : ACCESS_MASK;
  783.  
  784.       // Points to the initialized object attributes of the section to be opened.
  785.       ObjectAttributes : TNtObjectAttributes
  786. ) : NTSTATUS; stdcall;
  787.  
  788. //-------------------------------------------------------------
  789. // NtMapViewOfSection maps a view of a section into the virtual address space of a subject process.
  790. function NtMapViewOfSection(
  791.       // Is the handle returned by a successful call to NtOpenSection.
  792.       SectionHandle : THandle;
  793.  
  794.       // Is the handle of an opened process object, representing the process for which the view should be mapped.
  795.       ProcessHandle : THandle;
  796.  
  797.       // Points to a variable that will receive the base address of the view.
  798.       // If the initial value of this argument is nonNULL,
  799.       // the view is allocated starting at the specified virtual address
  800.       // rounded down to the next 64-kilobyte address boundary.
  801.       var BaseAddress : Pointer;
  802.  
  803.       // Specifies the number of high-order address bits that must be zero
  804.       // in the base address of the section view.
  805.       // The value of this argument must be less than 21 and is used only
  806.       // when the operating system determines where to allocate the view, as when BaseAddress is NULL.
  807.       ZeroBits : ULONG;
  808.  
  809.       // Specifies the size, in bytes, of the initially committed region of the view.
  810.       // CommitSize is only meaningful for page-file backed sections.
  811.       // For mapped sections, both data and image are always committed at section creation time.
  812.       // This parameter is ignored for mapped files. This value is rounded up to the next host-page-size boundary.
  813.       CommitSize : ULONG;
  814.  
  815.       // Points to the offset, in bytes, from the beginning of the section to the view.
  816.       // If this pointer is nonNULL, the given value is rounded down to the next allocation granularity size boundary.
  817.       SectionOffset : PLARGE_INTEGER;
  818.  
  819.       // Points to a variable that will receive the actual size, in bytes, of the view.
  820.       // If the value of this parameter is zero, a view of the section will be mapped starting
  821.       // at the specified section offset and continuing to the end of the section.
  822.       // Otherwise, the initial value of this argument specifies the size of the view,
  823.       // in bytes, and is rounded up to the next host page-size boundary.
  824.       ViewSize : DWORD;
  825.  
  826.       // Specifies how the view is to be shared by a child process
  827.       // created with a create process operation.
  828.       // Device and intermediate drivers should set this parameter to ViewNone.
  829.       InheritDisposition : SECTION_INHERIT;
  830.  
  831.       // A set of flags that describes the type of allocation to be performed for the specified region of pages.
  832.       AllocationType : ULONG;
  833.  
  834.       // Specifies the protection for the region of initially committed pages.
  835.       // Device and intermediate drivers should set this value to PAGE_READWRITE.
  836.       Protect : ULONG
  837. ) : NTSTATUS; stdcall;
  838.  
  839. //-------------------------------------------------------------
  840. // NtUnmapViewOfSection unmaps a view of a section from the virtual address space of a subject process.
  841. function NtUnmapViewOfSection(
  842.       // Specifies an open handle of the process that was passed in a preceding call to NtMapViewOfSection.
  843.       const ProcessHandle : THandle;
  844.  
  845.       // Points to the base virtual address of the view that is to be unmapped.
  846.       // This value can be any virtual address within the view.
  847.       const BaseAddress : Pointer
  848. ) : NTSTATUS; stdcall;
  849.  
  850. //-------------------------------------------------------------
  851. // NtSetInformationThread can be called to set the priority of a thread for which the caller has a handle.
  852. function NtSetInformationThread(
  853.       // Is the open handle for a thread.
  854.       ThreadHandle : THandle;
  855.  
  856.       // Is one of the system-defined values ThreadPriority or ThreadBasePriority.
  857.       ThreadInformationClass : THREADINFOCLASS;
  858.  
  859.       // Points to a variable specifying the information to be set.
  860.       // If ThreadInformationClass is ThreadPriority, this value must be > LOW_PRIORITY and <= HIGH_PRIORITY.
  861.       // If ThreadInformationClass is ThreadBasePriority, this value must fall within the system's
  862.       // valid base priority range and the original priority class for the given thread:
  863.       // that is, if a thread's priority class is variable, that thread's base priority cannot be reset to a real-time priority value and vice versa.
  864.       ThreadInformation : Pointer;
  865.  
  866.       // Is the size in bytes of ThreadInformation, which must be at least sizeof(KPRIORITY).
  867.       ThreadInformationLength : ULONG
  868. ) : NTSTATUS; stdcall;
  869.  
  870. {function NtCreateKey(
  871.       out KeyHandle : THandle;
  872.       const DesiredAccess : ACCESS_MASK;
  873.       ObjectAttributes : TNtObjectAttributes;
  874.       TitleIndex:ULONG;
  875.       ObjectClass : PNtUnicodeString;
  876.       CreateOptions:ULONG;
  877.        Disposition:PULONG
  878.  ) : NTSTATUS; stdcall;
  879.  
  880. function NtOpenKey(
  881.       out KeyHandle : THandle;
  882.        DesiredAccess : ACCESS_MASK;
  883.       ObjectAttributes : PNtObjectAttributes
  884. ) : NTSTATUS; stdcall;
  885.  
  886. function NtDeleteKey( KeyHandle : THandle ) : NTSTATUS; stdcall;
  887.  
  888. function NtEnumerateKey(
  889.       KeyHandle : THandle;
  890.        Index:ULONG;
  891.        KeyInformationClass : KEY_INFORMATION_CLASS;
  892.        KeyInformation : Pointer;
  893.        Length : ULONG;
  894.        ResultLength : PDWORD
  895. ) : NTSTATUS; stdcall;
  896.  
  897. function NtEnumerateValueKey(
  898.        KeyHandle : THandle;
  899.        Index : ULONG;
  900.        KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
  901.        KeyValueInformation : Pointer;
  902.        Length:ULONG;
  903.       ResultLength : PULONG
  904. ) : NTSTATUS; stdcall;
  905.  
  906. function NtFlushKey( KeyHandle : THandle ) : NTSTATUS; stdcall;
  907.  
  908. function NtQueryKey(
  909.       KeyHandle : THandle;
  910.       KeyInformationClass : KEY_INFORMATION_CLASS;
  911.       KeyInformation:Pointer;
  912.       Length : ULONG;
  913.        ResultLength : PDWORD
  914. ) : NTSTATUS; stdcall;
  915.  
  916. function NtQueryValueKey(
  917.       KeyHandle : THandle;
  918.       ValueName : PUNICODE_STRING;
  919.       KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
  920.       KeyValueInformation : Pointer;
  921.       Length : ULONG;
  922.       ResultLength : PDWORD
  923. ) : NTSTATUS; stdcall;
  924.  
  925. function NtSetValueKey(
  926.       KeyHandle : THandle;
  927.       ValueName : PUNICODE_STRING;
  928.       TitleIndex : ULONG;
  929.       Type : ULONG;
  930.       Data : Pointer;
  931.       DataSize : ULONG
  932. ) : NTSTATUS; stdcall;
  933. }
  934.  
  935. //-------------------------------------------------------------
  936. // NtOpenSymbolicLinkObject returns a handle to an existing symbolic link.
  937. function NtOpenSymbolicLinkObject(
  938.       // Points to a returned handle for the symbolic link object specified in ObjectAttributes if the call was successful.
  939.       var LinkHandle : THandle;
  940.  
  941.       // Specifies the type of access that the caller requires to the key.
  942.       // This is most commonly GENERIC_READ access such that the returned handle can be used with NtQuerySymbolicLinkObject.
  943.       const DesiredAccess : ACCESS_MASK;
  944.  
  945.       // Points to the initialized object attributes for the symbolic link being opened.
  946.       // An ObjectName string for the symbolic link must be specified.
  947.       ObjectAttributes : TNtObjectAttributes
  948. ) : NTSTATUS; stdcall;
  949.  
  950. //-------------------------------------------------------------
  951. // NtQuerySymbolicLinkObject returns a Unicode string containing the target of the symbolic link.
  952. function NtQuerySymbolicLinkObject(
  953.       // Specifies a valid handle to an open symbolic link object obtained by calling ZwOpenSymbolicLinkObject.
  954.       LinkHandle : THandle;
  955.  
  956.       // Points to an initialized Unicode string that contains the target of the symbolic link,
  957.       // specified by LinkHandle, if the call was successful.
  958.       LinkTarget : TNtUnicodeString;
  959.  
  960.       // Optionally, points to a unsigned long integer that on input contains the maximum number of bytes
  961.       // to copy into the Unicode string at LinkTarget.
  962.       // On output, the unsigned long integer contains the length of the Unicode string
  963.       // naming the target of the symbolic link.
  964.       ReturnedLength : PDWORD
  965. ) : NTSTATUS; stdcall;
  966.  
  967. {
  968. function NtCreateTimer(
  969.       out TimerHandle : THandle;
  970.       const DesiredAccess : ACCESS_MASK;
  971.       ObjectAttributes : TNtObjectAttributes;
  972.       const TimerType : TIMER_TYPE
  973. ) : NTSTATUS; stdcall;
  974.  
  975. function NtOpenTimer(
  976.       out TimerHandle : THandle;
  977.       const DesiredAccess : ACCESS_MASK;
  978.       ObjectAttributes : TNtObjectAttributes
  979. ) : NTSTATUS; stdcall;
  980.  
  981. function NtCancelTimer(
  982.       TimerHandle : THandle;
  983.       CurrentState : PBoolean
  984. ) : NTSTATUS; stdcall;
  985.  
  986. function NtSetTimer(
  987.       TimerHandle : THandle;
  988.       DueTime : PLARGE_INTEGER;
  989.       TimerApcRoutine : PTIMER_APC_ROUTINE;
  990.       TimerContext : Pointer;
  991.       WakeTimer : Boolean;
  992.       Period : DWORD;
  993.       PreviousState : PBoolean
  994. ) : NTSTATUS; stdcall;
  995. }
  996.  
  997.  
  998. //-------------------------------------------------------------
  999. procedure InitializeObjectAttributes(
  1000.       InitializedAttributes : PNtObjectAttributes;
  1001.       pObjectName : PNtUnicodeString;
  1002.       const uAttributes : ULONG;
  1003.       const hRootDirectory : THandle;
  1004.       pSecurityDescriptor : PSECURITY_DESCRIPTOR
  1005. );
  1006.  
  1007.  
  1008. //-------------------------------------------------------------
  1009. var
  1010.       NLS_MB_CODE_PAGE_TAG : Boolean; // TRUE -> Multibyte CP, FALSE -> Singlebyte
  1011. //NLS_MB_OEM_CODE_PAGE_TAG : Boolean; // TRUE -> Multibyte CP, FALSE -> Singlebyte
  1012.  
  1013. //=============================================================
  1014. implementation
  1015.  
  1016. const
  1017.       DLL = 'ntdll.dll';
  1018.  
  1019. var
  1020.        AnsiCPInfo: TCPInfo;
  1021.  
  1022. function  RtlNtStatusToDosError; external DLL name 'RtlNtStatusToDosError';
  1023.  
  1024. procedure RtlInitString; external DLL name 'RtlInitString';
  1025. procedure RtlInitAnsiString;      external DLL name 'RtlInitAnsiString';
  1026. procedure RtlCopyString;      external DLL name 'RtlCopyString';
  1027. function  RtlUpperChar;      external DLL name 'RtlUpperChar';
  1028. function  RtlCompareString;      external DLL name 'RtlCompareString';
  1029. function  RtlEqualString;      external DLL name 'RtlEqualString';
  1030. procedure RtlUpperString;      external DLL name 'RtlUpperString';
  1031. procedure RtlFreeAnsiString;      external DLL name 'RtlFreeAnsiString';
  1032.  
  1033. procedure RtlInitUnicodeString;      external DLL name 'RtlInitUnicodeString';
  1034. function  RtlAnsiStringToUnicodeString;      external DLL name 'RtlAnsiStringToUnicodeString';
  1035. function  RtlUnicodeStringToAnsiString;      external DLL name 'RtlUnicodeStringToAnsiString';
  1036. function  RtlCompareUnicodeString;      external DLL name 'RtlCompareUnicodeString';
  1037. function  RtlEqualCompareUnicodeString;      external DLL name 'RtlEqualCompareUnicodeString';
  1038. function  RtlPrefixUnicodeString;      external DLL name 'RtlPrefixUnicodeString';
  1039. function  RtlUpcaseUnicodeString;      external DLL name 'RtlUpcaseUnicodeString';
  1040. procedure RtlCopyUnicodeString;      external DLL name 'RtlCopyUnicodeString';
  1041. function  RtlAppendUnicodeStringToString;      external DLL name 'RtlAppendUnicodeStringToString';
  1042. function  RtlAppendUnicodeToString;      external DLL name 'RtlAppendUnicodeToString';
  1043. function  RtlUpcaseUnicodeChar;      external DLL name 'RtlUpcaseUnicodeChar';
  1044. procedure RtlFreeUnicodeString;      external DLL name 'RtlFreeUnicodeString';
  1045. function  RtlxAnsiStringToUnicodeSize;      external DLL name 'RtlxAnsiStringToUnicodeSize';
  1046.  
  1047. function NtCreateFile;      external DLL name 'NtCreateFile';
  1048. function NtOpenFile;      external DLL name 'NtOpenFile';
  1049. function NtQueryInformationFile;      external DLL name 'NtQueryInformationFile';
  1050. function NtSetInformationFile;      external DLL name 'NtSetInformationFile';
  1051. function NtWriteFile;      external DLL name 'NtWriteFile';
  1052. function NtReadFile;      external DLL name 'NtReadFile';
  1053. function NtClose;      external DLL name 'NtClose';
  1054. function NtCreateDirectoryObject;      external DLL name 'NtCreateDirectoryObject';
  1055. function NtOpenDirectoryObject;      external DLL name 'NtOpenDirectoryObject';
  1056. function NtQueryDirectoryObject;      external DLL name 'NtQueryDirectoryObject';
  1057. function NtQueryDirectoryFile; external DLL name 'NtQueryDirectoryFile';
  1058. function NtMakeTemporaryObject;      external DLL name 'NtMakeTemporaryObject';
  1059. function NtOpenSection;      external DLL name 'NtOpenSection';
  1060. function NtMapViewOfSection;      external DLL name 'NtMapViewOfSection';
  1061. function NtUnmapViewOfSection;      external DLL name 'NtUnmapViewOfSection';
  1062. function NtOpenSymbolicLinkObject;      external DLL name 'NtOpenSymbolicLinkObject';
  1063. function NtQuerySymbolicLinkObject;      external DLL name 'NtQuerySymbolicLinkObject';
  1064. function NtSetInformationThread;      external DLL name 'NtSetInformationThread';
  1065.  
  1066. //-------------------------------------------------------------
  1067. function RtlAnsiStringToUnicodeSize(  NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
  1068. begin
  1069.       if NtAnsiString=nil then Result := 0
  1070.       else if NLS_MB_CODE_PAGE_TAG then Result := RtlxAnsiStringToUnicodeSize(NtAnsiString)
  1071.       else Result := (NtAnsiString^.Length+1)*AnsiCPInfo.MaxCharSize;
  1072. end;
  1073. //-------------------------------------------------------------
  1074. procedure InitializeObjectAttributes(
  1075.       InitializedAttributes : PNtObjectAttributes;
  1076.       pObjectName : PNtUnicodeString;
  1077.       const uAttributes : ULONG;
  1078.       const hRootDirectory : THandle;
  1079.       pSecurityDescriptor : PSECURITY_DESCRIPTOR
  1080. );
  1081. begin
  1082.       with InitializedAttributes^ do
  1083.       begin
  1084.             Length := SizeOf(TNtObjectAttributes);
  1085.             ObjectName := pObjectName;
  1086.             Attributes := uAttributes;
  1087.             RootDirectory := hRootDirectory;
  1088.             SecurityDescriptor := pSecurityDescriptor;
  1089.             SecurityQualityOfService := nil;
  1090.       end;
  1091. end;
  1092.  
  1093.  
  1094. //=============================================================
  1095. initialization
  1096.   Windows.GetCPInfo(CP_ACP,AnsiCPInfo);
  1097.   with AnsiCPInfo do NLS_MB_CODE_PAGE_TAG := MaxCharSize<>1;
  1098. end.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!