// (c) Alex Konshin 5 jul 2000 mailto:alexk@mtgroup.ru
// ntdll.dll functions definitions - NT Native API
// Some of these functions are described in Win NT/2000 DDK (Rtl*,Zw* functions)
// see also http://www.sysinternals.com/ntdll.htm
(******************************************************************************
Modified: rock i_rock_1001@163.com www.jynx.com.cn
jedi has new different version http://www.delphi-jedi.org/
******************************************************************************)
unit ntdll;
interface
uses Windows;
type
PLARGE_INTEGER = ^LARGE_INTEGER;
UShort = Word; { 16 bit unsigned }
TWString = record
WString: WideString;
end;
PWStr = ^TWString;
//=============================================================
// The following are definitions for documented and undocumented native APIs
// and structures.
type
TNtObjectAttributes = packed record
Length : ULONG; // = SizeOf(OBJECT_ATTRIBUTES)
// Optionally specifies a handle to a directory obtained by a preceding call to NtCreateFile.
// If this value is NULL, the ObjectName member must be a fully qualified file specification
// that includes the full path to the target file.
// If this value is nonNULL, the ObjectName member specifies a file name relative to this directory.
RootDirectory : THandle;
ObjectName : PNtUnicodeString;
Attributes : ULONG;
SecurityDescriptor : PSecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService : PSecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
//-------------------------------------------------------------
type
TIoStatusBlock = packed record
Status : NTSTATUS;
Information : ULONG;
end;
IO_STATUS_BLOCK = TIoStatusBlock;
PIoStatusBlock = ^TIoStatusBlock;
// TIoStatusBlock.Information value
// Define the I/O status information return values for NtCreateFile/NtOpenFile
const
FILE_SUPERSEDED = $00000000;
FILE_OPENED = $00000001;
FILE_CREATED = $00000002;
FILE_OVERWRITTEN = $00000003;
FILE_EXISTS = $00000004;
FILE_DOES_NOT_EXIST = $00000005;
//-------------------------------------------------------------
// Define the file attributes values
//
// Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
// and is therefore not considered valid in NT.
//
// Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
// and is therefore not considered valid in NT. This flag has
// been disassociated with file attributes since the other flags are
// protected with READ_ and WRITE_ATTRIBUTES access to the file.
//
// Note: Note also that the order of these flags is set to allow both the
// FAT and the Pinball File Systems to directly set the attributes
// flags in attributes words without having to pick each flag out
// individually. The order of these flags should not be changed!
//
const
FILE_ATTRIBUTE_READONLY = $00000001;
FILE_ATTRIBUTE_HIDDEN = $00000002;
FILE_ATTRIBUTE_SYSTEM = $00000004;
//OLD DOS VOLID $00000008
FILE_ATTRIBUTE_DIRECTORY = $00000010;
FILE_ATTRIBUTE_ARCHIVE = $00000020;
FILE_ATTRIBUTE_DEVICE = $00000040;
FILE_ATTRIBUTE_NORMAL = $00000080;
FILE_DELETE_CHILD = $0040; // directory
FILE_READ_ATTRIBUTES = $0080; // all
FILE_WRITE_ATTRIBUTES = $0100; // all
FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $01FF;
FILE_GENERIC_READ = STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE;
FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE;
FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE;
// Object Manager Symbolic Link Specific Access Rights.
SYMBOLIC_LINK_QUERY = $0001;
SYMBOLIC_LINK_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;
type
TNtObjectNameInformation = packed record
Name : UNICODE_STRING;
end;
OBJECT_NAME_INFORMATION = TNtObjectNameInformation;
PNtObjectNameInformation = ^TNtObjectNameInformation;
SECTION_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or SECTION_QUERY or SECTION_MAP_WRITE or SECTION_MAP_READ or SECTION_MAP_EXECUTE or SECTION_EXTEND_SIZE;
SEGMENT_ALL_ACCESS = SECTION_ALL_ACCESS;
// Define the various structures which are returned on query operations
type
TFileBasicInformation = record
CreationTime : LARGE_INTEGER;
LastAccessTime : LARGE_INTEGER;
LastWriteTime : LARGE_INTEGER;
ChangeTime : LARGE_INTEGER;
FileAttributes : ULONG;
end;
FILE_BASIC_INFORMATION = TFileBasicInformation;
PFileBasicInformation = ^TFileBasicInformation;
//-------------------------------------------------------------
// NtCreateFile either causes a new file or directory to be created,
// or it opens an existing file, device, directory, or volume,
// giving the caller a handle for the file object.
// This handle can be used by subsequent calls to manipulate data
// within the file or the file object's state or attributes.
// For example, a driver might call this routine during initialization
// to open a file of microcode for its device.
function NtCreateFile(
// Points to a variable that receives the file handle if the call is successful.
var FileHandle : THandle;
// Specifies the type of access that the caller requires to the file or directory.
const DesiredAccess : ACCESS_MASK;
// Pointer to a structure that a caller initializes with InitializeObjectAttributes
var ObjectAttributes : TNtObjectAttributes;
// Points to a variable that receives the final completion status
// and information about the requested operation.
var IoStatusBlock : TIoStatusBlock;
// Optionally specifies the initial allocation size in bytes for the file.
// A nonzero value has no effect unless the file is being created, overwritten,
// or superseded.
AllocationSize : PLARGE_INTEGER;
// Explicitly specified attributes are applied only when the file is created,
// superseded, or, in some cases, overwritten.
const FileAttributes: ULONG;
// Specifies the type of share access that the caller would like to the file.
// Device and intermediate drivers usually set ShareAccess to zero, which gives
// the caller exclusive access to the open file.
const ShareAccess : ULONG;
// Specifies what to do, depending on whether the file already exists
const CreateDisposition : ULONG;
// Specifies the options to be applied when creating or opening the file
const CreateOptions : ULONG;
// For device and intermediate drivers, this parameter must be a NULL pointer
EaBuffer : Pointer;
// For device and intermediate drivers, this parameter must be zero
EaLength : ULONG
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtOpenFile opens an existing file, device, directory, or volume,
// and returns a handle for the file object
function NtOpenFile(
// Points to a variable that receives the file handle if the call is successful.
var FileHandle : THandle;
// Specifies the type of access that the caller requires to the file or directory.
const DesiredAccess : ACCESS_MASK;
// Pointer to a structure that a caller initializes with InitializeObjectAttributes
var ObjectAttributes : TNtObjectAttributes;
// Points to a variable that receives the final completion status
// and information about the requested operation.
var IoStatusBlock : TIoStatusBlock;
// Specifies the type of share access that the caller would like to the file.
// Device and intermediate drivers usually set ShareAccess to zero, which gives
// the caller exclusive access to the open file.
const ShareAccess : ULONG;
// Specifies the options to be applied when opening the file
const OpenOptions : ULONG
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtQueryInformationFile returns various kinds of information about a given file object
function NtQueryInformationFile(
const FileHandle : THandle;
// Points to a variable that receives the final completion status and information about the operation.
var IoStatusBlock : TIoStatusBlock;
// Points to a caller-allocated buffer or variable that receives the desired information about the file.
// The contents of FileInformation are defined by the FileInformationClass parameter.
FileInformation : Pointer;
// Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
Length : ULONG;
// Specifies the type of information to be returned about the file.
FileInformationClass : TFileInformationClass
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtSetInformationFile changes various kinds of information about a given file object.
function NtSetInformationFile(
FileHandle : THandle;
// Points to a variable that receives the final completion status and information about the operation.
var IoStatusBlock : TIoStatusBlock;
// Points to a buffer or variable containing the information to be set for the file.
// The contents of FileInformation are defined by the FileInformationClass parameter.
// Setting any member of the structure in this buffer or variable to zero tells NtSetInformationFile
// to leave the current information about the file for that member unchanged.
FileInformation : Pointer;
// Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
Length : ULONG;
// Specifies the type of information to be reset for file.
FileInformationClass: TFileInformationClass
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// Data can be read from an opened file using NtReadFile
function NtReadFile(
FileHandle : THandle;
// Specifies an optional handle for an event to be set to the signaled
// state after the read operation completes.
// Device and intermediate drivers should set this parameter to NULL.
Event : THandle;
// Device and intermediate drivers should set this pointer to NULL.
ApcRoutine : TIoApcRoutine;
// Device and intermediate drivers should set this pointer to NULL.
ApcContext:Pointer;
// Points to a variable that receives the final completion status and information about the operation.
var IoStatusBlock : TIoStatusBlock;
// Pointer to a caller-allocated buffer that receives the data read from the file.
Buffer : Pointer;
// Specifies the size in bytes of the given Buffer.
// A successful call to ZwReadFile returns the given number of bytes from the file,
// unless this routine reaches the end of file first.
Length : ULONG;
// Pointer to a variable that specifies the starting byte offset in the file
// where the read operation will begin.
// If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
ByteOffset : PLARGE_INTEGER;
// Device and intermediate drivers should set this pointer to NULL.
Key : PDWORD
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// Data can be written to an open file using NtWriteFile.
function NtWriteFile(
FileHandle : THandle;
// Specifies an optional handle for an event to be set to the signaled
// state after operation completes.
// Device and intermediate drivers should set this parameter to NULL.
Event : THandle;
// Device and intermediate drivers should set this pointer to NULL.
ApcRoutine : TIoApcRoutine;
// Device and intermediate drivers should set this pointer to NULL.
ApcContext:Pointer;
// Points to a variable that receives the final completion status and information about the operation.
var IoStatusBlock : TIoStatusBlock;
// Pointer to a caller-allocated buffer containing the data to be written to the file.
Buffer : Pointer;
// Specifies the size in bytes of the given Buffer.
// A successful call to NtWriteFile transfers the given number of bytes to the file.
// If necessary, the length of the file is extended.
Length : ULONG;
// Pointer to a variable that specifies the starting byte offset in the file
// where the read operation will begin.
// If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
ByteOffset : PLARGE_INTEGER;
// Device and intermediate drivers should set this pointer to NULL.
Key : PDWORD
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtClose closes object handles.
// A named object is not actually deleted until all of its valid handles are closed
// and no referenced pointers remain.
function NtClose( Handle : THandle ) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtCreateDirectoryObject creates or opens a directory object, which is a container for other objects.
function NtCreateDirectoryObject(
// Points to a variable that receives the directory object handle if the call is successful.
var DirectoryHandle : THandle;
// Specifies the type of access that the caller requires to the directory object.
// This value is compared with the granted access on an existing directory object.
const DesiredAccess : ACCESS_MASK;
// Points to a structure that specifies the object's attributes,
// which has already been initialized with InitializeObjectAttributes.
var ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtOpenDirectoryObject opens a directory object, which is a container for other objects.
function NtOpenDirectoryObject(
// Points to a variable that receives the directory object handle if the call is successful.
var DirectoryHandle : THandle;
// Specifies the type of access that the caller requires to the directory object.
// This value is compared with the granted access on an existing directory object.
const DesiredAccess : ACCESS_MASK;
// Points to a structure that specifies the object's attributes,
// which has already been initialized with InitializeObjectAttributes.
var ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// warning: reconstruction
//
// NtQueryDirectoryObject returns various kinds of information about a given directory object
type
TDirectoryInformationClass = TFileInformationClass; // !!!! It is wrong
function NtQueryDirectoryObject(
const FileHandle : THandle;
// Points to a caller-allocated buffer or variable that receives the desired information about the directory.
// The contents of FileInformation are defined by the FileInformationClass parameter.
DirectoryInformation : Pointer;
// Specifies the size in bytes of DirectoryInformation,
// which the caller should set according to the given DirectoryInformationClass.
const Length : ULONG;
// Specifies the type of information to be returned about the file.
DirectoryInformationClass : TDirectoryInformationClass; // ??? = 1
// False for first call
RestartScan : Boolean;
var dwIndex : DWORD;
var cbBytesReturned : DWORD
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
function NtQueryDirectoryFile(
const FileHandle : THandle;
// Specifies an optional handle for an event to be set to the signaled
// state after operation completes.
// Device and intermediate drivers should set this parameter to NULL.
const Event : THandle;
// set this pointer to NULL.
ApcRoutine : TIoApcRoutine;
// set this pointer to NULL.
ApcContext : Pointer;
// Points to a variable that receives the final completion status and information about the operation.
var IoStatusBlock : TIoStatusBlock;
// Points to a caller-allocated buffer or variable that receives the desired information about file from directory.
// The contents of FileInformation are defined by the FileInformationClass parameter.
FileInformation : Pointer;
// Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
Length : ULONG;
// Specifies the type of information to be returned about the file.
FileInformationClass: TFileInformationClass;
ReturnSingleEntry : Boolean;
FileName : PNtUnicodeString;
// False for first call
RestartScan : Boolean
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtMakeTemporaryObject changes the attributes of an object to make it temporary.
function NtMakeTemporaryObject( Handle : THandle ) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtOpenSection opens a handle for an existing section object.
function NtOpenSection(
// Points to a variable that will receive the section object handle if this call is successful.
out SectionHandle : THandle;
// Specifies a mask representing the requested access to the object.
const DesiredAccess : ACCESS_MASK;
// Points to the initialized object attributes of the section to be opened.
ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtMapViewOfSection maps a view of a section into the virtual address space of a subject process.
function NtMapViewOfSection(
// Is the handle returned by a successful call to NtOpenSection.
SectionHandle : THandle;
// Is the handle of an opened process object, representing the process for which the view should be mapped.
ProcessHandle : THandle;
// Points to a variable that will receive the base address of the view.
// If the initial value of this argument is nonNULL,
// the view is allocated starting at the specified virtual address
// rounded down to the next 64-kilobyte address boundary.
out BaseAddress : Pointer;
// Specifies the number of high-order address bits that must be zero
// in the base address of the section view.
// The value of this argument must be less than 21 and is used only
// when the operating system determines where to allocate the view, as when BaseAddress is NULL.
ZeroBits : ULONG;
// Specifies the size, in bytes, of the initially committed region of the view.
// CommitSize is only meaningful for page-file backed sections.
// For mapped sections, both data and image are always committed at section creation time.
// This parameter is ignored for mapped files. This value is rounded up to the next host-page-size boundary.
CommitSize : ULONG;
// Points to the offset, in bytes, from the beginning of the section to the view.
// If this pointer is nonNULL, the given value is rounded down to the next allocation granularity size boundary.
out SectionOffset : LARGE_INTEGER;
// Points to a variable that will receive the actual size, in bytes, of the view.
// If the value of this parameter is zero, a view of the section will be mapped starting
// at the specified section offset and continuing to the end of the section.
// Otherwise, the initial value of this argument specifies the size of the view,
// in bytes, and is rounded up to the next host page-size boundary.
out ViewSize : DWORD;
// Specifies how the view is to be shared by a child process
// created with a create process operation.
// Device and intermediate drivers should set this parameter to ViewNone.
InheritDisposition : SECTION_INHERIT;
// A set of flags that describes the type of allocation to be performed for the specified region of pages.
AllocationType : ULONG;
// Specifies the protection for the region of initially committed pages.
// Device and intermediate drivers should set this value to PAGE_READWRITE.
Protect : ULONG
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtUnmapViewOfSection unmaps a view of a section from the virtual address space of a subject process.
function NtUnmapViewOfSection(
// Specifies an open handle of the process that was passed in a preceding call to NtMapViewOfSection.
const ProcessHandle : THandle;
// Points to the base virtual address of the view that is to be unmapped.
// This value can be any virtual address within the view.
const BaseAddress : Pointer
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtSetInformationThread can be called to set the priority of a thread for which the caller has a handle.
function NtSetInformationThread(
// Is the open handle for a thread.
ThreadHandle : THandle;
// Is one of the system-defined values ThreadPriority or ThreadBasePriority.
ThreadInformationClass : THREADINFOCLASS;
// Points to a variable specifying the information to be set.
// If ThreadInformationClass is ThreadPriority, this value must be > LOW_PRIORITY and <= HIGH_PRIORITY.
// If ThreadInformationClass is ThreadBasePriority, this value must fall within the system's
// valid base priority range and the original priority class for the given thread:
// that is, if a thread's priority class is variable, that thread's base priority cannot be reset to a real-time priority value and vice versa.
ThreadInformation : Pointer;
// Is the size in bytes of ThreadInformation, which must be at least sizeof(KPRIORITY).
ThreadInformationLength : ULONG
) : NTSTATUS; stdcall;
function NtSetValueKey(
KeyHandle : THandle;
ValueName : PUNICODE_STRING;
TitleIndex : ULONG;
Type : ULONG;
Data : Pointer;
DataSize : ULONG
) : NTSTATUS; stdcall;
}
//-------------------------------------------------------------
// NtOpenSymbolicLinkObject returns a handle to an existing symbolic link.
function NtOpenSymbolicLinkObject(
// Points to a returned handle for the symbolic link object specified in ObjectAttributes if the call was successful.
var LinkHandle : THandle;
// Specifies the type of access that the caller requires to the key.
// This is most commonly GENERIC_READ access such that the returned handle can be used with NtQuerySymbolicLinkObject.
const DesiredAccess : ACCESS_MASK;
// Points to the initialized object attributes for the symbolic link being opened.
// An ObjectName string for the symbolic link must be specified.
ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;
//-------------------------------------------------------------
// NtQuerySymbolicLinkObject returns a Unicode string containing the target of the symbolic link.
function NtQuerySymbolicLinkObject(
// Specifies a valid handle to an open symbolic link object obtained by calling ZwOpenSymbolicLinkObject.
LinkHandle : THandle;
// Points to an initialized Unicode string that contains the target of the symbolic link,
// specified by LinkHandle, if the call was successful.
LinkTarget : TNtUnicodeString;
// Optionally, points to a unsigned long integer that on input contains the maximum number of bytes
// to copy into the Unicode string at LinkTarget.
// On output, the unsigned long integer contains the length of the Unicode string
// naming the target of the symbolic link.
ReturnedLength : PDWORD
) : NTSTATUS; stdcall;
function ZwQuerySystemInformation(
const SystemInformationClass:DWORD;
var SystemInformation:pointer;
const SystemInformationLength:ULONG;
var ReturnLength:ULONG
): NTSTATUS; stdcall;
function ZwQueryObject(
const ObjectHandle:THANDLE ;
const ObjectInformationClass:ULONG;
var ObjectInformation:pointer;
const ObjectInformationLength:ULONG ;
var ReturnLength:ULONG
):NTSTATUS; stdcall;
function NtCreateSymbolicLinkObject (
OUT SymLinkHandle : THANDLE;
DesiredAccess : ACCESS_MASK ;
ObjectAttributes : PNtObjectAttributes;
DestinationName : PNtUnicodeString
):NTSTATUS; stdcall;
{* ps information *}
type
_CREATE_PROCESS_NOTIFY_ROUTINE = packed record
ParentId:THANDLE;
ProcessId:THANDLE;
Create:BOOLEAN;
end;
TCREATE_PROCESS_NOTIFY_ROUTINE=_CREATE_PROCESS_NOTIFY_ROUTINE;
PCREATE_PROCESS_NOTIFY_ROUTINE=^TCREATE_PROCESS_NOTIFY_ROUTINE;
function PsSetCreateProcessNotifyRoutine(
var NotifyRoutine:PCREATE_PROCESS_NOTIFY_ROUTINE;
var Remove:BOOLEAN
): NTSTATUS; stdcall;
function RtlNtStatusToDosError; external DLL name 'RtlNtStatusToDosError';
procedure RtlInitString; external DLL name 'RtlInitString';
procedure RtlInitAnsiString; external DLL name 'RtlInitAnsiString';
procedure RtlCopyString; external DLL name 'RtlCopyString';
function RtlUpperChar; external DLL name 'RtlUpperChar';
function RtlCompareString; external DLL name 'RtlCompareString';
function RtlEqualString; external DLL name 'RtlEqualString';
procedure RtlUpperString; external DLL name 'RtlUpperString';
procedure RtlFreeAnsiString; external DLL name 'RtlFreeAnsiString';
procedure RtlInitUnicodeString; external DLL name 'RtlInitUnicodeString';
function RtlAnsiStringToUnicodeString; external DLL name 'RtlAnsiStringToUnicodeString';
function RtlUnicodeStringToAnsiString; external DLL name 'RtlUnicodeStringToAnsiString';
function RtlCompareUnicodeString; external DLL name 'RtlCompareUnicodeString';
function RtlEqualCompareUnicodeString; external DLL name 'RtlEqualCompareUnicodeString';
function RtlPrefixUnicodeString; external DLL name 'RtlPrefixUnicodeString';
function RtlUpcaseUnicodeString; external DLL name 'RtlUpcaseUnicodeString';
procedure RtlCopyUnicodeString; external DLL name 'RtlCopyUnicodeString';
function RtlAppendUnicodeStringToString; external DLL name 'RtlAppendUnicodeStringToString';
function RtlAppendUnicodeToString; external DLL name 'RtlAppendUnicodeToString';
function RtlUpcaseUnicodeChar; external DLL name 'RtlUpcaseUnicodeChar';
procedure RtlFreeUnicodeString; external DLL name 'RtlFreeUnicodeString';
function RtlxAnsiStringToUnicodeSize; external DLL name 'RtlxAnsiStringToUnicodeSize';
function NtCreateFile; external DLL name 'NtCreateFile';
function NtOpenFile; external DLL name 'NtOpenFile';
function NtQueryInformationFile; external DLL name 'NtQueryInformationFile';
function NtSetInformationFile; external DLL name 'NtSetInformationFile';
function NtWriteFile; external DLL name 'NtWriteFile';
function NtReadFile; external DLL name 'NtReadFile';
function NtClose; external DLL name 'NtClose';
function NtCreateDirectoryObject; external DLL name 'NtCreateDirectoryObject';
function NtOpenDirectoryObject; external DLL name 'NtOpenDirectoryObject';
function NtQueryDirectoryObject; external DLL name 'NtQueryDirectoryObject';
function NtQueryDirectoryFile; external DLL name 'NtQueryDirectoryFile';
function NtMakeTemporaryObject; external DLL name 'NtMakeTemporaryObject';
function NtOpenSection; external DLL name 'NtOpenSection';
function NtMapViewOfSection; external DLL name 'NtMapViewOfSection';
function NtUnmapViewOfSection; external DLL name 'NtUnmapViewOfSection';
function NtOpenSymbolicLinkObject; external DLL name 'NtOpenSymbolicLinkObject';
function NtQuerySymbolicLinkObject; external DLL name 'NtQuerySymbolicLinkObject';
function NtSetInformationThread; external DLL name 'NtSetInformationThread';
//-------------------------------------------------------------
function RtlAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
begin
if NtAnsiString=nil then Result := 0
else if NLS_MB_CODE_PAGE_TAG then Result := RtlxAnsiStringToUnicodeSize(NtAnsiString)
else Result := (NtAnsiString^.Length+1)*AnsiCPInfo.MaxCharSize;
end;
{**************************************************************
* added by rock
*
**************************************************************}
function NT_SUCCESS(var Status: LongInt): Boolean;
begin
Result:=LongInt(Status) >= 0;
end;
function ZwOpenSection; external DLL name 'ZwOpenSection';
function ZwOpenFile; external DLL name 'ZwOpenFile';
function ZwQuerySystemInformation; external DLL name 'ZwQuerySystemInformation';
function PsSetCreateProcessNotifyRoutine; external DLL name 'PsSetCreateProcessNotifyRoutine';
function ZwQueryObject; external DLL name 'ZwQueryObject';
function ZwClose; external DLL name 'ZwQueryObject';
function NtCreateSymbolicLinkObject; external DLL name 'ZwCreateSymbolicLinkObject';
//=============================================================
initialization
Windows.GetCPInfo(CP_ACP,AnsiCPInfo);
with AnsiCPInfo do NLS_MB_CODE_PAGE_TAG := MaxCharSize<>1;
end.
