Solved

Need c++ header converter to delphi (NTDLL.dll) - native win2k/xp api.

Posted on 2002-04-07
7
6,060 Views
Last Modified: 2010-07-18
I need this header converter to pascal so I can use it in delphi. It is an import library for some of the functions ntdll.dll (The windows 2000/XP native API).

As an alternative, if you have some source code for delphi for enumerating open handles in another process
(in particular file and socket handles), I will give the points for that also.

Thanks,
James.

----FILE BELOW----

// Written by Zoltan Csizmadia, zoltan_csizmadia@yahoo.com
// For companies(Austin,TX): If you would like to get my resume, send an email.
//
// The source is free, but if you want to use it, mention my name and e-mail address
//
//////////////////////////////////////////////////////////////////////////////////////
//
// SystemInfo.h, v1.1

#ifndef SYSTEMINFO_H_INCLUDED
#define SYSTEMINFO_H_INCLUDED

#ifndef WINNT
#error You need Windows NT to use this source code. Define WINNT!
#endif

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#pragma warning( disable : 4786 )
#pragma warning( disable : 4200 )

#include <afxtempl.h>

//////////////////////////////////////////////////////////////////////////////////////
//
// Typedefs
//
//////////////////////////////////////////////////////////////////////////////////////

typedef struct _UNICODE_STRING
{
      WORD  Length;
      WORD  MaximumLength;
      PWSTR Buffer;
} UNICODE_STRING;

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemInfoUtils
//
//////////////////////////////////////////////////////////////////////////////////////

// Helper functions

class SystemInfoUtils
{
public:

      //////////////////////////////////////////////////////////////////////////////////
      // String conversion functions

      // From wide char string to CString
      static void LPCWSTR2CString( LPCWSTR strW, CString& str );
      // From unicode string to CString
      static void Unicode2CString( UNICODE_STRING* strU, CString& str );

      //////////////////////////////////////////////////////////////////////////////////
      // File name conversion functions

      static BOOL GetDeviceFileName( LPCTSTR, CString& );
      static BOOL GetFsFileName( LPCTSTR, CString& );

      //////////////////////////////////////////////////////////////////////////////////
      // Information functions

      static DWORD GetNTMajorVersion();
};

//////////////////////////////////////////////////////////////////////////////////////
//
// INtDll
//
//////////////////////////////////////////////////////////////////////////////////////

class INtDll
{
public:
      typedef DWORD (WINAPI *PNtQueryObject)( HANDLE, DWORD, VOID*, DWORD, VOID* );
      typedef DWORD (WINAPI *PNtQuerySystemInformation)( DWORD, VOID*, DWORD, ULONG* );
      typedef DWORD (WINAPI *PNtQueryInformationThread)(HANDLE, ULONG, PVOID,      DWORD, DWORD* );
      typedef DWORD (WINAPI *PNtQueryInformationFile)(HANDLE, PVOID,      PVOID, DWORD, DWORD );
      typedef DWORD (WINAPI *PNtQueryInformationProcess)(HANDLE, DWORD, PVOID, DWORD, PVOID );
      
public:
      static PNtQuerySystemInformation      NtQuerySystemInformation;
      static PNtQueryObject                        NtQueryObject;
      static PNtQueryInformationThread      NtQueryInformationThread;
      static PNtQueryInformationFile            NtQueryInformationFile;
      static PNtQueryInformationProcess      NtQueryInformationProcess;

      static BOOL                                          NtDllStatus;

      static DWORD                                    dwNTMajorVersion;

protected:
      static BOOL Init();
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemProcessInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemProcessInformation : public INtDll
{
public:
      typedef LARGE_INTEGER   QWORD;

      typedef struct _PROCESS_BASIC_INFORMATION {
                  DWORD ExitStatus;
                  PVOID PebBaseAddress;
                  DWORD AffinityMask;
                  DWORD BasePriority;
                  DWORD UniqueProcessId;
                  DWORD InheritedFromUniqueProcessId;
            } PROCESS_BASIC_INFORMATION;

      typedef struct _VM_COUNTERS
            {
            DWORD PeakVirtualSize;
            DWORD VirtualSize;
            DWORD PageFaultCount;
            DWORD PeakWorkingSetSize;
            DWORD WorkingSetSize;
            DWORD QuotaPeakPagedPoolUsage;
            DWORD QuotaPagedPoolUsage;
            DWORD QuotaPeakNonPagedPoolUsage;
            DWORD QuotaNonPagedPoolUsage;
            DWORD PagefileUsage;
            DWORD PeakPagefileUsage;
            } VM_COUNTERS;

      typedef struct _SYSTEM_THREAD
            {
            DWORD        u1;
            DWORD        u2;
            DWORD        u3;
            DWORD        u4;
            DWORD        ProcessId;
            DWORD        ThreadId;
            DWORD        dPriority;
            DWORD        dBasePriority;
            DWORD        dContextSwitches;
            DWORD        dThreadState;      // 2=running, 5=waiting
            DWORD        WaitReason;
            DWORD        u5;
            DWORD        u6;
            DWORD        u7;
            DWORD        u8;
            DWORD        u9;
            } SYSTEM_THREAD;

      typedef struct _SYSTEM_PROCESS_INFORMATION
            {
            DWORD          dNext;
            DWORD          dThreadCount;
            DWORD          dReserved01;
            DWORD          dReserved02;
            DWORD          dReserved03;
            DWORD          dReserved04;
            DWORD          dReserved05;
            DWORD          dReserved06;
            QWORD          qCreateTime;
            QWORD          qUserTime;
            QWORD          qKernelTime;
            UNICODE_STRING usName;
            DWORD             BasePriority;
            DWORD          dUniqueProcessId;
            DWORD          dInheritedFromUniqueProcessId;
            DWORD          dHandleCount;
            DWORD          dReserved07;
            DWORD          dReserved08;
            VM_COUNTERS    VmCounters;
            DWORD          dCommitCharge;
            SYSTEM_THREAD  Threads[1];
            } SYSTEM_PROCESS_INFORMATION;

      enum { BufferSize = 0x10000 };

public:
      SystemProcessInformation( BOOL bRefresh = FALSE );
      virtual ~SystemProcessInformation();

      BOOL Refresh();

public:
      CMap< DWORD, DWORD&, SYSTEM_PROCESS_INFORMATION*, SYSTEM_PROCESS_INFORMATION*> m_ProcessInfos;
      SYSTEM_PROCESS_INFORMATION* m_pCurrentProcessInfo;

protected:
      UCHAR*                                    m_pBuffer;
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemThreadInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemThreadInformation : public INtDll
{
public:
      typedef struct _THREAD_INFORMATION
            {
            DWORD            ProcessId;
            DWORD            ThreadId;
            HANDLE            ThreadHandle;      
            } THREAD_INFORMATION;

      
      typedef struct _BASIC_THREAD_INFORMATION {
            DWORD u1;
            DWORD u2;
            DWORD u3;
            DWORD ThreadId;
            DWORD u5;
            DWORD u6;
            DWORD u7;
      } BASIC_THREAD_INFORMATION;

public:
      SystemThreadInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );

      BOOL Refresh();

public:
      CList< THREAD_INFORMATION, THREAD_INFORMATION& > m_ThreadInfos;
      DWORD m_processId;
};


//////////////////////////////////////////////////////////////////////////////////////
//
// SystemHandleInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemHandleInformation : public INtDll
{
public:
      enum {
            OB_TYPE_UNKNOWN = 0,
            OB_TYPE_TYPE = 1,
            OB_TYPE_DIRECTORY,
            OB_TYPE_SYMBOLIC_LINK,
            OB_TYPE_TOKEN,
            OB_TYPE_PROCESS,
            OB_TYPE_THREAD,
            OB_TYPE_UNKNOWN_7,
            OB_TYPE_EVENT,
            OB_TYPE_EVENT_PAIR,
            OB_TYPE_MUTANT,
            OB_TYPE_UNKNOWN_11,
            OB_TYPE_SEMAPHORE,
            OB_TYPE_TIMER,
            OB_TYPE_PROFILE,
            OB_TYPE_WINDOW_STATION,
            OB_TYPE_DESKTOP,
            OB_TYPE_SECTION,
            OB_TYPE_KEY,
            OB_TYPE_PORT,
            OB_TYPE_WAITABLE_PORT,
            OB_TYPE_UNKNOWN_21,
            OB_TYPE_UNKNOWN_22,
            OB_TYPE_UNKNOWN_23,
            OB_TYPE_UNKNOWN_24,
            //OB_TYPE_CONTROLLER,
            //OB_TYPE_DEVICE,
            //OB_TYPE_DRIVER,
            OB_TYPE_IO_COMPLETION,
            OB_TYPE_FILE                        
      } SystemHandleType;

public:
      typedef struct _SYSTEM_HANDLE
      {
            DWORD      ProcessID;
            WORD      HandleType;
            WORD      HandleNumber;
            DWORD      KernelAddress;
            DWORD      Flags;
      } SYSTEM_HANDLE;

      typedef struct _SYSTEM_HANDLE_INFORMATION
      {
            DWORD                  Count;
            SYSTEM_HANDLE      Handles[1];
      } SYSTEM_HANDLE_INFORMATION;

protected:
      typedef struct _GetFileNameThreadParam
      {
            HANDLE            hFile;
            CString*      pName;
            ULONG            rc;
      } GetFileNameThreadParam;

public:
      SystemHandleInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE, LPCTSTR lpTypeFilter = NULL );
      ~SystemHandleInformation();

      BOOL SetFilter( LPCTSTR lpTypeFilter, BOOL bRefresh = TRUE );
      const CString& GetFilter();
      
      BOOL Refresh();

public:
      //Information functions
      static BOOL GetType( HANDLE, WORD&, DWORD processId = GetCurrentProcessId() );
      static BOOL GetTypeToken( HANDLE, CString&, DWORD processId = GetCurrentProcessId() );
      static BOOL GetTypeFromTypeToken( LPCTSTR typeToken, WORD& type );
      static BOOL GetNameByType( HANDLE, WORD, CString& str, DWORD processId = GetCurrentProcessId());
      static BOOL GetName( HANDLE, CString&, DWORD processId = GetCurrentProcessId() );

      //Thread related functions
      static BOOL GetThreadId( HANDLE, DWORD&, DWORD processId = GetCurrentProcessId() );

      //Process related functions
      static BOOL GetProcessId( HANDLE, DWORD&, DWORD processId = GetCurrentProcessId() );
      static BOOL GetProcessPath( HANDLE h, CString& strPath, DWORD processId = GetCurrentProcessId());

      //File related functions
      static BOOL GetFileName( HANDLE, CString&, DWORD processId = GetCurrentProcessId() );

public:
      //For remote handle support
      static HANDLE OpenProcess( DWORD processId );
      static HANDLE DuplicateHandle( HANDLE hProcess, HANDLE hRemote );

protected:
      static void GetFileNameThread( PVOID /* GetFileNameThreadParam* */ );
      BOOL IsSupportedHandle( SYSTEM_HANDLE& handle );

public:
      CList< SYSTEM_HANDLE, SYSTEM_HANDLE& > m_HandleInfos;
      DWORD      m_processId;

protected:
      CString      m_strTypeFilter;
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemModuleInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemModuleInformation
{
public:
      typedef struct _MODULE_INFO
      {
            DWORD      ProcessId;
            TCHAR      FullPath[_MAX_PATH];
            HMODULE Handle;
      } MODULE_INFO;

public:
      typedef DWORD (WINAPI *PEnumProcessModules)(
                        HANDLE hProcess,      // handle to process
                        HMODULE *lphModule,   // array of module handles
                        DWORD cb,             // size of array
                        LPDWORD lpcbNeeded    // number of bytes required
                  );

      typedef DWORD (WINAPI *PGetModuleFileNameEx)(
                        HANDLE hProcess,    // handle to process
                        HMODULE hModule,    // handle to module
                        LPTSTR lpFilename,  // path buffer
                        DWORD nSize         // maximum characters to retrieve
                  );

public:
      SystemModuleInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );

      BOOL Refresh();

protected:
      void GetModuleListForProcess( DWORD processID );

public:
      DWORD m_processId;
      CList< MODULE_INFO, MODULE_INFO& > m_ModuleInfos;

protected:
      PEnumProcessModules            m_EnumProcessModules;
      PGetModuleFileNameEx      m_GetModuleFileNameEx;
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemWindowInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemWindowInformation
{
public:
      enum { MaxCaptionSize = 1024 };

      typedef struct _WINDOW_INFO
      {
            DWORD      ProcessId;
            TCHAR      Caption[MaxCaptionSize];
            HWND      hWnd;
      } WINDOW_INFO;

public:
      SystemWindowInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );

      BOOL Refresh();

protected:
      static BOOL CALLBACK EnumerateWindows( HWND hwnd, LPARAM lParam );
      
public:
      DWORD m_processId;
      CList< WINDOW_INFO, WINDOW_INFO& > m_WindowInfos;
};

#endif
0
Comment
Question by:plasmatek
7 Comments
 
LVL 1

Author Comment

by:plasmatek
Comment Utility
As an alternative, if you have some source code for delphi for enumerating open handles in another process (in particular file and socket handles), I will give the points for that also.
0
 
LVL 11

Expert Comment

by:robert_marquardt
Comment Utility
http://delphi-jedi.org/APILIBRARY
Most probably the Win32 conversion contains this file.
If not ask Marcel van Brakel.
0
 
LVL 14

Accepted Solution

by:
AvonWyss earned 200 total points
Comment Utility
I haven't seen them in the JEDI project. But here they are:

// ntdll.dll functions definitions - NT Native API
// Some of these functions are described in Win NT/2000 DDK (Rtl*,Zw* functions)
// see also http://www.sysinternals.com/ntdll.htm

unit ntdll;



interface

uses Windows;

type
      PLARGE_INTEGER = ^LARGE_INTEGER;

//-------------------------------------------------------------
type
      NTSTATUS = LongInt;

const
      STATUS_SUCCESS           = NTSTATUS(0);

      STATUS_NO_MORE_DATA      = NTSTATUS($8000001a);
      STATUS_NO_MORE_FILES     = NTSTATUS($80000006);
      STATUS_INVALID_PARAMETER = NTSTATUS($C000000D);

function RtlNtStatusToDosError( const Status : NTSTATUS ) : DWORD; stdcall;

//-------------------------------------------------------------
// Counted String
type
      TNtAnsiString = packed record
            Length        : Word;
            MaximumLength : Word;
            Buffer        : PChar;
      end;
      PNtAnsiString = ^TNtAnsiString;
      ANSI_STRING = TNtAnsiString;

      TNtUnicodeString = packed record
            Length        : Word;
            MaximumLength : Word;
            Buffer        : PWideChar;
      end;
      UNICODE_STRING = TNtUnicodeString;
      PNtUnicodeString = ^TNtUnicodeString;

procedure RtlInitString( DestinationString : PNtAnsiString; SourceString : PChar ); stdcall;
procedure RtlInitAnsiString( DestinationString : PNtAnsiString; SourceString : PChar ); stdcall;
procedure RtlCopyString( DestinationString : PNtAnsiString; SourceString : PNtAnsiString ); stdcall;
function  RtlUpperChar ( Character : Char ) : Char; stdcall;
function  RtlCompareString( String1, String2 : PNtAnsiString; CaseInSensitive : Boolean ) : LongInt; stdcall;
function  RtlEqualString( String1, String2 : PNtAnsiString; CaseInSensitive : Boolean ) : Boolean; stdcall;
procedure RtlUpperString( DestinationString : PNtAnsiString; SourceString : PNtAnsiString ); stdcall;
procedure RtlFreeAnsiString( NtAnsiString : PNtAnsiString ); stdcall;

//-------------------------------------------------------------
// NLS String functions
procedure RtlInitUnicodeString( DestinationString : PNtAnsiString; SourceString : PWideChar ); stdcall;
function  RtlAnsiStringToUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtAnsiString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
function  RtlUnicodeStringToAnsiString( DestinationString : PNtAnsiString; SourceString : PNtUnicodeString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
function  RtlCompareUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : LongInt; stdcall;
function  RtlEqualCompareUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : Boolean; stdcall;
function  RtlPrefixUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : Boolean; stdcall;
function  RtlUpcaseUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
procedure RtlCopyUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString ); stdcall;
function  RtlAppendUnicodeStringToString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString ): NTSTATUS; stdcall;
function  RtlAppendUnicodeToString( DestinationString : PNtUnicodeString; SourceString : PWideChar ): NTSTATUS; stdcall;
function  RtlUpcaseUnicodeChar( SourceCharacter : WideChar ) : WideChar; stdcall;
procedure RtlFreeUnicodeString( UnicodeString : PNtUnicodeString ); stdcall;
function  RtlxAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
function  RtlAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;


//=============================================================
// The following are definitions for documented and undocumented native APIs
// and structures.

type

      TNtObjectAttributes = packed record
            Length                   : ULONG; // = SizeOf(OBJECT_ATTRIBUTES)

            // Optionally specifies a handle to a directory obtained by a preceding call to NtCreateFile.
            // If this value is NULL, the ObjectName member must be a fully qualified file specification
            // that includes the full path to the target file.
            // If this value is nonNULL, the ObjectName member specifies a file name relative to this directory.
            RootDirectory            : THandle;

            ObjectName               : PNtUnicodeString;

            Attributes               : ULONG;
            SecurityDescriptor       : Pointer; // Points to type SECURITY_DESCRIPTOR
            SecurityQualityOfService : Pointer; // Points to type SECURITY_QUALITY_OF_SERVICE
      end;
      OBJECT_ATTRIBUTES = TNtObjectAttributes;
      PNtObjectAttributes = ^TNtObjectAttributes;

// TNtObjectAttributes.Attributes
const
      OBJ_INHERIT          = $00000002;
      OBJ_PERMANENT        = $00000010;
      OBJ_EXCLUSIVE        = $00000020;
      OBJ_CASE_INSENSITIVE = $00000040;
      OBJ_OPENIF           = $00000080;
      OBJ_OPENLINK         = $00000100;
      OBJ_VALID_ATTRIBUTES = $000001F2;

//-------------------------------------------------------------
type
      TIoStatusBlock = packed record
            Status      : NTSTATUS;
            Information : ULONG;
      end;
      IO_STATUS_BLOCK = TIoStatusBlock;
      PIoStatusBlock = ^TIoStatusBlock;

// TIoStatusBlock.Information value
// Define the I/O status information return values for NtCreateFile/NtOpenFile
const
  FILE_SUPERSEDED     = $00000000;
  FILE_OPENED         = $00000001;
  FILE_CREATED        = $00000002;
  FILE_OVERWRITTEN    = $00000003;
  FILE_EXISTS         = $00000004;
  FILE_DOES_NOT_EXIST = $00000005;


//-------------------------------------------------------------
// Define the file attributes values
//
// Note:  0x00000008 is reserved for use for the old DOS VOLID (volume ID)
//        and is therefore not considered valid in NT.
//
// Note:  0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
//        and is therefore not considered valid in NT.  This flag has
//        been disassociated with file attributes since the other flags are
//        protected with READ_ and WRITE_ATTRIBUTES access to the file.
//
// Note:  Note also that the order of these flags is set to allow both the
//        FAT and the Pinball File Systems to directly set the attributes
//        flags in attributes words without having to pick each flag out
//        individually.  The order of these flags should not be changed!
//
const
      FILE_ATTRIBUTE_READONLY            = $00000001;
      FILE_ATTRIBUTE_HIDDEN              = $00000002;
      FILE_ATTRIBUTE_SYSTEM              = $00000004;
//OLD DOS VOLID                        $00000008
      FILE_ATTRIBUTE_DIRECTORY           = $00000010;
      FILE_ATTRIBUTE_ARCHIVE             = $00000020;
      FILE_ATTRIBUTE_DEVICE              = $00000040;
      FILE_ATTRIBUTE_NORMAL              = $00000080;

      FILE_ATTRIBUTE_TEMPORARY           = $00000100;
      FILE_ATTRIBUTE_SPARSE_FILE         = $00000200;
      FILE_ATTRIBUTE_REPARSE_POINT       = $00000400;
      FILE_ATTRIBUTE_COMPRESSED          = $00000800;

      FILE_ATTRIBUTE_OFFLINE             = $00001000;
      FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = $00002000;
      FILE_ATTRIBUTE_ENCRYPTED           = $00004000;

      FILE_ATTRIBUTE_VALID_FLAGS     = $00007fb7;
      FILE_ATTRIBUTE_VALID_SET_FLAGS = $000031a7;
//-------------------------------------------------------------

const
      FILE_READ_DATA        = $0001; // file & pipe
      FILE_LIST_DIRECTORY   = $0001; // directory

      FILE_WRITE_DATA       = $0002; // file & pipe
      FILE_ADD_FILE         = $0002; // directory

      FILE_APPEND_DATA          = $0004; // file
      FILE_ADD_SUBDIRECTORY     = $0004; // directory
      FILE_CREATE_PIPE_INSTANCE = $0004; // named pipe

      FILE_READ_EA              = $0008; // file & directory
      FILE_WRITE_EA             = $0010; // file & directory

      FILE_EXECUTE              = $0020; // file
      FILE_TRAVERSE             = $0020; // directory

      FILE_DELETE_CHILD         = $0040; // directory
      FILE_READ_ATTRIBUTES      = $0080; // all
      FILE_WRITE_ATTRIBUTES     = $0100; // all

      FILE_ALL_ACCESS      = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $01FF;
      FILE_GENERIC_READ    = STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE;
      FILE_GENERIC_WRITE   = STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE;
      FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE;


//-------------------------------------------------------------
// Define the create disposition values
      FILE_SUPERSEDE           = $00000000;
      FILE_OPEN                = $00000001;
      FILE_CREATE              = $00000002;
      FILE_OPEN_IF             = $00000003;
      FILE_OVERWRITE           = $00000004;
      FILE_OVERWRITE_IF        = $00000005;
      FILE_MAXIMUM_DISPOSITION = $00000005;

//-------------------------------------------------------------
// Define the create/open option flags
const
      FILE_DIRECTORY_FILE              = $00000001;
      FILE_WRITE_THROUGH               = $00000002;
      FILE_SEQUENTIAL_ONLY             = $00000004;
      FILE_NO_INTERMEDIATE_BUFFERING   = $00000008;

      FILE_SYNCHRONOUS_IO_ALERT        = $00000010;
      FILE_SYNCHRONOUS_IO_NONALERT     = $00000020;
      FILE_NON_DIRECTORY_FILE          = $00000040;
      FILE_CREATE_TREE_CONNECTION      = $00000080;

      FILE_COMPLETE_IF_OPLOCKED        = $00000100;
      FILE_NO_EA_KNOWLEDGE             = $00000200;
      FILE_OPEN_FOR_RECOVERY           = $00000400;
      FILE_RANDOM_ACCESS               = $00000800;

      FILE_DELETE_ON_CLOSE             = $00001000;
      FILE_OPEN_BY_FILE_ID             = $00002000;
      FILE_OPEN_FOR_BACKUP_INTENT      = $00004000;
      FILE_NO_COMPRESSION              = $00008000;

      FILE_RESERVE_OPFILTER            = $00100000;
      FILE_OPEN_REPARSE_POINT          = $00200000;
      FILE_OPEN_NO_RECALL              = $00400000;
      FILE_OPEN_FOR_FREE_SPACE_QUERY   = $00800000;

      FILE_COPY_STRUCTURED_STORAGE     = $00000041;
      FILE_STRUCTURED_STORAGE          = $00000441;

      FILE_VALID_OPTION_FLAGS          = $00ffffff;
      FILE_VALID_PIPE_OPTION_FLAGS     = $00000032;
      FILE_VALID_MAILSLOT_OPTION_FLAGS = $00000032;
      FILE_VALID_SET_FLAGS             = $00000036;

//-------------------------------------------------------------
// Object Manager Object Type Specific Access Rights.
const
      OBJECT_TYPE_CREATE     = $0001;
      OBJECT_TYPE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;

// Object Manager Directory Specific Access Rights.
      DIRECTORY_QUERY               = $0001;
      DIRECTORY_TRAVERSE            = $0002;
      DIRECTORY_CREATE_OBJECT       = $0004;
      DIRECTORY_CREATE_SUBDIRECTORY = $0008;
      DIRECTORY_ALL_ACCESS          = STANDARD_RIGHTS_REQUIRED or $F;

// Object Manager Symbolic Link Specific Access Rights.
      SYMBOLIC_LINK_QUERY      = $0001;
      SYMBOLIC_LINK_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;

type
      TNtObjectNameInformation = packed record
    Name : UNICODE_STRING;
  end;
      OBJECT_NAME_INFORMATION = TNtObjectNameInformation;
      PNtObjectNameInformation = ^TNtObjectNameInformation;

const
      DUPLICATE_CLOSE_SOURCE    = $00000001;
      DUPLICATE_SAME_ACCESS     = $00000002;
      DUPLICATE_SAME_ATTRIBUTES = $00000004;

//-------------------------------------------------------------
// Section Information Structures.
type
      TSectionInherit = (ViewNone,ViewShare,ViewUnmap);
      SECTION_INHERIT = TSectionInherit;

// Section Access Rights.
const
      SECTION_QUERY       = $0001;
      SECTION_MAP_WRITE   = $0002;
      SECTION_MAP_READ    = $0004;
      SECTION_MAP_EXECUTE = $0008;
      SECTION_EXTEND_SIZE = $0010;

      SECTION_ALL_ACCESS  = STANDARD_RIGHTS_REQUIRED or SECTION_QUERY or SECTION_MAP_WRITE or SECTION_MAP_READ or SECTION_MAP_EXECUTE or SECTION_EXTEND_SIZE;
      SEGMENT_ALL_ACCESS  = SECTION_ALL_ACCESS;

      PAGE_NOACCESS          = $01;
      PAGE_READONLY          = $02;
      PAGE_READWRITE         = $04;
      PAGE_WRITECOPY         = $08;
      PAGE_EXECUTE           = $10;
      PAGE_EXECUTE_READ      = $20;
      PAGE_EXECUTE_READWRITE = $40;
      PAGE_EXECUTE_WRITECOPY = $80;
      PAGE_GUARD             = $100;
      PAGE_NOCACHE           = $200;
      PAGE_WRITECOMBINE      = $400;

      MEM_COMMIT             = $1000;
      MEM_RESERVE            = $2000;
      MEM_DECOMMIT           = $4000;
      MEM_RELEASE            = $8000;
      MEM_FREE               = $10000;
      MEM_PRIVATE            = $20000;
      MEM_MAPPED             = $40000;
      MEM_RESET              = $80000;
      MEM_TOP_DOWN           = $100000;
      MEM_LARGE_PAGES        = $20000000;
      MEM_4MB_PAGES          = $80000000;
      SEC_RESERVE            = $4000000;
      PROCESS_DUP_HANDLE     = $0040;
      PROCESS_ALL_ACCESS     = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $FFF;
//-------------------------------------------------------------
// Process Information Classes
type
      TProcessInfoClass = (ProcessBasicInformation,ProcessQuotaLimits,
            ProcessIoCounters,ProcessVmCounters,
            ProcessTimes,ProcessBasePriority,ProcessRaisePriority,
            ProcessDebugPort,ProcessExceptionPort,
            ProcessAccessToken,ProcessLdtInformation,
            ProcessLdtSize,ProcessDefaultHardErrorMode,
            ProcessIoPortHandlers,ProcessPooledUsageAndLimits,
            ProcessWorkingSetWatch,ProcessUserModeIOPL,
            ProcessEnableAlignmentFaultFixup,ProcessPriorityClass,
            ProcessWx86Information,ProcessHandleCount,
            ProcessAffinityMask,ProcessPriorityBoost,
            ProcessDeviceMap,ProcessSessionInformation,
            ProcessForegroundInformation,ProcessWow64Information,
            MaxProcessInfoClass);
      PROCESSINFOCLASS =  TProcessInfoClass;

// Thread Information Classes
      TThreadInfoClass = (ThreadBasicInformation,ThreadTimes,ThreadPriority,
            ThreadBasePriority,ThreadAffinityMask,
            ThreadImpersonationToken,ThreadDescriptorTableEntry,
            ThreadEnableAlignmentFaultFixup,ThreadEventPair_Reusable,
            ThreadQuerySetWin32StartAddress,ThreadZeroTlsCell,
            ThreadPerformanceCount,ThreadAmILastThread,
            ThreadIdealProcessor,ThreadPriorityBoost,
            ThreadSetTlsArrayAddress,ThreadIsIoPending,
            ThreadHideFromDebugger,MaxThreadInfoClass);
      THREADINFOCLASS = TThreadInfoClass;

//-------------------------------------------------------------
type
      TFileInformationClass = (__FileInformationNone,FileDirectoryInformation,
            FileFullDirectoryInformation,FileBothDirectoryInformation,
            FileBasicInformation,FileStandardInformation,
            FileInternalInformation,FileEaInformation,
            FileAccessInformation,FileNameInformation,
            FileRenameInformation,FileLinkInformation,
            FileNamesInformation,FileDispositionInformation,
            FilePositionInformation,FileFullEaInformation,
            FileModeInformation,FileAlignmentInformation,
            FileAllInformation,FileAllocationInformation,
            FileEndOfFileInformation,FileAlternateNameInformation,
            FileStreamInformation,FilePipeInformation,
            FilePipeLocalInformation,FilePipeRemoteInformation,
            FileMailslotQueryInformation,FileMailslotSetInformation,
            FileCompressionInformation,FileCopyOnWriteInformation,
            FileCompletionInformation,FileMoveClusterInformation,
            FileOleClassIdInformation,FileOleStateBitsInformation,
            FileNetworkOpenInformation,FileObjectIdInformation,
            FileOleAllInformation,FileOleDirectoryInformation,
            FileContentIndexInformation,FileInheritContentIndexInformation,
            FileOleInformation,FileMaximumInformation
      );
      FILE_INFORMATION_CLASS = TFileInformationClass;
      PFileInformationClass = ^TFileInformationClass;

// Define the various structures which are returned on query operations
type
      TFileBasicInformation = record
            CreationTime   : LARGE_INTEGER;
            LastAccessTime : LARGE_INTEGER;
            LastWriteTime  : LARGE_INTEGER;
            ChangeTime     : LARGE_INTEGER;
            FileAttributes : ULONG;
      end;
      FILE_BASIC_INFORMATION = TFileBasicInformation;
      PFileBasicInformation = ^TFileBasicInformation;

      TFileStandardInformation = packed record
            AllocationSize : LARGE_INTEGER;
            EndOfFile      : LARGE_INTEGER;
            NumberOfLinks  : ULONG;
            DeletePending  : Boolean;
            Directory      : Boolean;
      end;
      FILE_STANDARD_INFORMATION = TFileStandardInformation;
      PFileStandardInformation = ^TFileStandardInformation;

      TFilePositionInformation = record
            CurrentByteOffset : LARGE_INTEGER;
      end;
      FILE_POSITION_INFORMATION = TFilePositionInformation;
      PFilePositionInformation = ^TFilePositionInformation;

      TFileAlignmentInformation = record
            AlignmentRequirement : ULONG;
      end;
      FILE_ALIGNMENT_INFORMATION = TFileAlignmentInformation;
      PFileAlignmentInformation = ^TFileAlignmentInformation;

      TFileNameInformation = packed record
            FileNameLength : ULONG;
            FileName       : Array[0..0] of WideChar;
      end;
      FILE_NAME_INFORMATION = TFileNameInformation;
      PFileNameInformation = ^TFileNameInformation;

      TFileNetworkOpenInformation = record
            CreationTime   : LARGE_INTEGER;
            LastAccessTime : LARGE_INTEGER;
            LastWriteTime  : LARGE_INTEGER;
            ChangeTime     : LARGE_INTEGER;
            AllocationSize : LARGE_INTEGER;
            EndOfFile      : LARGE_INTEGER;
            FileAttributes : ULONG;
      end;
      FILE_NETWORK_OPEN_INFORMATION = TFileNetworkOpenInformation;
      PFileNetworkOpenInformation = ^TFileNetworkOpenInformation;

      TFileAttributeTagInformation = packed record
            FileAttributes : ULONG;
            ReparseTag : ULONG;
      end;
      FILE_ATTRIBUTE_TAG_INFORMATION = TFileAttributeTagInformation;
      PFileAttributeTagInformation = ^TFileAttributeTagInformation;

      TFileDispositionInformation = packed record
            DeleteFile : Boolean;
      end;
      FILE_DISPOSITION_INFORMATION = TFileDispositionInformation;
      PFileDispositionInformation = ^TFileDispositionInformation;

      TFileEndOfFileInformation = record
            EndOfFile : LARGE_INTEGER;
      end;
      FILE_END_OF_FILE_INFORMATION = TFileEndOfFileInformation;
      PFileEndOfFileInformation = ^TFileEndOfFileInformation;

      TFileFullEAIinformation = packed record
            NextEntryOffset : ULONG;
            Flags           : Byte;
            EaNameLength    : Byte;
            EaValueLength   : Word;
            EaName          : Array[0..0] of Char;
      end;
      FILE_FULL_EA_INFORMATION = TFileFullEAIinformation;
      PFileFullEAIinformation = ^TFileFullEAIinformation;

type
      TFileDirectoryInformation = packed record
            NextEntryOffset : ULONG;
            FileIndex       : ULONG;
            CreationTime    : LARGE_INTEGER;
            LastAccessTime  : LARGE_INTEGER;
            LastWriteTime   : LARGE_INTEGER;
            ChangeTime      : LARGE_INTEGER;
            EndOfFile       : LARGE_INTEGER;
            AllocationSize  : LARGE_INTEGER;
            FileAttributes  : ULONG;
            FileNameLength  : ULONG;
            FileName : Array[0..0] of WideChar;
      end;
      FILE_DIRECTORY_INFORMATION = TFileDirectoryInformation;
      PFileDirectoryInformation = ^TFileDirectoryInformation;

type
      TIoApcRoutine = procedure ( ApcContext : Pointer; IoStatusBlock : PIoStatusBlock; Reserved : ULONG ); stdcall;



//-------------------------------------------------------------
// NtCreateFile either causes a new file or directory to be created,
// or it opens an existing file, device, directory, or volume,
// giving the caller a handle for the file object.
// This handle can be used by subsequent calls to manipulate data
// within the file or the file object's state or attributes.
// For example, a driver might call this routine during initialization
//      to open a file of microcode for its device.
function NtCreateFile(
      // Points to a variable that receives the file handle if the call is successful.
      var FileHandle      : THandle;

      // Specifies the type of access that the caller requires to the file or directory.
      const DesiredAccess : ACCESS_MASK;

      // Pointer to a structure that a caller initializes with InitializeObjectAttributes
      var ObjectAttributes    : TNtObjectAttributes;

      // Points to a variable that receives the final completion status
      // and information about the requested operation.
      var IoStatusBlock   : TIoStatusBlock;

      // Optionally specifies the initial allocation size in bytes for the file.
      // A nonzero value has no effect unless the file is being created, overwritten,
      // or superseded.
      AllocationSize      : PLARGE_INTEGER;

      // Explicitly specified attributes are applied only when the file is created,
      // superseded, or, in some cases, overwritten.
  const FileAttributes: ULONG;

      // Specifies the type of share access that the caller would like to the file.
      // Device and intermediate drivers usually set ShareAccess to zero, which gives
      // the caller exclusive access to the open file.
      const ShareAccess       : ULONG;

      // Specifies what to do, depending on whether the file already exists
      const CreateDisposition : ULONG;

      // Specifies the options to be applied when creating or opening the file
      const CreateOptions     : ULONG;

      // For device and intermediate drivers, this parameter must be a NULL pointer
      EaBuffer          : Pointer;

      // For device and intermediate drivers, this parameter must be zero
      EaLength          : ULONG

) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtOpenFile opens an existing file, device, directory, or volume,
// and returns a handle for the file object
function NtOpenFile(
      // Points to a variable that receives the file handle if the call is successful.
      var FileHandle : THandle;

      // Specifies the type of access that the caller requires to the file or directory.
      const      DesiredAccess : ACCESS_MASK;

      // Pointer to a structure that a caller initializes with InitializeObjectAttributes
      var ObjectAttributes : TNtObjectAttributes;

      // Points to a variable that receives the final completion status
      // and information about the requested operation.
      var IoStatusBlock : TIoStatusBlock;

      // Specifies the type of share access that the caller would like to the file.
      // Device and intermediate drivers usually set ShareAccess to zero, which gives
      // the caller exclusive access to the open file.
      const ShareAccess : ULONG;

      // Specifies the options to be applied when opening the file
      const OpenOptions : ULONG
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtQueryInformationFile returns various kinds of information about a given file object
function NtQueryInformationFile(
      const FileHandle : THandle;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Points to a caller-allocated buffer or variable that receives the desired information about the file.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      FileInformation : Pointer;

      // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
      Length : ULONG;

      // Specifies the type of information to be returned about the file.
      FileInformationClass : TFileInformationClass
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtSetInformationFile changes various kinds of information about a given file object.
function NtSetInformationFile(
      FileHandle : THandle;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Points to a buffer or variable containing the information to be set for the file.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      // Setting any member of the structure in this buffer or variable to zero tells NtSetInformationFile
      // to leave the current information about the file for that member unchanged.
      FileInformation : Pointer;

      // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
      Length : ULONG;

      // Specifies the type of information to be reset for file.
      FileInformationClass: TFileInformationClass
) : NTSTATUS; stdcall;


//-------------------------------------------------------------
// Data can be read from an opened file using NtReadFile
function NtReadFile(
      FileHandle : THandle;

      // Specifies an optional handle for an event to be set to the signaled
      // state after the read operation completes.
      // Device and intermediate drivers should set this parameter to NULL.
      Event : THandle;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcRoutine : TIoApcRoutine;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcContext:Pointer;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Pointer to a caller-allocated buffer that receives the data read from the file.
      Buffer : Pointer;

      // Specifies the size in bytes of the given Buffer.
      // A successful call to ZwReadFile returns the given number of bytes from the file,
      // unless this routine reaches the end of file first.
      Length : ULONG;

      // Pointer to a variable that specifies the starting byte offset in the file
      // where the read operation will begin.
      // If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
      ByteOffset : PLARGE_INTEGER;

      // Device and intermediate drivers should set this pointer to NULL.
      Key : PDWORD
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// Data can be written to an open file using NtWriteFile.
function NtWriteFile(
      FileHandle : THandle;

      // Specifies an optional handle for an event to be set to the signaled
      // state after operation completes.
      // Device and intermediate drivers should set this parameter to NULL.
      Event : THandle;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcRoutine : TIoApcRoutine;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcContext:Pointer;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Pointer to a caller-allocated buffer containing the data to be written to the file.
      Buffer : Pointer;

      // Specifies the size in bytes of the given Buffer.
      // A successful call to NtWriteFile transfers the given number of bytes to the file.
      // If necessary, the length of the file is extended.
      Length : ULONG;

      // Pointer to a variable that specifies the starting byte offset in the file
      // where the read operation will begin.
      // If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
      ByteOffset : PLARGE_INTEGER;

      // Device and intermediate drivers should set this pointer to NULL.
      Key : PDWORD
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtClose closes object handles.
// A named object is not actually deleted until all of its valid handles are closed
// and no referenced pointers remain.
function NtClose( Handle : THandle ) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtCreateDirectoryObject creates or opens a directory object, which is a container for other objects.
function NtCreateDirectoryObject(
      // Points to a variable that receives the directory object handle if the call is successful.
      var DirectoryHandle : THandle;

      // Specifies the type of access that the caller requires to the directory object.
      // This value is compared with the granted access on an existing directory object.
      const DesiredAccess : ACCESS_MASK;

      // Points to a structure that specifies the object's attributes,
      // which has already been initialized with InitializeObjectAttributes.
      var ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtOpenDirectoryObject opens a directory object, which is a container for other objects.
function NtOpenDirectoryObject(
      // Points to a variable that receives the directory object handle if the call is successful.
      var DirectoryHandle : THandle;

      // Specifies the type of access that the caller requires to the directory object.
      // This value is compared with the granted access on an existing directory object.
      const DesiredAccess : ACCESS_MASK;

      // Points to a structure that specifies the object's attributes,
      // which has already been initialized with InitializeObjectAttributes.
      var ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// warning: reconstruction
//
// NtQueryDirectoryObject returns various kinds of information about a given directory object
type
      TDirectoryInformationClass = TFileInformationClass; // !!!! It is wrong

      TDirectoryInformationType1 = packed record
            ObjectName     : TNtUnicodeString;
            ObjectTypeName : TNtUnicodeString;
      end;

function NtQueryDirectoryObject(
      const FileHandle : THandle;

      // Points to a caller-allocated buffer or variable that receives the desired information about the directory.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      DirectoryInformation : Pointer;

      // Specifies the size in bytes of DirectoryInformation,
      // which the caller should set according to the given DirectoryInformationClass.
      const Length : ULONG;

      // Specifies the type of information to be returned about the file.
      DirectoryInformationClass : TDirectoryInformationClass; // ??? = 1

      // False for first call
  RestartScan : Boolean;

      var dwIndex : DWORD;

      var cbBytesReturned : DWORD

) : NTSTATUS; stdcall;


//-------------------------------------------------------------
function NtQueryDirectoryFile(
      const FileHandle : THandle;

      // Specifies an optional handle for an event to be set to the signaled
      // state after operation completes.
      // Device and intermediate drivers should set this parameter to NULL.
      const Event : THandle;

      // set this pointer to NULL.
      ApcRoutine : TIoApcRoutine;

      // set this pointer to NULL.
      ApcContext : Pointer;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Points to a caller-allocated buffer or variable that receives the desired information about file from directory.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      FileInformation : Pointer;

      // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
      Length : ULONG;

      // Specifies the type of information to be returned about the file.
      FileInformationClass: TFileInformationClass;

      ReturnSingleEntry : Boolean;

      FileName : PNtUnicodeString;

      // False for first call
  RestartScan : Boolean
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtMakeTemporaryObject changes the attributes of an object to make it temporary.
function NtMakeTemporaryObject( Handle : THandle ) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtOpenSection opens a handle for an existing section object.
function NtOpenSection(
      // Points to a variable that will receive the section object handle if this call is successful.
      out SectionHandle : THandle;

      // Specifies a mask representing the requested access to the object.
      const DesiredAccess : ACCESS_MASK;

      // Points to the initialized object attributes of the section to be opened.
      ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtMapViewOfSection maps a view of a section into the virtual address space of a subject process.
function NtMapViewOfSection(
      // Is the handle returned by a successful call to NtOpenSection.
      SectionHandle : THandle;

      // Is the handle of an opened process object, representing the process for which the view should be mapped.
      ProcessHandle : THandle;

      // Points to a variable that will receive the base address of the view.
      // If the initial value of this argument is nonNULL,
      // the view is allocated starting at the specified virtual address
      // rounded down to the next 64-kilobyte address boundary.
      var BaseAddress : Pointer;

      // Specifies the number of high-order address bits that must be zero
      // in the base address of the section view.
      // The value of this argument must be less than 21 and is used only
      // when the operating system determines where to allocate the view, as when BaseAddress is NULL.
      ZeroBits : ULONG;

      // Specifies the size, in bytes, of the initially committed region of the view.
      // CommitSize is only meaningful for page-file backed sections.
      // For mapped sections, both data and image are always committed at section creation time.
      // This parameter is ignored for mapped files. This value is rounded up to the next host-page-size boundary.
      CommitSize : ULONG;

      // Points to the offset, in bytes, from the beginning of the section to the view.
      // If this pointer is nonNULL, the given value is rounded down to the next allocation granularity size boundary.
      SectionOffset : PLARGE_INTEGER;

      // Points to a variable that will receive the actual size, in bytes, of the view.
      // If the value of this parameter is zero, a view of the section will be mapped starting
      // at the specified section offset and continuing to the end of the section.
      // Otherwise, the initial value of this argument specifies the size of the view,
      // in bytes, and is rounded up to the next host page-size boundary.
      ViewSize : DWORD;

      // Specifies how the view is to be shared by a child process
      // created with a create process operation.
      // Device and intermediate drivers should set this parameter to ViewNone.
      InheritDisposition : SECTION_INHERIT;

      // A set of flags that describes the type of allocation to be performed for the specified region of pages.
      AllocationType : ULONG;

      // Specifies the protection for the region of initially committed pages.
      // Device and intermediate drivers should set this value to PAGE_READWRITE.
      Protect : ULONG
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtUnmapViewOfSection unmaps a view of a section from the virtual address space of a subject process.
function NtUnmapViewOfSection(
      // Specifies an open handle of the process that was passed in a preceding call to NtMapViewOfSection.
      const ProcessHandle : THandle;

      // Points to the base virtual address of the view that is to be unmapped.
      // This value can be any virtual address within the view.
      const BaseAddress : Pointer
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtSetInformationThread can be called to set the priority of a thread for which the caller has a handle.
function NtSetInformationThread(
      // Is the open handle for a thread.
      ThreadHandle : THandle;

      // Is one of the system-defined values ThreadPriority or ThreadBasePriority.
      ThreadInformationClass : THREADINFOCLASS;

      // Points to a variable specifying the information to be set.
      // If ThreadInformationClass is ThreadPriority, this value must be > LOW_PRIORITY and <= HIGH_PRIORITY.
      // If ThreadInformationClass is ThreadBasePriority, this value must fall within the system's
      // valid base priority range and the original priority class for the given thread:
      // that is, if a thread's priority class is variable, that thread's base priority cannot be reset to a real-time priority value and vice versa.
      ThreadInformation : Pointer;

      // Is the size in bytes of ThreadInformation, which must be at least sizeof(KPRIORITY).
      ThreadInformationLength : ULONG
) : NTSTATUS; stdcall;

{function NtCreateKey(
      out KeyHandle : THandle;
      const DesiredAccess : ACCESS_MASK;
      ObjectAttributes : TNtObjectAttributes;
      TitleIndex:ULONG;
      ObjectClass : PNtUnicodeString;
      CreateOptions:ULONG;
       Disposition:PULONG
 ) : NTSTATUS; stdcall;

function NtOpenKey(
      out KeyHandle : THandle;
       DesiredAccess : ACCESS_MASK;
      ObjectAttributes : PNtObjectAttributes
) : NTSTATUS; stdcall;

function NtDeleteKey( KeyHandle : THandle ) : NTSTATUS; stdcall;

function NtEnumerateKey(
      KeyHandle : THandle;
       Index:ULONG;
       KeyInformationClass : KEY_INFORMATION_CLASS;
       KeyInformation : Pointer;
       Length : ULONG;
       ResultLength : PDWORD
) : NTSTATUS; stdcall;

function NtEnumerateValueKey(
       KeyHandle : THandle;
       Index : ULONG;
       KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
       KeyValueInformation : Pointer;
       Length:ULONG;
      ResultLength : PULONG
) : NTSTATUS; stdcall;

function NtFlushKey( KeyHandle : THandle ) : NTSTATUS; stdcall;

function NtQueryKey(
      KeyHandle : THandle;
      KeyInformationClass : KEY_INFORMATION_CLASS;
      KeyInformation:Pointer;
      Length : ULONG;
       ResultLength : PDWORD
) : NTSTATUS; stdcall;

function NtQueryValueKey(
      KeyHandle : THandle;
      ValueName : PUNICODE_STRING;
      KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
      KeyValueInformation : Pointer;
      Length : ULONG;
      ResultLength : PDWORD
) : NTSTATUS; stdcall;

function NtSetValueKey(
      KeyHandle : THandle;
      ValueName : PUNICODE_STRING;
      TitleIndex : ULONG;
      Type : ULONG;
      Data : Pointer;
      DataSize : ULONG
) : NTSTATUS; stdcall;
}

//-------------------------------------------------------------
// NtOpenSymbolicLinkObject returns a handle to an existing symbolic link.
function NtOpenSymbolicLinkObject(
      // Points to a returned handle for the symbolic link object specified in ObjectAttributes if the call was successful.
      var LinkHandle : THandle;

      // Specifies the type of access that the caller requires to the key.
      // This is most commonly GENERIC_READ access such that the returned handle can be used with NtQuerySymbolicLinkObject.
      const DesiredAccess : ACCESS_MASK;

      // Points to the initialized object attributes for the symbolic link being opened.
      // An ObjectName string for the symbolic link must be specified.
      ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtQuerySymbolicLinkObject returns a Unicode string containing the target of the symbolic link.
function NtQuerySymbolicLinkObject(
      // Specifies a valid handle to an open symbolic link object obtained by calling ZwOpenSymbolicLinkObject.
      LinkHandle : THandle;

      // Points to an initialized Unicode string that contains the target of the symbolic link,
      // specified by LinkHandle, if the call was successful.
      LinkTarget : TNtUnicodeString;

      // Optionally, points to a unsigned long integer that on input contains the maximum number of bytes
      // to copy into the Unicode string at LinkTarget.
      // On output, the unsigned long integer contains the length of the Unicode string
      // naming the target of the symbolic link.
      ReturnedLength : PDWORD
) : NTSTATUS; stdcall;

{
function NtCreateTimer(
      out TimerHandle : THandle;
      const DesiredAccess : ACCESS_MASK;
      ObjectAttributes : TNtObjectAttributes;
      const TimerType : TIMER_TYPE
) : NTSTATUS; stdcall;

function NtOpenTimer(
      out TimerHandle : THandle;
      const DesiredAccess : ACCESS_MASK;
      ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

function NtCancelTimer(
      TimerHandle : THandle;
      CurrentState : PBoolean
) : NTSTATUS; stdcall;

function NtSetTimer(
      TimerHandle : THandle;
      DueTime : PLARGE_INTEGER;
      TimerApcRoutine : PTIMER_APC_ROUTINE;
      TimerContext : Pointer;
      WakeTimer : Boolean;
      Period : DWORD;
      PreviousState : PBoolean
) : NTSTATUS; stdcall;
}


//-------------------------------------------------------------
procedure InitializeObjectAttributes(
      InitializedAttributes : PNtObjectAttributes;
      pObjectName : PNtUnicodeString;
      const uAttributes : ULONG;
      const hRootDirectory : THandle;
      pSecurityDescriptor : PSECURITY_DESCRIPTOR
);


//-------------------------------------------------------------
var
      NLS_MB_CODE_PAGE_TAG : Boolean; // TRUE -> Multibyte CP, FALSE -> Singlebyte
//NLS_MB_OEM_CODE_PAGE_TAG : Boolean; // TRUE -> Multibyte CP, FALSE -> Singlebyte

//=============================================================
implementation

const
      DLL = 'ntdll.dll';

var
       AnsiCPInfo: TCPInfo;

function  RtlNtStatusToDosError; external DLL name 'RtlNtStatusToDosError';

procedure RtlInitString; external DLL name 'RtlInitString';
procedure RtlInitAnsiString;      external DLL name 'RtlInitAnsiString';
procedure RtlCopyString;      external DLL name 'RtlCopyString';
function  RtlUpperChar;      external DLL name 'RtlUpperChar';
function  RtlCompareString;      external DLL name 'RtlCompareString';
function  RtlEqualString;      external DLL name 'RtlEqualString';
procedure RtlUpperString;      external DLL name 'RtlUpperString';
procedure RtlFreeAnsiString;      external DLL name 'RtlFreeAnsiString';

procedure RtlInitUnicodeString;      external DLL name 'RtlInitUnicodeString';
function  RtlAnsiStringToUnicodeString;      external DLL name 'RtlAnsiStringToUnicodeString';
function  RtlUnicodeStringToAnsiString;      external DLL name 'RtlUnicodeStringToAnsiString';
function  RtlCompareUnicodeString;      external DLL name 'RtlCompareUnicodeString';
function  RtlEqualCompareUnicodeString;      external DLL name 'RtlEqualCompareUnicodeString';
function  RtlPrefixUnicodeString;      external DLL name 'RtlPrefixUnicodeString';
function  RtlUpcaseUnicodeString;      external DLL name 'RtlUpcaseUnicodeString';
procedure RtlCopyUnicodeString;      external DLL name 'RtlCopyUnicodeString';
function  RtlAppendUnicodeStringToString;      external DLL name 'RtlAppendUnicodeStringToString';
function  RtlAppendUnicodeToString;      external DLL name 'RtlAppendUnicodeToString';
function  RtlUpcaseUnicodeChar;      external DLL name 'RtlUpcaseUnicodeChar';
procedure RtlFreeUnicodeString;      external DLL name 'RtlFreeUnicodeString';
function  RtlxAnsiStringToUnicodeSize;      external DLL name 'RtlxAnsiStringToUnicodeSize';

function NtCreateFile;      external DLL name 'NtCreateFile';
function NtOpenFile;      external DLL name 'NtOpenFile';
function NtQueryInformationFile;      external DLL name 'NtQueryInformationFile';
function NtSetInformationFile;      external DLL name 'NtSetInformationFile';
function NtWriteFile;      external DLL name 'NtWriteFile';
function NtReadFile;      external DLL name 'NtReadFile';
function NtClose;      external DLL name 'NtClose';
function NtCreateDirectoryObject;      external DLL name 'NtCreateDirectoryObject';
function NtOpenDirectoryObject;      external DLL name 'NtOpenDirectoryObject';
function NtQueryDirectoryObject;      external DLL name 'NtQueryDirectoryObject';
function NtQueryDirectoryFile; external DLL name 'NtQueryDirectoryFile';
function NtMakeTemporaryObject;      external DLL name 'NtMakeTemporaryObject';
function NtOpenSection;      external DLL name 'NtOpenSection';
function NtMapViewOfSection;      external DLL name 'NtMapViewOfSection';
function NtUnmapViewOfSection;      external DLL name 'NtUnmapViewOfSection';
function NtOpenSymbolicLinkObject;      external DLL name 'NtOpenSymbolicLinkObject';
function NtQuerySymbolicLinkObject;      external DLL name 'NtQuerySymbolicLinkObject';
function NtSetInformationThread;      external DLL name 'NtSetInformationThread';

//-------------------------------------------------------------
function RtlAnsiStringToUnicodeSize(  NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
begin
      if NtAnsiString=nil then Result := 0
      else if NLS_MB_CODE_PAGE_TAG then Result := RtlxAnsiStringToUnicodeSize(NtAnsiString)
      else Result := (NtAnsiString^.Length+1)*AnsiCPInfo.MaxCharSize;
end;
//-------------------------------------------------------------
procedure InitializeObjectAttributes(
      InitializedAttributes : PNtObjectAttributes;
      pObjectName : PNtUnicodeString;
      const uAttributes : ULONG;
      const hRootDirectory : THandle;
      pSecurityDescriptor : PSECURITY_DESCRIPTOR
);
begin
      with InitializedAttributes^ do
      begin
            Length := SizeOf(TNtObjectAttributes);
            ObjectName := pObjectName;
            Attributes := uAttributes;
            RootDirectory := hRootDirectory;
            SecurityDescriptor := pSecurityDescriptor;
            SecurityQualityOfService := nil;
      end;
end;


//=============================================================
initialization
  Windows.GetCPInfo(CP_ACP,AnsiCPInfo);
  with AnsiCPInfo do NLS_MB_CODE_PAGE_TAG := MaxCharSize<>1;
end.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:plasmatek
Comment Utility
Thanks a lot for that but unfortunately it doesn't include the key functions I need, such as NTQuerySystemInformation etc (the ones listed in the C++ header I pasted). :(
0
 
LVL 9

Expert Comment

by:ginsonic
Comment Utility
listening
0
 
LVL 11

Expert Comment

by:robert_marquardt
Comment Utility
The above C++ code is not directly convertible to Delphi.
A C++ class is simply incompatible with Delphi.
If you do not have the C++ source of the implementation of the class then you are simply screwed.
0
 
LVL 1

Expert Comment

by:pnh73
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept Answer from AvonWyss

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Paul (pnh73)
EE Cleanup Volunteer
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now