Solved

Need c++ header converter to delphi (NTDLL.dll) - native win2k/xp api.

Posted on 2002-04-07
7
6,124 Views
Last Modified: 2010-07-18
I need this header converter to pascal so I can use it in delphi. It is an import library for some of the functions ntdll.dll (The windows 2000/XP native API).

As an alternative, if you have some source code for delphi for enumerating open handles in another process
(in particular file and socket handles), I will give the points for that also.

Thanks,
James.

----FILE BELOW----

// Written by Zoltan Csizmadia, zoltan_csizmadia@yahoo.com
// For companies(Austin,TX): If you would like to get my resume, send an email.
//
// The source is free, but if you want to use it, mention my name and e-mail address
//
//////////////////////////////////////////////////////////////////////////////////////
//
// SystemInfo.h, v1.1

#ifndef SYSTEMINFO_H_INCLUDED
#define SYSTEMINFO_H_INCLUDED

#ifndef WINNT
#error You need Windows NT to use this source code. Define WINNT!
#endif

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#pragma warning( disable : 4786 )
#pragma warning( disable : 4200 )

#include <afxtempl.h>

//////////////////////////////////////////////////////////////////////////////////////
//
// Typedefs
//
//////////////////////////////////////////////////////////////////////////////////////

typedef struct _UNICODE_STRING
{
      WORD  Length;
      WORD  MaximumLength;
      PWSTR Buffer;
} UNICODE_STRING;

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemInfoUtils
//
//////////////////////////////////////////////////////////////////////////////////////

// Helper functions

class SystemInfoUtils
{
public:

      //////////////////////////////////////////////////////////////////////////////////
      // String conversion functions

      // From wide char string to CString
      static void LPCWSTR2CString( LPCWSTR strW, CString& str );
      // From unicode string to CString
      static void Unicode2CString( UNICODE_STRING* strU, CString& str );

      //////////////////////////////////////////////////////////////////////////////////
      // File name conversion functions

      static BOOL GetDeviceFileName( LPCTSTR, CString& );
      static BOOL GetFsFileName( LPCTSTR, CString& );

      //////////////////////////////////////////////////////////////////////////////////
      // Information functions

      static DWORD GetNTMajorVersion();
};

//////////////////////////////////////////////////////////////////////////////////////
//
// INtDll
//
//////////////////////////////////////////////////////////////////////////////////////

class INtDll
{
public:
      typedef DWORD (WINAPI *PNtQueryObject)( HANDLE, DWORD, VOID*, DWORD, VOID* );
      typedef DWORD (WINAPI *PNtQuerySystemInformation)( DWORD, VOID*, DWORD, ULONG* );
      typedef DWORD (WINAPI *PNtQueryInformationThread)(HANDLE, ULONG, PVOID,      DWORD, DWORD* );
      typedef DWORD (WINAPI *PNtQueryInformationFile)(HANDLE, PVOID,      PVOID, DWORD, DWORD );
      typedef DWORD (WINAPI *PNtQueryInformationProcess)(HANDLE, DWORD, PVOID, DWORD, PVOID );
      
public:
      static PNtQuerySystemInformation      NtQuerySystemInformation;
      static PNtQueryObject                        NtQueryObject;
      static PNtQueryInformationThread      NtQueryInformationThread;
      static PNtQueryInformationFile            NtQueryInformationFile;
      static PNtQueryInformationProcess      NtQueryInformationProcess;

      static BOOL                                          NtDllStatus;

      static DWORD                                    dwNTMajorVersion;

protected:
      static BOOL Init();
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemProcessInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemProcessInformation : public INtDll
{
public:
      typedef LARGE_INTEGER   QWORD;

      typedef struct _PROCESS_BASIC_INFORMATION {
                  DWORD ExitStatus;
                  PVOID PebBaseAddress;
                  DWORD AffinityMask;
                  DWORD BasePriority;
                  DWORD UniqueProcessId;
                  DWORD InheritedFromUniqueProcessId;
            } PROCESS_BASIC_INFORMATION;

      typedef struct _VM_COUNTERS
            {
            DWORD PeakVirtualSize;
            DWORD VirtualSize;
            DWORD PageFaultCount;
            DWORD PeakWorkingSetSize;
            DWORD WorkingSetSize;
            DWORD QuotaPeakPagedPoolUsage;
            DWORD QuotaPagedPoolUsage;
            DWORD QuotaPeakNonPagedPoolUsage;
            DWORD QuotaNonPagedPoolUsage;
            DWORD PagefileUsage;
            DWORD PeakPagefileUsage;
            } VM_COUNTERS;

      typedef struct _SYSTEM_THREAD
            {
            DWORD        u1;
            DWORD        u2;
            DWORD        u3;
            DWORD        u4;
            DWORD        ProcessId;
            DWORD        ThreadId;
            DWORD        dPriority;
            DWORD        dBasePriority;
            DWORD        dContextSwitches;
            DWORD        dThreadState;      // 2=running, 5=waiting
            DWORD        WaitReason;
            DWORD        u5;
            DWORD        u6;
            DWORD        u7;
            DWORD        u8;
            DWORD        u9;
            } SYSTEM_THREAD;

      typedef struct _SYSTEM_PROCESS_INFORMATION
            {
            DWORD          dNext;
            DWORD          dThreadCount;
            DWORD          dReserved01;
            DWORD          dReserved02;
            DWORD          dReserved03;
            DWORD          dReserved04;
            DWORD          dReserved05;
            DWORD          dReserved06;
            QWORD          qCreateTime;
            QWORD          qUserTime;
            QWORD          qKernelTime;
            UNICODE_STRING usName;
            DWORD             BasePriority;
            DWORD          dUniqueProcessId;
            DWORD          dInheritedFromUniqueProcessId;
            DWORD          dHandleCount;
            DWORD          dReserved07;
            DWORD          dReserved08;
            VM_COUNTERS    VmCounters;
            DWORD          dCommitCharge;
            SYSTEM_THREAD  Threads[1];
            } SYSTEM_PROCESS_INFORMATION;

      enum { BufferSize = 0x10000 };

public:
      SystemProcessInformation( BOOL bRefresh = FALSE );
      virtual ~SystemProcessInformation();

      BOOL Refresh();

public:
      CMap< DWORD, DWORD&, SYSTEM_PROCESS_INFORMATION*, SYSTEM_PROCESS_INFORMATION*> m_ProcessInfos;
      SYSTEM_PROCESS_INFORMATION* m_pCurrentProcessInfo;

protected:
      UCHAR*                                    m_pBuffer;
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemThreadInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemThreadInformation : public INtDll
{
public:
      typedef struct _THREAD_INFORMATION
            {
            DWORD            ProcessId;
            DWORD            ThreadId;
            HANDLE            ThreadHandle;      
            } THREAD_INFORMATION;

      
      typedef struct _BASIC_THREAD_INFORMATION {
            DWORD u1;
            DWORD u2;
            DWORD u3;
            DWORD ThreadId;
            DWORD u5;
            DWORD u6;
            DWORD u7;
      } BASIC_THREAD_INFORMATION;

public:
      SystemThreadInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );

      BOOL Refresh();

public:
      CList< THREAD_INFORMATION, THREAD_INFORMATION& > m_ThreadInfos;
      DWORD m_processId;
};


//////////////////////////////////////////////////////////////////////////////////////
//
// SystemHandleInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemHandleInformation : public INtDll
{
public:
      enum {
            OB_TYPE_UNKNOWN = 0,
            OB_TYPE_TYPE = 1,
            OB_TYPE_DIRECTORY,
            OB_TYPE_SYMBOLIC_LINK,
            OB_TYPE_TOKEN,
            OB_TYPE_PROCESS,
            OB_TYPE_THREAD,
            OB_TYPE_UNKNOWN_7,
            OB_TYPE_EVENT,
            OB_TYPE_EVENT_PAIR,
            OB_TYPE_MUTANT,
            OB_TYPE_UNKNOWN_11,
            OB_TYPE_SEMAPHORE,
            OB_TYPE_TIMER,
            OB_TYPE_PROFILE,
            OB_TYPE_WINDOW_STATION,
            OB_TYPE_DESKTOP,
            OB_TYPE_SECTION,
            OB_TYPE_KEY,
            OB_TYPE_PORT,
            OB_TYPE_WAITABLE_PORT,
            OB_TYPE_UNKNOWN_21,
            OB_TYPE_UNKNOWN_22,
            OB_TYPE_UNKNOWN_23,
            OB_TYPE_UNKNOWN_24,
            //OB_TYPE_CONTROLLER,
            //OB_TYPE_DEVICE,
            //OB_TYPE_DRIVER,
            OB_TYPE_IO_COMPLETION,
            OB_TYPE_FILE                        
      } SystemHandleType;

public:
      typedef struct _SYSTEM_HANDLE
      {
            DWORD      ProcessID;
            WORD      HandleType;
            WORD      HandleNumber;
            DWORD      KernelAddress;
            DWORD      Flags;
      } SYSTEM_HANDLE;

      typedef struct _SYSTEM_HANDLE_INFORMATION
      {
            DWORD                  Count;
            SYSTEM_HANDLE      Handles[1];
      } SYSTEM_HANDLE_INFORMATION;

protected:
      typedef struct _GetFileNameThreadParam
      {
            HANDLE            hFile;
            CString*      pName;
            ULONG            rc;
      } GetFileNameThreadParam;

public:
      SystemHandleInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE, LPCTSTR lpTypeFilter = NULL );
      ~SystemHandleInformation();

      BOOL SetFilter( LPCTSTR lpTypeFilter, BOOL bRefresh = TRUE );
      const CString& GetFilter();
      
      BOOL Refresh();

public:
      //Information functions
      static BOOL GetType( HANDLE, WORD&, DWORD processId = GetCurrentProcessId() );
      static BOOL GetTypeToken( HANDLE, CString&, DWORD processId = GetCurrentProcessId() );
      static BOOL GetTypeFromTypeToken( LPCTSTR typeToken, WORD& type );
      static BOOL GetNameByType( HANDLE, WORD, CString& str, DWORD processId = GetCurrentProcessId());
      static BOOL GetName( HANDLE, CString&, DWORD processId = GetCurrentProcessId() );

      //Thread related functions
      static BOOL GetThreadId( HANDLE, DWORD&, DWORD processId = GetCurrentProcessId() );

      //Process related functions
      static BOOL GetProcessId( HANDLE, DWORD&, DWORD processId = GetCurrentProcessId() );
      static BOOL GetProcessPath( HANDLE h, CString& strPath, DWORD processId = GetCurrentProcessId());

      //File related functions
      static BOOL GetFileName( HANDLE, CString&, DWORD processId = GetCurrentProcessId() );

public:
      //For remote handle support
      static HANDLE OpenProcess( DWORD processId );
      static HANDLE DuplicateHandle( HANDLE hProcess, HANDLE hRemote );

protected:
      static void GetFileNameThread( PVOID /* GetFileNameThreadParam* */ );
      BOOL IsSupportedHandle( SYSTEM_HANDLE& handle );

public:
      CList< SYSTEM_HANDLE, SYSTEM_HANDLE& > m_HandleInfos;
      DWORD      m_processId;

protected:
      CString      m_strTypeFilter;
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemModuleInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemModuleInformation
{
public:
      typedef struct _MODULE_INFO
      {
            DWORD      ProcessId;
            TCHAR      FullPath[_MAX_PATH];
            HMODULE Handle;
      } MODULE_INFO;

public:
      typedef DWORD (WINAPI *PEnumProcessModules)(
                        HANDLE hProcess,      // handle to process
                        HMODULE *lphModule,   // array of module handles
                        DWORD cb,             // size of array
                        LPDWORD lpcbNeeded    // number of bytes required
                  );

      typedef DWORD (WINAPI *PGetModuleFileNameEx)(
                        HANDLE hProcess,    // handle to process
                        HMODULE hModule,    // handle to module
                        LPTSTR lpFilename,  // path buffer
                        DWORD nSize         // maximum characters to retrieve
                  );

public:
      SystemModuleInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );

      BOOL Refresh();

protected:
      void GetModuleListForProcess( DWORD processID );

public:
      DWORD m_processId;
      CList< MODULE_INFO, MODULE_INFO& > m_ModuleInfos;

protected:
      PEnumProcessModules            m_EnumProcessModules;
      PGetModuleFileNameEx      m_GetModuleFileNameEx;
};

//////////////////////////////////////////////////////////////////////////////////////
//
// SystemWindowInformation
//
//////////////////////////////////////////////////////////////////////////////////////

class SystemWindowInformation
{
public:
      enum { MaxCaptionSize = 1024 };

      typedef struct _WINDOW_INFO
      {
            DWORD      ProcessId;
            TCHAR      Caption[MaxCaptionSize];
            HWND      hWnd;
      } WINDOW_INFO;

public:
      SystemWindowInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );

      BOOL Refresh();

protected:
      static BOOL CALLBACK EnumerateWindows( HWND hwnd, LPARAM lParam );
      
public:
      DWORD m_processId;
      CList< WINDOW_INFO, WINDOW_INFO& > m_WindowInfos;
};

#endif
0
Comment
Question by:plasmatek
7 Comments
 
LVL 1

Author Comment

by:plasmatek
ID: 6923759
As an alternative, if you have some source code for delphi for enumerating open handles in another process (in particular file and socket handles), I will give the points for that also.
0
 
LVL 11

Expert Comment

by:robert_marquardt
ID: 6923872
http://delphi-jedi.org/APILIBRARY
Most probably the Win32 conversion contains this file.
If not ask Marcel van Brakel.
0
 
LVL 14

Accepted Solution

by:
AvonWyss earned 200 total points
ID: 6923907
I haven't seen them in the JEDI project. But here they are:

// ntdll.dll functions definitions - NT Native API
// Some of these functions are described in Win NT/2000 DDK (Rtl*,Zw* functions)
// see also http://www.sysinternals.com/ntdll.htm

unit ntdll;



interface

uses Windows;

type
      PLARGE_INTEGER = ^LARGE_INTEGER;

//-------------------------------------------------------------
type
      NTSTATUS = LongInt;

const
      STATUS_SUCCESS           = NTSTATUS(0);

      STATUS_NO_MORE_DATA      = NTSTATUS($8000001a);
      STATUS_NO_MORE_FILES     = NTSTATUS($80000006);
      STATUS_INVALID_PARAMETER = NTSTATUS($C000000D);

function RtlNtStatusToDosError( const Status : NTSTATUS ) : DWORD; stdcall;

//-------------------------------------------------------------
// Counted String
type
      TNtAnsiString = packed record
            Length        : Word;
            MaximumLength : Word;
            Buffer        : PChar;
      end;
      PNtAnsiString = ^TNtAnsiString;
      ANSI_STRING = TNtAnsiString;

      TNtUnicodeString = packed record
            Length        : Word;
            MaximumLength : Word;
            Buffer        : PWideChar;
      end;
      UNICODE_STRING = TNtUnicodeString;
      PNtUnicodeString = ^TNtUnicodeString;

procedure RtlInitString( DestinationString : PNtAnsiString; SourceString : PChar ); stdcall;
procedure RtlInitAnsiString( DestinationString : PNtAnsiString; SourceString : PChar ); stdcall;
procedure RtlCopyString( DestinationString : PNtAnsiString; SourceString : PNtAnsiString ); stdcall;
function  RtlUpperChar ( Character : Char ) : Char; stdcall;
function  RtlCompareString( String1, String2 : PNtAnsiString; CaseInSensitive : Boolean ) : LongInt; stdcall;
function  RtlEqualString( String1, String2 : PNtAnsiString; CaseInSensitive : Boolean ) : Boolean; stdcall;
procedure RtlUpperString( DestinationString : PNtAnsiString; SourceString : PNtAnsiString ); stdcall;
procedure RtlFreeAnsiString( NtAnsiString : PNtAnsiString ); stdcall;

//-------------------------------------------------------------
// NLS String functions
procedure RtlInitUnicodeString( DestinationString : PNtAnsiString; SourceString : PWideChar ); stdcall;
function  RtlAnsiStringToUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtAnsiString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
function  RtlUnicodeStringToAnsiString( DestinationString : PNtAnsiString; SourceString : PNtUnicodeString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
function  RtlCompareUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : LongInt; stdcall;
function  RtlEqualCompareUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : Boolean; stdcall;
function  RtlPrefixUnicodeString( String1, String2 : PNtUnicodeString; CaseInSensitive : Boolean ) : Boolean; stdcall;
function  RtlUpcaseUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString; AllocateDestinationString : Boolean ) : NTSTATUS; stdcall;
procedure RtlCopyUnicodeString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString ); stdcall;
function  RtlAppendUnicodeStringToString( DestinationString : PNtUnicodeString; SourceString : PNtUnicodeString ): NTSTATUS; stdcall;
function  RtlAppendUnicodeToString( DestinationString : PNtUnicodeString; SourceString : PWideChar ): NTSTATUS; stdcall;
function  RtlUpcaseUnicodeChar( SourceCharacter : WideChar ) : WideChar; stdcall;
procedure RtlFreeUnicodeString( UnicodeString : PNtUnicodeString ); stdcall;
function  RtlxAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
function  RtlAnsiStringToUnicodeSize( NtAnsiString : PNtAnsiString ) : DWORD; stdcall;


//=============================================================
// The following are definitions for documented and undocumented native APIs
// and structures.

type

      TNtObjectAttributes = packed record
            Length                   : ULONG; // = SizeOf(OBJECT_ATTRIBUTES)

            // Optionally specifies a handle to a directory obtained by a preceding call to NtCreateFile.
            // If this value is NULL, the ObjectName member must be a fully qualified file specification
            // that includes the full path to the target file.
            // If this value is nonNULL, the ObjectName member specifies a file name relative to this directory.
            RootDirectory            : THandle;

            ObjectName               : PNtUnicodeString;

            Attributes               : ULONG;
            SecurityDescriptor       : Pointer; // Points to type SECURITY_DESCRIPTOR
            SecurityQualityOfService : Pointer; // Points to type SECURITY_QUALITY_OF_SERVICE
      end;
      OBJECT_ATTRIBUTES = TNtObjectAttributes;
      PNtObjectAttributes = ^TNtObjectAttributes;

// TNtObjectAttributes.Attributes
const
      OBJ_INHERIT          = $00000002;
      OBJ_PERMANENT        = $00000010;
      OBJ_EXCLUSIVE        = $00000020;
      OBJ_CASE_INSENSITIVE = $00000040;
      OBJ_OPENIF           = $00000080;
      OBJ_OPENLINK         = $00000100;
      OBJ_VALID_ATTRIBUTES = $000001F2;

//-------------------------------------------------------------
type
      TIoStatusBlock = packed record
            Status      : NTSTATUS;
            Information : ULONG;
      end;
      IO_STATUS_BLOCK = TIoStatusBlock;
      PIoStatusBlock = ^TIoStatusBlock;

// TIoStatusBlock.Information value
// Define the I/O status information return values for NtCreateFile/NtOpenFile
const
  FILE_SUPERSEDED     = $00000000;
  FILE_OPENED         = $00000001;
  FILE_CREATED        = $00000002;
  FILE_OVERWRITTEN    = $00000003;
  FILE_EXISTS         = $00000004;
  FILE_DOES_NOT_EXIST = $00000005;


//-------------------------------------------------------------
// Define the file attributes values
//
// Note:  0x00000008 is reserved for use for the old DOS VOLID (volume ID)
//        and is therefore not considered valid in NT.
//
// Note:  0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
//        and is therefore not considered valid in NT.  This flag has
//        been disassociated with file attributes since the other flags are
//        protected with READ_ and WRITE_ATTRIBUTES access to the file.
//
// Note:  Note also that the order of these flags is set to allow both the
//        FAT and the Pinball File Systems to directly set the attributes
//        flags in attributes words without having to pick each flag out
//        individually.  The order of these flags should not be changed!
//
const
      FILE_ATTRIBUTE_READONLY            = $00000001;
      FILE_ATTRIBUTE_HIDDEN              = $00000002;
      FILE_ATTRIBUTE_SYSTEM              = $00000004;
//OLD DOS VOLID                        $00000008
      FILE_ATTRIBUTE_DIRECTORY           = $00000010;
      FILE_ATTRIBUTE_ARCHIVE             = $00000020;
      FILE_ATTRIBUTE_DEVICE              = $00000040;
      FILE_ATTRIBUTE_NORMAL              = $00000080;

      FILE_ATTRIBUTE_TEMPORARY           = $00000100;
      FILE_ATTRIBUTE_SPARSE_FILE         = $00000200;
      FILE_ATTRIBUTE_REPARSE_POINT       = $00000400;
      FILE_ATTRIBUTE_COMPRESSED          = $00000800;

      FILE_ATTRIBUTE_OFFLINE             = $00001000;
      FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = $00002000;
      FILE_ATTRIBUTE_ENCRYPTED           = $00004000;

      FILE_ATTRIBUTE_VALID_FLAGS     = $00007fb7;
      FILE_ATTRIBUTE_VALID_SET_FLAGS = $000031a7;
//-------------------------------------------------------------

const
      FILE_READ_DATA        = $0001; // file & pipe
      FILE_LIST_DIRECTORY   = $0001; // directory

      FILE_WRITE_DATA       = $0002; // file & pipe
      FILE_ADD_FILE         = $0002; // directory

      FILE_APPEND_DATA          = $0004; // file
      FILE_ADD_SUBDIRECTORY     = $0004; // directory
      FILE_CREATE_PIPE_INSTANCE = $0004; // named pipe

      FILE_READ_EA              = $0008; // file & directory
      FILE_WRITE_EA             = $0010; // file & directory

      FILE_EXECUTE              = $0020; // file
      FILE_TRAVERSE             = $0020; // directory

      FILE_DELETE_CHILD         = $0040; // directory
      FILE_READ_ATTRIBUTES      = $0080; // all
      FILE_WRITE_ATTRIBUTES     = $0100; // all

      FILE_ALL_ACCESS      = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $01FF;
      FILE_GENERIC_READ    = STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE;
      FILE_GENERIC_WRITE   = STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE;
      FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE;


//-------------------------------------------------------------
// Define the create disposition values
      FILE_SUPERSEDE           = $00000000;
      FILE_OPEN                = $00000001;
      FILE_CREATE              = $00000002;
      FILE_OPEN_IF             = $00000003;
      FILE_OVERWRITE           = $00000004;
      FILE_OVERWRITE_IF        = $00000005;
      FILE_MAXIMUM_DISPOSITION = $00000005;

//-------------------------------------------------------------
// Define the create/open option flags
const
      FILE_DIRECTORY_FILE              = $00000001;
      FILE_WRITE_THROUGH               = $00000002;
      FILE_SEQUENTIAL_ONLY             = $00000004;
      FILE_NO_INTERMEDIATE_BUFFERING   = $00000008;

      FILE_SYNCHRONOUS_IO_ALERT        = $00000010;
      FILE_SYNCHRONOUS_IO_NONALERT     = $00000020;
      FILE_NON_DIRECTORY_FILE          = $00000040;
      FILE_CREATE_TREE_CONNECTION      = $00000080;

      FILE_COMPLETE_IF_OPLOCKED        = $00000100;
      FILE_NO_EA_KNOWLEDGE             = $00000200;
      FILE_OPEN_FOR_RECOVERY           = $00000400;
      FILE_RANDOM_ACCESS               = $00000800;

      FILE_DELETE_ON_CLOSE             = $00001000;
      FILE_OPEN_BY_FILE_ID             = $00002000;
      FILE_OPEN_FOR_BACKUP_INTENT      = $00004000;
      FILE_NO_COMPRESSION              = $00008000;

      FILE_RESERVE_OPFILTER            = $00100000;
      FILE_OPEN_REPARSE_POINT          = $00200000;
      FILE_OPEN_NO_RECALL              = $00400000;
      FILE_OPEN_FOR_FREE_SPACE_QUERY   = $00800000;

      FILE_COPY_STRUCTURED_STORAGE     = $00000041;
      FILE_STRUCTURED_STORAGE          = $00000441;

      FILE_VALID_OPTION_FLAGS          = $00ffffff;
      FILE_VALID_PIPE_OPTION_FLAGS     = $00000032;
      FILE_VALID_MAILSLOT_OPTION_FLAGS = $00000032;
      FILE_VALID_SET_FLAGS             = $00000036;

//-------------------------------------------------------------
// Object Manager Object Type Specific Access Rights.
const
      OBJECT_TYPE_CREATE     = $0001;
      OBJECT_TYPE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;

// Object Manager Directory Specific Access Rights.
      DIRECTORY_QUERY               = $0001;
      DIRECTORY_TRAVERSE            = $0002;
      DIRECTORY_CREATE_OBJECT       = $0004;
      DIRECTORY_CREATE_SUBDIRECTORY = $0008;
      DIRECTORY_ALL_ACCESS          = STANDARD_RIGHTS_REQUIRED or $F;

// Object Manager Symbolic Link Specific Access Rights.
      SYMBOLIC_LINK_QUERY      = $0001;
      SYMBOLIC_LINK_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;

type
      TNtObjectNameInformation = packed record
    Name : UNICODE_STRING;
  end;
      OBJECT_NAME_INFORMATION = TNtObjectNameInformation;
      PNtObjectNameInformation = ^TNtObjectNameInformation;

const
      DUPLICATE_CLOSE_SOURCE    = $00000001;
      DUPLICATE_SAME_ACCESS     = $00000002;
      DUPLICATE_SAME_ATTRIBUTES = $00000004;

//-------------------------------------------------------------
// Section Information Structures.
type
      TSectionInherit = (ViewNone,ViewShare,ViewUnmap);
      SECTION_INHERIT = TSectionInherit;

// Section Access Rights.
const
      SECTION_QUERY       = $0001;
      SECTION_MAP_WRITE   = $0002;
      SECTION_MAP_READ    = $0004;
      SECTION_MAP_EXECUTE = $0008;
      SECTION_EXTEND_SIZE = $0010;

      SECTION_ALL_ACCESS  = STANDARD_RIGHTS_REQUIRED or SECTION_QUERY or SECTION_MAP_WRITE or SECTION_MAP_READ or SECTION_MAP_EXECUTE or SECTION_EXTEND_SIZE;
      SEGMENT_ALL_ACCESS  = SECTION_ALL_ACCESS;

      PAGE_NOACCESS          = $01;
      PAGE_READONLY          = $02;
      PAGE_READWRITE         = $04;
      PAGE_WRITECOPY         = $08;
      PAGE_EXECUTE           = $10;
      PAGE_EXECUTE_READ      = $20;
      PAGE_EXECUTE_READWRITE = $40;
      PAGE_EXECUTE_WRITECOPY = $80;
      PAGE_GUARD             = $100;
      PAGE_NOCACHE           = $200;
      PAGE_WRITECOMBINE      = $400;

      MEM_COMMIT             = $1000;
      MEM_RESERVE            = $2000;
      MEM_DECOMMIT           = $4000;
      MEM_RELEASE            = $8000;
      MEM_FREE               = $10000;
      MEM_PRIVATE            = $20000;
      MEM_MAPPED             = $40000;
      MEM_RESET              = $80000;
      MEM_TOP_DOWN           = $100000;
      MEM_LARGE_PAGES        = $20000000;
      MEM_4MB_PAGES          = $80000000;
      SEC_RESERVE            = $4000000;
      PROCESS_DUP_HANDLE     = $0040;
      PROCESS_ALL_ACCESS     = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $FFF;
//-------------------------------------------------------------
// Process Information Classes
type
      TProcessInfoClass = (ProcessBasicInformation,ProcessQuotaLimits,
            ProcessIoCounters,ProcessVmCounters,
            ProcessTimes,ProcessBasePriority,ProcessRaisePriority,
            ProcessDebugPort,ProcessExceptionPort,
            ProcessAccessToken,ProcessLdtInformation,
            ProcessLdtSize,ProcessDefaultHardErrorMode,
            ProcessIoPortHandlers,ProcessPooledUsageAndLimits,
            ProcessWorkingSetWatch,ProcessUserModeIOPL,
            ProcessEnableAlignmentFaultFixup,ProcessPriorityClass,
            ProcessWx86Information,ProcessHandleCount,
            ProcessAffinityMask,ProcessPriorityBoost,
            ProcessDeviceMap,ProcessSessionInformation,
            ProcessForegroundInformation,ProcessWow64Information,
            MaxProcessInfoClass);
      PROCESSINFOCLASS =  TProcessInfoClass;

// Thread Information Classes
      TThreadInfoClass = (ThreadBasicInformation,ThreadTimes,ThreadPriority,
            ThreadBasePriority,ThreadAffinityMask,
            ThreadImpersonationToken,ThreadDescriptorTableEntry,
            ThreadEnableAlignmentFaultFixup,ThreadEventPair_Reusable,
            ThreadQuerySetWin32StartAddress,ThreadZeroTlsCell,
            ThreadPerformanceCount,ThreadAmILastThread,
            ThreadIdealProcessor,ThreadPriorityBoost,
            ThreadSetTlsArrayAddress,ThreadIsIoPending,
            ThreadHideFromDebugger,MaxThreadInfoClass);
      THREADINFOCLASS = TThreadInfoClass;

//-------------------------------------------------------------
type
      TFileInformationClass = (__FileInformationNone,FileDirectoryInformation,
            FileFullDirectoryInformation,FileBothDirectoryInformation,
            FileBasicInformation,FileStandardInformation,
            FileInternalInformation,FileEaInformation,
            FileAccessInformation,FileNameInformation,
            FileRenameInformation,FileLinkInformation,
            FileNamesInformation,FileDispositionInformation,
            FilePositionInformation,FileFullEaInformation,
            FileModeInformation,FileAlignmentInformation,
            FileAllInformation,FileAllocationInformation,
            FileEndOfFileInformation,FileAlternateNameInformation,
            FileStreamInformation,FilePipeInformation,
            FilePipeLocalInformation,FilePipeRemoteInformation,
            FileMailslotQueryInformation,FileMailslotSetInformation,
            FileCompressionInformation,FileCopyOnWriteInformation,
            FileCompletionInformation,FileMoveClusterInformation,
            FileOleClassIdInformation,FileOleStateBitsInformation,
            FileNetworkOpenInformation,FileObjectIdInformation,
            FileOleAllInformation,FileOleDirectoryInformation,
            FileContentIndexInformation,FileInheritContentIndexInformation,
            FileOleInformation,FileMaximumInformation
      );
      FILE_INFORMATION_CLASS = TFileInformationClass;
      PFileInformationClass = ^TFileInformationClass;

// Define the various structures which are returned on query operations
type
      TFileBasicInformation = record
            CreationTime   : LARGE_INTEGER;
            LastAccessTime : LARGE_INTEGER;
            LastWriteTime  : LARGE_INTEGER;
            ChangeTime     : LARGE_INTEGER;
            FileAttributes : ULONG;
      end;
      FILE_BASIC_INFORMATION = TFileBasicInformation;
      PFileBasicInformation = ^TFileBasicInformation;

      TFileStandardInformation = packed record
            AllocationSize : LARGE_INTEGER;
            EndOfFile      : LARGE_INTEGER;
            NumberOfLinks  : ULONG;
            DeletePending  : Boolean;
            Directory      : Boolean;
      end;
      FILE_STANDARD_INFORMATION = TFileStandardInformation;
      PFileStandardInformation = ^TFileStandardInformation;

      TFilePositionInformation = record
            CurrentByteOffset : LARGE_INTEGER;
      end;
      FILE_POSITION_INFORMATION = TFilePositionInformation;
      PFilePositionInformation = ^TFilePositionInformation;

      TFileAlignmentInformation = record
            AlignmentRequirement : ULONG;
      end;
      FILE_ALIGNMENT_INFORMATION = TFileAlignmentInformation;
      PFileAlignmentInformation = ^TFileAlignmentInformation;

      TFileNameInformation = packed record
            FileNameLength : ULONG;
            FileName       : Array[0..0] of WideChar;
      end;
      FILE_NAME_INFORMATION = TFileNameInformation;
      PFileNameInformation = ^TFileNameInformation;

      TFileNetworkOpenInformation = record
            CreationTime   : LARGE_INTEGER;
            LastAccessTime : LARGE_INTEGER;
            LastWriteTime  : LARGE_INTEGER;
            ChangeTime     : LARGE_INTEGER;
            AllocationSize : LARGE_INTEGER;
            EndOfFile      : LARGE_INTEGER;
            FileAttributes : ULONG;
      end;
      FILE_NETWORK_OPEN_INFORMATION = TFileNetworkOpenInformation;
      PFileNetworkOpenInformation = ^TFileNetworkOpenInformation;

      TFileAttributeTagInformation = packed record
            FileAttributes : ULONG;
            ReparseTag : ULONG;
      end;
      FILE_ATTRIBUTE_TAG_INFORMATION = TFileAttributeTagInformation;
      PFileAttributeTagInformation = ^TFileAttributeTagInformation;

      TFileDispositionInformation = packed record
            DeleteFile : Boolean;
      end;
      FILE_DISPOSITION_INFORMATION = TFileDispositionInformation;
      PFileDispositionInformation = ^TFileDispositionInformation;

      TFileEndOfFileInformation = record
            EndOfFile : LARGE_INTEGER;
      end;
      FILE_END_OF_FILE_INFORMATION = TFileEndOfFileInformation;
      PFileEndOfFileInformation = ^TFileEndOfFileInformation;

      TFileFullEAIinformation = packed record
            NextEntryOffset : ULONG;
            Flags           : Byte;
            EaNameLength    : Byte;
            EaValueLength   : Word;
            EaName          : Array[0..0] of Char;
      end;
      FILE_FULL_EA_INFORMATION = TFileFullEAIinformation;
      PFileFullEAIinformation = ^TFileFullEAIinformation;

type
      TFileDirectoryInformation = packed record
            NextEntryOffset : ULONG;
            FileIndex       : ULONG;
            CreationTime    : LARGE_INTEGER;
            LastAccessTime  : LARGE_INTEGER;
            LastWriteTime   : LARGE_INTEGER;
            ChangeTime      : LARGE_INTEGER;
            EndOfFile       : LARGE_INTEGER;
            AllocationSize  : LARGE_INTEGER;
            FileAttributes  : ULONG;
            FileNameLength  : ULONG;
            FileName : Array[0..0] of WideChar;
      end;
      FILE_DIRECTORY_INFORMATION = TFileDirectoryInformation;
      PFileDirectoryInformation = ^TFileDirectoryInformation;

type
      TIoApcRoutine = procedure ( ApcContext : Pointer; IoStatusBlock : PIoStatusBlock; Reserved : ULONG ); stdcall;



//-------------------------------------------------------------
// NtCreateFile either causes a new file or directory to be created,
// or it opens an existing file, device, directory, or volume,
// giving the caller a handle for the file object.
// This handle can be used by subsequent calls to manipulate data
// within the file or the file object's state or attributes.
// For example, a driver might call this routine during initialization
//      to open a file of microcode for its device.
function NtCreateFile(
      // Points to a variable that receives the file handle if the call is successful.
      var FileHandle      : THandle;

      // Specifies the type of access that the caller requires to the file or directory.
      const DesiredAccess : ACCESS_MASK;

      // Pointer to a structure that a caller initializes with InitializeObjectAttributes
      var ObjectAttributes    : TNtObjectAttributes;

      // Points to a variable that receives the final completion status
      // and information about the requested operation.
      var IoStatusBlock   : TIoStatusBlock;

      // Optionally specifies the initial allocation size in bytes for the file.
      // A nonzero value has no effect unless the file is being created, overwritten,
      // or superseded.
      AllocationSize      : PLARGE_INTEGER;

      // Explicitly specified attributes are applied only when the file is created,
      // superseded, or, in some cases, overwritten.
  const FileAttributes: ULONG;

      // Specifies the type of share access that the caller would like to the file.
      // Device and intermediate drivers usually set ShareAccess to zero, which gives
      // the caller exclusive access to the open file.
      const ShareAccess       : ULONG;

      // Specifies what to do, depending on whether the file already exists
      const CreateDisposition : ULONG;

      // Specifies the options to be applied when creating or opening the file
      const CreateOptions     : ULONG;

      // For device and intermediate drivers, this parameter must be a NULL pointer
      EaBuffer          : Pointer;

      // For device and intermediate drivers, this parameter must be zero
      EaLength          : ULONG

) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtOpenFile opens an existing file, device, directory, or volume,
// and returns a handle for the file object
function NtOpenFile(
      // Points to a variable that receives the file handle if the call is successful.
      var FileHandle : THandle;

      // Specifies the type of access that the caller requires to the file or directory.
      const      DesiredAccess : ACCESS_MASK;

      // Pointer to a structure that a caller initializes with InitializeObjectAttributes
      var ObjectAttributes : TNtObjectAttributes;

      // Points to a variable that receives the final completion status
      // and information about the requested operation.
      var IoStatusBlock : TIoStatusBlock;

      // Specifies the type of share access that the caller would like to the file.
      // Device and intermediate drivers usually set ShareAccess to zero, which gives
      // the caller exclusive access to the open file.
      const ShareAccess : ULONG;

      // Specifies the options to be applied when opening the file
      const OpenOptions : ULONG
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtQueryInformationFile returns various kinds of information about a given file object
function NtQueryInformationFile(
      const FileHandle : THandle;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Points to a caller-allocated buffer or variable that receives the desired information about the file.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      FileInformation : Pointer;

      // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
      Length : ULONG;

      // Specifies the type of information to be returned about the file.
      FileInformationClass : TFileInformationClass
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtSetInformationFile changes various kinds of information about a given file object.
function NtSetInformationFile(
      FileHandle : THandle;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Points to a buffer or variable containing the information to be set for the file.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      // Setting any member of the structure in this buffer or variable to zero tells NtSetInformationFile
      // to leave the current information about the file for that member unchanged.
      FileInformation : Pointer;

      // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
      Length : ULONG;

      // Specifies the type of information to be reset for file.
      FileInformationClass: TFileInformationClass
) : NTSTATUS; stdcall;


//-------------------------------------------------------------
// Data can be read from an opened file using NtReadFile
function NtReadFile(
      FileHandle : THandle;

      // Specifies an optional handle for an event to be set to the signaled
      // state after the read operation completes.
      // Device and intermediate drivers should set this parameter to NULL.
      Event : THandle;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcRoutine : TIoApcRoutine;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcContext:Pointer;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Pointer to a caller-allocated buffer that receives the data read from the file.
      Buffer : Pointer;

      // Specifies the size in bytes of the given Buffer.
      // A successful call to ZwReadFile returns the given number of bytes from the file,
      // unless this routine reaches the end of file first.
      Length : ULONG;

      // Pointer to a variable that specifies the starting byte offset in the file
      // where the read operation will begin.
      // If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
      ByteOffset : PLARGE_INTEGER;

      // Device and intermediate drivers should set this pointer to NULL.
      Key : PDWORD
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// Data can be written to an open file using NtWriteFile.
function NtWriteFile(
      FileHandle : THandle;

      // Specifies an optional handle for an event to be set to the signaled
      // state after operation completes.
      // Device and intermediate drivers should set this parameter to NULL.
      Event : THandle;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcRoutine : TIoApcRoutine;

      // Device and intermediate drivers should set this pointer to NULL.
      ApcContext:Pointer;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Pointer to a caller-allocated buffer containing the data to be written to the file.
      Buffer : Pointer;

      // Specifies the size in bytes of the given Buffer.
      // A successful call to NtWriteFile transfers the given number of bytes to the file.
      // If necessary, the length of the file is extended.
      Length : ULONG;

      // Pointer to a variable that specifies the starting byte offset in the file
      // where the read operation will begin.
      // If an attempt is made to read beyond the end of the file, NtReadFile returns an error.
      ByteOffset : PLARGE_INTEGER;

      // Device and intermediate drivers should set this pointer to NULL.
      Key : PDWORD
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtClose closes object handles.
// A named object is not actually deleted until all of its valid handles are closed
// and no referenced pointers remain.
function NtClose( Handle : THandle ) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtCreateDirectoryObject creates or opens a directory object, which is a container for other objects.
function NtCreateDirectoryObject(
      // Points to a variable that receives the directory object handle if the call is successful.
      var DirectoryHandle : THandle;

      // Specifies the type of access that the caller requires to the directory object.
      // This value is compared with the granted access on an existing directory object.
      const DesiredAccess : ACCESS_MASK;

      // Points to a structure that specifies the object's attributes,
      // which has already been initialized with InitializeObjectAttributes.
      var ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtOpenDirectoryObject opens a directory object, which is a container for other objects.
function NtOpenDirectoryObject(
      // Points to a variable that receives the directory object handle if the call is successful.
      var DirectoryHandle : THandle;

      // Specifies the type of access that the caller requires to the directory object.
      // This value is compared with the granted access on an existing directory object.
      const DesiredAccess : ACCESS_MASK;

      // Points to a structure that specifies the object's attributes,
      // which has already been initialized with InitializeObjectAttributes.
      var ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// warning: reconstruction
//
// NtQueryDirectoryObject returns various kinds of information about a given directory object
type
      TDirectoryInformationClass = TFileInformationClass; // !!!! It is wrong

      TDirectoryInformationType1 = packed record
            ObjectName     : TNtUnicodeString;
            ObjectTypeName : TNtUnicodeString;
      end;

function NtQueryDirectoryObject(
      const FileHandle : THandle;

      // Points to a caller-allocated buffer or variable that receives the desired information about the directory.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      DirectoryInformation : Pointer;

      // Specifies the size in bytes of DirectoryInformation,
      // which the caller should set according to the given DirectoryInformationClass.
      const Length : ULONG;

      // Specifies the type of information to be returned about the file.
      DirectoryInformationClass : TDirectoryInformationClass; // ??? = 1

      // False for first call
  RestartScan : Boolean;

      var dwIndex : DWORD;

      var cbBytesReturned : DWORD

) : NTSTATUS; stdcall;


//-------------------------------------------------------------
function NtQueryDirectoryFile(
      const FileHandle : THandle;

      // Specifies an optional handle for an event to be set to the signaled
      // state after operation completes.
      // Device and intermediate drivers should set this parameter to NULL.
      const Event : THandle;

      // set this pointer to NULL.
      ApcRoutine : TIoApcRoutine;

      // set this pointer to NULL.
      ApcContext : Pointer;

      // Points to a variable that receives the final completion status and information about the operation.
      var IoStatusBlock : TIoStatusBlock;

      // Points to a caller-allocated buffer or variable that receives the desired information about file from directory.
      // The contents of FileInformation are defined by the FileInformationClass parameter.
      FileInformation : Pointer;

      // Specifies the size in bytes of FileInformation, which the caller should set according to the given FileInformationClass.
      Length : ULONG;

      // Specifies the type of information to be returned about the file.
      FileInformationClass: TFileInformationClass;

      ReturnSingleEntry : Boolean;

      FileName : PNtUnicodeString;

      // False for first call
  RestartScan : Boolean
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtMakeTemporaryObject changes the attributes of an object to make it temporary.
function NtMakeTemporaryObject( Handle : THandle ) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtOpenSection opens a handle for an existing section object.
function NtOpenSection(
      // Points to a variable that will receive the section object handle if this call is successful.
      out SectionHandle : THandle;

      // Specifies a mask representing the requested access to the object.
      const DesiredAccess : ACCESS_MASK;

      // Points to the initialized object attributes of the section to be opened.
      ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtMapViewOfSection maps a view of a section into the virtual address space of a subject process.
function NtMapViewOfSection(
      // Is the handle returned by a successful call to NtOpenSection.
      SectionHandle : THandle;

      // Is the handle of an opened process object, representing the process for which the view should be mapped.
      ProcessHandle : THandle;

      // Points to a variable that will receive the base address of the view.
      // If the initial value of this argument is nonNULL,
      // the view is allocated starting at the specified virtual address
      // rounded down to the next 64-kilobyte address boundary.
      var BaseAddress : Pointer;

      // Specifies the number of high-order address bits that must be zero
      // in the base address of the section view.
      // The value of this argument must be less than 21 and is used only
      // when the operating system determines where to allocate the view, as when BaseAddress is NULL.
      ZeroBits : ULONG;

      // Specifies the size, in bytes, of the initially committed region of the view.
      // CommitSize is only meaningful for page-file backed sections.
      // For mapped sections, both data and image are always committed at section creation time.
      // This parameter is ignored for mapped files. This value is rounded up to the next host-page-size boundary.
      CommitSize : ULONG;

      // Points to the offset, in bytes, from the beginning of the section to the view.
      // If this pointer is nonNULL, the given value is rounded down to the next allocation granularity size boundary.
      SectionOffset : PLARGE_INTEGER;

      // Points to a variable that will receive the actual size, in bytes, of the view.
      // If the value of this parameter is zero, a view of the section will be mapped starting
      // at the specified section offset and continuing to the end of the section.
      // Otherwise, the initial value of this argument specifies the size of the view,
      // in bytes, and is rounded up to the next host page-size boundary.
      ViewSize : DWORD;

      // Specifies how the view is to be shared by a child process
      // created with a create process operation.
      // Device and intermediate drivers should set this parameter to ViewNone.
      InheritDisposition : SECTION_INHERIT;

      // A set of flags that describes the type of allocation to be performed for the specified region of pages.
      AllocationType : ULONG;

      // Specifies the protection for the region of initially committed pages.
      // Device and intermediate drivers should set this value to PAGE_READWRITE.
      Protect : ULONG
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtUnmapViewOfSection unmaps a view of a section from the virtual address space of a subject process.
function NtUnmapViewOfSection(
      // Specifies an open handle of the process that was passed in a preceding call to NtMapViewOfSection.
      const ProcessHandle : THandle;

      // Points to the base virtual address of the view that is to be unmapped.
      // This value can be any virtual address within the view.
      const BaseAddress : Pointer
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtSetInformationThread can be called to set the priority of a thread for which the caller has a handle.
function NtSetInformationThread(
      // Is the open handle for a thread.
      ThreadHandle : THandle;

      // Is one of the system-defined values ThreadPriority or ThreadBasePriority.
      ThreadInformationClass : THREADINFOCLASS;

      // Points to a variable specifying the information to be set.
      // If ThreadInformationClass is ThreadPriority, this value must be > LOW_PRIORITY and <= HIGH_PRIORITY.
      // If ThreadInformationClass is ThreadBasePriority, this value must fall within the system's
      // valid base priority range and the original priority class for the given thread:
      // that is, if a thread's priority class is variable, that thread's base priority cannot be reset to a real-time priority value and vice versa.
      ThreadInformation : Pointer;

      // Is the size in bytes of ThreadInformation, which must be at least sizeof(KPRIORITY).
      ThreadInformationLength : ULONG
) : NTSTATUS; stdcall;

{function NtCreateKey(
      out KeyHandle : THandle;
      const DesiredAccess : ACCESS_MASK;
      ObjectAttributes : TNtObjectAttributes;
      TitleIndex:ULONG;
      ObjectClass : PNtUnicodeString;
      CreateOptions:ULONG;
       Disposition:PULONG
 ) : NTSTATUS; stdcall;

function NtOpenKey(
      out KeyHandle : THandle;
       DesiredAccess : ACCESS_MASK;
      ObjectAttributes : PNtObjectAttributes
) : NTSTATUS; stdcall;

function NtDeleteKey( KeyHandle : THandle ) : NTSTATUS; stdcall;

function NtEnumerateKey(
      KeyHandle : THandle;
       Index:ULONG;
       KeyInformationClass : KEY_INFORMATION_CLASS;
       KeyInformation : Pointer;
       Length : ULONG;
       ResultLength : PDWORD
) : NTSTATUS; stdcall;

function NtEnumerateValueKey(
       KeyHandle : THandle;
       Index : ULONG;
       KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
       KeyValueInformation : Pointer;
       Length:ULONG;
      ResultLength : PULONG
) : NTSTATUS; stdcall;

function NtFlushKey( KeyHandle : THandle ) : NTSTATUS; stdcall;

function NtQueryKey(
      KeyHandle : THandle;
      KeyInformationClass : KEY_INFORMATION_CLASS;
      KeyInformation:Pointer;
      Length : ULONG;
       ResultLength : PDWORD
) : NTSTATUS; stdcall;

function NtQueryValueKey(
      KeyHandle : THandle;
      ValueName : PUNICODE_STRING;
      KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
      KeyValueInformation : Pointer;
      Length : ULONG;
      ResultLength : PDWORD
) : NTSTATUS; stdcall;

function NtSetValueKey(
      KeyHandle : THandle;
      ValueName : PUNICODE_STRING;
      TitleIndex : ULONG;
      Type : ULONG;
      Data : Pointer;
      DataSize : ULONG
) : NTSTATUS; stdcall;
}

//-------------------------------------------------------------
// NtOpenSymbolicLinkObject returns a handle to an existing symbolic link.
function NtOpenSymbolicLinkObject(
      // Points to a returned handle for the symbolic link object specified in ObjectAttributes if the call was successful.
      var LinkHandle : THandle;

      // Specifies the type of access that the caller requires to the key.
      // This is most commonly GENERIC_READ access such that the returned handle can be used with NtQuerySymbolicLinkObject.
      const DesiredAccess : ACCESS_MASK;

      // Points to the initialized object attributes for the symbolic link being opened.
      // An ObjectName string for the symbolic link must be specified.
      ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

//-------------------------------------------------------------
// NtQuerySymbolicLinkObject returns a Unicode string containing the target of the symbolic link.
function NtQuerySymbolicLinkObject(
      // Specifies a valid handle to an open symbolic link object obtained by calling ZwOpenSymbolicLinkObject.
      LinkHandle : THandle;

      // Points to an initialized Unicode string that contains the target of the symbolic link,
      // specified by LinkHandle, if the call was successful.
      LinkTarget : TNtUnicodeString;

      // Optionally, points to a unsigned long integer that on input contains the maximum number of bytes
      // to copy into the Unicode string at LinkTarget.
      // On output, the unsigned long integer contains the length of the Unicode string
      // naming the target of the symbolic link.
      ReturnedLength : PDWORD
) : NTSTATUS; stdcall;

{
function NtCreateTimer(
      out TimerHandle : THandle;
      const DesiredAccess : ACCESS_MASK;
      ObjectAttributes : TNtObjectAttributes;
      const TimerType : TIMER_TYPE
) : NTSTATUS; stdcall;

function NtOpenTimer(
      out TimerHandle : THandle;
      const DesiredAccess : ACCESS_MASK;
      ObjectAttributes : TNtObjectAttributes
) : NTSTATUS; stdcall;

function NtCancelTimer(
      TimerHandle : THandle;
      CurrentState : PBoolean
) : NTSTATUS; stdcall;

function NtSetTimer(
      TimerHandle : THandle;
      DueTime : PLARGE_INTEGER;
      TimerApcRoutine : PTIMER_APC_ROUTINE;
      TimerContext : Pointer;
      WakeTimer : Boolean;
      Period : DWORD;
      PreviousState : PBoolean
) : NTSTATUS; stdcall;
}


//-------------------------------------------------------------
procedure InitializeObjectAttributes(
      InitializedAttributes : PNtObjectAttributes;
      pObjectName : PNtUnicodeString;
      const uAttributes : ULONG;
      const hRootDirectory : THandle;
      pSecurityDescriptor : PSECURITY_DESCRIPTOR
);


//-------------------------------------------------------------
var
      NLS_MB_CODE_PAGE_TAG : Boolean; // TRUE -> Multibyte CP, FALSE -> Singlebyte
//NLS_MB_OEM_CODE_PAGE_TAG : Boolean; // TRUE -> Multibyte CP, FALSE -> Singlebyte

//=============================================================
implementation

const
      DLL = 'ntdll.dll';

var
       AnsiCPInfo: TCPInfo;

function  RtlNtStatusToDosError; external DLL name 'RtlNtStatusToDosError';

procedure RtlInitString; external DLL name 'RtlInitString';
procedure RtlInitAnsiString;      external DLL name 'RtlInitAnsiString';
procedure RtlCopyString;      external DLL name 'RtlCopyString';
function  RtlUpperChar;      external DLL name 'RtlUpperChar';
function  RtlCompareString;      external DLL name 'RtlCompareString';
function  RtlEqualString;      external DLL name 'RtlEqualString';
procedure RtlUpperString;      external DLL name 'RtlUpperString';
procedure RtlFreeAnsiString;      external DLL name 'RtlFreeAnsiString';

procedure RtlInitUnicodeString;      external DLL name 'RtlInitUnicodeString';
function  RtlAnsiStringToUnicodeString;      external DLL name 'RtlAnsiStringToUnicodeString';
function  RtlUnicodeStringToAnsiString;      external DLL name 'RtlUnicodeStringToAnsiString';
function  RtlCompareUnicodeString;      external DLL name 'RtlCompareUnicodeString';
function  RtlEqualCompareUnicodeString;      external DLL name 'RtlEqualCompareUnicodeString';
function  RtlPrefixUnicodeString;      external DLL name 'RtlPrefixUnicodeString';
function  RtlUpcaseUnicodeString;      external DLL name 'RtlUpcaseUnicodeString';
procedure RtlCopyUnicodeString;      external DLL name 'RtlCopyUnicodeString';
function  RtlAppendUnicodeStringToString;      external DLL name 'RtlAppendUnicodeStringToString';
function  RtlAppendUnicodeToString;      external DLL name 'RtlAppendUnicodeToString';
function  RtlUpcaseUnicodeChar;      external DLL name 'RtlUpcaseUnicodeChar';
procedure RtlFreeUnicodeString;      external DLL name 'RtlFreeUnicodeString';
function  RtlxAnsiStringToUnicodeSize;      external DLL name 'RtlxAnsiStringToUnicodeSize';

function NtCreateFile;      external DLL name 'NtCreateFile';
function NtOpenFile;      external DLL name 'NtOpenFile';
function NtQueryInformationFile;      external DLL name 'NtQueryInformationFile';
function NtSetInformationFile;      external DLL name 'NtSetInformationFile';
function NtWriteFile;      external DLL name 'NtWriteFile';
function NtReadFile;      external DLL name 'NtReadFile';
function NtClose;      external DLL name 'NtClose';
function NtCreateDirectoryObject;      external DLL name 'NtCreateDirectoryObject';
function NtOpenDirectoryObject;      external DLL name 'NtOpenDirectoryObject';
function NtQueryDirectoryObject;      external DLL name 'NtQueryDirectoryObject';
function NtQueryDirectoryFile; external DLL name 'NtQueryDirectoryFile';
function NtMakeTemporaryObject;      external DLL name 'NtMakeTemporaryObject';
function NtOpenSection;      external DLL name 'NtOpenSection';
function NtMapViewOfSection;      external DLL name 'NtMapViewOfSection';
function NtUnmapViewOfSection;      external DLL name 'NtUnmapViewOfSection';
function NtOpenSymbolicLinkObject;      external DLL name 'NtOpenSymbolicLinkObject';
function NtQuerySymbolicLinkObject;      external DLL name 'NtQuerySymbolicLinkObject';
function NtSetInformationThread;      external DLL name 'NtSetInformationThread';

//-------------------------------------------------------------
function RtlAnsiStringToUnicodeSize(  NtAnsiString : PNtAnsiString ) : DWORD; stdcall;
begin
      if NtAnsiString=nil then Result := 0
      else if NLS_MB_CODE_PAGE_TAG then Result := RtlxAnsiStringToUnicodeSize(NtAnsiString)
      else Result := (NtAnsiString^.Length+1)*AnsiCPInfo.MaxCharSize;
end;
//-------------------------------------------------------------
procedure InitializeObjectAttributes(
      InitializedAttributes : PNtObjectAttributes;
      pObjectName : PNtUnicodeString;
      const uAttributes : ULONG;
      const hRootDirectory : THandle;
      pSecurityDescriptor : PSECURITY_DESCRIPTOR
);
begin
      with InitializedAttributes^ do
      begin
            Length := SizeOf(TNtObjectAttributes);
            ObjectName := pObjectName;
            Attributes := uAttributes;
            RootDirectory := hRootDirectory;
            SecurityDescriptor := pSecurityDescriptor;
            SecurityQualityOfService := nil;
      end;
end;


//=============================================================
initialization
  Windows.GetCPInfo(CP_ACP,AnsiCPInfo);
  with AnsiCPInfo do NLS_MB_CODE_PAGE_TAG := MaxCharSize<>1;
end.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Author Comment

by:plasmatek
ID: 6924032
Thanks a lot for that but unfortunately it doesn't include the key functions I need, such as NTQuerySystemInformation etc (the ones listed in the C++ header I pasted). :(
0
 
LVL 9

Expert Comment

by:ginsonic
ID: 6924594
listening
0
 
LVL 11

Expert Comment

by:robert_marquardt
ID: 6925041
The above C++ code is not directly convertible to Delphi.
A C++ class is simply incompatible with Delphi.
If you do not have the C++ source of the implementation of the class then you are simply screwed.
0
 
LVL 1

Expert Comment

by:pnh73
ID: 9002952
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept Answer from AvonWyss

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Paul (pnh73)
EE Cleanup Volunteer
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question