[C++] Windows SysCall - NtCreateFile

Sir.V65j · #1 03-27-2020, 14:29

Thanks Bro
Can you help me for do this in Delphi?

h4sh3m · #2 03-27-2020, 17:15

Sample for NtClose in delphi(x86 api), before testing check function index in your system and replace it in array(in my system index value is $0C).

Code:

program Project1;

{$APPTYPE CONSOLE}

uses
  Windows;

var
  Nt_xyz{NtClose} : function(a1 : THandle) : DWORD; Stdcall;
  Nt_xyz_Bytes : array[0..23] of Byte = ($B8, $0C, $00, $00, $00, $33, $C9, $8D, $54, $24, $04, $64, $FF, $15, $C0, $00, $00, $00, $83, $C4, $04, $C2, $04, $00);
  w : DWORD;
  hndl : THandle;

begin
  if not(VirtualProtect(@Nt_xyz_Bytes[0], High(Nt_xyz_Bytes), PAGE_EXECUTE, w)) then
    exit;

  FlushInstructionCache(GetCurrentProcess(), @Nt_xyz_Bytes[0], High(Nt_xyz_Bytes));

  @Nt_xyz := @Nt_xyz_Bytes[0];

  hndl := OpenProcess(PROCESS_VM_READ{PROCESS_ALL_ACCESS}, False, GetCurrentProcessId);
  if hndl <> 0 then
    Nt_xyz(hndl);
    //CloseHandle(hndl);
end.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Systrack - Linux kernel syscall implementation tracker	blue_devil	Community Tools	0	03-21-2024 15:06
C# (Classic .exe, Windows 10, Windows Phone etc.) Protection	delidolunet	General Discussion	7	10-11-2016 01:10
(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8)	delidolunet	General Discussion	7	08-02-2013 10:33
Windows 2000 and Windows nt 4 sources, question	shady	General Discussion	2	04-15-2004 04:17