UNICODE_STRING = record
Length: word;
MaximumLength: word;
Buffer: PWideChar;
end;
PUNICODE_STRING = ^UNICODE_STRING; OBJECT_ATTRIBUTES = record
Length: ULONG;
RootDirectory: THANDLE;
ObjectName: PUNICODE_STRING;
Attributes: Dword;
SecurityDescriptor: pointer;
SecurityQualityOfService: pointer;
end;
POBJECT_ATTRIBUTES = ^OBJECT_ATTRIBUTES; CLIENT_ID=record
UniqueProcess:Thandle;
UniqueThread:Thandle;
end;
PCLIENT_ID=CLIENT_ID;function NtCreateThread(
ThreadHandle:PHandle;
DesiredAccess:ACCESS_MASK;
ObjectAttributes:POBJECT_ATTRIBUTES;
ProcessHandle:Thandle;
ClientId:PCLIENT_ID;
ThreadContext:PCONTEXT;
InitialTeb:PINITIAL_TEB;
CreateSuspended:bool); PINITIAL_TEB?不知道该怎么record定义!??
ThreadHandle : PHANDLE;
DesiredAccess : ACCESS_MASK;
ObjectAttributes : POBJECT_ATTRIBUTES;
ProcessHandle : HANDLE;
ClientId : PCLIENT_ID;
ThreadContext : PCONTEXT;
UserStack : PUSER_STACK;
CreateSuspended : BOOLEAN
): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
_USER_STACK = record
FixedStackBase: PVOID;
FixedStackLimit: PVOID;
ExpandableStackBase: PVOID;
ExpandableStackLimit: PVOID;
ExpandableStackBottom: PVOID;
end;
USER_STACK = _USER_STACK;
PUSER_STACK = ^USER_STACK;
function NtCreateThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ProcessHandle: HANDLE; ClientId: PCLIENT_ID; ThreadContext: PCONTEXT; UserStack: PUSER_STACK; CreateSuspended: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtCreateThread';
_USER_STACK = record
FixedStackBase: PVOID;
FixedStackLimit: PVOID;
ExpandableStackBase: PVOID;
ExpandableStackLimit: PVOID;
ExpandableStackBottom: PVOID;
end;
USER_STACK = _USER_STACK;
PUSER_STACK = ^USER_STACK;
TUserStack = USER_STACK;
PUserStack = ^TUserStack;
你这个东西在jedi api库里面都能找到……