[juan81]

Hi,

After we get ZwOpenProcess.sys from meekat, how to call from delphi code / load Driver from delphi >,<.. sorry still newbie...

I want to make program in delphi to openprocess Windows XP Program Running as Service / like Gamemon.des to inject file / Dll.
Just like Nice KernelDectective program..

i have searched in google, it's hard to find kernel programing simple example in delphi.. does anyone help me? >,,<

regards,

[EP_X0FF]

http://www.kernelmode.info/forum/viewto ... ?f=15&t=27

[STRELiTZIA]

Hello,

Hi,

After we get ZwOpenProcess.sys from meekat, how to call from delphi code / load Driver from delphi >,<.. sorry still newbie...

I want to make program in delphi to openprocess Windows XP Program Running as Service / like Gamemon.des to inject file / Dll.
Just like Nice KernelDectective program..

i have searched in google, it's hard to find kernel programing simple example in delphi.. does anyone help me? >,,<

regards,

Take a look here : "Meerkat_Beta1\samples\VirtToPhys\Loader" folder
Load driver and IOCTL... Delphi source translated from Asm kit by LanHua (mickeylan).

Regards

[juan81]

Hello,

@STRELitZIA :
Tq for reply.. i will check it...

@ EP_X0FF
Tq, but i learn C Langunge more to read that source >,<.. btw tq

Regards,

[juan81]

Hi,

I'm still confuse with meerkat source example.

Code: Select all

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, ExtCtrls, ComCtrls, Tlhelp32, ShellApi, Buttons,
  nt_status,
  ntoskrnl,
  fcall,
  KernelUtils;
Type
   TZwOpenProcess = function(ProcessHandle:PHandle; DesiredAccess:TAccessMask; ObjectAttributes:PObjectAttributes; ClientId:PClientId): NTSTATUS; stdcall;

var
  ZwOp: pointer;
  H:Cardinal;
  Zw:TZwOpenProsess;
begin
  H:=LoadLibrary('ntdll.dll');
  ZwOp:=GetProcAddress(H,'ZwOpenProcess');
  
end.

i can't continue my code. anyone to help me explain little bit >,<..

Where i get TAccessmask and PObjectAttributes, And NTStatus, i have saw in source code example uses NT_Status,Ntoskrnl,Fcall,kernelutils how to register in my delphi, sorry i very confuse about kernel but i want to learn it.. >,<..

regard,

[EP_X0FF]

Code: Select all

type
   NTSTATUS = ULONG; //as in fact it can signed  
  TACCESS_MASK = DWORD;

  _OBJECT_ATTRIBUTES = packed record
    Length: ULONG; // = SizeOf(OBJECT_ATTRIBUTES)
  // Optionally specifies a handle to a directory obtained by a preceding call to NtCreateFile.
  // If this value is NULL, the ObjectName member must be a fully qualified file specification
  // that includes the full path to the target file.
  // If this value is nonNULL, the ObjectName member specifies a file name relative to this directory.
    RootDirectory: THandle;
    ObjectName: PUNICODE_STRING;
    Attributes: ULONG;
    SecurityDescriptor: Pointer; // Points to type SECURITY_DESCRIPTOR
    SecurityQualityOfService: Pointer; // Points to type SECURITY_QUALITY_OF_SERVICE
  end;
  OBJECT_ATTRIBUTES = _OBJECT_ATTRIBUTES;
  POBJECT_ATTRIBUTES = ^_OBJECT_ATTRIBUTES;

[juan81]

hi

tq very much >,<


regards