Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Delphi How know what process is using a determinated file through NtQueryInformationFile?

**flashcoder**

I want know how make this? i already have a

c++ code example but still is missing somethings eg:

_FILE_PROCESS_IDS_USING_FILE_INFORMATION in Delphi and how loop through ProcessIdList for example.

Here is my initial code:

zusammenfalten · markieren

Delphi-Quellcode:

			type

  NTSTATUS = Cardinal;

  TFileInformationClass = (

    FileDirectoryInformation = 1,

    FileFullDirectoryInformation,

    FileBothDirectoryInformation,

    FileBasicInformation,

    FileStandardInformation,

    FileInternalInformation,

    FileEaInformation,

    FileAccessInformation,

    FileNameInformation,

    FileRenameInformation,

    FileLinkInformation,

    FileNamesInformation,

    FileDispositionInformation,

    FilePositionInformation,

    FileFullEaInformation,

    FileModeInformation,

    FileAlignmentInformation,

    FileAllInformation,

    FileAllocationInformation,

    FileEndOfFileInformation,

    FileAlternateNameInformation,

    FileStreamInformation,

    FilePipeInformation,

    FilePipeLocalInformation,

    FilePipeRemoteInformation,

    FileMailslotQueryInformation,

    FileMailslotSetInformation,

    FileCompressionInformation,

    FileObjectIdInformation,

    FileCompletionInformation,

    FileMoveClusterInformation,

    FileQuotaInformation,

    FileReparsePointInformation,

    FileNetworkOpenInformation,

    FileAttributeTagInformation,

    FileTrackingInformation,

    FileIdBothDirectoryInformation,

    FileIdFullDirectoryInformation,

    FileValidDataLengthInformation,

    FileShortNameInformation,

    FileIoCompletionNotificationInformation,

    FileIoStatusBlockRangeInformation,

    FileIoPriorityHintInformation,

    FileSfioReserveInformation,

    FileSfioVolumeInformation,

    FileHardLinkInformation,

    FileProcessIdsUsingFileInformation,

    FileNormalizedNameInformation,

    FileNetworkPhysicalNameInformation,

    FileIdGlobalTxDirectoryInformation,

    FileIsRemoteDeviceInformation,

    FileAttributeCacheInformation,

    FileNumaNodeInformation,

    FileStandardLinkInformation,

    FileRemoteProtocolInformation,

    FileMaximumInformation

  );

  PIOStatusBlock = ^TIOStatusBlock;

  TIOStatusBlock = packed record

    case Boolean of

      False: (Status: NTSTATUS; P: Pointer;);

      True: (Information:  ULONG_PTR);

  end;

type

  TNtQueryInformationFile = function(FileHandle: THandle; IoStatusBlock: PIOStatusBlock;

  FileInformation: Pointer; Length: ULONG; FileInformationClass: TFileInformationClass): NTSTATUS; stdcall;

 procedure GetAlternateFileStreamNames(const FileName: string);

var

  hNT, hFile: THandle;

  NtQueryInformationFile: TNtQueryInformationFile;

  ioStatus: TIOStatusBlock;

  P: PFILE_PROCESS_IDS_USING_FILE_INFORMATION; // missing declaration

begin

  hNT := GetModuleHandle('ntdll.dll');

  if hNT = 0 then

    Exit;

  NtQueryInformationFile := GetProcAddress(hNT, 'NtQueryInformationFile');

  if @NtQueryInformationFile = nil then

    Exit;

  FillChar(Buffer, SizeOf(Buffer), 0);

  hFile := CreateFile(PChar(FileName), 0, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);

  try

    if NtQueryInformationFile(hFile, @ioStatus, P, SizeOf(FILE_PROCESS_IDS_USING_FILE_INFORMATION), FileProcessIdsUsingFileInformation) = 0 then

    begin

      // loop throught P.ProcessIdList

      //compare all pid's (use CreateToolhelp32Snapshot instead PSYSTEM_PROCESS_INFORMATION)

    end;

  finally

    CloseHandle(hFile);

  end;

end;