{$ALIGN 8}
{$MINENUMSIZE 4}
const
NtApiLib = 'ntdll.dll';
type
TNtStatus = type LongInt;
UIntPtr = Cardinal;
type
PIoStatusBlock = ^TIoStatusBlock;
TIoStatusBlock = record
u: record
case Integer of
0: (
Status: TNtStatus);
1: (
Pointer: Pointer);
end;
Information: UIntPtr;
end;
type
PFileInformationClass = ^TFileInformationClass;
TFileInformationClass = (
FileInvalidInformation,
FileDirectoryInformation, // 1
FileFullDirectoryInformation, // 2
FileBothDirectoryInformation, // 3
FileBasicInformation, // 4
FileStandardInformation, // 5
FileInternalInformation, // 6
FileEaInformation, // 7
FileAccessInformation, // 8
FileNameInformation, // 9
FileRenameInformation, // 10
FileLinkInformation, // 11
FileNamesInformation, // 12
FileDispositionInformation, // 13
FilePositionInformation, // 14
FileFullEaInformation, // 15
FileModeInformation, // 16
FileAlignmentInformation, // 17
FileAllInformation, // 18
FileAllocationInformation, // 19
FileEndOfFileInformation, // 20
FileAlternateNameInformation, // 21
FileStreamInformation, // 22
FilePipeInformation, // 23
FilePipeLocalInformation, // 24
FilePipeRemoteInformation, // 25
FileMailslotQueryInformation, // 26
FileMailslotSetInformation, // 27
FileCompressionInformation, // 28
FileObjectIdInformation, // 29
FileCompletionInformation, // 30
FileMoveClusterInformation, // 31
FileQuotaInformation, // 32
FileReparsePointInformation, // 33
FileNetworkOpenInformation, // 34
FileAttributeTagInformation, // 35
FileTrackingInformation, // 36
FileIdBothDirectoryInformation, // 37
FileIdFullDirectoryInformation, // 38
FileValidDataLengthInformation, // 39
FileShortNameInformation, // 40
FileIoCompletionNotificationInformation, // 41
FileIoStatusBlockRangeInformation, // 42
FileIoPriorityHintInformation, // 43
FileSfioReserveInformation, // 44
FileSfioVolumeInformation, // 45
FileHardLinkInformation, // 46
FileProcessIdsUsingFileInformation, // 47
FileNormalizedNameInformation, // 48
FileNetworkPhysicalNameInformation, // 49
FileIdGlobalTxDirectoryInformation, // 50
FileMaximumInformation
);
function NtQueryInformationFile(AFileHandle: THandle;
out AIoStatusBlock: TIoStatusBlock; out AFileInformation; ALength: ULONG;
AFileInformationClass: TFileInformationClass): TNtStatus; stdcall;
external NtApiLib;
type
PFileBasicInformation = ^TFileBasicInformation;
TFileBasicInformation = record
CreationTime : TLargeInteger; // 00
LastAccessTime: TLargeInteger; // 08
LastWriteTime : TLargeInteger; // 10
ChangeTime : TLargeInteger; // 18
FileAttributes: ULONG; // 20
//Reserved : ULONG; // 24
end; //(28)
procedure Foobar();
const
FILE_READ_ATTRIBUTES = $0080;
var
FileNameLength: DWORD;
FileName: array [0..MAX_PATH - 1] of WideChar;
FileHandle: THandle;
IoStatusBlock: TIoStatusBlock;
FileInformation: TFileBasicInformation;
Status: TNtStatus;
begin
FileNameLength := GetModuleFileNameW(0, FileName, Length(FileName));
if (FileNameLength > 0) and (FileNameLength < DWORD(Length(FileName))) then
begin
FileHandle := CreateFileW(FileName, FILE_READ_ATTRIBUTES,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);
if FileHandle <> INVALID_HANDLE_VALUE then
try
FillChar(IoStatusBlock, SizeOf(IoStatusBlock), 0);
FillChar(FileInformation, SizeOf(FileInformation), 0);
Status := NtQueryInformationFile(FileHandle, IoStatusBlock,
FileInformation, SizeOf(FileInformation), FileBasicInformation);
if (Status >= 0) and (IoStatusBlock.u.Status >= 0) and
(IoStatusBlock.Information = SizeOf(FileInformation)) then
with FileInformation do
ShowMessage(
'CreationTime: $' + IntToHex(CreationTime, 16) + #13#10 +
'LastAccessTime: $' + IntToHex(LastAccessTime, 16) + #13#10 +
'LastWriteTime: $' + IntToHex(LastWriteTime, 16) + #13#10 +
'ChangeTime: $' + IntToHex(ChangeTime, 16) + #13#10 +
'FileAttributes: $' + IntToHex(FileAttributes, 8))
else
ShowMessage(
'Status: $' + IntToHex(Status, 8) + #13#10 +
'IoStatus: $' + IntToHex(IoStatusBlock.u.Status, 8) + #13#10 +
'IoInformation: $' + IntToHex(IoStatusBlock.Information, 8));
finally
CloseHandle(FileHandle);
end;
end;
end;