-
-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathNtFuncs.h
66 lines (49 loc) · 1.18 KB
/
NtFuncs.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#ifndef _NTFUNCS_H
#define _NTFUNCS_H
#include <Windows.h>
#include <cassert>
namespace NT {
class Funcs {
private:
HMODULE ntdll = nullptr;
bool LL = false;
unsigned int (WINAPI* pNtDelayExecution)(unsigned char, signed long long*) = nullptr;
unsigned int (WINAPI* pNtQuerySystemTime)(signed long long*) = nullptr;
public:
Funcs() {
ntdll = GetModuleHandleA("ntdll");
if (ntdll) {
// ... How?
LL = true;
ntdll = LoadLibraryA("ntdll");
}
assert(ntdll != 0);
if (!ntdll)
return;
auto v1 = (unsigned int (WINAPI*)(unsigned char, signed long long*))GetProcAddress(ntdll, "NtDelayExecution");
assert(v1 != 0);
if (v1 == nullptr)
return;
pNtDelayExecution = v1;
auto v2 = (unsigned int (WINAPI*)(signed long long*))GetProcAddress(ntdll, "NtQuerySystemTime");
assert(v2 != 0);
if (v2 == nullptr)
return;
pNtQuerySystemTime = v2;
}
~Funcs() {
if (LL) {
if (!FreeLibrary(ntdll))
throw;
ntdll = nullptr;
}
}
unsigned int uSleep(signed long long v) {
return pNtDelayExecution(0, &v);
}
unsigned int querySystemTime(signed long long* v) {
return pNtQuerySystemTime(v);
}
};
}
#endif