#include?
#include?


//從ntddk中拿出來的一些結構體定義，在ZwQueryDirectoryFile（）中要用到

typedef?LONG?NTSTATUS;
#define?NT_SUCCESS（Status）?（（NTSTATUS）（Status）>=0）
//參數類型
typedef?struct?_IO_STATUS_BLOCK?
{?
	NTSTATUS??Status;?
	ULONG????Information;?
}?IO_STATUS_BLOCK?*PIO_STATUS_BLOCK;?
//字符串類型
typedef?struct?_UNICODE_STRING?
{?
	USHORT????Length;?
	USHORT????MaximumLength;?
	PWSTR????Buffer;?
}?UNICODE_STRING?*PUNICODE_STRING;?
//枚舉類型，主要利用FileBothDirectoryInformation
typedef?enum?_FILE_INFORMATION_CLASS?{
	FileDirectoryInformation?=?1
	FileFullDirectoryInformation
	FileBothDirectoryInformation
	FileBasicInformation
	FileStandardInformation
	FileInternalInformation
	FileEaInformation
	FileAccessInformation
	FileNameInformation
	FileRenameInformation
	FilelinkInformation
	FileNamesInformation
	FileDispositionInformation
	FilePositionInformation
	FileFullEaInformation
	FileModeInformation
	FileAlignmentInformation
	FileAllInformation
	FileAllocationInformation
	FileEndOfFileInformation
	FileAlternateNameInformation
	FileStreamInformation
	FilePipeInformation
	FilePipeLocalInformation
	FilePipeRemoteInformation
	FileMailslotQueryInformation
	FileMailslotSetInformation
	FileCompressionInformation
	FileobjectIdInformation
	FileCompletionInformation
	FileMoveClusterInformation
	FileQuotaInformation
	FileReparsePointInformation
	FileNetworkOpenInformation
	FileAttributeTagInformation
	FileTrackingInformation
	FileMaximumInformation
}?FILE_INFORMATION_CLASS?*PFILE_INFORMATION_CLASS;


typedef?VOID?（NTAPI?*PIO_APC_ROUTINE）（
						?IN?PVOID?ApcContext
						?IN?PIO_STATUS_BLOCK?IoStatusBlock
						?IN?ULONG?Reserved）;

typedef?struct?_FILE_BOTH_DIRECTORY_INFORMATION?{?
	ULONG?NextEntryOffset;
	ULONG?Unknown;
	LARGE_INTEGER?CreationTime;
	LARGE_INTEGER?LastAccessTime;
	LARGE_INTEGER?LastWriteTime;
	LARGE_INTEGER?ChangeTime;
	LARGE_INTEGER?EndOfFile;
	LARGE_INTEGER?AllocationSize;
	ULONG?FileAttributes;
	ULONG?FileNameLength;
	ULONG?EaInformationLength;
	UCHAR?AlternateNameLength;
	WCHAR?AlternateName[12];
	WCHAR?FileName[1];
}?FILE_BOTH_DIRECTORY_INFORMATION*PFILE_BOTH_DIRECTORY_INFORMATION;




typedef?NTSTATUS?（?__stdcall?*ZWQUERYDIRECTORYFILE?）?（
													??IN??HANDLE?FileHandle
													??IN??HANDLE?Event?OPTIONAL
													??IN??PIO_APC_ROUTINE?ApcRoutine?OPTIONAL
													??IN??PVOID?ApcContext?OPTIONAL
													??OUT?PIO_STATUS_BLOCK?IoStatusBlock
													??OUT?PVOID?FileInformation
													??IN??ULONG?Length
													??IN??FILE_INFORMATION_CLASS?FileInformationClass
													??IN??BOOLEAN?ReturnSingleEntry
													??IN??PUNICODE_STRING?FileName?OPTIONAL
													??IN??BOOLEAN?RestartScan
													??）;

//原始ZwQueryDirectoryFile地址
ZWQUERYDIRECTORYFILE???OldZwQueryDirectoryFile?=?NULL;


//////////////////////////////////////////////////////////

?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????目錄???????????0??2010-06-30?10:44??HookNtQuery_File\
?????文件????????7305??2010-06-30?11:28??HookNtQuery_File\HideFile.cpp
?????文件????????4128??2010-06-30?10:45??HookNtQuery_File\HookNtQuery_File.dsp
?????文件?????????557??2010-06-30?10:45??HookNtQuery_File\HookNtQuery_File.dsw
?????文件???????25600??2010-06-30?16:38??HookNtQuery_File\HookNtQuery_File.ncb
?????文件???????53760??2010-06-30?16:38??HookNtQuery_File\HookNtQuery_File.opt
?????文件????????1292??2010-06-30?16:35??HookNtQuery_File\HookNtQuery_File.plg