cscの作法 その134

概要

cscの作法、調べてみた。
unsafe使ってみた。

参考にしたページ

コンパイル手順

>csc sys0.cs /unsafe

サンプルコード

using System;
using System.Runtime.InteropServices;
using System.ComponentModel;

	class Native {
		public enum NTSTATUS : uint {
			Success = 0x00000000,
			Wait0 = 0x00000000,
			Wait1 = 0x00000001,
			Wait2 = 0x00000002,
			Wait3 = 0x00000003,
			Wait63 = 0x0000003f,
			Abandoned = 0x00000080,
			AbandonedWait0 = 0x00000080,
			AbandonedWait1 = 0x00000081,
			AbandonedWait2 = 0x00000082,
			AbandonedWait3 = 0x00000083,
			AbandonedWait63 = 0x000000bf,
			UserApc = 0x000000c0,
			KernelApc = 0x00000100,
			Alerted = 0x00000101,
			Timeout = 0x00000102,
			Pending = 0x00000103,
			Reparse = 0x00000104,
			MoreEntries = 0x00000105,
			NotAllAssigned = 0x00000106,
			SomeNotMapped = 0x00000107,
			OpLockBreakInProgress = 0x00000108,
			VolumeMounted = 0x00000109,
			RxActCommitted = 0x0000010a,
			NotifyCleanup = 0x0000010b,
			NotifyEnumDir = 0x0000010c,
			NoQuotasForAccount = 0x0000010d,
			PrimaryTransportConnectFailed = 0x0000010e,
			PageFaultTransition = 0x00000110,
			PageFaultDemandZero = 0x00000111,
			PageFaultCopyOnWrite = 0x00000112,
			PageFaultGuardPage = 0x00000113,
			PageFaultPagingFile = 0x00000114,
			CrashDump = 0x00000116,
			ReparseObject = 0x00000118,
			NothingToTerminate = 0x00000122,
			ProcessNotInJob = 0x00000123,
			ProcessInJob = 0x00000124,
			ProcessCloned = 0x00000129,
			FileLockedWithOnlyReaders = 0x0000012a,
			FileLockedWithWriters = 0x0000012b,
			Informational = 0x40000000,
			ObjectNameExists = 0x40000000,
			ThreadWasSuspended = 0x40000001,
			WorkingSetLimitRange = 0x40000002,
			ImageNotAtBase = 0x40000003,
			RegistryRecovered = 0x40000009,
			Warning = 0x80000000,
			GuardPageViolation = 0x80000001,
			DatatypeMisalignment = 0x80000002,
			Breakpoint = 0x80000003,
			SingleStep = 0x80000004,
			BufferOverflow = 0x80000005,
			NoMoreFiles = 0x80000006,
			HandlesClosed = 0x8000000a,
			PartialCopy = 0x8000000d,
			DeviceBusy = 0x80000011,
			InvalidEaName = 0x80000013,
			EaListInconsistent = 0x80000014,
			NoMoreEntries = 0x8000001a,
			LongJump = 0x80000026,
			DllMightBeInsecure = 0x8000002b,
			Error = 0xc0000000,
			Unsuccessful = 0xc0000001,
			NotImplemented = 0xc0000002,
			InvalidInfoClass = 0xc0000003,
			InfoLengthMismatch = 0xc0000004,
			AccessViolation = 0xc0000005,
			InPageError = 0xc0000006,
			PagefileQuota = 0xc0000007,
			InvalidHandle = 0xc0000008,
			BadInitialStack = 0xc0000009,
			BadInitialPc = 0xc000000a,
			InvalidCid = 0xc000000b,
			TimerNotCanceled = 0xc000000c,
			InvalidParameter = 0xc000000d,
			NoSuchDevice = 0xc000000e,
			NoSuchFile = 0xc000000f,
			InvalidDeviceRequest = 0xc0000010,
			EndOfFile = 0xc0000011,
			WrongVolume = 0xc0000012,
			NoMediaInDevice = 0xc0000013,
			NoMemory = 0xc0000017,
			NotMappedView = 0xc0000019,
			UnableToFreeVm = 0xc000001a,
			UnableToDeleteSection = 0xc000001b,
			IllegalInstruction = 0xc000001d,
			AlreadyCommitted = 0xc0000021,
			AccessDenied = 0xc0000022,
			BufferTooSmall = 0xc0000023,
			ObjectTypeMismatch = 0xc0000024,
			NonContinuableException = 0xc0000025,
			BadStack = 0xc0000028,
			NotLocked = 0xc000002a,
			NotCommitted = 0xc000002d,
			InvalidParameterMix = 0xc0000030,
			ObjectNameInvalid = 0xc0000033,
			ObjectNameNotFound = 0xc0000034,
			ObjectNameCollision = 0xc0000035,
			ObjectPathInvalid = 0xc0000039,
			ObjectPathNotFound = 0xc000003a,
			ObjectPathSyntaxBad = 0xc000003b,
			DataOverrun = 0xc000003c,
			DataLate = 0xc000003d,
			DataError = 0xc000003e,
			CrcError = 0xc000003f,
			SectionTooBig = 0xc0000040,
			PortConnectionRefused = 0xc0000041,
			InvalidPortHandle = 0xc0000042,
			SharingViolation = 0xc0000043,
			QuotaExceeded = 0xc0000044,
			InvalidPageProtection = 0xc0000045,
			MutantNotOwned = 0xc0000046,
			SemaphoreLimitExceeded = 0xc0000047,
			PortAlreadySet = 0xc0000048,
			SectionNotImage = 0xc0000049,
			SuspendCountExceeded = 0xc000004a,
			ThreadIsTerminating = 0xc000004b,
			BadWorkingSetLimit = 0xc000004c,
			IncompatibleFileMap = 0xc000004d,
			SectionProtection = 0xc000004e,
			EasNotSupported = 0xc000004f,
			EaTooLarge = 0xc0000050,
			NonExistentEaEntry = 0xc0000051,
			NoEasOnFile = 0xc0000052,
			EaCorruptError = 0xc0000053,
			FileLockConflict = 0xc0000054,
			LockNotGranted = 0xc0000055,
			DeletePending = 0xc0000056,
			CtlFileNotSupported = 0xc0000057,
			UnknownRevision = 0xc0000058,
			RevisionMismatch = 0xc0000059,
			InvalidOwner = 0xc000005a,
			InvalidPrimaryGroup = 0xc000005b,
			NoImpersonationToken = 0xc000005c,
			CantDisableMandatory = 0xc000005d,
			NoLogonServers = 0xc000005e,
			NoSuchLogonSession = 0xc000005f,
			NoSuchPrivilege = 0xc0000060,
			PrivilegeNotHeld = 0xc0000061,
			InvalidAccountName = 0xc0000062,
			UserExists = 0xc0000063,
			NoSuchUser = 0xc0000064,
			GroupExists = 0xc0000065,
			NoSuchGroup = 0xc0000066,
			MemberInGroup = 0xc0000067,
			MemberNotInGroup = 0xc0000068,
			LastAdmin = 0xc0000069,
			WrongPassword = 0xc000006a,
			IllFormedPassword = 0xc000006b,
			PasswordRestriction = 0xc000006c,
			LogonFailure = 0xc000006d,
			AccountRestriction = 0xc000006e,
			InvalidLogonHours = 0xc000006f,
			InvalidWorkstation = 0xc0000070,
			PasswordExpired = 0xc0000071,
			AccountDisabled = 0xc0000072,
			NoneMapped = 0xc0000073,
			TooManyLuidsRequested = 0xc0000074,
			LuidsExhausted = 0xc0000075,
			InvalidSubAuthority = 0xc0000076,
			InvalidAcl = 0xc0000077,
			InvalidSid = 0xc0000078,
			InvalidSecurityDescr = 0xc0000079,
			ProcedureNotFound = 0xc000007a,
			InvalidImageFormat = 0xc000007b,
			NoToken = 0xc000007c,
			BadInheritanceAcl = 0xc000007d,
			RangeNotLocked = 0xc000007e,
			DiskFull = 0xc000007f,
			ServerDisabled = 0xc0000080,
			ServerNotDisabled = 0xc0000081,
			TooManyGuidsRequested = 0xc0000082,
			GuidsExhausted = 0xc0000083,
			InvalidIdAuthority = 0xc0000084,
			AgentsExhausted = 0xc0000085,
			InvalidVolumeLabel = 0xc0000086,
			SectionNotExtended = 0xc0000087,
			NotMappedData = 0xc0000088,
			ResourceDataNotFound = 0xc0000089,
			ResourceTypeNotFound = 0xc000008a,
			ResourceNameNotFound = 0xc000008b,
			ArrayBoundsExceeded = 0xc000008c,
			FloatDenormalOperand = 0xc000008d,
			FloatDivideByZero = 0xc000008e,
			FloatInexactResult = 0xc000008f,
			FloatInvalidOperation = 0xc0000090,
			FloatOverflow = 0xc0000091,
			FloatStackCheck = 0xc0000092,
			FloatUnderflow = 0xc0000093,
			IntegerDivideByZero = 0xc0000094,
			IntegerOverflow = 0xc0000095,
			PrivilegedInstruction = 0xc0000096,
			TooManyPagingFiles = 0xc0000097,
			FileInvalid = 0xc0000098,
			InstanceNotAvailable = 0xc00000ab,
			PipeNotAvailable = 0xc00000ac,
			InvalidPipeState = 0xc00000ad,
			PipeBusy = 0xc00000ae,
			IllegalFunction = 0xc00000af,
			PipeDisconnected = 0xc00000b0,
			PipeClosing = 0xc00000b1,
			PipeConnected = 0xc00000b2,
			PipeListening = 0xc00000b3,
			InvalidReadMode = 0xc00000b4,
			IoTimeout = 0xc00000b5,
			FileForcedClosed = 0xc00000b6,
			ProfilingNotStarted = 0xc00000b7,
			ProfilingNotStopped = 0xc00000b8,
			NotSameDevice = 0xc00000d4,
			FileRenamed = 0xc00000d5,
			CantWait = 0xc00000d8,
			PipeEmpty = 0xc00000d9,
			CantTerminateSelf = 0xc00000db,
			InternalError = 0xc00000e5,
			InvalidParameter1 = 0xc00000ef,
			InvalidParameter2 = 0xc00000f0,
			InvalidParameter3 = 0xc00000f1,
			InvalidParameter4 = 0xc00000f2,
			InvalidParameter5 = 0xc00000f3,
			InvalidParameter6 = 0xc00000f4,
			InvalidParameter7 = 0xc00000f5,
			InvalidParameter8 = 0xc00000f6,
			InvalidParameter9 = 0xc00000f7,
			InvalidParameter10 = 0xc00000f8,
			InvalidParameter11 = 0xc00000f9,
			InvalidParameter12 = 0xc00000fa,
			MappedFileSizeZero = 0xc000011e,
			TooManyOpenedFiles = 0xc000011f,
			Cancelled = 0xc0000120,
			CannotDelete = 0xc0000121,
			InvalidComputerName = 0xc0000122,
			FileDeleted = 0xc0000123,
			SpecialAccount = 0xc0000124,
			SpecialGroup = 0xc0000125,
			SpecialUser = 0xc0000126,
			MembersPrimaryGroup = 0xc0000127,
			FileClosed = 0xc0000128,
			TooManyThreads = 0xc0000129,
			ThreadNotInProcess = 0xc000012a,
			TokenAlreadyInUse = 0xc000012b,
			PagefileQuotaExceeded = 0xc000012c,
			CommitmentLimit = 0xc000012d,
			InvalidImageLeFormat = 0xc000012e,
			InvalidImageNotMz = 0xc000012f,
			InvalidImageProtect = 0xc0000130,
			InvalidImageWin16 = 0xc0000131,
			LogonServer = 0xc0000132,
			DifferenceAtDc = 0xc0000133,
			SynchronizationRequired = 0xc0000134,
			DllNotFound = 0xc0000135,
			IoPrivilegeFailed = 0xc0000137,
			OrdinalNotFound = 0xc0000138,
			EntryPointNotFound = 0xc0000139,
			ControlCExit = 0xc000013a,
			PortNotSet = 0xc0000353,
			DebuggerInactive = 0xc0000354,
			CallbackBypass = 0xc0000503,
			PortClosed = 0xc0000700,
			MessageLost = 0xc0000701,
			InvalidMessage = 0xc0000702,
			RequestCanceled = 0xc0000703,
			RecursiveDispatch = 0xc0000704,
			LpcReceiveBufferExpected = 0xc0000705,
			LpcInvalidConnectionUsage = 0xc0000706,
			LpcRequestsNotAllowed = 0xc0000707,
			ResourceInUse = 0xc0000708,
			ProcessIsProtected = 0xc0000712,
			VolumeDirty = 0xc0000806,
			FileCheckedOut = 0xc0000901,
			CheckOutRequired = 0xc0000902,
			BadFileType = 0xc0000903,
			FileTooLarge = 0xc0000904,
			FormsAuthRequired = 0xc0000905,
			VirusInfected = 0xc0000906,
			VirusDeleted = 0xc0000907,
			TransactionalConflict = 0xc0190001,
			InvalidTransaction = 0xc0190002,
			TransactionNotActive = 0xc0190003,
			TmInitializationFailed = 0xc0190004,
			RmNotActive = 0xc0190005,
			RmMetadataCorrupt = 0xc0190006,
			TransactionNotJoined = 0xc0190007,
			DirectoryNotRm = 0xc0190008,
			CouldNotResizeLog = 0xc0190009,
			TransactionsUnsupportedRemote = 0xc019000a,
			LogResizeInvalidSize = 0xc019000b,
			RemoteFileVersionMismatch = 0xc019000c,
			CrmProtocolAlreadyExists = 0xc019000f,
			TransactionPropagationFailed = 0xc0190010,
			CrmProtocolNotFound = 0xc0190011,
			TransactionSuperiorExists = 0xc0190012,
			TransactionRequestNotValid = 0xc0190013,
			TransactionNotRequested = 0xc0190014,
			TransactionAlreadyAborted = 0xc0190015,
			TransactionAlreadyCommitted = 0xc0190016,
			TransactionInvalidMarshallBuffer = 0xc0190017,
			CurrentTransactionNotValid = 0xc0190018,
			LogGrowthFailed = 0xc0190019,
			ObjectNoLongerExists = 0xc0190021,
			StreamMiniversionNotFound = 0xc0190022,
			StreamMiniversionNotValid = 0xc0190023,
			MiniversionInaccessibleFromSpecifiedTransaction = 0xc0190024,
			CantOpenMiniversionWithModifyIntent = 0xc0190025,
			CantCreateMoreStreamMiniversions = 0xc0190026,
			HandleNoLongerValid = 0xc0190028,
			NoTxfMetadata = 0xc0190029,
			LogCorruptionDetected = 0xc0190030,
			CantRecoverWithHandleOpen = 0xc0190031,
			RmDisconnected = 0xc0190032,
			EnlistmentNotSuperior = 0xc0190033,
			RecoveryNotNeeded = 0xc0190034,
			RmAlreadyStarted = 0xc0190035,
			FileIdentityNotPersistent = 0xc0190036,
			CantBreakTransactionalDependency = 0xc0190037,
			CantCrossRmBoundary = 0xc0190038,
			TxfDirNotEmpty = 0xc0190039,
			IndoubtTransactionsExist = 0xc019003a,
			TmVolatile = 0xc019003b,
			RollbackTimerExpired = 0xc019003c,
			TxfAttributeCorrupt = 0xc019003d,
			EfsNotAllowedInTransaction = 0xc019003e,
			TransactionalOpenNotAllowed = 0xc019003f,
			TransactedMappingUnsupportedRemote = 0xc0190040,
			TxfMetadataAlreadyPresent = 0xc0190041,
			TransactionScopeCallbacksNotSet = 0xc0190042,
			TransactionRequiredPromotion = 0xc0190043,
			CannotExecuteFileInTransaction = 0xc0190044,
			TransactionsNotFrozen = 0xc0190045,
			MaximumNtStatus = 0xffffffff
		}
		[Flags]
		public enum ACCESS_MASK : uint {
			DELETE = 0x00010000,
			READ_CONTROL = 0x00020000,
			WRITE_DAC = 0x00040000,
			WRITE_OWNER = 0x00080000,
			SYNCHRONIZE = 0x00100000,
			STANDARD_RIGHTS_REQUIRED = 0x000F0000,
			STANDARD_RIGHTS_READ = 0x00020000,
			STANDARD_RIGHTS_WRITE = 0x00020000,
			STANDARD_RIGHTS_EXECUTE = 0x00020000,
			STANDARD_RIGHTS_ALL = 0x001F0000,
			SPECIFIC_RIGHTS_ALL = 0x0000FFFF,
			ACCESS_SYSTEM_SECURITY = 0x01000000,
			MAXIMUM_ALLOWED = 0x02000000,
			GENERIC_READ = 0x80000000,
			GENERIC_WRITE = 0x40000000,
			GENERIC_EXECUTE = 0x20000000,
			GENERIC_ALL = 0x10000000,
			DESKTOP_READOBJECTS = 0x00000001,
			DESKTOP_CREATEWINDOW = 0x00000002,
			DESKTOP_CREATEMENU = 0x00000004,
			DESKTOP_HOOKCONTROL = 0x00000008,
			DESKTOP_JOURNALRECORD = 0x00000010,
			DESKTOP_JOURNALPLAYBACK = 0x00000020,
			DESKTOP_ENUMERATE = 0x00000040,
			DESKTOP_WRITEOBJECTS = 0x00000080,
			DESKTOP_SWITCHDESKTOP = 0x00000100,
			WINSTA_ENUMDESKTOPS = 0x00000001,
			WINSTA_READATTRIBUTES = 0x00000002,
			WINSTA_ACCESSCLIPBOARD = 0x00000004,
			WINSTA_CREATEDESKTOP = 0x00000008,
			WINSTA_WRITEATTRIBUTES = 0x00000010,
			WINSTA_ACCESSGLOBALATOMS = 0x00000020,
			WINSTA_EXITWINDOWS = 0x00000040,
			WINSTA_ENUMERATE = 0x00000100,
			WINSTA_READSCREEN = 0x00000200,
			WINSTA_ALL_ACCESS = 0x0000037F
		}
		[Flags]
		public enum FileAccess : uint {
			AccessSystemSecurity = 0x1000000,
			MaximumAllowed = 0x2000000,
			Delete = 0x10000,
			ReadControl = 0x20000,
			WriteDAC = 0x40000,
			WriteOwner = 0x80000,
			Synchronize = 0x100000,
			StandardRightsRequired = 0xF0000,
			StandardRightsRead = ReadControl,
			StandardRightsWrite = ReadControl,
			StandardRightsExecute = ReadControl,
			StandardRightsAll = 0x1F0000,
			SpecificRightsAll = 0xFFFF,
			FILE_READ_DATA = 0x0001,
			FILE_LIST_DIRECTORY = 0x0001,
			FILE_WRITE_DATA = 0x0002,
			FILE_ADD_FILE = 0x0002,
			FILE_APPEND_DATA = 0x0004,
			FILE_ADD_SUBDIRECTORY = 0x0004,
			FILE_CREATE_PIPE_INSTANCE = 0x0004,
			FILE_READ_EA = 0x0008,
			FILE_WRITE_EA = 0x0010,
			FILE_EXECUTE = 0x0020,
			FILE_TRAVERSE = 0x0020,
			FILE_DELETE_CHILD = 0x0040,
			FILE_READ_ATTRIBUTES = 0x0080,
			FILE_WRITE_ATTRIBUTES = 0x0100,
			GenericRead = 0x80000000,
			GenericWrite = 0x40000000,
			GenericExecute = 0x20000000,
			GenericAll = 0x10000000,
			SPECIFIC_RIGHTS_ALL = 0x00FFFF,
			FILE_ALL_ACCESS = StandardRightsRequired | Synchronize | 0x1FF,
			FILE_GENERIC_READ = StandardRightsRead | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | Synchronize,
			FILE_GENERIC_WRITE = StandardRightsWrite | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | Synchronize,
			FILE_GENERIC_EXECUTE = StandardRightsExecute | FILE_READ_ATTRIBUTES | FILE_EXECUTE | Synchronize
		}
		[Flags]
		public enum FileShare : uint {
			None = 0x00000000,
			Read = 0x00000001,
			Write = 0x00000002,
			Delete = 0x00000004
		}
		[Flags]
		internal enum CreationDisposition : uint {
			FILE_SUPERSEDE = 0,
			FILE_OPEN = 1,
			FILE_CREATE = 2,
			FILE_OPEN_IF = 3,
			FILE_OVERWRITE = 4,
			FILE_OVERWRITE_IF = 5
		}
		[Flags]
		public enum CreateOption : uint {
			FILE_WRITE_THROUGH = 0x00000002,
			FILE_SEQUENTIAL_ONLY = 0x00000004,
			FILE_NO_INTERMEDIATE_BUFFERING = 0x00000008,
			FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020,
			FILE_RANDOM_ACCESS = 0x00000800
		}
		[Flags]
		public enum FileAttributes : uint {
			ReadOnly = 0x00000001,
			Hidden = 0x00000002,
			System = 0x00000004,
			Directory = 0x00000010,
			Archive = 0x00000020,
			Device = 0x00000040,
			Normal = 0x00000080,
			Temporary = 0x00000100,
			SparseFile = 0x00000200,
			ReparsePoint = 0x00000400,
			Compressed = 0x00000800,
			Offline = 0x00001000,
			NotContentIndexed = 0x00002000,
			Encrypted = 0x00004000,
			Write_Through = 0x80000000,
			Overlapped = 0x40000000,
			NoBuffering = 0x20000000,
			RandomAccess = 0x10000000,
			SequentialScan = 0x08000000,
			DeleteOnClose = 0x04000000,
			BackupSemantics = 0x02000000,
			PosixSemantics = 0x01000000,
			OpenReparsePoint = 0x00200000,
			OpenNoRecall = 0x00100000,
			FirstPipeInstance = 0x00080000
		}
		public enum AllocationProtect : uint {
			PAGE_EXECUTE = 0x00000010,
			PAGE_EXECUTE_READ = 0x00000020,
			PAGE_EXECUTE_READWRITE = 0x00000040,
			PAGE_EXECUTE_WRITECOPY = 0x00000080,
			PAGE_NOACCESS = 0x00000001,
			PAGE_READONLY = 0x00000002,
			PAGE_READWRITE = 0x00000004,
			PAGE_WRITECOPY = 0x00000008,
			PAGE_GUARD = 0x00000100,
			PAGE_NOCACHE = 0x00000200,
			PAGE_WRITECOMBINE = 0x00000400
		}
		[StructLayout(LayoutKind.Sequential, Pack = 0)]
		public struct IO_STATUS_BLOCK {
			public uint status;
			public IntPtr information;
		}
		[StructLayout(LayoutKind.Sequential, Pack = 0)]
		public struct OBJECT_ATTRIBUTES {
			public Int32 Length;
			public IntPtr RootDirectory;
			public IntPtr ObjectName;
			public uint Attributes;
			public IntPtr SecurityDescriptor;
			public IntPtr SecurityQualityOfService;
		}
		[StructLayout(LayoutKind.Sequential, Pack = 0)]
		public struct UNICODE_STRING {
			public ushort Length;
			public ushort MaximumLength;
			public IntPtr Buffer;
		}
		[DllImport("kernel32.dll")]
		public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
		[DllImport("ntdll.dll")]
		public static extern void RtlInitUnicodeString(ref UNICODE_STRING DestinationString, [MarshalAs(UnmanagedType.LPWStr)] string SourceString);
	}
	class Syscalls {
		static byte[] bNtCreateFile = {
			0x4C, 0x8B, 0xD1,			   	// mov r10, rcx
			0xB8, 0x55, 0x00, 0x00, 0x00,   // mov eax, 0x55 (NtCreateFile Syscall)
			0x0F, 0x05,					 	// syscall
			0xC3							// ret
		};
		public static Native.NTSTATUS NTCreateFile(out Microsoft.Win32.SafeHandles.SafeFileHandle FileHandle, Native.FileAccess DesiredAcces, ref Native.OBJECT_ATTRIBUTES ObjectAttributes, ref Native.IO_STATUS_BLOCK IoStatusBlock, ref long AllocationSize, Native.FileAttributes FileAttributes, Native.FileShare ShareAccess, Native.CreationDisposition CreateDisposition, Native.CreateOption CreateOptions, IntPtr EaBuffer, uint EaLength)
		{
			byte[] syscall = bNtCreateFile;
			unsafe
			{
				fixed (byte * ptr = syscall)
				{
					IntPtr memoryAddress = (IntPtr) ptr;
					uint o;
					if (!Native.VirtualProtect(memoryAddress, (UIntPtr) syscall.Length, (uint) Native.AllocationProtect.PAGE_EXECUTE_READWRITE, out o ))
					{
						throw new Win32Exception();
					}
					Delegates.NtCreateFile assembledFunction = (Delegates.NtCreateFile) Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));
					return (Native.NTSTATUS) assembledFunction(out FileHandle, DesiredAcces, ref ObjectAttributes, ref IoStatusBlock, ref AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength);
				}
			}
		}
		public struct Delegates {
			[UnmanagedFunctionPointer(CallingConvention.StdCall)]
			public delegate Native.NTSTATUS NtCreateFile(out Microsoft.Win32.SafeHandles.SafeFileHandle FileHandle, Native.FileAccess DesiredAcces, ref Native.OBJECT_ATTRIBUTES ObjectAttributes, ref Native.IO_STATUS_BLOCK IoStatusBlock, ref long AllocationSize, Native.FileAttributes FileAttributes, Native.FileShare ShareAccess, Native.CreationDisposition CreateDisposition, Native.CreateOption CreateOptions, IntPtr EaBuffer, uint EaLength);
		}
	}

	class Program {
		static void Main(string[] args) {
			Microsoft.Win32.SafeHandles.SafeFileHandle fileHandle;
			Native.UNICODE_STRING filename = new Native.UNICODE_STRING();
			Native.RtlInitUnicodeString(ref filename, @"\??\C:\Users\kuro\Desktop\test.txt");
			IntPtr objectName = Marshal.AllocHGlobal(Marshal.SizeOf(filename));
			Marshal.StructureToPtr(filename, objectName, true);
			Native.OBJECT_ATTRIBUTES FileObjectAttributes = new Native.OBJECT_ATTRIBUTES();
			FileObjectAttributes.Length = (int) Marshal.SizeOf(typeof(Native.OBJECT_ATTRIBUTES));
			FileObjectAttributes.RootDirectory = IntPtr.Zero;
			FileObjectAttributes.ObjectName = objectName;
			FileObjectAttributes.Attributes = 0x00000040;
			FileObjectAttributes.SecurityDescriptor = IntPtr.Zero;
			FileObjectAttributes.SecurityQualityOfService = IntPtr.Zero;
			Native.IO_STATUS_BLOCK IoStatusBlock = new Native.IO_STATUS_BLOCK();
			long allocationSize = 0;
			Native.NTSTATUS status = Syscalls.NTCreateFile(out fileHandle,
				Native.FileAccess.FILE_GENERIC_WRITE,
				ref FileObjectAttributes,
				ref IoStatusBlock,
				ref allocationSize,
				Native.FileAttributes.Normal,
				Native.FileShare.Write,
				Native.CreationDisposition.FILE_OVERWRITE_IF,
				Native.CreateOption.FILE_SYNCHRONOUS_IO_NONALERT,
				IntPtr.Zero, 0);
		}
	}

以上。