To get a piece of code to learn, but always the wrong, can't run, pointed out the mistake please, help to correct,
If you have to Delphi SSDT programming familiar with, you can leave your contact way, I paid for help,

The unit SSDT.

Interface

USES SysUtils, Windows, Graphics;


Const
STATUS_INFO_LENGTH_MISMATCH=$C0000004;
SysDbgReadVirtualMemory=8;
SysDbgWriteVirtualMemory=9;


//some commonly used type
Type
NTSTATUS=ULONG;
PVOID=Pointer;

PImageBaseRelocation=^ TImageBaseRelocation;
TImageBaseRelocation=the Packed Record
VirtualAddress: DWORD;
SizeOfBlock: DWORD;
//TypeOffset array [0.. 1] of Word;
end;



PModuleInformation=^ TModuleInformation;
TModuleInformation=the packed record
Reserved: array [0.. 1] of ULONG;
Base: Longint;
Size: Longint;
Flags: Longint;
Index: Smallint;
Unknown: Smallint;
Loadcount: Smallint;
ModuleNameOffset: Smallint;
ImageName: an array of CHAR [0.. 255];
end;


PMEMORY_CHUNKS=^ TMEMORY_CHUNKS;
TMEMORY_CHUNKS=the packed record
Address: ULONG;
Data: PVOID;
Length: ULONG;
end;



TSSDT_LIST_ENTRY=the packed record
Fname: sTRING;
Address1: ULONG;//the original address
Address2: ULONG;//the memory address
end;

TSSDT_LIST_ARRAY=array of TSSDT_LIST_ENTRY;

Type
PArray=^ TArray;
TArray=array [0.. 4196] DWORD,


The function ZwQuerySystemInformation (SystemInformationClass: ULONG; SystemInformation: PVOID; SystemInformationLength: ULONG; LpReturnLength: PULONG) : NTSTATUS; Stdcall; External 'NTDLL. DLL' name 'ZwQuerySystemInformation';
The function ZwSystemDebugControl (ControlCode: integer; InputBuffer: PVOID; InputBufferLength: ulong; OutputBuffer: PVOID; OutputBufferLength: ulong; ReturnLength: PULONG) : NTSTATUS; Stdcall; External 'NTDLL. DLL' name 'ZwSystemDebugControl';

The function LocateNtdllEntry () : BOOL;
The function GetHeaders (ibase: PCHAR; Var PFH: PImageFileHeader; Var poh: PImageOptionalHeader; Var PSH: PImageSectionHeader) : DWORD;
Procedure FindExport ();
The function FindKiServiceTable (hModule: hModule; DwKSDT: DWORD) : DWORD;
The function DebugPrivilege (PName: PCHAR; BEnable: BOOL) : BOOL;
Procedure GetSSDT ();

Var
Ssdt_list: TSSDT_LIST_ARRAY;
DwKSDT: DWORD;//rva of KeServiceDescriptorTable
DwKiServiceTable: DWORD;//rva of KiServiceTable
DwKernelBase dwServices: dwords.

Implementation
USES unit1;

The function LocateNtdllEntry () : BOOL;
Var
NTDLL: THandle;
PFunc: TFarProc;
The begin
NTDLL:=GetModuleHandle (' NTDLL. DLL);
If NTDLL=0 then
Result:=False;
PFunc:=GetProcAddress call (NTDLL, 'ZwQuerySystemInformation');
If pFunc=nil then
Result:=False;
end;


The function GetHeaders (ibase: PCHAR; Var PFH: PImageFileHeader; Var poh: PImageOptionalHeader; Var PSH: PImageSectionHeader) : DWORD;
Var
Mzhead: PImageDosHeader;
Nthead: PImageNtHeaders;
The begin
Mzhead:=PImageDosHeader (ibase);
If (mzhead ^. E_magic & lt;> Then IMAGE_DOS_SIGNATURE)
The begin
Result:=0;
exit;
end;

Nthead:=PImageNtHeaders (ibase + DWORD (mzhead ^. _lfanew));
If nthead ^. Signature<> IMAGE_NT_SIGNATURE then
The begin
Result:=0;
exit;
end;


(PFH:=PImageFileHeader ibase + dwords (mzhead ^. _lfanew) + Sizeof (DWORD));

Poh:=PImageOptionalHeader (ibase + DWORD (mzhead ^. _lfanew) + Sizeof (DWORD) + Sizeof (IMAGE_FILE_HEADER));
If poh ^. Magic<> The $10 b then
The begin
Result:=0;
exit;
end;

PSH:=PImageSectionHeader (ibase + DWORD (mzhead ^. _lfanew) + Sizeof (DWORD) + Sizeof (IMAGE_FILE_HEADER) + Sizeof (IMAGE_OPTIONAL_HEADER));
Result:=1;
end;


//search function name
Procedure FindExport ();
Var
PFH: PImageFileHeader;
Poh: PImageOptionalHeader;
PSH: PImageSectionHeader;
Ped: PImageExportDirectory;
ArrayOfFunctionNames: PArray;
ArrayOfFunctionAddresses: PArray;
ArrayOfFunctionOrdinals: PWordArray;
FunctionOrdinal functionAddress: dwords.
HNtdll: THandle;
I: integer;
FuncName: PChar;
Number: Word;
The begin
HNtdll:=GetModuleHandle (' NTDLL. DLL);
GetHeaders (PCHAR (hNtdll), PFH, poh, PSH);

If (poh ^. DataDirectory [IMAGE_DIRECTORY_ENTRY_EXPORT] VirtualAddress<> 0) then
The begin
Ped:=PImageExportDirectory (poh ^. DataDirectory [IMAGE_DIRECTORY_ENTRY_EXPORT] VirtualAddress + pchar (hNtdll));
ArrayOfFunctionNames:=PArray (hNtdll + DWORD (ped. ^ AddressOfNames));
ArrayOfFunctionAddresses:=PArray (hNtdll + DWORD (ped. ^ AddressOfFunctions));
ArrayOfFunctionOrdinals:=PWordArray (hNtdll + WORD (ped. ^ AddressOfNameOrdinals));

end;

SetLength (ssdt_list, ped ^. NumberOfNames);
For I:=0 to ped. ^ do NumberOfNames - 1
The begin
FuncName:=PCHAR (hNtdll + arrayOfFunctionNames [I]);
FunctionOrdinal:=arrayOfFunctionOrdinals [I] + ped ^. The Base - 1;

nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull