#ifndef _WINNT_
#pragma option push -b -a8 -pc -A- /*P_O_Push*/
#define _WINNT_
#ifdef __cplusplus
extern "C" {
#endif
#include <ctype.h>
#define ANYSIZE_ARRAY 1
#if defined(_M_MRX000) && !(defined(MIDL_PASS) || defined(RC_INVOKED)) && defined(ENABLE_RESTRICTED)
#define RESTRICTED_POINTER __restrict
#else
#define RESTRICTED_POINTER
#endif
#if defined(_M_MRX000) || defined(_M_ALPHA) || defined(_M_PPC) || defined(_M_IA64)
#define UNALIGNED __unaligned
#if defined(_WIN64)
#define UNALIGNED64 __unaligned
#else
#define UNALIGNED64
#endif
#else
#define UNALIGNED
#define UNALIGNED64
#endif
#if defined(_WIN64) || defined(_M_ALPHA)
#define MAX_NATURAL_ALIGNMENT sizeof(ULONGLONG)
#else
#define MAX_NATURAL_ALIGNMENT sizeof(DWORD)
#endif
//
// TYPE_ALIGNMENT will return the alignment requirements of a given type for
// the current platform.
//
#ifndef __cplusplus
#define TYPE_ALIGNMENT( t ) \
FIELD_OFFSET( struct { char x; t test; }, test )
#endif
#if defined(_WIN64)
#define PROBE_ALIGNMENT( _s ) (TYPE_ALIGNMENT( _s ) > TYPE_ALIGNMENT( DWORD ) ? \
TYPE_ALIGNMENT( _s ) : TYPE_ALIGNMENT( DWORD ))
#else
#define PROBE_ALIGNMENT( _s ) TYPE_ALIGNMENT( DWORD )
#endif
//
// C_ASSERT() can be used to perform many compile-time assertions:
// type sizes, field offsets, etc.
//
// An assertion failure results in error C2118: negative subscript.
//
#define C_ASSERT(e) typedef char __C_ASSERT__[(e)?1:-1]
#if !defined(_MAC) && (defined(_M_MRX000) || defined(_M_ALPHA) || defined(_M_IA64)) && (_MSC_VER >= 1100) && !(defined(MIDL_PASS) || defined(RC_INVOKED))
#define POINTER_64 __ptr64
typedef unsigned __int64 POINTER_64_INT;
#if defined(_WIN64)
#define POINTER_32 __ptr32
#else
#define POINTER_32
#endif
#else
#if defined(_MAC) && defined(_MAC_INT_64)
#define POINTER_64 __ptr64
typedef unsigned __int64 POINTER_64_INT;
#else
#define POINTER_64
typedef unsigned long POINTER_64_INT;
#endif
#define POINTER_32
#endif
#if defined(_IA64_)
#define FIRMWARE_PTR
#else
#define FIRMWARE_PTR POINTER_32
#endif
#include <basetsd.h>
#if (defined(_M_IX86) || defined(_M_ALPHA) || defined(_M_IA64)) && !defined(MIDL_PASS)
#define DECLSPEC_IMPORT __declspec(dllimport)
#else
#define DECLSPEC_IMPORT
#endif
#ifndef DECLSPEC_NORETURN
#if (_MSC_VER >= 1200) && !defined(MIDL_PASS) && !defined(__BORLANDC__)
#define DECLSPEC_NORETURN __declspec(noreturn)
#else
#define DECLSPEC_NORETURN
#endif
#endif
#ifndef DECLSPEC_ALIGN
#if (_MSC_VER >= 1300) && !defined(MIDL_PASS) && !defined(__BORLANDC__)
#define DECLSPEC_ALIGN(x) __declspec(align(x))
#else
#define DECLSPEC_ALIGN(x)
#endif
#endif
#ifndef DECLSPEC_UUID
#if ((_MSC_VER >= 1100) || (__BORLANDC__ >= 0x0550)) && defined(__cplusplus)
#define DECLSPEC_UUID(x) __declspec(uuid(x))
#else
#define DECLSPEC_UUID(x)
#endif
#endif
#ifndef DECLSPEC_NOVTABLE
#if ((_MSC_VER >= 1100) || (__BORLANDC__ >= 0x0550)) && defined(__cplusplus)
#define DECLSPEC_NOVTABLE __declspec(novtable)
#else
#define DECLSPEC_NOVTABLE
#endif
#endif
#ifndef DECLSPEC_SELECTANY
#if (_MSC_VER >= 1100) || (__BORLANDC__ >= 0x0550)
#define DECLSPEC_SELECTANY __declspec(selectany)
#else
#define DECLSPEC_SELECTANY
#endif
#endif
#ifndef NOP_FUNCTION
#if (_MSC_VER >= 1210)
#define NOP_FUNCTION __noop
#else
#define NOP_FUNCTION (void)0
#endif
#endif
#ifndef DECLSPEC_ADDRSAFE
#if (_MSC_VER >= 1200) && (defined(_M_ALPHA) || defined(_M_AXP64))
#define DECLSPEC_ADDRSAFE __declspec(address_safe)
#else
#define DECLSPEC_ADDRSAFE
#endif
#endif
typedef void *PVOID;
typedef void * POINTER_64 PVOID64;
#if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
#define NTAPI __stdcall
#else
#define _cdecl
#define NTAPI
#endif
//
// Define API decoration for direct importing system DLL references.
//
#if !defined(_NTSYSTEM_)
#define NTSYSAPI DECLSPEC_IMPORT
#define NTSYSCALLAPI DECLSPEC_IMPORT
#else
#define NTSYSAPI
#if defined(_NTDLLBUILD_)
#define NTSYSCALLAPI
#else
#define NTSYSCALLAPI DECLSPEC_ADDRSAFE
#endif
#endif
//
// Basics
//
#ifndef VOID
#define VOID void
typedef char CHAR;
typedef short SHORT;
typedef long LONG;
#endif
//
// UNICODE (Wide Character) types
//
#ifndef _MAC
typedef wchar_t WCHAR; // wc, 16-bit UNICODE character
#else
// some Macintosh compilers don't define wchar_t in a convenient location, or define it as a char
typedef unsigned short WCHAR; // wc, 16-bit UNICODE character
#endif
typedef WCHAR *PWCHAR;
typedef WCHAR *LPWCH, *PWCH;
typedef CONST WCHAR *LPCWCH, *PCWCH;
typedef WCHAR *NWPSTR;
typedef WCHAR *LPWSTR, *PWSTR;
typedef CONST WCHAR *LPCWSTR, *PCWSTR;
//
// ANSI (Multi-byte Character) types
//
typedef CHAR *PCHAR;
typedef CHAR *LPCH, *PCH;
typedef CONST CHAR *LPCCH, *PCCH;
typedef CHAR *NPSTR;
typedef CHAR *LPSTR, *PSTR;
typedef CONST CHAR *LPCSTR, *PCSTR;
//
// Neutral ANSI/UNICODE types and macros
//
#ifdef UNICODE // r_winnt
#ifndef _TCHAR_DEFINED
typedef WCHAR TCHAR, *PTCHAR;
typedef WCHAR TBYTE , *PTBYTE ;
#define _TCHAR_DEFINED
#endif /* !_TCHAR_DEFINED */
typedef LPWSTR LPTCH, PTCH;
typedef LPWSTR PTSTR, LPTSTR;
typedef LPCWSTR PCTSTR, LPCTSTR;
typedef LPWSTR LP;
#define __TEXT(quote) L##quote // r_winnt
#else /* UNICODE */ // r_winnt
#ifndef _TCHAR_DEFINED
typedef char TCHAR, *PTCHAR;
typedef unsigned char TBYTE , *PTBYTE ;
#define _TCHAR_DEFINED
#endif /* !_TCHAR_DEFINED */
typedef LPSTR LPTCH, PTCH;
typedef LPSTR PTSTR, LPTSTR;
typedef LPCSTR PCTSTR, LPCTSTR;
#define __TEXT(quote) quote // r_winnt
#endif /* UNICODE */ // r_winnt
#define TEXT(quote) __TEXT(quote) // r_winnt
typedef SHORT *PSHORT;
typedef LONG *PLONG;
#ifdef STRICT
typedef void *HANDLE;
#define DECLARE_HANDLE(name) struct name##__ { int unused; }; typedef struct name##__ *name
#else
typedef PVOID HANDLE;
#define DECLARE_HANDLE(name) typedef HANDLE name
#endif
typedef HANDLE *PHANDLE;
//
// Flag (bit) fields
//
typedef BYTE FCHAR;
typedef WORD FSHORT;
typedef DWORD FLONG;
// Component Object Model defines, and macros
#ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED
typedef LONG HRESULT;
#endif // !_HRESULT_DEFINED
#ifdef __cplusplus
#define EXTERN_C extern "C"
#else
#define EXTERN_C extern
#endif
#if defined(_WIN32) || defined(_MPPC_)
// Win32 doesn't support __export
#ifdef _68K_
#define STDMETHODCALLTYPE __cdecl
#else
#define STDMETHODCALLTYPE __stdcall
#endif
#define STDMETHODVCALLTYPE __cdecl
#define STDAPICALLTYPE __stdcall
#define STDAPIVCALLTYPE __cdecl
#else
#define STDMETHODCALLTYPE __export __stdcall
#define STDMETHODVCALLTYPE __export __cdecl
#define STDAPICALLTYPE __export __stdcall
#define STDAPIVCALLTYPE __export __cdecl
#endif
#define STDAPI EXTERN_C HRESULT STDAPICALLTYPE
#define STDAPI_(type) EXTERN_C type STDAPICALLTYPE
#define STDMETHODIMP HRESULT STDMETHODCALLTYPE
#define STDMETHODIMP_(type) type STDMETHODCALLTYPE
// The 'V' versions allow Variable Argument lists.
#define STDAPIV EXTERN_C HRESULT STDAPIVCALLTYPE
#define STDAPIV_(type) EXTERN_C type STDAPIVCALLTYPE
#define STDMETHODIMPV HRESULT STDMETHODVCALLTYPE
#define STDMETHODIMPV_(type) type STDMETHODVCALLTYPE
typedef char CCHAR;
typedef DWORD LCID;
typedef PDWORD PLCID;
typedef WORD LANGID;
#define APPLICATION_ERROR_MASK 0x20000000
#define ERROR_SEVERITY_SUCCESS 0x00000000
#define ERROR_SEVERITY_INFORMATIONAL 0x40000000
#define ERROR_SEVERITY_WARNING 0x80000000
#define ERROR_SEVERITY_ERROR 0xC0000000
//
// _M_IX86 included so that EM CONTEXT structure compiles with
// x86 programs. *** TBD should this be for all architectures?
//
//
// 16 byte aligned type for 128 bit floats
//
//
// For we define a 128 bit structure and use __declspec(align(16)) pragma to
// align to 128 bits.
//
#if defined(_M_IA64) && !defined(MIDL_PASS)
__declspec(align(16))
#endif
typedef struct _FLOAT128 {
__int64 LowPart;
__int64 HighPart;
} FLOAT128;
typedef FLOAT128 *PFLOAT128;
//
// __int64 is only supported by 2.0 and later midl.
// __midl is set by the 2.0 midl and not by 1.0 midl.
//
#define _ULONGLONG_
#if (!defined (_MAC) && (!defined(MIDL_PASS) || defined(__midl)) && (!defined(_M_IX86) || (defined(_INTEGRAL_MAX_BITS) && _INTEGRAL_MAX_BITS >= 64)))
typedef __int64 LONGLONG;
typedef unsigned __int64 ULONGLONG;
#define MAXLONGLONG (0x7fffffffffffffff)
#else
#if defined(_MAC) && defined(_MAC_INT_64)
typedef __int64 LONGLONG;
typedef unsigned __int64 ULONGLONG;
#define MAXLONGLONG (0x7fffffffffffffff)
#else
typedef double LONGLONG;
typedef double ULONGLONG;
#endif //_MAC and int64
#endif
typedef LONGLONG *PLONGLONG;
typedef ULONGLONG *PULONGLONG;
// Update Sequence Number
typedef LONGLONG USN;
#if defined(MIDL_PASS)
typedef struct _LARGE_INTEGER {
#else // MIDL_PASS
typedef union _LARGE_INTEGER {
struct {
DWORD LowPart;
LONG HighPart;
};
struct {
DWORD LowPart;
LONG HighPart;
} u;
#endif //MIDL_PASS
LONGLONG QuadPart;
} LARGE_INTEGER;
typedef LARGE_INTEGER *PLARGE_INTEGER;
#if defined(MIDL_PASS)
typedef struct _ULARGE_INTEGER {
#else // MIDL_PASS
typedef union _ULARGE_INTEGER {
struct {
DWORD LowPart;
DWORD HighPart;
};
struct {
DWORD LowPart;
DWORD HighPart;
} u;
#endif //MIDL_PASS
ULONGLONG QuadPart;
} ULARGE_INTEGER;
typedef ULARGE_INTEGER *PULARGE_INTEGER;
// end_ntminiport end_ntndis end_ntminitape
//
// Locally Unique Identifier
//
typedef struct _LUID {
DWORD LowPart;
LONG HighPart;
} LUID, *PLUID;
#define _DWORDLONG_
typedef ULONGLONG DWORDLONG;
typedef DWORDLONG *PDWORDLONG;
//
// Define operations to logically shift an int64 by 0..31 bits and to multiply
// 32-bits by 32-bits to form a 64-bit product.
//
#if defined(MIDL_PASS) || defined(RC_INVOKED)
//
// Midl does not understand inline assembler. Therefore, the Rtl functions
// are used for shifts by 0.31 and multiplies of 32-bits times 32-bits to
// form a 64-bit product.
//
#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))
#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))
#elif defined(_M_MRX000)
//
// MIPS uses intrinsic functions to perform shifts by 0..31 and multiplies of
// 32-bits times 32-bits to 64-bits.
//
#define Int32x32To64 __emul
#define UInt32x32To64 __emulu
#define Int64ShllMod32 __ll_lshift
#define Int64ShraMod32 __ll_rshift
#define Int64ShrlMod32 __ull_rshift
#if defined (__cplusplus)
extern "C" {
#endif
LONGLONG
NTAPI
Int32x32To64 (
LONG Multiplier,
LONG Multiplicand
);
ULONGLONG
NTAPI
UInt32x32To64 (
DWORD Multiplier,
DWORD Multiplicand
);
ULONGLONG
NTAPI
Int64ShllMod32 (
ULONGLONG Value,
DWORD ShiftCount
);
LONGLONG
NTAPI
Int64ShraMod32 (
LONGLONG Value,
DWORD ShiftCount
);
ULONGLONG
NTAPI
Int64ShrlMod32 (
ULONGLONG Value,
DWORD ShiftCount
);
#if defined (__cplusplus)
};
#endif
#pragma intrinsic(__emul)
#pragma intrinsic(__emulu)
#pragma intrinsic(__ll_lshift)
#pragma intrinsic(__ll_rshift)
#pragma intrinsic(__ull_rshift)
#elif defined(_M_IX86)
//
// The x86 C compiler understands inline assembler. Therefore, inline functions
// that employ inline assembler are used for shifts of 0..31. The multiplies
// rely on the compiler recognizing the cast of the multiplicand to int64 to
// generate the optimal code inline.
//
#define Int32x32To64( a, b ) (LONGLONG)((LONGLONG)(LONG)(a) * (LONG)(b))
#define UInt32x32To64( a, b ) (ULONGLONG)((ULONGLONG)(DWORD)(a) * (DWORD)(b))
#if !defined (__BORLANDC__)
ULONGLONG
NTAPI
Int64ShllMod32 (
ULONGLONG Value,
DWORD ShiftCount
);
LONGLONG
NTAPI
Int64ShraMod32 (
LONGLONG Value,
DWORD ShiftCount
);
ULONGLONG
NTAPI
Int64ShrlMod32 (
ULONGLONG Value,
DWORD ShiftCount
);
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable:4035) // re-enable below
__inline ULONGLONG
NTAPI
Int64ShllMod32 (
ULONGLONG Value,
DWORD ShiftCount
)
{
__asm {
mov ecx, ShiftCount
mov eax, dword ptr [Value]
mov edx, dword ptr [Value+4]
shld edx, eax, cl
shl eax, cl
}
}
__inline LONGLONG
NTAPI
Int64ShraMod32 (
LONGLONG Value,
DWORD ShiftCount
)
{
__asm {
mov ecx, ShiftCount
mov eax, dword ptr [Value]
mov edx, dword ptr [Value+4]
shrd eax, edx, cl
sar edx, cl
}
}
__inline ULONGLONG
NTAPI
Int64ShrlMod32 (
ULONGLONG Value,
DWORD ShiftCount
)
{
__asm {
mov ecx, ShiftCount
mov eax, dword ptr [Value]
mov edx, dword ptr [Value+4]
shrd eax, edx, cl
shr edx, cl
}
}
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default:4035)
#endif
#else
/* For Borland, let the compiler generate calls to __int64 helper functions */
#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))
#endif /* !defined (__BORLANDC__) */
#elif defined(_M_ALPHA)
//
// Alpha has native 64-bit operations that are just as fast as their 32-bit
// counter parts. Therefore, the int64 data type is used directly to form
// shifts of 0..31 and multiplies of 32-bits times 32-bits to form a 64-bit
// product.
//
#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))
#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))
#elif defined(_M_PPC)
#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))
#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))
#elif defined(_68K_) || defined(_MPPC_)
//
// The Macintosh 68K and PowerPC compilers do not currently support int64.
//
#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b)))
#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))
#elif defined(_M_IA64)
//
// IA64 has native 64-bit operations that are just as fast as their 32-bit
// counter parts. Therefore, the int64 data type is used directly to form
// shifts of 0..31 and multiplies of 32-bits times 32-bits to form a 64-bit
// product.
//
#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))
#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))
#else
#error Must define a target architecture.
#endif
#define ANSI_NULL ((CHAR)0)
#define UNICODE_NULL ((WCHAR)0)
typedef BYTE BOOLEAN;
typedef BOOLEAN *PBOOLEAN;
//
// Doubly linked list structure. Can be used as either a list head, or
// as link words.
//
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;
//
// Singly linked list structure. Can be used as either a list head, or
// as link words.
//
typedef struct _SINGLE_LIST_ENTRY {
struct _SINGLE_LIST_ENTRY *Next;
} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
//
// These are needed for portable debugger support.
//
typedef struct LIST_ENTRY32 {
DWORD Flink;
DWORD Blink;
} LIST_ENTRY32;
typedef LIST_ENTRY32 *PLIST_ENTRY32;
typedef struct LIST_ENTRY64 {
ULONGLONG Flink;
ULONGLONG Blink;
} LIST_ENTRY64;
typedef LIST_ENTRY64 *PLIST_ENTRY64;
#include <guiddef.h>
#ifndef __OBJECTID_DEFINED
#define __OBJECTID_DEFINED
typedef struct _OBJECTID { // size is 20
GUID Lineage;
DWORD Uniquifier;
} OBJECTID;
#endif // !_OBJECTID_DEFINED
#define MINCHAR 0x80
#define MAXCHAR 0x7f
#define MINSHORT 0x8000
#define MAXSHORT 0x7fff
#define MINLONG 0x80000000
#define MAXLONG 0x7fffffff
#define MAXBYTE 0xff
#define MAXWORD 0xffff
#define MAXDWORD 0xffffffff
//
// Calculate the byte offset of a field in a structure of type type.
//
#define FIELD_OFFSET(type, field) ((LONG)(LONG_PTR)&(((type *)0)->field))
//
// Calculate the address of the base of the structure given its type, and an
// address of a field within the structure.
//
#define CONTAINING_RECORD(address, type, field) ((type *)( \
(PCHAR)(address) - \
(ULONG_PTR)(&((type *)0)->field)))
#define VER_SERVER_NT 0x80000000
#define VER_WORKSTATION_NT 0x40000000
#define VER_SUITE_SMALLBUSINESS 0x00000001
#define VER_SUITE_ENTERPRISE 0x00000002
#define VER_SUITE_BACKOFFICE 0x00000004
#define VER_SUITE_COMMUNICATIONS 0x00000008
#define VER_SUITE_TERMINAL 0x00000010
#define VER_SUITE_SMALLBUSINESS_RESTRICTED 0x00000020
#define VER_SUITE_EMBEDDEDNT 0x00000040
#define VER_SUITE_DATACENTER 0x00000080
#define VER_SUITE_SINGLEUSERTS 0x00000100
//
// Language IDs.
//
// The following two combinations of primary language ID and
// sublanguage ID have special semantics:
//
// Primary Language ID Sublanguage ID Result
// ------------------- --------------- ------------------------
// LANG_NEUTRAL SUBLANG_NEUTRAL Language neutral
// LANG_NEUTRAL SUBLANG_DEFAULT User default language
// LANG_NEUTRAL SUBLANG_SYS_DEFAULT System default language
//
//
// Primary language IDs.
//
#define LANG_NEUTRAL 0x00
#define LANG_AFRIKAANS 0x36
#define LANG_ALBANIAN 0x1c
#define LANG_ARABIC 0x01
#define LANG_ARMENIAN 0x2b
#define LANG_ASSAMESE 0x4d
#define LANG_AZERI 0x2c
#define LANG_BASQUE 0x2d
#define LANG_BELARUSIAN 0x23
#define LANG_BENGALI 0x45
#define LANG_BULGARIAN 0x02
#define LANG_CATALAN 0x03
#define LANG_CHINESE 0x04
#define LANG_CROATIAN 0x1a
#define LANG_CZECH 0x05
#define LANG_DANISH 0x06
#define LANG_DUTCH 0x13
#define LANG_ENGLISH 0x09
#define LANG_ESTONIAN 0x25
#define LANG_FAEROESE 0x38
#define LANG_FARSI 0x29
#define LANG_FINNISH 0x0b
#define LANG_FRENCH 0x0c
#define LANG_GEORGIAN 0x37
#define LANG_GERMAN 0x07
#define LANG_GREEK 0x08
#define LANG_GUJARATI 0x47
#define LANG_HEBREW 0x0d
#define LANG_HINDI 0x39
#define LANG_HUNGARIAN 0x0e
#define LANG_ICELANDIC 0x0f
#define LANG_INDONESIAN 0x21
#define LANG_ITALIAN 0x10
#define LANG_JAPANESE 0x11
#define LANG_KANNADA 0x4b
#define LANG_KASHMIRI 0x60
#define LANG_KAZAK 0x3f
#define LANG_KONKANI 0x57
#define LANG_KOREAN 0x12
#define LANG_LATVIAN 0x26
#define LANG_LITHUANIAN 0x27
#define LANG_MACEDONIAN 0x2f // the Former Yugoslav Republic of Macedonia
#define LANG_MALAY 0x3e
#define LANG_MALAYALAM 0x4c
#define LANG_MANIPURI 0x58
#define LANG_MARATHI 0x4e
#define LANG_NEPALI 0x61
#define LANG_NORWEGIAN 0x14
#define LANG_ORIYA 0x48
#define LANG_POLISH 0x15
#define LANG_PORTUGUESE 0x16
#define LANG_PUNJABI 0x46
#define LANG_ROMANIAN 0x18
#define LANG_RUSSIAN 0x19
#define LANG_SANSKRIT 0x4f
#define LANG_SERBIAN 0x1a
#define LANG_SINDHI 0x59
#define LANG_SLOVAK 0x1b
#define LANG_SLOVENIAN 0x24
#define LANG_SPANISH 0x0a
#define LANG_SWAHILI 0x41
#define LANG_SWEDISH 0x1d
#define LANG_TAMIL 0x49
#define LANG_TATAR 0x44
#define LANG_TELUGU 0x4a
#define LANG_THAI 0x1e
#define LANG_TURKISH 0x1f
#define LANG_UKRAINIAN 0x22
#define LANG_URDU 0x20
#define LANG_UZBEK 0x43
#define LANG_VIETNAMESE 0x2a
//
// Sublanguage IDs.
//
// The name immediately following SUBLANG_ dictates which primary
// language ID that sublanguage ID can be combined with to form a
// valid language ID.
//
#define SUBLANG_NEUTRAL 0x00 // language neutral
#define SUBLANG_DEFAULT 0x01 // user default
#define SUBLANG_SYS_DEFAULT 0x02 // system default
#define SUBLANG_ARABIC_SAUDI_ARABIA 0x01 // Arabic (Saudi Arabia)
#define SUBLANG_ARABIC_IRAQ 0x02 // Arabic (Iraq)
#define SUBLANG_ARABIC_EGYPT 0x03 // Arabic (Egypt)
#define SUBLANG_ARABIC_LIBYA 0x04 // Arabic (Libya)
#define SUBLANG_ARABIC_ALGERIA 0x05 // Arabic (Algeria)
#define SUBLANG_ARABIC_MOROCCO 0x06 // Arabic (Morocco)
#define SUBLANG_ARABIC_TUNISIA 0x07 // Arabic (Tunisia)
#define SUBLANG_ARABIC_OMAN 0x08 // Arabic (Oman)
#define SUBLANG_ARABIC_YEMEN 0x09 // Arabic (Yemen)
#define SUBLANG_ARABIC_SYRIA 0x0a // Arabic (Syria)
#define SUBLANG_ARABIC_JORDAN 0x0b // Arabic (Jordan)
#define SUBLANG_ARABIC_LEBANON 0x0c // Arabic (Lebanon)
#define SUBLANG_ARABIC_KUWAIT 0x0d // Arabic (Kuwait)
#define SUBLANG_ARABIC_UAE 0x0e // Arabic (U.A.E)
#define SUBLANG_ARABIC_BAHRAIN 0x0f // Arabic (Bahrain)
#define SUBLANG_ARABIC_QATAR 0x10 // Arabic (Qatar)
#define SUBLANG_AZERI_LATIN 0x01 // Azeri (Latin)
#define SUBLANG_AZERI_CYRILLIC 0x02 // Azeri (Cyrillic)
#define SUBLANG_CHINESE_TRADITIONAL 0x01 // Chinese (Taiwan)
#define SUBLANG_CHINESE_SIMPLIFIED 0x02 // Chinese (PR China)
#define SUBLANG_CHINESE_HONGKONG 0x03 // Chinese (Hong Kong S.A.R., P.R.C.)
#define SUBLANG_CHINESE_SINGAPORE 0x04 // Chinese (Singapore)
#define SUBLANG_CHINESE_MACAU 0x05 // Chinese (Macau)
#define SUBLANG_DUTCH 0x01 // Dutch
#define SUBLANG_DUTCH_BELGIAN 0x02 // Dutch (Belgian)
#define SUBLANG_ENGLISH_US 0x01 // English (USA)
#define SUBLANG_ENGLISH_UK 0x02 // English (UK)
#define SUBLANG_ENGLISH_AUS 0x03 // English (Australian)
#define SUBLANG_ENGLISH_CAN 0x04 // English (Canadian)
#define SUBLANG_ENGLISH_NZ 0x05 // English (New Zealand)
#define SUBLANG_ENGLISH_EIRE 0x06 // English (Irish)
#define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07 // English (South Africa)
#define SUBLANG_ENGLISH_JAMAICA 0x08 // English (Jamaica)
#define SUBLANG_ENGLISH_CARIBBEAN 0x09 // English (Caribbean)
#define SUBLANG_ENGLISH_BELIZE 0x0a // English (Belize)
#define SUBLANG_ENGLISH_TRINIDAD 0x0b // English (Trinidad)
#define SUBLANG_ENGLISH_ZIMBABWE 0x0c // English (Zimbabwe)
#define SUBLANG_ENGLISH_PHILIPPINES 0x0d // English (Philippines)
#define SUBLANG_FRENCH 0x01 // French
#define SUBLANG_FRENCH_BELGIAN 0x02 // French (Belgian)
#define SUBLANG_FRENCH_CANADIAN 0x03 // French (Canadian)
#define SUBLANG_FRENCH_SWISS 0x04 // French (Swiss)
#define SUBLANG_FRENCH_LUXEMBOURG 0x05 // French (Luxembourg)
#define SUBLANG_FRENCH_MONACO 0x06 // French (Monaco)
#define SUBLANG_GERMAN 0x01 // German
#define SUBLANG_GERMAN_SWISS 0x02 // German (Swiss)
#define SUBLANG_GERMAN_AUSTRIAN 0x03 // German (Austrian)
#define SUBLANG_GERMAN_LUXEMBOURG 0x04 // German (Luxembourg)
#define SUBLANG_GERMAN_LIECHTENSTEIN 0x05 // German (Liechtenstein)
#define SUBLANG_ITALIAN 0x01 // Italian
#define SUBLANG_ITALIAN_SWISS 0x02 // Italian (Swiss)
#define SUBLANG_KASHMIRI_INDIA 0x02 // Kashmiri (India)
#define SUBLANG_KOREAN 0x01 // Korean (Extended Wansung)
#define SUBLANG_LITHUANIAN 0x01 // Lithuanian
#define SUBLANG_MALAY_MALAYSIA 0x01 // Malay (Malaysia)
#define SUBLANG_MALAY_BRUNEI_DARUSSALAM 0x02 // Malay (Brunei Darussalam)
#define SUBLANG_NEPALI_INDIA 0x02 // Nepali (India)
#define SUBLANG_NORWEGIAN_BOKMAL 0x01 // Norwegian (Bokmal)
#define SUBLANG_NORWEGIAN_NYNORSK 0x02 // Norwegian (Nynorsk)
#define SUBLANG_PORTUGUESE 0x02 // Portuguese
#define SUBLANG_PORTUGUESE_BRAZILIAN 0x01 // Portuguese (Brazilian)
#define SUBLANG_SERBIAN_LATIN 0x02 // Serbian (Latin)
#define SUBLANG_SERBIAN_CYRILLIC 0x03 // Serbian (Cyrillic)
#define SUBLANG_SPANISH 0x01 // Spanish (Castilian)
#define SUBLANG_SPANISH_MEXICAN 0x02 // Spanish (Mexican)
#define SUBLANG_SPANISH_MODERN 0x03 // Spanish (Modern)
#define SUBLANG_SPANISH_GUATEMALA 0x04 // Spanish (Guatemala)
#define SUBLANG_SPANISH_COSTA_RICA 0x05 // Spanish (Costa Rica)
#define SUBLANG_SPANISH_PANAMA 0x06 // Spanish (Panama)
#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07 // Spanish (Dominican Republic)
#define SUBLANG_SPANISH_VENEZUELA 0x08 // Spanish (Venezuela)
#define SUBLANG_SPANISH_COLOMBIA 0x09 // Spanish (Colombia)
#define SUBLANG_SPANISH_PERU 0x0a // Spanish (Peru)
#define SUBLANG_SPANISH_ARGENTINA 0x0b // Spanish (Argentina)
#define SUBLANG_SPANISH_ECUADOR 0x0c // Spanish (Ecuador)
#define SUBLANG_SPANISH_CHILE 0x0d // Spanish (Chile)
#define SUBLANG_SPANISH_URUGUAY 0x0e // Spanish (Uruguay)
#define SUBLANG_SPANISH_PARAGUAY 0x0f // Spanish (Paraguay)
#define SUBLANG_SPANISH_BOLIVIA 0x10 // Spanish (Bolivia)
#define SUBLANG_SPANISH_EL_SALVADOR 0x11 // Spanish (El Salvador)
#define SUBLANG_SPANISH_HONDURAS 0x12 // Spanish (Honduras)
#define SUBLANG_SPANISH_NICARAGUA 0x13 // Spanish (Nicaragua)
#define SUBLANG_SPANISH_PUERTO_RICO 0x14 // Spanish (Puerto Rico)
#define SUBLANG_SWEDISH 0x01 // Swedish
#define SUBLANG_SWEDISH_FINLAND 0x02 // Swedish (Finland)
#define SUBLANG_URDU_PAKISTAN 0x01 // Urdu (Pakistan)
#define SUBLANG_URDU_INDIA 0x02 // Urdu (India)
#define SUBLANG_UZBEK_LATIN 0x01 // Uzbek (Latin)
#define SUBLANG_UZBEK_CYRILLIC 0x02 // Uzbek (Cyrillic)
//
// Sorting IDs.
//
#define SORT_DEFAULT 0x0 // sorting default
#define SORT_JAPANESE_XJIS 0x0 // Japanese XJIS order
#define SORT_JAPANESE_UNICODE 0x1 // Japanese Unicode order
#define SORT_CHINESE_BIG5 0x0 // Chinese BIG5 order
#define SORT_CHINESE_PRCP 0x0 // PRC Chinese Phonetic order
#define SORT_CHINESE_UNICODE 0x1 // Chinese Unicode order
#define SORT_CHINESE_PRC 0x2 // PRC Chinese Stroke Count order
#define SORT_CHINESE_BOPOMOFO 0x3 // Traditional Chinese Bopomofo order
#define SORT_KOREAN_KSC 0x0 // Korean KSC order
#define SORT_KOREAN_UNICODE 0x1 // Korean Unicode order
#define SORT_GERMAN_PHONE_BOOK 0x1 // German Phone Book order
#define SORT_HUNGARIAN_DEFAULT 0x0 // Hungarian Default order
#define SORT_HUNGARIAN_TECHNICAL 0x1 // Hungarian Technical order
#define SORT_GEORGIAN_TRADITIONAL 0x0 // Georgian Traditional order
#define SORT_GEORGIAN_MODERN 0x1 // Georgian Modern order
// end_r_winnt
//
// A language ID is a 16 bit value which is the combination of a
// primary language ID and a secondary language ID. The bits are
// allocated as follows:
//
// +-----------------------+-------------------------+
// | Sublanguage ID | Primary Language ID |
// +-----------------------+-------------------------+
// 15 10 9 0 bit
//
//
// Language ID creation/extraction macros:
//
// MAKELANGID - construct language id from a primary language id and
// a sublanguage id.
// PRIMARYLANGID - extract primary language id from a language id.
// SUBLANGID - extract sublanguage id from a language id.
//
#define MAKELANGID(p, s) ((((WORD )(s)) << 10) | (WORD )(p))
#define PRIMARYLANGID(lgid) ((WORD )(lgid) & 0x3ff)
#define SUBLANGID(lgid) ((WORD )(lgid) >> 10)
//
// A locale ID is a 32 bit value which is the combination of a
// language ID, a sort ID, and a reserved area. The bits are
// allocated as follows:
//
// +-------------+---------+-------------------------+
// | Reserved | Sort ID | Language ID |
// +-------------+---------+-------------------------+
// 31 20 19 16 15 0 bit
//
//
// Locale ID creation/extraction macros:
//
// MAKELCID - construct the locale id from a language id and a sort id.
// MAKESORTLCID - construct the locale id from a language id, sort id, and sort version.
// LANGIDFROMLCID - extract the language id from a locale id.
// SORTIDFROMLCID - extract the sort id from a locale id.
// SORTVERSIONFROMLCID - extract the sort version from a locale id.
//
#define NLS_VALID_LOCALE_MASK 0x000fffff
#define MAKELCID(lgid, srtid) ((DWORD)((((DWORD)((WORD )(srtid))) << 16) | \
((DWORD)((WORD )(lgid)))))
#define MAKESORTLCID(lgid, srtid, ver) \
((DWORD)((MAKELCID(lgid, srtid)) | \
(((DWORD)((WORD )(ver))) << 20)))
#define LANGIDFROMLCID(lcid) ((WORD )(lcid))
#define SORTIDFROMLCID(lcid) ((WORD )((((DWORD)(lcid)) >> 16) & 0xf))
#define SORTVERSIONFROMLCID(lcid) ((WORD )((((DWORD)(lcid)) >> 20) & 0xf))
//
// Default System and User IDs for language and locale.
//
#define LANG_SYSTEM_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_SYS_DEFAULT))
#define LANG_USER_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT))
#define LOCALE_SYSTEM_DEFAULT (MAKELCID(LANG_SYSTEM_DEFAULT, SORT_DEFAULT))
#define LOCALE_USER_DEFAULT (MAKELCID(LANG_USER_DEFAULT, SORT_DEFAULT))
#define LOCALE_NEUTRAL \
(MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT))
// begin_ntminiport begin_ntndis begin_ntminitape
//
// Macros used to eliminate compiler warning generated when formal
// parameters or local variables are not declared.
//
// Use DBG_UNREFERENCED_PARAMETER() when a parameter is not yet
// referenced but will be once the module is completely developed.
//
// Use DBG_UNREFERENCED_LOCAL_VARIABLE() when a local variable is not yet
// referenced but will be once the module is completely developed.
//
// Use UNREFERENCED_PARAMETER() if a parameter will never be referenced.
//
// DBG_UNREFERENCED_PARAMETER and DBG_UNREFERENCED_LOCAL_VARIABLE will
// eventually be made into a null macro to help determine whether there
// is unfinished work.
//
#if ! defined(lint)
#define UNREFERENCED_PARAMETER(P) (P)
#define DBG_UNREFERENCED_PARAMETER(P) (P)
#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) (V)
#else // lint
// Note: lint -e530 says don't complain about uninitialized variables for
// this varible. Error 527 has to do with unreachable code.
// -restore restores checking to the -save state
#define UNREFERENCED_PARAMETER(P) \
/*lint -save -e527 -e530 */ \
{ \
(P) = (P); \
} \
/*lint -restore */
#define DBG_UNREFERENCED_PARAMETER(P) \
/*lint -save -e527 -e530 */ \
{ \
(P) = (P); \
} \
/*lint -restore */
#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) \
/*lint -save -e527 -e530 */ \
{ \
(V) = (V); \
} \
/*lint -restore */
#endif // lint
//
// Macro used to eliminate compiler warning 4715 within a switch statement
// when all possible cases have already been accounted for.
//
// switch (a & 3) {
// case 0: return 1;
// case 1: return Foo();
// case 2: return Bar();
// case 3: return 1;
// DEFAULT_UNREACHABLE;
//
#if (_MSC_VER > 1200)
#define DEFAULT_UNREACHABLE default: __assume(0)
#else
//
// Older compilers do not support __assume(), and there is no other free
// method of eliminating the warning.
//
#define DEFAULT_UNREACHABLE
#endif
#ifndef WIN32_NO_STATUS
/*lint -save -e767 */
#define STATUS_WAIT_0 ((DWORD )0x00000000L)
#define STATUS_ABANDONED_WAIT_0 ((DWORD )0x00000080L)
#define STATUS_USER_APC ((DWORD )0x000000C0L)
#define STATUS_TIMEOUT ((DWORD )0x00000102L)
#define STATUS_PENDING ((DWORD )0x00000103L)
#define DBG_CONTINUE ((DWORD )0x00010002L)
#define STATUS_SEGMENT_NOTIFICATION ((DWORD )0x40000005L)
#define DBG_TERMINATE_THREAD ((DWORD )0x40010003L)
#define DBG_TERMINATE_PROCESS ((DWORD )0x40010004L)
#define DBG_CONTROL_C ((DWORD )0x40010005L)
#define DBG_CONTROL_BREAK ((DWORD )0x40010008L)
#define STATUS_GUARD_PAGE_VIOLATION ((DWORD )0x80000001L)
#define STATUS_DATATYPE_MISALIGNMENT ((DWORD )0x80000002L)
#define STATUS_BREAKPOINT ((DWORD )0x80000003L)
#define STATUS_SINGLE_STEP ((DWORD )0x80000004L)
#define DBG_EXCEPTION_NOT_HANDLED ((DWORD )0x80010001L)
#define STATUS_ACCESS_VIOLATION ((DWORD )0xC0000005L)
#define STATUS_IN_PAGE_ERROR ((DWORD )0xC0000006L)
#define STATUS_INVALID_HANDLE ((DWORD )0xC0000008L)
#define STATUS_NO_MEMORY ((DWORD )0xC0000017L)
#define STATUS_ILLEGAL_INSTRUCTION ((DWORD )0xC000001DL)
#define STATUS_NONCONTINUABLE_EXCEPTION ((DWORD )0xC0000025L)
#define STATUS_INVALID_DISPOSITION ((DWORD )0xC0000026L)
#define STATUS_ARRAY_BOUNDS_EXCEEDED ((DWORD )0xC000008CL)
#define STATUS_FLOAT_DENORMAL_OPERAND ((DWORD )0xC000008DL)
#define STATUS_FLOAT_DIVIDE_BY_ZERO ((DWORD )0xC000008EL)
#define STATUS_FLOAT_INEXACT_RESULT ((DWORD )0xC000008FL)
#define STATUS_FLOAT_INVALID_OPERATION ((DWORD )0xC0000090L)
#define STATUS_FLOAT_OVERFLOW ((DWORD )0xC0000091L)
#define STATUS_FLOAT_STACK_CHECK ((DWORD )0xC0000092L)
#define STATUS_FLOAT_UNDERFLOW ((DWORD )0xC0000093L)
#define STATUS_INTEGER_DIVIDE_BY_ZERO ((DWORD )0xC0000094L)
#define STATUS_INTEGER_OVERFLOW ((DWORD )0xC0000095L)
#define STATUS_PRIVILEGED_INSTRUCTION ((DWORD )0xC0000096L)
#define STATUS_STACK_OVERFLOW ((DWORD )0xC00000FDL)
#define STATUS_CONTROL_C_EXIT ((DWORD )0xC000013AL)
#define STATUS_FLOAT_MULTIPLE_FAULTS ((DWORD )0xC00002B4L)
#define STATUS_FLOAT_MULTIPLE_TRAPS ((DWORD )0xC00002B5L)
#define STATUS_ILLEGAL_VLM_REFERENCE ((DWORD )0xC00002C0L)
#define STATUS_REG_NAT_CONSUMPTION ((DWORD )0xC00002C9L)
/*lint -restore */
#endif
#define MAXIMUM_WAIT_OBJECTS 64 // Maximum number of wait objects
#define MAXIMUM_SUSPEND_COUNT MAXCHAR // Maximum times thread can be suspended
typedef ULONG_PTR KSPIN_LOCK;
typedef KSPIN_LOCK *PKSPIN_LOCK;
//
// Define function to return the current Thread Environment Block
//
#ifdef _ALPHA_ // winnt
void *_rdteb(void); // winnt
#if defined(_M_ALPHA) // winnt
#pragma intrinsic(_rdteb) // winnt
#endif // winnt
#endif // winnt
#if defined(_M_ALPHA)
#define NtCurrentTeb() ((struct _TEB *)_rdteb())
#else
struct _TEB *
NtCurrentTeb(void);
#endif
//
// Define functions to get the address of the current fiber and the
// current fiber data.
//
#ifdef _ALPHA_
#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_ALPHA 0x00020000
#define CONTEXT_CONTROL (CONTEXT_ALPHA | 0x00000001L)
#define CONTEXT_FLOATING_POINT (CONTEXT_ALPHA | 0x00000002L)
#define CONTEXT_INTEGER (CONTEXT_ALPHA | 0x00000004L)
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)
#endif
#ifndef _PORTABLE_32BIT_CONTEXT
//
// Context Frame
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) it is used to construct a call frame for APC delivery,
// 3) it is used to construct a call frame for exception dispatching
// in user mode, 4) it is used in the user level thread creation
// routines, and 5) it is used to to pass thread state to debuggers.
//
// N.B. Because this record is used as a call frame, it must be EXACTLY
// a multiple of 16 bytes in length.
//
// There are two variations of the context structure. This is the real one.
//
typedef struct _CONTEXT {
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
ULONGLONG FltF0;
ULONGLONG FltF1;
ULONGLONG FltF2;
ULONGLONG FltF3;
ULONGLONG FltF4;
ULONGLONG FltF5;
ULONGLONG FltF6;
ULONGLONG FltF7;
ULONGLONG FltF8;
ULONGLONG FltF9;
ULONGLONG FltF10;
ULONGLONG FltF11;
ULONGLONG FltF12;
ULONGLONG FltF13;
ULONGLONG FltF14;
ULONGLONG FltF15;
ULONGLONG FltF16;
ULONGLONG FltF17;
ULONGLONG FltF18;
ULONGLONG FltF19;
ULONGLONG FltF20;
ULONGLONG FltF21;
ULONGLONG FltF22;
ULONGLONG FltF23;
ULONGLONG FltF24;
ULONGLONG FltF25;
ULONGLONG FltF26;
ULONGLONG FltF27;
ULONGLONG FltF28;
ULONGLONG FltF29;
ULONGLONG FltF30;
ULONGLONG FltF31;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, and ra are defined in this section, but are
// considered part of the control context rather than part of the integer
// context.
//
ULONGLONG IntV0; // $0: return value register, v0
ULONGLONG IntT0; // $1: temporary registers, t0 - t7
ULONGLONG IntT1; // $2:
ULONGLONG IntT2; // $3:
ULONGLONG IntT3; // $4:
ULONGLONG IntT4; // $5:
ULONGLONG IntT5; // $6:
ULONGLONG IntT6; // $7:
ULONGLONG IntT7; // $8:
ULONGLONG IntS0; // $9: nonvolatile registers, s0 - s5
ULONGLONG IntS1; // $10:
ULONGLONG IntS2; // $11:
ULONGLONG IntS3; // $12:
ULONGLONG IntS4; // $13:
ULONGLONG IntS5; // $14:
ULONGLONG IntFp; // $15: frame pointer register, fp/s6
ULONGLONG IntA0; // $16: argument registers, a0 - a5
ULONGLONG IntA1; // $17:
ULONGLONG IntA2; // $18:
ULONGLONG IntA3; // $19:
ULONGLONG IntA4; // $20:
ULONGLONG IntA5; // $21:
ULONGLONG IntT8; // $22: temporary registers, t8 - t11
ULONGLONG IntT9; // $23:
ULONGLONG IntT10; // $24:
ULONGLONG IntT11; // $25:
ULONGLONG IntRa; // $26: return address register, ra
ULONGLONG IntT12; // $27: temporary register, t12
ULONGLONG IntAt; // $28: assembler temp register, at
ULONGLONG IntGp; // $29: global pointer register, gp
ULONGLONG IntSp; // $30: stack pointer register, sp
ULONGLONG IntZero; // $31: zero register, zero
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
ULONGLONG Fpcr; // floating point control register
ULONGLONG SoftFpcr; // software extension to FPCR
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// N.B. The registers gp, sp, and ra are defined in the integer section,
// but are considered part of the control context rather than part of
// the integer context.
//
ULONGLONG Fir; // (fault instruction) continuation address
DWORD Psr; // processor status
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
DWORD Fill[4]; // padding for 16-byte stack frame alignment
} CONTEXT, *PCONTEXT;
#else
#error _PORTABLE_32BIT_CONTEXT no longer supported on Alpha.
#endif // _PORTABLE_32BIT_CONTEXT
// end_ntddk end_nthal
#endif // _ALPHA_
#ifdef _ALPHA_
VOID
__jump_unwind (
PVOID VirtualFramePointer,
PVOID TargetPc
);
#endif // _ALPHA_
#ifdef _X86_
//
// Disable these two pramas that evaluate to "sti" "cli" on x86 so that driver
// writers to not leave them inadvertantly in their code.
//
#if !defined(MIDL_PASS)
#if !defined(RC_INVOKED)
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable:4164) // disable C4164 warning so that apps that
// build with /Od don't get weird errors !
#ifdef _M_IX86
#pragma function(_enable)
#pragma function(_disable)
#endif
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default:4164) // reenable C4164 warning
#endif
#endif
#endif
#if !defined(MIDL_PASS) && defined(_M_IX86)
#ifdef __BORLANDC__
/* Microsoft wants these to be inline functions containing inline assembly.
Borland C has trouble with this combination, so we've added simple
prototypes here and moved the real functions into the RTL.
At least until we support inline assembly from within inline functions.
*/
#ifdef __MT__ /* Force no prototype unless in MT mode */
PVOID GetFiberData( void );
PVOID GetCurrentFiber( void );
#endif /* __MT__ */
#else /* __BORLANDC__ */
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning (disable:4035) // disable 4035 (function must return something)
_inline PVOID GetFiberData( void ) { __asm {
mov eax, fs:[0x10]
mov eax,[eax]
}
}
_inline PVOID GetCurrentFiber( void ) { __asm mov eax, fs:[0x10] }
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning (default:4035) // Reenable it
#endif
#endif /* __BORLANDC__ */
#endif
// begin_ntddk begin_wx86
//
// Define the size of the 80387 save area, which is in the context frame.
//
#define SIZE_OF_80387_REGISTERS 80
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_i386 0x00010000 // this assumes that i386 and
#define CONTEXT_i486 0x00010000 // i486 have identical context records
// end_wx86
#define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
#define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
#define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
#define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
#define CONTEXT_EXTENDED_REGISTERS (CONTEXT_i386 | 0x00000020L) // cpu specific extensions
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
CONTEXT_SEGMENTS)
// begin_wx86
#endif
#define MAXIMUM_SUPPORTED_EXTENSION 512
typedef struct _FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
DWORD Cr0NpxState;
} FLOATING_SAVE_AREA;
typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;
//
// Context Frame
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) is is used to constuct a call frame for APC delivery,
// and 3) it is used in the user level thread creation routines.
//
// The layout of the record conforms to a standard call frame.
//
typedef struct _CONTEXT {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//
FLOATING_SAVE_AREA FloatSave;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//
DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//
DWORD Ebp;
DWORD Eip;
DWORD SegCs; // MUST BE SANITIZED
DWORD EFlags; // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;
//
// This section is specified/returned if the ContextFlags word
// contains the flag CONTEXT_EXTENDED_REGISTERS.
// The format and contexts are processor specific
//
BYTE ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
} CONTEXT;
typedef CONTEXT *PCONTEXT;
// begin_ntminiport
#endif //_X86_
#ifndef _LDT_ENTRY_DEFINED
#define _LDT_ENTRY_DEFINED
typedef struct _LDT_ENTRY {
WORD LimitLow;
WORD BaseLow;
union {
struct {
BYTE BaseMid;
BYTE Flags1; // Declare as bytes to avoid alignment
BYTE Flags2; // Problems.
BYTE BaseHi;
} Bytes;
struct {
DWORD BaseMid : 8;
DWORD Type : 5;
DWORD Dpl : 2;
DWORD Pres : 1;
DWORD LimitHi : 4;
DWORD Sys : 1;
DWORD Reserved_0 : 1;
DWORD Default_Big : 1;
DWORD Granularity : 1;
DWORD BaseHi : 8;
} Bits;
} HighWord;
} LDT_ENTRY, *PLDT_ENTRY;
#endif
#if defined(_MIPS_)
//
// Define functions to get the address of the current fiber and the
// current fiber data.
//
#define GetCurrentFiber() ((*(PNT_TIB *)0x7ffff4a8)->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_R4000 0x00010000 // r4000 context
#define CONTEXT_CONTROL (CONTEXT_R4000 | 0x00000001)
#define CONTEXT_FLOATING_POINT (CONTEXT_R4000 | 0x00000002)
#define CONTEXT_INTEGER (CONTEXT_R4000 | 0x00000004)
#define CONTEXT_EXTENDED_FLOAT (CONTEXT_FLOATING_POINT | 0x00000008)
#define CONTEXT_EXTENDED_INTEGER (CONTEXT_INTEGER | 0x00000010)
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | \
CONTEXT_INTEGER | CONTEXT_EXTENDED_INTEGER)
#endif
//
// Context Frame
//
// N.B. This frame must be exactly a multiple of 16 bytes in length.
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) it is used to constuct a call frame for APC delivery,
// 3) it is used to construct a call frame for exception dispatching
// in user mode, and 4) it is used in the user level thread creation
// routines.
//
// The layout of the record conforms to a standard call frame.
//
typedef struct _CONTEXT {
//
// This section is always present and is used as an argument build
// area.
//
// N.B. Context records are 0 mod 8 aligned starting with NT 4.0.
//
union {
DWORD Argument[4];
ULONGLONG Alignment;
};
//
// The following union defines the 32-bit and 64-bit register context.
//
union {
//
// 32-bit context.
//
struct {
//
// This section is specified/returned if the ContextFlags contains
// the flag CONTEXT_FLOATING_POINT.
//
// N.B. This section contains the 16 double floating registers f0,
// f2, ..., f30.
//
DWORD FltF0;
DWORD FltF1;
DWORD FltF2;
DWORD FltF3;
DWORD FltF4;
DWORD FltF5;
DWORD FltF6;
DWORD FltF7;
DWORD FltF8;
DWORD FltF9;
DWORD FltF10;
DWORD FltF11;
DWORD FltF12;
DWORD FltF13;
DWORD FltF14;
DWORD FltF15;
DWORD FltF16;
DWORD FltF17;
DWORD FltF18;
DWORD FltF19;
DWORD FltF20;
DWORD FltF21;
DWORD FltF22;
DWORD FltF23;
DWORD FltF24;
DWORD FltF25;
DWORD FltF26;
DWORD FltF27;
DWORD FltF28;
DWORD FltF29;
DWORD FltF30;
DWORD FltF31;
//
// This section is specified/returned if the ContextFlags contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, and ra are defined in this section,
// but are considered part of the control context rather than
// part of the integer context.
//
// N.B. Register zero is not stored in the frame.
//
DWORD IntZero;
DWORD IntAt;
DWORD IntV0;
DWORD IntV1;
DWORD IntA0;
DWORD IntA1;
DWORD IntA2;
DWORD IntA3;
DWORD IntT0;
DWORD IntT1;
DWORD IntT2;
DWORD IntT3;
DWORD IntT4;
DWORD IntT5;
DWORD IntT6;
DWORD IntT7;
DWORD IntS0;
DWORD IntS1;
DWORD IntS2;
DWORD IntS3;
DWORD IntS4;
DWORD IntS5;
DWORD IntS6;
DWORD IntS7;
DWORD IntT8;
DWORD IntT9;
DWORD IntK0;
DWORD IntK1;
DWORD IntGp;
DWORD IntSp;
DWORD IntS8;
DWORD IntRa;
DWORD IntLo;
DWORD IntHi;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
DWORD Fsr;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// N.B. The registers gp, sp, and ra are defined in the integer section,
// but are considered part of the control context rather than part of
// the integer context.
//
DWORD Fir;
DWORD Psr;
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
};
//
// 64-bit context.
//
struct {
//
// This section is specified/returned if the ContextFlags contains
// the flag CONTEXT_EXTENDED_FLOAT.
//
// N.B. This section contains the 32 double floating registers f0,
// f1, ..., f31.
//
ULONGLONG XFltF0;
ULONGLONG XFltF1;
ULONGLONG XFltF2;
ULONGLONG XFltF3;
ULONGLONG XFltF4;
ULONGLONG XFltF5;
ULONGLONG XFltF6;
ULONGLONG XFltF7;
ULONGLONG XFltF8;
ULONGLONG XFltF9;
ULONGLONG XFltF10;
ULONGLONG XFltF11;
ULONGLONG XFltF12;
ULONGLONG XFltF13;
ULONGLONG XFltF14;
ULONGLONG XFltF15;
ULONGLONG XFltF16;
ULONGLONG XFltF17;
ULONGLONG XFltF18;
ULONGLONG XFltF19;
ULONGLONG XFltF20;
ULONGLONG XFltF21;
ULONGLONG XFltF22;
ULONGLONG XFltF23;
ULONGLONG XFltF24;
ULONGLONG XFltF25;
ULONGLONG XFltF26;
ULONGLONG XFltF27;
ULONGLONG XFltF28;
ULONGLONG XFltF29;
ULONGLONG XFltF30;
ULONGLONG XFltF31;
//
// The following sections must exactly overlay the 32-bit context.
//
DWORD Fill1;
DWORD Fill2;
//
// This section is specified/returned if the ContextFlags contains
// the flag CONTEXT_FLOATING_POINT.
//
DWORD XFsr;
//
// This section is specified/returned if the ContextFlags contains
// the flag CONTEXT_CONTROL.
//
// N.B. The registers gp, sp, and ra are defined in the integer
// section, but are considered part of the control context
// rather than part of the integer context.
//
DWORD XFir;
DWORD XPsr;
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD XContextFlags;
//
// This section is specified/returned if the ContextFlags contains
// the flag CONTEXT_EXTENDED_INTEGER.
//
// N.B. The registers gp, sp, and ra are defined in this section,
// but are considered part of the control context rather than
// part of the integer context.
//
// N.B. Register zero is not stored in the frame.
//
ULONGLONG XIntZero;
ULONGLONG XIntAt;
ULONGLONG XIntV0;
ULONGLONG XIntV1;
ULONGLONG XIntA0;
ULONGLONG XIntA1;
ULONGLONG XIntA2;
ULONGLONG XIntA3;
ULONGLONG XIntT0;
ULONGLONG XIntT1;
ULONGLONG XIntT2;
ULONGLONG XIntT3;
ULONGLONG XIntT4;
ULONGLONG XIntT5;
ULONGLONG XIntT6;
ULONGLONG XIntT7;
ULONGLONG XIntS0;
ULONGLONG XIntS1;
ULONGLONG XIntS2;
ULONGLONG XIntS3;
ULONGLONG XIntS4;
ULONGLONG XIntS5;
ULONGLONG XIntS6;
ULONGLONG XIntS7;
ULONGLONG XIntT8;
ULONGLONG XIntT9;
ULONGLONG XIntK0;
ULONGLONG XIntK1;
ULONGLONG XIntGp;
ULONGLONG XIntSp;
ULONGLONG XIntS8;
ULONGLONG XIntRa;
ULONGLONG XIntLo;
ULONGLONG XIntHi;
};
};
} CONTEXT, *PCONTEXT;
// end_ntddk end_nthal
#define CONTEXT32_LENGTH 0x130 // The original 32-bit Context length (pre NT 4.0)
#endif // MIPS
#if defined(_MIPS_)
VOID
__jump_unwind (
PVOID Fp,
PVOID TargetPc
);
#endif // MIPS
#if defined(_PPC_)
//
// The address of the TEB is placed into GPR 13 at context switch time
// and should never be destroyed. To get the address of the TEB use
// the compiler intrinsic to access it directly from GPR 13.
//
#if defined(_M_PPC) && defined(_MSC_VER) && (_MSC_VER>=1000)
unsigned __gregister_get( unsigned const regnum );
#define NtCurrentTeb() ((struct _TEB *)__gregister_get(13))
#elif defined(_M_PPC)
struct _TEB * __builtin_get_gpr13(VOID);
#define NtCurrentTeb() ((struct _TEB *)__builtin_get_gpr13())
#endif
//
// Define functions to get the address of the current fiber and the
// current fiber data.
//
#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_CONTROL 0x00000001L
#define CONTEXT_FLOATING_POINT 0x00000002L
#define CONTEXT_INTEGER 0x00000004L
#define CONTEXT_DEBUG_REGISTERS 0x00000008L
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)
#endif
//
// Context Frame
//
// N.B. This frame must be exactly a multiple of 16 bytes in length.
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) it is used to constuct a call frame for APC delivery,
// 3) it is used to construct a call frame for exception dispatching
// in user mode, and 4) it is used in the user level thread creation
// routines.
//
// Requires at least 8-byte alignment (double)
//
typedef struct _CONTEXT {
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
double Fpr0; // Floating registers 0..31
double Fpr1;
double Fpr2;
double Fpr3;
double Fpr4;
double Fpr5;
double Fpr6;
double Fpr7;
double Fpr8;
double Fpr9;
double Fpr10;
double Fpr11;
double Fpr12;
double Fpr13;
double Fpr14;
double Fpr15;
double Fpr16;
double Fpr17;
double Fpr18;
double Fpr19;
double Fpr20;
double Fpr21;
double Fpr22;
double Fpr23;
double Fpr24;
double Fpr25;
double Fpr26;
double Fpr27;
double Fpr28;
double Fpr29;
double Fpr30;
double Fpr31;
double Fpscr; // Floating point status/control reg
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
DWORD Gpr0; // General registers 0..31
DWORD Gpr1;
DWORD Gpr2;
DWORD Gpr3;
DWORD Gpr4;
DWORD Gpr5;
DWORD Gpr6;
DWORD Gpr7;
DWORD Gpr8;
DWORD Gpr9;
DWORD Gpr10;
DWORD Gpr11;
DWORD Gpr12;
DWORD Gpr13;
DWORD Gpr14;
DWORD Gpr15;
DWORD Gpr16;
DWORD Gpr17;
DWORD Gpr18;
DWORD Gpr19;
DWORD Gpr20;
DWORD Gpr21;
DWORD Gpr22;
DWORD Gpr23;
DWORD Gpr24;
DWORD Gpr25;
DWORD Gpr26;
DWORD Gpr27;
DWORD Gpr28;
DWORD Gpr29;
DWORD Gpr30;
DWORD Gpr31;
DWORD Cr; // Condition register
DWORD Xer; // Fixed point exception register
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
DWORD Msr; // Machine status register
DWORD Iar; // Instruction address register
DWORD Lr; // Link register
DWORD Ctr; // Count register
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
DWORD Fill[3]; // Pad out to multiple of 16 bytes
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0; // Breakpoint Register 1
DWORD Dr1; // Breakpoint Register 2
DWORD Dr2; // Breakpoint Register 3
DWORD Dr3; // Breakpoint Register 4
DWORD Dr4; // Breakpoint Register 5
DWORD Dr5; // Breakpoint Register 6
DWORD Dr6; // Debug Status Register
DWORD Dr7; // Debug Control Register
} CONTEXT, *PCONTEXT;
// end_ntddk end_nthal
//
// Stack frame header
//
// Order of appearance in stack frame:
// Header (six words)
// Parameters (at least eight words)
// Local variables
// Saved GPRs
// Saved FPRs
//
// Minimum alignment is 8 bytes
typedef struct _STACK_FRAME_HEADER { // GPR 1 points here
DWORD BackChain; // Addr of previous frame
DWORD GlueSaved1; // Used by glue code
DWORD GlueSaved2;
DWORD Reserved1; // Reserved
DWORD Spare1; // Used by tracing, profiling, ...
DWORD Spare2;
DWORD Parameter0; // First 8 parameter words are
DWORD Parameter1; // always present
DWORD Parameter2;
DWORD Parameter3;
DWORD Parameter4;
DWORD Parameter5;
DWORD Parameter6;
DWORD Parameter7;
} STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER;
VOID
__jump_unwind (
PVOID Fp,
PVOID TargetPc
);
#endif // defined(_PPC_)
#if defined(_MPPC_)
//
// The address of the TEB is placed into GPR 13 at context switch time
// and should never be destroyed. To get the address of the TEB use
// the compiler intrinsic to access it directly from GPR 13.
//
#if defined(_M_PPC) && defined(_MSC_VER) && (_MSC_VER>=1000)
unsigned __gregister_get( unsigned const regnum );
#define NtCurrentTeb() ((struct _TEB *)__gregister_get(13))
#elif defined(_M_PPC)
struct _TEB * __builtin_get_gpr13(VOID);
#define NtCurrentTeb() ((struct _TEB *)__builtin_get_gpr13())
#endif
//
// Define functions to get the address of the current fiber and the
// current fiber data.
//
#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_CONTROL 0x00000001L
#define CONTEXT_FLOATING_POINT 0x00000002L
#define CONTEXT_INTEGER 0x00000004L
#define CONTEXT_DEBUG_REGISTERS 0x00000008L
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)
#endif
//
// Context Frame
//
// N.B. This frame must be exactly a multiple of 16 bytes in length.
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) it is used to constuct a call frame for APC delivery,
// 3) it is used to construct a call frame for exception dispatching
// in user mode, and 4) it is used in the user level thread creation
// routines.
//
// Requires at least 8-byte alignment (double)
//
typedef struct _CONTEXT {
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
double Fpr0; // Floating registers 0..31
double Fpr1;
double Fpr2;
double Fpr3;
double Fpr4;
double Fpr5;
double Fpr6;
double Fpr7;
double Fpr8;
double Fpr9;
double Fpr10;
double Fpr11;
double Fpr12;
double Fpr13;
double Fpr14;
double Fpr15;
double Fpr16;
double Fpr17;
double Fpr18;
double Fpr19;
double Fpr20;
double Fpr21;
double Fpr22;
double Fpr23;
double Fpr24;
double Fpr25;
double Fpr26;
double Fpr27;
double Fpr28;
double Fpr29;
double Fpr30;
double Fpr31;
double Fpscr; // Floating point status/control reg
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
DWORD Gpr0; // General registers 0..31
DWORD Gpr1;
DWORD Gpr2;
DWORD Gpr3;
DWORD Gpr4;
DWORD Gpr5;
DWORD Gpr6;
DWORD Gpr7;
DWORD Gpr8;
DWORD Gpr9;
DWORD Gpr10;
DWORD Gpr11;
DWORD Gpr12;
DWORD Gpr13;
DWORD Gpr14;
DWORD Gpr15;
DWORD Gpr16;
DWORD Gpr17;
DWORD Gpr18;
DWORD Gpr19;
DWORD Gpr20;
DWORD Gpr21;
DWORD Gpr22;
DWORD Gpr23;
DWORD Gpr24;
DWORD Gpr25;
DWORD Gpr26;
DWORD Gpr27;
DWORD Gpr28;
DWORD Gpr29;
DWORD Gpr30;
DWORD Gpr31;
DWORD Cr; // Condition register
DWORD Xer; // Fixed point exception register
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
DWORD Msr; // Machine status register
DWORD Iar; // Instruction address register
DWORD Lr; // Link register
DWORD Ctr; // Count register
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
DWORD Fill[3]; // Pad out to multiple of 16 bytes
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0; // Breakpoint Register 1
DWORD Dr1; // Breakpoint Register 2
DWORD Dr2; // Breakpoint Register 3
DWORD Dr3; // Breakpoint Register 4
DWORD Dr4; // Breakpoint Register 5
DWORD Dr5; // Breakpoint Register 6
DWORD Dr6; // Debug Status Register
DWORD Dr7; // Debug Control Register
} CONTEXT, *PCONTEXT;
// end_ntddk end_nthal
//
// Stack frame header
//
// Order of appearance in stack frame:
// Header (six words)
// Parameters (at least eight words)
// Local variables
// Saved GPRs
// Saved FPRs
//
// Minimum alignment is 8 bytes
typedef struct _STACK_FRAME_HEADER { // GPR 1 points here
DWORD BackChain; // Addr of previous frame
DWORD GlueSaved1; // Used by glue code
DWORD GlueSaved2;
DWORD Reserved1; // Reserved
DWORD Spare1; // Used by tracing, profiling, ...
DWORD Spare2;
DWORD Parameter0; // First 8 parameter words are
DWORD Parameter1; // always present
DWORD Parameter2;
DWORD Parameter3;
DWORD Parameter4;
DWORD Parameter5;
DWORD Parameter6;
DWORD Parameter7;
} STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER;
VOID
__jump_unwind (
PVOID Fp,
PVOID TargetPc
);
#endif // defined(_MPPC_)
#if !defined(__midl) && !defined(GENUTIL) && !defined(_GENIA64_) && defined(_IA64_)
// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT
void * _cdecl _rdteb(void);
#if defined(_M_IA64) // winnt
#pragma intrinsic(_rdteb) // winnt
#endif // winnt
#define NtCurrentTeb() ((struct _TEB *)_rdteb())
// @@END_DDKSPLIT
//
// Define functions to get the address of the current fiber and the
// current fiber data.
//
#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
#endif // !defined(__midl) && !defined(GENUTIL) && !defined(_GENIA64_) && defined(_M_IA64)
#ifdef _IA64_
// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT
// @@END_DDKSPLIT
#endif // !defined(RC_INVOKED)
//
// Context Frame
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) it is used to construct a call frame for APC delivery,
// 3) it is used to construct a call frame for exception dispatching
// in user mode, 4) it is used in the user level thread creation
// routines, and 5) it is used to to pass thread state to debuggers.
//
// N.B. Because this record is used as a call frame, it must be EXACTLY
// a multiple of 16 bytes in length and aligned on a 16-byte boundary.
//
typedef struct _CONTEXT {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
DWORD Fill1[3]; // for alignment of following on 16-byte boundary
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_DEBUG.
//
// N.B. CONTEXT_DEBUG is *not* part of CONTEXT_FULL.
//
// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT.
//
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_HIGHER_FLOATING_POINT.
//
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT | CONTEXT_CONTROL.
//
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, rp are part of the control context
//
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// Other application registers
// Register stack info
// Trap Status Information
// iA32 related control registers
// @@END_DDKSPLIT
} CONTEXT, *PCONTEXT;
//
// Followings are the data structures that required to support Legacy x86
//
//
// Define the size of the 80387 save area, which is in the context frame.
//
#define SIZE_OF_80387_REGISTERS 80
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_i386 0x00010000 // this assumes that i386 and
#define CONTEXT_i486 0x00010000 // i486 have identical context records
#define CONTEXT_X86 0x00010000 // X86 have identical context records
#define CONTEXT86_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
#define CONTEXT86_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
#define CONTEXT86_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
#define CONTEXT86_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
#define CONTEXT86_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
#define CONTEXT86_FULL (CONTEXT86_CONTROL | CONTEXT86_INTEGER |\
CONTEXT86_SEGMENTS) // context corresponding to set flags will be returned.
#endif // !defined(RC_INVOKED)
typedef struct _FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
DWORD Cr0NpxState;
} FLOATING_SAVE_AREA;
typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;
//
// Context Frame
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) is is used to constuct a call frame for APC delivery,
// and 3) it is used in the user level thread creation routines.
//
// The layout of the record conforms to a standard call frame.
//
typedef struct _CONTEXT86 {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//
FLOATING_SAVE_AREA FloatSave;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//
DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//
//
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//
DWORD Ebp;
DWORD Eip;
DWORD SegCs; // MUST BE SANITIZED
DWORD EFlags; // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;
} CONTEXT86;
#ifndef _LDT_ENTRY_DEFINED
#define _LDT_ENTRY_DEFINED
//
// LDT descriptor entry
//
typedef struct _LDT_ENTRY {
WORD LimitLow;
WORD BaseLow;
union {
struct {
BYTE BaseMid;
BYTE Flags1; // Declare as bytes to avoid alignment
BYTE Flags2; // Problems.
BYTE BaseHi;
} Bytes;
struct {
DWORD BaseMid : 8;
DWORD Type : 5;
DWORD Dpl : 2;
DWORD Pres : 1;
DWORD LimitHi : 4;
DWORD Sys : 1;
DWORD Reserved_0 : 1;
DWORD Default_Big : 1;
DWORD Granularity : 1;
DWORD BaseHi : 8;
} Bits;
} HighWord;
} LDT_ENTRY, *PLDT_ENTRY;
#endif // _LDT_ENTRY_DEFINED
//
// Plabel descriptor structure definition
//
// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT
// @@END_DDKSPLIT
#endif // _IA64_
#ifdef _IA64_
// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT
// @@END_DDKSPLIT
#endif // _IA64_
#define EXCEPTION_NONCONTINUABLE 0x1 // Noncontinuable exception
#define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters
//
// Exception record definition.
//
typedef struct _EXCEPTION_RECORD {
DWORD ExceptionCode;
DWORD ExceptionFlags;
struct _EXCEPTION_RECORD *ExceptionRecord;
PVOID ExceptionAddress;
DWORD NumberParameters;
ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD;
typedef EXCEPTION_RECORD *PEXCEPTION_RECORD;
typedef struct _EXCEPTION_RECORD32 {
DWORD ExceptionCode;
DWORD ExceptionFlags;
DWORD ExceptionRecord;
DWORD ExceptionAddress;
DWORD NumberParameters;
DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD32, *PEXCEPTION_RECORD32;
typedef struct _EXCEPTION_RECORD64 {
DWORD ExceptionCode;
DWORD ExceptionFlags;
DWORD64 ExceptionRecord;
DWORD64 ExceptionAddress;
DWORD NumberParameters;
DWORD __unusedAlignment;
DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD64, *PEXCEPTION_RECORD64;
//
// Typedef for pointer returned by exception_info()
//
typedef struct _EXCEPTION_POINTERS {
PEXCEPTION_RECORD ExceptionRecord;
PCONTEXT ContextRecord;
} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
typedef PVOID PACCESS_TOKEN;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef PVOID PSID;
////////////////////////////////////////////////////////////////////////
// //
// ACCESS MASK //
// //
////////////////////////////////////////////////////////////////////////
//
// Define the access mask as a longword sized structure divided up as
// follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------+---------------+-------------------------------+
// |G|G|G|G|Res'd|A| StandardRights| SpecificRights |
// |R|W|E|A| |S| | |
// +-+-------------+---------------+-------------------------------+
//
// typedef struct _ACCESS_MASK {
// WORD SpecificRights;
// BYTE StandardRights;
// BYTE AccessSystemAcl : 1;
// BYTE Reserved : 3;
// BYTE GenericAll : 1;
// BYTE GenericExecute : 1;
// BYTE GenericWrite : 1;
// BYTE GenericRead : 1;
// } ACCESS_MASK;
// typedef ACCESS_MASK *PACCESS_MASK;
//
// but to make life simple for programmer's we'll allow them to specify
// a desired access mask by simply OR'ing together mulitple single rights
// and treat an access mask as a DWORD. For example
//
// DesiredAccess = DELETE | READ_CONTROL
//
// So we'll declare ACCESS_MASK as DWORD
//
// begin_ntddk begin_wdm begin_nthal begin_ntifs
typedef DWORD ACCESS_MASK;
typedef ACCESS_MASK *PACCESS_MASK;
////////////////////////////////////////////////////////////////////////
// //
// ACCESS TYPES //
// //
////////////////////////////////////////////////////////////////////////
// begin_ntddk begin_wdm begin_nthal begin_ntifs
//
// The following are masks for the predefined standard access types
//
#define DELETE (0x00010000L)
#define READ_CONTROL (0x00020000L)
#define WRITE_DAC (0x00040000L)
#define WRITE_OWNER (0x00080000L)
#define SYNCHRONIZE (0x00100000L)
#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
#define STANDARD_RIGHTS_READ (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
#define STANDARD_RIGHTS_ALL (0x001F0000L)
#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
//
// AccessSystemAcl access type
//
#define ACCESS_SYSTEM_SECURITY (0x01000000L)
//
// MaximumAllowed access type
//
#define MAXIMUM_ALLOWED (0x02000000L)
//
// These are the generic rights.
//
#define GENERIC_READ (0x80000000L)
#define GENERIC_WRITE (0x40000000L)
#define GENERIC_EXECUTE (0x20000000L)
#define GENERIC_ALL (0x10000000L)
//
// Define the generic mapping array. This is used to denote the
// mapping of each generic access right to a specific access mask.
//
typedef struct _GENERIC_MAPPING {
ACCESS_MASK GenericRead;
ACCESS_MASK GenericWrite;
ACCESS_MASK GenericExecute;
ACCESS_MASK GenericAll;
} GENERIC_MAPPING;
typedef GENERIC_MAPPING *PGENERIC_MAPPING;
////////////////////////////////////////////////////////////////////////
// //
// LUID_AND_ATTRIBUTES //
// //
////////////////////////////////////////////////////////////////////////
//
//
#include <pshpack4.h>
typedef struct _LUID_AND_ATTRIBUTES {
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
#include <poppack.h>
////////////////////////////////////////////////////////////////////////
// //
// Security Id (SID) //
// //
////////////////////////////////////////////////////////////////////////
//
//
// Pictorially the structure of an SID is as follows:
//
// 1 1 1 1 1 1
// 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------------------------------------------------------+
// | SubAuthorityCount |Reserved1 (SBZ)| Revision |
// +---------------------------------------------------------------+
// | IdentifierAuthority[0] |
// +---------------------------------------------------------------+
// | IdentifierAuthority[1] |
// +---------------------------------------------------------------+
// | IdentifierAuthority[2] |
// +---------------------------------------------------------------+
// | |
// +- - - - - - - - SubAuthority[] - - - - - - - - -+
// | |
// +---------------------------------------------------------------+
//
//
// begin_ntifs
#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
#define SID_IDENTIFIER_AUTHORITY_DEFINED
typedef struct _SID_IDENTIFIER_AUTHORITY {
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#endif
#ifndef SID_DEFINED
#define SID_DEFINED
typedef struct _SID {
BYTE Revision;
BYTE SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
#ifdef MIDL_PASS
[size_is(SubAuthorityCount)] DWORD SubAuthority
;
#else // MIDL_PASS
DWORD SubAuthority[ANYSIZE_ARRAY];
#endif // MIDL_PASS
} SID, *PISID;
#endif
#define SID_REVISION (1) // Current revision level
#define SID_MAX_SUB_AUTHORITIES (15)
#define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6
// in a future release.
typedef enum _SID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer
} SID_NAME_USE, *PSID_NAME_USE;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
/////////////////////////////////////////////////////////////////////////////
// //
// Universal well-known SIDs //
// //
// Null SID S-1-0-0 //
// World S-1-1-0 //
// Local S-1-2-0 //
// Creator Owner ID S-1-3-0 //
// Creator Group ID S-1-3-1 //
// Creator Owner Server ID S-1-3-2 //
// Creator Group Server ID S-1-3-3 //
// //
// (Non-unique IDs) S-1-4 //
// //
/////////////////////////////////////////////////////////////////////////////
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
#define SECURITY_NULL_RID (0x00000000L)
#define SECURITY_WORLD_RID (0x00000000L)
#define SECURITY_LOCAL_RID (0X00000000L)
#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
/////////////////////////////////////////////////////////////////////////////
// //
// NT well-known SIDs //
// //
// NT Authority S-1-5 //
// Dialup S-1-5-1 //
// //
// Network S-1-5-2 //
// Batch S-1-5-3 //
// Interactive S-1-5-4 //
// Service S-1-5-6 //
// AnonymousLogon S-1-5-7 (aka null logon session) //
// Proxy S-1-5-8 //
// ServerLogon S-1-5-9 (aka domain controller account) //
// Self S-1-5-10 (self RID) //
// Authenticated User S-1-5-11 (Authenticated user somewhere) //
// Restricted Code S-1-5-12 (Running restricted code) //
// Terminal Server S-1-5-13 (Running on Terminal Server) //
// //
// (Logon IDs) S-1-5-5-X-Y //
// //
// (NT non-unique IDs) S-1-5-0x15-... //
// //
// (Built-in domain) s-1-5-0x20 //
// //
/////////////////////////////////////////////////////////////////////////////
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
#define SECURITY_DIALUP_RID (0x00000001L)
#define SECURITY_NETWORK_RID (0x00000002L)
#define SECURITY_BATCH_RID (0x00000003L)
#define SECURITY_INTERACTIVE_RID (0x00000004L)
#define SECURITY_SERVICE_RID (0x00000006L)
#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
#define SECURITY_PROXY_RID (0x00000008L)
#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
#define SECURITY_LOGON_IDS_RID (0x00000005L)
#define SECURITY_LOGON_IDS_RID_COUNT (3L)
#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
#define SECURITY_NT_NON_UNIQUE (0x00000015L)
#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
/////////////////////////////////////////////////////////////////////////////
// //
// well-known domain relative sub-authority values (RIDs)... //
// //
/////////////////////////////////////////////////////////////////////////////
// Well-known users ...
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
#define DOMAIN_USER_RID_GUEST (0x000001F5L)
#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
// well-known groups ...
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
#define DOMAIN_GROUP_RID_USERS (0x00000201L)
#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
// well-known aliases ...
#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
//
// Allocate the System Luid. The first 1000 LUIDs are reserved.
// Use #999 here (0x3E7 = 999)
//
#define SYSTEM_LUID { 0x3E7, 0x0 }
#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
// end_ntifs
////////////////////////////////////////////////////////////////////////
// //
// User and Group related SID attributes //
// //
////////////////////////////////////////////////////////////////////////
//
// Group attributes
//
#define SE_GROUP_MANDATORY (0x00000001L)
#define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)
#define SE_GROUP_ENABLED (0x00000004L)
#define SE_GROUP_OWNER (0x00000008L)
#define SE_GROUP_USE_FOR_DENY_ONLY (0x00000010L)
#define SE_GROUP_LOGON_ID (0xC0000000L)
#define SE_GROUP_RESOURCE (0x20000000L)
//
// User attributes
//
// (None yet defined.)
////////////////////////////////////////////////////////////////////////
// //
// ACL and ACE //
// //
////////////////////////////////////////////////////////////////////////
//
// Define an ACL and the ACE format. The structure of an ACL header
// followed by one or more ACEs. Pictorally the structure of an ACL header
// is as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +-------------------------------+---------------+---------------+
// | AclSize | Sbz1 | AclRevision |
// +-------------------------------+---------------+---------------+
// | Sbz2 | AceCount |
// +-------------------------------+-------------------------------+
//
// The current AclRevision is defined to be ACL_REVISION.
//
// AclSize is the size, in bytes, allocated for the ACL. This includes
// the ACL header, ACES, and remaining free space in the buffer.
//
// AceCount is the number of ACES in the ACL.
//
// begin_ntddk begin_ntifs
// This is the *current* ACL revision
#define ACL_REVISION (2)
#define ACL_REVISION_DS (4)
// This is the history of ACL revisions. Add a new one whenever
// ACL_REVISION is updated
#define ACL_REVISION1 (1)
#define MIN_ACL_REVISION ACL_REVISION2
#define ACL_REVISION2 (2)
#define ACL_REVISION3 (3)
#define ACL_REVISION4 (4)
#define MAX_ACL_REVISION ACL_REVISION4
typedef struct _ACL {
BYTE AclRevision;
BYTE Sbz1;
WORD AclSize;
WORD AceCount;
WORD Sbz2;
} ACL;
typedef ACL *PACL;
// end_ntddk
//
// The structure of an ACE is a common ace header followed by ace type
// specific data. Pictorally the structure of the common ace header is
// as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------+-------+-------+---------------+---------------+
// | AceSize | AceFlags | AceType |
// +---------------+-------+-------+---------------+---------------+
//
// AceType denotes the type of the ace, there are some predefined ace
// types
//
// AceSize is the size, in bytes, of ace.
//
// AceFlags are the Ace flags for audit and inheritance, defined shortly.
typedef struct _ACE_HEADER {
BYTE AceType;
BYTE AceFlags;
WORD AceSize;
} ACE_HEADER;
typedef ACE_HEADER *PACE_HEADER;
//
// The following are the predefined ace types that go into the AceType
// field of an Ace header.
//
#define ACCESS_MIN_MS_ACE_TYPE (0x0)
#define ACCESS_ALLOWED_ACE_TYPE (0x0)
#define ACCESS_DENIED_ACE_TYPE (0x1)
#define SYSTEM_AUDIT_ACE_TYPE (0x2)
#define SYSTEM_ALARM_ACE_TYPE (0x3)
#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
#define ACCESS_MAX_MS_ACE_TYPE (0x8)
//
// The following are the inherit flags that go into the AceFlags field
// of an Ace header.
//
#define OBJECT_INHERIT_ACE (0x1)
#define CONTAINER_INHERIT_ACE (0x2)
#define NO_PROPAGATE_INHERIT_ACE (0x4)
#define INHERIT_ONLY_ACE (0x8)
#define INHERITED_ACE (0x10)
#define VALID_INHERIT_FLAGS (0x1F)
// The following are the currently defined ACE flags that go into the
// AceFlags field of an ACE header. Each ACE type has its own set of
// AceFlags.
//
// SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
// types to indicate that a message is generated for successful accesses.
//
// FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
// to indicate that a message is generated for failed accesses.
//
//
// SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
//
// These control the signaling of audit and alarms for success or failure.
//
#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
#define FAILED_ACCESS_ACE_FLAG (0x80)
//
// We'll define the structure of the predefined ACE types. Pictorally
// the structure of the predefined ACE's is as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------+-------+-------+---------------+---------------+
// | AceFlags | Resd |Inherit| AceSize | AceType |
// +---------------+-------+-------+---------------+---------------+
// | Mask |
// +---------------------------------------------------------------+
// | |
// + +
// | |
// + Sid +
// | |
// + +
// | |
// +---------------------------------------------------------------+
//
// Mask is the access mask associated with the ACE. This is either the
// access allowed, access denied, audit, or alarm mask.
//
// Sid is the Sid associated with the ACE.
//
// The following are the four predefined ACE types.
// Examine the AceType field in the Header to determine
// which structure is appropriate to use for casting.
typedef struct _ACCESS_ALLOWED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} ACCESS_ALLOWED_ACE;
typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
typedef struct _ACCESS_DENIED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} ACCESS_DENIED_ACE;
typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
typedef struct _SYSTEM_AUDIT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_AUDIT_ACE;
typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
typedef struct _SYSTEM_ALARM_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_ALARM_ACE;
typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
// end_ntifs
typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
typedef struct _ACCESS_DENIED_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;
typedef struct _SYSTEM_ALARM_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;
//
// Currently define Flags for "OBJECT" ACE types.
//
#define ACE_OBJECT_TYPE_PRESENT 0x1
#define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
//
// The following declarations are used for setting and querying information
// about and ACL. First are the various information classes available to
// the user.
//
typedef enum _ACL_INFORMATION_CLASS {
AclRevisionInformation = 1,
AclSizeInformation
} ACL_INFORMATION_CLASS;
//
// This record is returned/sent if the user is requesting/setting the
// AclRevisionInformation
//
typedef struct _ACL_REVISION_INFORMATION {
DWORD AclRevision;
} ACL_REVISION_INFORMATION;
typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;
//
// This record is returned if the user is requesting AclSizeInformation
//
typedef struct _ACL_SIZE_INFORMATION {
DWORD AceCount;
DWORD AclBytesInUse;
DWORD AclBytesFree;
} ACL_SIZE_INFORMATION;
typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;
////////////////////////////////////////////////////////////////////////
// //
// SECURITY_DESCRIPTOR //
// //
////////////////////////////////////////////////////////////////////////
//
// Define the Security Descriptor and related data types.
// This is an opaque data structure.
//
// begin_ntddk begin_ntifs
//
// Current security descriptor revision value
//
#define SECURITY_DESCRIPTOR_REVISION (1)
#define SECURITY_DESCRIPTOR_REVISION1 (1)
// end_ntddk
#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
#define SE_OWNER_DEFAULTED (0x0001)
#define SE_GROUP_DEFAULTED (0x0002)
#define SE_DACL_PRESENT (0x0004)
#define SE_DACL_DEFAULTED (0x0008)
#define SE_SACL_PRESENT (0x0010)
#define SE_SACL_DEFAULTED (0x0020)
#define SE_DACL_AUTO_INHERIT_REQ (0x0100)
#define SE_SACL_AUTO_INHERIT_REQ (0x0200)
#define SE_DACL_AUTO_INHERITED (0x0400)
#define SE_SACL_AUTO_INHERITED (0x0800)
#define SE_DACL_PROTECTED (0x1000)
#define SE_SACL_PROTECTED (0x2000)
#define SE_RM_CONTROL_VALID (0x4000)
#define SE_SELF_RELATIVE (0x8000)
//
// Where:
//
// SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the
// SID pointed to by the Owner field was provided by a
// defaulting mechanism rather than explicitly provided by the
// original provider of the security descriptor. This may
// affect the treatment of the SID with respect to inheritence
// of an owner.
//
// SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the
// SID in the Group field was provided by a defaulting mechanism
// rather than explicitly provided by the original provider of
// the security descriptor. This may affect the treatment of
// the SID with respect to inheritence of a primary group.
//
// SE_DACL_PRESENT - This boolean flag, when set, indicates that the
// security descriptor contains a discretionary ACL. If this
// flag is set and the Dacl field of the SECURITY_DESCRIPTOR is
// null, then a null ACL is explicitly being specified.
//
// SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the
// ACL pointed to by the Dacl field was provided by a defaulting
// mechanism rather than explicitly provided by the original
// provider of the security descriptor. This may affect the
// treatment of the ACL with respect to inheritence of an ACL.
// This flag is ignored if the DaclPresent flag is not set.
//
// SE_SACL_PRESENT - This boolean flag, when set, indicates that the
// security descriptor contains a system ACL pointed to by the
// Sacl field. If this flag is set and the Sacl field of the
// SECURITY_DESCRIPTOR is null, then an empty (but present)
// ACL is being specified.
//
// SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the
// ACL pointed to by the Sacl field was provided by a defaulting
// mechanism rather than explicitly provided by the original
// provider of the security descriptor. This may affect the
// treatment of the ACL with respect to inheritence of an ACL.
// This flag is ignored if the SaclPresent flag is not set.
//
// SE_SELF_RELATIVE - This boolean flag, when set, indicates that the
// security descriptor is in self-relative form. In this form,
// all fields of the security descriptor are contiguous in memory
// and all pointer fields are expressed as offsets from the
// beginning of the security descriptor. This form is useful
// for treating security descriptors as opaque data structures
// for transmission in communication protocol or for storage on
// secondary media.
//
//
//
// Pictorially the structure of a security descriptor is as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------------------------------------------------------+
// | Control |Reserved1 (SBZ)| Revision |
// +---------------------------------------------------------------+
// | Owner |
// +---------------------------------------------------------------+
// | Group |
// +---------------------------------------------------------------+
// | Sacl |
// +---------------------------------------------------------------+
// | Dacl |
// +---------------------------------------------------------------+
//
// In general, this data structure should be treated opaquely to ensure future
// compatibility.
//
//
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
BYTE Revision;
BYTE Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
DWORD Owner;
DWORD Group;
DWORD Sacl;
DWORD Dacl;
} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
typedef struct _SECURITY_DESCRIPTOR {
BYTE Revision;
BYTE Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
// end_ntifs
// Where:
//
// Revision - Contains the revision level of the security
// descriptor. This allows this structure to be passed between
// systems or stored on disk even though it is expected to
// change in the future.
//
// Control - A set of flags which qualify the meaning of the
// security descriptor or individual fields of the security
// descriptor.
//
// Owner - is a pointer to an SID representing an object's owner.
// If this field is null, then no owner SID is present in the
// security descriptor. If the security descriptor is in
// self-relative form, then this field contains an offset to
// the SID, rather than a pointer.
//
// Group - is a pointer to an SID representing an object's primary
// group. If this field is null, then no primary group SID is
// present in the security descriptor. If the security descriptor
// is in self-relative form, then this field contains an offset to
// the SID, rather than a pointer.
//
// Sacl - is a pointer to a system ACL. This field value is only
// valid if the DaclPresent control flag is set. If the
// SaclPresent flag is set and this field is null, then a null
// ACL is specified. If the security descriptor is in
// self-relative form, then this field contains an offset to
// the ACL, rather than a pointer.
//
// Dacl - is a pointer to a discretionary ACL. This field value is
// only valid if the DaclPresent control flag is set. If the
// DaclPresent flag is set and this field is null, then a null
// ACL (unconditionally granting access) is specified. If the
// security descriptor is in self-relative form, then this field
// contains an offset to the ACL, rather than a pointer.
//
////////////////////////////////////////////////////////////////////////
// //
// Object Type list for AccessCheckByType //
// //
////////////////////////////////////////////////////////////////////////
typedef struct _OBJECT_TYPE_LIST {
WORD Level;
WORD Sbz;
GUID *ObjectType;
} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
//
// DS values for Level
//
#define ACCESS_OBJECT_GUID 0
#define ACCESS_PROPERTY_SET_GUID 1
#define ACCESS_PROPERTY_GUID 2
#define ACCESS_MAX_LEVEL 4
//
// Parameters to NtAccessCheckByTypeAndAditAlarm
//
typedef enum _AUDIT_EVENT_TYPE {
AuditEventObjectAccess,
AuditEventDirectoryServiceAccess
} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
//
// DS values for Source and ObjectTypeName
//
#define ACCESS_DS_SOURCE_A "DS"
#define ACCESS_DS_SOURCE_W L"DS"
#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
// end_ntsrv
////////////////////////////////////////////////////////////////////////
// //
// Privilege Related Data Structures //
// //
////////////////////////////////////////////////////////////////////////
// begin_ntddk begin_nthal begin_ntifs
//
// Privilege attributes
//
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
#define SE_PRIVILEGE_ENABLED (0x00000002L)
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
//
// Privilege Set Control flags
//
#define PRIVILEGE_SET_ALL_NECESSARY (1)
//
// Privilege Set - This is defined for a privilege set of one.
// If more than one privilege is needed, then this structure
// will need to be allocated with more space.
//
// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET
// structure (defined in se.h)
//
typedef struct _PRIVILEGE_SET {
DWORD PrivilegeCount;
DWORD Control;
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
} PRIVILEGE_SET, * PPRIVILEGE_SET;
////////////////////////////////////////////////////////////////////////
// //
// NT Defined Privileges //
// //
////////////////////////////////////////////////////////////////////////
#define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege")
#define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege")
#define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege")
#define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege")
#define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege")
#define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege")
#define SE_TCB_NAME TEXT("SeTcbPrivilege")
#define SE_SECURITY_NAME TEXT("SeSecurityPrivilege")
#define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege")
#define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege")
#define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege")
#define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege")
#define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege")
#define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege")
#define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege")
#define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege")
#define SE_BACKUP_NAME TEXT("SeBackupPrivilege")
#define SE_RESTORE_NAME TEXT("SeRestorePrivilege")
#define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege")
#define SE_DEBUG_NAME TEXT("SeDebugPrivilege")
#define SE_AUDIT_NAME TEXT("SeAuditPrivilege")
#define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege")
#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
#define SE_UNDOCK_NAME TEXT("SeUndockPrivilege")
#define SE_SYNC_AGENT_NAME TEXT("SeSyncAgentPrivilege")
#define SE_ENABLE_DELEGATION_NAME TEXT("SeEnableDelegationPrivilege")
////////////////////////////////////////////////////////////////////
// //
// Security Quality Of Service //
// //
// //
////////////////////////////////////////////////////////////////////
// begin_ntddk begin_nthal begin_ntifs
//
// Impersonation Level
//
// Impersonation level is represented by a pair of bits in Windows.
// If a new impersonation level is added or lowest value is changed from
// 0 to something else, fix the Windows CreateFile call.
//
typedef enum _SECURITY_IMPERSONATION_LEVEL {
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
////////////////////////////////////////////////////////////////////
// //
// Token Object Definitions //
// //
// //
////////////////////////////////////////////////////////////////////
//
// Token Specific Access Rights.
//
#define TOKEN_ASSIGN_PRIMARY (0x0001)
#define TOKEN_DUPLICATE (0x0002)
#define TOKEN_IMPERSONATE (0x0004)
#define TOKEN_QUERY (0x0008)
#define TOKEN_QUERY_SOURCE (0x0010)
#define TOKEN_ADJUST_PRIVILEGES (0x0020)
#define TOKEN_ADJUST_GROUPS (0x0040)
#define TOKEN_ADJUST_DEFAULT (0x0080)
#define TOKEN_ADJUST_SESSIONID (0x0100)
#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
TOKEN_ASSIGN_PRIMARY |\
TOKEN_DUPLICATE |\
TOKEN_IMPERSONATE |\
TOKEN_QUERY |\
TOKEN_QUERY_SOURCE |\
TOKEN_ADJUST_PRIVILEGES |\
TOKEN_ADJUST_GROUPS |\
TOKEN_ADJUST_SESSIONID |\
TOKEN_ADJUST_DEFAULT)
#define TOKEN_READ (STANDARD_RIGHTS_READ |\
TOKEN_QUERY)
#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
TOKEN_ADJUST_PRIVILEGES |\
TOKEN_ADJUST_GROUPS |\
TOKEN_ADJUST_DEFAULT)
#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
//
//
// Token Types
//
typedef enum _TOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation
} TOKEN_TYPE;
typedef TOKEN_TYPE *PTOKEN_TYPE;
//
// Token Information Classes.
//
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId
} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
//
// Token information class structures
//
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
#define TOKEN_SOURCE_LENGTH 8
typedef struct _TOKEN_SOURCE {
CHAR SourceName[TOKEN_SOURCE_LENGTH];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _TOKEN_CONTROL {
LUID TokenId;
LUID AuthenticationId;
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL;
//
// Security Tracking Mode
//
#define SECURITY_DYNAMIC_TRACKING (TRUE)
#define SECURITY_STATIC_TRACKING (FALSE)
typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE,
* PSECURITY_CONTEXT_TRACKING_MODE;
//
// Quality Of Service
//
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE;
//
// Used to represent information related to a thread impersonation
//
typedef struct _SE_IMPERSONATION_STATE {
PACCESS_TOKEN Token;
BOOLEAN CopyOnOpen;
BOOLEAN EffectiveOnly;
SECURITY_IMPERSONATION_LEVEL Level;
} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
#define DISABLE_MAX_PRIVILEGE 0x1
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
#define OWNER_SECURITY_INFORMATION (0X00000001L)
#define GROUP_SECURITY_INFORMATION (0X00000002L)
#define DACL_SECURITY_INFORMATION (0X00000004L)
#define SACL_SECURITY_INFORMATION (0X00000008L)
#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
#define PROCESS_TERMINATE (0x0001)
#define PROCESS_CREATE_THREAD (0x0002)
#define PROCESS_SET_SESSIONID (0x0004)
#define PROCESS_VM_OPERATION (0x0008)
#define PROCESS_VM_READ (0x0010)
#define PROCESS_VM_WRITE (0x0020)
#define PROCESS_DUP_HANDLE (0x0040)
#define PROCESS_CREATE_PROCESS (0x0080)
#define PROCESS_SET_QUOTA (0x0100)
#define PROCESS_SET_INFORMATION (0x0200)
#define PROCESS_QUERY_INFORMATION (0x0400)
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0xFFF)
// end_ntifs
#define MAXIMUM_PROCESSORS 32
#define THREAD_TERMINATE (0x0001)
#define THREAD_SUSPEND_RESUME (0x0002)
#define THREAD_GET_CONTEXT (0x0008)
#define THREAD_SET_CONTEXT (0x0010)
#define THREAD_SET_INFORMATION (0x0020)
#define THREAD_QUERY_INFORMATION (0x0040)
#define THREAD_SET_THREAD_TOKEN (0x0080)
#define THREAD_IMPERSONATE (0x0100)
#define THREAD_DIRECT_IMPERSONATION (0x0200)
// begin_ntddk begin_wdm begin_ntifs
#define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0x3FF)
// end_ntddk end_wdm end_ntifs
#define JOB_OBJECT_ASSIGN_PROCESS (0x0001)
#define JOB_OBJECT_SET_ATTRIBUTES (0x0002)
#define JOB_OBJECT_QUERY (0x0004)
#define JOB_OBJECT_TERMINATE (0x0008)
#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES (0x0010)
#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0x1F )
#define TLS_MINIMUM_AVAILABLE 64
typedef struct _NT_TIB {
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
PVOID StackBase;
PVOID StackLimit;
PVOID SubSystemTib;
union {
PVOID FiberData;
DWORD Version;
};
PVOID ArbitraryUserPointer;
struct _NT_TIB *Self;
} NT_TIB;
typedef NT_TIB *PNT_TIB;
#if !defined(_X86_) && !defined(_IA64_) && !defined(_AXP64_)
#define WX86
#endif
#define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1
#define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost
#define THREAD_BASE_PRIORITY_MIN -2 // minimum thread base priority boost
#define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle
typedef struct _QUOTA_LIMITS {
SIZE_T PagedPoolLimit;
SIZE_T NonPagedPoolLimit;
SIZE_T MinimumWorkingSetSize;
SIZE_T MaximumWorkingSetSize;
SIZE_T PagefileLimit;
LARGE_INTEGER TimeLimit;
} QUOTA_LIMITS;
typedef QUOTA_LIMITS *PQUOTA_LIMITS;
typedef struct _IO_COUNTERS {
ULONGLONG ReadOperationCount;
ULONGLONG WriteOperationCount;
ULONGLONG OtherOperationCount;
ULONGLONG ReadTransferCount;
ULONGLONG WriteTransferCount;
ULONGLONG OtherTransferCount;
} IO_COUNTERS;
typedef IO_COUNTERS *PIO_COUNTERS;
//
typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION {
LARGE_INTEGER TotalUserTime;
LARGE_INTEGER TotalKernelTime;
LARGE_INTEGER ThisPeriodTotalUserTime;
LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
} JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION;
typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION {
LARGE_INTEGER PerProcessUserTimeLimit;
LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
SIZE_T MinimumWorkingSetSize;
SIZE_T MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
ULONG_PTR Affinity;
DWORD PriorityClass;
DWORD SchedulingClass;
} JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION;
typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION {
JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
IO_COUNTERS IoInfo;
SIZE_T ProcessMemoryLimit;
SIZE_T JobMemoryLimit;
SIZE_T PeakProcessMemoryUsed;
SIZE_T PeakJobMemoryUsed;
} JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION;
typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST {
DWORD NumberOfAssignedProcesses;
DWORD NumberOfProcessIdsInList;
ULONG_PTR ProcessIdList[1];
} JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST;
typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS {
DWORD UIRestrictionsClass;
} JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS;
typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION {
DWORD SecurityLimitFlags ;
HANDLE JobToken ;
PTOKEN_GROUPS SidsToDisable ;
PTOKEN_PRIVILEGES PrivilegesToDelete ;
PTOKEN_GROUPS RestrictedSids ;
} JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION ;
typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION {
DWORD EndOfJobTimeAction;
} JOBOBJECT_END_OF_JOB_TIME_INFORMATION, *PJOBOBJECT_END_OF_JOB_TIME_INFORMATION;
typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT {
PVOID CompletionKey;
HANDLE CompletionPort;
} JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT;
typedef struct _JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION {
JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo;
IO_COUNTERS IoInfo;
} JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION;
#define JOB_OBJECT_TERMINATE_AT_END_OF_JOB 0
#define JOB_OBJECT_POST_AT_END_OF_JOB 1
//
// Completion Port Messages for job objects
//
// These values are returned via the lpNumberOfBytesTransferred parameter
//
#define JOB_OBJECT_MSG_END_OF_JOB_TIME 1
#define JOB_OBJECT_MSG_END_OF_PROCESS_TIME 2
#define JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT 3
#define JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO 4
#define JOB_OBJECT_MSG_NEW_PROCESS 6
#define JOB_OBJECT_MSG_EXIT_PROCESS 7
#define JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS 8
#define JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT 9
#define JOB_OBJECT_MSG_JOB_MEMORY_LIMIT 10
//
// Basic Limits
//
#define JOB_OBJECT_LIMIT_WORKINGSET 0x00000001
#define JOB_OBJECT_LIMIT_PROCESS_TIME 0x00000002
#define JOB_OBJECT_LIMIT_JOB_TIME 0x00000004
#define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x00000008
#define JOB_OBJECT_LIMIT_AFFINITY 0x00000010
#define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x00000020
#define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x00000040
#define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x00000080
//
// Extended Limits
//
#define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x00000100
#define JOB_OBJECT_LIMIT_JOB_MEMORY 0x00000200
#define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x00000400
#define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x00000800
#define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x00001000
#define JOB_OBJECT_LIMIT_RESERVED1 0x00002000
#define JOB_OBJECT_LIMIT_RESERVED2 0x00004000
#define JOB_OBJECT_LIMIT_RESERVED3 0x00008000
#define JOB_OBJECT_LIMIT_RESERVED4 0x00010000
#define JOB_OBJECT_LIMIT_RESERVED5 0x00020000
#define JOB_OBJECT_LIMIT_RESERVED6 0x00040000
#define JOB_OBJECT_LIMIT_VALID_FLAGS 0x0007ffff
#define JOB_OBJECT_BASIC_LIMIT_VALID_FLAGS 0x000000ff
#define JOB_OBJECT_EXTENDED_LIMIT_VALID_FLAGS 0x00001fff
#define JOB_OBJECT_RESERVED_LIMIT_VALID_FLAGS 0x0007ffff
//
// UI restrictions for jobs
//
#define JOB_OBJECT_UILIMIT_NONE 0x00000000
#define JOB_OBJECT_UILIMIT_HANDLES 0x00000001
#define JOB_OBJECT_UILIMIT_READCLIPBOARD 0x00000002
#define JOB_OBJECT_UILIMIT_WRITECLIPBOARD 0x00000004
#define JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS 0x00000008
#define JOB_OBJECT_UILIMIT_DISPLAYSETTINGS 0x00000010
#define JOB_OBJECT_UILIMIT_GLOBALATOMS 0x00000020
#define JOB_OBJECT_UILIMIT_DESKTOP 0x00000040
#define JOB_OBJECT_UILIMIT_EXITWINDOWS 0x00000080
#define JOB_OBJECT_UILIMIT_ALL 0x000000FF
#define JOB_OBJECT_UI_VALID_FLAGS 0x000000FF
#define JOB_OBJECT_SECURITY_NO_ADMIN 0x00000001
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x00000002
#define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x00000004
#define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x00000008
#define JOB_OBJECT_SECURITY_VALID_FLAGS 0x0000000f
typedef enum _JOBOBJECTINFOCLASS {
JobObjectBasicAccountingInformation = 1,
JobObjectBasicLimitInformation,
JobObjectBasicProcessIdList,
JobObjectBasicUIRestrictions,
JobObjectSecurityLimitInformation,
JobObjectEndOfJobTimeInformation,
JobObjectAssociateCompletionPortInformation,
JobObjectBasicAndIoAccountingInformation,
JobObjectExtendedLimitInformation,
MaxJobObjectInfoClass
} JOBOBJECTINFOCLASS;
//
#define EVENT_MODIFY_STATE 0x0002
#define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define MUTANT_QUERY_STATE 0x0001
#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
MUTANT_QUERY_STATE)
#define SEMAPHORE_MODIFY_STATE 0x0002
#define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
//
// Timer Specific Access Rights.
//
#define TIMER_QUERY_STATE 0x0001
#define TIMER_MODIFY_STATE 0x0002
#define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
TIMER_QUERY_STATE|TIMER_MODIFY_STATE)
#define TIME_ZONE_ID_UNKNOWN 0
#define TIME_ZONE_ID_STANDARD 1
#define TIME_ZONE_ID_DAYLIGHT 2
#define PROCESSOR_INTEL_386 386
#define PROCESSOR_INTEL_486 486
#define PROCESSOR_INTEL_PENTIUM 586
#define PROCESSOR_INTEL_IA64 2200
#define PROCESSOR_MIPS_R4000 4000 // incl R4101 & R3910 for Windows CE
#define PROCESSOR_ALPHA_21064 21064
#define PROCESSOR_PPC_601 601
#define PROCESSOR_PPC_603 603
#define PROCESSOR_PPC_604 604
#define PROCESSOR_PPC_620 620
#define PROCESSOR_HITACHI_SH3 10003 // Windows CE
#define PROCESSOR_HITACHI_SH3E 10004 // Windows CE
#define PROCESSOR_HITACHI_SH4 10005 // Windows CE
#define PROCESSOR_MOTOROLA_821 821 // Windows CE
#define PROCESSOR_SHx_SH3 103 // Windows CE
#define PROCESSOR_SHx_SH4 104 // Windows CE
#define PROCESSOR_STRONGARM 2577 // Windows CE - 0xA11
#define PROCESSOR_ARM720 1824 // Windows CE - 0x720
#define PROCESSOR_ARM820 2080 // Windows CE - 0x820
#define PROCESSOR_ARM920 2336 // Windows CE - 0x920
#define PROCESSOR_ARM_7TDMI 70001 // Windows CE
#define PROCESSOR_OPTIL 0x494f // MSIL
#define PROCESSOR_ARCHITECTURE_INTEL 0
#define PROCESSOR_ARCHITECTURE_MIPS 1
#define PROCESSOR_ARCHITECTURE_ALPHA 2
#define PROCESSOR_ARCHITECTURE_PPC 3
#define PROCESSOR_ARCHITECTURE_SHX 4
#define PROCESSOR_ARCHITECTURE_ARM 5
#define PROCESSOR_ARCHITECTURE_IA64 6
#define PROCESSOR_ARCHITECTURE_ALPHA64 7
#define PROCESSOR_ARCHITECTURE_MSIL 8
#define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
#define PF_FLOATING_POINT_PRECISION_ERRATA 0
#define PF_FLOATING_POINT_EMULATED 1
#define PF_COMPARE_EXCHANGE_DOUBLE 2
#define PF_MMX_INSTRUCTIONS_AVAILABLE 3
#define PF_PPC_MOVEMEM_64BIT_OK 4
#define PF_ALPHA_BYTE_INSTRUCTIONS 5
#define PF_XMMI_INSTRUCTIONS_AVAILABLE 6
#define PF_3DNOW_INSTRUCTIONS_AVAILABLE 7
#define PF_RDTSC_INSTRUCTION_AVAILABLE 8
#define PF_PAE_ENABLED 9
typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
DWORD AllocationProtect;
SIZE_T RegionSize;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
typedef struct _MEMORY_BASIC_INFORMATION_VLM {
union {
PVOID64 BaseAddress;
ULONGLONG BaseAddressAsUlongLong;
};
union {
PVOID64 AllocationBase;
ULONGLONG AllocationBaseAsUlongLong;
};
ULONGLONG RegionSize;
DWORD AllocationProtect;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION_VLM, *PMEMORY_BASIC_INFORMATION_VLM;
#define SECTION_QUERY 0x0001
#define SECTION_MAP_WRITE 0x0002
#define SECTION_MAP_READ 0x0004
#define SECTION_MAP_EXECUTE 0x0008
#define SECTION_EXTEND_SIZE 0x0010
#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
SECTION_MAP_WRITE | \
SECTION_MAP_READ | \
SECTION_MAP_EXECUTE | \
SECTION_EXTEND_SIZE)
#define PAGE_NOACCESS 0x01
#define PAGE_READONLY 0x02
#define PAGE_READWRITE 0x04
#define PAGE_WRITECOPY 0x08
#define PAGE_EXECUTE 0x10
#define PAGE_EXECUTE_READ 0x20
#define PAGE_EXECUTE_READWRITE 0x40
#define PAGE_EXECUTE_WRITECOPY 0x80
#define PAGE_GUARD 0x100
#define PAGE_NOCACHE 0x200
#define PAGE_WRITECOMBINE 0x400
#define MEM_COMMIT 0x1000
#define MEM_RESERVE 0x2000
#define MEM_DECOMMIT 0x4000
#define MEM_RELEASE 0x8000
#define MEM_FREE 0x10000
#define MEM_PRIVATE 0x20000
#define MEM_MAPPED 0x40000
#define MEM_RESET 0x80000
#define MEM_TOP_DOWN 0x100000
#define MEM_WRITE_WATCH 0x200000
#define MEM_PHYSICAL 0x400000
#define MEM_4MB_PAGES 0x80000000
#define SEC_FILE 0x800000
#define SEC_IMAGE 0x1000000
#define SEC_VLM 0x2000000
#define SEC_RESERVE 0x4000000
#define SEC_COMMIT 0x8000000
#define SEC_NOCACHE 0x10000000
#define MEM_IMAGE SEC_IMAGE
#define WRITE_WATCH_FLAG_RESET 0x01
//
// Define access rights to files and directories
//
//
// The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
// devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
// constants *MUST* always be in sync.
// The values are redefined in devioctl.h because they must be available to
// both DOS and NT.
//
#define FILE_READ_DATA ( 0x0001 ) // file & pipe
#define FILE_LIST_DIRECTORY ( 0x0001 ) // directory
#define FILE_WRITE_DATA ( 0x0002 ) // file & pipe
#define FILE_ADD_FILE ( 0x0002 ) // directory
#define FILE_APPEND_DATA ( 0x0004 ) // file
#define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory
#define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe
#define FILE_READ_EA ( 0x0008 ) // file & directory
#define FILE_WRITE_EA ( 0x0010 ) // file & directory
#define FILE_EXECUTE ( 0x0020 ) // file
#define FILE_TRAVERSE ( 0x0020 ) // directory
#define FILE_DELETE_CHILD ( 0x0040 ) // directory
#define FILE_READ_ATTRIBUTES ( 0x0080 ) // all
#define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all
#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
FILE_READ_DATA |\
FILE_READ_ATTRIBUTES |\
FILE_READ_EA |\
SYNCHRONIZE)
#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
FILE_WRITE_DATA |\
FILE_WRITE_ATTRIBUTES |\
FILE_WRITE_EA |\
FILE_APPEND_DATA |\
SYNCHRONIZE)
#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
FILE_READ_ATTRIBUTES |\
FILE_EXECUTE |\
SYNCHRONIZE)
#define FILE_SHARE_READ 0x00000001
#define FILE_SHARE_WRITE 0x00000002
#define FILE_SHARE_DELETE 0x00000004
#define FILE_ATTRIBUTE_READONLY 0x00000001
#define FILE_ATTRIBUTE_HIDDEN 0x00000002
#define FILE_ATTRIBUTE_SYSTEM 0x00000004
#define FILE_ATTRIBUTE_DIRECTORY 0x00000010
#define FILE_ATTRIBUTE_ARCHIVE 0x00000020
#define FILE_ATTRIBUTE_DEVICE 0x00000040
#define FILE_ATTRIBUTE_NORMAL 0x00000080
#define FILE_ATTRIBUTE_TEMPORARY 0x00000100
#define FILE_ATTRIBUTE_SPARSE_FILE 0x00000200
#define FILE_ATTRIBUTE_REPARSE_POINT 0x00000400
#define FILE_ATTRIBUTE_COMPRESSED 0x00000800
#define FILE_ATTRIBUTE_OFFLINE 0x00001000
#define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 0x00002000
#define FILE_ATTRIBUTE_ENCRYPTED 0x00004000
#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
#define FILE_ACTION_ADDED 0x00000001
#define FILE_ACTION_REMOVED 0x00000002
#define FILE_ACTION_MODIFIED 0x00000003
#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
#define MAILSLOT_NO_MESSAGE ((DWORD)-1)
#define MAILSLOT_WAIT_FOREVER ((DWORD)-1)
#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
#define FILE_CASE_PRESERVED_NAMES 0x00000002
#define FILE_UNICODE_ON_DISK 0x00000004
#define FILE_PERSISTENT_ACLS 0x00000008
#define FILE_FILE_COMPRESSION 0x00000010
#define FILE_VOLUME_QUOTAS 0x00000020
#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
#define FILE_VOLUME_IS_COMPRESSED 0x00008000
#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
#define FILE_SUPPORTS_ENCRYPTION 0x00020000
#define FILE_NAMED_STREAMS 0x00040000
//
// Define the file notification information structure
//
typedef struct _FILE_NOTIFY_INFORMATION {
DWORD NextEntryOffset;
DWORD Action;
DWORD FileNameLength;
WCHAR FileName[1];
} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
//
// Define segement buffer structure for scatter/gather read/write.
//
typedef union _FILE_SEGMENT_ELEMENT {
PVOID64 Buffer;
ULONGLONG Alignment;
}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
//
// The reparse GUID structure is used by all 3rd party layered drivers to
// store data in a reparse point. For non-Microsoft tags, The GUID field
// cannot be GUID_NULL.
// The constraints on reparse tags are defined below.
// Microsoft tags can also be used with this format of the reparse point buffer.
//
typedef struct _REPARSE_GUID_DATA_BUFFER {
DWORD ReparseTag;
WORD ReparseDataLength;
WORD Reserved;
GUID ReparseGuid;
struct {
BYTE DataBuffer[1];
} GenericReparseBuffer;
} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;
#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
//
// Maximum allowed size of the reparse data.
//
#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 )
//
// Predefined reparse tags.
// These tags need to avoid conflicting with IO_REMOUNT defined in ntos\inc\io.h
//
#define IO_REPARSE_TAG_RESERVED_ZERO (0)
#define IO_REPARSE_TAG_RESERVED_ONE (1)
//
// The value of the following constant needs to satisfy the following conditions:
// (1) Be at least as large as the largest of the reserved tags.
// (2) Be strictly smaller than all the tags in use.
//
#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
//
// The reparse tags are a DWORD. The 32 bits are laid out as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +-+-+-+-------------------------+-------------------------------+
// |M|L|N| Reserved bits | Reparse Tag Value |
// +-+-+-+-------------------------+-------------------------------+
//
// M is the Microsoft bit. When set to 1, it denotes a tag owned by Microsoft.
// All ISVs must use a tag with a 0 in this position.
// Note: If a Microsoft tag is used by non-Microsoft software, the
// behavior is not defined.
//
// L is the high-latency bit. When set to 1, a file with this tag is
// expected to have a long latency to retrieve the first byte of data.
//
// N is name surrogate. When set to 1, the file represents another named
// entity in the system.
//
// The M, L, and N bits are OR-able.
// The following macros check for the M, L and N bit values:
//
//
// Macro to determine whether a reparse point tag corresponds to a tag
// owned by Microsoft.
//
#define IsReparseTagMicrosoft(_tag) ( \
((_tag) & 0x80000000) \
)
//
// Macro to determine whether a reparse point tag corresponds to a file
// that is to be displayed with the slow icon overlay.
//
#define IsReparseTagHighLatency(_tag) ( \
((_tag) & 0x40000000) \
)
//
// Macro to determine whether a reparse point tag corresponds to a file
// that is to be displayed with the slow icon overlay.
//
#define IsReparseTagNameSurrogate(_tag) ( \
((_tag) & 0x20000000) \
)
#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003)
#define IO_REPARSE_TAG_HSM (0xC0000004)
#define IO_REPARSE_TAG_SIS (0x80000007)
#define IO_COMPLETION_MODIFY_STATE 0x0002
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define DUPLICATE_CLOSE_SOURCE 0x00000001
#define DUPLICATE_SAME_ACCESS 0x00000002
#define ES_SYSTEM_REQUIRED ((DWORD)0x00000001)
#define ES_DISPLAY_REQUIRED ((DWORD)0x00000002)
#define ES_USER_PRESENT ((DWORD)0x00000004)
#define ES_CONTINUOUS ((DWORD)0x80000000)
typedef DWORD EXECUTION_STATE;
typedef enum {
LT_DONT_CARE,
LT_LOWEST_LATENCY
} LATENCY_TIME;
//
// Image Format
//
#ifndef _MAC
#include "pshpack4.h" // 4 byte packing is the default
#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
#define IMAGE_OS2_SIGNATURE 0x454E // NE
#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
#define IMAGE_VXD_SIGNATURE 0x454C // LE
#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
#include "pshpack2.h" // 16 bit headers are 2 byte packed
#else
#include "pshpack1.h"
#define IMAGE_DOS_SIGNATURE 0x4D5A // MZ
#define IMAGE_OS2_SIGNATURE 0x4E45 // NE
#define IMAGE_OS2_SIGNATURE_LE 0x4C45 // LE
#define IMAGE_NT_SIGNATURE 0x50450000 // PE00
#endif
typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
WORD e_magic; // Magic number
WORD e_cblp; // Bytes on last page of file
WORD e_cp; // Pages in file
WORD e_crlc; // Relocations
WORD e_cparhdr; // Size of header in paragraphs
WORD e_minalloc; // Minimum extra paragraphs needed
WORD e_maxalloc; // Maximum extra paragraphs needed
WORD e_ss; // Initial (relative) SS value
WORD e_sp; // Initial SP value
WORD e_csum; // Checksum
WORD e_ip; // Initial IP value
WORD e_cs; // Initial (relative) CS value
WORD e_lfarlc; // File address of relocation table
WORD e_ovno; // Overlay number
WORD e_res[4]; // Reserved words
WORD e_oemid; // OEM identifier (for e_oeminfo)
WORD e_oeminfo; // OEM information; e_oemid specific
WORD e_res2[10]; // Reserved words
LONG e_lfanew; // File address of new exe header
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header
WORD ne_magic; // Magic number
CHAR ne_ver; // Version number
CHAR ne_rev; // Revision number
WORD ne_enttab; // Offset of Entry Table
WORD ne_cbenttab; // Number of bytes in Entry Table
LONG ne_crc; // Checksum of whole file
WORD ne_flags; // Flag word
WORD ne_autodata; // Automatic data segment number
WORD ne_heap; // Initial heap allocation
WORD ne_stack; // Initial stack allocation
LONG ne_csip; // Initial CS:IP setting
LONG ne_sssp; // Initial SS:SP setting
WORD ne_cseg; // Count of file segments
WORD ne_cmod; // Entries in Module Reference Table
WORD ne_cbnrestab; // Size of non-resident name table
WORD ne_segtab; // Offset of Segment Table
WORD ne_rsrctab; // Offset of Resource Table
WORD ne_restab; // Offset of resident name table
WORD ne_modtab; // Offset of Module Reference Table
WORD ne_imptab; // Offset of Imported Names Table
LONG ne_nrestab; // Offset of Non-resident Names Table
WORD ne_cmovent; // Count of movable entries
WORD ne_align; // Segment alignment shift count
WORD ne_cres; // Count of resource segments
BYTE ne_exetyp; // Target Operating system
BYTE ne_flagsothers; // Other .EXE flags
WORD ne_pretthunks; // offset to return thunks
WORD ne_psegrefbytes; // offset to segment ref. bytes
WORD ne_swaparea; // Minimum code swap area size
WORD ne_expver; // Expected Windows version number
} IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;
typedef struct _IMAGE_VXD_HEADER { // Windows VXD header
WORD e32_magic; // Magic number
BYTE e32_border; // The byte ordering for the VXD
BYTE e32_worder; // The word ordering for the VXD
DWORD e32_level; // The EXE format level for now = 0
WORD e32_cpu; // The CPU type
WORD e32_os; // The OS type
DWORD e32_ver; // Module version
DWORD e32_mflags; // Module flags
DWORD e32_mpages; // Module # pages
DWORD e32_startobj; // Object # for instruction pointer
DWORD e32_eip; // Extended instruction pointer
DWORD e32_stackobj; // Object # for stack pointer
DWORD e32_esp; // Extended stack pointer
DWORD e32_pagesize; // VXD page size
DWORD e32_lastpagesize; // Last page size in VXD
DWORD e32_fixupsize; // Fixup section size
DWORD e32_fixupsum; // Fixup section checksum
DWORD e32_ldrsize; // Loader section size
DWORD e32_ldrsum; // Loader section checksum
DWORD e32_objtab; // Object table offset
DWORD e32_objcnt; // Number of objects in module
DWORD e32_objmap; // Object page map offset
DWORD e32_itermap; // Object iterated data map offset
DWORD e32_rsrctab; // Offset of Resource Table
DWORD e32_rsrccnt; // Number of resource entries
DWORD e32_restab; // Offset of resident name table
DWORD e32_enttab; // Offset of Entry Table
DWORD e32_dirtab; // Offset of Module Directive Table
DWORD e32_dircnt; // Number of module directives
DWORD e32_fpagetab; // Offset of Fixup Page Table
DWORD e32_frectab; // Offset of Fixup Record Table
DWORD e32_impmod; // Offset of Import Module Name Table
DWORD e32_impmodcnt; // Number of entries in Import Module Name Table
DWORD e32_impproc; // Offset of Import Procedure Name Table
DWORD e32_pagesum; // Offset of Per-Page Checksum Table
DWORD e32_datapage; // Offset of Enumerated Data Pages
DWORD e32_preload; // Number of preload pages
DWORD e32_nrestab; // Offset of Non-resident Names Table
DWORD e32_cbnrestab; // Size of Non-resident Name Table
DWORD e32_nressum; // Non-resident Name Table Checksum
DWORD e32_autodata; // Object # for automatic data object
DWORD e32_debuginfo; // Offset of the debugging information
DWORD e32_debuglen; // The length of the debugging info. in bytes
DWORD e32_instpreload; // Number of instance pages in preload section of VXD file
DWORD e32_instdemand; // Number of instance pages in demand load section of VXD file
DWORD e32_heapsize; // Size of heap - for 16-bit apps
BYTE e32_res3[12]; // Reserved words
DWORD e32_winresoff;
DWORD e32_winreslen;
WORD e32_devid; // Device ID for VxD
WORD e32_ddkver; // DDK version for VxD
} IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER;
#ifndef _MAC
#include "poppack.h" // Back to 4 byte packing
#endif
//
// File header format.
//
typedef struct _IMAGE_FILE_HEADER {
WORD Machine;
WORD NumberOfSections;
DWORD TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymbols;
WORD SizeOfOptionalHeader;
WORD Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
#define IMAGE_SIZEOF_FILE_HEADER 20
#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set
#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses
#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
#define IMAGE_FILE_SYSTEM 0x1000 // System File.
#define IMAGE_FILE_DLL 0x2000 // File is a DLL.
#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
#define IMAGE_FILE_MACHINE_UNKNOWN 0
#define IMAGE_FILE_MACHINE_I386 0x014c // Intel 386.
#define IMAGE_FILE_MACHINE_R3000 0x0162 // MIPS little-endian, 0x160 big-endian
#define IMAGE_FILE_MACHINE_R4000 0x0166 // MIPS little-endian
#define IMAGE_FILE_MACHINE_R10000 0x0168 // MIPS little-endian
#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 // MIPS little-endian WCE v2
#define IMAGE_FILE_MACHINE_ALPHA 0x0184 // Alpha_AXP
#define IMAGE_FILE_MACHINE_POWERPC 0x01F0 // IBM PowerPC Little-Endian
#define IMAGE_FILE_MACHINE_SH3 0x01a2 // SH3 little-endian
#define IMAGE_FILE_MACHINE_SH3E 0x01a4 // SH3E little-endian
#define IMAGE_FILE_MACHINE_SH4 0x01a6 // SH4 little-endian
#define IMAGE_FILE_MACHINE_ARM 0x01c0 // ARM Little-Endian
#define IMAGE_FILE_MACHINE_THUMB 0x01c2
#define IMAGE_FILE_MACHINE_IA64 0x0200 // Intel 64
#define IMAGE_FILE_MACHINE_MIPS16 0x0266 // MIPS
#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 // MIPS
#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 // MIPS
#define IMAGE_FILE_MACHINE_ALPHA64 0x0284 // ALPHA64
#define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64
//
// Directory format.
//
typedef struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
//
// Optional header format.
//
typedef struct _IMAGE_OPTIONAL_HEADER {
//
// Standard fields.
//
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
//
// NT additional fields.
//
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD BaseOfBss;
DWORD GprMask;
DWORD CprMask[4];
DWORD GpValue;
} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
typedef struct _IMAGE_OPTIONAL_HEADER64 {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
ULONGLONG ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
ULONGLONG SizeOfStackReserve;
ULONGLONG SizeOfStackCommit;
ULONGLONG SizeOfHeapReserve;
ULONGLONG SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;
#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56
#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28
#define IMAGE_SIZEOF_NT_OPTIONAL32_HEADER 224
#define IMAGE_SIZEOF_NT_OPTIONAL64_HEADER 240
#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b
#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b
#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107
#ifdef _WIN64
typedef IMAGE_OPTIONAL_HEADER64 IMAGE_OPTIONAL_HEADER;
typedef PIMAGE_OPTIONAL_HEADER64 PIMAGE_OPTIONAL_HEADER;
#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER IMAGE_SIZEOF_NT_OPTIONAL64_HEADER
#define IMAGE_NT_OPTIONAL_HDR_MAGIC IMAGE_NT_OPTIONAL_HDR64_MAGIC
#else
typedef IMAGE_OPTIONAL_HEADER32 IMAGE_OPTIONAL_HEADER;
typedef PIMAGE_OPTIONAL_HEADER32 PIMAGE_OPTIONAL_HEADER;
#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER IMAGE_SIZEOF_NT_OPTIONAL32_HEADER
#define IMAGE_NT_OPTIONAL_HDR_MAGIC IMAGE_NT_OPTIONAL_HDR32_MAGIC
#endif
typedef struct _IMAGE_NT_HEADERS64 {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
typedef struct _IMAGE_NT_HEADERS {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
typedef struct _IMAGE_ROM_HEADERS {
IMAGE_FILE_HEADER FileHeader;
IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;
#ifdef _WIN64
typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS;
typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS;
#else
typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS;
typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS;
#endif
// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is the same either way.
#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
((ULONG_PTR)ntheader + \
FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \
((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \
))
// Subsystem Values
#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem.
#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem.
#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem.
#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem.
#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem.
#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image runs in the Posix character subsystem.
#define IMAGE_SUBSYSTEM_NATIVE_WINDOWS 8 // image is a native Win9x driver.
#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 // Image runs in the Windows CE subsystem.
#define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 //
#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 //
#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 //
// DllCharacteristics Entries
// IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved.
// IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved.
// IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved.
// IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved.
#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 // Do not bind this image.
// 0x1000 // Reserved.
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 // Driver uses WDM model
// 0x4000 // Reserved.
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
// Directory Entries
#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
// IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
//
// Non-COFF Object file header
//
typedef struct ANON_OBJECT_HEADER {
WORD Sig1; // Must be IMAGE_FILE_MACHINE_UNKNOWN
WORD Sig2; // Must be 0xffff
WORD Version; // >= 1 (implies the CLSID field is present)
WORD Machine;
DWORD TimeDateStamp;
CLSID ClassID; // Used to invoke CoCreateInstance
DWORD SizeOfData; // Size of data that follows the header
} ANON_OBJECT_HEADER;
//
// Section header format.
//
#define IMAGE_SIZEOF_SHORT_NAME 8
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
union {
DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
#define IMAGE_SIZEOF_SECTION_HEADER 40
//
// Section characteristics.
//
// IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
// IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
// IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
// IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
// IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
// IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
// 0x00002000 // Reserved.
// IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
#define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 // Reset speculative exceptions handling bits in the TLB entries for this section.
#define IMAGE_SCN_GPREL 0x00008000 // Section content can be accessed relative to GP
#define IMAGE_SCN_MEM_FARDATA 0x00008000
// IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
#define IMAGE_SCN_MEM_16BIT 0x00020000
#define IMAGE_SCN_MEM_LOCKED 0x00040000
#define IMAGE_SCN_MEM_PRELOAD 0x00080000
#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
#define IMAGE_SCN_ALIGN_128BYTES 0x00800000 //
#define IMAGE_SCN_ALIGN_256BYTES 0x00900000 //
#define IMAGE_SCN_ALIGN_512BYTES 0x00A00000 //
#define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 //
#define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 //
#define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 //
#define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 //
// Unused 0x00F00000
#define IMAGE_SCN_ALIGN_MASK 0x00F00000
#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
//
// TLS Chaacteristic Flags
//
#define IMAGE_SCN_SCALE_INDEX 0x00000001 // Tls index is scaled
#ifndef _MAC
#include "pshpack2.h" // Symbols, relocs, and linenumbers are 2 byte packed
#endif
//
// Symbol format.
//
typedef struct _IMAGE_SYMBOL {
union {
BYTE ShortName[8];
struct {
DWORD Short; // if 0, use LongName
DWORD Long; // offset into string table
} Name;
DWORD LongName[2]; // PBYTE [2]
} N;
DWORD Value;
SHORT SectionNumber;
WORD Type;
BYTE StorageClass;
BYTE NumberOfAuxSymbols;
} IMAGE_SYMBOL;
typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL;
#define IMAGE_SIZEOF_SYMBOL 18
//
// Section values.
//
// Symbols have a section number of the section in which they are
// defined. Otherwise, section numbers have the following meanings:
//
#define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common.
#define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value.
#define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item.
//
// Type (fundamental) values.
//
#define IMAGE_SYM_TYPE_NULL 0x0000 // no type.
#define IMAGE_SYM_TYPE_VOID 0x0001 //
#define IMAGE_SYM_TYPE_CHAR 0x0002 // type character.
#define IMAGE_SYM_TYPE_SHORT 0x0003 // type short integer.
#define IMAGE_SYM_TYPE_INT 0x0004 //
#define IMAGE_SYM_TYPE_LONG 0x0005 //
#define IMAGE_SYM_TYPE_FLOAT 0x0006 //
#define IMAGE_SYM_TYPE_DOUBLE 0x0007 //
#define IMAGE_SYM_TYPE_STRUCT 0x0008 //
#define IMAGE_SYM_TYPE_UNION 0x0009 //
#define IMAGE_SYM_TYPE_ENUM 0x000A // enumeration.
#define IMAGE_SYM_TYPE_MOE 0x000B // member of enumeration.
#define IMAGE_SYM_TYPE_BYTE 0x000C //
#define IMAGE_SYM_TYPE_WORD 0x000D //
#define IMAGE_SYM_TYPE_UINT 0x000E //
#define IMAGE_SYM_TYPE_DWORD 0x000F //
#define IMAGE_SYM_TYPE_PCODE 0x8000 //
//
// Type (derived) values.
//
#define IMAGE_SYM_DTYPE_NULL 0 // no derived type.
#define IMAGE_SYM_DTYPE_POINTER 1 // pointer.
#define IMAGE_SYM_DTYPE_FUNCTION 2 // function.
#define IMAGE_SYM_DTYPE_ARRAY 3 // array.
//
// Storage classes.
//
#define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1
#define IMAGE_SYM_CLASS_NULL 0x0000
#define IMAGE_SYM_CLASS_AUTOMATIC 0x0001
#define IMAGE_SYM_CLASS_EXTERNAL 0x0002
#define IMAGE_SYM_CLASS_STATIC 0x0003
#define IMAGE_SYM_CLASS_REGISTER 0x0004
#define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005
#define IMAGE_SYM_CLASS_LABEL 0x0006
#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007
#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008
#define IMAGE_SYM_CLASS_ARGUMENT 0x0009
#define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A
#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B
#define IMAGE_SYM_CLASS_UNION_TAG 0x000C
#define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D
#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E
#define IMAGE_SYM_CLASS_ENUM_TAG 0x000F
#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010
#define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011
#define IMAGE_SYM_CLASS_BIT_FIELD 0x0012
#define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 //
#define IMAGE_SYM_CLASS_BLOCK 0x0064
#define IMAGE_SYM_CLASS_FUNCTION 0x0065
#define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066
#define IMAGE_SYM_CLASS_FILE 0x0067
// new
#define IMAGE_SYM_CLASS_SECTION 0x0068
#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069
// type packing constants
#define N_BTMASK 0x000F
#define N_TMASK 0x0030
#define N_TMASK1 0x00C0
#define N_TMASK2 0x00F0
#define N_BTSHFT 4
#define N_TSHIFT 2
// MACROS
// Basic Type of x
#define BTYPE(x) ((x) & N_BTMASK)
// Is x a pointer?
#ifndef ISPTR
#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT))
#endif
[课程]FART 脱壳王!加量不加价!FART作者讲授!