想写病毒吗来吧看看这个头吧-编程技术-看雪-安全社区|安全招聘|kanxue.com

想写病毒吗来吧看看这个头吧

发表于: 2007-1-30 15:02 17762

想写病毒吗来吧看看这个头吧

PFC

2007-1-30 15:02

17762

#ifndef _WINNT_
#pragma option push -b -a8 -pc -A- /*P_O_Push*/
#define _WINNT_

#ifdef __cplusplus
extern "C" {
#endif

#include <ctype.h>
#define ANYSIZE_ARRAY 1

#if defined(_M_MRX000) && !(defined(MIDL_PASS) || defined(RC_INVOKED)) && defined(ENABLE_RESTRICTED)
#define RESTRICTED_POINTER __restrict
#else
#define RESTRICTED_POINTER
#endif

#if defined(_M_MRX000) || defined(_M_ALPHA) || defined(_M_PPC) || defined(_M_IA64)
#define UNALIGNED __unaligned
#if defined(_WIN64)
#define UNALIGNED64 __unaligned
#else
#define UNALIGNED64
#endif
#else
#define UNALIGNED
#define UNALIGNED64
#endif

#if defined(_WIN64) || defined(_M_ALPHA)
#define MAX_NATURAL_ALIGNMENT sizeof(ULONGLONG)
#else
#define MAX_NATURAL_ALIGNMENT sizeof(DWORD)
#endif

//
// TYPE_ALIGNMENT will return the alignment requirements of a given type for
// the current platform.
//

#ifndef __cplusplus
#define TYPE_ALIGNMENT( t ) \
FIELD_OFFSET( struct { char x; t test; }, test )
#endif

#if defined(_WIN64)

#define PROBE_ALIGNMENT( _s ) (TYPE_ALIGNMENT( _s ) > TYPE_ALIGNMENT( DWORD ) ? \
                           TYPE_ALIGNMENT( _s ) : TYPE_ALIGNMENT( DWORD ))

#else

#define PROBE_ALIGNMENT( _s ) TYPE_ALIGNMENT( DWORD )

#endif

//
// C_ASSERT() can be used to perform many compile-time assertions:
//          type sizes, field offsets, etc.
//
// An assertion failure results in error C2118: negative subscript.
//

#define C_ASSERT(e) typedef char __C_ASSERT__[(e)?1:-1]

#if !defined(_MAC) && (defined(_M_MRX000) || defined(_M_ALPHA) || defined(_M_IA64)) && (_MSC_VER >= 1100) && !(defined(MIDL_PASS) || defined(RC_INVOKED))
#define POINTER_64 __ptr64
typedef unsigned __int64 POINTER_64_INT;
#if defined(_WIN64)
#define POINTER_32 __ptr32
#else
#define POINTER_32
#endif
#else
#if defined(_MAC) && defined(_MAC_INT_64)
#define POINTER_64 __ptr64
typedef unsigned __int64 POINTER_64_INT;
#else
#define POINTER_64
typedef unsigned long POINTER_64_INT;
#endif
#define POINTER_32
#endif

#if defined(_IA64_)
#define FIRMWARE_PTR
#else
#define FIRMWARE_PTR POINTER_32
#endif

#include <basetsd.h>

#if (defined(_M_IX86) || defined(_M_ALPHA) || defined(_M_IA64)) && !defined(MIDL_PASS)
#define DECLSPEC_IMPORT    __declspec(dllimport)
#else
#define DECLSPEC_IMPORT
#endif

#ifndef DECLSPEC_NORETURN
#if (_MSC_VER >= 1200) && !defined(MIDL_PASS) && !defined(__BORLANDC__)
#define DECLSPEC_NORETURN __declspec(noreturn)
#else
#define DECLSPEC_NORETURN
#endif
#endif

#ifndef DECLSPEC_ALIGN
#if (_MSC_VER >= 1300) && !defined(MIDL_PASS) && !defined(__BORLANDC__)
#define DECLSPEC_ALIGN(x) __declspec(align(x))
#else
#define DECLSPEC_ALIGN(x)
#endif
#endif

#ifndef DECLSPEC_UUID
#if ((_MSC_VER >= 1100) || (__BORLANDC__ >= 0x0550)) && defined(__cplusplus)
#define DECLSPEC_UUID(x) __declspec(uuid(x))
#else
#define DECLSPEC_UUID(x)
#endif
#endif

#ifndef DECLSPEC_NOVTABLE
#if ((_MSC_VER >= 1100) || (__BORLANDC__ >= 0x0550)) && defined(__cplusplus)
#define DECLSPEC_NOVTABLE __declspec(novtable)
#else
#define DECLSPEC_NOVTABLE
#endif
#endif

#ifndef DECLSPEC_SELECTANY
#if (_MSC_VER >= 1100) || (__BORLANDC__ >= 0x0550)
#define DECLSPEC_SELECTANY  __declspec(selectany)
#else
#define DECLSPEC_SELECTANY
#endif
#endif

#ifndef NOP_FUNCTION
#if (_MSC_VER >= 1210)
#define NOP_FUNCTION __noop
#else
#define NOP_FUNCTION (void)0
#endif
#endif

#ifndef DECLSPEC_ADDRSAFE
#if (_MSC_VER >= 1200) && (defined(_M_ALPHA) || defined(_M_AXP64))
#define DECLSPEC_ADDRSAFE  __declspec(address_safe)
#else
#define DECLSPEC_ADDRSAFE
#endif
#endif

typedef void *PVOID;
typedef void * POINTER_64 PVOID64;

#if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
#define NTAPI __stdcall
#else
#define _cdecl
#define NTAPI
#endif

//
// Define API decoration for direct importing system DLL references.
//

#if !defined(_NTSYSTEM_)
#define NTSYSAPI    DECLSPEC_IMPORT
#define NTSYSCALLAPI DECLSPEC_IMPORT
#else
#define NTSYSAPI
#if defined(_NTDLLBUILD_)
#define NTSYSCALLAPI
#else
#define NTSYSCALLAPI DECLSPEC_ADDRSAFE
#endif

#endif

//
// Basics
//

#ifndef VOID
#define VOID void
typedef char CHAR;
typedef short SHORT;
typedef long LONG;
#endif

//
// UNICODE (Wide Character) types
//

#ifndef _MAC
typedef wchar_t WCHAR; // wc, 16-bit UNICODE character
#else
// some Macintosh compilers don't define wchar_t in a convenient location, or define it as a char
typedef unsigned short WCHAR; // wc, 16-bit UNICODE character
#endif

typedef WCHAR *PWCHAR;
typedef WCHAR *LPWCH, *PWCH;
typedef CONST WCHAR *LPCWCH, *PCWCH;
typedef WCHAR *NWPSTR;
typedef WCHAR *LPWSTR, *PWSTR;

typedef CONST WCHAR *LPCWSTR, *PCWSTR;

//
// ANSI (Multi-byte Character) types
//
typedef CHAR *PCHAR;
typedef CHAR *LPCH, *PCH;

typedef CONST CHAR *LPCCH, *PCCH;
typedef CHAR *NPSTR;
typedef CHAR *LPSTR, *PSTR;
typedef CONST CHAR *LPCSTR, *PCSTR;

//
// Neutral ANSI/UNICODE types and macros
//
#ifdef  UNICODE                   // r_winnt

#ifndef _TCHAR_DEFINED
typedef WCHAR TCHAR, *PTCHAR;
typedef WCHAR TBYTE , *PTBYTE ;
#define _TCHAR_DEFINED
#endif /* !_TCHAR_DEFINED */

typedef LPWSTR LPTCH, PTCH;
typedef LPWSTR PTSTR, LPTSTR;
typedef LPCWSTR PCTSTR, LPCTSTR;
typedef LPWSTR LP;
#define __TEXT(quote) L##quote    // r_winnt

#else /* UNICODE */             // r_winnt

#ifndef _TCHAR_DEFINED
typedef char TCHAR, *PTCHAR;
typedef unsigned char TBYTE , *PTBYTE ;
#define _TCHAR_DEFINED
#endif /* !_TCHAR_DEFINED */

typedef LPSTR LPTCH, PTCH;
typedef LPSTR PTSTR, LPTSTR;
typedef LPCSTR PCTSTR, LPCTSTR;
#define __TEXT(quote) quote       // r_winnt

#endif /* UNICODE */             // r_winnt
#define TEXT(quote) __TEXT(quote) // r_winnt

typedef SHORT *PSHORT;
typedef LONG *PLONG;

#ifdef STRICT
typedef void *HANDLE;
#define DECLARE_HANDLE(name) struct name##__ { int unused; }; typedef struct name##__ *name
#else
typedef PVOID HANDLE;
#define DECLARE_HANDLE(name) typedef HANDLE name
#endif
typedef HANDLE *PHANDLE;

//
// Flag (bit) fields
//

typedef BYTE FCHAR;
typedef WORD FSHORT;
typedef DWORD  FLONG;

// Component Object Model defines, and macros

#ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED
typedef LONG HRESULT;

#endif // !_HRESULT_DEFINED

#ifdef __cplusplus
#define EXTERN_C extern "C"
#else
#define EXTERN_C extern
#endif

#if defined(_WIN32) || defined(_MPPC_)

// Win32 doesn't support __export

#ifdef _68K_
#define STDMETHODCALLTYPE    __cdecl
#else
#define STDMETHODCALLTYPE    __stdcall
#endif
#define STDMETHODVCALLTYPE    __cdecl

#define STDAPICALLTYPE       __stdcall
#define STDAPIVCALLTYPE       __cdecl

#else

#define STDMETHODCALLTYPE    __export __stdcall
#define STDMETHODVCALLTYPE    __export __cdecl

#define STDAPICALLTYPE       __export __stdcall
#define STDAPIVCALLTYPE       __export __cdecl

#endif

#define STDAPI                EXTERN_C HRESULT STDAPICALLTYPE
#define STDAPI_(type)          EXTERN_C type STDAPICALLTYPE

#define STDMETHODIMP          HRESULT STDMETHODCALLTYPE
#define STDMETHODIMP_(type)    type STDMETHODCALLTYPE

// The 'V' versions allow Variable Argument lists.

#define STDAPIV                EXTERN_C HRESULT STDAPIVCALLTYPE
#define STDAPIV_(type)       EXTERN_C type STDAPIVCALLTYPE

#define STDMETHODIMPV          HRESULT STDMETHODVCALLTYPE
#define STDMETHODIMPV_(type) type STDMETHODVCALLTYPE

typedef char CCHAR;
typedef DWORD LCID;
typedef PDWORD PLCID;
typedef WORD LANGID;
#define APPLICATION_ERROR_MASK    0x20000000
#define ERROR_SEVERITY_SUCCESS    0x00000000
#define ERROR_SEVERITY_INFORMATIONAL 0x40000000
#define ERROR_SEVERITY_WARNING    0x80000000
#define ERROR_SEVERITY_ERROR       0xC0000000

//
// _M_IX86 included so that EM CONTEXT structure compiles with
// x86 programs. *** TBD should this be for all architectures?
//

//
// 16 byte aligned type for 128 bit floats
//

//
// For we define a 128 bit structure and use __declspec(align(16)) pragma to
// align to 128 bits.
//

#if defined(_M_IA64) && !defined(MIDL_PASS)
__declspec(align(16))
#endif
typedef struct _FLOAT128 {
__int64 LowPart;
__int64 HighPart;
} FLOAT128;

typedef FLOAT128 *PFLOAT128;

//
// __int64 is only supported by 2.0 and later midl.
// __midl is set by the 2.0 midl and not by 1.0 midl.
//

#define _ULONGLONG_
#if (!defined (_MAC) && (!defined(MIDL_PASS) || defined(__midl)) && (!defined(_M_IX86) || (defined(_INTEGRAL_MAX_BITS) && _INTEGRAL_MAX_BITS >= 64)))
typedef __int64 LONGLONG;
typedef unsigned __int64 ULONGLONG;

#define MAXLONGLONG                   (0x7fffffffffffffff)
#else

#if defined(_MAC) && defined(_MAC_INT_64)
typedef __int64 LONGLONG;
typedef unsigned __int64 ULONGLONG;

#define MAXLONGLONG                   (0x7fffffffffffffff)
#else
typedef double LONGLONG;
typedef double ULONGLONG;
#endif //_MAC and int64

#endif

typedef LONGLONG *PLONGLONG;
typedef ULONGLONG *PULONGLONG;

// Update Sequence Number

typedef LONGLONG USN;

#if defined(MIDL_PASS)
typedef struct _LARGE_INTEGER {
#else // MIDL_PASS
typedef union _LARGE_INTEGER {
struct {
      DWORD LowPart;
      LONG HighPart;
};
struct {
      DWORD LowPart;
      LONG HighPart;
} u;
#endif //MIDL_PASS
LONGLONG QuadPart;
} LARGE_INTEGER;

typedef LARGE_INTEGER *PLARGE_INTEGER;

#if defined(MIDL_PASS)
typedef struct _ULARGE_INTEGER {
#else // MIDL_PASS
typedef union _ULARGE_INTEGER {
struct {
      DWORD LowPart;
      DWORD HighPart;
};
struct {
      DWORD LowPart;
      DWORD HighPart;
} u;
#endif //MIDL_PASS
ULONGLONG QuadPart;
} ULARGE_INTEGER;

typedef ULARGE_INTEGER *PULARGE_INTEGER;

// end_ntminiport end_ntndis end_ntminitape

//
// Locally Unique Identifier
//

typedef struct _LUID {
DWORD LowPart;
LONG HighPart;
} LUID, *PLUID;

#define _DWORDLONG_
typedef ULONGLONG  DWORDLONG;
typedef DWORDLONG *PDWORDLONG;

//
// Define operations to logically shift an int64 by 0..31 bits and to multiply
// 32-bits by 32-bits to form a 64-bit product.
//

#if defined(MIDL_PASS) || defined(RC_INVOKED)

//
// Midl does not understand inline assembler. Therefore, the Rtl functions
// are used for shifts by 0.31 and multiplies of 32-bits times 32-bits to
// form a 64-bit product.
//

#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))

#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))

#elif defined(_M_MRX000)

//
// MIPS uses intrinsic functions to perform shifts by 0..31 and multiplies of
// 32-bits times 32-bits to 64-bits.
//

#define Int32x32To64 __emul
#define UInt32x32To64 __emulu

#define Int64ShllMod32 __ll_lshift
#define Int64ShraMod32 __ll_rshift
#define Int64ShrlMod32 __ull_rshift

#if defined (__cplusplus)
extern "C" {
#endif

LONGLONG
NTAPI
Int32x32To64 (
LONG Multiplier,
LONG Multiplicand
);

ULONGLONG
NTAPI
UInt32x32To64 (
DWORD Multiplier,
DWORD Multiplicand
);

ULONGLONG
NTAPI
Int64ShllMod32 (
ULONGLONG Value,
DWORD ShiftCount
);

LONGLONG
NTAPI
Int64ShraMod32 (
LONGLONG Value,
DWORD ShiftCount
);

ULONGLONG
NTAPI
Int64ShrlMod32 (
ULONGLONG Value,
DWORD ShiftCount
);

#if defined (__cplusplus)
};
#endif

#pragma intrinsic(__emul)
#pragma intrinsic(__emulu)

#pragma intrinsic(__ll_lshift)
#pragma intrinsic(__ll_rshift)
#pragma intrinsic(__ull_rshift)

#elif defined(_M_IX86)

//
// The x86 C compiler understands inline assembler. Therefore, inline functions
// that employ inline assembler are used for shifts of 0..31.  The multiplies
// rely on the compiler recognizing the cast of the multiplicand to int64 to
// generate the optimal code inline.
//

#define Int32x32To64( a, b ) (LONGLONG)((LONGLONG)(LONG)(a) * (LONG)(b))
#define UInt32x32To64( a, b ) (ULONGLONG)((ULONGLONG)(DWORD)(a) * (DWORD)(b))

#if !defined (__BORLANDC__)

ULONGLONG
NTAPI
Int64ShllMod32 (
ULONGLONG Value,
DWORD ShiftCount
);

LONGLONG
NTAPI
Int64ShraMod32 (
LONGLONG Value,
DWORD ShiftCount
);

ULONGLONG
NTAPI
Int64ShrlMod32 (
ULONGLONG Value,
DWORD ShiftCount
);

#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable:4035)             // re-enable below

__inline ULONGLONG
NTAPI
Int64ShllMod32 (
ULONGLONG Value,
DWORD ShiftCount
)
{
__asm {
      mov    ecx, ShiftCount
      mov    eax, dword ptr [Value]
      mov    edx, dword ptr [Value+4]
      shld edx, eax, cl
      shl    eax, cl
}
}

__inline LONGLONG
NTAPI
Int64ShraMod32 (
LONGLONG Value,
DWORD ShiftCount
)
{
__asm {
      mov    ecx, ShiftCount
      mov    eax, dword ptr [Value]
      mov    edx, dword ptr [Value+4]
      shrd eax, edx, cl
      sar    edx, cl
}
}

__inline ULONGLONG
NTAPI
Int64ShrlMod32 (
ULONGLONG Value,
DWORD ShiftCount
)
{
__asm {
      mov    ecx, ShiftCount
      mov    eax, dword ptr [Value]
      mov    edx, dword ptr [Value+4]
      shrd eax, edx, cl
      shr    edx, cl
}
}

#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default:4035)
#endif

#else
/* For Borland, let the compiler generate calls to __int64 helper functions */

#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))

#endif /* !defined (__BORLANDC__) */

#elif defined(_M_ALPHA)

//
// Alpha has native 64-bit operations that are just as fast as their 32-bit
// counter parts. Therefore, the int64 data type is used directly to form
// shifts of 0..31 and multiplies of 32-bits times 32-bits to form a 64-bit
// product.
//

#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))

#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))

#elif defined(_M_PPC)

#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))

#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))

#elif defined(_68K_) || defined(_MPPC_)

//
// The Macintosh 68K and PowerPC compilers do not currently support int64.
//

#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b)))

#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))

#elif defined(_M_IA64)

//
// IA64 has native 64-bit operations that are just as fast as their 32-bit
// counter parts. Therefore, the int64 data type is used directly to form
// shifts of 0..31 and multiplies of 32-bits times 32-bits to form a 64-bit
// product.
//

#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
#define UInt32x32To64(a, b) ((ULONGLONG)((DWORD)(a)) * (ULONGLONG)((DWORD)(b)))

#define Int64ShllMod32(a, b) ((ULONGLONG)(a) << (b))
#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
#define Int64ShrlMod32(a, b) ((ULONGLONG)(a) >> (b))

#else

#error Must define a target architecture.

#endif

#define ANSI_NULL ((CHAR)0)
#define UNICODE_NULL ((WCHAR)0)
typedef BYTE  BOOLEAN;
typedef BOOLEAN *PBOOLEAN;
//
//  Doubly linked list structure.  Can be used as either a list head, or
//  as link words.
//

typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;

//
//  Singly linked list structure. Can be used as either a list head, or
//  as link words.
//

typedef struct _SINGLE_LIST_ENTRY {
struct _SINGLE_LIST_ENTRY *Next;
} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;

//
// These are needed for portable debugger support.
//

typedef struct LIST_ENTRY32 {
DWORD Flink;
DWORD Blink;
} LIST_ENTRY32;
typedef LIST_ENTRY32 *PLIST_ENTRY32;

typedef struct LIST_ENTRY64 {
ULONGLONG Flink;
ULONGLONG Blink;
} LIST_ENTRY64;
typedef LIST_ENTRY64 *PLIST_ENTRY64;

#include <guiddef.h>

#ifndef __OBJECTID_DEFINED
#define __OBJECTID_DEFINED

typedef struct  _OBJECTID {    // size is 20
GUID Lineage;
DWORD Uniquifier;
} OBJECTID;
#endif // !_OBJECTID_DEFINED

#define MINCHAR    0x80
#define MAXCHAR    0x7f
#define MINSHORT 0x8000
#define MAXSHORT 0x7fff
#define MINLONG    0x80000000
#define MAXLONG    0x7fffffff
#define MAXBYTE    0xff
#define MAXWORD    0xffff
#define MAXDWORD 0xffffffff
//
// Calculate the byte offset of a field in a structure of type type.
//

#define FIELD_OFFSET(type, field) ((LONG)(LONG_PTR)&(((type *)0)->field))

//
// Calculate the address of the base of the structure given its type, and an
// address of a field within the structure.
//

#define CONTAINING_RECORD(address, type, field) ((type *)( \
                                                (PCHAR)(address) - \
                                                (ULONG_PTR)(&((type *)0)->field)))

#define VER_SERVER_NT                      0x80000000
#define VER_WORKSTATION_NT                0x40000000
#define VER_SUITE_SMALLBUSINESS          0x00000001
#define VER_SUITE_ENTERPRISE             0x00000002
#define VER_SUITE_BACKOFFICE             0x00000004
#define VER_SUITE_COMMUNICATIONS          0x00000008
#define VER_SUITE_TERMINAL                0x00000010
#define VER_SUITE_SMALLBUSINESS_RESTRICTED  0x00000020
#define VER_SUITE_EMBEDDEDNT             0x00000040
#define VER_SUITE_DATACENTER             0x00000080
#define VER_SUITE_SINGLEUSERTS             0x00000100

//
//  Language IDs.
//
//  The following two combinations of primary language ID and
//  sublanguage ID have special semantics:
//
// Primary Language ID Sublanguage ID    Result
// ------------------- ---------------    ------------------------
// LANG_NEUTRAL       SUBLANG_NEUTRAL    Language neutral
// LANG_NEUTRAL       SUBLANG_DEFAULT    User default language
// LANG_NEUTRAL       SUBLANG_SYS_DEFAULT System default language
//

//
//  Primary language IDs.
//

#define LANG_NEUTRAL                   0x00

#define LANG_AFRIKAANS                0x36
#define LANG_ALBANIAN                   0x1c
#define LANG_ARABIC                   0x01
#define LANG_ARMENIAN                   0x2b
#define LANG_ASSAMESE                   0x4d
#define LANG_AZERI                      0x2c
#define LANG_BASQUE                   0x2d
#define LANG_BELARUSIAN                0x23
#define LANG_BENGALI                   0x45
#define LANG_BULGARIAN                0x02
#define LANG_CATALAN                   0x03
#define LANG_CHINESE                   0x04
#define LANG_CROATIAN                   0x1a
#define LANG_CZECH                      0x05
#define LANG_DANISH                   0x06
#define LANG_DUTCH                      0x13
#define LANG_ENGLISH                   0x09
#define LANG_ESTONIAN                   0x25
#define LANG_FAEROESE                   0x38
#define LANG_FARSI                      0x29
#define LANG_FINNISH                   0x0b
#define LANG_FRENCH                   0x0c
#define LANG_GEORGIAN                   0x37
#define LANG_GERMAN                   0x07
#define LANG_GREEK                      0x08
#define LANG_GUJARATI                   0x47
#define LANG_HEBREW                   0x0d
#define LANG_HINDI                      0x39
#define LANG_HUNGARIAN                0x0e
#define LANG_ICELANDIC                0x0f
#define LANG_INDONESIAN                0x21
#define LANG_ITALIAN                   0x10
#define LANG_JAPANESE                   0x11
#define LANG_KANNADA                   0x4b
#define LANG_KASHMIRI                   0x60
#define LANG_KAZAK                      0x3f
#define LANG_KONKANI                   0x57
#define LANG_KOREAN                   0x12
#define LANG_LATVIAN                   0x26
#define LANG_LITHUANIAN                0x27
#define LANG_MACEDONIAN                0x2f // the Former Yugoslav Republic of Macedonia
#define LANG_MALAY                      0x3e
#define LANG_MALAYALAM                0x4c
#define LANG_MANIPURI                   0x58
#define LANG_MARATHI                   0x4e
#define LANG_NEPALI                   0x61
#define LANG_NORWEGIAN                0x14
#define LANG_ORIYA                      0x48
#define LANG_POLISH                   0x15
#define LANG_PORTUGUESE                0x16
#define LANG_PUNJABI                   0x46
#define LANG_ROMANIAN                   0x18
#define LANG_RUSSIAN                   0x19
#define LANG_SANSKRIT                   0x4f
#define LANG_SERBIAN                   0x1a
#define LANG_SINDHI                   0x59
#define LANG_SLOVAK                   0x1b
#define LANG_SLOVENIAN                0x24
#define LANG_SPANISH                   0x0a
#define LANG_SWAHILI                   0x41
#define LANG_SWEDISH                   0x1d
#define LANG_TAMIL                      0x49
#define LANG_TATAR                      0x44
#define LANG_TELUGU                   0x4a
#define LANG_THAI                      0x1e
#define LANG_TURKISH                   0x1f
#define LANG_UKRAINIAN                0x22
#define LANG_URDU                      0x20
#define LANG_UZBEK                      0x43
#define LANG_VIETNAMESE                0x2a

//
//  Sublanguage IDs.
//
//  The name immediately following SUBLANG_ dictates which primary
//  language ID that sublanguage ID can be combined with to form a
//  valid language ID.
//

#define SUBLANG_NEUTRAL                0x00 // language neutral
#define SUBLANG_DEFAULT                0x01 // user default
#define SUBLANG_SYS_DEFAULT             0x02 // system default

#define SUBLANG_ARABIC_SAUDI_ARABIA    0x01 // Arabic (Saudi Arabia)
#define SUBLANG_ARABIC_IRAQ             0x02 // Arabic (Iraq)
#define SUBLANG_ARABIC_EGYPT          0x03 // Arabic (Egypt)
#define SUBLANG_ARABIC_LIBYA          0x04 // Arabic (Libya)
#define SUBLANG_ARABIC_ALGERIA          0x05 // Arabic (Algeria)
#define SUBLANG_ARABIC_MOROCCO          0x06 // Arabic (Morocco)
#define SUBLANG_ARABIC_TUNISIA          0x07 // Arabic (Tunisia)
#define SUBLANG_ARABIC_OMAN             0x08 // Arabic (Oman)
#define SUBLANG_ARABIC_YEMEN          0x09 // Arabic (Yemen)
#define SUBLANG_ARABIC_SYRIA          0x0a // Arabic (Syria)
#define SUBLANG_ARABIC_JORDAN          0x0b // Arabic (Jordan)
#define SUBLANG_ARABIC_LEBANON          0x0c // Arabic (Lebanon)
#define SUBLANG_ARABIC_KUWAIT          0x0d // Arabic (Kuwait)
#define SUBLANG_ARABIC_UAE             0x0e // Arabic (U.A.E)
#define SUBLANG_ARABIC_BAHRAIN          0x0f // Arabic (Bahrain)
#define SUBLANG_ARABIC_QATAR          0x10 // Arabic (Qatar)
#define SUBLANG_AZERI_LATIN             0x01 // Azeri (Latin)
#define SUBLANG_AZERI_CYRILLIC          0x02 // Azeri (Cyrillic)
#define SUBLANG_CHINESE_TRADITIONAL    0x01 // Chinese (Taiwan)
#define SUBLANG_CHINESE_SIMPLIFIED    0x02 // Chinese (PR China)
#define SUBLANG_CHINESE_HONGKONG       0x03 // Chinese (Hong Kong S.A.R., P.R.C.)
#define SUBLANG_CHINESE_SINGAPORE       0x04 // Chinese (Singapore)
#define SUBLANG_CHINESE_MACAU          0x05 // Chinese (Macau)
#define SUBLANG_DUTCH                   0x01 // Dutch
#define SUBLANG_DUTCH_BELGIAN          0x02 // Dutch (Belgian)
#define SUBLANG_ENGLISH_US             0x01 // English (USA)
#define SUBLANG_ENGLISH_UK             0x02 // English (UK)
#define SUBLANG_ENGLISH_AUS             0x03 // English (Australian)
#define SUBLANG_ENGLISH_CAN             0x04 // English (Canadian)
#define SUBLANG_ENGLISH_NZ             0x05 // English (New Zealand)
#define SUBLANG_ENGLISH_EIRE          0x06 // English (Irish)
#define SUBLANG_ENGLISH_SOUTH_AFRICA    0x07 // English (South Africa)
#define SUBLANG_ENGLISH_JAMAICA       0x08 // English (Jamaica)
#define SUBLANG_ENGLISH_CARIBBEAN       0x09 // English (Caribbean)
#define SUBLANG_ENGLISH_BELIZE          0x0a // English (Belize)
#define SUBLANG_ENGLISH_TRINIDAD       0x0b // English (Trinidad)
#define SUBLANG_ENGLISH_ZIMBABWE       0x0c // English (Zimbabwe)
#define SUBLANG_ENGLISH_PHILIPPINES    0x0d // English (Philippines)
#define SUBLANG_FRENCH                0x01 // French
#define SUBLANG_FRENCH_BELGIAN          0x02 // French (Belgian)
#define SUBLANG_FRENCH_CANADIAN       0x03 // French (Canadian)
#define SUBLANG_FRENCH_SWISS          0x04 // French (Swiss)
#define SUBLANG_FRENCH_LUXEMBOURG       0x05 // French (Luxembourg)
#define SUBLANG_FRENCH_MONACO          0x06 // French (Monaco)
#define SUBLANG_GERMAN                0x01 // German
#define SUBLANG_GERMAN_SWISS          0x02 // German (Swiss)
#define SUBLANG_GERMAN_AUSTRIAN       0x03 // German (Austrian)
#define SUBLANG_GERMAN_LUXEMBOURG       0x04 // German (Luxembourg)
#define SUBLANG_GERMAN_LIECHTENSTEIN    0x05 // German (Liechtenstein)
#define SUBLANG_ITALIAN                0x01 // Italian
#define SUBLANG_ITALIAN_SWISS          0x02 // Italian (Swiss)
#define SUBLANG_KASHMIRI_INDIA          0x02 // Kashmiri (India)
#define SUBLANG_KOREAN                0x01 // Korean (Extended Wansung)
#define SUBLANG_LITHUANIAN             0x01 // Lithuanian
#define SUBLANG_MALAY_MALAYSIA          0x01 // Malay (Malaysia)
#define SUBLANG_MALAY_BRUNEI_DARUSSALAM  0x02 // Malay (Brunei Darussalam)
#define SUBLANG_NEPALI_INDIA          0x02 // Nepali (India)
#define SUBLANG_NORWEGIAN_BOKMAL       0x01 // Norwegian (Bokmal)
#define SUBLANG_NORWEGIAN_NYNORSK       0x02 // Norwegian (Nynorsk)
#define SUBLANG_PORTUGUESE             0x02 // Portuguese
#define SUBLANG_PORTUGUESE_BRAZILIAN    0x01 // Portuguese (Brazilian)
#define SUBLANG_SERBIAN_LATIN          0x02 // Serbian (Latin)
#define SUBLANG_SERBIAN_CYRILLIC       0x03 // Serbian (Cyrillic)
#define SUBLANG_SPANISH                0x01 // Spanish (Castilian)
#define SUBLANG_SPANISH_MEXICAN       0x02 // Spanish (Mexican)
#define SUBLANG_SPANISH_MODERN          0x03 // Spanish (Modern)
#define SUBLANG_SPANISH_GUATEMALA       0x04 // Spanish (Guatemala)
#define SUBLANG_SPANISH_COSTA_RICA    0x05 // Spanish (Costa Rica)
#define SUBLANG_SPANISH_PANAMA          0x06 // Spanish (Panama)
#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07  // Spanish (Dominican Republic)
#define SUBLANG_SPANISH_VENEZUELA       0x08 // Spanish (Venezuela)
#define SUBLANG_SPANISH_COLOMBIA       0x09 // Spanish (Colombia)
#define SUBLANG_SPANISH_PERU          0x0a // Spanish (Peru)
#define SUBLANG_SPANISH_ARGENTINA       0x0b // Spanish (Argentina)
#define SUBLANG_SPANISH_ECUADOR       0x0c // Spanish (Ecuador)
#define SUBLANG_SPANISH_CHILE          0x0d // Spanish (Chile)
#define SUBLANG_SPANISH_URUGUAY       0x0e // Spanish (Uruguay)
#define SUBLANG_SPANISH_PARAGUAY       0x0f // Spanish (Paraguay)
#define SUBLANG_SPANISH_BOLIVIA       0x10 // Spanish (Bolivia)
#define SUBLANG_SPANISH_EL_SALVADOR    0x11 // Spanish (El Salvador)
#define SUBLANG_SPANISH_HONDURAS       0x12 // Spanish (Honduras)
#define SUBLANG_SPANISH_NICARAGUA       0x13 // Spanish (Nicaragua)
#define SUBLANG_SPANISH_PUERTO_RICO    0x14 // Spanish (Puerto Rico)
#define SUBLANG_SWEDISH                0x01 // Swedish
#define SUBLANG_SWEDISH_FINLAND       0x02 // Swedish (Finland)
#define SUBLANG_URDU_PAKISTAN          0x01 // Urdu (Pakistan)
#define SUBLANG_URDU_INDIA             0x02 // Urdu (India)
#define SUBLANG_UZBEK_LATIN             0x01 // Uzbek (Latin)
#define SUBLANG_UZBEK_CYRILLIC          0x02 // Uzbek (Cyrillic)

//
//  Sorting IDs.
//

#define SORT_DEFAULT                   0x0    // sorting default

#define SORT_JAPANESE_XJIS             0x0    // Japanese XJIS order
#define SORT_JAPANESE_UNICODE          0x1    // Japanese Unicode order

#define SORT_CHINESE_BIG5             0x0    // Chinese BIG5 order
#define SORT_CHINESE_PRCP             0x0    // PRC Chinese Phonetic order
#define SORT_CHINESE_UNICODE          0x1    // Chinese Unicode order
#define SORT_CHINESE_PRC                0x2    // PRC Chinese Stroke Count order
#define SORT_CHINESE_BOPOMOFO          0x3    // Traditional Chinese Bopomofo order

#define SORT_KOREAN_KSC                0x0    // Korean KSC order
#define SORT_KOREAN_UNICODE             0x1    // Korean Unicode order

#define SORT_GERMAN_PHONE_BOOK          0x1    // German Phone Book order

#define SORT_HUNGARIAN_DEFAULT          0x0    // Hungarian Default order
#define SORT_HUNGARIAN_TECHNICAL       0x1    // Hungarian Technical order

#define SORT_GEORGIAN_TRADITIONAL       0x0    // Georgian Traditional order
#define SORT_GEORGIAN_MODERN          0x1    // Georgian Modern order

// end_r_winnt

//
//  A language ID is a 16 bit value which is the combination of a
//  primary language ID and a secondary language ID.  The bits are
//  allocated as follows:
//
//    +-----------------------+-------------------------+
//    |    Sublanguage ID | Primary Language ID |
//    +-----------------------+-------------------------+
//       15                10 9                      0 bit
//
//
//  Language ID creation/extraction macros:
//
// MAKELANGID - construct language id from a primary language id and
//                   a sublanguage id.
// PRIMARYLANGID - extract primary language id from a language id.
// SUBLANGID    - extract sublanguage id from a language id.
//

#define MAKELANGID(p, s)    ((((WORD  )(s)) << 10) | (WORD  )(p))
#define PRIMARYLANGID(lgid) ((WORD  )(lgid) & 0x3ff)
#define SUBLANGID(lgid)       ((WORD  )(lgid) >> 10)

//
//  A locale ID is a 32 bit value which is the combination of a
//  language ID, a sort ID, and a reserved area.  The bits are
//  allocated as follows:
//
//    +-------------+---------+-------------------------+
//    | Reserved  | Sort ID |    Language ID       |
//    +-------------+---------+-------------------------+
//       31       20 19    16 15                   0 bit
//
//
//  Locale ID creation/extraction macros:
//
// MAKELCID          - construct the locale id from a language id and a sort id.
// MAKESORTLCID       - construct the locale id from a language id, sort id, and sort version.
// LANGIDFROMLCID    - extract the language id from a locale id.
// SORTIDFROMLCID    - extract the sort id from a locale id.
// SORTVERSIONFROMLCID - extract the sort version from a locale id.
//

#define NLS_VALID_LOCALE_MASK  0x000fffff

#define MAKELCID(lgid, srtid)  ((DWORD)((((DWORD)((WORD  )(srtid))) << 16) |  \
                                       ((DWORD)((WORD  )(lgid)))))
#define MAKESORTLCID(lgid, srtid, ver)                                           \
                           ((DWORD)((MAKELCID(lgid, srtid)) |          \
                                 (((DWORD)((WORD  )(ver))) << 20)))
#define LANGIDFROMLCID(lcid) ((WORD  )(lcid))
#define SORTIDFROMLCID(lcid) ((WORD  )((((DWORD)(lcid)) >> 16) & 0xf))
#define SORTVERSIONFROMLCID(lcid)  ((WORD  )((((DWORD)(lcid)) >> 20) & 0xf))

//
//  Default System and User IDs for language and locale.
//

#define LANG_SYSTEM_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_SYS_DEFAULT))
#define LANG_USER_DEFAULT    (MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT))

#define LOCALE_SYSTEM_DEFAULT  (MAKELCID(LANG_SYSTEM_DEFAULT, SORT_DEFAULT))
#define LOCALE_USER_DEFAULT (MAKELCID(LANG_USER_DEFAULT, SORT_DEFAULT))

#define LOCALE_NEUTRAL                                                       \
      (MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT))

// begin_ntminiport begin_ntndis begin_ntminitape

//
// Macros used to eliminate compiler warning generated when formal
// parameters or local variables are not declared.
//
// Use DBG_UNREFERENCED_PARAMETER() when a parameter is not yet
// referenced but will be once the module is completely developed.
//
// Use DBG_UNREFERENCED_LOCAL_VARIABLE() when a local variable is not yet
// referenced but will be once the module is completely developed.
//
// Use UNREFERENCED_PARAMETER() if a parameter will never be referenced.
//
// DBG_UNREFERENCED_PARAMETER and DBG_UNREFERENCED_LOCAL_VARIABLE will
// eventually be made into a null macro to help determine whether there
// is unfinished work.
//

#if ! defined(lint)
#define UNREFERENCED_PARAMETER(P)       (P)
#define DBG_UNREFERENCED_PARAMETER(P)    (P)
#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) (V)

#else // lint

// Note: lint -e530 says don't complain about uninitialized variables for
// this varible.  Error 527 has to do with unreachable code.
// -restore restores checking to the -save state

#define UNREFERENCED_PARAMETER(P)       \
/*lint -save -e527 -e530 */ \
{ \
      (P) = (P); \
} \
/*lint -restore */
#define DBG_UNREFERENCED_PARAMETER(P)    \
/*lint -save -e527 -e530 */ \
{ \
      (P) = (P); \
} \
/*lint -restore */
#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) \
/*lint -save -e527 -e530 */ \
{ \
      (V) = (V); \
} \
/*lint -restore */

#endif // lint

//
// Macro used to eliminate compiler warning 4715 within a switch statement
// when all possible cases have already been accounted for.
//
// switch (a & 3) {
//    case 0: return 1;
//    case 1: return Foo();
//    case 2: return Bar();
//    case 3: return 1;
//    DEFAULT_UNREACHABLE;
//

#if (_MSC_VER > 1200)
#define DEFAULT_UNREACHABLE default: __assume(0)
#else

//
// Older compilers do not support __assume(), and there is no other free
// method of eliminating the warning.
//

#define DEFAULT_UNREACHABLE

#endif

#ifndef WIN32_NO_STATUS
/*lint -save -e767 */
#define STATUS_WAIT_0                   ((DWORD )0x00000000L)
#define STATUS_ABANDONED_WAIT_0       ((DWORD )0x00000080L)
#define STATUS_USER_APC                ((DWORD )0x000000C0L)
#define STATUS_TIMEOUT                ((DWORD )0x00000102L)
#define STATUS_PENDING                ((DWORD )0x00000103L)
#define DBG_CONTINUE                   ((DWORD )0x00010002L)
#define STATUS_SEGMENT_NOTIFICATION    ((DWORD )0x40000005L)
#define DBG_TERMINATE_THREAD          ((DWORD )0x40010003L)
#define DBG_TERMINATE_PROCESS          ((DWORD )0x40010004L)
#define DBG_CONTROL_C                   ((DWORD )0x40010005L)
#define DBG_CONTROL_BREAK             ((DWORD )0x40010008L)
#define STATUS_GUARD_PAGE_VIOLATION    ((DWORD )0x80000001L)
#define STATUS_DATATYPE_MISALIGNMENT    ((DWORD )0x80000002L)
#define STATUS_BREAKPOINT             ((DWORD )0x80000003L)
#define STATUS_SINGLE_STEP             ((DWORD )0x80000004L)
#define DBG_EXCEPTION_NOT_HANDLED       ((DWORD )0x80010001L)
#define STATUS_ACCESS_VIOLATION       ((DWORD )0xC0000005L)
#define STATUS_IN_PAGE_ERROR          ((DWORD )0xC0000006L)
#define STATUS_INVALID_HANDLE          ((DWORD )0xC0000008L)
#define STATUS_NO_MEMORY                ((DWORD )0xC0000017L)
#define STATUS_ILLEGAL_INSTRUCTION    ((DWORD )0xC000001DL)
#define STATUS_NONCONTINUABLE_EXCEPTION  ((DWORD )0xC0000025L)
#define STATUS_INVALID_DISPOSITION    ((DWORD )0xC0000026L)
#define STATUS_ARRAY_BOUNDS_EXCEEDED    ((DWORD )0xC000008CL)
#define STATUS_FLOAT_DENORMAL_OPERAND ((DWORD )0xC000008DL)
#define STATUS_FLOAT_DIVIDE_BY_ZERO    ((DWORD )0xC000008EL)
#define STATUS_FLOAT_INEXACT_RESULT    ((DWORD )0xC000008FL)
#define STATUS_FLOAT_INVALID_OPERATION ((DWORD )0xC0000090L)
#define STATUS_FLOAT_OVERFLOW          ((DWORD )0xC0000091L)
#define STATUS_FLOAT_STACK_CHECK       ((DWORD )0xC0000092L)
#define STATUS_FLOAT_UNDERFLOW          ((DWORD )0xC0000093L)
#define STATUS_INTEGER_DIVIDE_BY_ZERO ((DWORD )0xC0000094L)
#define STATUS_INTEGER_OVERFLOW       ((DWORD )0xC0000095L)
#define STATUS_PRIVILEGED_INSTRUCTION ((DWORD )0xC0000096L)
#define STATUS_STACK_OVERFLOW          ((DWORD )0xC00000FDL)
#define STATUS_CONTROL_C_EXIT          ((DWORD )0xC000013AL)
#define STATUS_FLOAT_MULTIPLE_FAULTS    ((DWORD )0xC00002B4L)
#define STATUS_FLOAT_MULTIPLE_TRAPS    ((DWORD )0xC00002B5L)
#define STATUS_ILLEGAL_VLM_REFERENCE    ((DWORD )0xC00002C0L)
#define STATUS_REG_NAT_CONSUMPTION    ((DWORD )0xC00002C9L)
/*lint -restore */
#endif
#define MAXIMUM_WAIT_OBJECTS 64    // Maximum number of wait objects

#define MAXIMUM_SUSPEND_COUNT MAXCHAR // Maximum times thread can be suspended

typedef ULONG_PTR KSPIN_LOCK;
typedef KSPIN_LOCK *PKSPIN_LOCK;

//
// Define function to return the current Thread Environment Block
//

#ifdef _ALPHA_                         // winnt
void *_rdteb(void);                   // winnt
#if defined(_M_ALPHA)                // winnt
#pragma intrinsic(_rdteb)             // winnt
#endif                               // winnt
#endif                               // winnt

#if defined(_M_ALPHA)
#define NtCurrentTeb() ((struct _TEB *)_rdteb())
#else
struct _TEB *
NtCurrentTeb(void);
#endif

//
// Define functions to get the address of the current fiber and the
// current fiber data.
//

#ifdef _ALPHA_

#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))

// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

#define CONTEXT_ALPHA             0x00020000

#define CONTEXT_CONTROL       (CONTEXT_ALPHA | 0x00000001L)
#define CONTEXT_FLOATING_POINT  (CONTEXT_ALPHA | 0x00000002L)
#define CONTEXT_INTEGER       (CONTEXT_ALPHA | 0x00000004L)

#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)

#endif

#ifndef _PORTABLE_32BIT_CONTEXT

//
// Context Frame
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) it is used to construct a call frame for APC delivery,
//  3) it is used to construct a call frame for exception dispatching
//  in user mode, 4) it is used in the user level thread creation
//  routines, and 5) it is used to to pass thread state to debuggers.
//
//  N.B. Because this record is used as a call frame, it must be EXACTLY
//  a multiple of 16 bytes in length.
//
//  There are two variations of the context structure. This is the real one.
//

typedef struct _CONTEXT {

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//

ULONGLONG FltF0;
ULONGLONG FltF1;
ULONGLONG FltF2;
ULONGLONG FltF3;
ULONGLONG FltF4;
ULONGLONG FltF5;
ULONGLONG FltF6;
ULONGLONG FltF7;
ULONGLONG FltF8;
ULONGLONG FltF9;
ULONGLONG FltF10;
ULONGLONG FltF11;
ULONGLONG FltF12;
ULONGLONG FltF13;
ULONGLONG FltF14;
ULONGLONG FltF15;
ULONGLONG FltF16;
ULONGLONG FltF17;
ULONGLONG FltF18;
ULONGLONG FltF19;
ULONGLONG FltF20;
ULONGLONG FltF21;
ULONGLONG FltF22;
ULONGLONG FltF23;
ULONGLONG FltF24;
ULONGLONG FltF25;
ULONGLONG FltF26;
ULONGLONG FltF27;
ULONGLONG FltF28;
ULONGLONG FltF29;
ULONGLONG FltF30;
ULONGLONG FltF31;

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, and ra are defined in this section, but are
//  considered part of the control context rather than part of the integer
//  context.
//

ULONGLONG IntV0; //  $0: return value register, v0
ULONGLONG IntT0; //  $1: temporary registers, t0 - t7
ULONGLONG IntT1; //  $2:
ULONGLONG IntT2; //  $3:
ULONGLONG IntT3; //  $4:
ULONGLONG IntT4; //  $5:
ULONGLONG IntT5; //  $6:
ULONGLONG IntT6; //  $7:
ULONGLONG IntT7; //  $8:
ULONGLONG IntS0; //  $9: nonvolatile registers, s0 - s5
ULONGLONG IntS1; // $10:
ULONGLONG IntS2; // $11:
ULONGLONG IntS3; // $12:
ULONGLONG IntS4; // $13:
ULONGLONG IntS5; // $14:
ULONGLONG IntFp; // $15: frame pointer register, fp/s6
ULONGLONG IntA0; // $16: argument registers, a0 - a5
ULONGLONG IntA1; // $17:
ULONGLONG IntA2; // $18:
ULONGLONG IntA3; // $19:
ULONGLONG IntA4; // $20:
ULONGLONG IntA5; // $21:
ULONGLONG IntT8; // $22: temporary registers, t8 - t11
ULONGLONG IntT9; // $23:
ULONGLONG IntT10; // $24:
ULONGLONG IntT11; // $25:
ULONGLONG IntRa; // $26: return address register, ra
ULONGLONG IntT12; // $27: temporary register, t12
ULONGLONG IntAt; // $28: assembler temp register, at
ULONGLONG IntGp; // $29: global pointer register, gp
ULONGLONG IntSp; // $30: stack pointer register, sp
ULONGLONG IntZero;  // $31: zero register, zero

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//

ULONGLONG Fpcr;    // floating point control register
ULONGLONG SoftFpcr; // software extension to FPCR

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// N.B. The registers gp, sp, and ra are defined in the integer section,
// but are considered part of the control context rather than part of
// the integer context.
//

ULONGLONG Fir;    // (fault instruction) continuation address
DWORD Psr;       // processor status

//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//

DWORD ContextFlags;
DWORD Fill[4];    // padding for 16-byte stack frame alignment

} CONTEXT, *PCONTEXT;

#else

#error _PORTABLE_32BIT_CONTEXT no longer supported on Alpha.

#endif // _PORTABLE_32BIT_CONTEXT

// end_ntddk end_nthal

#endif // _ALPHA_

#ifdef _ALPHA_

VOID
__jump_unwind (
PVOID VirtualFramePointer,
PVOID TargetPc
);

#endif // _ALPHA_

#ifdef _X86_

//
// Disable these two pramas that evaluate to "sti" "cli" on x86 so that driver
// writers to not leave them inadvertantly in their code.
//

#if !defined(MIDL_PASS)
#if !defined(RC_INVOKED)

#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable:4164) // disable C4164 warning so that apps that
                              // build with /Od don't get weird errors !
#ifdef _M_IX86
#pragma function(_enable)
#pragma function(_disable)
#endif

#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default:4164) // reenable C4164 warning
#endif

#endif
#endif

#if !defined(MIDL_PASS) && defined(_M_IX86)
#ifdef __BORLANDC__
/* Microsoft wants these to be inline functions containing inline assembly.
Borland C has trouble with this combination, so we've added simple
prototypes here and moved the real functions into the RTL.
At least until we support inline assembly from within inline functions.
*/
#ifdef __MT__ /* Force no prototype unless in MT mode */
PVOID GetFiberData( void );
PVOID GetCurrentFiber( void );
#endif /* __MT__ */
#else  /* __BORLANDC__ */
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning (disable:4035)       // disable 4035 (function must return something)
_inline PVOID GetFiberData( void ) { __asm {
                                    mov eax, fs:[0x10]
                                    mov eax,[eax]
                                    }
                                 }
_inline PVOID GetCurrentFiber( void ) { __asm mov eax, fs:[0x10] }

#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning (default:4035)       // Reenable it
#endif
#endif /* __BORLANDC__ */
#endif

// begin_ntddk begin_wx86

//
//  Define the size of the 80387 save area, which is in the context frame.
//

#define SIZE_OF_80387_REGISTERS    80

//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

#define CONTEXT_i386 0x00010000 // this assumes that i386 and
#define CONTEXT_i486 0x00010000 // i486 have identical context records

// end_wx86

#define CONTEXT_CONTROL       (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
#define CONTEXT_INTEGER       (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
#define CONTEXT_SEGMENTS       (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
#define CONTEXT_FLOATING_POINT  (CONTEXT_i386 | 0x00000008L) // 387 state
#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
#define CONTEXT_EXTENDED_REGISTERS  (CONTEXT_i386 | 0x00000020L) // cpu specific extensions

#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
                  CONTEXT_SEGMENTS)

// begin_wx86

#endif

#define MAXIMUM_SUPPORTED_EXTENSION    512

typedef struct _FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
DWORD Cr0NpxState;
} FLOATING_SAVE_AREA;

typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;

//
// Context Frame
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) is is used to constuct a call frame for APC delivery,
//  and 3) it is used in the user level thread creation routines.
//
//  The layout of the record conforms to a standard call frame.
//

typedef struct _CONTEXT {

//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//

DWORD ContextFlags;

//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//

DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//

FLOATING_SAVE_AREA FloatSave;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//

DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//

DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//

DWORD Ebp;
DWORD Eip;
DWORD SegCs;             // MUST BE SANITIZED
DWORD EFlags;          // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;

//
// This section is specified/returned if the ContextFlags word
// contains the flag CONTEXT_EXTENDED_REGISTERS.
// The format and contexts are processor specific
//

BYTE ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];

} CONTEXT;

typedef CONTEXT *PCONTEXT;

// begin_ntminiport

#endif //_X86_

#ifndef _LDT_ENTRY_DEFINED
#define _LDT_ENTRY_DEFINED

typedef struct _LDT_ENTRY {
WORD LimitLow;
WORD BaseLow;
union {
      struct {
         BYTE BaseMid;
         BYTE Flags1;    // Declare as bytes to avoid alignment
         BYTE Flags2;    // Problems.
         BYTE BaseHi;
      } Bytes;
      struct {
         DWORD BaseMid : 8;
         DWORD Type : 5;
         DWORD Dpl : 2;
         DWORD Pres : 1;
         DWORD LimitHi : 4;
         DWORD Sys : 1;
         DWORD Reserved_0 : 1;
         DWORD Default_Big : 1;
         DWORD Granularity : 1;
         DWORD BaseHi : 8;
      } Bits;
} HighWord;
} LDT_ENTRY, *PLDT_ENTRY;

#endif

#if defined(_MIPS_)

//
// Define functions to get the address of the current fiber and the
// current fiber data.
//

#define GetCurrentFiber() ((*(PNT_TIB *)0x7ffff4a8)->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))

// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

#define CONTEXT_R4000 0x00010000 // r4000 context

#define CONTEXT_CONTROL       (CONTEXT_R4000 | 0x00000001)
#define CONTEXT_FLOATING_POINT (CONTEXT_R4000 | 0x00000002)
#define CONTEXT_INTEGER       (CONTEXT_R4000 | 0x00000004)
#define CONTEXT_EXTENDED_FLOAT (CONTEXT_FLOATING_POINT | 0x00000008)
#define CONTEXT_EXTENDED_INTEGER (CONTEXT_INTEGER | 0x00000010)

#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | \
                  CONTEXT_INTEGER | CONTEXT_EXTENDED_INTEGER)

#endif

//
// Context Frame
//
//  N.B. This frame must be exactly a multiple of 16 bytes in length.
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) it is used to constuct a call frame for APC delivery,
//  3) it is used to construct a call frame for exception dispatching
//  in user mode, and 4) it is used in the user level thread creation
//  routines.
//
//  The layout of the record conforms to a standard call frame.
//

typedef struct _CONTEXT {

//
// This section is always present and is used as an argument build
// area.
//
// N.B. Context records are 0 mod 8 aligned starting with NT 4.0.
//

union {
      DWORD Argument[4];
      ULONGLONG Alignment;
};

//
// The following union defines the 32-bit and 64-bit register context.
//

union {

      //
      // 32-bit context.
      //

      struct {

         //
         // This section is specified/returned if the ContextFlags contains
         // the flag CONTEXT_FLOATING_POINT.
         //
         // N.B. This section contains the 16 double floating registers f0,
         //    f2, ..., f30.
         //

         DWORD FltF0;
         DWORD FltF1;
         DWORD FltF2;
         DWORD FltF3;
         DWORD FltF4;
         DWORD FltF5;
         DWORD FltF6;
         DWORD FltF7;
         DWORD FltF8;
         DWORD FltF9;
         DWORD FltF10;
         DWORD FltF11;
         DWORD FltF12;
         DWORD FltF13;
         DWORD FltF14;
         DWORD FltF15;
         DWORD FltF16;
         DWORD FltF17;
         DWORD FltF18;
         DWORD FltF19;
         DWORD FltF20;
         DWORD FltF21;
         DWORD FltF22;
         DWORD FltF23;
         DWORD FltF24;
         DWORD FltF25;
         DWORD FltF26;
         DWORD FltF27;
         DWORD FltF28;
         DWORD FltF29;
         DWORD FltF30;
         DWORD FltF31;

         //
         // This section is specified/returned if the ContextFlags contains
         // the flag CONTEXT_INTEGER.
         //
         // N.B. The registers gp, sp, and ra are defined in this section,
         //    but are considered part of the control context rather than
         //    part of the integer context.
         //
         // N.B. Register zero is not stored in the frame.
         //

         DWORD IntZero;
         DWORD IntAt;
         DWORD IntV0;
         DWORD IntV1;
         DWORD IntA0;
         DWORD IntA1;
         DWORD IntA2;
         DWORD IntA3;
         DWORD IntT0;
         DWORD IntT1;
         DWORD IntT2;
         DWORD IntT3;
         DWORD IntT4;
         DWORD IntT5;
         DWORD IntT6;
         DWORD IntT7;
         DWORD IntS0;
         DWORD IntS1;
         DWORD IntS2;
         DWORD IntS3;
         DWORD IntS4;
         DWORD IntS5;
         DWORD IntS6;
         DWORD IntS7;
         DWORD IntT8;
         DWORD IntT9;
         DWORD IntK0;
         DWORD IntK1;
         DWORD IntGp;
         DWORD IntSp;
         DWORD IntS8;
         DWORD IntRa;
         DWORD IntLo;
         DWORD IntHi;

         //
         // This section is specified/returned if the ContextFlags word contains
         // the flag CONTEXT_FLOATING_POINT.
         //

         DWORD Fsr;

         //
         // This section is specified/returned if the ContextFlags word contains
         // the flag CONTEXT_CONTROL.
         //
         // N.B. The registers gp, sp, and ra are defined in the integer section,
         // but are considered part of the control context rather than part of
         // the integer context.
         //

         DWORD Fir;
         DWORD Psr;

         //
         // The flags values within this flag control the contents of
         // a CONTEXT record.
         //
         // If the context record is used as an input parameter, then
         // for each portion of the context record controlled by a flag
         // whose value is set, it is assumed that that portion of the
         // context record contains valid context. If the context record
         // is being used to modify a thread's context, then only that
         // portion of the threads context will be modified.
         //
         // If the context record is used as an IN OUT parameter to capture
         // the context of a thread, then only those portions of the thread's
         // context corresponding to set flags will be returned.
         //
         // The context record is never used as an OUT only parameter.
         //

         DWORD ContextFlags;
      };

      //
      // 64-bit context.
      //

      struct {

         //
         // This section is specified/returned if the ContextFlags contains
         // the flag CONTEXT_EXTENDED_FLOAT.
         //
         // N.B. This section contains the 32 double floating registers f0,
         //    f1, ..., f31.
         //

         ULONGLONG XFltF0;
         ULONGLONG XFltF1;
         ULONGLONG XFltF2;
         ULONGLONG XFltF3;
         ULONGLONG XFltF4;
         ULONGLONG XFltF5;
         ULONGLONG XFltF6;
         ULONGLONG XFltF7;
         ULONGLONG XFltF8;
         ULONGLONG XFltF9;
         ULONGLONG XFltF10;
         ULONGLONG XFltF11;
         ULONGLONG XFltF12;
         ULONGLONG XFltF13;
         ULONGLONG XFltF14;
         ULONGLONG XFltF15;
         ULONGLONG XFltF16;
         ULONGLONG XFltF17;
         ULONGLONG XFltF18;
         ULONGLONG XFltF19;
         ULONGLONG XFltF20;
         ULONGLONG XFltF21;
         ULONGLONG XFltF22;
         ULONGLONG XFltF23;
         ULONGLONG XFltF24;
         ULONGLONG XFltF25;
         ULONGLONG XFltF26;
         ULONGLONG XFltF27;
         ULONGLONG XFltF28;
         ULONGLONG XFltF29;
         ULONGLONG XFltF30;
         ULONGLONG XFltF31;

         //
         // The following sections must exactly overlay the 32-bit context.
         //

         DWORD Fill1;
         DWORD Fill2;

         //
         // This section is specified/returned if the ContextFlags contains
         // the flag CONTEXT_FLOATING_POINT.
         //

         DWORD XFsr;

         //
         // This section is specified/returned if the ContextFlags contains
         // the flag CONTEXT_CONTROL.
         //
         // N.B. The registers gp, sp, and ra are defined in the integer
         //    section, but are considered part of the control context
         //    rather than part of the integer context.
         //

         DWORD XFir;
         DWORD XPsr;

         //
         // The flags values within this flag control the contents of
         // a CONTEXT record.
         //
         // If the context record is used as an input parameter, then
         // for each portion of the context record controlled by a flag
         // whose value is set, it is assumed that that portion of the
         // context record contains valid context. If the context record
         // is being used to modify a thread's context, then only that
         // portion of the threads context will be modified.
         //
         // If the context record is used as an IN OUT parameter to capture
         // the context of a thread, then only those portions of the thread's
         // context corresponding to set flags will be returned.
         //
         // The context record is never used as an OUT only parameter.
         //

         DWORD XContextFlags;

         //
         // This section is specified/returned if the ContextFlags contains
         // the flag CONTEXT_EXTENDED_INTEGER.
         //
         // N.B. The registers gp, sp, and ra are defined in this section,
         //    but are considered part of the control context rather than
         //    part of the integer  context.
         //
         // N.B. Register zero is not stored in the frame.
         //

         ULONGLONG XIntZero;
         ULONGLONG XIntAt;
         ULONGLONG XIntV0;
         ULONGLONG XIntV1;
         ULONGLONG XIntA0;
         ULONGLONG XIntA1;
         ULONGLONG XIntA2;
         ULONGLONG XIntA3;
         ULONGLONG XIntT0;
         ULONGLONG XIntT1;
         ULONGLONG XIntT2;
         ULONGLONG XIntT3;
         ULONGLONG XIntT4;
         ULONGLONG XIntT5;
         ULONGLONG XIntT6;
         ULONGLONG XIntT7;
         ULONGLONG XIntS0;
         ULONGLONG XIntS1;
         ULONGLONG XIntS2;
         ULONGLONG XIntS3;
         ULONGLONG XIntS4;
         ULONGLONG XIntS5;
         ULONGLONG XIntS6;
         ULONGLONG XIntS7;
         ULONGLONG XIntT8;
         ULONGLONG XIntT9;
         ULONGLONG XIntK0;
         ULONGLONG XIntK1;
         ULONGLONG XIntGp;
         ULONGLONG XIntSp;
         ULONGLONG XIntS8;
         ULONGLONG XIntRa;
         ULONGLONG XIntLo;
         ULONGLONG XIntHi;
      };
};
} CONTEXT, *PCONTEXT;

// end_ntddk end_nthal

#define CONTEXT32_LENGTH 0x130       // The original 32-bit Context length (pre NT 4.0)

#endif // MIPS

#if defined(_MIPS_)

VOID
__jump_unwind (
PVOID Fp,
PVOID TargetPc
);

#endif // MIPS

#if defined(_PPC_)

//
// The address of the TEB is placed into GPR 13 at context switch time
// and should never be destroyed.  To get the address of the TEB use
// the compiler intrinsic to access it directly from GPR 13.
//

#if defined(_M_PPC) && defined(_MSC_VER) && (_MSC_VER>=1000)
unsigned __gregister_get( unsigned const regnum );
#define NtCurrentTeb() ((struct _TEB *)__gregister_get(13))
#elif defined(_M_PPC)
struct _TEB * __builtin_get_gpr13(VOID);
#define NtCurrentTeb() ((struct _TEB *)__builtin_get_gpr13())
#endif

//
// Define functions to get the address of the current fiber and the
// current fiber data.
//

#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))

// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

#define CONTEXT_CONTROL       0x00000001L
#define CONTEXT_FLOATING_POINT  0x00000002L
#define CONTEXT_INTEGER       0x00000004L
#define CONTEXT_DEBUG_REGISTERS 0x00000008L

#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)

#endif

//
// Context Frame
//
//  N.B. This frame must be exactly a multiple of 16 bytes in length.
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) it is used to constuct a call frame for APC delivery,
//  3) it is used to construct a call frame for exception dispatching
//  in user mode, and 4) it is used in the user level thread creation
//  routines.
//
//  Requires at least 8-byte alignment (double)
//

typedef struct _CONTEXT {

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//

double Fpr0;                      // Floating registers 0..31
double Fpr1;
double Fpr2;
double Fpr3;
double Fpr4;
double Fpr5;
double Fpr6;
double Fpr7;
double Fpr8;
double Fpr9;
double Fpr10;
double Fpr11;
double Fpr12;
double Fpr13;
double Fpr14;
double Fpr15;
double Fpr16;
double Fpr17;
double Fpr18;
double Fpr19;
double Fpr20;
double Fpr21;
double Fpr22;
double Fpr23;
double Fpr24;
double Fpr25;
double Fpr26;
double Fpr27;
double Fpr28;
double Fpr29;
double Fpr30;
double Fpr31;
double Fpscr;                      // Floating point status/control reg

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//

DWORD Gpr0;                      // General registers 0..31
DWORD Gpr1;
DWORD Gpr2;
DWORD Gpr3;
DWORD Gpr4;
DWORD Gpr5;
DWORD Gpr6;
DWORD Gpr7;
DWORD Gpr8;
DWORD Gpr9;
DWORD Gpr10;
DWORD Gpr11;
DWORD Gpr12;
DWORD Gpr13;
DWORD Gpr14;
DWORD Gpr15;
DWORD Gpr16;
DWORD Gpr17;
DWORD Gpr18;
DWORD Gpr19;
DWORD Gpr20;
DWORD Gpr21;
DWORD Gpr22;
DWORD Gpr23;
DWORD Gpr24;
DWORD Gpr25;
DWORD Gpr26;
DWORD Gpr27;
DWORD Gpr28;
DWORD Gpr29;
DWORD Gpr30;
DWORD Gpr31;

DWORD Cr;                         // Condition register
DWORD Xer;                         // Fixed point exception register

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//

DWORD Msr;                         // Machine status register
DWORD Iar;                         // Instruction address register
DWORD Lr;                         // Link register
DWORD Ctr;                         // Count register

//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//

DWORD ContextFlags;

DWORD Fill[3];                   // Pad out to multiple of 16 bytes

//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0;                         // Breakpoint Register 1
DWORD Dr1;                         // Breakpoint Register 2
DWORD Dr2;                         // Breakpoint Register 3
DWORD Dr3;                         // Breakpoint Register 4
DWORD Dr4;                         // Breakpoint Register 5
DWORD Dr5;                         // Breakpoint Register 6
DWORD Dr6;                         // Debug Status Register
DWORD Dr7;                         // Debug Control Register

} CONTEXT, *PCONTEXT;

// end_ntddk end_nthal

//
// Stack frame header
//
// Order of appearance in stack frame:
//    Header (six words)
//    Parameters (at least eight words)
//    Local variables
//    Saved GPRs
//    Saved FPRs
//
// Minimum alignment is 8 bytes

typedef struct _STACK_FRAME_HEADER { // GPR 1 points here
DWORD BackChain;                   // Addr of previous frame
DWORD GlueSaved1;                // Used by glue code
DWORD GlueSaved2;
DWORD Reserved1;                   // Reserved
DWORD Spare1;                      // Used by tracing, profiling, ...
DWORD Spare2;

DWORD Parameter0;                // First 8 parameter words are
DWORD Parameter1;                // always present
DWORD Parameter2;
DWORD Parameter3;
DWORD Parameter4;
DWORD Parameter5;
DWORD Parameter6;
DWORD Parameter7;

} STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER;

VOID
__jump_unwind (
PVOID Fp,
PVOID TargetPc
);

#endif // defined(_PPC_)

#if defined(_MPPC_)

//
// The address of the TEB is placed into GPR 13 at context switch time
// and should never be destroyed.  To get the address of the TEB use
// the compiler intrinsic to access it directly from GPR 13.
//

#if defined(_M_PPC) && defined(_MSC_VER) && (_MSC_VER>=1000)
unsigned __gregister_get( unsigned const regnum );
#define NtCurrentTeb() ((struct _TEB *)__gregister_get(13))
#elif defined(_M_PPC)
struct _TEB * __builtin_get_gpr13(VOID);
#define NtCurrentTeb() ((struct _TEB *)__builtin_get_gpr13())
#endif

//
// Define functions to get the address of the current fiber and the
// current fiber data.
//

#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))

// begin_ntddk begin_nthal
//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

#define CONTEXT_CONTROL       0x00000001L
#define CONTEXT_FLOATING_POINT  0x00000002L
#define CONTEXT_INTEGER       0x00000004L
#define CONTEXT_DEBUG_REGISTERS 0x00000008L

#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)

#endif

//
// Context Frame
//
//  N.B. This frame must be exactly a multiple of 16 bytes in length.
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) it is used to constuct a call frame for APC delivery,
//  3) it is used to construct a call frame for exception dispatching
//  in user mode, and 4) it is used in the user level thread creation
//  routines.
//
//  Requires at least 8-byte alignment (double)
//

typedef struct _CONTEXT {

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//

double Fpr0;                      // Floating registers 0..31
double Fpr1;
double Fpr2;
double Fpr3;
double Fpr4;
double Fpr5;
double Fpr6;
double Fpr7;
double Fpr8;
double Fpr9;
double Fpr10;
double Fpr11;
double Fpr12;
double Fpr13;
double Fpr14;
double Fpr15;
double Fpr16;
double Fpr17;
double Fpr18;
double Fpr19;
double Fpr20;
double Fpr21;
double Fpr22;
double Fpr23;
double Fpr24;
double Fpr25;
double Fpr26;
double Fpr27;
double Fpr28;
double Fpr29;
double Fpr30;
double Fpr31;
double Fpscr;                      // Floating point status/control reg

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//

DWORD Gpr0;                      // General registers 0..31
DWORD Gpr1;
DWORD Gpr2;
DWORD Gpr3;
DWORD Gpr4;
DWORD Gpr5;
DWORD Gpr6;
DWORD Gpr7;
DWORD Gpr8;
DWORD Gpr9;
DWORD Gpr10;
DWORD Gpr11;
DWORD Gpr12;
DWORD Gpr13;
DWORD Gpr14;
DWORD Gpr15;
DWORD Gpr16;
DWORD Gpr17;
DWORD Gpr18;
DWORD Gpr19;
DWORD Gpr20;
DWORD Gpr21;
DWORD Gpr22;
DWORD Gpr23;
DWORD Gpr24;
DWORD Gpr25;
DWORD Gpr26;
DWORD Gpr27;
DWORD Gpr28;
DWORD Gpr29;
DWORD Gpr30;
DWORD Gpr31;

DWORD Cr;                         // Condition register
DWORD Xer;                         // Fixed point exception register

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//

DWORD Msr;                         // Machine status register
DWORD Iar;                         // Instruction address register
DWORD Lr;                         // Link register
DWORD Ctr;                         // Count register

//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//

DWORD ContextFlags;

DWORD Fill[3];                   // Pad out to multiple of 16 bytes

//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0;                         // Breakpoint Register 1
DWORD Dr1;                         // Breakpoint Register 2
DWORD Dr2;                         // Breakpoint Register 3
DWORD Dr3;                         // Breakpoint Register 4
DWORD Dr4;                         // Breakpoint Register 5
DWORD Dr5;                         // Breakpoint Register 6
DWORD Dr6;                         // Debug Status Register
DWORD Dr7;                         // Debug Control Register

} CONTEXT, *PCONTEXT;

// end_ntddk end_nthal

//
// Stack frame header
//
// Order of appearance in stack frame:
//    Header (six words)
//    Parameters (at least eight words)
//    Local variables
//    Saved GPRs
//    Saved FPRs
//
// Minimum alignment is 8 bytes

typedef struct _STACK_FRAME_HEADER { // GPR 1 points here
DWORD BackChain;                   // Addr of previous frame
DWORD GlueSaved1;                // Used by glue code
DWORD GlueSaved2;
DWORD Reserved1;                   // Reserved
DWORD Spare1;                      // Used by tracing, profiling, ...
DWORD Spare2;

DWORD Parameter0;                // First 8 parameter words are
DWORD Parameter1;                // always present
DWORD Parameter2;
DWORD Parameter3;
DWORD Parameter4;
DWORD Parameter5;
DWORD Parameter6;
DWORD Parameter7;

} STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER;

VOID
__jump_unwind (
PVOID Fp,
PVOID TargetPc
);

#endif // defined(_MPPC_)

#if !defined(__midl) && !defined(GENUTIL) && !defined(_GENIA64_) && defined(_IA64_)

// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT
void * _cdecl _rdteb(void);
#if defined(_M_IA64)                   // winnt
#pragma intrinsic(_rdteb)             // winnt
#endif                               // winnt
#define NtCurrentTeb()    ((struct _TEB *)_rdteb())
// @@END_DDKSPLIT

//
// Define functions to get the address of the current fiber and the
// current fiber data.
//

#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))

#endif  // !defined(__midl) && !defined(GENUTIL) && !defined(_GENIA64_) && defined(_M_IA64)

#ifdef _IA64_

// begin_ntddk begin_nthal

//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT

// @@END_DDKSPLIT

#endif // !defined(RC_INVOKED)

//
// Context Frame
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) it is used to construct a call frame for APC delivery,
//  3) it is used to construct a call frame for exception dispatching
//  in user mode, 4) it is used in the user level thread creation
//  routines, and 5) it is used to to pass thread state to debuggers.
//
//  N.B. Because this record is used as a call frame, it must be EXACTLY
//  a multiple of 16 bytes in length and aligned on a 16-byte boundary.
//

typedef struct _CONTEXT {

//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//

DWORD ContextFlags;
DWORD Fill1[3];       // for alignment of following on 16-byte boundary

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_DEBUG.
//
// N.B. CONTEXT_DEBUG is *not* part of CONTEXT_FULL.
//

// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT.
//

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_HIGHER_FLOATING_POINT.
//

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT | CONTEXT_CONTROL.
//

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, rp are part of the control context
//

//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//

// Other application registers

// Register stack info

// Trap Status Information

// iA32 related control registers

// @@END_DDKSPLIT

} CONTEXT, *PCONTEXT;

//
// Followings are the data structures that required to support Legacy x86
//

//
//  Define the size of the 80387 save area, which is in the context frame.
//

#define SIZE_OF_80387_REGISTERS    80

//
// The following flags control the contents of the CONTEXT structure.
//

#if !defined(RC_INVOKED)

#define CONTEXT_i386 0x00010000 // this assumes that i386 and
#define CONTEXT_i486 0x00010000 // i486 have identical context records
#define CONTEXT_X86    0x00010000 // X86 have identical context records

#define CONTEXT86_CONTROL       (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
#define CONTEXT86_INTEGER       (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
#define CONTEXT86_SEGMENTS       (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
#define CONTEXT86_FLOATING_POINT  (CONTEXT_i386 | 0x00000008L) // 387 state
#define CONTEXT86_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7

#define CONTEXT86_FULL (CONTEXT86_CONTROL | CONTEXT86_INTEGER |\
                  CONTEXT86_SEGMENTS) // context corresponding to set flags will be returned.

#endif // !defined(RC_INVOKED)

typedef struct _FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
DWORD Cr0NpxState;
} FLOATING_SAVE_AREA;

typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;

//
// Context Frame
//
//  This frame has a several purposes: 1) it is used as an argument to
//  NtContinue, 2) is is used to constuct a call frame for APC delivery,
//  and 3) it is used in the user level thread creation routines.
//
//  The layout of the record conforms to a standard call frame.
//

typedef struct _CONTEXT86 {

//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//

DWORD ContextFlags;

//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//

DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//

FLOATING_SAVE_AREA FloatSave;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//

DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//
//

DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;

//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//

DWORD Ebp;
DWORD Eip;
DWORD SegCs;             // MUST BE SANITIZED
DWORD EFlags;          // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;

} CONTEXT86;

#ifndef _LDT_ENTRY_DEFINED
#define _LDT_ENTRY_DEFINED

//
//  LDT descriptor entry
//

typedef struct _LDT_ENTRY {
WORD LimitLow;
WORD BaseLow;
union {
      struct {
         BYTE BaseMid;
         BYTE Flags1;    // Declare as bytes to avoid alignment
         BYTE Flags2;    // Problems.
         BYTE BaseHi;
      } Bytes;
      struct {
         DWORD BaseMid : 8;
         DWORD Type : 5;
         DWORD Dpl : 2;
         DWORD Pres : 1;
         DWORD LimitHi : 4;
         DWORD Sys : 1;
         DWORD Reserved_0 : 1;
         DWORD Default_Big : 1;
         DWORD Granularity : 1;
         DWORD BaseHi : 8;
      } Bits;
} HighWord;
} LDT_ENTRY, *PLDT_ENTRY;

#endif // _LDT_ENTRY_DEFINED

//
// Plabel descriptor structure definition
//

// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT

// @@END_DDKSPLIT

#endif // _IA64_

#ifdef _IA64_

// Please contact INTEL to get IA64-specific information
// @@BEGIN_DDKSPLIT

// @@END_DDKSPLIT

#endif // _IA64_

#define EXCEPTION_NONCONTINUABLE 0x1 // Noncontinuable exception
#define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters

//
// Exception record definition.
//

typedef struct _EXCEPTION_RECORD {
DWORD ExceptionCode;
DWORD ExceptionFlags;
struct _EXCEPTION_RECORD *ExceptionRecord;
PVOID ExceptionAddress;
DWORD NumberParameters;
ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD;

typedef EXCEPTION_RECORD *PEXCEPTION_RECORD;

typedef struct _EXCEPTION_RECORD32 {
DWORD ExceptionCode;
DWORD ExceptionFlags;
DWORD ExceptionRecord;
DWORD ExceptionAddress;
DWORD NumberParameters;
DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD32, *PEXCEPTION_RECORD32;

typedef struct _EXCEPTION_RECORD64 {
DWORD ExceptionCode;
DWORD ExceptionFlags;
DWORD64 ExceptionRecord;
DWORD64 ExceptionAddress;
DWORD NumberParameters;
DWORD __unusedAlignment;
DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD64, *PEXCEPTION_RECORD64;

//
// Typedef for pointer returned by exception_info()
//

typedef struct _EXCEPTION_POINTERS {
PEXCEPTION_RECORD ExceptionRecord;
PCONTEXT ContextRecord;
} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
typedef PVOID PACCESS_TOKEN;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef PVOID PSID;
////////////////////////////////////////////////////////////////////////
//                                                                   //
//                            ACCESS MASK                         //
//                                                                   //
////////////////////////////////////////////////////////////////////////

//
//  Define the access mask as a longword sized structure divided up as
//  follows:
//
//    3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
//    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//    +---------------+---------------+-------------------------------+
//    |G|G|G|G|Res'd|A| StandardRights|       SpecificRights       |
//    |R|W|E|A|    |S|             |                            |
//    +-+-------------+---------------+-------------------------------+
//
//    typedef struct _ACCESS_MASK {
//       WORD SpecificRights;
//       BYTE  StandardRights;
//       BYTE  AccessSystemAcl : 1;
//       BYTE  Reserved : 3;
//       BYTE  GenericAll : 1;
//       BYTE  GenericExecute : 1;
//       BYTE  GenericWrite : 1;
//       BYTE  GenericRead : 1;
//    } ACCESS_MASK;
//    typedef ACCESS_MASK *PACCESS_MASK;
//
//  but to make life simple for programmer's we'll allow them to specify
//  a desired access mask by simply OR'ing together mulitple single rights
//  and treat an access mask as a DWORD.  For example
//
//    DesiredAccess = DELETE | READ_CONTROL
//
//  So we'll declare ACCESS_MASK as DWORD
//

// begin_ntddk begin_wdm begin_nthal begin_ntifs
typedef DWORD ACCESS_MASK;
typedef ACCESS_MASK *PACCESS_MASK;

////////////////////////////////////////////////////////////////////////
//                                                                   //
//                            ACCESS TYPES                         //
//                                                                   //
////////////////////////////////////////////////////////////////////////

// begin_ntddk begin_wdm begin_nthal begin_ntifs
//
//  The following are masks for the predefined standard access types
//

#define DELETE                         (0x00010000L)
#define READ_CONTROL                   (0x00020000L)
#define WRITE_DAC                      (0x00040000L)
#define WRITE_OWNER                   (0x00080000L)
#define SYNCHRONIZE                   (0x00100000L)

#define STANDARD_RIGHTS_REQUIRED       (0x000F0000L)

#define STANDARD_RIGHTS_READ          (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE          (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE       (READ_CONTROL)

#define STANDARD_RIGHTS_ALL             (0x001F0000L)

#define SPECIFIC_RIGHTS_ALL             (0x0000FFFFL)

//
// AccessSystemAcl access type
//

#define ACCESS_SYSTEM_SECURITY          (0x01000000L)

//
// MaximumAllowed access type
//

#define MAXIMUM_ALLOWED                (0x02000000L)

//
//  These are the generic rights.
//

#define GENERIC_READ                   (0x80000000L)
#define GENERIC_WRITE                   (0x40000000L)
#define GENERIC_EXECUTE                (0x20000000L)
#define GENERIC_ALL                   (0x10000000L)

//
//  Define the generic mapping array.  This is used to denote the
//  mapping of each generic access right to a specific access mask.
//

typedef struct _GENERIC_MAPPING {
ACCESS_MASK GenericRead;
ACCESS_MASK GenericWrite;
ACCESS_MASK GenericExecute;
ACCESS_MASK GenericAll;
} GENERIC_MAPPING;
typedef GENERIC_MAPPING *PGENERIC_MAPPING;

////////////////////////////////////////////////////////////////////////
//                                                                   //
//                      LUID_AND_ATTRIBUTES                      //
//                                                                   //
////////////////////////////////////////////////////////////////////////
//
//

#include <pshpack4.h>

typedef struct _LUID_AND_ATTRIBUTES {
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;

#include <poppack.h>

////////////////////////////////////////////////////////////////////////
//                                                                   //
//             Security Id    (SID)                               //
//                                                                   //
////////////////////////////////////////////////////////////////////////
//
//
// Pictorially the structure of an SID is as follows:
//
//       1 1 1 1 1 1
//       5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//    +---------------------------------------------------------------+
//    |    SubAuthorityCount       |Reserved1 (SBZ)| Revision |
//    +---------------------------------------------------------------+
//    |                IdentifierAuthority[0]                   |
//    +---------------------------------------------------------------+
//    |                IdentifierAuthority[1]                   |
//    +---------------------------------------------------------------+
//    |                IdentifierAuthority[2]                   |
//    +---------------------------------------------------------------+
//    |                                                             |
//    +- -  -  -  -  -  -  -  SubAuthority[]  -  -  -  -  -  -  -  - -+
//    |                                                             |
//    +---------------------------------------------------------------+
//
//

// begin_ntifs

#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
#define SID_IDENTIFIER_AUTHORITY_DEFINED
typedef struct _SID_IDENTIFIER_AUTHORITY {
BYTE  Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#endif

#ifndef SID_DEFINED
#define SID_DEFINED
typedef struct _SID {
BYTE  Revision;
BYTE  SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
#ifdef MIDL_PASS
[size_is(SubAuthorityCount)] DWORD SubAuthority

;

#else // MIDL_PASS
DWORD SubAuthority[ANYSIZE_ARRAY];
#endif // MIDL_PASS
} SID, *PISID;
#endif

#define SID_REVISION                   (1) // Current revision level
#define SID_MAX_SUB_AUTHORITIES       (15)
#define SID_RECOMMENDED_SUB_AUTHORITIES  (1) // Will change to around 6
                                             // in a future release.

typedef enum _SID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer
} SID_NAME_USE, *PSID_NAME_USE;

typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;

typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;

/////////////////////////////////////////////////////////////////////////////
//                                                                      //
// Universal well-known SIDs                                              //
//                                                                      //
//    Null SID                   S-1-0-0                               //
//    World                      S-1-1-0                               //
//    Local                      S-1-2-0                               //
//    Creator Owner ID          S-1-3-0                               //
//    Creator Group ID          S-1-3-1                               //
//    Creator Owner Server ID    S-1-3-2                               //
//    Creator Group Server ID    S-1-3-3                               //
//                                                                      //
//    (Non-unique IDs)          S-1-4                               //
//                                                                      //
/////////////////////////////////////////////////////////////////////////////

#define SECURITY_NULL_SID_AUTHORITY    {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY    {0,0,0,0,0,1}
#define SECURITY_LOCAL_SID_AUTHORITY    {0,0,0,0,0,2}
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
#define SECURITY_NON_UNIQUE_AUTHORITY    {0,0,0,0,0,4}

#define SECURITY_NULL_RID                (0x00000000L)
#define SECURITY_WORLD_RID             (0x00000000L)
#define SECURITY_LOCAL_RID             (0X00000000L)

#define SECURITY_CREATOR_OWNER_RID       (0x00000000L)
#define SECURITY_CREATOR_GROUP_RID       (0x00000001L)

#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)

/////////////////////////////////////////////////////////////////////////////
//                                                                      //
// NT well-known SIDs                                                    //
//                                                                      //
//    NT Authority       S-1-5                                        //
//    Dialup             S-1-5-1                                     //
//                                                                      //
//    Network             S-1-5-2                                     //
//    Batch                S-1-5-3                                     //
//    Interactive          S-1-5-4                                     //
//    Service             S-1-5-6                                     //
//    AnonymousLogon       S-1-5-7    (aka null logon session)       //
//    Proxy                S-1-5-8                                     //
//    ServerLogon          S-1-5-9    (aka domain controller account) //
//    Self                S-1-5-10    (self RID)                   //
//    Authenticated User S-1-5-11    (Authenticated user somewhere)  //
//    Restricted Code    S-1-5-12    (Running restricted code)    //
//    Terminal Server    S-1-5-13    (Running on Terminal Server) //
//                                                                      //
//    (Logon IDs)          S-1-5-5-X-Y                                  //
//                                                                      //
//    (NT non-unique IDs) S-1-5-0x15-...                               //
//                                                                      //
//    (Built-in domain)    s-1-5-0x20                                  //
//                                                                      //
/////////////////////////////////////////////////////////////////////////////

#define SECURITY_NT_AUTHORITY          {0,0,0,0,0,5} // ntifs

#define SECURITY_DIALUP_RID          (0x00000001L)
#define SECURITY_NETWORK_RID          (0x00000002L)
#define SECURITY_BATCH_RID             (0x00000003L)
#define SECURITY_INTERACTIVE_RID       (0x00000004L)
#define SECURITY_SERVICE_RID          (0x00000006L)
#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
#define SECURITY_PROXY_RID             (0x00000008L)
#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
#define SECURITY_SERVER_LOGON_RID    SECURITY_ENTERPRISE_CONTROLLERS_RID
#define SECURITY_PRINCIPAL_SELF_RID    (0x0000000AL)
#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)

#define SECURITY_LOGON_IDS_RID       (0x00000005L)
#define SECURITY_LOGON_IDS_RID_COUNT (3L)

#define SECURITY_LOCAL_SYSTEM_RID    (0x00000012L)

#define SECURITY_NT_NON_UNIQUE       (0x00000015L)

#define SECURITY_BUILTIN_DOMAIN_RID    (0x00000020L)

/////////////////////////////////////////////////////////////////////////////
//                                                                      //
// well-known domain relative sub-authority values (RIDs)...             //
//                                                                      //
/////////////////////////////////////////////////////////////////////////////

// Well-known users ...

#define DOMAIN_USER_RID_ADMIN       (0x000001F4L)
#define DOMAIN_USER_RID_GUEST       (0x000001F5L)
#define DOMAIN_USER_RID_KRBTGT       (0x000001F6L)

// well-known groups ...

#define DOMAIN_GROUP_RID_ADMINS       (0x00000200L)
#define DOMAIN_GROUP_RID_USERS       (0x00000201L)
#define DOMAIN_GROUP_RID_GUESTS       (0x00000202L)
#define DOMAIN_GROUP_RID_COMPUTERS    (0x00000203L)
#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)

// well-known aliases ...

#define DOMAIN_ALIAS_RID_ADMINS       (0x00000220L)
#define DOMAIN_ALIAS_RID_USERS       (0x00000221L)
#define DOMAIN_ALIAS_RID_GUESTS       (0x00000222L)
#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)

#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
#define DOMAIN_ALIAS_RID_PRINT_OPS    (0x00000226L)
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)

#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)

//
// Allocate the System Luid.  The first 1000 LUIDs are reserved.
// Use #999 here (0x3E7 = 999)
//

#define SYSTEM_LUID                   { 0x3E7, 0x0 }
#define ANONYMOUS_LOGON_LUID          { 0x3e6, 0x0 }

// end_ntifs

////////////////////////////////////////////////////////////////////////
//                                                                   //
//                         User and Group related SID attributes    //
//                                                                   //
////////////////////////////////////////////////////////////////////////

//
// Group attributes
//

#define SE_GROUP_MANDATORY             (0x00000001L)
#define SE_GROUP_ENABLED_BY_DEFAULT    (0x00000002L)
#define SE_GROUP_ENABLED             (0x00000004L)
#define SE_GROUP_OWNER                (0x00000008L)
#define SE_GROUP_USE_FOR_DENY_ONLY    (0x00000010L)
#define SE_GROUP_LOGON_ID             (0xC0000000L)
#define SE_GROUP_RESOURCE             (0x20000000L)

//
// User attributes
//

// (None yet defined.)

////////////////////////////////////////////////////////////////////////
//                                                                   //
//                      ACL  and  ACE                            //
//                                                                   //
////////////////////////////////////////////////////////////////////////

//
//  Define an ACL and the ACE format.  The structure of an ACL header
//  followed by one or more ACEs.  Pictorally the structure of an ACL header
//  is as follows:
//
//    3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
//    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//    +-------------------------------+---------------+---------------+
//    |          AclSize          |    Sbz1    |  AclRevision  |
//    +-------------------------------+---------------+---------------+
//    |             Sbz2          |          AceCount          |
//    +-------------------------------+-------------------------------+
//
//  The current AclRevision is defined to be ACL_REVISION.
//
//  AclSize is the size, in bytes, allocated for the ACL.  This includes
//  the ACL header, ACES, and remaining free space in the buffer.
//
//  AceCount is the number of ACES in the ACL.
//

// begin_ntddk begin_ntifs
// This is the *current* ACL revision

#define ACL_REVISION    (2)
#define ACL_REVISION_DS  (4)

// This is the history of ACL revisions.  Add a new one whenever
// ACL_REVISION is updated

#define ACL_REVISION1 (1)
#define MIN_ACL_REVISION ACL_REVISION2
#define ACL_REVISION2 (2)
#define ACL_REVISION3 (3)
#define ACL_REVISION4 (4)
#define MAX_ACL_REVISION ACL_REVISION4

typedef struct _ACL {
BYTE  AclRevision;
BYTE  Sbz1;
WORD AclSize;
WORD AceCount;
WORD Sbz2;
} ACL;
typedef ACL *PACL;

// end_ntddk

//
//  The structure of an ACE is a common ace header followed by ace type
//  specific data.  Pictorally the structure of the common ace header is
//  as follows:
//
//    3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
//    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//    +---------------+-------+-------+---------------+---------------+
//    |          AceSize          | AceFlags |    AceType |
//    +---------------+-------+-------+---------------+---------------+
//
//  AceType denotes the type of the ace, there are some predefined ace
//  types
//
//  AceSize is the size, in bytes, of ace.
//
//  AceFlags are the Ace flags for audit and inheritance, defined shortly.

typedef struct _ACE_HEADER {
BYTE  AceType;
BYTE  AceFlags;
WORD AceSize;
} ACE_HEADER;
typedef ACE_HEADER *PACE_HEADER;

//
//  The following are the predefined ace types that go into the AceType
//  field of an Ace header.
//

#define ACCESS_MIN_MS_ACE_TYPE                (0x0)
#define ACCESS_ALLOWED_ACE_TYPE                (0x0)
#define ACCESS_DENIED_ACE_TYPE                (0x1)
#define SYSTEM_AUDIT_ACE_TYPE                (0x2)
#define SYSTEM_ALARM_ACE_TYPE                (0x3)
#define ACCESS_MAX_MS_V2_ACE_TYPE             (0x3)

#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE       (0x4)
#define ACCESS_MAX_MS_V3_ACE_TYPE             (0x4)

#define ACCESS_MIN_MS_OBJECT_ACE_TYPE          (0x5)
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE       (0x5)
#define ACCESS_DENIED_OBJECT_ACE_TYPE          (0x6)
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE          (0x7)
#define SYSTEM_ALARM_OBJECT_ACE_TYPE          (0x8)
#define ACCESS_MAX_MS_OBJECT_ACE_TYPE          (0x8)

#define ACCESS_MAX_MS_V4_ACE_TYPE             (0x8)
#define ACCESS_MAX_MS_ACE_TYPE                (0x8)

//
//  The following are the inherit flags that go into the AceFlags field
//  of an Ace header.
//

#define OBJECT_INHERIT_ACE             (0x1)
#define CONTAINER_INHERIT_ACE          (0x2)
#define NO_PROPAGATE_INHERIT_ACE       (0x4)
#define INHERIT_ONLY_ACE                (0x8)
#define INHERITED_ACE                   (0x10)
#define VALID_INHERIT_FLAGS             (0x1F)

//  The following are the currently defined ACE flags that go into the
//  AceFlags field of an ACE header.  Each ACE type has its own set of
//  AceFlags.
//
//  SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
//  types to indicate that a message is generated for successful accesses.
//
//  FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
//  to indicate that a message is generated for failed accesses.
//

//
//  SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
//
//  These control the signaling of audit and alarms for success or failure.
//

#define SUCCESSFUL_ACCESS_ACE_FLAG    (0x40)
#define FAILED_ACCESS_ACE_FLAG          (0x80)

//
//  We'll define the structure of the predefined ACE types.  Pictorally
//  the structure of the predefined ACE's is as follows:
//
//    3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
//    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//    +---------------+-------+-------+---------------+---------------+
//    | AceFlags | Resd  |Inherit| AceSize |    AceType |
//    +---------------+-------+-------+---------------+---------------+
//    |                            Mask                            |
//    +---------------------------------------------------------------+
//    |                                                             |
//    +                                                             +
//    |                                                             |
//    +                            Sid                            +
//    |                                                             |
//    +                                                             +
//    |                                                             |
//    +---------------------------------------------------------------+
//
//  Mask is the access mask associated with the ACE.  This is either the
//  access allowed, access denied, audit, or alarm mask.
//
//  Sid is the Sid associated with the ACE.
//

//  The following are the four predefined ACE types.

//  Examine the AceType field in the Header to determine
//  which structure is appropriate to use for casting.

typedef struct _ACCESS_ALLOWED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} ACCESS_ALLOWED_ACE;

typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;

typedef struct _ACCESS_DENIED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} ACCESS_DENIED_ACE;
typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;

typedef struct _SYSTEM_AUDIT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_AUDIT_ACE;
typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;

typedef struct _SYSTEM_ALARM_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_ALARM_ACE;
typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;

// end_ntifs

typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;

typedef struct _ACCESS_DENIED_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;

typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;

typedef struct _SYSTEM_ALARM_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD Flags;
GUID ObjectType;
GUID InheritedObjectType;
DWORD SidStart;
} SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;

//
// Currently define Flags for "OBJECT" ACE types.
//

#define ACE_OBJECT_TYPE_PRESENT          0x1
#define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2

//
//  The following declarations are used for setting and querying information
//  about and ACL.  First are the various information classes available to
//  the user.
//

typedef enum _ACL_INFORMATION_CLASS {
AclRevisionInformation = 1,
AclSizeInformation
} ACL_INFORMATION_CLASS;

//
//  This record is returned/sent if the user is requesting/setting the
//  AclRevisionInformation
//

typedef struct _ACL_REVISION_INFORMATION {
DWORD AclRevision;
} ACL_REVISION_INFORMATION;
typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;

//
//  This record is returned if the user is requesting AclSizeInformation
//

typedef struct _ACL_SIZE_INFORMATION {
DWORD AceCount;
DWORD AclBytesInUse;
DWORD AclBytesFree;
} ACL_SIZE_INFORMATION;
typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;

////////////////////////////////////////////////////////////////////////
//                                                                   //
//                            SECURITY_DESCRIPTOR                   //
//                                                                   //
////////////////////////////////////////////////////////////////////////
//
//  Define the Security Descriptor and related data types.
//  This is an opaque data structure.
//

// begin_ntddk begin_ntifs
//
// Current security descriptor revision value
//

#define SECURITY_DESCRIPTOR_REVISION    (1)
#define SECURITY_DESCRIPTOR_REVISION1 (1)

// end_ntddk

#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))

typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;

#define SE_OWNER_DEFAULTED             (0x0001)
#define SE_GROUP_DEFAULTED             (0x0002)
#define SE_DACL_PRESENT                (0x0004)
#define SE_DACL_DEFAULTED             (0x0008)
#define SE_SACL_PRESENT                (0x0010)
#define SE_SACL_DEFAULTED             (0x0020)
#define SE_DACL_AUTO_INHERIT_REQ       (0x0100)
#define SE_SACL_AUTO_INHERIT_REQ       (0x0200)
#define SE_DACL_AUTO_INHERITED          (0x0400)
#define SE_SACL_AUTO_INHERITED          (0x0800)
#define SE_DACL_PROTECTED             (0x1000)
#define SE_SACL_PROTECTED             (0x2000)
#define SE_RM_CONTROL_VALID             (0x4000)
#define SE_SELF_RELATIVE                (0x8000)

//
//  Where:
//
//    SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the
//       SID pointed to by the Owner field was provided by a
//       defaulting mechanism rather than explicitly provided by the
//       original provider of the security descriptor.  This may
//       affect the treatment of the SID with respect to inheritence
//       of an owner.
//
//    SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the
//       SID in the Group field was provided by a defaulting mechanism
//       rather than explicitly provided by the original provider of
//       the security descriptor.  This may affect the treatment of
//       the SID with respect to inheritence of a primary group.
//
//    SE_DACL_PRESENT - This boolean flag, when set, indicates that the
//       security descriptor contains a discretionary ACL.  If this
//       flag is set and the Dacl field of the SECURITY_DESCRIPTOR is
//       null, then a null ACL is explicitly being specified.
//
//    SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the
//       ACL pointed to by the Dacl field was provided by a defaulting
//       mechanism rather than explicitly provided by the original
//       provider of the security descriptor.  This may affect the
//       treatment of the ACL with respect to inheritence of an ACL.
//       This flag is ignored if the DaclPresent flag is not set.
//
//    SE_SACL_PRESENT - This boolean flag, when set,  indicates that the
//       security descriptor contains a system ACL pointed to by the
//       Sacl field.  If this flag is set and the Sacl field of the
//       SECURITY_DESCRIPTOR is null, then an empty (but present)
//       ACL is being specified.
//
//    SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the
//       ACL pointed to by the Sacl field was provided by a defaulting
//       mechanism rather than explicitly provided by the original
//       provider of the security descriptor.  This may affect the
//       treatment of the ACL with respect to inheritence of an ACL.
//       This flag is ignored if the SaclPresent flag is not set.
//
//    SE_SELF_RELATIVE - This boolean flag, when set, indicates that the
//       security descriptor is in self-relative form.  In this form,
//       all fields of the security descriptor are contiguous in memory
//       and all pointer fields are expressed as offsets from the
//       beginning of the security descriptor.  This form is useful
//       for treating security descriptors as opaque data structures
//       for transmission in communication protocol or for storage on
//       secondary media.
//
//
//
// Pictorially the structure of a security descriptor is as follows:
//
//    3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
//    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//    +---------------------------------------------------------------+
//    |          Control          |Reserved1 (SBZ)| Revision |
//    +---------------------------------------------------------------+
//    |                         Owner                            |
//    +---------------------------------------------------------------+
//    |                         Group                            |
//    +---------------------------------------------------------------+
//    |                         Sacl                            |
//    +---------------------------------------------------------------+
//    |                         Dacl                            |
//    +---------------------------------------------------------------+
//
// In general, this data structure should be treated opaquely to ensure future
// compatibility.
//
//

typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
BYTE  Revision;
BYTE  Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
DWORD Owner;
DWORD Group;
DWORD Sacl;
DWORD Dacl;
} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;

typedef struct _SECURITY_DESCRIPTOR {
BYTE  Revision;
BYTE  Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;

} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

// end_ntifs

// Where:
//
//    Revision - Contains the revision level of the security
//       descriptor.  This allows this structure to be passed between
//       systems or stored on disk even though it is expected to
//       change in the future.
//
//    Control - A set of flags which qualify the meaning of the
//       security descriptor or individual fields of the security
//       descriptor.
//
//    Owner - is a pointer to an SID representing an object's owner.
//       If this field is null, then no owner SID is present in the
//       security descriptor.  If the security descriptor is in
//       self-relative form, then this field contains an offset to
//       the SID, rather than a pointer.
//
//    Group - is a pointer to an SID representing an object's primary
//       group.  If this field is null, then no primary group SID is
//       present in the security descriptor.  If the security descriptor
//       is in self-relative form, then this field contains an offset to
//       the SID, rather than a pointer.
//
//    Sacl - is a pointer to a system ACL.  This field value is only
//       valid if the DaclPresent control flag is set.  If the
//       SaclPresent flag is set and this field is null, then a null
//       ACL  is specified.  If the security descriptor is in
//       self-relative form, then this field contains an offset to
//       the ACL, rather than a pointer.
//
//    Dacl - is a pointer to a discretionary ACL.  This field value is
//       only valid if the DaclPresent control flag is set.  If the
//       DaclPresent flag is set and this field is null, then a null
//       ACL (unconditionally granting access) is specified.  If the
//       security descriptor is in self-relative form, then this field
//       contains an offset to the ACL, rather than a pointer.
//

////////////////////////////////////////////////////////////////////////
//                                                                   //
//             Object Type list for AccessCheckByType             //
//                                                                   //
////////////////////////////////////////////////////////////////////////

typedef struct _OBJECT_TYPE_LIST {
WORD Level;
WORD Sbz;
GUID *ObjectType;
} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;

//
// DS values for Level
//

#define ACCESS_OBJECT_GUID    0
#define ACCESS_PROPERTY_SET_GUID 1
#define ACCESS_PROPERTY_GUID    2

#define ACCESS_MAX_LEVEL       4

//
// Parameters to NtAccessCheckByTypeAndAditAlarm
//

typedef enum _AUDIT_EVENT_TYPE {
AuditEventObjectAccess,
AuditEventDirectoryServiceAccess
} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;

#define AUDIT_ALLOW_NO_PRIVILEGE 0x1

//
// DS values for Source and ObjectTypeName
//

#define ACCESS_DS_SOURCE_A "DS"
#define ACCESS_DS_SOURCE_W L"DS"
#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"

// end_ntsrv

////////////////////////////////////////////////////////////////////////
//                                                                   //
//             Privilege Related Data Structures                   //
//                                                                   //
////////////////////////////////////////////////////////////////////////

// begin_ntddk begin_nthal begin_ntifs
//
// Privilege attributes
//

#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
#define SE_PRIVILEGE_ENABLED          (0x00000002L)
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)

//
// Privilege Set Control flags
//

#define PRIVILEGE_SET_ALL_NECESSARY (1)

//
//  Privilege Set - This is defined for a privilege set of one.
//                If more than one privilege is needed, then this structure
//                will need to be allocated with more space.
//
//  Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET
//  structure (defined in se.h)
//

typedef struct _PRIVILEGE_SET {
DWORD PrivilegeCount;
DWORD Control;
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
} PRIVILEGE_SET, * PPRIVILEGE_SET;

////////////////////////////////////////////////////////////////////////
//                                                                   //
//             NT Defined Privileges                               //
//                                                                   //
////////////////////////////////////////////////////////////////////////

#define SE_CREATE_TOKEN_NAME             TEXT("SeCreateTokenPrivilege")
#define SE_ASSIGNPRIMARYTOKEN_NAME       TEXT("SeAssignPrimaryTokenPrivilege")
#define SE_LOCK_MEMORY_NAME             TEXT("SeLockMemoryPrivilege")
#define SE_INCREASE_QUOTA_NAME          TEXT("SeIncreaseQuotaPrivilege")
#define SE_UNSOLICITED_INPUT_NAME       TEXT("SeUnsolicitedInputPrivilege")
#define SE_MACHINE_ACCOUNT_NAME          TEXT("SeMachineAccountPrivilege")
#define SE_TCB_NAME                      TEXT("SeTcbPrivilege")
#define SE_SECURITY_NAME                TEXT("SeSecurityPrivilege")
#define SE_TAKE_OWNERSHIP_NAME          TEXT("SeTakeOwnershipPrivilege")
#define SE_LOAD_DRIVER_NAME             TEXT("SeLoadDriverPrivilege")
#define SE_SYSTEM_PROFILE_NAME          TEXT("SeSystemProfilePrivilege")
#define SE_SYSTEMTIME_NAME             TEXT("SeSystemtimePrivilege")
#define SE_PROF_SINGLE_PROCESS_NAME    TEXT("SeProfileSingleProcessPrivilege")
#define SE_INC_BASE_PRIORITY_NAME       TEXT("SeIncreaseBasePriorityPrivilege")
#define SE_CREATE_PAGEFILE_NAME          TEXT("SeCreatePagefilePrivilege")
#define SE_CREATE_PERMANENT_NAME       TEXT("SeCreatePermanentPrivilege")
#define SE_BACKUP_NAME                   TEXT("SeBackupPrivilege")
#define SE_RESTORE_NAME                TEXT("SeRestorePrivilege")
#define SE_SHUTDOWN_NAME                TEXT("SeShutdownPrivilege")
#define SE_DEBUG_NAME                   TEXT("SeDebugPrivilege")
#define SE_AUDIT_NAME                   TEXT("SeAuditPrivilege")
#define SE_SYSTEM_ENVIRONMENT_NAME       TEXT("SeSystemEnvironmentPrivilege")
#define SE_CHANGE_NOTIFY_NAME          TEXT("SeChangeNotifyPrivilege")
#define SE_REMOTE_SHUTDOWN_NAME          TEXT("SeRemoteShutdownPrivilege")
#define SE_UNDOCK_NAME                   TEXT("SeUndockPrivilege")
#define SE_SYNC_AGENT_NAME             TEXT("SeSyncAgentPrivilege")
#define SE_ENABLE_DELEGATION_NAME       TEXT("SeEnableDelegationPrivilege")

////////////////////////////////////////////////////////////////////
//                                                             //
//          Security Quality Of Service                         //
//                                                             //
//                                                             //
////////////////////////////////////////////////////////////////////

// begin_ntddk begin_nthal begin_ntifs
//
// Impersonation Level
//
// Impersonation level is represented by a pair of bits in Windows.
// If a new impersonation level is added or lowest value is changed from
// 0 to something else, fix the Windows CreateFile call.
//

typedef enum _SECURITY_IMPERSONATION_LEVEL {
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;

#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation

#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation

////////////////////////////////////////////////////////////////////
//                                                             //
//          Token Object Definitions                            //
//                                                             //
//                                                             //
////////////////////////////////////////////////////////////////////

//
// Token Specific Access Rights.
//

#define TOKEN_ASSIGN_PRIMARY (0x0001)
#define TOKEN_DUPLICATE       (0x0002)
#define TOKEN_IMPERSONATE    (0x0004)
#define TOKEN_QUERY          (0x0008)
#define TOKEN_QUERY_SOURCE    (0x0010)
#define TOKEN_ADJUST_PRIVILEGES (0x0020)
#define TOKEN_ADJUST_GROUPS    (0x0040)
#define TOKEN_ADJUST_DEFAULT (0x0080)
#define TOKEN_ADJUST_SESSIONID  (0x0100)

#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED  |\
                        TOKEN_ASSIGN_PRIMARY    |\
                        TOKEN_DUPLICATE          |\
                        TOKEN_IMPERSONATE       |\
                        TOKEN_QUERY             |\
                        TOKEN_QUERY_SOURCE       |\
                        TOKEN_ADJUST_PRIVILEGES |\
                        TOKEN_ADJUST_GROUPS    |\
                        TOKEN_ADJUST_SESSIONID |\
                        TOKEN_ADJUST_DEFAULT)

#define TOKEN_READ    (STANDARD_RIGHTS_READ    |\
                        TOKEN_QUERY)

#define TOKEN_WRITE    (STANDARD_RIGHTS_WRITE    |\
                        TOKEN_ADJUST_PRIVILEGES |\
                        TOKEN_ADJUST_GROUPS    |\
                        TOKEN_ADJUST_DEFAULT)

#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)

//
//
// Token Types
//

typedef enum _TOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation
} TOKEN_TYPE;
typedef TOKEN_TYPE *PTOKEN_TYPE;

//
// Token Information Classes.
//

typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId
} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;

//
// Token information class structures
//

typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;

typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS;

typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;

typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;

typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;

typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;

#define TOKEN_SOURCE_LENGTH 8

typedef struct _TOKEN_SOURCE {
CHAR SourceName[TOKEN_SOURCE_LENGTH];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;

typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;

typedef struct _TOKEN_CONTROL {
LUID TokenId;
LUID AuthenticationId;
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL;

//
// Security Tracking Mode
//

#define SECURITY_DYNAMIC_TRACKING    (TRUE)
#define SECURITY_STATIC_TRACKING    (FALSE)

typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE,
                  * PSECURITY_CONTEXT_TRACKING_MODE;

//
// Quality Of Service
//

typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE;

//
// Used to represent information related to a thread impersonation
//

typedef struct _SE_IMPERSONATION_STATE {
PACCESS_TOKEN Token;
BOOLEAN CopyOnOpen;
BOOLEAN EffectiveOnly;
SECURITY_IMPERSONATION_LEVEL Level;
} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;

#define DISABLE_MAX_PRIVILEGE 0x1

typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;

#define OWNER_SECURITY_INFORMATION    (0X00000001L)
#define GROUP_SECURITY_INFORMATION    (0X00000002L)
#define DACL_SECURITY_INFORMATION       (0X00000004L)
#define SACL_SECURITY_INFORMATION       (0X00000008L)

#define PROTECTED_DACL_SECURITY_INFORMATION    (0x80000000L)
#define PROTECTED_SACL_SECURITY_INFORMATION    (0x40000000L)
#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)

#define PROCESS_TERMINATE       (0x0001)
#define PROCESS_CREATE_THREAD    (0x0002)
#define PROCESS_SET_SESSIONID    (0x0004)
#define PROCESS_VM_OPERATION    (0x0008)
#define PROCESS_VM_READ          (0x0010)
#define PROCESS_VM_WRITE       (0x0020)
#define PROCESS_DUP_HANDLE       (0x0040)
#define PROCESS_CREATE_PROCESS (0x0080)
#define PROCESS_SET_QUOTA       (0x0100)
#define PROCESS_SET_INFORMATION (0x0200)
#define PROCESS_QUERY_INFORMATION (0x0400)
#define PROCESS_ALL_ACCESS       (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
                                 0xFFF)

// end_ntifs

#define MAXIMUM_PROCESSORS 32

#define THREAD_TERMINATE             (0x0001)
#define THREAD_SUSPEND_RESUME       (0x0002)
#define THREAD_GET_CONTEXT          (0x0008)
#define THREAD_SET_CONTEXT          (0x0010)
#define THREAD_SET_INFORMATION       (0x0020)
#define THREAD_QUERY_INFORMATION    (0x0040)
#define THREAD_SET_THREAD_TOKEN       (0x0080)
#define THREAD_IMPERSONATE          (0x0100)
#define THREAD_DIRECT_IMPERSONATION (0x0200)
// begin_ntddk begin_wdm begin_ntifs

#define THREAD_ALL_ACCESS       (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
                                 0x3FF)

// end_ntddk end_wdm end_ntifs
#define JOB_OBJECT_ASSIGN_PROCESS          (0x0001)
#define JOB_OBJECT_SET_ATTRIBUTES          (0x0002)
#define JOB_OBJECT_QUERY                   (0x0004)
#define JOB_OBJECT_TERMINATE             (0x0008)
#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES  (0x0010)
#define JOB_OBJECT_ALL_ACCESS    (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
                                    0x1F )
#define TLS_MINIMUM_AVAILABLE 64

typedef struct _NT_TIB {
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
PVOID StackBase;
PVOID StackLimit;
PVOID SubSystemTib;
union {
      PVOID FiberData;
      DWORD Version;
};
PVOID ArbitraryUserPointer;
struct _NT_TIB *Self;
} NT_TIB;
typedef NT_TIB *PNT_TIB;

#if !defined(_X86_) && !defined(_IA64_) && !defined(_AXP64_)
#define WX86
#endif

#define THREAD_BASE_PRIORITY_LOWRT  15  // value that gets a thread to LowRealtime-1
#define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost
#define THREAD_BASE_PRIORITY_MIN -2  // minimum thread base priority boost
#define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle

typedef struct _QUOTA_LIMITS {
SIZE_T PagedPoolLimit;
SIZE_T NonPagedPoolLimit;
SIZE_T MinimumWorkingSetSize;
SIZE_T MaximumWorkingSetSize;
SIZE_T PagefileLimit;
LARGE_INTEGER TimeLimit;
} QUOTA_LIMITS;
typedef QUOTA_LIMITS *PQUOTA_LIMITS;

typedef struct _IO_COUNTERS {
ULONGLONG  ReadOperationCount;
ULONGLONG  WriteOperationCount;
ULONGLONG  OtherOperationCount;
ULONGLONG ReadTransferCount;
ULONGLONG WriteTransferCount;
ULONGLONG OtherTransferCount;
} IO_COUNTERS;
typedef IO_COUNTERS *PIO_COUNTERS;
//

typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION {
LARGE_INTEGER TotalUserTime;
LARGE_INTEGER TotalKernelTime;
LARGE_INTEGER ThisPeriodTotalUserTime;
LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
} JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION;

typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION {
LARGE_INTEGER PerProcessUserTimeLimit;
LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
SIZE_T MinimumWorkingSetSize;
SIZE_T MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
ULONG_PTR Affinity;
DWORD PriorityClass;
DWORD SchedulingClass;
} JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION;

typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION {
JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
IO_COUNTERS IoInfo;
SIZE_T ProcessMemoryLimit;
SIZE_T JobMemoryLimit;
SIZE_T PeakProcessMemoryUsed;
SIZE_T PeakJobMemoryUsed;
} JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION;

typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST {
DWORD NumberOfAssignedProcesses;
DWORD NumberOfProcessIdsInList;
ULONG_PTR ProcessIdList[1];
} JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST;

typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS {
DWORD UIRestrictionsClass;
} JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS;

typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION {
DWORD SecurityLimitFlags ;
HANDLE JobToken ;
PTOKEN_GROUPS SidsToDisable ;
PTOKEN_PRIVILEGES PrivilegesToDelete ;
PTOKEN_GROUPS RestrictedSids ;
} JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION ;

typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION {
DWORD EndOfJobTimeAction;
} JOBOBJECT_END_OF_JOB_TIME_INFORMATION, *PJOBOBJECT_END_OF_JOB_TIME_INFORMATION;

typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT {
PVOID CompletionKey;
HANDLE CompletionPort;
} JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT;

typedef struct _JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION {
JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo;
IO_COUNTERS IoInfo;
} JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION;

#define JOB_OBJECT_TERMINATE_AT_END_OF_JOB  0
#define JOB_OBJECT_POST_AT_END_OF_JOB    1

//
// Completion Port Messages for job objects
//
// These values are returned via the lpNumberOfBytesTransferred parameter
//

#define JOB_OBJECT_MSG_END_OF_JOB_TIME       1
#define JOB_OBJECT_MSG_END_OF_PROCESS_TIME    2
#define JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT    3
#define JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO    4
#define JOB_OBJECT_MSG_NEW_PROCESS             6
#define JOB_OBJECT_MSG_EXIT_PROCESS          7
#define JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS 8
#define JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT    9
#define JOB_OBJECT_MSG_JOB_MEMORY_LIMIT       10

//
// Basic Limits
//
#define JOB_OBJECT_LIMIT_WORKINGSET                0x00000001
#define JOB_OBJECT_LIMIT_PROCESS_TIME             0x00000002
#define JOB_OBJECT_LIMIT_JOB_TIME                0x00000004
#define JOB_OBJECT_LIMIT_ACTIVE_PROCESS          0x00000008
#define JOB_OBJECT_LIMIT_AFFINITY                0x00000010
#define JOB_OBJECT_LIMIT_PRIORITY_CLASS          0x00000020
#define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME       0x00000040
#define JOB_OBJECT_LIMIT_SCHEDULING_CLASS          0x00000080

//
// Extended Limits
//
#define JOB_OBJECT_LIMIT_PROCESS_MEMORY          0x00000100
#define JOB_OBJECT_LIMIT_JOB_MEMORY                0x00000200
#define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x00000400
#define JOB_OBJECT_LIMIT_BREAKAWAY_OK             0x00000800
#define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK       0x00001000

#define JOB_OBJECT_LIMIT_RESERVED1                0x00002000
#define JOB_OBJECT_LIMIT_RESERVED2                0x00004000
#define JOB_OBJECT_LIMIT_RESERVED3                0x00008000
#define JOB_OBJECT_LIMIT_RESERVED4                0x00010000
#define JOB_OBJECT_LIMIT_RESERVED5                0x00020000
#define JOB_OBJECT_LIMIT_RESERVED6                0x00040000

#define JOB_OBJECT_LIMIT_VALID_FLAGS          0x0007ffff

#define JOB_OBJECT_BASIC_LIMIT_VALID_FLAGS    0x000000ff
#define JOB_OBJECT_EXTENDED_LIMIT_VALID_FLAGS 0x00001fff
#define JOB_OBJECT_RESERVED_LIMIT_VALID_FLAGS 0x0007ffff

//
// UI restrictions for jobs
//

#define JOB_OBJECT_UILIMIT_NONE          0x00000000

#define JOB_OBJECT_UILIMIT_HANDLES       0x00000001
#define JOB_OBJECT_UILIMIT_READCLIPBOARD 0x00000002
#define JOB_OBJECT_UILIMIT_WRITECLIPBOARD 0x00000004
#define JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS 0x00000008
#define JOB_OBJECT_UILIMIT_DISPLAYSETTINGS  0x00000010
#define JOB_OBJECT_UILIMIT_GLOBALATOMS    0x00000020
#define JOB_OBJECT_UILIMIT_DESKTOP       0x00000040
#define JOB_OBJECT_UILIMIT_EXITWINDOWS    0x00000080

#define JOB_OBJECT_UILIMIT_ALL             0x000000FF

#define JOB_OBJECT_UI_VALID_FLAGS          0x000000FF

#define JOB_OBJECT_SECURITY_NO_ADMIN          0x00000001
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x00000002
#define JOB_OBJECT_SECURITY_ONLY_TOKEN       0x00000004
#define JOB_OBJECT_SECURITY_FILTER_TOKENS    0x00000008

#define JOB_OBJECT_SECURITY_VALID_FLAGS       0x0000000f

typedef enum _JOBOBJECTINFOCLASS {
JobObjectBasicAccountingInformation = 1,
JobObjectBasicLimitInformation,
JobObjectBasicProcessIdList,
JobObjectBasicUIRestrictions,
JobObjectSecurityLimitInformation,
JobObjectEndOfJobTimeInformation,
JobObjectAssociateCompletionPortInformation,
JobObjectBasicAndIoAccountingInformation,
JobObjectExtendedLimitInformation,
MaxJobObjectInfoClass
} JOBOBJECTINFOCLASS;
//
#define EVENT_MODIFY_STATE    0x0002
#define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define MUTANT_QUERY_STATE    0x0001

#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
                        MUTANT_QUERY_STATE)
#define SEMAPHORE_MODIFY_STATE    0x0002
#define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
//
// Timer Specific Access Rights.
//

#define TIMER_QUERY_STATE    0x0001
#define TIMER_MODIFY_STATE    0x0002

#define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
                        TIMER_QUERY_STATE|TIMER_MODIFY_STATE)

#define TIME_ZONE_ID_UNKNOWN  0
#define TIME_ZONE_ID_STANDARD 1
#define TIME_ZONE_ID_DAYLIGHT 2

#define PROCESSOR_INTEL_386    386
#define PROCESSOR_INTEL_486    486
#define PROCESSOR_INTEL_PENTIUM 586
#define PROCESSOR_INTEL_IA64 2200
#define PROCESSOR_MIPS_R4000 4000 // incl R4101 & R3910 for Windows CE
#define PROCESSOR_ALPHA_21064 21064
#define PROCESSOR_PPC_601    601
#define PROCESSOR_PPC_603    603
#define PROCESSOR_PPC_604    604
#define PROCESSOR_PPC_620    620
#define PROCESSOR_HITACHI_SH3 10003 // Windows CE
#define PROCESSOR_HITACHI_SH3E  10004 // Windows CE
#define PROCESSOR_HITACHI_SH4 10005 // Windows CE
#define PROCESSOR_MOTOROLA_821  821    // Windows CE
#define PROCESSOR_SHx_SH3    103    // Windows CE
#define PROCESSOR_SHx_SH4    104    // Windows CE
#define PROCESSOR_STRONGARM    2577 // Windows CE - 0xA11
#define PROCESSOR_ARM720       1824 // Windows CE - 0x720
#define PROCESSOR_ARM820       2080 // Windows CE - 0x820
#define PROCESSOR_ARM920       2336 // Windows CE - 0x920
#define PROCESSOR_ARM_7TDMI    70001 // Windows CE
#define PROCESSOR_OPTIL       0x494f  // MSIL

#define PROCESSOR_ARCHITECTURE_INTEL 0
#define PROCESSOR_ARCHITECTURE_MIPS    1
#define PROCESSOR_ARCHITECTURE_ALPHA 2
#define PROCESSOR_ARCHITECTURE_PPC    3
#define PROCESSOR_ARCHITECTURE_SHX    4
#define PROCESSOR_ARCHITECTURE_ARM    5
#define PROCESSOR_ARCHITECTURE_IA64    6
#define PROCESSOR_ARCHITECTURE_ALPHA64  7
#define PROCESSOR_ARCHITECTURE_MSIL    8

#define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF

#define PF_FLOATING_POINT_PRECISION_ERRATA  0
#define PF_FLOATING_POINT_EMULATED       1
#define PF_COMPARE_EXCHANGE_DOUBLE       2
#define PF_MMX_INSTRUCTIONS_AVAILABLE    3
#define PF_PPC_MOVEMEM_64BIT_OK          4
#define PF_ALPHA_BYTE_INSTRUCTIONS       5
#define PF_XMMI_INSTRUCTIONS_AVAILABLE    6
#define PF_3DNOW_INSTRUCTIONS_AVAILABLE    7
#define PF_RDTSC_INSTRUCTION_AVAILABLE    8
#define PF_PAE_ENABLED                   9
typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
DWORD AllocationProtect;
SIZE_T RegionSize;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;

typedef struct _MEMORY_BASIC_INFORMATION_VLM {
union {
      PVOID64 BaseAddress;
      ULONGLONG BaseAddressAsUlongLong;
};
union {
      PVOID64 AllocationBase;
      ULONGLONG AllocationBaseAsUlongLong;
};
ULONGLONG RegionSize;
DWORD AllocationProtect;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION_VLM, *PMEMORY_BASIC_INFORMATION_VLM;
#define SECTION_QUERY    0x0001
#define SECTION_MAP_WRITE 0x0002
#define SECTION_MAP_READ 0x0004
#define SECTION_MAP_EXECUTE 0x0008
#define SECTION_EXTEND_SIZE 0x0010

#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
                        SECTION_MAP_WRITE |    \
                        SECTION_MAP_READ |    \
                        SECTION_MAP_EXECUTE | \
                        SECTION_EXTEND_SIZE)
#define PAGE_NOACCESS       0x01
#define PAGE_READONLY       0x02
#define PAGE_READWRITE       0x04
#define PAGE_WRITECOPY       0x08
#define PAGE_EXECUTE          0x10
#define PAGE_EXECUTE_READ    0x20
#define PAGE_EXECUTE_READWRITE 0x40
#define PAGE_EXECUTE_WRITECOPY 0x80
#define PAGE_GUARD          0x100
#define PAGE_NOCACHE       0x200
#define PAGE_WRITECOMBINE    0x400
#define MEM_COMMIT          0x1000
#define MEM_RESERVE       0x2000
#define MEM_DECOMMIT       0x4000
#define MEM_RELEASE       0x8000
#define MEM_FREE          0x10000
#define MEM_PRIVATE       0x20000
#define MEM_MAPPED       0x40000
#define MEM_RESET          0x80000
#define MEM_TOP_DOWN    0x100000
#define MEM_WRITE_WATCH 0x200000
#define MEM_PHYSICAL    0x400000
#define MEM_4MB_PAGES 0x80000000
#define SEC_FILE          0x800000
#define SEC_IMAGE       0x1000000
#define SEC_VLM          0x2000000
#define SEC_RESERVE    0x4000000
#define SEC_COMMIT       0x8000000
#define SEC_NOCACHE    0x10000000
#define MEM_IMAGE       SEC_IMAGE
#define WRITE_WATCH_FLAG_RESET 0x01

//
// Define access rights to files and directories
//

//
// The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
// devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
// constants *MUST* always be in sync.
// The values are redefined in devioctl.h because they must be available to
// both DOS and NT.
//

#define FILE_READ_DATA          ( 0x0001 ) // file & pipe
#define FILE_LIST_DIRECTORY    ( 0x0001 ) // directory

#define FILE_WRITE_DATA          ( 0x0002 ) // file & pipe
#define FILE_ADD_FILE          ( 0x0002 ) // directory

#define FILE_APPEND_DATA       ( 0x0004 ) // file
#define FILE_ADD_SUBDIRECTORY    ( 0x0004 ) // directory
#define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe

#define FILE_READ_EA             ( 0x0008 ) // file & directory

#define FILE_WRITE_EA          ( 0x0010 ) // file & directory

#define FILE_EXECUTE             ( 0x0020 ) // file
#define FILE_TRAVERSE          ( 0x0020 ) // directory

#define FILE_DELETE_CHILD       ( 0x0040 ) // directory

#define FILE_READ_ATTRIBUTES    ( 0x0080 ) // all

#define FILE_WRITE_ATTRIBUTES    ( 0x0100 ) // all

#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)

#define FILE_GENERIC_READ       (STANDARD_RIGHTS_READ    |\
                                 FILE_READ_DATA          |\
                                 FILE_READ_ATTRIBUTES    |\
                                 FILE_READ_EA          |\
                                 SYNCHRONIZE)

#define FILE_GENERIC_WRITE       (STANDARD_RIGHTS_WRITE |\
                                 FILE_WRITE_DATA       |\
                                 FILE_WRITE_ATTRIBUTES |\
                                 FILE_WRITE_EA          |\
                                 FILE_APPEND_DATA       |\
                                 SYNCHRONIZE)

#define FILE_GENERIC_EXECUTE    (STANDARD_RIGHTS_EXECUTE  |\
                                 FILE_READ_ATTRIBUTES    |\
                                 FILE_EXECUTE          |\
                                 SYNCHRONIZE)

#define FILE_SHARE_READ                0x00000001
#define FILE_SHARE_WRITE             0x00000002
#define FILE_SHARE_DELETE             0x00000004
#define FILE_ATTRIBUTE_READONLY          0x00000001
#define FILE_ATTRIBUTE_HIDDEN             0x00000002
#define FILE_ATTRIBUTE_SYSTEM             0x00000004
#define FILE_ATTRIBUTE_DIRECTORY          0x00000010
#define FILE_ATTRIBUTE_ARCHIVE             0x00000020
#define FILE_ATTRIBUTE_DEVICE             0x00000040
#define FILE_ATTRIBUTE_NORMAL             0x00000080
#define FILE_ATTRIBUTE_TEMPORARY          0x00000100
#define FILE_ATTRIBUTE_SPARSE_FILE       0x00000200
#define FILE_ATTRIBUTE_REPARSE_POINT       0x00000400
#define FILE_ATTRIBUTE_COMPRESSED          0x00000800
#define FILE_ATTRIBUTE_OFFLINE             0x00001000
#define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED  0x00002000
#define FILE_ATTRIBUTE_ENCRYPTED          0x00004000
#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
#define FILE_NOTIFY_CHANGE_DIR_NAME    0x00000002
#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
#define FILE_NOTIFY_CHANGE_SIZE       0x00000008
#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
#define FILE_NOTIFY_CHANGE_LAST_ACCESS  0x00000020
#define FILE_NOTIFY_CHANGE_CREATION    0x00000040
#define FILE_NOTIFY_CHANGE_SECURITY    0x00000100
#define FILE_ACTION_ADDED                0x00000001
#define FILE_ACTION_REMOVED                0x00000002
#define FILE_ACTION_MODIFIED             0x00000003
#define FILE_ACTION_RENAMED_OLD_NAME       0x00000004
#define FILE_ACTION_RENAMED_NEW_NAME       0x00000005
#define MAILSLOT_NO_MESSAGE          ((DWORD)-1)
#define MAILSLOT_WAIT_FOREVER          ((DWORD)-1)
#define FILE_CASE_SENSITIVE_SEARCH    0x00000001
#define FILE_CASE_PRESERVED_NAMES    0x00000002
#define FILE_UNICODE_ON_DISK          0x00000004
#define FILE_PERSISTENT_ACLS          0x00000008
#define FILE_FILE_COMPRESSION          0x00000010
#define FILE_VOLUME_QUOTAS             0x00000020
#define FILE_SUPPORTS_SPARSE_FILES    0x00000040
#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
#define FILE_VOLUME_IS_COMPRESSED    0x00008000
#define FILE_SUPPORTS_OBJECT_IDS       0x00010000
#define FILE_SUPPORTS_ENCRYPTION       0x00020000
#define FILE_NAMED_STREAMS             0x00040000

//
// Define the file notification information structure
//

typedef struct _FILE_NOTIFY_INFORMATION {
DWORD NextEntryOffset;
DWORD Action;
DWORD FileNameLength;
WCHAR FileName[1];
} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;

//
// Define segement buffer structure for scatter/gather read/write.
//

typedef union _FILE_SEGMENT_ELEMENT {
PVOID64 Buffer;
ULONGLONG Alignment;
}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;

//
// The reparse GUID structure is used by all 3rd party layered drivers to
// store data in a reparse point. For non-Microsoft tags, The GUID field
// cannot be GUID_NULL.
// The constraints on reparse tags are defined below.
// Microsoft tags can also be used with this format of the reparse point buffer.
//

typedef struct _REPARSE_GUID_DATA_BUFFER {
DWORD  ReparseTag;
WORD ReparseDataLength;
WORD Reserved;
GUID ReparseGuid;
struct {
      BYTE DataBuffer[1];
} GenericReparseBuffer;
} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;

#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)

//
// Maximum allowed size of the reparse data.
//

#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE    ( 16 * 1024 )

//
// Predefined reparse tags.
// These tags need to avoid conflicting with IO_REMOUNT defined in ntos\inc\io.h
//

#define IO_REPARSE_TAG_RESERVED_ZERO          (0)
#define IO_REPARSE_TAG_RESERVED_ONE             (1)

//
// The value of the following constant needs to satisfy the following conditions:
//  (1) Be at least as large as the largest of the reserved tags.
//  (2) Be strictly smaller than all the tags in use.
//

#define IO_REPARSE_TAG_RESERVED_RANGE          IO_REPARSE_TAG_RESERVED_ONE

//
// The reparse tags are a DWORD. The 32 bits are laid out as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
//  +-+-+-+-------------------------+-------------------------------+
//  |M|L|N| Reserved bits       |    Reparse Tag Value    |
//  +-+-+-+-------------------------+-------------------------------+
//
// M is the Microsoft bit. When set to 1, it denotes a tag owned by Microsoft.
// All ISVs must use a tag with a 0 in this position.
// Note: If a Microsoft tag is used by non-Microsoft software, the
// behavior is not defined.
//
// L is the high-latency bit. When set to 1, a file with this tag is
// expected to have a long latency to retrieve the first byte of data.
//
// N is name surrogate. When set to 1, the file represents another named
// entity in the system.
//
// The M, L, and N bits are OR-able.
// The following macros check for the M, L and N bit values:
//

//
// Macro to determine whether a reparse point tag corresponds to a tag
// owned by Microsoft.
//

#define IsReparseTagMicrosoft(_tag) (             \
                        ((_tag) & 0x80000000) \
                        )

//
// Macro to determine whether a reparse point tag corresponds to a file
// that is to be displayed with the slow icon overlay.
//

#define IsReparseTagHighLatency(_tag) (          \
                        ((_tag) & 0x40000000) \
                        )

//
// Macro to determine whether a reparse point tag corresponds to a file
// that is to be displayed with the slow icon overlay.
//

#define IsReparseTagNameSurrogate(_tag) (       \
                        ((_tag) & 0x20000000) \
                        )

#define IO_REPARSE_TAG_MOUNT_POINT             (0xA0000003)
#define IO_REPARSE_TAG_HSM                      (0xC0000004)
#define IO_REPARSE_TAG_SIS                      (0x80000007)
#define IO_COMPLETION_MODIFY_STATE  0x0002
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define DUPLICATE_CLOSE_SOURCE    0x00000001
#define DUPLICATE_SAME_ACCESS    0x00000002

#define ES_SYSTEM_REQUIRED  ((DWORD)0x00000001)
#define ES_DISPLAY_REQUIRED ((DWORD)0x00000002)
#define ES_USER_PRESENT    ((DWORD)0x00000004)
#define ES_CONTINUOUS    ((DWORD)0x80000000)

typedef DWORD EXECUTION_STATE;

typedef enum {
LT_DONT_CARE,
LT_LOWEST_LATENCY
} LATENCY_TIME;

//
// Image Format
//

#ifndef _MAC

#include "pshpack4.h"                // 4 byte packing is the default

#define IMAGE_DOS_SIGNATURE                0x5A4D    // MZ
#define IMAGE_OS2_SIGNATURE                0x454E    // NE
#define IMAGE_OS2_SIGNATURE_LE             0x454C    // LE
#define IMAGE_VXD_SIGNATURE                0x454C    // LE
#define IMAGE_NT_SIGNATURE                0x00004550  // PE00

#include "pshpack2.h"                // 16 bit headers are 2 byte packed

#else

#include "pshpack1.h"

#define IMAGE_DOS_SIGNATURE                0x4D5A    // MZ
#define IMAGE_OS2_SIGNATURE                0x4E45    // NE
#define IMAGE_OS2_SIGNATURE_LE             0x4C45    // LE
#define IMAGE_NT_SIGNATURE                0x50450000  // PE00
#endif

typedef struct _IMAGE_DOS_HEADER {    // DOS .EXE header
WORD e_magic;                   // Magic number
WORD e_cblp;                   // Bytes on last page of file
WORD e_cp;                      // Pages in file
WORD e_crlc;                   // Relocations
WORD e_cparhdr;                // Size of header in paragraphs
WORD e_minalloc;                // Minimum extra paragraphs needed
WORD e_maxalloc;                // Maximum extra paragraphs needed
WORD e_ss;                      // Initial (relative) SS value
WORD e_sp;                      // Initial SP value
WORD e_csum;                   // Checksum
WORD e_ip;                      // Initial IP value
WORD e_cs;                      // Initial (relative) CS value
WORD e_lfarlc;                   // File address of relocation table
WORD e_ovno;                   // Overlay number
WORD e_res[4];                   // Reserved words
WORD e_oemid;                   // OEM identifier (for e_oeminfo)
WORD e_oeminfo;                // OEM information; e_oemid specific
WORD e_res2[10];                // Reserved words
LONG e_lfanew;                   // File address of new exe header
  } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

typedef struct _IMAGE_OS2_HEADER {    // OS/2 .EXE header
WORD ne_magic;                   // Magic number
CHAR ne_ver;                   // Version number
CHAR ne_rev;                   // Revision number
WORD ne_enttab;                // Offset of Entry Table
WORD ne_cbenttab;                // Number of bytes in Entry Table
LONG ne_crc;                   // Checksum of whole file
WORD ne_flags;                   // Flag word
WORD ne_autodata;                // Automatic data segment number
WORD ne_heap;                   // Initial heap allocation
WORD ne_stack;                   // Initial stack allocation
LONG ne_csip;                   // Initial CS:IP setting
LONG ne_sssp;                   // Initial SS:SP setting
WORD ne_cseg;                   // Count of file segments
WORD ne_cmod;                   // Entries in Module Reference Table
WORD ne_cbnrestab;             // Size of non-resident name table
WORD ne_segtab;                // Offset of Segment Table
WORD ne_rsrctab;                // Offset of Resource Table
WORD ne_restab;                // Offset of resident name table
WORD ne_modtab;                // Offset of Module Reference Table
WORD ne_imptab;                // Offset of Imported Names Table
LONG ne_nrestab;                // Offset of Non-resident Names Table
WORD ne_cmovent;                // Count of movable entries
WORD ne_align;                   // Segment alignment shift count
WORD ne_cres;                   // Count of resource segments
BYTE ne_exetyp;                // Target Operating system
BYTE ne_flagsothers;             // Other .EXE flags
WORD ne_pretthunks;             // offset to return thunks
WORD ne_psegrefbytes;          // offset to segment ref. bytes
WORD ne_swaparea;                // Minimum code swap area size
WORD ne_expver;                // Expected Windows version number
  } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;

typedef struct _IMAGE_VXD_HEADER {    // Windows VXD header
WORD e32_magic;                // Magic number
BYTE e32_border;                // The byte ordering for the VXD
BYTE e32_worder;                // The word ordering for the VXD
DWORD  e32_level;                // The EXE format level for now = 0
WORD e32_cpu;                   // The CPU type
WORD e32_os;                   // The OS type
DWORD  e32_ver;                   // Module version
DWORD  e32_mflags;                // Module flags
DWORD  e32_mpages;                // Module # pages
DWORD  e32_startobj;             // Object # for instruction pointer
DWORD  e32_eip;                   // Extended instruction pointer
DWORD  e32_stackobj;             // Object # for stack pointer
DWORD  e32_esp;                   // Extended stack pointer
DWORD  e32_pagesize;             // VXD page size
DWORD  e32_lastpagesize;          // Last page size in VXD
DWORD  e32_fixupsize;             // Fixup section size
DWORD  e32_fixupsum;             // Fixup section checksum
DWORD  e32_ldrsize;                // Loader section size
DWORD  e32_ldrsum;                // Loader section checksum
DWORD  e32_objtab;                // Object table offset
DWORD  e32_objcnt;                // Number of objects in module
DWORD  e32_objmap;                // Object page map offset
DWORD  e32_itermap;                // Object iterated data map offset
DWORD  e32_rsrctab;                // Offset of Resource Table
DWORD  e32_rsrccnt;                // Number of resource entries
DWORD  e32_restab;                // Offset of resident name table
DWORD  e32_enttab;                // Offset of Entry Table
DWORD  e32_dirtab;                // Offset of Module Directive Table
DWORD  e32_dircnt;                // Number of module directives
DWORD  e32_fpagetab;             // Offset of Fixup Page Table
DWORD  e32_frectab;                // Offset of Fixup Record Table
DWORD  e32_impmod;                // Offset of Import Module Name Table
DWORD  e32_impmodcnt;             // Number of entries in Import Module Name Table
DWORD  e32_impproc;                // Offset of Import Procedure Name Table
DWORD  e32_pagesum;                // Offset of Per-Page Checksum Table
DWORD  e32_datapage;             // Offset of Enumerated Data Pages
DWORD  e32_preload;                // Number of preload pages
DWORD  e32_nrestab;                // Offset of Non-resident Names Table
DWORD  e32_cbnrestab;             // Size of Non-resident Name Table
DWORD  e32_nressum;                // Non-resident Name Table Checksum
DWORD  e32_autodata;             // Object # for automatic data object
DWORD  e32_debuginfo;             // Offset of the debugging information
DWORD  e32_debuglen;             // The length of the debugging info. in bytes
DWORD  e32_instpreload;          // Number of instance pages in preload section of VXD file
DWORD  e32_instdemand;             // Number of instance pages in demand load section of VXD file
DWORD  e32_heapsize;             // Size of heap - for 16-bit apps
BYTE e32_res3[12];             // Reserved words
DWORD  e32_winresoff;
DWORD  e32_winreslen;
WORD e32_devid;                // Device ID for VxD
WORD e32_ddkver;                // DDK version for VxD
  } IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER;

#ifndef _MAC
#include "poppack.h"                   // Back to 4 byte packing
#endif

//
// File header format.
//

typedef struct _IMAGE_FILE_HEADER {
WORD Machine;
WORD NumberOfSections;
DWORD TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymbols;
WORD SizeOfOptionalHeader;
WORD Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

#define IMAGE_SIZEOF_FILE_HEADER          20

#define IMAGE_FILE_RELOCS_STRIPPED          0x0001  // Relocation info stripped from file.
#define IMAGE_FILE_EXECUTABLE_IMAGE       0x0002  // File is executable  (i.e. no unresolved externel references).
#define IMAGE_FILE_LINE_NUMS_STRIPPED       0x0004  // Line nunbers stripped from file.
#define IMAGE_FILE_LOCAL_SYMS_STRIPPED    0x0008  // Local symbols stripped from file.
#define IMAGE_FILE_AGGRESIVE_WS_TRIM       0x0010  // Agressively trim working set
#define IMAGE_FILE_LARGE_ADDRESS_AWARE    0x0020  // App can handle >2gb addresses
#define IMAGE_FILE_BYTES_REVERSED_LO       0x0080  // Bytes of machine word are reversed.
#define IMAGE_FILE_32BIT_MACHINE          0x0100  // 32 bit word machine.
#define IMAGE_FILE_DEBUG_STRIPPED          0x0200  // Debugging info stripped from file in .DBG file
#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400  // If Image is on removable media, copy and run from the swap file.
#define IMAGE_FILE_NET_RUN_FROM_SWAP       0x0800  // If Image is on Net, copy and run from the swap file.
#define IMAGE_FILE_SYSTEM                   0x1000  // System File.
#define IMAGE_FILE_DLL                      0x2000  // File is a DLL.
#define IMAGE_FILE_UP_SYSTEM_ONLY          0x4000  // File should only be run on a UP machine
#define IMAGE_FILE_BYTES_REVERSED_HI       0x8000  // Bytes of machine word are reversed.

#define IMAGE_FILE_MACHINE_UNKNOWN          0
#define IMAGE_FILE_MACHINE_I386             0x014c  // Intel 386.
#define IMAGE_FILE_MACHINE_R3000          0x0162  // MIPS little-endian, 0x160 big-endian
#define IMAGE_FILE_MACHINE_R4000          0x0166  // MIPS little-endian
#define IMAGE_FILE_MACHINE_R10000          0x0168  // MIPS little-endian
#define IMAGE_FILE_MACHINE_WCEMIPSV2       0x0169  // MIPS little-endian WCE v2
#define IMAGE_FILE_MACHINE_ALPHA          0x0184  // Alpha_AXP
#define IMAGE_FILE_MACHINE_POWERPC          0x01F0  // IBM PowerPC Little-Endian
#define IMAGE_FILE_MACHINE_SH3             0x01a2  // SH3 little-endian
#define IMAGE_FILE_MACHINE_SH3E             0x01a4  // SH3E little-endian
#define IMAGE_FILE_MACHINE_SH4             0x01a6  // SH4 little-endian
#define IMAGE_FILE_MACHINE_ARM             0x01c0  // ARM Little-Endian
#define IMAGE_FILE_MACHINE_THUMB          0x01c2
#define IMAGE_FILE_MACHINE_IA64             0x0200  // Intel 64
#define IMAGE_FILE_MACHINE_MIPS16          0x0266  // MIPS
#define IMAGE_FILE_MACHINE_MIPSFPU          0x0366  // MIPS
#define IMAGE_FILE_MACHINE_MIPSFPU16       0x0466  // MIPS
#define IMAGE_FILE_MACHINE_ALPHA64          0x0284  // ALPHA64
#define IMAGE_FILE_MACHINE_AXP64          IMAGE_FILE_MACHINE_ALPHA64
//
// Directory format.
//

typedef struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;

#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16

//
// Optional header format.
//

typedef struct _IMAGE_OPTIONAL_HEADER {
//
// Standard fields.
//

WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;

//
// NT additional fields.
//

DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;

typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD  SizeOfCode;
DWORD  SizeOfInitializedData;
DWORD  SizeOfUninitializedData;
DWORD  AddressOfEntryPoint;
DWORD  BaseOfCode;
DWORD  BaseOfData;
DWORD  BaseOfBss;
DWORD  GprMask;
DWORD  CprMask[4];
DWORD  GpValue;
} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;

typedef struct _IMAGE_OPTIONAL_HEADER64 {
WORD       Magic;
BYTE       MajorLinkerVersion;
BYTE       MinorLinkerVersion;
DWORD    SizeOfCode;
DWORD    SizeOfInitializedData;
DWORD    SizeOfUninitializedData;
DWORD    AddressOfEntryPoint;
DWORD    BaseOfCode;
ULONGLONG ImageBase;
DWORD    SectionAlignment;
DWORD    FileAlignment;
WORD       MajorOperatingSystemVersion;
WORD       MinorOperatingSystemVersion;
WORD       MajorImageVersion;
WORD       MinorImageVersion;
WORD       MajorSubsystemVersion;
WORD       MinorSubsystemVersion;
DWORD    Win32VersionValue;
DWORD    SizeOfImage;
DWORD    SizeOfHeaders;
DWORD    CheckSum;
WORD       Subsystem;
WORD       DllCharacteristics;
ULONGLONG SizeOfStackReserve;
ULONGLONG SizeOfStackCommit;
ULONGLONG SizeOfHeapReserve;
ULONGLONG SizeOfHeapCommit;
DWORD    LoaderFlags;
DWORD    NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;

#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER    56
#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER    28
#define IMAGE_SIZEOF_NT_OPTIONAL32_HEADER 224
#define IMAGE_SIZEOF_NT_OPTIONAL64_HEADER 240

#define IMAGE_NT_OPTIONAL_HDR32_MAGIC    0x10b
#define IMAGE_NT_OPTIONAL_HDR64_MAGIC    0x20b
#define IMAGE_ROM_OPTIONAL_HDR_MAGIC    0x107

#ifdef _WIN64
typedef IMAGE_OPTIONAL_HEADER64          IMAGE_OPTIONAL_HEADER;
typedef PIMAGE_OPTIONAL_HEADER64          PIMAGE_OPTIONAL_HEADER;
#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER    IMAGE_SIZEOF_NT_OPTIONAL64_HEADER
#define IMAGE_NT_OPTIONAL_HDR_MAGIC       IMAGE_NT_OPTIONAL_HDR64_MAGIC
#else
typedef IMAGE_OPTIONAL_HEADER32          IMAGE_OPTIONAL_HEADER;
typedef PIMAGE_OPTIONAL_HEADER32          PIMAGE_OPTIONAL_HEADER;
#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER    IMAGE_SIZEOF_NT_OPTIONAL32_HEADER
#define IMAGE_NT_OPTIONAL_HDR_MAGIC       IMAGE_NT_OPTIONAL_HDR32_MAGIC
#endif

typedef struct _IMAGE_NT_HEADERS64 {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;

typedef struct _IMAGE_NT_HEADERS {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;

typedef struct _IMAGE_ROM_HEADERS {
IMAGE_FILE_HEADER FileHeader;
IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;

#ifdef _WIN64
typedef IMAGE_NT_HEADERS64                IMAGE_NT_HEADERS;
typedef PIMAGE_NT_HEADERS64                PIMAGE_NT_HEADERS;
#else
typedef IMAGE_NT_HEADERS32                IMAGE_NT_HEADERS;
typedef PIMAGE_NT_HEADERS32                PIMAGE_NT_HEADERS;
#endif

// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is the same either way.

#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER)       \
((ULONG_PTR)ntheader +                                           \
   FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) +                \
   ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \
))

// Subsystem Values

#define IMAGE_SUBSYSTEM_UNKNOWN             0 // Unknown subsystem.
#define IMAGE_SUBSYSTEM_NATIVE             1 // Image doesn't require a subsystem.
#define IMAGE_SUBSYSTEM_WINDOWS_GUI       2 // Image runs in the Windows GUI subsystem.
#define IMAGE_SUBSYSTEM_WINDOWS_CUI       3 // Image runs in the Windows character subsystem.
#define IMAGE_SUBSYSTEM_OS2_CUI             5 // image runs in the OS/2 character subsystem.
#define IMAGE_SUBSYSTEM_POSIX_CUI          7 // image runs in the Posix character subsystem.
#define IMAGE_SUBSYSTEM_NATIVE_WINDOWS    8 // image is a native Win9x driver.
#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI    9 // Image runs in the Windows CE subsystem.
#define IMAGE_SUBSYSTEM_EFI_APPLICATION    10 //
#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER  11 //
#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER  12 //

// DllCharacteristics Entries

//    IMAGE_LIBRARY_PROCESS_INIT          0x0001    // Reserved.
//    IMAGE_LIBRARY_PROCESS_TERM          0x0002    // Reserved.
//    IMAGE_LIBRARY_THREAD_INIT          0x0004    // Reserved.
//    IMAGE_LIBRARY_THREAD_TERM          0x0008    // Reserved.
#define IMAGE_DLLCHARACTERISTICS_NO_BIND    0x0800    // Do not bind this image.
//                                        0x1000    // Reserved.
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER  0x2000    // Driver uses WDM model
//                                        0x4000    // Reserved.
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE    0x8000

// Directory Entries

#define IMAGE_DIRECTORY_ENTRY_EXPORT       0 // Export Directory
#define IMAGE_DIRECTORY_ENTRY_IMPORT       1 // Import Directory
#define IMAGE_DIRECTORY_ENTRY_RESOURCE       2 // Resource Directory
#define IMAGE_DIRECTORY_ENTRY_EXCEPTION    3 // Exception Directory
#define IMAGE_DIRECTORY_ENTRY_SECURITY       4 // Security Directory
#define IMAGE_DIRECTORY_ENTRY_BASERELOC    5 // Base Relocation Table
#define IMAGE_DIRECTORY_ENTRY_DEBUG          6 // Debug Directory
//    IMAGE_DIRECTORY_ENTRY_COPYRIGHT    7 // (X86 usage)
#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR    8 // RVA of GP
#define IMAGE_DIRECTORY_ENTRY_TLS          9 // TLS Directory
#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
#define IMAGE_DIRECTORY_ENTRY_IAT          12 // Import Address Table
#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor

//
// Non-COFF Object file header
//

typedef struct ANON_OBJECT_HEADER {
WORD Sig1;          // Must be IMAGE_FILE_MACHINE_UNKNOWN
WORD Sig2;          // Must be 0xffff
WORD Version;       // >= 1 (implies the CLSID field is present)
WORD Machine;
DWORD TimeDateStamp;
CLSID ClassID;       // Used to invoke CoCreateInstance
DWORD SizeOfData;    // Size of data that follows the header
} ANON_OBJECT_HEADER;

//
// Section header format.
//

#define IMAGE_SIZEOF_SHORT_NAME             8

typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
union {
         DWORD PhysicalAddress;
         DWORD VirtualSize;
} Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

#define IMAGE_SIZEOF_SECTION_HEADER       40

//
// Section characteristics.
//
//    IMAGE_SCN_TYPE_REG                0x00000000  // Reserved.
//    IMAGE_SCN_TYPE_DSECT                0x00000001  // Reserved.
//    IMAGE_SCN_TYPE_NOLOAD             0x00000002  // Reserved.
//    IMAGE_SCN_TYPE_GROUP                0x00000004  // Reserved.
#define IMAGE_SCN_TYPE_NO_PAD             0x00000008  // Reserved.
//    IMAGE_SCN_TYPE_COPY                0x00000010  // Reserved.

#define IMAGE_SCN_CNT_CODE                0x00000020  // Section contains code.
#define IMAGE_SCN_CNT_INITIALIZED_DATA    0x00000040  // Section contains initialized data.
#define IMAGE_SCN_CNT_UNINITIALIZED_DATA    0x00000080  // Section contains uninitialized data.

#define IMAGE_SCN_LNK_OTHER                0x00000100  // Reserved.
#define IMAGE_SCN_LNK_INFO                0x00000200  // Section contains comments or some other type of information.
//    IMAGE_SCN_TYPE_OVER                0x00000400  // Reserved.
#define IMAGE_SCN_LNK_REMOVE                0x00000800  // Section contents will not become part of image.
#define IMAGE_SCN_LNK_COMDAT                0x00001000  // Section contents comdat.
//                                        0x00002000  // Reserved.
//    IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
#define IMAGE_SCN_NO_DEFER_SPEC_EXC       0x00004000  // Reset speculative exceptions handling bits in the TLB entries for this section.
#define IMAGE_SCN_GPREL                   0x00008000  // Section content can be accessed relative to GP
#define IMAGE_SCN_MEM_FARDATA             0x00008000
//    IMAGE_SCN_MEM_SYSHEAP  - Obsolete 0x00010000
#define IMAGE_SCN_MEM_PURGEABLE             0x00020000
#define IMAGE_SCN_MEM_16BIT                0x00020000
#define IMAGE_SCN_MEM_LOCKED                0x00040000
#define IMAGE_SCN_MEM_PRELOAD             0x00080000

#define IMAGE_SCN_ALIGN_1BYTES             0x00100000  //
#define IMAGE_SCN_ALIGN_2BYTES             0x00200000  //
#define IMAGE_SCN_ALIGN_4BYTES             0x00300000  //
#define IMAGE_SCN_ALIGN_8BYTES             0x00400000  //
#define IMAGE_SCN_ALIGN_16BYTES             0x00500000  // Default alignment if no others are specified.
#define IMAGE_SCN_ALIGN_32BYTES             0x00600000  //
#define IMAGE_SCN_ALIGN_64BYTES             0x00700000  //
#define IMAGE_SCN_ALIGN_128BYTES          0x00800000  //
#define IMAGE_SCN_ALIGN_256BYTES          0x00900000  //
#define IMAGE_SCN_ALIGN_512BYTES          0x00A00000  //
#define IMAGE_SCN_ALIGN_1024BYTES          0x00B00000  //
#define IMAGE_SCN_ALIGN_2048BYTES          0x00C00000  //
#define IMAGE_SCN_ALIGN_4096BYTES          0x00D00000  //
#define IMAGE_SCN_ALIGN_8192BYTES          0x00E00000  //
// Unused                                  0x00F00000
#define IMAGE_SCN_ALIGN_MASK                0x00F00000

#define IMAGE_SCN_LNK_NRELOC_OVFL          0x01000000  // Section contains extended relocations.
#define IMAGE_SCN_MEM_DISCARDABLE          0x02000000  // Section can be discarded.
#define IMAGE_SCN_MEM_NOT_CACHED          0x04000000  // Section is not cachable.
#define IMAGE_SCN_MEM_NOT_PAGED             0x08000000  // Section is not pageable.
#define IMAGE_SCN_MEM_SHARED                0x10000000  // Section is shareable.
#define IMAGE_SCN_MEM_EXECUTE             0x20000000  // Section is executable.
#define IMAGE_SCN_MEM_READ                0x40000000  // Section is readable.
#define IMAGE_SCN_MEM_WRITE                0x80000000  // Section is writeable.

//
// TLS Chaacteristic Flags
//
#define IMAGE_SCN_SCALE_INDEX             0x00000001  // Tls index is scaled

#ifndef _MAC
#include "pshpack2.h"                      // Symbols, relocs, and linenumbers are 2 byte packed
#endif

//
// Symbol format.
//

typedef struct _IMAGE_SYMBOL {
union {
      BYTE ShortName[8];
      struct {
         DWORD Short;    // if 0, use LongName
         DWORD Long;    // offset into string table
      } Name;
      DWORD LongName[2]; // PBYTE [2]
} N;
DWORD Value;
SHORT SectionNumber;
WORD Type;
BYTE StorageClass;
BYTE NumberOfAuxSymbols;
} IMAGE_SYMBOL;
typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL;

#define IMAGE_SIZEOF_SYMBOL                18

//
// Section values.
//
// Symbols have a section number of the section in which they are
// defined. Otherwise, section numbers have the following meanings:
//

#define IMAGE_SYM_UNDEFINED          (SHORT)0       // Symbol is undefined or is common.
#define IMAGE_SYM_ABSOLUTE          (SHORT)-1       // Symbol is an absolute value.
#define IMAGE_SYM_DEBUG             (SHORT)-2       // Symbol is a special debug item.

//
// Type (fundamental) values.
//

#define IMAGE_SYM_TYPE_NULL                0x0000  // no type.
#define IMAGE_SYM_TYPE_VOID                0x0001  //
#define IMAGE_SYM_TYPE_CHAR                0x0002  // type character.
#define IMAGE_SYM_TYPE_SHORT             0x0003  // type short integer.
#define IMAGE_SYM_TYPE_INT                0x0004  //
#define IMAGE_SYM_TYPE_LONG                0x0005  //
#define IMAGE_SYM_TYPE_FLOAT             0x0006  //
#define IMAGE_SYM_TYPE_DOUBLE             0x0007  //
#define IMAGE_SYM_TYPE_STRUCT             0x0008  //
#define IMAGE_SYM_TYPE_UNION             0x0009  //
#define IMAGE_SYM_TYPE_ENUM                0x000A  // enumeration.
#define IMAGE_SYM_TYPE_MOE                0x000B  // member of enumeration.
#define IMAGE_SYM_TYPE_BYTE                0x000C  //
#define IMAGE_SYM_TYPE_WORD                0x000D  //
#define IMAGE_SYM_TYPE_UINT                0x000E  //
#define IMAGE_SYM_TYPE_DWORD             0x000F  //
#define IMAGE_SYM_TYPE_PCODE             0x8000  //
//
// Type (derived) values.
//

#define IMAGE_SYM_DTYPE_NULL             0    // no derived type.
#define IMAGE_SYM_DTYPE_POINTER          1    // pointer.
#define IMAGE_SYM_DTYPE_FUNCTION          2    // function.
#define IMAGE_SYM_DTYPE_ARRAY             3    // array.

//
// Storage classes.
//
#define IMAGE_SYM_CLASS_END_OF_FUNCTION    (BYTE )-1
#define IMAGE_SYM_CLASS_NULL             0x0000
#define IMAGE_SYM_CLASS_AUTOMATIC          0x0001
#define IMAGE_SYM_CLASS_EXTERNAL          0x0002
#define IMAGE_SYM_CLASS_STATIC             0x0003
#define IMAGE_SYM_CLASS_REGISTER          0x0004
#define IMAGE_SYM_CLASS_EXTERNAL_DEF       0x0005
#define IMAGE_SYM_CLASS_LABEL             0x0006
#define IMAGE_SYM_CLASS_UNDEFINED_LABEL    0x0007
#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008
#define IMAGE_SYM_CLASS_ARGUMENT          0x0009
#define IMAGE_SYM_CLASS_STRUCT_TAG       0x000A
#define IMAGE_SYM_CLASS_MEMBER_OF_UNION    0x000B
#define IMAGE_SYM_CLASS_UNION_TAG          0x000C
#define IMAGE_SYM_CLASS_TYPE_DEFINITION    0x000D
#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E
#define IMAGE_SYM_CLASS_ENUM_TAG          0x000F
#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM    0x0010
#define IMAGE_SYM_CLASS_REGISTER_PARAM    0x0011
#define IMAGE_SYM_CLASS_BIT_FIELD          0x0012

#define IMAGE_SYM_CLASS_FAR_EXTERNAL       0x0044  //

#define IMAGE_SYM_CLASS_BLOCK             0x0064
#define IMAGE_SYM_CLASS_FUNCTION          0x0065
#define IMAGE_SYM_CLASS_END_OF_STRUCT    0x0066
#define IMAGE_SYM_CLASS_FILE             0x0067
// new
#define IMAGE_SYM_CLASS_SECTION          0x0068
#define IMAGE_SYM_CLASS_WEAK_EXTERNAL    0x0069

// type packing constants

#define N_BTMASK                         0x000F
#define N_TMASK                            0x0030
#define N_TMASK1                         0x00C0
#define N_TMASK2                         0x00F0
#define N_BTSHFT                         4
#define N_TSHIFT                         2
// MACROS

// Basic Type of  x
#define BTYPE(x) ((x) & N_BTMASK)

// Is x a pointer?
#ifndef ISPTR
#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT))
#endif

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・1

免费・0

支持

最新回复 (31) 1 2 ▶
PFC 雪币： 161 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 16 回帖 58 粉丝 0 关注私信	PFC 2 楼 // Is x a function? #ifndef ISFCN #define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT)) #endif // Is x an array? #ifndef ISARY #define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT)) #endif // Is x a structure, union, or enumeration TAG? #ifndef ISTAG #define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG \|\| (x)==IMAGE_SYM_CLASS_UNION_TAG \|\| (x)==IMAGE_SYM_CLASS_ENUM_TAG) #endif #ifndef INCREF #define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)\|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)\|((x)&N_BTMASK)) #endif #ifndef DECREF #define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)\|((x)&N_BTMASK)) #endif // // Auxiliary entry format. // typedef union _IMAGE_AUX_SYMBOL { struct { DWORD TagIndex; // struct, union, or enum tag index union { struct { WORD Linenumber; // declaration line number WORD Size; // size of struct, union, or enum } LnSz; DWORD TotalSize; } Misc; union { struct { // if ISFCN, tag, or .bb DWORD PointerToLinenumber; DWORD PointerToNextFunction; } Function; struct { // if ISARY, up to 4 dimen. WORD Dimension[4]; } Array; } FcnAry; WORD TvIndex; // tv index } Sym; struct { BYTE Name[IMAGE_SIZEOF_SYMBOL]; } File; struct { DWORD Length; // section length WORD NumberOfRelocations; // number of relocation entries WORD NumberOfLinenumbers; // number of line numbers DWORD CheckSum; // checksum for communal SHORT Number; // section number to associate with BYTE Selection; // communal selection type } Section; } IMAGE_AUX_SYMBOL; typedef IMAGE_AUX_SYMBOL UNALIGNED PIMAGE_AUX_SYMBOL; #define IMAGE_SIZEOF_AUX_SYMBOL 18 // // Communal selection types. // #define IMAGE_COMDAT_SELECT_NODUPLICATES 1 #define IMAGE_COMDAT_SELECT_ANY 2 #define IMAGE_COMDAT_SELECT_SAME_SIZE 3 #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 #define IMAGE_COMDAT_SELECT_LARGEST 6 #define IMAGE_COMDAT_SELECT_NEWEST 7 #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 // // Relocation format. // typedef struct _IMAGE_RELOCATION { union { DWORD VirtualAddress; DWORD RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set }; DWORD SymbolTableIndex; WORD Type; } IMAGE_RELOCATION; typedef IMAGE_RELOCATION UNALIGNED PIMAGE_RELOCATION; #define IMAGE_SIZEOF_RELOCATION 10 // // I386 relocation types. // #define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary #define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address #define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address #define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address #define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included #define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address #define IMAGE_REL_I386_SECTION 0x000A #define IMAGE_REL_I386_SECREL 0x000B #define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address // // MIPS relocation types. // #define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary #define IMAGE_REL_MIPS_REFHALF 0x0001 #define IMAGE_REL_MIPS_REFWORD 0x0002 #define IMAGE_REL_MIPS_JMPADDR 0x0003 #define IMAGE_REL_MIPS_REFHI 0x0004 #define IMAGE_REL_MIPS_REFLO 0x0005 #define IMAGE_REL_MIPS_GPREL 0x0006 #define IMAGE_REL_MIPS_LITERAL 0x0007 #define IMAGE_REL_MIPS_SECTION 0x000A #define IMAGE_REL_MIPS_SECREL 0x000B #define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS) #define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS) #define IMAGE_REL_MIPS_JMPADDR16 0x0010 #define IMAGE_REL_MIPS_REFWORDNB 0x0022 #define IMAGE_REL_MIPS_PAIR 0x0025 // // Alpha Relocation types. // #define IMAGE_REL_ALPHA_ABSOLUTE 0x0000 #define IMAGE_REL_ALPHA_REFLONG 0x0001 #define IMAGE_REL_ALPHA_REFQUAD 0x0002 #define IMAGE_REL_ALPHA_GPREL32 0x0003 #define IMAGE_REL_ALPHA_LITERAL 0x0004 #define IMAGE_REL_ALPHA_LITUSE 0x0005 #define IMAGE_REL_ALPHA_GPDISP 0x0006 #define IMAGE_REL_ALPHA_BRADDR 0x0007 #define IMAGE_REL_ALPHA_HINT 0x0008 #define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009 #define IMAGE_REL_ALPHA_REFHI 0x000A #define IMAGE_REL_ALPHA_REFLO 0x000B #define IMAGE_REL_ALPHA_PAIR 0x000C #define IMAGE_REL_ALPHA_MATCH 0x000D #define IMAGE_REL_ALPHA_SECTION 0x000E #define IMAGE_REL_ALPHA_SECREL 0x000F #define IMAGE_REL_ALPHA_REFLONGNB 0x0010 #define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference #define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference #define IMAGE_REL_ALPHA_REFQ3 0x0013 // High 16 bits of 48 bit reference #define IMAGE_REL_ALPHA_REFQ2 0x0014 // Middle 16 bits of 48 bit reference #define IMAGE_REL_ALPHA_REFQ1 0x0015 // Low 16 bits of 48 bit reference #define IMAGE_REL_ALPHA_GPRELLO 0x0016 // Low 16-bit GP relative reference #define IMAGE_REL_ALPHA_GPRELHI 0x0017 // High 16-bit GP relative reference // // IBM PowerPC relocation types. // #define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP #define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address #define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address #define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) #define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address #define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) #define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) #define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) #define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base #define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) #define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base #define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) #define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number #define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code #define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction #define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits) #define IMAGE_REL_PPC_REFHI 0x0010 #define IMAGE_REL_PPC_REFLO 0x0011 #define IMAGE_REL_PPC_PAIR 0x0012 #define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS) #define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS) #define IMAGE_REL_PPC_GPREL 0x0015 #define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type // Flag bits in IMAGE_RELOCATION.TYPE #define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it #define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken #define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken #define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) // // Hitachi SH3 relocation types. // #define IMAGE_REL_SH3_ABSOLUTE 0x0000 // No relocation #define IMAGE_REL_SH3_DIRECT16 0x0001 // 16 bit direct #define IMAGE_REL_SH3_DIRECT32 0x0002 // 32 bit direct #define IMAGE_REL_SH3_DIRECT8 0x0003 // 8 bit direct, -128..255 #define IMAGE_REL_SH3_DIRECT8_WORD 0x0004 // 8 bit direct .W (0 ext.) #define IMAGE_REL_SH3_DIRECT8_LONG 0x0005 // 8 bit direct .L (0 ext.) #define IMAGE_REL_SH3_DIRECT4 0x0006 // 4 bit direct (0 ext.) #define IMAGE_REL_SH3_DIRECT4_WORD 0x0007 // 4 bit direct .W (0 ext.) #define IMAGE_REL_SH3_DIRECT4_LONG 0x0008 // 4 bit direct .L (0 ext.) #define IMAGE_REL_SH3_PCREL8_WORD 0x0009 // 8 bit PC relative .W #define IMAGE_REL_SH3_PCREL8_LONG 0x000A // 8 bit PC relative .L #define IMAGE_REL_SH3_PCREL12_WORD 0x000B // 12 LSB PC relative .W #define IMAGE_REL_SH3_STARTOF_SECTION 0x000C // Start of EXE section #define IMAGE_REL_SH3_SIZEOF_SECTION 0x000D // Size of EXE section #define IMAGE_REL_SH3_SECTION 0x000E // Section table index #define IMAGE_REL_SH3_SECREL 0x000F // Offset within section #define IMAGE_REL_SH3_DIRECT32_NB 0x0010 // 32 bit direct not based #define IMAGE_REL_ARM_ABSOLUTE 0x0000 // No relocation required #define IMAGE_REL_ARM_ADDR32 0x0001 // 32 bit address #define IMAGE_REL_ARM_ADDR32NB 0x0002 // 32 bit address w/o image base #define IMAGE_REL_ARM_BRANCH24 0x0003 // 24 bit offset << 2 & sign ext. #define IMAGE_REL_ARM_BRANCH11 0x0004 // Thumb: 2 11 bit offsets #define IMAGE_REL_ARM_GPREL12 0x0006 // GP-relative addressing (ARM) #define IMAGE_REL_ARM_GPREL7 0x0007 // GP-relative addressing (Thumb) #define IMAGE_REL_ARM_SECTION 0x000E // Section table index #define IMAGE_REL_ARM_SECREL 0x000F // Offset within section // // IA64 relocation types. // #define IMAGE_REL_IA64_ABSOLUTE 0x0000 #define IMAGE_REL_IA64_IMM14 0x0001 #define IMAGE_REL_IA64_IMM22 0x0002 #define IMAGE_REL_IA64_IMM64 0x0003 #define IMAGE_REL_IA64_DIR32 0x0004 #define IMAGE_REL_IA64_DIR64 0x0005 #define IMAGE_REL_IA64_PCREL21B 0x0006 #define IMAGE_REL_IA64_PCREL21M 0x0007 #define IMAGE_REL_IA64_PCREL21F 0x0008 #define IMAGE_REL_IA64_GPREL22 0x0009 #define IMAGE_REL_IA64_LTOFF22 0x000A #define IMAGE_REL_IA64_SECTION 0x000B #define IMAGE_REL_IA64_SECREL22 0x000C #define IMAGE_REL_IA64_SECREL64I 0x000D #define IMAGE_REL_IA64_SECREL32 0x000E #define IMAGE_REL_IA64_LTOFF64 0x000F #define IMAGE_REL_IA64_DIR32NB 0x0010 #define IMAGE_REL_IA64_ADDEND 0x001F // Please contact INTEL to get IA64-specific information // @@BEGIN_DDKSPLIT // @@END_DDKSPLIT // // Line number format. // typedef struct _IMAGE_LINENUMBER { union { DWORD SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. DWORD VirtualAddress; // Virtual address of line number. } Type; WORD Linenumber; // Line number. } IMAGE_LINENUMBER; typedef IMAGE_LINENUMBER UNALIGNED PIMAGE_LINENUMBER; #define IMAGE_SIZEOF_LINENUMBER 6 #ifndef _MAC #include "poppack.h" // Back to 4 byte packing #endif // // Based relocation format. // typedef struct _IMAGE_BASE_RELOCATION { DWORD VirtualAddress; DWORD SizeOfBlock; // WORD TypeOffset[1]; } IMAGE_BASE_RELOCATION; typedef IMAGE_BASE_RELOCATION UNALIGNED PIMAGE_BASE_RELOCATION; #define IMAGE_SIZEOF_BASE_RELOCATION 8 // // Based relocation types. // #define IMAGE_REL_BASED_ABSOLUTE 0 #define IMAGE_REL_BASED_HIGH 1 #define IMAGE_REL_BASED_LOW 2 #define IMAGE_REL_BASED_HIGHLOW 3 #define IMAGE_REL_BASED_HIGHADJ 4 #define IMAGE_REL_BASED_MIPS_JMPADDR 5 #define IMAGE_REL_BASED_SECTION 6 #define IMAGE_REL_BASED_REL32 7 #define IMAGE_REL_BASED_MIPS_JMPADDR16 9 #define IMAGE_REL_BASED_IA64_IMM64 9 #define IMAGE_REL_BASED_DIR64 10 #define IMAGE_REL_BASED_HIGH3ADJ 11 // // Archive format. // #define IMAGE_ARCHIVE_START_SIZE 8 #define IMAGE_ARCHIVE_START "!<arch>\n" #define IMAGE_ARCHIVE_END "`\n" #define IMAGE_ARCHIVE_PAD "\n" #define IMAGE_ARCHIVE_LINKER_MEMBER "/ " #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { BYTE Name[16]; // File member name - `/' terminated. BYTE Date[12]; // File member date - decimal. BYTE UserID[6]; // File member user id - decimal. BYTE GroupID[6]; // File member group id - decimal. BYTE Mode[8]; // File member mode - octal. BYTE Size[10]; // File member size - decimal. BYTE EndHeader[2]; // String to end header. } IMAGE_ARCHIVE_MEMBER_HEADER, PIMAGE_ARCHIVE_MEMBER_HEADER; #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 // // DLL support. // // // Export Format // typedef struct _IMAGE_EXPORT_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD Name; DWORD Base; DWORD NumberOfFunctions; DWORD NumberOfNames; DWORD AddressOfFunctions; // RVA from base of image DWORD AddressOfNames; // RVA from base of image DWORD AddressOfNameOrdinals; // RVA from base of image } IMAGE_EXPORT_DIRECTORY, PIMAGE_EXPORT_DIRECTORY; // // Import Format // typedef struct _IMAGE_IMPORT_BY_NAME { WORD Hint; BYTE Name[1]; } IMAGE_IMPORT_BY_NAME, PIMAGE_IMPORT_BY_NAME; #include "pshpack8.h" // Use align 8 for the 64-bit IAT. typedef struct _IMAGE_THUNK_DATA64 { union { ULONGLONG ForwarderString; // PBYTE ULONGLONG Function; // PDWORD ULONGLONG Ordinal; ULONGLONG AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA64; typedef IMAGE_THUNK_DATA64 PIMAGE_THUNK_DATA64; #include "poppack.h" // Back to 4 byte packing typedef struct _IMAGE_THUNK_DATA32 { union { DWORD ForwarderString; // PBYTE DWORD Function; // PDWORD DWORD Ordinal; DWORD AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA32; typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32; #define IMAGE_ORDINAL_FLAG64 0x8000000000000000 #define IMAGE_ORDINAL_FLAG32 0x80000000 #define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff) #define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff) #define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0) #define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0) // // Thread Local Storage // typedef VOID (NTAPI PIMAGE_TLS_CALLBACK) ( PVOID DllHandle, DWORD Reason, PVOID Reserved ); typedef struct _IMAGE_TLS_DIRECTORY64 { ULONGLONG StartAddressOfRawData; ULONGLONG EndAddressOfRawData; ULONGLONG AddressOfIndex; // PDWORD ULONGLONG AddressOfCallBacks; // PIMAGE_TLS_CALLBACK ; DWORD SizeOfZeroFill; DWORD Characteristics; } IMAGE_TLS_DIRECTORY64; typedef IMAGE_TLS_DIRECTORY64 * PIMAGE_TLS_DIRECTORY64; typedef struct _IMAGE_TLS_DIRECTORY32 { DWORD StartAddressOfRawData; DWORD EndAddressOfRawData; DWORD AddressOfIndex; // PDWORD DWORD AddressOfCallBacks; // PIMAGE_TLS_CALLBACK * DWORD SizeOfZeroFill; DWORD Characteristics; } IMAGE_TLS_DIRECTORY32; typedef IMAGE_TLS_DIRECTORY32 * PIMAGE_TLS_DIRECTORY32; #ifdef _WIN64 #define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG64 #define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal) typedef IMAGE_THUNK_DATA64 IMAGE_THUNK_DATA; typedef PIMAGE_THUNK_DATA64 PIMAGE_THUNK_DATA; #define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL64(Ordinal) typedef IMAGE_TLS_DIRECTORY64 IMAGE_TLS_DIRECTORY; typedef PIMAGE_TLS_DIRECTORY64 PIMAGE_TLS_DIRECTORY; #else #define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG32 #define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL32(Ordinal) typedef IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA; typedef PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA; #define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL32(Ordinal) typedef IMAGE_TLS_DIRECTORY32 IMAGE_TLS_DIRECTORY; typedef PIMAGE_TLS_DIRECTORY32 PIMAGE_TLS_DIRECTORY; #endif typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; // 0 for terminating null import descriptor DWORD OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA) }; DWORD TimeDateStamp; // 0 if not bound, // -1 if bound, and real date\time stamp // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) // O.W. date/time stamp of DLL bound to (Old BIND) DWORD ForwarderChain; // -1 if no forwarders DWORD Name; DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses) } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED PIMAGE_IMPORT_DESCRIPTOR; // // New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ] // typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR { DWORD TimeDateStamp; WORD OffsetModuleName; WORD NumberOfModuleForwarderRefs; // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows } IMAGE_BOUND_IMPORT_DESCRIPTOR, PIMAGE_BOUND_IMPORT_DESCRIPTOR; typedef struct _IMAGE_BOUND_FORWARDER_REF { DWORD TimeDateStamp; WORD OffsetModuleName; WORD Reserved; } IMAGE_BOUND_FORWARDER_REF, PIMAGE_BOUND_FORWARDER_REF; // // Resource Format. // // // Resource directory consists of two counts, following by a variable length // array of directory entries. The first count is the number of entries at // beginning of the array that have actual names associated with each entry. // The entries are in ascending order, case insensitive strings. The second // count is the number of entries that immediately follow the named entries. // This second count identifies the number of entries that have 16-bit integer // Ids as their name. These entries are also sorted in ascending order. // // This structure allows fast lookup by either name or number, but for any // given resource entry only one form of lookup is supported, not both. // This is consistant with the syntax of the .RC file and the .RES file. // typedef struct _IMAGE_RESOURCE_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; WORD NumberOfNamedEntries; WORD NumberOfIdEntries; // IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; } IMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY; #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000 // // Each directory contains the 32-bit Name of the entry and an offset, // relative to the beginning of the resource directory of the data associated // with this directory entry. If the name of the entry is an actual text // string instead of an integer Id, then the high order bit of the name field // is set to one and the low order 31-bits are an offset, relative to the // beginning of the resource directory of the string, which is of type // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the // low-order 16-bits are the integer Id that identify this resource directory // entry. If the directory entry is yet another resource directory (i.e. a // subdirectory), then the high order bit of the offset field will be // set to indicate this. Otherwise the high bit is clear and the offset // field points to a resource data entry. // typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY { union { struct { DWORD NameOffset:31; DWORD NameIsString:1; }; DWORD Name; WORD Id; }; union { DWORD OffsetToData; struct { DWORD OffsetToDirectory:31; DWORD DataIsDirectory:1; }; }; } IMAGE_RESOURCE_DIRECTORY_ENTRY, PIMAGE_RESOURCE_DIRECTORY_ENTRY; // // For resource directory entries that have actual string names, the Name // field of the directory entry points to an object of the following type. // All of these string objects are stored together after the last resource // directory entry and before the first resource data object. This minimizes // the impact of these variable length objects on the alignment of the fixed // size directory entry objects. // typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING { WORD Length; CHAR NameString[ 1 ]; } IMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_RESOURCE_DIRECTORY_STRING; typedef struct _IMAGE_RESOURCE_DIR_STRING_U { WORD Length; WCHAR NameString[ 1 ]; } IMAGE_RESOURCE_DIR_STRING_U, PIMAGE_RESOURCE_DIR_STRING_U; // // Each resource data entry describes a leaf node in the resource directory // tree. It contains an offset, relative to the beginning of the resource // directory of the data for the resource, a size field that gives the number // of bytes of data at that offset, a CodePage that should be used when // decoding code point values within the resource data. Typically for new // applications the code page would be the unicode code page. // typedef struct _IMAGE_RESOURCE_DATA_ENTRY { DWORD OffsetToData; DWORD Size; DWORD CodePage; DWORD Reserved; } IMAGE_RESOURCE_DATA_ENTRY, PIMAGE_RESOURCE_DATA_ENTRY; // // Load Configuration Directory Entry // typedef struct { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD GlobalFlagsClear; DWORD GlobalFlagsSet; DWORD CriticalSectionDefaultTimeout; DWORD DeCommitFreeBlockThreshold; DWORD DeCommitTotalFreeThreshold; DWORD LockPrefixTable; // VA DWORD MaximumAllocationSize; DWORD VirtualMemoryThreshold; DWORD ProcessHeapFlags; DWORD ProcessAffinityMask; WORD CSDVersion; WORD Reserved1; DWORD EditList; // VA DWORD Reserved[ 1 ]; } IMAGE_LOAD_CONFIG_DIRECTORY32, PIMAGE_LOAD_CONFIG_DIRECTORY32; typedef struct { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD GlobalFlagsClear; DWORD GlobalFlagsSet; DWORD CriticalSectionDefaultTimeout; DWORD DeCommitFreeBlockThreshold; DWORD DeCommitTotalFreeThreshold; ULONGLONG LockPrefixTable; // VA DWORD MaximumAllocationSize; DWORD VirtualMemoryThreshold; DWORD ProcessHeapFlags; DWORD ProcessAffinityMask; WORD CSDVersion; WORD Reserved1; ULONGLONG EditList; // VA DWORD Reserved[ 1 ]; } IMAGE_LOAD_CONFIG_DIRECTORY64, PIMAGE_LOAD_CONFIG_DIRECTORY64; #ifdef _WIN64 typedef IMAGE_LOAD_CONFIG_DIRECTORY64 IMAGE_LOAD_CONFIG_DIRECTORY; typedef PIMAGE_LOAD_CONFIG_DIRECTORY64 PIMAGE_LOAD_CONFIG_DIRECTORY; #else typedef IMAGE_LOAD_CONFIG_DIRECTORY32 IMAGE_LOAD_CONFIG_DIRECTORY; typedef PIMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY; #endif // // Function table entry format for IA64 images. Function table is // pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. // This definition duplicates the one in ntia64.h for use by portable // image file mungers. // typedef struct _IMAGE_IA64_RUNTIME_FUNCTION_ENTRY { DWORD BeginAddress; DWORD EndAddress; DWORD UnwindInfoAddress; } IMAGE_IA64_RUNTIME_FUNCTION_ENTRY, PIMAGE_IA64_RUNTIME_FUNCTION_ENTRY; // // Function table entry format for ALPHA images. Function table is // pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. // This definition duplicates ones in ntmips.h and ntalpha.h for use // by portable image file mungers. // typedef struct _IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY { DWORD BeginAddress; DWORD EndAddress; DWORD ExceptionHandler; DWORD HandlerData; DWORD PrologEndAddress; } IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY, PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY; typedef struct _IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY { ULONGLONG BeginAddress; ULONGLONG EndAddress; ULONGLONG ExceptionHandler; ULONGLONG HandlerData; ULONGLONG PrologEndAddress; } IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY, PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY; typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_AXP64_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_AXP64_RUNTIME_FUNCTION_ENTRY; // // WIN CE Exception table format // typedef struct _IMAGE_CE_RUNTIME_FUNCTION_ENTRY { DWORD FuncStart; DWORD PrologLen : 8; DWORD FuncLen : 22; DWORD ThirtyTwoBit : 1; DWORD ExceptionFlag : 1; } IMAGE_CE_RUNTIME_FUNCTION_ENTRY, PIMAGE_CE_RUNTIME_FUNCTION_ENTRY; #if defined(_IA64_) typedef IMAGE_IA64_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_IA64_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY; #elif defined(_AXP64_) typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY; #else typedef IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY; #endif // // Debug Format // typedef struct _IMAGE_DEBUG_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD Type; DWORD SizeOfData; DWORD AddressOfRawData; DWORD PointerToRawData; } IMAGE_DEBUG_DIRECTORY, PIMAGE_DEBUG_DIRECTORY; #define IMAGE_DEBUG_TYPE_UNKNOWN 0 #define IMAGE_DEBUG_TYPE_COFF 1 #define IMAGE_DEBUG_TYPE_CODEVIEW 2 #define IMAGE_DEBUG_TYPE_FPO 3 #define IMAGE_DEBUG_TYPE_MISC 4 #define IMAGE_DEBUG_TYPE_EXCEPTION 5 #define IMAGE_DEBUG_TYPE_FIXUP 6 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8 #define IMAGE_DEBUG_TYPE_BORLAND 9 #define IMAGE_DEBUG_TYPE_RESERVED10 10 typedef struct _IMAGE_COFF_SYMBOLS_HEADER { DWORD NumberOfSymbols; DWORD LvaToFirstSymbol; DWORD NumberOfLinenumbers; DWORD LvaToFirstLinenumber; DWORD RvaToFirstByteOfCode; DWORD RvaToLastByteOfCode; DWORD RvaToFirstByteOfData; DWORD RvaToLastByteOfData; } IMAGE_COFF_SYMBOLS_HEADER, PIMAGE_COFF_SYMBOLS_HEADER; #define FRAME_FPO 0 #define FRAME_TRAP 1 #define FRAME_TSS 2 #define FRAME_NONFPO 3 typedef struct _FPO_DATA { DWORD ulOffStart; // offset 1st byte of function code DWORD cbProcSize; // # bytes in function DWORD cdwLocals; // # bytes in locals/4 WORD cdwParams; // # bytes in params/4 WORD cbProlog : 8; // # bytes in prolog WORD cbRegs : 3; // # regs saved WORD fHasSEH : 1; // TRUE if SEH in func WORD fUseBP : 1; // TRUE if EBP has been allocated WORD reserved : 1; // reserved for future use WORD cbFrame : 2; // frame type } FPO_DATA, PFPO_DATA; #define SIZEOF_RFPO_DATA 16 #define IMAGE_DEBUG_MISC_EXENAME 1 typedef struct _IMAGE_DEBUG_MISC { DWORD DataType; // type of misc data, see defines DWORD Length; // total length of record, rounded to four // byte multiple. BOOLEAN Unicode; // TRUE if data is unicode string BYTE Reserved[ 3 ]; BYTE Data[ 1 ]; // Actual data } IMAGE_DEBUG_MISC, PIMAGE_DEBUG_MISC; // // Function table extracted from MIPS/ALPHA/IA64 images. Does not contain // information needed only for runtime support. Just those fields for // each entry needed by a debugger. // typedef struct _IMAGE_FUNCTION_ENTRY { DWORD StartingAddress; DWORD EndingAddress; DWORD EndOfPrologue; } IMAGE_FUNCTION_ENTRY, PIMAGE_FUNCTION_ENTRY; typedef struct _IMAGE_FUNCTION_ENTRY64 { ULONGLONG StartingAddress; ULONGLONG EndingAddress; union { ULONGLONG EndOfPrologue; ULONGLONG UnwindInfoAddress; }; } IMAGE_FUNCTION_ENTRY64, PIMAGE_FUNCTION_ENTRY64; // // Debugging information can be stripped from an image file and placed // in a separate .DBG file, whose file name part is the same as the // image file name part (e.g. symbols for CMD.EXE could be stripped // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED // flag in the Characteristics field of the file header. The beginning of // the .DBG file contains the following structure which captures certain // information from the image file. This allows a debug to proceed even if // the original image file is not accessable. This header is followed by // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in // the image file contain file offsets relative to the beginning of the // .DBG file. // // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure // is left in the image file, but not mapped. This allows a debugger to // compute the name of the .DBG file, from the name of the image in the // IMAGE_DEBUG_MISC structure. // typedef struct _IMAGE_SEPARATE_DEBUG_HEADER { WORD Signature; WORD Flags; WORD Machine; WORD Characteristics; DWORD TimeDateStamp; DWORD CheckSum; DWORD ImageBase; DWORD SizeOfImage; DWORD NumberOfSections; DWORD ExportedNamesSize; DWORD DebugDirectorySize; DWORD SectionAlignment; DWORD Reserved[2]; } IMAGE_SEPARATE_DEBUG_HEADER, PIMAGE_SEPARATE_DEBUG_HEADER; #ifndef _MAC #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944 #else #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4449 #endif #define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000 #define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the // old checksum didn't match. // // The .arch section is made up of headers, each describing an amask position/value // pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header // and entry arrays) are terminiated by a quadword of 0xffffffffL. // // NOTE: There may be quadwords of 0 sprinkled around and must be skipped. // typedef struct _ImageArchitectureHeader { unsigned int AmaskValue: 1; // 1 -> code section depends on mask bit // 0 -> new instruction depends on mask bit int :7; // MBZ unsigned int AmaskShift: 8; // Amask bit in question for this fixup int :16; // MBZ DWORD FirstEntryRVA; // RVA into .arch section to array of ARCHITECTURE_ENTRY's } IMAGE_ARCHITECTURE_HEADER, PIMAGE_ARCHITECTURE_HEADER; typedef struct _ImageArchitectureEntry { DWORD FixupInstRVA; // RVA of instruction to fixup DWORD NewInst; // fixup instruction (see alphaops.h) } IMAGE_ARCHITECTURE_ENTRY, PIMAGE_ARCHITECTURE_ENTRY; #include "poppack.h" // Back to the initial value // The following structure defines the new import object. Note the values of the first two fields, // which must be set as stated in order to differentiate old and new import members. // Following this structure, the linker emits two null-terminated strings used to recreate the // import at the time of use. The first string is the import's name, the second is the dll's name. #define IMPORT_OBJECT_HDR_SIG2 0xffff typedef struct IMPORT_OBJECT_HEADER { WORD Sig1; // Must be IMAGE_FILE_MACHINE_UNKNOWN WORD Sig2; // Must be IMPORT_OBJECT_HDR_SIG2. WORD Version; WORD Machine; DWORD TimeDateStamp; // Time/date stamp DWORD SizeOfData; // particularly useful for incremental links union { WORD Ordinal; // if grf & IMPORT_OBJECT_ORDINAL WORD Hint; }; WORD Type : 2; // IMPORT_TYPE WORD NameType : 3; // IMPORT_NAME_TYPE WORD Reserved : 11; // Reserved. Must be zero. } IMPORT_OBJECT_HEADER; typedef enum IMPORT_OBJECT_TYPE { IMPORT_OBJECT_CODE = 0, IMPORT_OBJECT_DATA = 1, IMPORT_OBJECT_CONST = 2, } IMPORT_OBJECT_TYPE; typedef enum IMPORT_OBJECT_NAME_TYPE { IMPORT_OBJECT_ORDINAL = 0, // Import by ordinal IMPORT_OBJECT_NAME = 1, // Import name == public symbol name. IMPORT_OBJECT_NAME_NO_PREFIX = 2, // Import name == public symbol name skipping leading ?, @, or optionally _. IMPORT_OBJECT_NAME_UNDECORATE = 3, // Import name == public symbol name skipping leading ?, @, or optionally _ // and truncating at first @ } IMPORT_OBJECT_NAME_TYPE; // // End Image Format // // // for move macros // #ifdef _MAC #ifndef _INC_STRING #include <string.h> #endif / _INC_STRING / #else #include <string.h> #endif // _MAC #define HEAP_NO_SERIALIZE 0x00000001 #define HEAP_GROWABLE 0x00000002 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 #define HEAP_ZERO_MEMORY 0x00000008 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 #define HEAP_CREATE_ALIGN_16 0x00010000 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 #define HEAP_MAXIMUM_TAG 0x0FFF #define HEAP_PSEUDO_TAG_FLAG 0x8000 #define HEAP_TAG_SHIFT 18 #define HEAP_MAKE_TAG_FLAGS( b, o ) ((DWORD)((b) + ((o) << 18))) #define IS_TEXT_UNICODE_ASCII16 0x0001 #define IS_TEXT_UNICODE_REVERSE_ASCII16 0x0010 #define IS_TEXT_UNICODE_STATISTICS 0x0002 #define IS_TEXT_UNICODE_REVERSE_STATISTICS 0x0020 #define IS_TEXT_UNICODE_CONTROLS 0x0004 #define IS_TEXT_UNICODE_REVERSE_CONTROLS 0x0040 #define IS_TEXT_UNICODE_SIGNATURE 0x0008 #define IS_TEXT_UNICODE_REVERSE_SIGNATURE 0x0080 #define IS_TEXT_UNICODE_ILLEGAL_CHARS 0x0100 #define IS_TEXT_UNICODE_ODD_LENGTH 0x0200 #define IS_TEXT_UNICODE_DBCS_LEADBYTE 0x0400 #define IS_TEXT_UNICODE_NULL_BYTES 0x1000 #define IS_TEXT_UNICODE_UNICODE_MASK 0x000F #define IS_TEXT_UNICODE_REVERSE_MASK 0x00F0 #define IS_TEXT_UNICODE_NOT_UNICODE_MASK 0x0F00 #define IS_TEXT_UNICODE_NOT_ASCII_MASK 0xF000 #define COMPRESSION_FORMAT_NONE (0x0000) #define COMPRESSION_FORMAT_DEFAULT (0x0001) #define COMPRESSION_FORMAT_LZNT1 (0x0002) #define COMPRESSION_ENGINE_STANDARD (0x0000) #define COMPRESSION_ENGINE_MAXIMUM (0x0100) #define COMPRESSION_ENGINE_HIBER (0x0200) NTSYSAPI SIZE_T NTAPI RtlCompareMemory ( const VOID Source1, const VOID Source2, SIZE_T Length ); #if defined(_M_AXP64) \|\| defined(_M_IA64) #define RtlEqualMemory(Source1, Source2, Length) \ ((Length) == RtlCompareMemory(Source1, Source2, Length)) NTSYSAPI VOID NTAPI RtlCopyMemory ( VOID UNALIGNED Destination, CONST VOID UNALIGNED Source, SIZE_T Length ); NTSYSAPI VOID NTAPI RtlCopyMemory32 ( VOID UNALIGNED Destination, CONST VOID UNALIGNED Source, DWORD Length ); NTSYSAPI VOID NTAPI RtlMoveMemory ( VOID UNALIGNED Destination, CONST VOID UNALIGNED Source, SIZE_T Length ); NTSYSAPI VOID NTAPI RtlFillMemory ( VOID UNALIGNED Destination, SIZE_T Length, BYTE Fill ); NTSYSAPI VOID NTAPI RtlZeroMemory ( VOID UNALIGNED Destination, SIZE_T Length ); #else #define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length))) #define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length)) #define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length)) #define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length)) #define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length)) #endif #if (defined(_ALPHA_) \|\| defined(_M_IA64)) && !(defined(MIDL_PASS) \|\| defined(RC_INVOKED)) NTSYSAPI VOID NTAPI RtlMoveMemory64 ( IN PVOID64 Destination, IN PVOID64 Source, IN ULONGLONG Length ); NTSYSAPI VOID NTAPI RtlFillMemory64 ( IN PVOID64 Destination, IN ULONGLONG Length, IN BYTE Fill ); NTSYSAPI VOID NTAPI RtlZeroMemory64 ( IN PVOID64 Destination, IN ULONGLONG Length ); #endif typedef struct _MESSAGE_RESOURCE_ENTRY { WORD Length; WORD Flags; BYTE Text[ 1 ]; } MESSAGE_RESOURCE_ENTRY, PMESSAGE_RESOURCE_ENTRY; #define MESSAGE_RESOURCE_UNICODE 0x0001 typedef struct _MESSAGE_RESOURCE_BLOCK { DWORD LowId; DWORD HighId; DWORD OffsetToEntries; } MESSAGE_RESOURCE_BLOCK, PMESSAGE_RESOURCE_BLOCK; typedef struct _MESSAGE_RESOURCE_DATA { DWORD NumberOfBlocks; MESSAGE_RESOURCE_BLOCK Blocks[ 1 ]; } MESSAGE_RESOURCE_DATA, PMESSAGE_RESOURCE_DATA; typedef struct _OSVERSIONINFOA { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; CHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage } OSVERSIONINFOA, POSVERSIONINFOA, LPOSVERSIONINFOA; typedef struct _OSVERSIONINFOW { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; WCHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage } OSVERSIONINFOW, POSVERSIONINFOW, LPOSVERSIONINFOW, RTL_OSVERSIONINFOW, PRTL_OSVERSIONINFOW; #ifdef UNICODE typedef OSVERSIONINFOW OSVERSIONINFO; typedef POSVERSIONINFOW POSVERSIONINFO; typedef LPOSVERSIONINFOW LPOSVERSIONINFO; #else typedef OSVERSIONINFOA OSVERSIONINFO; typedef POSVERSIONINFOA POSVERSIONINFO; typedef LPOSVERSIONINFOA LPOSVERSIONINFO; #endif // UNICODE typedef struct _OSVERSIONINFOEXA { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; CHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage WORD wServicePackMajor; WORD wServicePackMinor; WORD wSuiteMask; BYTE wProductType; BYTE wReserved; } OSVERSIONINFOEXA, POSVERSIONINFOEXA, LPOSVERSIONINFOEXA; typedef struct _OSVERSIONINFOEXW { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; WCHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage WORD wServicePackMajor; WORD wServicePackMinor; WORD wSuiteMask; BYTE wProductType; BYTE wReserved; } OSVERSIONINFOEXW, POSVERSIONINFOEXW, LPOSVERSIONINFOEXW, RTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOEXW; #ifdef UNICODE typedef OSVERSIONINFOEXW OSVERSIONINFOEX; typedef POSVERSIONINFOEXW POSVERSIONINFOEX; typedef LPOSVERSIONINFOEXW LPOSVERSIONINFOEX; #else typedef OSVERSIONINFOEXA OSVERSIONINFOEX; typedef POSVERSIONINFOEXA POSVERSIONINFOEX; typedef LPOSVERSIONINFOEXA LPOSVERSIONINFOEX; #endif // UNICODE // // RtlVerifyVersionInfo() conditions // #define VER_EQUAL 1 #define VER_GREATER 2 #define VER_GREATER_EQUAL 3 #define VER_LESS 4 #define VER_LESS_EQUAL 5 #define VER_AND 6 #define VER_OR 7 #define VER_CONDITION_MASK 7 #define VER_NUM_BITS_PER_CONDITION_MASK 3 // // RtlVerifyVersionInfo() type mask bits // #define VER_MINORVERSION 0x0000001 #define VER_MAJORVERSION 0x0000002 #define VER_BUILDNUMBER 0x0000004 #define VER_PLATFORMID 0x0000008 #define VER_SERVICEPACKMINOR 0x0000010 #define VER_SERVICEPACKMAJOR 0x0000020 #define VER_SUITENAME 0x0000040 #define VER_PRODUCT_TYPE 0x0000080 // // RtlVerifyVersionInfo() os product type values // #define VER_NT_WORKSTATION 0x0000001 #define VER_NT_DOMAIN_CONTROLLER 0x0000002 #define VER_NT_SERVER 0x0000003 // // dwPlatformId defines: // #define VER_PLATFORM_WIN32s 0 #define VER_PLATFORM_WIN32_WINDOWS 1 #define VER_PLATFORM_WIN32_NT 2 // // // VerifyVersionInfo() macro to set the condition mask // // For documentation sakes here's the old version of the macro that got // changed to call an API // #define VER_SET_CONDITION(_m_,_t_,_c_) _m_=(_m_\|(_c_<<(1<<_t_))) // #define VER_SET_CONDITION(_m_,_t_,_c_) \ ((_m_)=VerSetConditionMask((_m_),(_t_),(_c_))) ULONGLONG NTAPI VerSetConditionMask( IN ULONGLONG ConditionMask, IN DWORD TypeMask, IN BYTE Condition ); // typedef struct _RTL_CRITICAL_SECTION_DEBUG { WORD Type; WORD CreatorBackTraceIndex; struct _RTL_CRITICAL_SECTION CriticalSection; LIST_ENTRY ProcessLocksList; DWORD EntryCount; DWORD ContentionCount; DWORD Spare[ 2 ]; } RTL_CRITICAL_SECTION_DEBUG, PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, PRTL_RESOURCE_DEBUG; #define RTL_CRITSECT_TYPE 0 #define RTL_RESOURCE_TYPE 1 typedef struct _RTL_CRITICAL_SECTION { PRTL_CRITICAL_SECTION_DEBUG DebugInfo; // // The following three fields control entering and exiting the critical // section for the resource // LONG LockCount; LONG RecursionCount; HANDLE OwningThread; // from the thread's ClientId->UniqueThread HANDLE LockSemaphore; ULONG_PTR SpinCount; // force size on 64-bit systems when packed } RTL_CRITICAL_SECTION, PRTL_CRITICAL_SECTION; #define SEF_DACL_AUTO_INHERIT 0x01 #define SEF_SACL_AUTO_INHERIT 0x02 #define SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT 0x04 #define SEF_AVOID_PRIVILEGE_CHECK 0x08 #define SEF_AVOID_OWNER_CHECK 0x10 #define SEF_DEFAULT_OWNER_FROM_PARENT 0x20 #define SEF_DEFAULT_GROUP_FROM_PARENT 0x40 #define WT_EXECUTEDEFAULT 0x00000000 #define WT_EXECUTEINIOTHREAD 0x00000001 #define WT_EXECUTEINUITHREAD 0x00000002 #define WT_EXECUTEINWAITTHREAD 0x00000004 #define WT_EXECUTEONLYONCE 0x00000008 #define WT_EXECUTEINTIMERTHREAD 0x00000020 #define WT_EXECUTELONGFUNCTION 0x00000010 #define WT_EXECUTEINPERSISTENTIOTHREAD 0x00000040 #define WT_EXECUTEINPERSISTENTTHREAD 0x00000080 typedef VOID (NTAPI * WAITORTIMERCALLBACKFUNC) (PVOID, BOOLEAN ); typedef VOID (NTAPI * WORKERCALLBACKFUNC) (PVOID ); typedef VOID (NTAPI * APC_CALLBACK_FUNCTION) (DWORD , PVOID, PVOID); #define WT_EXECUTEINLONGTHREAD 0x00000010 #define WT_EXECUTEDELETEWAIT 0x00000008 #define DLL_PROCESS_ATTACH 1 #define DLL_THREAD_ATTACH 2 #define DLL_THREAD_DETACH 3 #define DLL_PROCESS_DETACH 0 // // Defines for the READ flags for Eventlogging // #define EVENTLOG_SEQUENTIAL_READ 0X0001 #define EVENTLOG_SEEK_READ 0X0002 #define EVENTLOG_FORWARDS_READ 0X0004 #define EVENTLOG_BACKWARDS_READ 0X0008 // // The types of events that can be logged. // #define EVENTLOG_SUCCESS 0X0000 #define EVENTLOG_ERROR_TYPE 0x0001 #define EVENTLOG_WARNING_TYPE 0x0002 #define EVENTLOG_INFORMATION_TYPE 0x0004 #define EVENTLOG_AUDIT_SUCCESS 0x0008 #define EVENTLOG_AUDIT_FAILURE 0x0010 // // Defines for the WRITE flags used by Auditing for paired events // These are not implemented in Product 1 // #define EVENTLOG_START_PAIRED_EVENT 0x0001 #define EVENTLOG_END_PAIRED_EVENT 0x0002 #define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004 #define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008 #define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010 // // Structure that defines the header of the Eventlog record. This is the // fixed-sized portion before all the variable-length strings, binary // data and pad bytes. // // TimeGenerated is the time it was generated at the client. // TimeWritten is the time it was put into the log at the server end. // typedef struct _EVENTLOGRECORD { DWORD Length; // Length of full record DWORD Reserved; // Used by the service DWORD RecordNumber; // Absolute record number DWORD TimeGenerated; // Seconds since 1-1-1970 DWORD TimeWritten; // Seconds since 1-1-1970 DWORD EventID; WORD EventType; WORD NumStrings; WORD EventCategory; WORD ReservedFlags; // For use with paired events (auditing) DWORD ClosingRecordNumber; // For use with paired events (auditing) DWORD StringOffset; // Offset from beginning of record DWORD UserSidLength; DWORD UserSidOffset; DWORD DataLength; DWORD DataOffset; // Offset from beginning of record // // Then follow: // // WCHAR SourceName[] // WCHAR Computername[] // SID UserSid // WCHAR Strings[] // BYTE Data[] // CHAR Pad[] // DWORD Length; // } EVENTLOGRECORD, PEVENTLOGRECORD; //SS: start of changes to support clustering //SS: ideally the #define MAXLOGICALLOGNAMESIZE 256 #if _MSC_VER >= 1200 #pragma warning(push) #endif #pragma warning(disable : 4200) typedef struct _EVENTSFORLOGFILE{ DWORD ulSize; WCHAR szLogicalLogFile[MAXLOGICALLOGNAMESIZE]; //name of the logical file-security/application/system DWORD ulNumRecords; EVENTLOGRECORD pEventLogRecords[]; }EVENTSFORLOGFILE, PEVENTSFORLOGFILE; typedef struct _PACKEDEVENTINFO{ DWORD ulSize; //total size of the structure DWORD ulNumEventsForLogFile; //number of EventsForLogFile structure that follow DWORD ulOffsets[]; //the offsets from the start of this structure to the EVENTSFORLOGFILE structure }PACKEDEVENTINFO, PPACKEDEVENTINFO; #if _MSC_VER >= 1200 #pragma warning(pop) #else #pragma warning(default : 4200) #endif //SS: end of changes to support clustering // // begin_ntddk begin_wdm begin_nthal // // Registry Specific Access Rights. // #define KEY_QUERY_VALUE (0x0001) #define KEY_SET_VALUE (0x0002) #define KEY_CREATE_SUB_KEY (0x0004) #define KEY_ENUMERATE_SUB_KEYS (0x0008) #define KEY_NOTIFY (0x0010) #define KEY_CREATE_LINK (0x0020) #define KEY_READ ((STANDARD_RIGHTS_READ \|\ KEY_QUERY_VALUE \|\ KEY_ENUMERATE_SUB_KEYS \|\ KEY_NOTIFY) \ & \ (~SYNCHRONIZE)) #define KEY_WRITE ((STANDARD_RIGHTS_WRITE \|\ KEY_SET_VALUE \|\ KEY_CREATE_SUB_KEY) \ & \ (~SYNCHRONIZE)) #define KEY_EXECUTE ((KEY_READ) \ & \ (~SYNCHRONIZE)) #define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL \|\ KEY_QUERY_VALUE \|\ KEY_SET_VALUE \|\ KEY_CREATE_SUB_KEY \|\ KEY_ENUMERATE_SUB_KEYS \|\ KEY_NOTIFY \|\ KEY_CREATE_LINK) \ & \ (~SYNCHRONIZE)) // // Open/Create Options // #define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved #define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved // when system is rebooted #define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved // when system is rebooted #define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a // symbolic link #define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore // special access rules // privilege required #define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link #define REG_LEGAL_OPTION \ (REG_OPTION_RESERVED \|\ REG_OPTION_NON_VOLATILE \|\ REG_OPTION_VOLATILE \|\ REG_OPTION_CREATE_LINK \|\ REG_OPTION_BACKUP_RESTORE \|\ REG_OPTION_OPEN_LINK) // // Key creation/open disposition // #define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created #define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened // // Key restore flags // #define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile #define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush #define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive #define REG_FORCE_RESTORE (0x00000008L) // Force the restore process even when we have open handles on subkeys // end_ntddk end_wdm end_nthal // // Notify filter values // #define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child) #define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L) #define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp #define REG_NOTIFY_CHANGE_SECURITY (0x00000008L) #define REG_LEGAL_CHANGE_FILTER \ (REG_NOTIFY_CHANGE_NAME \|\ REG_NOTIFY_CHANGE_ATTRIBUTES \|\ REG_NOTIFY_CHANGE_LAST_SET \|\ REG_NOTIFY_CHANGE_SECURITY) // // // Predefined Value Types. // #define REG_NONE ( 0 ) // No value type #define REG_SZ ( 1 ) // Unicode nul terminated string #define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string // (with environment variable references) #define REG_BINARY ( 3 ) // Free form binary #define REG_DWORD ( 4 ) // 32-bit number #define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD) #define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number #define REG_LINK ( 6 ) // Symbolic Link (unicode) #define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings #define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map #define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description #define REG_RESOURCE_REQUIREMENTS_LIST ( 10 ) #define REG_QWORD ( 11 ) // 64-bit number #define REG_QWORD_LITTLE_ENDIAN ( 11 ) // 64-bit number (same as REG_QWORD) // end_ntddk end_wdm end_nthal // begin_ntddk begin_wdm begin_nthal // // Service Types (Bit Mask) // #define SERVICE_KERNEL_DRIVER 0x00000001 #define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 #define SERVICE_ADAPTER 0x00000004 #define SERVICE_RECOGNIZER_DRIVER 0x00000008 #define SERVICE_DRIVER (SERVICE_KERNEL_DRIVER \| \ SERVICE_FILE_SYSTEM_DRIVER \| \ SERVICE_RECOGNIZER_DRIVER) #define SERVICE_WIN32_OWN_PROCESS 0x00000010 #define SERVICE_WIN32_SHARE_PROCESS 0x00000020 #define SERVICE_WIN32 (SERVICE_WIN32_OWN_PROCESS \| \ SERVICE_WIN32_SHARE_PROCESS) #define SERVICE_INTERACTIVE_PROCESS 0x00000100 #define SERVICE_TYPE_ALL (SERVICE_WIN32 \| \ SERVICE_ADAPTER \| \ SERVICE_DRIVER \| \ SERVICE_INTERACTIVE_PROCESS) // // Start Type // #define SERVICE_BOOT_START 0x00000000 #define SERVICE_SYSTEM_START 0x00000001 #define SERVICE_AUTO_START 0x00000002 #define SERVICE_DEMAND_START 0x00000003 #define SERVICE_DISABLED 0x00000004 // // Error control type // #define SERVICE_ERROR_IGNORE 0x00000000 #define SERVICE_ERROR_NORMAL 0x00000001 #define SERVICE_ERROR_SEVERE 0x00000002 #define SERVICE_ERROR_CRITICAL 0x00000003 // // // Define the registry driver node enumerations // typedef enum _CM_SERVICE_NODE_TYPE { DriverType = SERVICE_KERNEL_DRIVER, FileSystemType = SERVICE_FILE_SYSTEM_DRIVER, Win32ServiceOwnProcess = SERVICE_WIN32_OWN_PROCESS, Win32ServiceShareProcess = SERVICE_WIN32_SHARE_PROCESS, AdapterType = SERVICE_ADAPTER, RecognizerType = SERVICE_RECOGNIZER_DRIVER } SERVICE_NODE_TYPE; typedef enum _CM_SERVICE_LOAD_TYPE { BootLoad = SERVICE_BOOT_START, SystemLoad = SERVICE_SYSTEM_START, AutoLoad = SERVICE_AUTO_START, DemandLoad = SERVICE_DEMAND_START, DisableLoad = SERVICE_DISABLED } SERVICE_LOAD_TYPE; typedef enum _CM_ERROR_CONTROL_TYPE { IgnoreError = SERVICE_ERROR_IGNORE, NormalError = SERVICE_ERROR_NORMAL, SevereError = SERVICE_ERROR_SEVERE, CriticalError = SERVICE_ERROR_CRITICAL } SERVICE_ERROR_TYPE; // // IOCTL_TAPE_ERASE definitions // #define TAPE_ERASE_SHORT 0L #define TAPE_ERASE_LONG 1L typedef struct _TAPE_ERASE { DWORD Type; BOOLEAN Immediate; } TAPE_ERASE, PTAPE_ERASE; // // IOCTL_TAPE_PREPARE definitions // #define TAPE_LOAD 0L #define TAPE_UNLOAD 1L #define TAPE_TENSION 2L #define TAPE_LOCK 3L #define TAPE_UNLOCK 4L #define TAPE_FORMAT 5L typedef struct _TAPE_PREPARE { DWORD Operation; BOOLEAN Immediate; } TAPE_PREPARE, PTAPE_PREPARE; // // IOCTL_TAPE_WRITE_MARKS definitions // #define TAPE_SETMARKS 0L #define TAPE_FILEMARKS 1L #define TAPE_SHORT_FILEMARKS 2L #define TAPE_LONG_FILEMARKS 3L typedef struct _TAPE_WRITE_MARKS { DWORD Type; DWORD Count; BOOLEAN Immediate; } TAPE_WRITE_MARKS, PTAPE_WRITE_MARKS; // // IOCTL_TAPE_GET_POSITION definitions // #define TAPE_ABSOLUTE_POSITION 0L #define TAPE_LOGICAL_POSITION 1L #define TAPE_PSEUDO_LOGICAL_POSITION 2L typedef struct _TAPE_GET_POSITION { DWORD Type; DWORD Partition; LARGE_INTEGER Offset; } TAPE_GET_POSITION, PTAPE_GET_POSITION; // // IOCTL_TAPE_SET_POSITION definitions // #define TAPE_REWIND 0L #define TAPE_ABSOLUTE_BLOCK 1L #define TAPE_LOGICAL_BLOCK 2L #define TAPE_PSEUDO_LOGICAL_BLOCK 3L #define TAPE_SPACE_END_OF_DATA 4L #define TAPE_SPACE_RELATIVE_BLOCKS 5L #define TAPE_SPACE_FILEMARKS 6L #define TAPE_SPACE_SEQUENTIAL_FMKS 7L #define TAPE_SPACE_SETMARKS 8L #define TAPE_SPACE_SEQUENTIAL_SMKS 9L typedef struct _TAPE_SET_POSITION { DWORD Method; DWORD Partition; LARGE_INTEGER Offset; BOOLEAN Immediate; } TAPE_SET_POSITION, PTAPE_SET_POSITION; // // IOCTL_TAPE_GET_DRIVE_PARAMS definitions // // // Definitions for FeaturesLow parameter // #define TAPE_DRIVE_FIXED 0x00000001 #define TAPE_DRIVE_SELECT 0x00000002 #define TAPE_DRIVE_INITIATOR 0x00000004 #define TAPE_DRIVE_ERASE_SHORT 0x00000010 #define TAPE_DRIVE_ERASE_LONG 0x00000020 #define TAPE_DRIVE_ERASE_BOP_ONLY 0x00000040 #define TAPE_DRIVE_ERASE_IMMEDIATE 0x00000080 #define TAPE_DRIVE_TAPE_CAPACITY 0x00000100 #define TAPE_DRIVE_TAPE_REMAINING 0x00000200 #define TAPE_DRIVE_FIXED_BLOCK 0x00000400 #define TAPE_DRIVE_VARIABLE_BLOCK 0x00000800 #define TAPE_DRIVE_WRITE_PROTECT 0x00001000 #define TAPE_DRIVE_EOT_WZ_SIZE 0x00002000 #define TAPE_DRIVE_ECC 0x00010000 #define TAPE_DRIVE_COMPRESSION 0x00020000 #define TAPE_DRIVE_PADDING 0x00040000 #define TAPE_DRIVE_REPORT_SMKS 0x00080000 #define TAPE_DRIVE_GET_ABSOLUTE_BLK 0x00100000 #define TAPE_DRIVE_GET_LOGICAL_BLK 0x00200000 #define TAPE_DRIVE_SET_EOT_WZ_SIZE 0x00400000 #define TAPE_DRIVE_EJECT_MEDIA 0x01000000 #define TAPE_DRIVE_CLEAN_REQUESTS 0x02000000 #define TAPE_DRIVE_SET_CMP_BOP_ONLY 0x04000000 #define TAPE_DRIVE_RESERVED_BIT 0x80000000 //don't use this bit! // //can't be a low features bit! // //reserved; high features only // // Definitions for FeaturesHigh parameter // #define TAPE_DRIVE_LOAD_UNLOAD 0x80000001 #define TAPE_DRIVE_TENSION 0x80000002 #define TAPE_DRIVE_LOCK_UNLOCK 0x80000004 #define TAPE_DRIVE_REWIND_IMMEDIATE 0x80000008 #define TAPE_DRIVE_SET_BLOCK_SIZE 0x80000010 #define TAPE_DRIVE_LOAD_UNLD_IMMED 0x80000020 #define TAPE_DRIVE_TENSION_IMMED 0x80000040 #define TAPE_DRIVE_LOCK_UNLK_IMMED 0x80000080 #define TAPE_DRIVE_SET_ECC 0x80000100 #define TAPE_DRIVE_SET_COMPRESSION 0x80000200 #define TAPE_DRIVE_SET_PADDING 0x80000400 #define TAPE_DRIVE_SET_REPORT_SMKS 0x80000800 #define TAPE_DRIVE_ABSOLUTE_BLK 0x80001000 #define TAPE_DRIVE_ABS_BLK_IMMED 0x80002000 #define TAPE_DRIVE_LOGICAL_BLK 0x80004000 #define TAPE_DRIVE_LOG_BLK_IMMED 0x80008000 #define TAPE_DRIVE_END_OF_DATA 0x80010000 #define TAPE_DRIVE_RELATIVE_BLKS 0x80020000 #define TAPE_DRIVE_FILEMARKS 0x80040000 #define TAPE_DRIVE_SEQUENTIAL_FMKS 0x80080000 #define TAPE_DRIVE_SETMARKS 0x80100000 #define TAPE_DRIVE_SEQUENTIAL_SMKS 0x80200000 #define TAPE_DRIVE_REVERSE_POSITION 0x80400000 #define TAPE_DRIVE_SPACE_IMMEDIATE 0x80800000 #define TAPE_DRIVE_WRITE_SETMARKS 0x81000000 #define TAPE_DRIVE_WRITE_FILEMARKS 0x82000000 #define TAPE_DRIVE_WRITE_SHORT_FMKS 0x84000000 #define TAPE_DRIVE_WRITE_LONG_FMKS 0x88000000 #define TAPE_DRIVE_WRITE_MARK_IMMED 0x90000000 #define TAPE_DRIVE_FORMAT 0xA0000000 #define TAPE_DRIVE_FORMAT_IMMEDIATE 0xC0000000 #define TAPE_DRIVE_HIGH_FEATURES 0x80000000 //mask for high features flag typedef struct _TAPE_GET_DRIVE_PARAMETERS { BOOLEAN ECC; BOOLEAN Compression; BOOLEAN DataPadding; BOOLEAN ReportSetmarks; DWORD DefaultBlockSize; DWORD MaximumBlockSize; DWORD MinimumBlockSize; DWORD MaximumPartitionCount; DWORD FeaturesLow; DWORD FeaturesHigh; DWORD EOTWarningZoneSize; } TAPE_GET_DRIVE_PARAMETERS, PTAPE_GET_DRIVE_PARAMETERS; // // IOCTL_TAPE_SET_DRIVE_PARAMETERS definitions // typedef struct _TAPE_SET_DRIVE_PARAMETERS { BOOLEAN ECC; BOOLEAN Compression; BOOLEAN DataPadding; BOOLEAN ReportSetmarks; DWORD EOTWarningZoneSize; } TAPE_SET_DRIVE_PARAMETERS, PTAPE_SET_DRIVE_PARAMETERS; // // IOCTL_TAPE_GET_MEDIA_PARAMETERS definitions // typedef struct _TAPE_GET_MEDIA_PARAMETERS { LARGE_INTEGER Capacity; LARGE_INTEGER Remaining; DWORD BlockSize; DWORD PartitionCount; BOOLEAN WriteProtected; } TAPE_GET_MEDIA_PARAMETERS, PTAPE_GET_MEDIA_PARAMETERS; // // IOCTL_TAPE_SET_MEDIA_PARAMETERS definitions // typedef struct _TAPE_SET_MEDIA_PARAMETERS { DWORD BlockSize; } TAPE_SET_MEDIA_PARAMETERS, PTAPE_SET_MEDIA_PARAMETERS; // // IOCTL_TAPE_CREATE_PARTITION definitions // #define TAPE_FIXED_PARTITIONS 0L #define TAPE_SELECT_PARTITIONS 1L #define TAPE_INITIATOR_PARTITIONS 2L typedef struct _TAPE_CREATE_PARTITION { DWORD Method; DWORD Count; DWORD Size; } TAPE_CREATE_PARTITION, PTAPE_CREATE_PARTITION; #ifdef __cplusplus } #endif #pragma option pop /P_O_Pop/ #endif / _WINNT_ */ 2007-1-30 15:03 0
gnuser 雪币： 237 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 43 粉丝 0 关注私信	gnuser 3 楼汗,人人都象你这样贴,就没人学了. 2007-1-30 16:07 0
jjnet 雪币： 101 活跃值： (12) 能力值： ( LV12，RANK：210 ) 在线值：发帖 28 回帖 503 粉丝 0 关注私信	jjnet 5 4 楼不错的头 2007-1-30 17:50 0
dwing 雪币： 217 活跃值： (99) 能力值： ( LV4，RANK：50 ) 在线值：发帖 18 回帖 883 粉丝 6 关注私信	dwing 1 5 楼 winnt.h 2007-1-30 17:55 0
笨笨雄雪币： 846 活跃值： (221) 能力值： (RANK：570 ) 在线值：发帖 212 回帖 3620 粉丝 21 关注私信	笨笨雄 14 6 楼看完这个，人都晕了感觉这些都是用来查的，不是看的 2007-1-30 18:18 0
xzchina 雪币： 615 活跃值： (1127) 能力值： ( LV4，RANK：50 ) 在线值：发帖 42 回帖 843 粉丝 0 关注私信	xzchina 1 7 楼楼主把头文件的内容都帖出来了. 2007-1-30 19:23 0
jjnet 雪币： 101 活跃值： (12) 能力值： ( LV12，RANK：210 ) 在线值：发帖 28 回帖 503 粉丝 0 关注私信	jjnet 5 8 楼 winnt.h中没有#pragma option push -b -a8 -pc -A- /P_O_Push/ 这句吧 2007-1-31 15:44 0
vfer 雪币： 45 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 84 粉丝 0 关注私信	vfer 9 楼 PE头我还以为是..... 2007-1-31 20:57 0
llydd 雪币： 380 活跃值： (101) 能力值： ( LV13，RANK：370 ) 在线值：发帖 41 回帖 264 粉丝 5 关注私信	llydd 9 10 楼你想把人弄死啊， 2007-2-2 14:06 0
sbright 雪币： 146 活跃值： (33) 能力值： ( LV6，RANK：90 ) 在线值：发帖 120 回帖 995 粉丝 0 关注私信	sbright 2 11 楼这种贴,可以删除了... 实在想贴,还是上传文件吧 2007-2-4 22:25 0
ddrmsdos 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 14 粉丝 0 关注私信	ddrmsdos 12 楼好像是定义了PE注册表还有好多其他的头. 2007-2-4 22:32 0
为个润雪币： 233 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 60 粉丝 0 关注私信	为个润 13 楼用处不大，还不精炼，不知所云，哈哈，开玩笑的，如果真的能够透彻的读懂这个东东，那你的wondows编成就具有相当的水平了 2007-2-6 13:01 0
风流花心兔雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 38 粉丝 0 关注私信	风流花心兔 14 楼昏倒，进来晕一下先，什么代码啊 2007-2-6 15:31 0
aaaqaaaaa 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 5 粉丝 0 关注私信	aaaqaaaaa 15 楼　　定义个那么多，好象都是程序和数据包的头，还没说明 2007-2-27 22:06 0
强盗雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 30 粉丝 0 关注私信	强盗 16 楼看了晕死过去，本贴回复于看了本贴五小时后 2007-2-27 23:40 0
sosli 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 9 粉丝 0 关注私信	sosli 17 楼有点晕!!!!! 2007-3-2 18:10 0
kkyyff 雪币： 219 活跃值： (19) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 71 粉丝 0 关注私信	kkyyff 18 楼简直是浪费论坛的带宽和空间。 2007-6-10 19:26 0
不懂算法雪币： 202 活跃值： (77) 能力值： ( LV6，RANK：90 ) 在线值：发帖 16 回帖 329 粉丝 5 关注私信	不懂算法 2 19 楼不明白楼主什么意思 2007-6-10 19:53 0
无奈无赖雪币： 117 活跃值： (20) 能力值： ( LV2，RANK：10 ) 在线值：发帖 24 回帖 728 粉丝 2 关注私信	无奈无赖 20 楼汗。。。。。 2007-6-11 10:38 0
icefall 雪币： 154 活跃值： (75) 能力值： ( LV4，RANK：50 ) 在线值：发帖 18 回帖 156 粉丝 0 关注私信	icefall 1 21 楼 PFC=Power factor corrector?? 2007-6-11 10:56 0
王仁军雪币： 314 活跃值： (15) 能力值： ( LV12，RANK：410 ) 在线值：发帖 13 回帖 131 粉丝 2 关注私信	王仁军 10 22 楼？？？？？？？？？？？？？？？？？？？ 2007-6-11 14:04 0
yendrlin 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 3 粉丝 0 关注私信	yendrlin 23 楼天书 2007-6-18 00:44 0
ziyie 雪币： 200 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 9 粉丝 0 关注私信	ziyie 24 楼呵呵，以为是病毒代码分析。。。。眼都花了。。 2007-7-2 12:09 0
名士玉雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 17 粉丝 0 关注私信	名士玉 25 楼头大~!!!!!!!!!! 2007-7-2 21:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

PFC

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (31) 1 2 ▶
PFC 雪币： 161 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 16 回帖 58 粉丝 0 关注私信	PFC 2 楼 // Is x a function? #ifndef ISFCN #define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT)) #endif // Is x an array? #ifndef ISARY #define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT)) #endif // Is x a structure, union, or enumeration TAG? #ifndef ISTAG #define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG \|\| (x)==IMAGE_SYM_CLASS_UNION_TAG \|\| (x)==IMAGE_SYM_CLASS_ENUM_TAG) #endif #ifndef INCREF #define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)\|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)\|((x)&N_BTMASK)) #endif #ifndef DECREF #define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)\|((x)&N_BTMASK)) #endif // // Auxiliary entry format. // typedef union _IMAGE_AUX_SYMBOL { struct { DWORD TagIndex; // struct, union, or enum tag index union { struct { WORD Linenumber; // declaration line number WORD Size; // size of struct, union, or enum } LnSz; DWORD TotalSize; } Misc; union { struct { // if ISFCN, tag, or .bb DWORD PointerToLinenumber; DWORD PointerToNextFunction; } Function; struct { // if ISARY, up to 4 dimen. WORD Dimension[4]; } Array; } FcnAry; WORD TvIndex; // tv index } Sym; struct { BYTE Name[IMAGE_SIZEOF_SYMBOL]; } File; struct { DWORD Length; // section length WORD NumberOfRelocations; // number of relocation entries WORD NumberOfLinenumbers; // number of line numbers DWORD CheckSum; // checksum for communal SHORT Number; // section number to associate with BYTE Selection; // communal selection type } Section; } IMAGE_AUX_SYMBOL; typedef IMAGE_AUX_SYMBOL UNALIGNED PIMAGE_AUX_SYMBOL; #define IMAGE_SIZEOF_AUX_SYMBOL 18 // // Communal selection types. // #define IMAGE_COMDAT_SELECT_NODUPLICATES 1 #define IMAGE_COMDAT_SELECT_ANY 2 #define IMAGE_COMDAT_SELECT_SAME_SIZE 3 #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 #define IMAGE_COMDAT_SELECT_LARGEST 6 #define IMAGE_COMDAT_SELECT_NEWEST 7 #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 // // Relocation format. // typedef struct _IMAGE_RELOCATION { union { DWORD VirtualAddress; DWORD RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set }; DWORD SymbolTableIndex; WORD Type; } IMAGE_RELOCATION; typedef IMAGE_RELOCATION UNALIGNED PIMAGE_RELOCATION; #define IMAGE_SIZEOF_RELOCATION 10 // // I386 relocation types. // #define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary #define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address #define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address #define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address #define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included #define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address #define IMAGE_REL_I386_SECTION 0x000A #define IMAGE_REL_I386_SECREL 0x000B #define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address // // MIPS relocation types. // #define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary #define IMAGE_REL_MIPS_REFHALF 0x0001 #define IMAGE_REL_MIPS_REFWORD 0x0002 #define IMAGE_REL_MIPS_JMPADDR 0x0003 #define IMAGE_REL_MIPS_REFHI 0x0004 #define IMAGE_REL_MIPS_REFLO 0x0005 #define IMAGE_REL_MIPS_GPREL 0x0006 #define IMAGE_REL_MIPS_LITERAL 0x0007 #define IMAGE_REL_MIPS_SECTION 0x000A #define IMAGE_REL_MIPS_SECREL 0x000B #define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS) #define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS) #define IMAGE_REL_MIPS_JMPADDR16 0x0010 #define IMAGE_REL_MIPS_REFWORDNB 0x0022 #define IMAGE_REL_MIPS_PAIR 0x0025 // // Alpha Relocation types. // #define IMAGE_REL_ALPHA_ABSOLUTE 0x0000 #define IMAGE_REL_ALPHA_REFLONG 0x0001 #define IMAGE_REL_ALPHA_REFQUAD 0x0002 #define IMAGE_REL_ALPHA_GPREL32 0x0003 #define IMAGE_REL_ALPHA_LITERAL 0x0004 #define IMAGE_REL_ALPHA_LITUSE 0x0005 #define IMAGE_REL_ALPHA_GPDISP 0x0006 #define IMAGE_REL_ALPHA_BRADDR 0x0007 #define IMAGE_REL_ALPHA_HINT 0x0008 #define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009 #define IMAGE_REL_ALPHA_REFHI 0x000A #define IMAGE_REL_ALPHA_REFLO 0x000B #define IMAGE_REL_ALPHA_PAIR 0x000C #define IMAGE_REL_ALPHA_MATCH 0x000D #define IMAGE_REL_ALPHA_SECTION 0x000E #define IMAGE_REL_ALPHA_SECREL 0x000F #define IMAGE_REL_ALPHA_REFLONGNB 0x0010 #define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference #define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference #define IMAGE_REL_ALPHA_REFQ3 0x0013 // High 16 bits of 48 bit reference #define IMAGE_REL_ALPHA_REFQ2 0x0014 // Middle 16 bits of 48 bit reference #define IMAGE_REL_ALPHA_REFQ1 0x0015 // Low 16 bits of 48 bit reference #define IMAGE_REL_ALPHA_GPRELLO 0x0016 // Low 16-bit GP relative reference #define IMAGE_REL_ALPHA_GPRELHI 0x0017 // High 16-bit GP relative reference // // IBM PowerPC relocation types. // #define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP #define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address #define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address #define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) #define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address #define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) #define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) #define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) #define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base #define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) #define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base #define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) #define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number #define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code #define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction #define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits) #define IMAGE_REL_PPC_REFHI 0x0010 #define IMAGE_REL_PPC_REFLO 0x0011 #define IMAGE_REL_PPC_PAIR 0x0012 #define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS) #define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS) #define IMAGE_REL_PPC_GPREL 0x0015 #define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type // Flag bits in IMAGE_RELOCATION.TYPE #define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it #define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken #define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken #define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) // // Hitachi SH3 relocation types. // #define IMAGE_REL_SH3_ABSOLUTE 0x0000 // No relocation #define IMAGE_REL_SH3_DIRECT16 0x0001 // 16 bit direct #define IMAGE_REL_SH3_DIRECT32 0x0002 // 32 bit direct #define IMAGE_REL_SH3_DIRECT8 0x0003 // 8 bit direct, -128..255 #define IMAGE_REL_SH3_DIRECT8_WORD 0x0004 // 8 bit direct .W (0 ext.) #define IMAGE_REL_SH3_DIRECT8_LONG 0x0005 // 8 bit direct .L (0 ext.) #define IMAGE_REL_SH3_DIRECT4 0x0006 // 4 bit direct (0 ext.) #define IMAGE_REL_SH3_DIRECT4_WORD 0x0007 // 4 bit direct .W (0 ext.) #define IMAGE_REL_SH3_DIRECT4_LONG 0x0008 // 4 bit direct .L (0 ext.) #define IMAGE_REL_SH3_PCREL8_WORD 0x0009 // 8 bit PC relative .W #define IMAGE_REL_SH3_PCREL8_LONG 0x000A // 8 bit PC relative .L #define IMAGE_REL_SH3_PCREL12_WORD 0x000B // 12 LSB PC relative .W #define IMAGE_REL_SH3_STARTOF_SECTION 0x000C // Start of EXE section #define IMAGE_REL_SH3_SIZEOF_SECTION 0x000D // Size of EXE section #define IMAGE_REL_SH3_SECTION 0x000E // Section table index #define IMAGE_REL_SH3_SECREL 0x000F // Offset within section #define IMAGE_REL_SH3_DIRECT32_NB 0x0010 // 32 bit direct not based #define IMAGE_REL_ARM_ABSOLUTE 0x0000 // No relocation required #define IMAGE_REL_ARM_ADDR32 0x0001 // 32 bit address #define IMAGE_REL_ARM_ADDR32NB 0x0002 // 32 bit address w/o image base #define IMAGE_REL_ARM_BRANCH24 0x0003 // 24 bit offset << 2 & sign ext. #define IMAGE_REL_ARM_BRANCH11 0x0004 // Thumb: 2 11 bit offsets #define IMAGE_REL_ARM_GPREL12 0x0006 // GP-relative addressing (ARM) #define IMAGE_REL_ARM_GPREL7 0x0007 // GP-relative addressing (Thumb) #define IMAGE_REL_ARM_SECTION 0x000E // Section table index #define IMAGE_REL_ARM_SECREL 0x000F // Offset within section // // IA64 relocation types. // #define IMAGE_REL_IA64_ABSOLUTE 0x0000 #define IMAGE_REL_IA64_IMM14 0x0001 #define IMAGE_REL_IA64_IMM22 0x0002 #define IMAGE_REL_IA64_IMM64 0x0003 #define IMAGE_REL_IA64_DIR32 0x0004 #define IMAGE_REL_IA64_DIR64 0x0005 #define IMAGE_REL_IA64_PCREL21B 0x0006 #define IMAGE_REL_IA64_PCREL21M 0x0007 #define IMAGE_REL_IA64_PCREL21F 0x0008 #define IMAGE_REL_IA64_GPREL22 0x0009 #define IMAGE_REL_IA64_LTOFF22 0x000A #define IMAGE_REL_IA64_SECTION 0x000B #define IMAGE_REL_IA64_SECREL22 0x000C #define IMAGE_REL_IA64_SECREL64I 0x000D #define IMAGE_REL_IA64_SECREL32 0x000E #define IMAGE_REL_IA64_LTOFF64 0x000F #define IMAGE_REL_IA64_DIR32NB 0x0010 #define IMAGE_REL_IA64_ADDEND 0x001F // Please contact INTEL to get IA64-specific information // @@BEGIN_DDKSPLIT // @@END_DDKSPLIT // // Line number format. // typedef struct _IMAGE_LINENUMBER { union { DWORD SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. DWORD VirtualAddress; // Virtual address of line number. } Type; WORD Linenumber; // Line number. } IMAGE_LINENUMBER; typedef IMAGE_LINENUMBER UNALIGNED PIMAGE_LINENUMBER; #define IMAGE_SIZEOF_LINENUMBER 6 #ifndef _MAC #include "poppack.h" // Back to 4 byte packing #endif // // Based relocation format. // typedef struct _IMAGE_BASE_RELOCATION { DWORD VirtualAddress; DWORD SizeOfBlock; // WORD TypeOffset[1]; } IMAGE_BASE_RELOCATION; typedef IMAGE_BASE_RELOCATION UNALIGNED PIMAGE_BASE_RELOCATION; #define IMAGE_SIZEOF_BASE_RELOCATION 8 // // Based relocation types. // #define IMAGE_REL_BASED_ABSOLUTE 0 #define IMAGE_REL_BASED_HIGH 1 #define IMAGE_REL_BASED_LOW 2 #define IMAGE_REL_BASED_HIGHLOW 3 #define IMAGE_REL_BASED_HIGHADJ 4 #define IMAGE_REL_BASED_MIPS_JMPADDR 5 #define IMAGE_REL_BASED_SECTION 6 #define IMAGE_REL_BASED_REL32 7 #define IMAGE_REL_BASED_MIPS_JMPADDR16 9 #define IMAGE_REL_BASED_IA64_IMM64 9 #define IMAGE_REL_BASED_DIR64 10 #define IMAGE_REL_BASED_HIGH3ADJ 11 // // Archive format. // #define IMAGE_ARCHIVE_START_SIZE 8 #define IMAGE_ARCHIVE_START "!<arch>\n" #define IMAGE_ARCHIVE_END "`\n" #define IMAGE_ARCHIVE_PAD "\n" #define IMAGE_ARCHIVE_LINKER_MEMBER "/ " #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { BYTE Name[16]; // File member name - `/' terminated. BYTE Date[12]; // File member date - decimal. BYTE UserID[6]; // File member user id - decimal. BYTE GroupID[6]; // File member group id - decimal. BYTE Mode[8]; // File member mode - octal. BYTE Size[10]; // File member size - decimal. BYTE EndHeader[2]; // String to end header. } IMAGE_ARCHIVE_MEMBER_HEADER, PIMAGE_ARCHIVE_MEMBER_HEADER; #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 // // DLL support. // // // Export Format // typedef struct _IMAGE_EXPORT_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD Name; DWORD Base; DWORD NumberOfFunctions; DWORD NumberOfNames; DWORD AddressOfFunctions; // RVA from base of image DWORD AddressOfNames; // RVA from base of image DWORD AddressOfNameOrdinals; // RVA from base of image } IMAGE_EXPORT_DIRECTORY, PIMAGE_EXPORT_DIRECTORY; // // Import Format // typedef struct _IMAGE_IMPORT_BY_NAME { WORD Hint; BYTE Name[1]; } IMAGE_IMPORT_BY_NAME, PIMAGE_IMPORT_BY_NAME; #include "pshpack8.h" // Use align 8 for the 64-bit IAT. typedef struct _IMAGE_THUNK_DATA64 { union { ULONGLONG ForwarderString; // PBYTE ULONGLONG Function; // PDWORD ULONGLONG Ordinal; ULONGLONG AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA64; typedef IMAGE_THUNK_DATA64 PIMAGE_THUNK_DATA64; #include "poppack.h" // Back to 4 byte packing typedef struct _IMAGE_THUNK_DATA32 { union { DWORD ForwarderString; // PBYTE DWORD Function; // PDWORD DWORD Ordinal; DWORD AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA32; typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32; #define IMAGE_ORDINAL_FLAG64 0x8000000000000000 #define IMAGE_ORDINAL_FLAG32 0x80000000 #define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff) #define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff) #define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0) #define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0) // // Thread Local Storage // typedef VOID (NTAPI PIMAGE_TLS_CALLBACK) ( PVOID DllHandle, DWORD Reason, PVOID Reserved ); typedef struct _IMAGE_TLS_DIRECTORY64 { ULONGLONG StartAddressOfRawData; ULONGLONG EndAddressOfRawData; ULONGLONG AddressOfIndex; // PDWORD ULONGLONG AddressOfCallBacks; // PIMAGE_TLS_CALLBACK ; DWORD SizeOfZeroFill; DWORD Characteristics; } IMAGE_TLS_DIRECTORY64; typedef IMAGE_TLS_DIRECTORY64 * PIMAGE_TLS_DIRECTORY64; typedef struct _IMAGE_TLS_DIRECTORY32 { DWORD StartAddressOfRawData; DWORD EndAddressOfRawData; DWORD AddressOfIndex; // PDWORD DWORD AddressOfCallBacks; // PIMAGE_TLS_CALLBACK * DWORD SizeOfZeroFill; DWORD Characteristics; } IMAGE_TLS_DIRECTORY32; typedef IMAGE_TLS_DIRECTORY32 * PIMAGE_TLS_DIRECTORY32; #ifdef _WIN64 #define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG64 #define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal) typedef IMAGE_THUNK_DATA64 IMAGE_THUNK_DATA; typedef PIMAGE_THUNK_DATA64 PIMAGE_THUNK_DATA; #define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL64(Ordinal) typedef IMAGE_TLS_DIRECTORY64 IMAGE_TLS_DIRECTORY; typedef PIMAGE_TLS_DIRECTORY64 PIMAGE_TLS_DIRECTORY; #else #define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG32 #define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL32(Ordinal) typedef IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA; typedef PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA; #define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL32(Ordinal) typedef IMAGE_TLS_DIRECTORY32 IMAGE_TLS_DIRECTORY; typedef PIMAGE_TLS_DIRECTORY32 PIMAGE_TLS_DIRECTORY; #endif typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; // 0 for terminating null import descriptor DWORD OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA) }; DWORD TimeDateStamp; // 0 if not bound, // -1 if bound, and real date\time stamp // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) // O.W. date/time stamp of DLL bound to (Old BIND) DWORD ForwarderChain; // -1 if no forwarders DWORD Name; DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses) } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED PIMAGE_IMPORT_DESCRIPTOR; // // New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ] // typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR { DWORD TimeDateStamp; WORD OffsetModuleName; WORD NumberOfModuleForwarderRefs; // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows } IMAGE_BOUND_IMPORT_DESCRIPTOR, PIMAGE_BOUND_IMPORT_DESCRIPTOR; typedef struct _IMAGE_BOUND_FORWARDER_REF { DWORD TimeDateStamp; WORD OffsetModuleName; WORD Reserved; } IMAGE_BOUND_FORWARDER_REF, PIMAGE_BOUND_FORWARDER_REF; // // Resource Format. // // // Resource directory consists of two counts, following by a variable length // array of directory entries. The first count is the number of entries at // beginning of the array that have actual names associated with each entry. // The entries are in ascending order, case insensitive strings. The second // count is the number of entries that immediately follow the named entries. // This second count identifies the number of entries that have 16-bit integer // Ids as their name. These entries are also sorted in ascending order. // // This structure allows fast lookup by either name or number, but for any // given resource entry only one form of lookup is supported, not both. // This is consistant with the syntax of the .RC file and the .RES file. // typedef struct _IMAGE_RESOURCE_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; WORD NumberOfNamedEntries; WORD NumberOfIdEntries; // IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; } IMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY; #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000 // // Each directory contains the 32-bit Name of the entry and an offset, // relative to the beginning of the resource directory of the data associated // with this directory entry. If the name of the entry is an actual text // string instead of an integer Id, then the high order bit of the name field // is set to one and the low order 31-bits are an offset, relative to the // beginning of the resource directory of the string, which is of type // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the // low-order 16-bits are the integer Id that identify this resource directory // entry. If the directory entry is yet another resource directory (i.e. a // subdirectory), then the high order bit of the offset field will be // set to indicate this. Otherwise the high bit is clear and the offset // field points to a resource data entry. // typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY { union { struct { DWORD NameOffset:31; DWORD NameIsString:1; }; DWORD Name; WORD Id; }; union { DWORD OffsetToData; struct { DWORD OffsetToDirectory:31; DWORD DataIsDirectory:1; }; }; } IMAGE_RESOURCE_DIRECTORY_ENTRY, PIMAGE_RESOURCE_DIRECTORY_ENTRY; // // For resource directory entries that have actual string names, the Name // field of the directory entry points to an object of the following type. // All of these string objects are stored together after the last resource // directory entry and before the first resource data object. This minimizes // the impact of these variable length objects on the alignment of the fixed // size directory entry objects. // typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING { WORD Length; CHAR NameString[ 1 ]; } IMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_RESOURCE_DIRECTORY_STRING; typedef struct _IMAGE_RESOURCE_DIR_STRING_U { WORD Length; WCHAR NameString[ 1 ]; } IMAGE_RESOURCE_DIR_STRING_U, PIMAGE_RESOURCE_DIR_STRING_U; // // Each resource data entry describes a leaf node in the resource directory // tree. It contains an offset, relative to the beginning of the resource // directory of the data for the resource, a size field that gives the number // of bytes of data at that offset, a CodePage that should be used when // decoding code point values within the resource data. Typically for new // applications the code page would be the unicode code page. // typedef struct _IMAGE_RESOURCE_DATA_ENTRY { DWORD OffsetToData; DWORD Size; DWORD CodePage; DWORD Reserved; } IMAGE_RESOURCE_DATA_ENTRY, PIMAGE_RESOURCE_DATA_ENTRY; // // Load Configuration Directory Entry // typedef struct { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD GlobalFlagsClear; DWORD GlobalFlagsSet; DWORD CriticalSectionDefaultTimeout; DWORD DeCommitFreeBlockThreshold; DWORD DeCommitTotalFreeThreshold; DWORD LockPrefixTable; // VA DWORD MaximumAllocationSize; DWORD VirtualMemoryThreshold; DWORD ProcessHeapFlags; DWORD ProcessAffinityMask; WORD CSDVersion; WORD Reserved1; DWORD EditList; // VA DWORD Reserved[ 1 ]; } IMAGE_LOAD_CONFIG_DIRECTORY32, PIMAGE_LOAD_CONFIG_DIRECTORY32; typedef struct { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD GlobalFlagsClear; DWORD GlobalFlagsSet; DWORD CriticalSectionDefaultTimeout; DWORD DeCommitFreeBlockThreshold; DWORD DeCommitTotalFreeThreshold; ULONGLONG LockPrefixTable; // VA DWORD MaximumAllocationSize; DWORD VirtualMemoryThreshold; DWORD ProcessHeapFlags; DWORD ProcessAffinityMask; WORD CSDVersion; WORD Reserved1; ULONGLONG EditList; // VA DWORD Reserved[ 1 ]; } IMAGE_LOAD_CONFIG_DIRECTORY64, PIMAGE_LOAD_CONFIG_DIRECTORY64; #ifdef _WIN64 typedef IMAGE_LOAD_CONFIG_DIRECTORY64 IMAGE_LOAD_CONFIG_DIRECTORY; typedef PIMAGE_LOAD_CONFIG_DIRECTORY64 PIMAGE_LOAD_CONFIG_DIRECTORY; #else typedef IMAGE_LOAD_CONFIG_DIRECTORY32 IMAGE_LOAD_CONFIG_DIRECTORY; typedef PIMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY; #endif // // Function table entry format for IA64 images. Function table is // pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. // This definition duplicates the one in ntia64.h for use by portable // image file mungers. // typedef struct _IMAGE_IA64_RUNTIME_FUNCTION_ENTRY { DWORD BeginAddress; DWORD EndAddress; DWORD UnwindInfoAddress; } IMAGE_IA64_RUNTIME_FUNCTION_ENTRY, PIMAGE_IA64_RUNTIME_FUNCTION_ENTRY; // // Function table entry format for ALPHA images. Function table is // pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. // This definition duplicates ones in ntmips.h and ntalpha.h for use // by portable image file mungers. // typedef struct _IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY { DWORD BeginAddress; DWORD EndAddress; DWORD ExceptionHandler; DWORD HandlerData; DWORD PrologEndAddress; } IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY, PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY; typedef struct _IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY { ULONGLONG BeginAddress; ULONGLONG EndAddress; ULONGLONG ExceptionHandler; ULONGLONG HandlerData; ULONGLONG PrologEndAddress; } IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY, PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY; typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_AXP64_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_AXP64_RUNTIME_FUNCTION_ENTRY; // // WIN CE Exception table format // typedef struct _IMAGE_CE_RUNTIME_FUNCTION_ENTRY { DWORD FuncStart; DWORD PrologLen : 8; DWORD FuncLen : 22; DWORD ThirtyTwoBit : 1; DWORD ExceptionFlag : 1; } IMAGE_CE_RUNTIME_FUNCTION_ENTRY, PIMAGE_CE_RUNTIME_FUNCTION_ENTRY; #if defined(_IA64_) typedef IMAGE_IA64_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_IA64_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY; #elif defined(_AXP64_) typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY; #else typedef IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY; typedef PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY; #endif // // Debug Format // typedef struct _IMAGE_DEBUG_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD Type; DWORD SizeOfData; DWORD AddressOfRawData; DWORD PointerToRawData; } IMAGE_DEBUG_DIRECTORY, PIMAGE_DEBUG_DIRECTORY; #define IMAGE_DEBUG_TYPE_UNKNOWN 0 #define IMAGE_DEBUG_TYPE_COFF 1 #define IMAGE_DEBUG_TYPE_CODEVIEW 2 #define IMAGE_DEBUG_TYPE_FPO 3 #define IMAGE_DEBUG_TYPE_MISC 4 #define IMAGE_DEBUG_TYPE_EXCEPTION 5 #define IMAGE_DEBUG_TYPE_FIXUP 6 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8 #define IMAGE_DEBUG_TYPE_BORLAND 9 #define IMAGE_DEBUG_TYPE_RESERVED10 10 typedef struct _IMAGE_COFF_SYMBOLS_HEADER { DWORD NumberOfSymbols; DWORD LvaToFirstSymbol; DWORD NumberOfLinenumbers; DWORD LvaToFirstLinenumber; DWORD RvaToFirstByteOfCode; DWORD RvaToLastByteOfCode; DWORD RvaToFirstByteOfData; DWORD RvaToLastByteOfData; } IMAGE_COFF_SYMBOLS_HEADER, PIMAGE_COFF_SYMBOLS_HEADER; #define FRAME_FPO 0 #define FRAME_TRAP 1 #define FRAME_TSS 2 #define FRAME_NONFPO 3 typedef struct _FPO_DATA { DWORD ulOffStart; // offset 1st byte of function code DWORD cbProcSize; // # bytes in function DWORD cdwLocals; // # bytes in locals/4 WORD cdwParams; // # bytes in params/4 WORD cbProlog : 8; // # bytes in prolog WORD cbRegs : 3; // # regs saved WORD fHasSEH : 1; // TRUE if SEH in func WORD fUseBP : 1; // TRUE if EBP has been allocated WORD reserved : 1; // reserved for future use WORD cbFrame : 2; // frame type } FPO_DATA, PFPO_DATA; #define SIZEOF_RFPO_DATA 16 #define IMAGE_DEBUG_MISC_EXENAME 1 typedef struct _IMAGE_DEBUG_MISC { DWORD DataType; // type of misc data, see defines DWORD Length; // total length of record, rounded to four // byte multiple. BOOLEAN Unicode; // TRUE if data is unicode string BYTE Reserved[ 3 ]; BYTE Data[ 1 ]; // Actual data } IMAGE_DEBUG_MISC, PIMAGE_DEBUG_MISC; // // Function table extracted from MIPS/ALPHA/IA64 images. Does not contain // information needed only for runtime support. Just those fields for // each entry needed by a debugger. // typedef struct _IMAGE_FUNCTION_ENTRY { DWORD StartingAddress; DWORD EndingAddress; DWORD EndOfPrologue; } IMAGE_FUNCTION_ENTRY, PIMAGE_FUNCTION_ENTRY; typedef struct _IMAGE_FUNCTION_ENTRY64 { ULONGLONG StartingAddress; ULONGLONG EndingAddress; union { ULONGLONG EndOfPrologue; ULONGLONG UnwindInfoAddress; }; } IMAGE_FUNCTION_ENTRY64, PIMAGE_FUNCTION_ENTRY64; // // Debugging information can be stripped from an image file and placed // in a separate .DBG file, whose file name part is the same as the // image file name part (e.g. symbols for CMD.EXE could be stripped // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED // flag in the Characteristics field of the file header. The beginning of // the .DBG file contains the following structure which captures certain // information from the image file. This allows a debug to proceed even if // the original image file is not accessable. This header is followed by // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in // the image file contain file offsets relative to the beginning of the // .DBG file. // // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure // is left in the image file, but not mapped. This allows a debugger to // compute the name of the .DBG file, from the name of the image in the // IMAGE_DEBUG_MISC structure. // typedef struct _IMAGE_SEPARATE_DEBUG_HEADER { WORD Signature; WORD Flags; WORD Machine; WORD Characteristics; DWORD TimeDateStamp; DWORD CheckSum; DWORD ImageBase; DWORD SizeOfImage; DWORD NumberOfSections; DWORD ExportedNamesSize; DWORD DebugDirectorySize; DWORD SectionAlignment; DWORD Reserved[2]; } IMAGE_SEPARATE_DEBUG_HEADER, PIMAGE_SEPARATE_DEBUG_HEADER; #ifndef _MAC #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944 #else #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4449 #endif #define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000 #define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the // old checksum didn't match. // // The .arch section is made up of headers, each describing an amask position/value // pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header // and entry arrays) are terminiated by a quadword of 0xffffffffL. // // NOTE: There may be quadwords of 0 sprinkled around and must be skipped. // typedef struct _ImageArchitectureHeader { unsigned int AmaskValue: 1; // 1 -> code section depends on mask bit // 0 -> new instruction depends on mask bit int :7; // MBZ unsigned int AmaskShift: 8; // Amask bit in question for this fixup int :16; // MBZ DWORD FirstEntryRVA; // RVA into .arch section to array of ARCHITECTURE_ENTRY's } IMAGE_ARCHITECTURE_HEADER, PIMAGE_ARCHITECTURE_HEADER; typedef struct _ImageArchitectureEntry { DWORD FixupInstRVA; // RVA of instruction to fixup DWORD NewInst; // fixup instruction (see alphaops.h) } IMAGE_ARCHITECTURE_ENTRY, PIMAGE_ARCHITECTURE_ENTRY; #include "poppack.h" // Back to the initial value // The following structure defines the new import object. Note the values of the first two fields, // which must be set as stated in order to differentiate old and new import members. // Following this structure, the linker emits two null-terminated strings used to recreate the // import at the time of use. The first string is the import's name, the second is the dll's name. #define IMPORT_OBJECT_HDR_SIG2 0xffff typedef struct IMPORT_OBJECT_HEADER { WORD Sig1; // Must be IMAGE_FILE_MACHINE_UNKNOWN WORD Sig2; // Must be IMPORT_OBJECT_HDR_SIG2. WORD Version; WORD Machine; DWORD TimeDateStamp; // Time/date stamp DWORD SizeOfData; // particularly useful for incremental links union { WORD Ordinal; // if grf & IMPORT_OBJECT_ORDINAL WORD Hint; }; WORD Type : 2; // IMPORT_TYPE WORD NameType : 3; // IMPORT_NAME_TYPE WORD Reserved : 11; // Reserved. Must be zero. } IMPORT_OBJECT_HEADER; typedef enum IMPORT_OBJECT_TYPE { IMPORT_OBJECT_CODE = 0, IMPORT_OBJECT_DATA = 1, IMPORT_OBJECT_CONST = 2, } IMPORT_OBJECT_TYPE; typedef enum IMPORT_OBJECT_NAME_TYPE { IMPORT_OBJECT_ORDINAL = 0, // Import by ordinal IMPORT_OBJECT_NAME = 1, // Import name == public symbol name. IMPORT_OBJECT_NAME_NO_PREFIX = 2, // Import name == public symbol name skipping leading ?, @, or optionally _. IMPORT_OBJECT_NAME_UNDECORATE = 3, // Import name == public symbol name skipping leading ?, @, or optionally _ // and truncating at first @ } IMPORT_OBJECT_NAME_TYPE; // // End Image Format // // // for move macros // #ifdef _MAC #ifndef _INC_STRING #include <string.h> #endif / _INC_STRING / #else #include <string.h> #endif // _MAC #define HEAP_NO_SERIALIZE 0x00000001 #define HEAP_GROWABLE 0x00000002 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 #define HEAP_ZERO_MEMORY 0x00000008 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 #define HEAP_CREATE_ALIGN_16 0x00010000 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 #define HEAP_MAXIMUM_TAG 0x0FFF #define HEAP_PSEUDO_TAG_FLAG 0x8000 #define HEAP_TAG_SHIFT 18 #define HEAP_MAKE_TAG_FLAGS( b, o ) ((DWORD)((b) + ((o) << 18))) #define IS_TEXT_UNICODE_ASCII16 0x0001 #define IS_TEXT_UNICODE_REVERSE_ASCII16 0x0010 #define IS_TEXT_UNICODE_STATISTICS 0x0002 #define IS_TEXT_UNICODE_REVERSE_STATISTICS 0x0020 #define IS_TEXT_UNICODE_CONTROLS 0x0004 #define IS_TEXT_UNICODE_REVERSE_CONTROLS 0x0040 #define IS_TEXT_UNICODE_SIGNATURE 0x0008 #define IS_TEXT_UNICODE_REVERSE_SIGNATURE 0x0080 #define IS_TEXT_UNICODE_ILLEGAL_CHARS 0x0100 #define IS_TEXT_UNICODE_ODD_LENGTH 0x0200 #define IS_TEXT_UNICODE_DBCS_LEADBYTE 0x0400 #define IS_TEXT_UNICODE_NULL_BYTES 0x1000 #define IS_TEXT_UNICODE_UNICODE_MASK 0x000F #define IS_TEXT_UNICODE_REVERSE_MASK 0x00F0 #define IS_TEXT_UNICODE_NOT_UNICODE_MASK 0x0F00 #define IS_TEXT_UNICODE_NOT_ASCII_MASK 0xF000 #define COMPRESSION_FORMAT_NONE (0x0000) #define COMPRESSION_FORMAT_DEFAULT (0x0001) #define COMPRESSION_FORMAT_LZNT1 (0x0002) #define COMPRESSION_ENGINE_STANDARD (0x0000) #define COMPRESSION_ENGINE_MAXIMUM (0x0100) #define COMPRESSION_ENGINE_HIBER (0x0200) NTSYSAPI SIZE_T NTAPI RtlCompareMemory ( const VOID Source1, const VOID Source2, SIZE_T Length ); #if defined(_M_AXP64) \|\| defined(_M_IA64) #define RtlEqualMemory(Source1, Source2, Length) \ ((Length) == RtlCompareMemory(Source1, Source2, Length)) NTSYSAPI VOID NTAPI RtlCopyMemory ( VOID UNALIGNED Destination, CONST VOID UNALIGNED Source, SIZE_T Length ); NTSYSAPI VOID NTAPI RtlCopyMemory32 ( VOID UNALIGNED Destination, CONST VOID UNALIGNED Source, DWORD Length ); NTSYSAPI VOID NTAPI RtlMoveMemory ( VOID UNALIGNED Destination, CONST VOID UNALIGNED Source, SIZE_T Length ); NTSYSAPI VOID NTAPI RtlFillMemory ( VOID UNALIGNED Destination, SIZE_T Length, BYTE Fill ); NTSYSAPI VOID NTAPI RtlZeroMemory ( VOID UNALIGNED Destination, SIZE_T Length ); #else #define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length))) #define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length)) #define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length)) #define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length)) #define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length)) #endif #if (defined(_ALPHA_) \|\| defined(_M_IA64)) && !(defined(MIDL_PASS) \|\| defined(RC_INVOKED)) NTSYSAPI VOID NTAPI RtlMoveMemory64 ( IN PVOID64 Destination, IN PVOID64 Source, IN ULONGLONG Length ); NTSYSAPI VOID NTAPI RtlFillMemory64 ( IN PVOID64 Destination, IN ULONGLONG Length, IN BYTE Fill ); NTSYSAPI VOID NTAPI RtlZeroMemory64 ( IN PVOID64 Destination, IN ULONGLONG Length ); #endif typedef struct _MESSAGE_RESOURCE_ENTRY { WORD Length; WORD Flags; BYTE Text[ 1 ]; } MESSAGE_RESOURCE_ENTRY, PMESSAGE_RESOURCE_ENTRY; #define MESSAGE_RESOURCE_UNICODE 0x0001 typedef struct _MESSAGE_RESOURCE_BLOCK { DWORD LowId; DWORD HighId; DWORD OffsetToEntries; } MESSAGE_RESOURCE_BLOCK, PMESSAGE_RESOURCE_BLOCK; typedef struct _MESSAGE_RESOURCE_DATA { DWORD NumberOfBlocks; MESSAGE_RESOURCE_BLOCK Blocks[ 1 ]; } MESSAGE_RESOURCE_DATA, PMESSAGE_RESOURCE_DATA; typedef struct _OSVERSIONINFOA { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; CHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage } OSVERSIONINFOA, POSVERSIONINFOA, LPOSVERSIONINFOA; typedef struct _OSVERSIONINFOW { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; WCHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage } OSVERSIONINFOW, POSVERSIONINFOW, LPOSVERSIONINFOW, RTL_OSVERSIONINFOW, PRTL_OSVERSIONINFOW; #ifdef UNICODE typedef OSVERSIONINFOW OSVERSIONINFO; typedef POSVERSIONINFOW POSVERSIONINFO; typedef LPOSVERSIONINFOW LPOSVERSIONINFO; #else typedef OSVERSIONINFOA OSVERSIONINFO; typedef POSVERSIONINFOA POSVERSIONINFO; typedef LPOSVERSIONINFOA LPOSVERSIONINFO; #endif // UNICODE typedef struct _OSVERSIONINFOEXA { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; CHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage WORD wServicePackMajor; WORD wServicePackMinor; WORD wSuiteMask; BYTE wProductType; BYTE wReserved; } OSVERSIONINFOEXA, POSVERSIONINFOEXA, LPOSVERSIONINFOEXA; typedef struct _OSVERSIONINFOEXW { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; DWORD dwPlatformId; WCHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage WORD wServicePackMajor; WORD wServicePackMinor; WORD wSuiteMask; BYTE wProductType; BYTE wReserved; } OSVERSIONINFOEXW, POSVERSIONINFOEXW, LPOSVERSIONINFOEXW, RTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOEXW; #ifdef UNICODE typedef OSVERSIONINFOEXW OSVERSIONINFOEX; typedef POSVERSIONINFOEXW POSVERSIONINFOEX; typedef LPOSVERSIONINFOEXW LPOSVERSIONINFOEX; #else typedef OSVERSIONINFOEXA OSVERSIONINFOEX; typedef POSVERSIONINFOEXA POSVERSIONINFOEX; typedef LPOSVERSIONINFOEXA LPOSVERSIONINFOEX; #endif // UNICODE // // RtlVerifyVersionInfo() conditions // #define VER_EQUAL 1 #define VER_GREATER 2 #define VER_GREATER_EQUAL 3 #define VER_LESS 4 #define VER_LESS_EQUAL 5 #define VER_AND 6 #define VER_OR 7 #define VER_CONDITION_MASK 7 #define VER_NUM_BITS_PER_CONDITION_MASK 3 // // RtlVerifyVersionInfo() type mask bits // #define VER_MINORVERSION 0x0000001 #define VER_MAJORVERSION 0x0000002 #define VER_BUILDNUMBER 0x0000004 #define VER_PLATFORMID 0x0000008 #define VER_SERVICEPACKMINOR 0x0000010 #define VER_SERVICEPACKMAJOR 0x0000020 #define VER_SUITENAME 0x0000040 #define VER_PRODUCT_TYPE 0x0000080 // // RtlVerifyVersionInfo() os product type values // #define VER_NT_WORKSTATION 0x0000001 #define VER_NT_DOMAIN_CONTROLLER 0x0000002 #define VER_NT_SERVER 0x0000003 // // dwPlatformId defines: // #define VER_PLATFORM_WIN32s 0 #define VER_PLATFORM_WIN32_WINDOWS 1 #define VER_PLATFORM_WIN32_NT 2 // // // VerifyVersionInfo() macro to set the condition mask // // For documentation sakes here's the old version of the macro that got // changed to call an API // #define VER_SET_CONDITION(_m_,_t_,_c_) _m_=(_m_\|(_c_<<(1<<_t_))) // #define VER_SET_CONDITION(_m_,_t_,_c_) \ ((_m_)=VerSetConditionMask((_m_),(_t_),(_c_))) ULONGLONG NTAPI VerSetConditionMask( IN ULONGLONG ConditionMask, IN DWORD TypeMask, IN BYTE Condition ); // typedef struct _RTL_CRITICAL_SECTION_DEBUG { WORD Type; WORD CreatorBackTraceIndex; struct _RTL_CRITICAL_SECTION CriticalSection; LIST_ENTRY ProcessLocksList; DWORD EntryCount; DWORD ContentionCount; DWORD Spare[ 2 ]; } RTL_CRITICAL_SECTION_DEBUG, PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, PRTL_RESOURCE_DEBUG; #define RTL_CRITSECT_TYPE 0 #define RTL_RESOURCE_TYPE 1 typedef struct _RTL_CRITICAL_SECTION { PRTL_CRITICAL_SECTION_DEBUG DebugInfo; // // The following three fields control entering and exiting the critical // section for the resource // LONG LockCount; LONG RecursionCount; HANDLE OwningThread; // from the thread's ClientId->UniqueThread HANDLE LockSemaphore; ULONG_PTR SpinCount; // force size on 64-bit systems when packed } RTL_CRITICAL_SECTION, PRTL_CRITICAL_SECTION; #define SEF_DACL_AUTO_INHERIT 0x01 #define SEF_SACL_AUTO_INHERIT 0x02 #define SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT 0x04 #define SEF_AVOID_PRIVILEGE_CHECK 0x08 #define SEF_AVOID_OWNER_CHECK 0x10 #define SEF_DEFAULT_OWNER_FROM_PARENT 0x20 #define SEF_DEFAULT_GROUP_FROM_PARENT 0x40 #define WT_EXECUTEDEFAULT 0x00000000 #define WT_EXECUTEINIOTHREAD 0x00000001 #define WT_EXECUTEINUITHREAD 0x00000002 #define WT_EXECUTEINWAITTHREAD 0x00000004 #define WT_EXECUTEONLYONCE 0x00000008 #define WT_EXECUTEINTIMERTHREAD 0x00000020 #define WT_EXECUTELONGFUNCTION 0x00000010 #define WT_EXECUTEINPERSISTENTIOTHREAD 0x00000040 #define WT_EXECUTEINPERSISTENTTHREAD 0x00000080 typedef VOID (NTAPI * WAITORTIMERCALLBACKFUNC) (PVOID, BOOLEAN ); typedef VOID (NTAPI * WORKERCALLBACKFUNC) (PVOID ); typedef VOID (NTAPI * APC_CALLBACK_FUNCTION) (DWORD , PVOID, PVOID); #define WT_EXECUTEINLONGTHREAD 0x00000010 #define WT_EXECUTEDELETEWAIT 0x00000008 #define DLL_PROCESS_ATTACH 1 #define DLL_THREAD_ATTACH 2 #define DLL_THREAD_DETACH 3 #define DLL_PROCESS_DETACH 0 // // Defines for the READ flags for Eventlogging // #define EVENTLOG_SEQUENTIAL_READ 0X0001 #define EVENTLOG_SEEK_READ 0X0002 #define EVENTLOG_FORWARDS_READ 0X0004 #define EVENTLOG_BACKWARDS_READ 0X0008 // // The types of events that can be logged. // #define EVENTLOG_SUCCESS 0X0000 #define EVENTLOG_ERROR_TYPE 0x0001 #define EVENTLOG_WARNING_TYPE 0x0002 #define EVENTLOG_INFORMATION_TYPE 0x0004 #define EVENTLOG_AUDIT_SUCCESS 0x0008 #define EVENTLOG_AUDIT_FAILURE 0x0010 // // Defines for the WRITE flags used by Auditing for paired events // These are not implemented in Product 1 // #define EVENTLOG_START_PAIRED_EVENT 0x0001 #define EVENTLOG_END_PAIRED_EVENT 0x0002 #define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004 #define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008 #define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010 // // Structure that defines the header of the Eventlog record. This is the // fixed-sized portion before all the variable-length strings, binary // data and pad bytes. // // TimeGenerated is the time it was generated at the client. // TimeWritten is the time it was put into the log at the server end. // typedef struct _EVENTLOGRECORD { DWORD Length; // Length of full record DWORD Reserved; // Used by the service DWORD RecordNumber; // Absolute record number DWORD TimeGenerated; // Seconds since 1-1-1970 DWORD TimeWritten; // Seconds since 1-1-1970 DWORD EventID; WORD EventType; WORD NumStrings; WORD EventCategory; WORD ReservedFlags; // For use with paired events (auditing) DWORD ClosingRecordNumber; // For use with paired events (auditing) DWORD StringOffset; // Offset from beginning of record DWORD UserSidLength; DWORD UserSidOffset; DWORD DataLength; DWORD DataOffset; // Offset from beginning of record // // Then follow: // // WCHAR SourceName[] // WCHAR Computername[] // SID UserSid // WCHAR Strings[] // BYTE Data[] // CHAR Pad[] // DWORD Length; // } EVENTLOGRECORD, PEVENTLOGRECORD; //SS: start of changes to support clustering //SS: ideally the #define MAXLOGICALLOGNAMESIZE 256 #if _MSC_VER >= 1200 #pragma warning(push) #endif #pragma warning(disable : 4200) typedef struct _EVENTSFORLOGFILE{ DWORD ulSize; WCHAR szLogicalLogFile[MAXLOGICALLOGNAMESIZE]; //name of the logical file-security/application/system DWORD ulNumRecords; EVENTLOGRECORD pEventLogRecords[]; }EVENTSFORLOGFILE, PEVENTSFORLOGFILE; typedef struct _PACKEDEVENTINFO{ DWORD ulSize; //total size of the structure DWORD ulNumEventsForLogFile; //number of EventsForLogFile structure that follow DWORD ulOffsets[]; //the offsets from the start of this structure to the EVENTSFORLOGFILE structure }PACKEDEVENTINFO, PPACKEDEVENTINFO; #if _MSC_VER >= 1200 #pragma warning(pop) #else #pragma warning(default : 4200) #endif //SS: end of changes to support clustering // // begin_ntddk begin_wdm begin_nthal // // Registry Specific Access Rights. // #define KEY_QUERY_VALUE (0x0001) #define KEY_SET_VALUE (0x0002) #define KEY_CREATE_SUB_KEY (0x0004) #define KEY_ENUMERATE_SUB_KEYS (0x0008) #define KEY_NOTIFY (0x0010) #define KEY_CREATE_LINK (0x0020) #define KEY_READ ((STANDARD_RIGHTS_READ \|\ KEY_QUERY_VALUE \|\ KEY_ENUMERATE_SUB_KEYS \|\ KEY_NOTIFY) \ & \ (~SYNCHRONIZE)) #define KEY_WRITE ((STANDARD_RIGHTS_WRITE \|\ KEY_SET_VALUE \|\ KEY_CREATE_SUB_KEY) \ & \ (~SYNCHRONIZE)) #define KEY_EXECUTE ((KEY_READ) \ & \ (~SYNCHRONIZE)) #define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL \|\ KEY_QUERY_VALUE \|\ KEY_SET_VALUE \|\ KEY_CREATE_SUB_KEY \|\ KEY_ENUMERATE_SUB_KEYS \|\ KEY_NOTIFY \|\ KEY_CREATE_LINK) \ & \ (~SYNCHRONIZE)) // // Open/Create Options // #define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved #define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved // when system is rebooted #define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved // when system is rebooted #define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a // symbolic link #define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore // special access rules // privilege required #define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link #define REG_LEGAL_OPTION \ (REG_OPTION_RESERVED \|\ REG_OPTION_NON_VOLATILE \|\ REG_OPTION_VOLATILE \|\ REG_OPTION_CREATE_LINK \|\ REG_OPTION_BACKUP_RESTORE \|\ REG_OPTION_OPEN_LINK) // // Key creation/open disposition // #define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created #define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened // // Key restore flags // #define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile #define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush #define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive #define REG_FORCE_RESTORE (0x00000008L) // Force the restore process even when we have open handles on subkeys // end_ntddk end_wdm end_nthal // // Notify filter values // #define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child) #define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L) #define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp #define REG_NOTIFY_CHANGE_SECURITY (0x00000008L) #define REG_LEGAL_CHANGE_FILTER \ (REG_NOTIFY_CHANGE_NAME \|\ REG_NOTIFY_CHANGE_ATTRIBUTES \|\ REG_NOTIFY_CHANGE_LAST_SET \|\ REG_NOTIFY_CHANGE_SECURITY) // // // Predefined Value Types. // #define REG_NONE ( 0 ) // No value type #define REG_SZ ( 1 ) // Unicode nul terminated string #define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string // (with environment variable references) #define REG_BINARY ( 3 ) // Free form binary #define REG_DWORD ( 4 ) // 32-bit number #define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD) #define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number #define REG_LINK ( 6 ) // Symbolic Link (unicode) #define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings #define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map #define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description #define REG_RESOURCE_REQUIREMENTS_LIST ( 10 ) #define REG_QWORD ( 11 ) // 64-bit number #define REG_QWORD_LITTLE_ENDIAN ( 11 ) // 64-bit number (same as REG_QWORD) // end_ntddk end_wdm end_nthal // begin_ntddk begin_wdm begin_nthal // // Service Types (Bit Mask) // #define SERVICE_KERNEL_DRIVER 0x00000001 #define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 #define SERVICE_ADAPTER 0x00000004 #define SERVICE_RECOGNIZER_DRIVER 0x00000008 #define SERVICE_DRIVER (SERVICE_KERNEL_DRIVER \| \ SERVICE_FILE_SYSTEM_DRIVER \| \ SERVICE_RECOGNIZER_DRIVER) #define SERVICE_WIN32_OWN_PROCESS 0x00000010 #define SERVICE_WIN32_SHARE_PROCESS 0x00000020 #define SERVICE_WIN32 (SERVICE_WIN32_OWN_PROCESS \| \ SERVICE_WIN32_SHARE_PROCESS) #define SERVICE_INTERACTIVE_PROCESS 0x00000100 #define SERVICE_TYPE_ALL (SERVICE_WIN32 \| \ SERVICE_ADAPTER \| \ SERVICE_DRIVER \| \ SERVICE_INTERACTIVE_PROCESS) // // Start Type // #define SERVICE_BOOT_START 0x00000000 #define SERVICE_SYSTEM_START 0x00000001 #define SERVICE_AUTO_START 0x00000002 #define SERVICE_DEMAND_START 0x00000003 #define SERVICE_DISABLED 0x00000004 // // Error control type // #define SERVICE_ERROR_IGNORE 0x00000000 #define SERVICE_ERROR_NORMAL 0x00000001 #define SERVICE_ERROR_SEVERE 0x00000002 #define SERVICE_ERROR_CRITICAL 0x00000003 // // // Define the registry driver node enumerations // typedef enum _CM_SERVICE_NODE_TYPE { DriverType = SERVICE_KERNEL_DRIVER, FileSystemType = SERVICE_FILE_SYSTEM_DRIVER, Win32ServiceOwnProcess = SERVICE_WIN32_OWN_PROCESS, Win32ServiceShareProcess = SERVICE_WIN32_SHARE_PROCESS, AdapterType = SERVICE_ADAPTER, RecognizerType = SERVICE_RECOGNIZER_DRIVER } SERVICE_NODE_TYPE; typedef enum _CM_SERVICE_LOAD_TYPE { BootLoad = SERVICE_BOOT_START, SystemLoad = SERVICE_SYSTEM_START, AutoLoad = SERVICE_AUTO_START, DemandLoad = SERVICE_DEMAND_START, DisableLoad = SERVICE_DISABLED } SERVICE_LOAD_TYPE; typedef enum _CM_ERROR_CONTROL_TYPE { IgnoreError = SERVICE_ERROR_IGNORE, NormalError = SERVICE_ERROR_NORMAL, SevereError = SERVICE_ERROR_SEVERE, CriticalError = SERVICE_ERROR_CRITICAL } SERVICE_ERROR_TYPE; // // IOCTL_TAPE_ERASE definitions // #define TAPE_ERASE_SHORT 0L #define TAPE_ERASE_LONG 1L typedef struct _TAPE_ERASE { DWORD Type; BOOLEAN Immediate; } TAPE_ERASE, PTAPE_ERASE; // // IOCTL_TAPE_PREPARE definitions // #define TAPE_LOAD 0L #define TAPE_UNLOAD 1L #define TAPE_TENSION 2L #define TAPE_LOCK 3L #define TAPE_UNLOCK 4L #define TAPE_FORMAT 5L typedef struct _TAPE_PREPARE { DWORD Operation; BOOLEAN Immediate; } TAPE_PREPARE, PTAPE_PREPARE; // // IOCTL_TAPE_WRITE_MARKS definitions // #define TAPE_SETMARKS 0L #define TAPE_FILEMARKS 1L #define TAPE_SHORT_FILEMARKS 2L #define TAPE_LONG_FILEMARKS 3L typedef struct _TAPE_WRITE_MARKS { DWORD Type; DWORD Count; BOOLEAN Immediate; } TAPE_WRITE_MARKS, PTAPE_WRITE_MARKS; // // IOCTL_TAPE_GET_POSITION definitions // #define TAPE_ABSOLUTE_POSITION 0L #define TAPE_LOGICAL_POSITION 1L #define TAPE_PSEUDO_LOGICAL_POSITION 2L typedef struct _TAPE_GET_POSITION { DWORD Type; DWORD Partition; LARGE_INTEGER Offset; } TAPE_GET_POSITION, PTAPE_GET_POSITION; // // IOCTL_TAPE_SET_POSITION definitions // #define TAPE_REWIND 0L #define TAPE_ABSOLUTE_BLOCK 1L #define TAPE_LOGICAL_BLOCK 2L #define TAPE_PSEUDO_LOGICAL_BLOCK 3L #define TAPE_SPACE_END_OF_DATA 4L #define TAPE_SPACE_RELATIVE_BLOCKS 5L #define TAPE_SPACE_FILEMARKS 6L #define TAPE_SPACE_SEQUENTIAL_FMKS 7L #define TAPE_SPACE_SETMARKS 8L #define TAPE_SPACE_SEQUENTIAL_SMKS 9L typedef struct _TAPE_SET_POSITION { DWORD Method; DWORD Partition; LARGE_INTEGER Offset; BOOLEAN Immediate; } TAPE_SET_POSITION, PTAPE_SET_POSITION; // // IOCTL_TAPE_GET_DRIVE_PARAMS definitions // // // Definitions for FeaturesLow parameter // #define TAPE_DRIVE_FIXED 0x00000001 #define TAPE_DRIVE_SELECT 0x00000002 #define TAPE_DRIVE_INITIATOR 0x00000004 #define TAPE_DRIVE_ERASE_SHORT 0x00000010 #define TAPE_DRIVE_ERASE_LONG 0x00000020 #define TAPE_DRIVE_ERASE_BOP_ONLY 0x00000040 #define TAPE_DRIVE_ERASE_IMMEDIATE 0x00000080 #define TAPE_DRIVE_TAPE_CAPACITY 0x00000100 #define TAPE_DRIVE_TAPE_REMAINING 0x00000200 #define TAPE_DRIVE_FIXED_BLOCK 0x00000400 #define TAPE_DRIVE_VARIABLE_BLOCK 0x00000800 #define TAPE_DRIVE_WRITE_PROTECT 0x00001000 #define TAPE_DRIVE_EOT_WZ_SIZE 0x00002000 #define TAPE_DRIVE_ECC 0x00010000 #define TAPE_DRIVE_COMPRESSION 0x00020000 #define TAPE_DRIVE_PADDING 0x00040000 #define TAPE_DRIVE_REPORT_SMKS 0x00080000 #define TAPE_DRIVE_GET_ABSOLUTE_BLK 0x00100000 #define TAPE_DRIVE_GET_LOGICAL_BLK 0x00200000 #define TAPE_DRIVE_SET_EOT_WZ_SIZE 0x00400000 #define TAPE_DRIVE_EJECT_MEDIA 0x01000000 #define TAPE_DRIVE_CLEAN_REQUESTS 0x02000000 #define TAPE_DRIVE_SET_CMP_BOP_ONLY 0x04000000 #define TAPE_DRIVE_RESERVED_BIT 0x80000000 //don't use this bit! // //can't be a low features bit! // //reserved; high features only // // Definitions for FeaturesHigh parameter // #define TAPE_DRIVE_LOAD_UNLOAD 0x80000001 #define TAPE_DRIVE_TENSION 0x80000002 #define TAPE_DRIVE_LOCK_UNLOCK 0x80000004 #define TAPE_DRIVE_REWIND_IMMEDIATE 0x80000008 #define TAPE_DRIVE_SET_BLOCK_SIZE 0x80000010 #define TAPE_DRIVE_LOAD_UNLD_IMMED 0x80000020 #define TAPE_DRIVE_TENSION_IMMED 0x80000040 #define TAPE_DRIVE_LOCK_UNLK_IMMED 0x80000080 #define TAPE_DRIVE_SET_ECC 0x80000100 #define TAPE_DRIVE_SET_COMPRESSION 0x80000200 #define TAPE_DRIVE_SET_PADDING 0x80000400 #define TAPE_DRIVE_SET_REPORT_SMKS 0x80000800 #define TAPE_DRIVE_ABSOLUTE_BLK 0x80001000 #define TAPE_DRIVE_ABS_BLK_IMMED 0x80002000 #define TAPE_DRIVE_LOGICAL_BLK 0x80004000 #define TAPE_DRIVE_LOG_BLK_IMMED 0x80008000 #define TAPE_DRIVE_END_OF_DATA 0x80010000 #define TAPE_DRIVE_RELATIVE_BLKS 0x80020000 #define TAPE_DRIVE_FILEMARKS 0x80040000 #define TAPE_DRIVE_SEQUENTIAL_FMKS 0x80080000 #define TAPE_DRIVE_SETMARKS 0x80100000 #define TAPE_DRIVE_SEQUENTIAL_SMKS 0x80200000 #define TAPE_DRIVE_REVERSE_POSITION 0x80400000 #define TAPE_DRIVE_SPACE_IMMEDIATE 0x80800000 #define TAPE_DRIVE_WRITE_SETMARKS 0x81000000 #define TAPE_DRIVE_WRITE_FILEMARKS 0x82000000 #define TAPE_DRIVE_WRITE_SHORT_FMKS 0x84000000 #define TAPE_DRIVE_WRITE_LONG_FMKS 0x88000000 #define TAPE_DRIVE_WRITE_MARK_IMMED 0x90000000 #define TAPE_DRIVE_FORMAT 0xA0000000 #define TAPE_DRIVE_FORMAT_IMMEDIATE 0xC0000000 #define TAPE_DRIVE_HIGH_FEATURES 0x80000000 //mask for high features flag typedef struct _TAPE_GET_DRIVE_PARAMETERS { BOOLEAN ECC; BOOLEAN Compression; BOOLEAN DataPadding; BOOLEAN ReportSetmarks; DWORD DefaultBlockSize; DWORD MaximumBlockSize; DWORD MinimumBlockSize; DWORD MaximumPartitionCount; DWORD FeaturesLow; DWORD FeaturesHigh; DWORD EOTWarningZoneSize; } TAPE_GET_DRIVE_PARAMETERS, PTAPE_GET_DRIVE_PARAMETERS; // // IOCTL_TAPE_SET_DRIVE_PARAMETERS definitions // typedef struct _TAPE_SET_DRIVE_PARAMETERS { BOOLEAN ECC; BOOLEAN Compression; BOOLEAN DataPadding; BOOLEAN ReportSetmarks; DWORD EOTWarningZoneSize; } TAPE_SET_DRIVE_PARAMETERS, PTAPE_SET_DRIVE_PARAMETERS; // // IOCTL_TAPE_GET_MEDIA_PARAMETERS definitions // typedef struct _TAPE_GET_MEDIA_PARAMETERS { LARGE_INTEGER Capacity; LARGE_INTEGER Remaining; DWORD BlockSize; DWORD PartitionCount; BOOLEAN WriteProtected; } TAPE_GET_MEDIA_PARAMETERS, PTAPE_GET_MEDIA_PARAMETERS; // // IOCTL_TAPE_SET_MEDIA_PARAMETERS definitions // typedef struct _TAPE_SET_MEDIA_PARAMETERS { DWORD BlockSize; } TAPE_SET_MEDIA_PARAMETERS, PTAPE_SET_MEDIA_PARAMETERS; // // IOCTL_TAPE_CREATE_PARTITION definitions // #define TAPE_FIXED_PARTITIONS 0L #define TAPE_SELECT_PARTITIONS 1L #define TAPE_INITIATOR_PARTITIONS 2L typedef struct _TAPE_CREATE_PARTITION { DWORD Method; DWORD Count; DWORD Size; } TAPE_CREATE_PARTITION, PTAPE_CREATE_PARTITION; #ifdef __cplusplus } #endif #pragma option pop /P_O_Pop/ #endif / _WINNT_ */ 2007-1-30 15:03 0
gnuser 雪币： 237 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 43 粉丝 0 关注私信	gnuser 3 楼汗,人人都象你这样贴,就没人学了. 2007-1-30 16:07 0
jjnet 雪币： 101 活跃值： (12) 能力值： ( LV12，RANK：210 ) 在线值：发帖 28 回帖 503 粉丝 0 关注私信	jjnet 5 4 楼不错的头 2007-1-30 17:50 0
dwing 雪币： 217 活跃值： (99) 能力值： ( LV4，RANK：50 ) 在线值：发帖 18 回帖 883 粉丝 6 关注私信	dwing 1 5 楼 winnt.h 2007-1-30 17:55 0
笨笨雄雪币： 846 活跃值： (221) 能力值： (RANK：570 ) 在线值：发帖 212 回帖 3620 粉丝 21 关注私信	笨笨雄 14 6 楼看完这个，人都晕了感觉这些都是用来查的，不是看的 2007-1-30 18:18 0
xzchina 雪币： 615 活跃值： (1127) 能力值： ( LV4，RANK：50 ) 在线值：发帖 42 回帖 843 粉丝 0 关注私信	xzchina 1 7 楼楼主把头文件的内容都帖出来了. 2007-1-30 19:23 0
jjnet 雪币： 101 活跃值： (12) 能力值： ( LV12，RANK：210 ) 在线值：发帖 28 回帖 503 粉丝 0 关注私信	jjnet 5 8 楼 winnt.h中没有#pragma option push -b -a8 -pc -A- /P_O_Push/ 这句吧 2007-1-31 15:44 0
vfer 雪币： 45 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 84 粉丝 0 关注私信	vfer 9 楼 PE头我还以为是..... 2007-1-31 20:57 0
llydd 雪币： 380 活跃值： (101) 能力值： ( LV13，RANK：370 ) 在线值：发帖 41 回帖 264 粉丝 5 关注私信	llydd 9 10 楼你想把人弄死啊， 2007-2-2 14:06 0
sbright 雪币： 146 活跃值： (33) 能力值： ( LV6，RANK：90 ) 在线值：发帖 120 回帖 995 粉丝 0 关注私信	sbright 2 11 楼这种贴,可以删除了... 实在想贴,还是上传文件吧 2007-2-4 22:25 0
ddrmsdos 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 14 粉丝 0 关注私信	ddrmsdos 12 楼好像是定义了PE注册表还有好多其他的头. 2007-2-4 22:32 0
为个润雪币： 233 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 60 粉丝 0 关注私信	为个润 13 楼用处不大，还不精炼，不知所云，哈哈，开玩笑的，如果真的能够透彻的读懂这个东东，那你的wondows编成就具有相当的水平了 2007-2-6 13:01 0
风流花心兔雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 38 粉丝 0 关注私信	风流花心兔 14 楼昏倒，进来晕一下先，什么代码啊 2007-2-6 15:31 0
aaaqaaaaa 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 5 粉丝 0 关注私信	aaaqaaaaa 15 楼　　定义个那么多，好象都是程序和数据包的头，还没说明 2007-2-27 22:06 0
强盗雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 30 粉丝 0 关注私信	强盗 16 楼看了晕死过去，本贴回复于看了本贴五小时后 2007-2-27 23:40 0
sosli 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 9 粉丝 0 关注私信	sosli 17 楼有点晕!!!!! 2007-3-2 18:10 0
kkyyff 雪币： 219 活跃值： (19) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 71 粉丝 0 关注私信	kkyyff 18 楼简直是浪费论坛的带宽和空间。 2007-6-10 19:26 0
不懂算法雪币： 202 活跃值： (77) 能力值： ( LV6，RANK：90 ) 在线值：发帖 16 回帖 329 粉丝 5 关注私信	不懂算法 2 19 楼不明白楼主什么意思 2007-6-10 19:53 0
无奈无赖雪币： 117 活跃值： (20) 能力值： ( LV2，RANK：10 ) 在线值：发帖 24 回帖 728 粉丝 2 关注私信	无奈无赖 20 楼汗。。。。。 2007-6-11 10:38 0
icefall 雪币： 154 活跃值： (75) 能力值： ( LV4，RANK：50 ) 在线值：发帖 18 回帖 156 粉丝 0 关注私信	icefall 1 21 楼 PFC=Power factor corrector?? 2007-6-11 10:56 0
王仁军雪币： 314 活跃值： (15) 能力值： ( LV12，RANK：410 ) 在线值：发帖 13 回帖 131 粉丝 2 关注私信	王仁军 10 22 楼？？？？？？？？？？？？？？？？？？？ 2007-6-11 14:04 0
yendrlin 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 3 粉丝 0 关注私信	yendrlin 23 楼天书 2007-6-18 00:44 0
ziyie 雪币： 200 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 9 粉丝 0 关注私信	ziyie 24 楼呵呵，以为是病毒代码分析。。。。眼都花了。。 2007-7-2 12:09 0
名士玉雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 17 粉丝 0 关注私信	名士玉 25 楼头大~!!!!!!!!!! 2007-7-2 21:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复