summaryrefslogtreecommitdiffstats
path: root/public/sdk/inc/winnt.h
diff options
context:
space:
mode:
authorAdam <you@example.com>2020-05-17 05:51:50 +0200
committerAdam <you@example.com>2020-05-17 05:51:50 +0200
commite611b132f9b8abe35b362e5870b74bce94a1e58e (patch)
treea5781d2ec0e085eeca33cf350cf878f2efea6fe5 /public/sdk/inc/winnt.h
downloadNT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar
NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.gz
NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.bz2
NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.lz
NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.xz
NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.zst
NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.zip
Diffstat (limited to 'public/sdk/inc/winnt.h')
-rw-r--r--public/sdk/inc/winnt.h5133
1 files changed, 5133 insertions, 0 deletions
diff --git a/public/sdk/inc/winnt.h b/public/sdk/inc/winnt.h
new file mode 100644
index 000000000..7d308def3
--- /dev/null
+++ b/public/sdk/inc/winnt.h
@@ -0,0 +1,5133 @@
+/*++ BUILD Version: 0093 Increment this if a change has global effects
+
+Copyright (c) 1990-1996 Microsoft Corporation
+
+Module Name:
+
+ winnt.h
+
+Abstract:
+
+ This module defines the 32-Bit Windows types and constants that are
+ defined by NT, but exposed through the Win32 API.
+
+Revision History:
+
+--*/
+
+#ifndef _WINNT_
+#define _WINNT_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <ctype.h>
+#define ANYSIZE_ARRAY 1
+
+#if defined(_M_MRX000) && !(defined(MIDL_PASS) || defined(RC_INVOKED)) && defined(ENABLE_RESTRICTED)
+#define RESTRICTED_POINTER __restrict
+#else
+#define RESTRICTED_POINTER
+#endif
+
+#if defined(_M_MRX000) || defined(_M_ALPHA) || defined(_M_PPC)
+#define UNALIGNED __unaligned
+#else
+#define UNALIGNED
+#endif
+
+
+#if (defined(_M_MRX000) || defined(_M_IX86) || defined(_M_ALPHA) || defined(_M_PPC)) && !defined(MIDL_PASS)
+#define DECLSPEC_IMPORT __declspec(dllimport)
+#else
+#define DECLSPEC_IMPORT
+#endif
+
+typedef void *PVOID;
+
+#if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
+#define NTAPI __stdcall
+#else
+#define _cdecl
+#define NTAPI
+#endif
+
+//
+// Define API decoration for direct importing system DLL references.
+//
+
+#if !defined(_NTSYSTEM_)
+#define NTSYSAPI DECLSPEC_IMPORT
+#else
+#define NTSYSAPI
+#endif
+
+
+//
+// Basics
+//
+
+#ifndef VOID
+#define VOID void
+typedef char CHAR;
+typedef short SHORT;
+typedef long LONG;
+#endif
+
+//
+// UNICODE (Wide Character) types
+//
+
+typedef wchar_t WCHAR; // wc, 16-bit UNICODE character
+
+typedef WCHAR *PWCHAR;
+typedef WCHAR *LPWCH, *PWCH;
+typedef CONST WCHAR *LPCWCH, *PCWCH;
+typedef WCHAR *NWPSTR;
+typedef WCHAR *LPWSTR, *PWSTR;
+
+typedef CONST WCHAR *LPCWSTR, *PCWSTR;
+
+//
+// ANSI (Multi-byte Character) types
+//
+typedef CHAR *PCHAR;
+typedef CHAR *LPCH, *PCH;
+
+typedef CONST CHAR *LPCCH, *PCCH;
+typedef CHAR *NPSTR;
+typedef CHAR *LPSTR, *PSTR;
+typedef CONST CHAR *LPCSTR, *PCSTR;
+
+//
+// Neutral ANSI/UNICODE types and macros
+//
+#ifdef UNICODE // r_winnt
+
+#ifndef _TCHAR_DEFINED
+typedef WCHAR TCHAR, *PTCHAR;
+typedef WCHAR TBYTE , *PTBYTE ;
+#define _TCHAR_DEFINED
+#endif /* !_TCHAR_DEFINED */
+
+typedef LPWSTR LPTCH, PTCH;
+typedef LPWSTR PTSTR, LPTSTR;
+typedef LPCWSTR LPCTSTR;
+typedef LPWSTR LP;
+#define __TEXT(quote) L##quote // r_winnt
+
+#else /* UNICODE */ // r_winnt
+
+#ifndef _TCHAR_DEFINED
+typedef char TCHAR, *PTCHAR;
+typedef unsigned char TBYTE , *PTBYTE ;
+#define _TCHAR_DEFINED
+#endif /* !_TCHAR_DEFINED */
+
+typedef LPSTR LPTCH, PTCH;
+typedef LPSTR PTSTR, LPTSTR;
+typedef LPCSTR LPCTSTR;
+#define __TEXT(quote) quote // r_winnt
+
+#endif /* UNICODE */ // r_winnt
+#define TEXT(quote) __TEXT(quote) // r_winnt
+
+
+typedef SHORT *PSHORT;
+typedef LONG *PLONG;
+
+#ifdef STRICT
+typedef void *HANDLE;
+#define DECLARE_HANDLE(name) struct name##__ { int unused; }; typedef struct name##__ *name
+#else
+typedef PVOID HANDLE;
+#define DECLARE_HANDLE(name) typedef HANDLE name
+#endif
+typedef HANDLE *PHANDLE;
+
+//
+// Flag (bit) fields
+//
+
+typedef BYTE FCHAR;
+typedef WORD FSHORT;
+typedef DWORD FLONG;
+
+typedef char CCHAR;
+typedef DWORD LCID;
+typedef PDWORD PLCID;
+typedef WORD LANGID;
+/*lint -e624 */
+/*lint +e624 */
+#define APPLICATION_ERROR_MASK 0x20000000
+#define ERROR_SEVERITY_SUCCESS 0x00000000
+#define ERROR_SEVERITY_INFORMATIONAL 0x40000000
+#define ERROR_SEVERITY_WARNING 0x80000000
+#define ERROR_SEVERITY_ERROR 0xC0000000
+
+//
+// __int64 is only supported by 2.0 and later midl.
+// __midl is set by the 2.0 midl and not by 1.0 midl.
+//
+
+#define _DWORDLONG_
+#if (!defined(MIDL_PASS) || defined(__midl)) && (!defined(_M_IX86) || (defined(_INTEGRAL_MAX_BITS) && _INTEGRAL_MAX_BITS >= 64))
+typedef __int64 LONGLONG;
+typedef unsigned __int64 DWORDLONG;
+
+#define MAXLONGLONG (0x7fffffffffffffff)
+#else
+typedef double LONGLONG;
+typedef double DWORDLONG;
+#endif
+
+typedef LONGLONG *PLONGLONG;
+typedef DWORDLONG *PDWORDLONG;
+
+// Update Sequence Number
+
+typedef LONGLONG USN;
+
+#if defined(MIDL_PASS)
+typedef struct _LARGE_INTEGER {
+#else // MIDL_PASS
+typedef union _LARGE_INTEGER {
+ struct {
+ DWORD LowPart;
+ LONG HighPart;
+ };
+ struct {
+ DWORD LowPart;
+ LONG HighPart;
+ } u;
+#endif //MIDL_PASS
+ LONGLONG QuadPart;
+} LARGE_INTEGER;
+
+typedef LARGE_INTEGER *PLARGE_INTEGER;
+
+
+#if defined(MIDL_PASS)
+typedef struct _ULARGE_INTEGER {
+#else // MIDL_PASS
+typedef union _ULARGE_INTEGER {
+ struct {
+ DWORD LowPart;
+ DWORD HighPart;
+ };
+ struct {
+ DWORD LowPart;
+ DWORD HighPart;
+ } u;
+#endif //MIDL_PASS
+ DWORDLONG QuadPart;
+} ULARGE_INTEGER;
+
+typedef ULARGE_INTEGER *PULARGE_INTEGER;
+
+// end_ntminiport end_ntndis end_ntminitape
+
+//
+// Locally Unique Identifier
+//
+
+typedef struct _LUID {
+ DWORD LowPart;
+ LONG HighPart;
+} LUID, *PLUID;
+
+
+//
+// Define operations to logically shift an int64 by 0..31 bits and to multiply
+// 32-bits by 32-bits to form a 64-bit product.
+//
+
+#if defined(MIDL_PASS) || defined(RC_INVOKED)
+
+//
+// Midl does not understand inline assembler. Therefore, the Rtl functions
+// are used for shifts by 0.31 and multiplies of 32-bits times 32-bits to
+// form a 64-bit product.
+//
+
+#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
+#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b)))
+
+#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
+#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
+#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))
+
+#elif defined(_M_MRX000)
+
+//
+// MIPS uses intrinsic functions to perform shifts by 0..31 and multiplies of
+// 32-bits times 32-bits to 64-bits.
+//
+
+#define Int32x32To64 __emul
+#define UInt32x32To64 __emulu
+
+#define Int64ShllMod32 __ll_lshift
+#define Int64ShraMod32 __ll_rshift
+#define Int64ShrlMod32 __ull_rshift
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+LONGLONG
+NTAPI
+Int32x32To64 (
+ LONG Multiplier,
+ LONG Multiplicand
+ );
+
+DWORDLONG
+NTAPI
+UInt32x32To64 (
+ DWORD Multiplier,
+ DWORD Multiplicand
+ );
+
+DWORDLONG
+NTAPI
+Int64ShllMod32 (
+ DWORDLONG Value,
+ DWORD ShiftCount
+ );
+
+LONGLONG
+NTAPI
+Int64ShraMod32 (
+ LONGLONG Value,
+ DWORD ShiftCount
+ );
+
+DWORDLONG
+NTAPI
+Int64ShrlMod32 (
+ DWORDLONG Value,
+ DWORD ShiftCount
+ );
+
+#if defined (__cplusplus)
+};
+#endif
+
+#pragma intrinsic(__emul)
+#pragma intrinsic(__emulu)
+
+#pragma intrinsic(__ll_lshift)
+#pragma intrinsic(__ll_rshift)
+#pragma intrinsic(__ull_rshift)
+
+#elif defined(_M_IX86)
+
+//
+// The x86 C compiler understands inline assembler. Therefore, inline functions
+// that employ inline assembler are used for shifts of 0..31. The multiplies
+// rely on the compiler recognizing the cast of the multiplicand to int64 to
+// generate the optimal code inline.
+//
+
+#define Int32x32To64( a, b ) (LONGLONG)((LONGLONG)(LONG)(a) * (LONG)(b))
+#define UInt32x32To64( a, b ) (DWORDLONG)((DWORDLONG)(DWORD)(a) * (DWORD)(b))
+
+DWORDLONG
+NTAPI
+Int64ShllMod32 (
+ DWORDLONG Value,
+ DWORD ShiftCount
+ );
+
+LONGLONG
+NTAPI
+Int64ShraMod32 (
+ LONGLONG Value,
+ DWORD ShiftCount
+ );
+
+DWORDLONG
+NTAPI
+Int64ShrlMod32 (
+ DWORDLONG Value,
+ DWORD ShiftCount
+ );
+
+#pragma warning(disable:4035) // re-enable below
+
+__inline DWORDLONG
+NTAPI
+Int64ShllMod32 (
+ DWORDLONG Value,
+ DWORD ShiftCount
+ )
+{
+ __asm {
+ mov ecx, ShiftCount
+ mov eax, dword ptr [Value]
+ mov edx, dword ptr [Value+4]
+ shld edx, eax, cl
+ shl eax, cl
+ }
+}
+
+__inline LONGLONG
+NTAPI
+Int64ShraMod32 (
+ LONGLONG Value,
+ DWORD ShiftCount
+ )
+{
+ __asm {
+ mov ecx, ShiftCount
+ mov eax, dword ptr [Value]
+ mov edx, dword ptr [Value+4]
+ shrd eax, edx, cl
+ sar edx, cl
+ }
+}
+
+__inline DWORDLONG
+NTAPI
+Int64ShrlMod32 (
+ DWORDLONG Value,
+ DWORD ShiftCount
+ )
+{
+ __asm {
+ mov ecx, ShiftCount
+ mov eax, dword ptr [Value]
+ mov edx, dword ptr [Value+4]
+ shrd eax, edx, cl
+ shr edx, cl
+ }
+}
+
+#pragma warning(default:4035)
+
+#elif defined(_M_ALPHA)
+
+//
+// Alpha has native 64-bit operations that are just as fast as their 32-bit
+// counter parts. Therefore, the int64 data type is used directly to form
+// shifts of 0..31 and multiplies of 32-bits times 32-bits to form a 64-bit
+// product.
+//
+
+#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
+#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b)))
+
+#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
+#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
+#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))
+
+
+#elif defined(_M_PPC)
+
+#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b)))
+#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b)))
+
+#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b))
+#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b))
+#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b))
+
+#else
+
+#error Must define a target architecture.
+
+#endif
+
+#define UNICODE_NULL ((WCHAR)0)
+typedef BYTE BOOLEAN;
+typedef BOOLEAN *PBOOLEAN;
+//
+// Doubly linked list structure. Can be used as either a list head, or
+// as link words.
+//
+
+typedef struct _LIST_ENTRY {
+ struct _LIST_ENTRY * volatile Flink;
+ struct _LIST_ENTRY * volatile Blink;
+} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;
+
+//
+// Singly linked list structure. Can be used as either a list head, or
+// as link words.
+//
+
+typedef struct _SINGLE_LIST_ENTRY {
+ struct _SINGLE_LIST_ENTRY *Next;
+} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
+
+//
+// Base data structures for OLE support
+//
+
+#ifndef GUID_DEFINED
+#define GUID_DEFINED
+
+typedef struct _GUID { // size is 16
+ DWORD Data1;
+ WORD Data2;
+ WORD Data3;
+ BYTE Data4[8];
+} GUID;
+
+#endif // !GUID_DEFINED
+
+#ifndef __OBJECTID_DEFINED
+#define __OBJECTID_DEFINED
+
+typedef struct _OBJECTID { // size is 20
+ GUID Lineage;
+ DWORD Uniquifier;
+} OBJECTID;
+#endif // !_OBJECTID_DEFINED
+
+#define MINCHAR 0x80
+#define MAXCHAR 0x7f
+#define MINSHORT 0x8000
+#define MAXSHORT 0x7fff
+#define MINLONG 0x80000000
+#define MAXLONG 0x7fffffff
+#define MAXBYTE 0xff
+#define MAXWORD 0xffff
+#define MAXDWORD 0xffffffff
+//
+// Calculate the byte offset of a field in a structure of type type.
+//
+
+#define FIELD_OFFSET(type, field) ((LONG)&(((type *)0)->field))
+
+
+//
+// Calculate the address of the base of the structure given its type, and an
+// address of a field within the structure.
+//
+
+#define CONTAINING_RECORD(address, type, field) ((type *)( \
+ (PCHAR)(address) - \
+ (PCHAR)(&((type *)0)->field)))
+
+//
+// Language IDs.
+//
+// The following two combinations of primary language ID and
+// sublanguage ID have special semantics:
+//
+// Primary Language ID Sublanguage ID Result
+// ------------------- --------------- ------------------------
+// LANG_NEUTRAL SUBLANG_NEUTRAL Language neutral
+// LANG_NEUTRAL SUBLANG_DEFAULT User default language
+// LANG_NEUTRAL SUBLANG_SYS_DEFAULT System default language
+//
+
+//
+// Primary language IDs.
+//
+
+#define LANG_NEUTRAL 0x00
+
+#define LANG_AFRIKAANS 0x36
+#define LANG_ALBANIAN 0x1c
+#define LANG_ARABIC 0x01
+#define LANG_BASQUE 0x2d
+#define LANG_BELARUSIAN 0x23
+#define LANG_BULGARIAN 0x02
+#define LANG_CATALAN 0x03
+#define LANG_CHINESE 0x04
+#define LANG_CROATIAN 0x1a
+#define LANG_CZECH 0x05
+#define LANG_DANISH 0x06
+#define LANG_DUTCH 0x13
+#define LANG_ENGLISH 0x09
+#define LANG_ESTONIAN 0x25
+#define LANG_FAEROESE 0x38
+#define LANG_FARSI 0x29
+#define LANG_FINNISH 0x0b
+#define LANG_FRENCH 0x0c
+#define LANG_GERMAN 0x07
+#define LANG_GREEK 0x08
+#define LANG_HEBREW 0x0d
+#define LANG_HUNGARIAN 0x0e
+#define LANG_ICELANDIC 0x0f
+#define LANG_INDONESIAN 0x21
+#define LANG_ITALIAN 0x10
+#define LANG_JAPANESE 0x11
+#define LANG_KOREAN 0x12
+#define LANG_LATVIAN 0x26
+#define LANG_LITHUANIAN 0x27
+#define LANG_NORWEGIAN 0x14
+#define LANG_POLISH 0x15
+#define LANG_PORTUGUESE 0x16
+#define LANG_ROMANIAN 0x18
+#define LANG_RUSSIAN 0x19
+#define LANG_SERBIAN 0x1a
+#define LANG_SLOVAK 0x1b
+#define LANG_SLOVENIAN 0x24
+#define LANG_SPANISH 0x0a
+#define LANG_SWEDISH 0x1d
+#define LANG_THAI 0x1e
+#define LANG_TURKISH 0x1f
+#define LANG_UKRAINIAN 0x22
+#define LANG_VIETNAMESE 0x2a
+
+//
+// Sublanguage IDs.
+//
+// The name immediately following SUBLANG_ dictates which primary
+// language ID that sublanguage ID can be combined with to form a
+// valid language ID.
+//
+
+#define SUBLANG_NEUTRAL 0x00 // language neutral
+#define SUBLANG_DEFAULT 0x01 // user default
+#define SUBLANG_SYS_DEFAULT 0x02 // system default
+
+#define SUBLANG_ARABIC_SAUDI_ARABIA 0x01 // Arabic (Saudi Arabia)
+#define SUBLANG_ARABIC_IRAQ 0x02 // Arabic (Iraq)
+#define SUBLANG_ARABIC_EGYPT 0x03 // Arabic (Egypt)
+#define SUBLANG_ARABIC_LIBYA 0x04 // Arabic (Libya)
+#define SUBLANG_ARABIC_ALGERIA 0x05 // Arabic (Algeria)
+#define SUBLANG_ARABIC_MOROCCO 0x06 // Arabic (Morocco)
+#define SUBLANG_ARABIC_TUNISIA 0x07 // Arabic (Tunisia)
+#define SUBLANG_ARABIC_OMAN 0x08 // Arabic (Oman)
+#define SUBLANG_ARABIC_YEMEN 0x09 // Arabic (Yemen)
+#define SUBLANG_ARABIC_SYRIA 0x0a // Arabic (Syria)
+#define SUBLANG_ARABIC_JORDAN 0x0b // Arabic (Jordan)
+#define SUBLANG_ARABIC_LEBANON 0x0c // Arabic (Lebanon)
+#define SUBLANG_ARABIC_KUWAIT 0x0d // Arabic (Kuwait)
+#define SUBLANG_ARABIC_UAE 0x0e // Arabic (U.A.E)
+#define SUBLANG_ARABIC_BAHRAIN 0x0f // Arabic (Bahrain)
+#define SUBLANG_ARABIC_QATAR 0x10 // Arabic (Qatar)
+#define SUBLANG_CHINESE_TRADITIONAL 0x01 // Chinese (Taiwan)
+#define SUBLANG_CHINESE_SIMPLIFIED 0x02 // Chinese (PR China)
+#define SUBLANG_CHINESE_HONGKONG 0x03 // Chinese (Hong Kong)
+#define SUBLANG_CHINESE_SINGAPORE 0x04 // Chinese (Singapore)
+#define SUBLANG_DUTCH 0x01 // Dutch
+#define SUBLANG_DUTCH_BELGIAN 0x02 // Dutch (Belgian)
+#define SUBLANG_ENGLISH_US 0x01 // English (USA)
+#define SUBLANG_ENGLISH_UK 0x02 // English (UK)
+#define SUBLANG_ENGLISH_AUS 0x03 // English (Australian)
+#define SUBLANG_ENGLISH_CAN 0x04 // English (Canadian)
+#define SUBLANG_ENGLISH_NZ 0x05 // English (New Zealand)
+#define SUBLANG_ENGLISH_EIRE 0x06 // English (Irish)
+#define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07 // English (South Africa)
+#define SUBLANG_ENGLISH_JAMAICA 0x08 // English (Jamaica)
+#define SUBLANG_ENGLISH_CARIBBEAN 0x09 // English (Caribbean)
+#define SUBLANG_ENGLISH_BELIZE 0x0a // English (Belize)
+#define SUBLANG_ENGLISH_TRINIDAD 0x0b // English (Trinidad)
+#define SUBLANG_FRENCH 0x01 // French
+#define SUBLANG_FRENCH_BELGIAN 0x02 // French (Belgian)
+#define SUBLANG_FRENCH_CANADIAN 0x03 // French (Canadian)
+#define SUBLANG_FRENCH_SWISS 0x04 // French (Swiss)
+#define SUBLANG_FRENCH_LUXEMBOURG 0x05 // French (Luxembourg)
+#define SUBLANG_GERMAN 0x01 // German
+#define SUBLANG_GERMAN_SWISS 0x02 // German (Swiss)
+#define SUBLANG_GERMAN_AUSTRIAN 0x03 // German (Austrian)
+#define SUBLANG_GERMAN_LUXEMBOURG 0x04 // German (Luxembourg)
+#define SUBLANG_GERMAN_LIECHTENSTEIN 0x05 // German (Liechtenstein)
+#define SUBLANG_ITALIAN 0x01 // Italian
+#define SUBLANG_ITALIAN_SWISS 0x02 // Italian (Swiss)
+#define SUBLANG_KOREAN 0x01 // Korean (Extended Wansung)
+#define SUBLANG_KOREAN_JOHAB 0x02 // Korean (Johab)
+#define SUBLANG_NORWEGIAN_BOKMAL 0x01 // Norwegian (Bokmal)
+#define SUBLANG_NORWEGIAN_NYNORSK 0x02 // Norwegian (Nynorsk)
+#define SUBLANG_PORTUGUESE 0x02 // Portuguese
+#define SUBLANG_PORTUGUESE_BRAZILIAN 0x01 // Portuguese (Brazilian)
+#define SUBLANG_SERBIAN_LATIN 0x02 // Serbian (Latin)
+#define SUBLANG_SERBIAN_CYRILLIC 0x03 // Serbian (Cyrillic)
+#define SUBLANG_SPANISH 0x01 // Spanish (Castilian)
+#define SUBLANG_SPANISH_MEXICAN 0x02 // Spanish (Mexican)
+#define SUBLANG_SPANISH_MODERN 0x03 // Spanish (Modern)
+#define SUBLANG_SPANISH_GUATEMALA 0x04 // Spanish (Guatemala)
+#define SUBLANG_SPANISH_COSTA_RICA 0x05 // Spanish (Costa Rica)
+#define SUBLANG_SPANISH_PANAMA 0x06 // Spanish (Panama)
+#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07 // Spanish (Dominican Republic)
+#define SUBLANG_SPANISH_VENEZUELA 0x08 // Spanish (Venezuela)
+#define SUBLANG_SPANISH_COLOMBIA 0x09 // Spanish (Colombia)
+#define SUBLANG_SPANISH_PERU 0x0a // Spanish (Peru)
+#define SUBLANG_SPANISH_ARGENTINA 0x0b // Spanish (Argentina)
+#define SUBLANG_SPANISH_ECUADOR 0x0c // Spanish (Ecuador)
+#define SUBLANG_SPANISH_CHILE 0x0d // Spanish (Chile)
+#define SUBLANG_SPANISH_URUGUAY 0x0e // Spanish (Uruguay)
+#define SUBLANG_SPANISH_PARAGUAY 0x0f // Spanish (Paraguay)
+#define SUBLANG_SPANISH_BOLIVIA 0x10 // Spanish (Bolivia)
+#define SUBLANG_SPANISH_EL_SALVADOR 0x11 // Spanish (El Salvador)
+#define SUBLANG_SPANISH_HONDURAS 0x12 // Spanish (Honduras)
+#define SUBLANG_SPANISH_NICARAGUA 0x13 // Spanish (Nicaragua)
+#define SUBLANG_SPANISH_PUERTO_RICO 0x14 // Spanish (Puerto Rico)
+#define SUBLANG_SWEDISH 0x01 // Swedish
+#define SUBLANG_SWEDISH_FINLAND 0x02 // Swedish (Finland)
+
+//
+// Sorting IDs.
+//
+
+#define SORT_DEFAULT 0x0 // sorting default
+
+#define SORT_JAPANESE_XJIS 0x0 // Japanese XJIS order
+#define SORT_JAPANESE_UNICODE 0x1 // Japanese Unicode order
+
+#define SORT_CHINESE_BIG5 0x0 // Chinese BIG5 order
+#define SORT_CHINESE_PRCP 0x0 // PRC Chinese Phonetic order
+#define SORT_CHINESE_UNICODE 0x1 // Chinese Unicode order
+#define SORT_CHINESE_PRC 0x2 // PRC Chinese Stroke Count order
+
+#define SORT_KOREAN_KSC 0x0 // Korean KSC order
+#define SORT_KOREAN_UNICODE 0x1 // Korean Unicode order
+
+#define SORT_GERMAN_PHONE_BOOK 0x1 // German Phone Book order
+
+// end_r_winnt
+
+//
+// A language ID is a 16 bit value which is the combination of a
+// primary language ID and a secondary language ID. The bits are
+// allocated as follows:
+//
+// +-----------------------+-------------------------+
+// | Sublanguage ID | Primary Language ID |
+// +-----------------------+-------------------------+
+// 15 10 9 0 bit
+//
+//
+// Language ID creation/extraction macros:
+//
+// MAKELANGID - construct language id from a primary language id and
+// a sublanguage id.
+// PRIMARYLANGID - extract primary language id from a language id.
+// SUBLANGID - extract sublanguage id from a language id.
+//
+
+#define MAKELANGID(p, s) ((((WORD )(s)) << 10) | (WORD )(p))
+#define PRIMARYLANGID(lgid) ((WORD )(lgid) & 0x3ff)
+#define SUBLANGID(lgid) ((WORD )(lgid) >> 10)
+
+
+//
+// A locale ID is a 32 bit value which is the combination of a
+// language ID, a sort ID, and a reserved area. The bits are
+// allocated as follows:
+//
+// +-------------+---------+-------------------------+
+// | Reserved | Sort ID | Language ID |
+// +-------------+---------+-------------------------+
+// 31 20 19 16 15 0 bit
+//
+//
+// Locale ID creation/extraction macros:
+//
+// MAKELCID - construct locale id from a language id and a sort id.
+// LANGIDFROMLCID - extract language id from a locale id.
+// SORTIDFROMLCID - extract sort id from a locale id.
+//
+
+#define NLS_VALID_LOCALE_MASK 0x000fffff
+
+#define MAKELCID(lgid, srtid) ((DWORD)((((DWORD)((WORD )(srtid))) << 16) | \
+ ((DWORD)((WORD )(lgid)))))
+#define LANGIDFROMLCID(lcid) ((WORD )(lcid))
+#define SORTIDFROMLCID(lcid) ((WORD )((((DWORD)(lcid)) & NLS_VALID_LOCALE_MASK) >> 16))
+
+
+//
+// Default System and User IDs for language and locale.
+//
+
+#define LANG_SYSTEM_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_SYS_DEFAULT))
+#define LANG_USER_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT))
+
+#define LOCALE_SYSTEM_DEFAULT (MAKELCID(LANG_SYSTEM_DEFAULT, SORT_DEFAULT))
+#define LOCALE_USER_DEFAULT (MAKELCID(LANG_USER_DEFAULT, SORT_DEFAULT))
+
+#define LOCALE_NEUTRAL \
+ (MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT))
+
+
+// begin_ntminiport begin_ntndis begin_ntminitape
+
+//
+// Macros used to eliminate compiler warning generated when formal
+// parameters or local variables are not declared.
+//
+// Use DBG_UNREFERENCED_PARAMETER() when a parameter is not yet
+// referenced but will be once the module is completely developed.
+//
+// Use DBG_UNREFERENCED_LOCAL_VARIABLE() when a local variable is not yet
+// referenced but will be once the module is completely developed.
+//
+// Use UNREFERENCED_PARAMETER() if a parameter will never be referenced.
+//
+// DBG_UNREFERENCED_PARAMETER and DBG_UNREFERENCED_LOCAL_VARIABLE will
+// eventually be made into a null macro to help determine whether there
+// is unfinished work.
+//
+
+#if ! (defined(lint) || defined(_lint))
+#define UNREFERENCED_PARAMETER(P) (P)
+#define DBG_UNREFERENCED_PARAMETER(P) (P)
+#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) (V)
+
+#else // lint or _lint
+
+// Note: lint -e530 says don't complain about uninitialized variables for
+// this. line +e530 turns that checking back on. Error 527 has to do with
+// unreachable code.
+
+#define UNREFERENCED_PARAMETER(P) \
+ /*lint -e527 -e530 */ \
+ { \
+ (P) = (P); \
+ } \
+ /*lint +e527 +e530 */
+#define DBG_UNREFERENCED_PARAMETER(P) \
+ /*lint -e527 -e530 */ \
+ { \
+ (P) = (P); \
+ } \
+ /*lint +e527 +e530 */
+#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) \
+ /*lint -e527 -e530 */ \
+ { \
+ (V) = (V); \
+ } \
+ /*lint +e527 +e530 */
+
+#endif // lint or _lint
+
+
+#ifndef WIN32_NO_STATUS
+/*lint -save -e767 */
+#define STATUS_WAIT_0 ((DWORD )0x00000000L)
+#define STATUS_ABANDONED_WAIT_0 ((DWORD )0x00000080L)
+#define STATUS_USER_APC ((DWORD )0x000000C0L)
+#define STATUS_TIMEOUT ((DWORD )0x00000102L)
+#define STATUS_PENDING ((DWORD )0x00000103L)
+#define STATUS_SEGMENT_NOTIFICATION ((DWORD )0x40000005L)
+#define STATUS_GUARD_PAGE_VIOLATION ((DWORD )0x80000001L)
+#define STATUS_DATATYPE_MISALIGNMENT ((DWORD )0x80000002L)
+#define STATUS_BREAKPOINT ((DWORD )0x80000003L)
+#define STATUS_SINGLE_STEP ((DWORD )0x80000004L)
+#define STATUS_ACCESS_VIOLATION ((DWORD )0xC0000005L)
+#define STATUS_IN_PAGE_ERROR ((DWORD )0xC0000006L)
+#define STATUS_INVALID_HANDLE ((DWORD )0xC0000008L)
+#define STATUS_NO_MEMORY ((DWORD )0xC0000017L)
+#define STATUS_ILLEGAL_INSTRUCTION ((DWORD )0xC000001DL)
+#define STATUS_NONCONTINUABLE_EXCEPTION ((DWORD )0xC0000025L)
+#define STATUS_INVALID_DISPOSITION ((DWORD )0xC0000026L)
+#define STATUS_ARRAY_BOUNDS_EXCEEDED ((DWORD )0xC000008CL)
+#define STATUS_FLOAT_DENORMAL_OPERAND ((DWORD )0xC000008DL)
+#define STATUS_FLOAT_DIVIDE_BY_ZERO ((DWORD )0xC000008EL)
+#define STATUS_FLOAT_INEXACT_RESULT ((DWORD )0xC000008FL)
+#define STATUS_FLOAT_INVALID_OPERATION ((DWORD )0xC0000090L)
+#define STATUS_FLOAT_OVERFLOW ((DWORD )0xC0000091L)
+#define STATUS_FLOAT_STACK_CHECK ((DWORD )0xC0000092L)
+#define STATUS_FLOAT_UNDERFLOW ((DWORD )0xC0000093L)
+#define STATUS_INTEGER_DIVIDE_BY_ZERO ((DWORD )0xC0000094L)
+#define STATUS_INTEGER_OVERFLOW ((DWORD )0xC0000095L)
+#define STATUS_PRIVILEGED_INSTRUCTION ((DWORD )0xC0000096L)
+#define STATUS_STACK_OVERFLOW ((DWORD )0xC00000FDL)
+#define STATUS_CONTROL_C_EXIT ((DWORD )0xC000013AL)
+/*lint -restore */
+#endif
+#define MAXIMUM_WAIT_OBJECTS 64 // Maximum number of wait objects
+
+#define MAXIMUM_SUSPEND_COUNT MAXCHAR // Maximum times thread can be suspended
+typedef DWORD KSPIN_LOCK;
+
+#ifdef _ALPHA_ // winnt
+void *_rdteb(void); // winnt
+#if defined(_M_ALPHA) // winnt
+#pragma intrinsic(_rdteb) // winnt
+#endif // winnt
+#endif // winnt
+
+#if defined(_M_ALPHA)
+#define NtCurrentTeb() ((struct _TEB *)_rdteb())
+#else
+struct _TEB *
+NtCurrentTeb(void);
+#endif
+
+//
+// Define function to return the current Thread Environment Block
+//
+
+#ifdef _ALPHA_
+
+
+
+//
+// Define functions to get the address of the current fiber and the
+// current fiber data.
+//
+
+#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
+#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
+
+// begin_ntddk begin_nthal
+//
+// The following flags control the contents of the CONTEXT structure.
+//
+
+#if !defined(RC_INVOKED)
+
+#define CONTEXT_PORTABLE_32BIT 0x00100000
+#define CONTEXT_ALPHA 0x00020000
+
+#define CONTEXT_CONTROL (CONTEXT_ALPHA | 0x00000001L)
+#define CONTEXT_FLOATING_POINT (CONTEXT_ALPHA | 0x00000002L)
+#define CONTEXT_INTEGER (CONTEXT_ALPHA | 0x00000004L)
+
+#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)
+
+#endif
+
+#ifndef _PORTABLE_32BIT_CONTEXT
+
+//
+// Context Frame
+//
+// This frame has a several purposes: 1) it is used as an argument to
+// NtContinue, 2) it is used to construct a call frame for APC delivery,
+// 3) it is used to construct a call frame for exception dispatching
+// in user mode, 4) it is used in the user level thread creation
+// routines, and 5) it is used to to pass thread state to debuggers.
+//
+// N.B. Because this record is used as a call frame, it must be EXACTLY
+// a multiple of 16 bytes in length.
+//
+// There are two variations of the context structure. This is the real one.
+//
+
+typedef struct _CONTEXT {
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_FLOATING_POINT.
+ //
+
+ DWORDLONG FltF0;
+ DWORDLONG FltF1;
+ DWORDLONG FltF2;
+ DWORDLONG FltF3;
+ DWORDLONG FltF4;
+ DWORDLONG FltF5;
+ DWORDLONG FltF6;
+ DWORDLONG FltF7;
+ DWORDLONG FltF8;
+ DWORDLONG FltF9;
+ DWORDLONG FltF10;
+ DWORDLONG FltF11;
+ DWORDLONG FltF12;
+ DWORDLONG FltF13;
+ DWORDLONG FltF14;
+ DWORDLONG FltF15;
+ DWORDLONG FltF16;
+ DWORDLONG FltF17;
+ DWORDLONG FltF18;
+ DWORDLONG FltF19;
+ DWORDLONG FltF20;
+ DWORDLONG FltF21;
+ DWORDLONG FltF22;
+ DWORDLONG FltF23;
+ DWORDLONG FltF24;
+ DWORDLONG FltF25;
+ DWORDLONG FltF26;
+ DWORDLONG FltF27;
+ DWORDLONG FltF28;
+ DWORDLONG FltF29;
+ DWORDLONG FltF30;
+ DWORDLONG FltF31;
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_INTEGER.
+ //
+ // N.B. The registers gp, sp, and ra are defined in this section, but are
+ // considered part of the control context rather than part of the integer
+ // context.
+ //
+
+ DWORDLONG IntV0; // $0: return value register, v0
+ DWORDLONG IntT0; // $1: temporary registers, t0 - t7
+ DWORDLONG IntT1; // $2:
+ DWORDLONG IntT2; // $3:
+ DWORDLONG IntT3; // $4:
+ DWORDLONG IntT4; // $5:
+ DWORDLONG IntT5; // $6:
+ DWORDLONG IntT6; // $7:
+ DWORDLONG IntT7; // $8:
+ DWORDLONG IntS0; // $9: nonvolatile registers, s0 - s5
+ DWORDLONG IntS1; // $10:
+ DWORDLONG IntS2; // $11:
+ DWORDLONG IntS3; // $12:
+ DWORDLONG IntS4; // $13:
+ DWORDLONG IntS5; // $14:
+ DWORDLONG IntFp; // $15: frame pointer register, fp/s6
+ DWORDLONG IntA0; // $16: argument registers, a0 - a5
+ DWORDLONG IntA1; // $17:
+ DWORDLONG IntA2; // $18:
+ DWORDLONG IntA3; // $19:
+ DWORDLONG IntA4; // $20:
+ DWORDLONG IntA5; // $21:
+ DWORDLONG IntT8; // $22: temporary registers, t8 - t11
+ DWORDLONG IntT9; // $23:
+ DWORDLONG IntT10; // $24:
+ DWORDLONG IntT11; // $25:
+ DWORDLONG IntRa; // $26: return address register, ra
+ DWORDLONG IntT12; // $27: temporary register, t12
+ DWORDLONG IntAt; // $28: assembler temp register, at
+ DWORDLONG IntGp; // $29: global pointer register, gp
+ DWORDLONG IntSp; // $30: stack pointer register, sp
+ DWORDLONG IntZero; // $31: zero register, zero
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_FLOATING_POINT.
+ //
+
+ DWORDLONG Fpcr; // floating point control register
+ DWORDLONG SoftFpcr; // software extension to FPCR
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_CONTROL.
+ //
+ // N.B. The registers gp, sp, and ra are defined in the integer section,
+ // but are considered part of the control context rather than part of
+ // the integer context.
+ //
+
+ DWORDLONG Fir; // (fault instruction) continuation address
+ DWORD Psr; // processor status
+
+ //
+ // The flags values within this flag control the contents of
+ // a CONTEXT record.
+ //
+ // If the context record is used as an input parameter, then
+ // for each portion of the context record controlled by a flag
+ // whose value is set, it is assumed that that portion of the
+ // context record contains valid context. If the context record
+ // is being used to modify a thread's context, then only that
+ // portion of the threads context will be modified.
+ //
+ // If the context record is used as an IN OUT parameter to capture
+ // the context of a thread, then only those portions of the thread's
+ // context corresponding to set flags will be returned.
+ //
+ // The context record is never used as an OUT only parameter.
+ //
+
+ DWORD ContextFlags;
+ DWORD Fill[4]; // padding for 16-byte stack frame alignment
+
+} CONTEXT, *PCONTEXT;
+
+#else
+
+//
+// 32-bit Context Frame
+//
+// This alternate version of the Alpha context structure parallels that
+// of MIPS and IX86 in style for the first 64 entries: 32-bit machines
+// can operate on the fields, and a value declared as a pointer to an
+// array of int's can be used to index into the fields. This makes life
+// with windbg and ntsd vastly easier.
+//
+// There are two parts: the first contains the lower 32-bits of each
+// element in the 64-bit definition above. The second part contains
+// the upper 32-bits of each 64-bit element above.
+//
+// The names in the first part are identical to the 64-bit names.
+// The second part names are prefixed with "High".
+//
+// 1st half: at 32 bits each, (containing the low parts of 64-bit values)
+// 32 floats, 32 ints, fpcrs, fir, psr, contextflags
+// 2nd half: at 32 bits each
+// 32 floats, 32 ints, fpcrs, fir, fill
+//
+// There is no external support for the 32-bit version of the context
+// structure. It is only used internally by windbg and ntsd.
+//
+// This structure must be the same size as the 64-bit version above.
+//
+
+typedef struct _CONTEXT {
+
+ DWORD FltF0;
+ DWORD FltF1;
+ DWORD FltF2;
+ DWORD FltF3;
+ DWORD FltF4;
+ DWORD FltF5;
+ DWORD FltF6;
+ DWORD FltF7;
+ DWORD FltF8;
+ DWORD FltF9;
+ DWORD FltF10;
+ DWORD FltF11;
+ DWORD FltF12;
+ DWORD FltF13;
+ DWORD FltF14;
+ DWORD FltF15;
+ DWORD FltF16;
+ DWORD FltF17;
+ DWORD FltF18;
+ DWORD FltF19;
+ DWORD FltF20;
+ DWORD FltF21;
+ DWORD FltF22;
+ DWORD FltF23;
+ DWORD FltF24;
+ DWORD FltF25;
+ DWORD FltF26;
+ DWORD FltF27;
+ DWORD FltF28;
+ DWORD FltF29;
+ DWORD FltF30;
+ DWORD FltF31;
+
+ DWORD IntV0; // $0: return value register, v0
+ DWORD IntT0; // $1: temporary registers, t0 - t7
+ DWORD IntT1; // $2:
+ DWORD IntT2; // $3:
+ DWORD IntT3; // $4:
+ DWORD IntT4; // $5:
+ DWORD IntT5; // $6:
+ DWORD IntT6; // $7:
+ DWORD IntT7; // $8:
+ DWORD IntS0; // $9: nonvolatile registers, s0 - s5
+ DWORD IntS1; // $10:
+ DWORD IntS2; // $11:
+ DWORD IntS3; // $12:
+ DWORD IntS4; // $13:
+ DWORD IntS5; // $14:
+ DWORD IntFp; // $15: frame pointer register, fp/s6
+ DWORD IntA0; // $16: argument registers, a0 - a5
+ DWORD IntA1; // $17:
+ DWORD IntA2; // $18:
+ DWORD IntA3; // $19:
+ DWORD IntA4; // $20:
+ DWORD IntA5; // $21:
+ DWORD IntT8; // $22: temporary registers, t8 - t11
+ DWORD IntT9; // $23:
+ DWORD IntT10; // $24:
+ DWORD IntT11; // $25:
+ DWORD IntRa; // $26: return address register, ra
+ DWORD IntT12; // $27: temporary register, t12
+ DWORD IntAt; // $28: assembler temp register, at
+ DWORD IntGp; // $29: global pointer register, gp
+ DWORD IntSp; // $30: stack pointer register, sp
+ DWORD IntZero; // $31: zero register, zero
+
+ DWORD Fpcr; // floating point control register
+ DWORD SoftFpcr; // software extension to FPCR
+
+ DWORD Fir; // (fault instruction) continuation address
+
+ DWORD Psr; // processor status
+ DWORD ContextFlags;
+
+ //
+ // Beginning of the "second half".
+ // The name "High" parallels the HighPart of a LargeInteger.
+ //
+
+ DWORD HighFltF0;
+ DWORD HighFltF1;
+ DWORD HighFltF2;
+ DWORD HighFltF3;
+ DWORD HighFltF4;
+ DWORD HighFltF5;
+ DWORD HighFltF6;
+ DWORD HighFltF7;
+ DWORD HighFltF8;
+ DWORD HighFltF9;
+ DWORD HighFltF10;
+ DWORD HighFltF11;
+ DWORD HighFltF12;
+ DWORD HighFltF13;
+ DWORD HighFltF14;
+ DWORD HighFltF15;
+ DWORD HighFltF16;
+ DWORD HighFltF17;
+ DWORD HighFltF18;
+ DWORD HighFltF19;
+ DWORD HighFltF20;
+ DWORD HighFltF21;
+ DWORD HighFltF22;
+ DWORD HighFltF23;
+ DWORD HighFltF24;
+ DWORD HighFltF25;
+ DWORD HighFltF26;
+ DWORD HighFltF27;
+ DWORD HighFltF28;
+ DWORD HighFltF29;
+ DWORD HighFltF30;
+ DWORD HighFltF31;
+
+ DWORD HighIntV0; // $0: return value register, v0
+ DWORD HighIntT0; // $1: temporary registers, t0 - t7
+ DWORD HighIntT1; // $2:
+ DWORD HighIntT2; // $3:
+ DWORD HighIntT3; // $4:
+ DWORD HighIntT4; // $5:
+ DWORD HighIntT5; // $6:
+ DWORD HighIntT6; // $7:
+ DWORD HighIntT7; // $8:
+ DWORD HighIntS0; // $9: nonvolatile registers, s0 - s5
+ DWORD HighIntS1; // $10:
+ DWORD HighIntS2; // $11:
+ DWORD HighIntS3; // $12:
+ DWORD HighIntS4; // $13:
+ DWORD HighIntS5; // $14:
+ DWORD HighIntFp; // $15: frame pointer register, fp/s6
+ DWORD HighIntA0; // $16: argument registers, a0 - a5
+ DWORD HighIntA1; // $17:
+ DWORD HighIntA2; // $18:
+ DWORD HighIntA3; // $19:
+ DWORD HighIntA4; // $20:
+ DWORD HighIntA5; // $21:
+ DWORD HighIntT8; // $22: temporary registers, t8 - t11
+ DWORD HighIntT9; // $23:
+ DWORD HighIntT10; // $24:
+ DWORD HighIntT11; // $25:
+ DWORD HighIntRa; // $26: return address register, ra
+ DWORD HighIntT12; // $27: temporary register, t12
+ DWORD HighIntAt; // $28: assembler temp register, at
+ DWORD HighIntGp; // $29: global pointer register, gp
+ DWORD HighIntSp; // $30: stack pointer register, sp
+ DWORD HighIntZero; // $31: zero register, zero
+
+ DWORD HighFpcr; // floating point control register
+ DWORD HighSoftFpcr; // software extension to FPCR
+ DWORD HighFir; // processor status
+
+ double DoNotUseThisField; // to force quadword structure alignment
+ DWORD HighFill[2]; // padding for 16-byte stack frame alignment
+
+} CONTEXT, *PCONTEXT;
+
+//
+// These should name the fields in the _PORTABLE_32BIT structure
+// that overlay the Psr and ContextFlags in the normal structure.
+//
+
+#define _QUAD_PSR_OFFSET HighSoftFpcr
+#define _QUAD_FLAGS_OFFSET HighFir
+
+#endif // _PORTABLE_32BIT_CONTEXT
+
+// end_ntddk end_nthal
+
+#endif // _ALPHA_
+
+
+#ifdef _ALPHA_
+
+VOID
+__jump_unwind (
+ PVOID VirtualFramePointer,
+ PVOID TargetPc
+ );
+
+#endif // _ALPHA_
+
+
+#ifdef _X86_
+
+//
+// Disable these two pramas that evaluate to "sti" "cli" on x86 so that driver
+// writers to not leave them inadvertantly in their code.
+//
+
+#if !defined(MIDL_PASS)
+#if !defined(RC_INVOKED)
+
+#pragma warning(disable:4164) // disable C4164 warning so that apps that
+ // build with /Od don't get weird errors !
+#ifdef _M_IX86
+#pragma function(_enable)
+#pragma function(_disable)
+#endif
+
+#pragma warning(default:4164) // reenable C4164 warning
+
+#endif
+#endif
+
+
+#if !defined(MIDL_PASS) && defined(_M_IX86)
+#pragma warning (disable:4035) // disable 4035 (function must return something)
+_inline PVOID GetFiberData( void ) { __asm {
+ mov eax, fs:[0x10]
+ mov eax,[eax]
+ }
+ }
+_inline PVOID GetCurrentFiber( void ) { __asm mov eax, fs:[0x10] }
+
+#pragma warning (default:4035) // Reenable it
+#endif
+
+// begin_wx86
+
+//
+// Define the size of the 80387 save area, which is in the context frame.
+//
+
+#define SIZE_OF_80387_REGISTERS 80
+
+//
+// The following flags control the contents of the CONTEXT structure.
+//
+
+#if !defined(RC_INVOKED)
+
+#define CONTEXT_i386 0x00010000 // this assumes that i386 and
+#define CONTEXT_i486 0x00010000 // i486 have identical context records
+
+// end_wx86
+
+#define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
+#define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
+#define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
+#define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
+#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
+
+#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
+ CONTEXT_SEGMENTS)
+
+// begin_wx86
+
+#endif
+
+typedef struct _FLOATING_SAVE_AREA {
+ DWORD ControlWord;
+ DWORD StatusWord;
+ DWORD TagWord;
+ DWORD ErrorOffset;
+ DWORD ErrorSelector;
+ DWORD DataOffset;
+ DWORD DataSelector;
+ BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
+ DWORD Cr0NpxState;
+} FLOATING_SAVE_AREA;
+
+typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;
+
+//
+// Context Frame
+//
+// This frame has a several purposes: 1) it is used as an argument to
+// NtContinue, 2) is is used to constuct a call frame for APC delivery,
+// and 3) it is used in the user level thread creation routines.
+//
+// The layout of the record conforms to a standard call frame.
+//
+
+typedef struct _CONTEXT {
+
+ //
+ // The flags values within this flag control the contents of
+ // a CONTEXT record.
+ //
+ // If the context record is used as an input parameter, then
+ // for each portion of the context record controlled by a flag
+ // whose value is set, it is assumed that that portion of the
+ // context record contains valid context. If the context record
+ // is being used to modify a threads context, then only that
+ // portion of the threads context will be modified.
+ //
+ // If the context record is used as an IN OUT parameter to capture
+ // the context of a thread, then only those portions of the thread's
+ // context corresponding to set flags will be returned.
+ //
+ // The context record is never used as an OUT only parameter.
+ //
+
+ DWORD ContextFlags;
+
+ //
+ // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
+ // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
+ // included in CONTEXT_FULL.
+ //
+
+ DWORD Dr0;
+ DWORD Dr1;
+ DWORD Dr2;
+ DWORD Dr3;
+ DWORD Dr6;
+ DWORD Dr7;
+
+ //
+ // This section is specified/returned if the
+ // ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
+ //
+
+ FLOATING_SAVE_AREA FloatSave;
+
+ //
+ // This section is specified/returned if the
+ // ContextFlags word contians the flag CONTEXT_SEGMENTS.
+ //
+
+ DWORD SegGs;
+ DWORD SegFs;
+ DWORD SegEs;
+ DWORD SegDs;
+
+ //
+ // This section is specified/returned if the
+ // ContextFlags word contians the flag CONTEXT_INTEGER.
+ //
+
+ DWORD Edi;
+ DWORD Esi;
+ DWORD Ebx;
+ DWORD Edx;
+ DWORD Ecx;
+ DWORD Eax;
+
+ //
+ // This section is specified/returned if the
+ // ContextFlags word contians the flag CONTEXT_CONTROL.
+ //
+
+ DWORD Ebp;
+ DWORD Eip;
+ DWORD SegCs; // MUST BE SANITIZED
+ DWORD EFlags; // MUST BE SANITIZED
+ DWORD Esp;
+ DWORD SegSs;
+
+} CONTEXT;
+
+
+
+typedef CONTEXT *PCONTEXT;
+
+// begin_ntminiport
+
+#endif //_X86_
+
+
+typedef struct _LDT_ENTRY {
+ WORD LimitLow;
+ WORD BaseLow;
+ union {
+ struct {
+ BYTE BaseMid;
+ BYTE Flags1; // Declare as bytes to avoid alignment
+ BYTE Flags2; // Problems.
+ BYTE BaseHi;
+ } Bytes;
+ struct {
+ DWORD BaseMid : 8;
+ DWORD Type : 5;
+ DWORD Dpl : 2;
+ DWORD Pres : 1;
+ DWORD LimitHi : 4;
+ DWORD Sys : 1;
+ DWORD Reserved_0 : 1;
+ DWORD Default_Big : 1;
+ DWORD Granularity : 1;
+ DWORD BaseHi : 8;
+ } Bits;
+ } HighWord;
+} LDT_ENTRY, *PLDT_ENTRY;
+
+
+#if defined(_MIPS_)
+
+//
+// Define functions to get the address of the current fiber and the
+// current fiber data.
+//
+
+#define GetCurrentFiber() ((*(PNT_TIB *)0x7ffff4a8)->FiberData)
+#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
+
+// begin_ntddk begin_nthal
+//
+// The following flags control the contents of the CONTEXT structure.
+//
+
+#if !defined(RC_INVOKED)
+
+#define CONTEXT_R4000 0x00010000 // r4000 context
+
+#define CONTEXT_CONTROL (CONTEXT_R4000 | 0x00000001)
+#define CONTEXT_FLOATING_POINT (CONTEXT_R4000 | 0x00000002)
+#define CONTEXT_INTEGER (CONTEXT_R4000 | 0x00000004)
+#define CONTEXT_EXTENDED_FLOAT (CONTEXT_FLOATING_POINT | 0x00000008)
+#define CONTEXT_EXTENDED_INTEGER (CONTEXT_INTEGER | 0x00000010)
+
+#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | \
+ CONTEXT_INTEGER | CONTEXT_EXTENDED_INTEGER)
+
+#endif
+
+//
+// Context Frame
+//
+// N.B. This frame must be exactly a multiple of 16 bytes in length.
+//
+// This frame has a several purposes: 1) it is used as an argument to
+// NtContinue, 2) it is used to constuct a call frame for APC delivery,
+// 3) it is used to construct a call frame for exception dispatching
+// in user mode, and 4) it is used in the user level thread creation
+// routines.
+//
+// The layout of the record conforms to a standard call frame.
+//
+
+typedef struct _CONTEXT {
+
+ //
+ // This section is always present and is used as an argument build
+ // area.
+ //
+ // N.B. Context records are 0 mod 8 aligned starting with NT 4.0.
+ //
+
+ union {
+ DWORD Argument[4];
+ DWORDLONG Alignment;
+ };
+
+ //
+ // The following union defines the 32-bit and 64-bit register context.
+ //
+
+ union {
+
+ //
+ // 32-bit context.
+ //
+
+ struct {
+
+ //
+ // This section is specified/returned if the ContextFlags contains
+ // the flag CONTEXT_FLOATING_POINT.
+ //
+ // N.B. This section contains the 16 double floating registers f0,
+ // f2, ..., f30.
+ //
+
+ DWORD FltF0;
+ DWORD FltF1;
+ DWORD FltF2;
+ DWORD FltF3;
+ DWORD FltF4;
+ DWORD FltF5;
+ DWORD FltF6;
+ DWORD FltF7;
+ DWORD FltF8;
+ DWORD FltF9;
+ DWORD FltF10;
+ DWORD FltF11;
+ DWORD FltF12;
+ DWORD FltF13;
+ DWORD FltF14;
+ DWORD FltF15;
+ DWORD FltF16;
+ DWORD FltF17;
+ DWORD FltF18;
+ DWORD FltF19;
+ DWORD FltF20;
+ DWORD FltF21;
+ DWORD FltF22;
+ DWORD FltF23;
+ DWORD FltF24;
+ DWORD FltF25;
+ DWORD FltF26;
+ DWORD FltF27;
+ DWORD FltF28;
+ DWORD FltF29;
+ DWORD FltF30;
+ DWORD FltF31;
+
+ //
+ // This section is specified/returned if the ContextFlags contains
+ // the flag CONTEXT_INTEGER.
+ //
+ // N.B. The registers gp, sp, and ra are defined in this section,
+ // but are considered part of the control context rather than
+ // part of the integer context.
+ //
+ // N.B. Register zero is not stored in the frame.
+ //
+
+ DWORD IntZero;
+ DWORD IntAt;
+ DWORD IntV0;
+ DWORD IntV1;
+ DWORD IntA0;
+ DWORD IntA1;
+ DWORD IntA2;
+ DWORD IntA3;
+ DWORD IntT0;
+ DWORD IntT1;
+ DWORD IntT2;
+ DWORD IntT3;
+ DWORD IntT4;
+ DWORD IntT5;
+ DWORD IntT6;
+ DWORD IntT7;
+ DWORD IntS0;
+ DWORD IntS1;
+ DWORD IntS2;
+ DWORD IntS3;
+ DWORD IntS4;
+ DWORD IntS5;
+ DWORD IntS6;
+ DWORD IntS7;
+ DWORD IntT8;
+ DWORD IntT9;
+ DWORD IntK0;
+ DWORD IntK1;
+ DWORD IntGp;
+ DWORD IntSp;
+ DWORD IntS8;
+ DWORD IntRa;
+ DWORD IntLo;
+ DWORD IntHi;
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_FLOATING_POINT.
+ //
+
+ DWORD Fsr;
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_CONTROL.
+ //
+ // N.B. The registers gp, sp, and ra are defined in the integer section,
+ // but are considered part of the control context rather than part of
+ // the integer context.
+ //
+
+ DWORD Fir;
+ DWORD Psr;
+
+ //
+ // The flags values within this flag control the contents of
+ // a CONTEXT record.
+ //
+ // If the context record is used as an input parameter, then
+ // for each portion of the context record controlled by a flag
+ // whose value is set, it is assumed that that portion of the
+ // context record contains valid context. If the context record
+ // is being used to modify a thread's context, then only that
+ // portion of the threads context will be modified.
+ //
+ // If the context record is used as an IN OUT parameter to capture
+ // the context of a thread, then only those portions of the thread's
+ // context corresponding to set flags will be returned.
+ //
+ // The context record is never used as an OUT only parameter.
+ //
+
+ DWORD ContextFlags;
+ };
+
+ //
+ // 64-bit context.
+ //
+
+ struct {
+
+ //
+ // This section is specified/returned if the ContextFlags contains
+ // the flag CONTEXT_EXTENDED_FLOAT.
+ //
+ // N.B. This section contains the 32 double floating registers f0,
+ // f1, ..., f31.
+ //
+
+ DWORDLONG XFltF0;
+ DWORDLONG XFltF1;
+ DWORDLONG XFltF2;
+ DWORDLONG XFltF3;
+ DWORDLONG XFltF4;
+ DWORDLONG XFltF5;
+ DWORDLONG XFltF6;
+ DWORDLONG XFltF7;
+ DWORDLONG XFltF8;
+ DWORDLONG XFltF9;
+ DWORDLONG XFltF10;
+ DWORDLONG XFltF11;
+ DWORDLONG XFltF12;
+ DWORDLONG XFltF13;
+ DWORDLONG XFltF14;
+ DWORDLONG XFltF15;
+ DWORDLONG XFltF16;
+ DWORDLONG XFltF17;
+ DWORDLONG XFltF18;
+ DWORDLONG XFltF19;
+ DWORDLONG XFltF20;
+ DWORDLONG XFltF21;
+ DWORDLONG XFltF22;
+ DWORDLONG XFltF23;
+ DWORDLONG XFltF24;
+ DWORDLONG XFltF25;
+ DWORDLONG XFltF26;
+ DWORDLONG XFltF27;
+ DWORDLONG XFltF28;
+ DWORDLONG XFltF29;
+ DWORDLONG XFltF30;
+ DWORDLONG XFltF31;
+
+ //
+ // The following sections must exactly overlay the 32-bit context.
+ //
+
+ DWORD Fill1;
+ DWORD Fill2;
+
+ //
+ // This section is specified/returned if the ContextFlags contains
+ // the flag CONTEXT_FLOATING_POINT.
+ //
+
+ DWORD XFsr;
+
+ //
+ // This section is specified/returned if the ContextFlags contains
+ // the flag CONTEXT_CONTROL.
+ //
+ // N.B. The registers gp, sp, and ra are defined in the integer
+ // section, but are considered part of the control context
+ // rather than part of the integer context.
+ //
+
+ DWORD XFir;
+ DWORD XPsr;
+
+ //
+ // The flags values within this flag control the contents of
+ // a CONTEXT record.
+ //
+ // If the context record is used as an input parameter, then
+ // for each portion of the context record controlled by a flag
+ // whose value is set, it is assumed that that portion of the
+ // context record contains valid context. If the context record
+ // is being used to modify a thread's context, then only that
+ // portion of the threads context will be modified.
+ //
+ // If the context record is used as an IN OUT parameter to capture
+ // the context of a thread, then only those portions of the thread's
+ // context corresponding to set flags will be returned.
+ //
+ // The context record is never used as an OUT only parameter.
+ //
+
+ DWORD XContextFlags;
+
+ //
+ // This section is specified/returned if the ContextFlags contains
+ // the flag CONTEXT_EXTENDED_INTEGER.
+ //
+ // N.B. The registers gp, sp, and ra are defined in this section,
+ // but are considered part of the control context rather than
+ // part of the integer context.
+ //
+ // N.B. Register zero is not stored in the frame.
+ //
+
+ DWORDLONG XIntZero;
+ DWORDLONG XIntAt;
+ DWORDLONG XIntV0;
+ DWORDLONG XIntV1;
+ DWORDLONG XIntA0;
+ DWORDLONG XIntA1;
+ DWORDLONG XIntA2;
+ DWORDLONG XIntA3;
+ DWORDLONG XIntT0;
+ DWORDLONG XIntT1;
+ DWORDLONG XIntT2;
+ DWORDLONG XIntT3;
+ DWORDLONG XIntT4;
+ DWORDLONG XIntT5;
+ DWORDLONG XIntT6;
+ DWORDLONG XIntT7;
+ DWORDLONG XIntS0;
+ DWORDLONG XIntS1;
+ DWORDLONG XIntS2;
+ DWORDLONG XIntS3;
+ DWORDLONG XIntS4;
+ DWORDLONG XIntS5;
+ DWORDLONG XIntS6;
+ DWORDLONG XIntS7;
+ DWORDLONG XIntT8;
+ DWORDLONG XIntT9;
+ DWORDLONG XIntK0;
+ DWORDLONG XIntK1;
+ DWORDLONG XIntGp;
+ DWORDLONG XIntSp;
+ DWORDLONG XIntS8;
+ DWORDLONG XIntRa;
+ DWORDLONG XIntLo;
+ DWORDLONG XIntHi;
+ };
+ };
+} CONTEXT, *PCONTEXT;
+
+// end_ntddk end_nthal
+
+#define CONTEXT32_LENGTH 0x130 // The original 32-bit Context length (pre NT 4.0)
+
+#endif // MIPS
+
+
+#if defined(_MIPS_)
+
+VOID
+__jump_unwind (
+ PVOID Fp,
+ PVOID TargetPc
+ );
+
+#endif // MIPS
+
+
+#if defined(_PPC_)
+
+
+//
+// The address of the TEB is placed into GPR 13 at context switch time
+// and should never be destroyed. To get the address of the TEB use
+// the compiler intrinsic to access it directly from GPR 13.
+//
+
+#if defined(_M_PPC) && defined(_MSC_VER) && (_MSC_VER>=1000)
+unsigned __gregister_get( unsigned const regnum );
+#define NtCurrentTeb() ((struct _TEB *)__gregister_get(13))
+#elif defined(_M_PPC)
+struct _TEB * __builtin_get_gpr13(VOID);
+#define NtCurrentTeb() ((struct _TEB *)__builtin_get_gpr13())
+#endif
+
+
+//
+// Define functions to get the address of the current fiber and the
+// current fiber data.
+//
+
+#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
+#define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
+
+// begin_ntddk begin_nthal
+//
+// The following flags control the contents of the CONTEXT structure.
+//
+
+#if !defined(RC_INVOKED)
+
+#define CONTEXT_CONTROL 0x00000001L
+#define CONTEXT_FLOATING_POINT 0x00000002L
+#define CONTEXT_INTEGER 0x00000004L
+#define CONTEXT_DEBUG_REGISTERS 0x00000008L
+
+#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER)
+
+#endif
+
+//
+// Context Frame
+//
+// N.B. This frame must be exactly a multiple of 16 bytes in length.
+//
+// This frame has a several purposes: 1) it is used as an argument to
+// NtContinue, 2) it is used to constuct a call frame for APC delivery,
+// 3) it is used to construct a call frame for exception dispatching
+// in user mode, and 4) it is used in the user level thread creation
+// routines.
+//
+// Requires at least 8-byte alignment (double)
+//
+
+typedef struct _CONTEXT {
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_FLOATING_POINT.
+ //
+
+ double Fpr0; // Floating registers 0..31
+ double Fpr1;
+ double Fpr2;
+ double Fpr3;
+ double Fpr4;
+ double Fpr5;
+ double Fpr6;
+ double Fpr7;
+ double Fpr8;
+ double Fpr9;
+ double Fpr10;
+ double Fpr11;
+ double Fpr12;
+ double Fpr13;
+ double Fpr14;
+ double Fpr15;
+ double Fpr16;
+ double Fpr17;
+ double Fpr18;
+ double Fpr19;
+ double Fpr20;
+ double Fpr21;
+ double Fpr22;
+ double Fpr23;
+ double Fpr24;
+ double Fpr25;
+ double Fpr26;
+ double Fpr27;
+ double Fpr28;
+ double Fpr29;
+ double Fpr30;
+ double Fpr31;
+ double Fpscr; // Floating point status/control reg
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_INTEGER.
+ //
+
+ DWORD Gpr0; // General registers 0..31
+ DWORD Gpr1;
+ DWORD Gpr2;
+ DWORD Gpr3;
+ DWORD Gpr4;
+ DWORD Gpr5;
+ DWORD Gpr6;
+ DWORD Gpr7;
+ DWORD Gpr8;
+ DWORD Gpr9;
+ DWORD Gpr10;
+ DWORD Gpr11;
+ DWORD Gpr12;
+ DWORD Gpr13;
+ DWORD Gpr14;
+ DWORD Gpr15;
+ DWORD Gpr16;
+ DWORD Gpr17;
+ DWORD Gpr18;
+ DWORD Gpr19;
+ DWORD Gpr20;
+ DWORD Gpr21;
+ DWORD Gpr22;
+ DWORD Gpr23;
+ DWORD Gpr24;
+ DWORD Gpr25;
+ DWORD Gpr26;
+ DWORD Gpr27;
+ DWORD Gpr28;
+ DWORD Gpr29;
+ DWORD Gpr30;
+ DWORD Gpr31;
+
+ DWORD Cr; // Condition register
+ DWORD Xer; // Fixed point exception register
+
+ //
+ // This section is specified/returned if the ContextFlags word contains
+ // the flag CONTEXT_CONTROL.
+ //
+
+ DWORD Msr; // Machine status register
+ DWORD Iar; // Instruction address register
+ DWORD Lr; // Link register
+ DWORD Ctr; // Count register
+
+ //
+ // The flags values within this flag control the contents of
+ // a CONTEXT record.
+ //
+ // If the context record is used as an input parameter, then
+ // for each portion of the context record controlled by a flag
+ // whose value is set, it is assumed that that portion of the
+ // context record contains valid context. If the context record
+ // is being used to modify a thread's context, then only that
+ // portion of the threads context will be modified.
+ //
+ // If the context record is used as an IN OUT parameter to capture
+ // the context of a thread, then only those portions of the thread's
+ // context corresponding to set flags will be returned.
+ //
+ // The context record is never used as an OUT only parameter.
+ //
+
+ DWORD ContextFlags;
+
+ DWORD Fill[3]; // Pad out to multiple of 16 bytes
+
+ //
+ // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
+ // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
+ // included in CONTEXT_FULL.
+ //
+ DWORD Dr0; // Breakpoint Register 1
+ DWORD Dr1; // Breakpoint Register 2
+ DWORD Dr2; // Breakpoint Register 3
+ DWORD Dr3; // Breakpoint Register 4
+ DWORD Dr4; // Breakpoint Register 5
+ DWORD Dr5; // Breakpoint Register 6
+ DWORD Dr6; // Debug Status Register
+ DWORD Dr7; // Debug Control Register
+
+} CONTEXT, *PCONTEXT;
+
+// end_ntddk end_nthal
+
+
+//
+// Stack frame header
+//
+// Order of appearance in stack frame:
+// Header (six words)
+// Parameters (at least eight words)
+// Local variables
+// Saved GPRs
+// Saved FPRs
+//
+// Minimum alignment is 8 bytes
+
+typedef struct _STACK_FRAME_HEADER { // GPR 1 points here
+ DWORD BackChain; // Addr of previous frame
+ DWORD GlueSaved1; // Used by glue code
+ DWORD GlueSaved2;
+ DWORD Reserved1; // Reserved
+ DWORD Spare1; // Used by tracing, profiling, ...
+ DWORD Spare2;
+
+ DWORD Parameter0; // First 8 parameter words are
+ DWORD Parameter1; // always present
+ DWORD Parameter2;
+ DWORD Parameter3;
+ DWORD Parameter4;
+ DWORD Parameter5;
+ DWORD Parameter6;
+ DWORD Parameter7;
+
+} STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER;
+
+
+VOID
+__jump_unwind (
+ PVOID Fp,
+ PVOID TargetPc
+ );
+
+#endif // defined(_PPC_)
+#define EXCEPTION_NONCONTINUABLE 0x1 // Noncontinuable exception
+#define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters
+
+//
+// Exception record definition.
+//
+
+typedef struct _EXCEPTION_RECORD {
+ /*lint -e18 */ // Don't complain about different definitions
+ DWORD ExceptionCode;
+ /*lint +e18 */ // Resume checking for different definitions
+ DWORD ExceptionFlags;
+ struct _EXCEPTION_RECORD *ExceptionRecord;
+ PVOID ExceptionAddress;
+ DWORD NumberParameters;
+ DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
+ } EXCEPTION_RECORD;
+
+typedef EXCEPTION_RECORD *PEXCEPTION_RECORD;
+
+//
+// Typedef for pointer returned by exception_info()
+//
+
+typedef struct _EXCEPTION_POINTERS {
+ PEXCEPTION_RECORD ExceptionRecord;
+ PCONTEXT ContextRecord;
+} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
+#define PROCESS_TERMINATE (0x0001)
+#define PROCESS_CREATE_THREAD (0x0002)
+#define PROCESS_VM_OPERATION (0x0008)
+#define PROCESS_VM_READ (0x0010)
+#define PROCESS_VM_WRITE (0x0020)
+#define PROCESS_DUP_HANDLE (0x0040)
+#define PROCESS_CREATE_PROCESS (0x0080)
+#define PROCESS_SET_QUOTA (0x0100)
+#define PROCESS_SET_INFORMATION (0x0200)
+#define PROCESS_QUERY_INFORMATION (0x0400)
+#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
+ 0xFFF)
+
+
+#define MAXIMUM_PROCESSORS 32
+
+#define THREAD_TERMINATE (0x0001)
+#define THREAD_SUSPEND_RESUME (0x0002)
+#define THREAD_GET_CONTEXT (0x0008)
+#define THREAD_SET_CONTEXT (0x0010)
+#define THREAD_SET_INFORMATION (0x0020)
+#define THREAD_QUERY_INFORMATION (0x0040)
+#define THREAD_SET_THREAD_TOKEN (0x0080)
+#define THREAD_IMPERSONATE (0x0100)
+#define THREAD_DIRECT_IMPERSONATION (0x0200)
+// begin_ntddk
+
+#define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
+ 0x3FF)
+
+// end_ntddk
+#define TLS_MINIMUM_AVAILABLE 64
+
+typedef struct _NT_TIB {
+ struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
+ PVOID StackBase;
+ PVOID StackLimit;
+ PVOID SubSystemTib;
+ union {
+ PVOID FiberData;
+ DWORD Version;
+ };
+ PVOID ArbitraryUserPointer;
+ struct _NT_TIB *Self;
+} NT_TIB;
+typedef NT_TIB *PNT_TIB;
+#define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1
+#define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost
+#define THREAD_BASE_PRIORITY_MIN -2 // minimum thread base priority boost
+#define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle
+
+typedef struct _QUOTA_LIMITS {
+ DWORD PagedPoolLimit;
+ DWORD NonPagedPoolLimit;
+ DWORD MinimumWorkingSetSize;
+ DWORD MaximumWorkingSetSize;
+ DWORD PagefileLimit;
+ LARGE_INTEGER TimeLimit;
+} QUOTA_LIMITS;
+typedef QUOTA_LIMITS *PQUOTA_LIMITS;
+
+#define EVENT_MODIFY_STATE 0x0002
+#define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
+#define MUTANT_QUERY_STATE 0x0001
+
+#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
+ MUTANT_QUERY_STATE)
+#define SEMAPHORE_MODIFY_STATE 0x0002
+#define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
+#define TIME_ZONE_ID_UNKNOWN 0
+#define TIME_ZONE_ID_STANDARD 1
+#define TIME_ZONE_ID_DAYLIGHT 2
+
+#define PROCESSOR_INTEL_386 386
+#define PROCESSOR_INTEL_486 486
+#define PROCESSOR_INTEL_PENTIUM 586
+#define PROCESSOR_MIPS_R4000 4000
+#define PROCESSOR_ALPHA_21064 21064
+
+#define PROCESSOR_ARCHITECTURE_INTEL 0
+#define PROCESSOR_ARCHITECTURE_MIPS 1
+#define PROCESSOR_ARCHITECTURE_ALPHA 2
+#define PROCESSOR_ARCHITECTURE_PPC 3
+#define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
+
+#define PF_FLOATING_POINT_PRECISION_ERRATA 0
+#define PF_FLOATING_POINT_EMULATED 1
+#define PF_COMPARE_EXCHANGE_DOUBLE 2
+#define PF_MMX_INSTRUCTIONS_AVAILABLE 3
+typedef struct _MEMORY_BASIC_INFORMATION {
+ PVOID BaseAddress;
+ PVOID AllocationBase;
+ DWORD AllocationProtect;
+ DWORD RegionSize;
+ DWORD State;
+ DWORD Protect;
+ DWORD Type;
+} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
+#define SECTION_QUERY 0x0001
+#define SECTION_MAP_WRITE 0x0002
+#define SECTION_MAP_READ 0x0004
+#define SECTION_MAP_EXECUTE 0x0008
+#define SECTION_EXTEND_SIZE 0x0010
+
+#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
+ SECTION_MAP_WRITE | \
+ SECTION_MAP_READ | \
+ SECTION_MAP_EXECUTE | \
+ SECTION_EXTEND_SIZE)
+#define PAGE_NOACCESS 0x01
+#define PAGE_READONLY 0x02
+#define PAGE_READWRITE 0x04
+#define PAGE_WRITECOPY 0x08
+#define PAGE_EXECUTE 0x10
+#define PAGE_EXECUTE_READ 0x20
+#define PAGE_EXECUTE_READWRITE 0x40
+#define PAGE_EXECUTE_WRITECOPY 0x80
+#define PAGE_GUARD 0x100
+#define PAGE_NOCACHE 0x200
+#define MEM_COMMIT 0x1000
+#define MEM_RESERVE 0x2000
+#define MEM_DECOMMIT 0x4000
+#define MEM_RELEASE 0x8000
+#define MEM_FREE 0x10000
+#define MEM_PRIVATE 0x20000
+#define MEM_MAPPED 0x40000
+#define MEM_RESET 0x80000
+#define MEM_TOP_DOWN 0x100000
+#define SEC_FILE 0x800000
+#define SEC_IMAGE 0x1000000
+#define SEC_RESERVE 0x4000000
+#define SEC_COMMIT 0x8000000
+#define SEC_NOCACHE 0x10000000
+#define MEM_IMAGE SEC_IMAGE
+
+//
+// Define access rights to files and directories
+//
+
+//
+// The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
+// devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
+// constants *MUST* always be in sync.
+// The values are redefined in devioctl.h because they must be available to
+// both DOS and NT.
+//
+
+#define FILE_READ_DATA ( 0x0001 ) // file & pipe
+#define FILE_LIST_DIRECTORY ( 0x0001 ) // directory
+
+#define FILE_WRITE_DATA ( 0x0002 ) // file & pipe
+#define FILE_ADD_FILE ( 0x0002 ) // directory
+
+#define FILE_APPEND_DATA ( 0x0004 ) // file
+#define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory
+#define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe
+
+#define FILE_READ_EA ( 0x0008 ) // file & directory
+
+#define FILE_WRITE_EA ( 0x0010 ) // file & directory
+
+#define FILE_EXECUTE ( 0x0020 ) // file
+#define FILE_TRAVERSE ( 0x0020 ) // directory
+
+#define FILE_DELETE_CHILD ( 0x0040 ) // directory
+
+#define FILE_READ_ATTRIBUTES ( 0x0080 ) // all
+
+#define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all
+
+#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
+
+#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
+ FILE_READ_DATA |\
+ FILE_READ_ATTRIBUTES |\
+ FILE_READ_EA |\
+ SYNCHRONIZE)
+
+
+#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
+ FILE_WRITE_DATA |\
+ FILE_WRITE_ATTRIBUTES |\
+ FILE_WRITE_EA |\
+ FILE_APPEND_DATA |\
+ SYNCHRONIZE)
+
+
+#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
+ FILE_READ_ATTRIBUTES |\
+ FILE_EXECUTE |\
+ SYNCHRONIZE)
+
+#define FILE_SHARE_READ 0x00000001
+#define FILE_SHARE_WRITE 0x00000002
+#define FILE_SHARE_DELETE 0x00000004
+#define FILE_ATTRIBUTE_READONLY 0x00000001
+#define FILE_ATTRIBUTE_HIDDEN 0x00000002
+#define FILE_ATTRIBUTE_SYSTEM 0x00000004
+#define FILE_ATTRIBUTE_DIRECTORY 0x00000010
+#define FILE_ATTRIBUTE_ARCHIVE 0x00000020
+#define FILE_ATTRIBUTE_NORMAL 0x00000080
+#define FILE_ATTRIBUTE_TEMPORARY 0x00000100
+#define FILE_ATTRIBUTE_COMPRESSED 0x00000800
+#define FILE_ATTRIBUTE_OFFLINE 0x00001000
+#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
+#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
+#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
+#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
+#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
+#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
+#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
+#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
+#define FILE_ACTION_ADDED 0x00000001
+#define FILE_ACTION_REMOVED 0x00000002
+#define FILE_ACTION_MODIFIED 0x00000003
+#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
+#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
+#define MAILSLOT_NO_MESSAGE ((DWORD)-1)
+#define MAILSLOT_WAIT_FOREVER ((DWORD)-1)
+#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
+#define FILE_CASE_PRESERVED_NAMES 0x00000002
+#define FILE_UNICODE_ON_DISK 0x00000004
+#define FILE_PERSISTENT_ACLS 0x00000008
+#define FILE_FILE_COMPRESSION 0x00000010
+#define FILE_VOLUME_IS_COMPRESSED 0x00008000
+
+//
+// Define the file notification information structure
+//
+
+typedef struct _FILE_NOTIFY_INFORMATION {
+ DWORD NextEntryOffset;
+ DWORD Action;
+ DWORD FileNameLength;
+ WCHAR FileName[1];
+} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
+
+
+//
+// Define segement buffer structure for scatter/gather read/write.
+//
+
+typedef union _FILE_SEGMENT_ELEMENT {
+ PVOID Buffer;
+ DWORDLONG Alignment;
+}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
+
+#define IO_COMPLETION_MODIFY_STATE 0x0002
+#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
+#define DUPLICATE_CLOSE_SOURCE 0x00000001
+#define DUPLICATE_SAME_ACCESS 0x00000002
+typedef PVOID PACCESS_TOKEN;
+typedef PVOID PSECURITY_DESCRIPTOR;
+typedef PVOID PSID;
+////////////////////////////////////////////////////////////////////////
+// //
+// ACCESS MASK //
+// //
+////////////////////////////////////////////////////////////////////////
+
+//
+// Define the access mask as a longword sized structure divided up as
+// follows:
+//
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---------------+---------------+-------------------------------+
+// |G|G|G|G|Res'd|A| StandardRights| SpecificRights |
+// |R|W|E|A| |S| | |
+// +-+-------------+---------------+-------------------------------+
+//
+// typedef struct _ACCESS_MASK {
+// WORD SpecificRights;
+// BYTE StandardRights;
+// BYTE AccessSystemAcl : 1;
+// BYTE Reserved : 3;
+// BYTE GenericAll : 1;
+// BYTE GenericExecute : 1;
+// BYTE GenericWrite : 1;
+// BYTE GenericRead : 1;
+// } ACCESS_MASK;
+// typedef ACCESS_MASK *PACCESS_MASK;
+//
+// but to make life simple for programmer's we'll allow them to specify
+// a desired access mask by simply OR'ing together mulitple single rights
+// and treat an access mask as a DWORD. For example
+//
+// DesiredAccess = DELETE | READ_CONTROL
+//
+// So we'll declare ACCESS_MASK as DWORD
+//
+
+// begin_ntddk begin_nthal begin_ntifs
+typedef DWORD ACCESS_MASK;
+typedef ACCESS_MASK *PACCESS_MASK;
+
+////////////////////////////////////////////////////////////////////////
+// //
+// ACCESS TYPES //
+// //
+////////////////////////////////////////////////////////////////////////
+
+
+// begin_ntddk begin_nthal begin_ntifs
+//
+// The following are masks for the predefined standard access types
+//
+
+#define DELETE (0x00010000L)
+#define READ_CONTROL (0x00020000L)
+#define WRITE_DAC (0x00040000L)
+#define WRITE_OWNER (0x00080000L)
+#define SYNCHRONIZE (0x00100000L)
+
+#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
+
+#define STANDARD_RIGHTS_READ (READ_CONTROL)
+#define STANDARD_RIGHTS_WRITE (READ_CONTROL)
+#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
+
+#define STANDARD_RIGHTS_ALL (0x001F0000L)
+
+#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
+
+//
+// AccessSystemAcl access type
+//
+
+#define ACCESS_SYSTEM_SECURITY (0x01000000L)
+
+//
+// MaximumAllowed access type
+//
+
+#define MAXIMUM_ALLOWED (0x02000000L)
+
+//
+// These are the generic rights.
+//
+
+#define GENERIC_READ (0x80000000L)
+#define GENERIC_WRITE (0x40000000L)
+#define GENERIC_EXECUTE (0x20000000L)
+#define GENERIC_ALL (0x10000000L)
+
+
+//
+// Define the generic mapping array. This is used to denote the
+// mapping of each generic access right to a specific access mask.
+//
+
+typedef struct _GENERIC_MAPPING {
+ ACCESS_MASK GenericRead;
+ ACCESS_MASK GenericWrite;
+ ACCESS_MASK GenericExecute;
+ ACCESS_MASK GenericAll;
+} GENERIC_MAPPING;
+typedef GENERIC_MAPPING *PGENERIC_MAPPING;
+
+
+
+////////////////////////////////////////////////////////////////////////
+// //
+// LUID_AND_ATTRIBUTES //
+// //
+////////////////////////////////////////////////////////////////////////
+//
+//
+
+
+#include <pshpack4.h>
+
+typedef struct _LUID_AND_ATTRIBUTES {
+ LUID Luid;
+ DWORD Attributes;
+ } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
+typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
+typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
+
+#include <poppack.h>
+
+
+////////////////////////////////////////////////////////////////////////
+// //
+// Security Id (SID) //
+// //
+////////////////////////////////////////////////////////////////////////
+//
+//
+// Pictorially the structure of an SID is as follows:
+//
+// 1 1 1 1 1 1
+// 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---------------------------------------------------------------+
+// | SubAuthorityCount |Reserved1 (SBZ)| Revision |
+// +---------------------------------------------------------------+
+// | IdentifierAuthority[0] |
+// +---------------------------------------------------------------+
+// | IdentifierAuthority[1] |
+// +---------------------------------------------------------------+
+// | IdentifierAuthority[2] |
+// +---------------------------------------------------------------+
+// | |
+// +- - - - - - - - SubAuthority[] - - - - - - - - -+
+// | |
+// +---------------------------------------------------------------+
+//
+//
+
+
+// begin_ntifs
+
+#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
+#define SID_IDENTIFIER_AUTHORITY_DEFINED
+typedef struct _SID_IDENTIFIER_AUTHORITY {
+ BYTE Value[6];
+} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
+#endif
+
+
+#ifndef SID_DEFINED
+#define SID_DEFINED
+typedef struct _SID {
+ BYTE Revision;
+ BYTE SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+#ifdef MIDL_PASS
+ [size_is(SubAuthorityCount)] DWORD SubAuthority[*];
+#else // MIDL_PASS
+ DWORD SubAuthority[ANYSIZE_ARRAY];
+#endif // MIDL_PASS
+} SID, *PISID;
+#endif
+
+#define SID_REVISION (1) // Current revision level
+#define SID_MAX_SUB_AUTHORITIES (15)
+#define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6
+ // in a future release.
+
+typedef enum _SID_NAME_USE {
+ SidTypeUser = 1,
+ SidTypeGroup,
+ SidTypeDomain,
+ SidTypeAlias,
+ SidTypeWellKnownGroup,
+ SidTypeDeletedAccount,
+ SidTypeInvalid,
+ SidTypeUnknown
+} SID_NAME_USE, *PSID_NAME_USE;
+
+typedef struct _SID_AND_ATTRIBUTES {
+ PSID Sid;
+ DWORD Attributes;
+ } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
+
+typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
+typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
+
+
+
+/////////////////////////////////////////////////////////////////////////////
+// //
+// Universal well-known SIDs //
+// //
+// Null SID S-1-0-0 //
+// World S-1-1-0 //
+// Local S-1-2-0 //
+// Creator Owner ID S-1-3-0 //
+// Creator Group ID S-1-3-1 //
+// Creator Owner Server ID S-1-3-2 //
+// Creator Group Server ID S-1-3-3 //
+// //
+// (Non-unique IDs) S-1-4 //
+// //
+/////////////////////////////////////////////////////////////////////////////
+
+#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
+#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
+#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
+#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
+
+#define SECURITY_NULL_RID (0x00000000L)
+#define SECURITY_WORLD_RID (0x00000000L)
+#define SECURITY_LOCAL_RID (0X00000000L)
+
+#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
+#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
+
+#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
+
+
+/////////////////////////////////////////////////////////////////////////////
+// //
+// NT well-known SIDs //
+// //
+// NT Authority S-1-5 //
+// Dialup S-1-5-1 //
+// //
+// Network S-1-5-2 //
+// Batch S-1-5-3 //
+// Interactive S-1-5-4 //
+// Service S-1-5-6 //
+// AnonymousLogon S-1-5-7 (aka null logon session) //
+// Proxy S-1-5-8 //
+// ServerLogon S-1-5-8 (aka domain controller account) //
+// //
+// (Logon IDs) S-1-5-5-X-Y //
+// //
+// (NT non-unique IDs) S-1-5-0x15-... //
+// //
+// (Built-in domain) s-1-5-0x20 //
+// //
+/////////////////////////////////////////////////////////////////////////////
+
+
+#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
+
+#define SECURITY_DIALUP_RID (0x00000001L)
+#define SECURITY_NETWORK_RID (0x00000002L)
+#define SECURITY_BATCH_RID (0x00000003L)
+#define SECURITY_INTERACTIVE_RID (0x00000004L)
+#define SECURITY_SERVICE_RID (0x00000006L)
+#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
+#define SECURITY_PROXY_RID (0x00000008L)
+#define SECURITY_SERVER_LOGON_RID (0x00000009L)
+
+#define SECURITY_LOGON_IDS_RID (0x00000005L)
+#define SECURITY_LOGON_IDS_RID_COUNT (3L)
+
+#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
+
+#define SECURITY_NT_NON_UNIQUE (0x00000015L)
+
+#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
+
+
+
+
+
+/////////////////////////////////////////////////////////////////////////////
+// //
+// well-known domain relative sub-authority values (RIDs)... //
+// //
+/////////////////////////////////////////////////////////////////////////////
+
+// Well-known users ...
+
+#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST (0x000001F5L)
+
+
+
+// well-known groups ...
+
+#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
+#define DOMAIN_GROUP_RID_USERS (0x00000201L)
+#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
+
+
+
+
+// well-known aliases ...
+
+#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
+#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
+#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
+
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
+
+#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
+
+
+
+
+
+
+//
+// Allocate the System Luid. The first 1000 LUIDs are reserved.
+// Use #999 here (0x3E7 = 999)
+//
+
+#define SYSTEM_LUID { 0x3E7, 0x0 }
+
+// end_ntifs
+
+////////////////////////////////////////////////////////////////////////
+// //
+// User and Group related SID attributes //
+// //
+////////////////////////////////////////////////////////////////////////
+
+//
+// Group attributes
+//
+
+#define SE_GROUP_MANDATORY (0x00000001L)
+#define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)
+#define SE_GROUP_ENABLED (0x00000004L)
+#define SE_GROUP_OWNER (0x00000008L)
+#define SE_GROUP_LOGON_ID (0xC0000000L)
+
+
+
+//
+// User attributes
+//
+
+// (None yet defined.)
+
+
+
+
+////////////////////////////////////////////////////////////////////////
+// //
+// ACL and ACE //
+// //
+////////////////////////////////////////////////////////////////////////
+
+//
+// Define an ACL and the ACE format. The structure of an ACL header
+// followed by one or more ACEs. Pictorally the structure of an ACL header
+// is as follows:
+//
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +-------------------------------+---------------+---------------+
+// | AclSize | Sbz1 | AclRevision |
+// +-------------------------------+---------------+---------------+
+// | Sbz2 | AceCount |
+// +-------------------------------+-------------------------------+
+//
+// The current AclRevision is defined to be ACL_REVISION.
+//
+// AclSize is the size, in bytes, allocated for the ACL. This includes
+// the ACL header, ACES, and remaining free space in the buffer.
+//
+// AceCount is the number of ACES in the ACL.
+//
+
+// begin_ntddk begin_ntifs
+// This is the *current* ACL revision
+
+#define ACL_REVISION (2)
+
+// This is the history of ACL revisions. Add a new one whenever
+// ACL_REVISION is updated
+
+#define ACL_REVISION1 (1)
+#define ACL_REVISION2 (2)
+#define ACL_REVISION3 (3)
+
+typedef struct _ACL {
+ BYTE AclRevision;
+ BYTE Sbz1;
+ WORD AclSize;
+ WORD AceCount;
+ WORD Sbz2;
+} ACL;
+typedef ACL *PACL;
+
+// end_ntddk
+
+//
+// The structure of an ACE is a common ace header followed by ace type
+// specific data. Pictorally the structure of the common ace header is
+// as follows:
+//
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---------------+-------+-------+---------------+---------------+
+// | AceSize | AceFlags | AceType |
+// +---------------+-------+-------+---------------+---------------+
+//
+// AceType denotes the type of the ace, there are some predefined ace
+// types
+//
+// AceSize is the size, in bytes, of ace.
+//
+// AceFlags are the Ace flags for audit and inheritance, defined shortly.
+
+typedef struct _ACE_HEADER {
+ BYTE AceType;
+ BYTE AceFlags;
+ WORD AceSize;
+} ACE_HEADER;
+typedef ACE_HEADER *PACE_HEADER;
+
+//
+// The following are the predefined ace types that go into the AceType
+// field of an Ace header.
+//
+
+#define ACCESS_ALLOWED_ACE_TYPE (0x0)
+#define ACCESS_DENIED_ACE_TYPE (0x1)
+#define SYSTEM_AUDIT_ACE_TYPE (0x2)
+#define SYSTEM_ALARM_ACE_TYPE (0x3)
+
+//
+// The following are the inherit flags that go into the AceFlags field
+// of an Ace header.
+//
+
+#define OBJECT_INHERIT_ACE (0x1)
+#define CONTAINER_INHERIT_ACE (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE (0x8)
+#define VALID_INHERIT_FLAGS (0xF)
+
+
+// The following are the currently defined ACE flags that go into the
+// AceFlags field of an ACE header. Each ACE type has its own set of
+// AceFlags.
+//
+// SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
+// types to indicate that a message is generated for successful accesses.
+//
+// FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
+// to indicate that a message is generated for failed accesses.
+//
+
+//
+// SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
+//
+// These control the signaling of audit and alarms for success or failure.
+//
+
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG (0x80)
+
+
+//
+// We'll define the structure of the predefined ACE types. Pictorally
+// the structure of the predefined ACE's is as follows:
+//
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---------------+-------+-------+---------------+---------------+
+// | AceFlags | Resd |Inherit| AceSize | AceType |
+// +---------------+-------+-------+---------------+---------------+
+// | Mask |
+// +---------------------------------------------------------------+
+// | |
+// + +
+// | |
+// + Sid +
+// | |
+// + +
+// | |
+// +---------------------------------------------------------------+
+//
+// Mask is the access mask associated with the ACE. This is either the
+// access allowed, access denied, audit, or alarm mask.
+//
+// Sid is the Sid associated with the ACE.
+//
+
+// The following are the four predefined ACE types.
+
+// Examine the AceType field in the Header to determine
+// which structure is appropriate to use for casting.
+
+
+typedef struct _ACCESS_ALLOWED_ACE {
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ DWORD SidStart;
+} ACCESS_ALLOWED_ACE;
+
+typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
+
+typedef struct _ACCESS_DENIED_ACE {
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ DWORD SidStart;
+} ACCESS_DENIED_ACE;
+typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
+
+typedef struct _SYSTEM_AUDIT_ACE {
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ DWORD SidStart;
+} SYSTEM_AUDIT_ACE;
+typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
+
+typedef struct _SYSTEM_ALARM_ACE {
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ DWORD SidStart;
+} SYSTEM_ALARM_ACE;
+typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
+
+// end_ntifs
+
+
+
+//
+// The following declarations are used for setting and querying information
+// about and ACL. First are the various information classes available to
+// the user.
+//
+
+typedef enum _ACL_INFORMATION_CLASS {
+ AclRevisionInformation = 1,
+ AclSizeInformation
+} ACL_INFORMATION_CLASS;
+
+//
+// This record is returned/sent if the user is requesting/setting the
+// AclRevisionInformation
+//
+
+typedef struct _ACL_REVISION_INFORMATION {
+ DWORD AclRevision;
+} ACL_REVISION_INFORMATION;
+typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;
+
+//
+// This record is returned if the user is requesting AclSizeInformation
+//
+
+typedef struct _ACL_SIZE_INFORMATION {
+ DWORD AceCount;
+ DWORD AclBytesInUse;
+ DWORD AclBytesFree;
+} ACL_SIZE_INFORMATION;
+typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;
+
+
+////////////////////////////////////////////////////////////////////////
+// //
+// SECURITY_DESCRIPTOR //
+// //
+////////////////////////////////////////////////////////////////////////
+//
+// Define the Security Descriptor and related data types.
+// This is an opaque data structure.
+//
+
+// begin_ntddk begin_ntifs
+//
+// Current security descriptor revision value
+//
+
+#define SECURITY_DESCRIPTOR_REVISION (1)
+#define SECURITY_DESCRIPTOR_REVISION1 (1)
+
+// end_ntddk
+
+//
+// Minimum length, in bytes, needed to build a security descriptor
+// (NOTE: This must manually be kept consistent with the)
+// (sizeof(SECURITY_DESCRIPTOR) )
+//
+
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
+
+
+typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
+
+#define SE_OWNER_DEFAULTED (0x0001)
+#define SE_GROUP_DEFAULTED (0x0002)
+#define SE_DACL_PRESENT (0x0004)
+#define SE_DACL_DEFAULTED (0x0008)
+#define SE_SACL_PRESENT (0x0010)
+#define SE_SACL_DEFAULTED (0x0020)
+#define SE_SELF_RELATIVE (0x8000)
+
+//
+// Where:
+//
+// SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the
+// SID pointed to by the Owner field was provided by a
+// defaulting mechanism rather than explicitly provided by the
+// original provider of the security descriptor. This may
+// affect the treatment of the SID with respect to inheritence
+// of an owner.
+//
+// SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the
+// SID in the Group field was provided by a defaulting mechanism
+// rather than explicitly provided by the original provider of
+// the security descriptor. This may affect the treatment of
+// the SID with respect to inheritence of a primary group.
+//
+// SE_DACL_PRESENT - This boolean flag, when set, indicates that the
+// security descriptor contains a discretionary ACL. If this
+// flag is set and the Dacl field of the SECURITY_DESCRIPTOR is
+// null, then a null ACL is explicitly being specified.
+//
+// SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the
+// ACL pointed to by the Dacl field was provided by a defaulting
+// mechanism rather than explicitly provided by the original
+// provider of the security descriptor. This may affect the
+// treatment of the ACL with respect to inheritence of an ACL.
+// This flag is ignored if the DaclPresent flag is not set.
+//
+// SE_SACL_PRESENT - This boolean flag, when set, indicates that the
+// security descriptor contains a system ACL pointed to by the
+// Sacl field. If this flag is set and the Sacl field of the
+// SECURITY_DESCRIPTOR is null, then an empty (but present)
+// ACL is being specified.
+//
+// SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the
+// ACL pointed to by the Sacl field was provided by a defaulting
+// mechanism rather than explicitly provided by the original
+// provider of the security descriptor. This may affect the
+// treatment of the ACL with respect to inheritence of an ACL.
+// This flag is ignored if the SaclPresent flag is not set.
+//
+// SE_SELF_RELATIVE - This boolean flag, when set, indicates that the
+// security descriptor is in self-relative form. In this form,
+// all fields of the security descriptor are contiguous in memory
+// and all pointer fields are expressed as offsets from the
+// beginning of the security descriptor. This form is useful
+// for treating security descriptors as opaque data structures
+// for transmission in communication protocol or for storage on
+// secondary media.
+//
+//
+//
+// Pictorially the structure of a security descriptor is as follows:
+//
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---------------------------------------------------------------+
+// | Control |Reserved1 (SBZ)| Revision |
+// +---------------------------------------------------------------+
+// | Owner |
+// +---------------------------------------------------------------+
+// | Group |
+// +---------------------------------------------------------------+
+// | Sacl |
+// +---------------------------------------------------------------+
+// | Dacl |
+// +---------------------------------------------------------------+
+//
+// In general, this data structure should be treated opaquely to ensure future
+// compatibility.
+//
+//
+
+typedef struct _SECURITY_DESCRIPTOR {
+ BYTE Revision;
+ BYTE Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ PSID Owner;
+ PSID Group;
+ PACL Sacl;
+ PACL Dacl;
+ } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
+
+// end_ntifs
+
+// Where:
+//
+// Revision - Contains the revision level of the security
+// descriptor. This allows this structure to be passed between
+// systems or stored on disk even though it is expected to
+// change in the future.
+//
+// Control - A set of flags which qualify the meaning of the
+// security descriptor or individual fields of the security
+// descriptor.
+//
+// Owner - is a pointer to an SID representing an object's owner.
+// If this field is null, then no owner SID is present in the
+// security descriptor. If the security descriptor is in
+// self-relative form, then this field contains an offset to
+// the SID, rather than a pointer.
+//
+// Group - is a pointer to an SID representing an object's primary
+// group. If this field is null, then no primary group SID is
+// present in the security descriptor. If the security descriptor
+// is in self-relative form, then this field contains an offset to
+// the SID, rather than a pointer.
+//
+// Sacl - is a pointer to a system ACL. This field value is only
+// valid if the DaclPresent control flag is set. If the
+// SaclPresent flag is set and this field is null, then a null
+// ACL is specified. If the security descriptor is in
+// self-relative form, then this field contains an offset to
+// the ACL, rather than a pointer.
+//
+// Dacl - is a pointer to a discretionary ACL. This field value is
+// only valid if the DaclPresent control flag is set. If the
+// DaclPresent flag is set and this field is null, then a null
+// ACL (unconditionally granting access) is specified. If the
+// security descriptor is in self-relative form, then this field
+// contains an offset to the ACL, rather than a pointer.
+//
+
+
+
+////////////////////////////////////////////////////////////////////////
+// //
+// Privilege Related Data Structures //
+// //
+////////////////////////////////////////////////////////////////////////
+
+
+// begin_ntddk begin_nthal begin_ntifs
+//
+// Privilege attributes
+//
+
+#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
+#define SE_PRIVILEGE_ENABLED (0x00000002L)
+#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
+
+//
+// Privilege Set Control flags
+//
+
+#define PRIVILEGE_SET_ALL_NECESSARY (1)
+
+//
+// Privilege Set - This is defined for a privilege set of one.
+// If more than one privilege is needed, then this structure
+// will need to be allocated with more space.
+//
+// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET
+// structure (defined in se.h)
+//
+
+typedef struct _PRIVILEGE_SET {
+ DWORD PrivilegeCount;
+ DWORD Control;
+ LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
+ } PRIVILEGE_SET, * PPRIVILEGE_SET;
+
+
+////////////////////////////////////////////////////////////////////////
+// //
+// NT Defined Privileges //
+// //
+////////////////////////////////////////////////////////////////////////
+
+#define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege")
+#define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege")
+#define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege")
+#define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege")
+#define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege")
+#define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege")
+#define SE_TCB_NAME TEXT("SeTcbPrivilege")
+#define SE_SECURITY_NAME TEXT("SeSecurityPrivilege")
+#define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege")
+#define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege")
+#define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege")
+#define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege")
+#define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege")
+#define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege")
+#define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege")
+#define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege")
+#define SE_BACKUP_NAME TEXT("SeBackupPrivilege")
+#define SE_RESTORE_NAME TEXT("SeRestorePrivilege")
+#define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege")
+#define SE_DEBUG_NAME TEXT("SeDebugPrivilege")
+#define SE_AUDIT_NAME TEXT("SeAuditPrivilege")
+#define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege")
+#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
+#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
+
+
+////////////////////////////////////////////////////////////////////
+// //
+// Security Quality Of Service //
+// //
+// //
+////////////////////////////////////////////////////////////////////
+
+// begin_ntddk begin_nthal begin_ntifs
+//
+// Impersonation Level
+//
+// Impersonation level is represented by a pair of bits in Windows.
+// If a new impersonation level is added or lowest value is changed from
+// 0 to something else, fix the Windows CreateFile call.
+//
+
+typedef enum _SECURITY_IMPERSONATION_LEVEL {
+ SecurityAnonymous,
+ SecurityIdentification,
+ SecurityImpersonation,
+ SecurityDelegation
+ } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
+
+#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
+
+#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
+
+
+////////////////////////////////////////////////////////////////////
+// //
+// Token Object Definitions //
+// //
+// //
+////////////////////////////////////////////////////////////////////
+
+
+//
+// Token Specific Access Rights.
+//
+
+#define TOKEN_ASSIGN_PRIMARY (0x0001)
+#define TOKEN_DUPLICATE (0x0002)
+#define TOKEN_IMPERSONATE (0x0004)
+#define TOKEN_QUERY (0x0008)
+#define TOKEN_QUERY_SOURCE (0x0010)
+#define TOKEN_ADJUST_PRIVILEGES (0x0020)
+#define TOKEN_ADJUST_GROUPS (0x0040)
+#define TOKEN_ADJUST_DEFAULT (0x0080)
+
+#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
+ TOKEN_ASSIGN_PRIMARY |\
+ TOKEN_DUPLICATE |\
+ TOKEN_IMPERSONATE |\
+ TOKEN_QUERY |\
+ TOKEN_QUERY_SOURCE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT)
+
+
+#define TOKEN_READ (STANDARD_RIGHTS_READ |\
+ TOKEN_QUERY)
+
+
+#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT)
+
+#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
+
+
+//
+//
+// Token Types
+//
+
+typedef enum _TOKEN_TYPE {
+ TokenPrimary = 1,
+ TokenImpersonation
+ } TOKEN_TYPE;
+typedef TOKEN_TYPE *PTOKEN_TYPE;
+
+
+//
+// Token Information Classes.
+//
+
+
+typedef enum _TOKEN_INFORMATION_CLASS {
+ TokenUser = 1,
+ TokenGroups,
+ TokenPrivileges,
+ TokenOwner,
+ TokenPrimaryGroup,
+ TokenDefaultDacl,
+ TokenSource,
+ TokenType,
+ TokenImpersonationLevel,
+ TokenStatistics
+} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
+// end_ntifs
+
+//
+// Token information class structures
+//
+
+
+typedef struct _TOKEN_USER {
+ SID_AND_ATTRIBUTES User;
+} TOKEN_USER, *PTOKEN_USER;
+
+// begin_ntifs
+
+typedef struct _TOKEN_GROUPS {
+ DWORD GroupCount;
+ SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
+} TOKEN_GROUPS, *PTOKEN_GROUPS;
+
+
+typedef struct _TOKEN_PRIVILEGES {
+ DWORD PrivilegeCount;
+ LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
+} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
+
+// end_ntifs
+
+typedef struct _TOKEN_OWNER {
+ PSID Owner;
+} TOKEN_OWNER, *PTOKEN_OWNER;
+
+
+typedef struct _TOKEN_PRIMARY_GROUP {
+ PSID PrimaryGroup;
+} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
+
+
+typedef struct _TOKEN_DEFAULT_DACL {
+ PACL DefaultDacl;
+} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
+
+
+
+#define TOKEN_SOURCE_LENGTH 8
+
+typedef struct _TOKEN_SOURCE {
+ CHAR SourceName[TOKEN_SOURCE_LENGTH];
+ LUID SourceIdentifier;
+} TOKEN_SOURCE, *PTOKEN_SOURCE;
+
+// end_ntifs
+
+typedef struct _TOKEN_STATISTICS {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LARGE_INTEGER ExpirationTime;
+ TOKEN_TYPE TokenType;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ DWORD DynamicCharged;
+ DWORD DynamicAvailable;
+ DWORD GroupCount;
+ DWORD PrivilegeCount;
+ LUID ModifiedId;
+} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
+
+
+// begin_ntifs
+
+typedef struct _TOKEN_CONTROL {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LUID ModifiedId;
+ TOKEN_SOURCE TokenSource;
+ } TOKEN_CONTROL, *PTOKEN_CONTROL;
+
+//
+// Security Tracking Mode
+//
+
+#define SECURITY_DYNAMIC_TRACKING (TRUE)
+#define SECURITY_STATIC_TRACKING (FALSE)
+
+typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE,
+ * PSECURITY_CONTEXT_TRACKING_MODE;
+
+
+
+//
+// Quality Of Service
+//
+
+typedef struct _SECURITY_QUALITY_OF_SERVICE {
+ DWORD Length;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
+ BOOLEAN EffectiveOnly;
+ } SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE;
+
+
+//
+// Used to represent information related to a thread impersonation
+//
+
+typedef struct _SE_IMPERSONATION_STATE {
+ PACCESS_TOKEN Token;
+ BOOLEAN CopyOnOpen;
+ BOOLEAN EffectiveOnly;
+ SECURITY_IMPERSONATION_LEVEL Level;
+} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
+
+
+typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
+
+#define OWNER_SECURITY_INFORMATION (0X00000001L)
+#define GROUP_SECURITY_INFORMATION (0X00000002L)
+#define DACL_SECURITY_INFORMATION (0X00000004L)
+#define SACL_SECURITY_INFORMATION (0X00000008L)
+
+
+//
+// Image Format
+//
+
+#include "pshpack4.h" // 4 byte packing is the default
+
+#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
+#define IMAGE_OS2_SIGNATURE 0x454E // NE
+#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
+#define IMAGE_VXD_SIGNATURE 0x454C // LE
+#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
+
+#include "pshpack2.h" // 16 bit headers are 2 byte packed
+
+typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
+ WORD e_magic; // Magic number
+ WORD e_cblp; // Bytes on last page of file
+ WORD e_cp; // Pages in file
+ WORD e_crlc; // Relocations
+ WORD e_cparhdr; // Size of header in paragraphs
+ WORD e_minalloc; // Minimum extra paragraphs needed
+ WORD e_maxalloc; // Maximum extra paragraphs needed
+ WORD e_ss; // Initial (relative) SS value
+ WORD e_sp; // Initial SP value
+ WORD e_csum; // Checksum
+ WORD e_ip; // Initial IP value
+ WORD e_cs; // Initial (relative) CS value
+ WORD e_lfarlc; // File address of relocation table
+ WORD e_ovno; // Overlay number
+ WORD e_res[4]; // Reserved words
+ WORD e_oemid; // OEM identifier (for e_oeminfo)
+ WORD e_oeminfo; // OEM information; e_oemid specific
+ WORD e_res2[10]; // Reserved words
+ LONG e_lfanew; // File address of new exe header
+ } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
+
+typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header
+ WORD ne_magic; // Magic number
+ CHAR ne_ver; // Version number
+ CHAR ne_rev; // Revision number
+ WORD ne_enttab; // Offset of Entry Table
+ WORD ne_cbenttab; // Number of bytes in Entry Table
+ LONG ne_crc; // Checksum of whole file
+ WORD ne_flags; // Flag word
+ WORD ne_autodata; // Automatic data segment number
+ WORD ne_heap; // Initial heap allocation
+ WORD ne_stack; // Initial stack allocation
+ LONG ne_csip; // Initial CS:IP setting
+ LONG ne_sssp; // Initial SS:SP setting
+ WORD ne_cseg; // Count of file segments
+ WORD ne_cmod; // Entries in Module Reference Table
+ WORD ne_cbnrestab; // Size of non-resident name table
+ WORD ne_segtab; // Offset of Segment Table
+ WORD ne_rsrctab; // Offset of Resource Table
+ WORD ne_restab; // Offset of resident name table
+ WORD ne_modtab; // Offset of Module Reference Table
+ WORD ne_imptab; // Offset of Imported Names Table
+ LONG ne_nrestab; // Offset of Non-resident Names Table
+ WORD ne_cmovent; // Count of movable entries
+ WORD ne_align; // Segment alignment shift count
+ WORD ne_cres; // Count of resource segments
+ BYTE ne_exetyp; // Target Operating system
+ BYTE ne_flagsothers; // Other .EXE flags
+ WORD ne_pretthunks; // offset to return thunks
+ WORD ne_psegrefbytes; // offset to segment ref. bytes
+ WORD ne_swaparea; // Minimum code swap area size
+ WORD ne_expver; // Expected Windows version number
+ } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;
+
+typedef struct _IMAGE_VXD_HEADER { // Windows VXD header
+ WORD e32_magic; // Magic number
+ BYTE e32_border; // The byte ordering for the VXD
+ BYTE e32_worder; // The word ordering for the VXD
+ DWORD e32_level; // The EXE format level for now = 0
+ WORD e32_cpu; // The CPU type
+ WORD e32_os; // The OS type
+ DWORD e32_ver; // Module version
+ DWORD e32_mflags; // Module flags
+ DWORD e32_mpages; // Module # pages
+ DWORD e32_startobj; // Object # for instruction pointer
+ DWORD e32_eip; // Extended instruction pointer
+ DWORD e32_stackobj; // Object # for stack pointer
+ DWORD e32_esp; // Extended stack pointer
+ DWORD e32_pagesize; // VXD page size
+ DWORD e32_lastpagesize; // Last page size in VXD
+ DWORD e32_fixupsize; // Fixup section size
+ DWORD e32_fixupsum; // Fixup section checksum
+ DWORD e32_ldrsize; // Loader section size
+ DWORD e32_ldrsum; // Loader section checksum
+ DWORD e32_objtab; // Object table offset
+ DWORD e32_objcnt; // Number of objects in module
+ DWORD e32_objmap; // Object page map offset
+ DWORD e32_itermap; // Object iterated data map offset
+ DWORD e32_rsrctab; // Offset of Resource Table
+ DWORD e32_rsrccnt; // Number of resource entries
+ DWORD e32_restab; // Offset of resident name table
+ DWORD e32_enttab; // Offset of Entry Table
+ DWORD e32_dirtab; // Offset of Module Directive Table
+ DWORD e32_dircnt; // Number of module directives
+ DWORD e32_fpagetab; // Offset of Fixup Page Table
+ DWORD e32_frectab; // Offset of Fixup Record Table
+ DWORD e32_impmod; // Offset of Import Module Name Table
+ DWORD e32_impmodcnt; // Number of entries in Import Module Name Table
+ DWORD e32_impproc; // Offset of Import Procedure Name Table
+ DWORD e32_pagesum; // Offset of Per-Page Checksum Table
+ DWORD e32_datapage; // Offset of Enumerated Data Pages
+ DWORD e32_preload; // Number of preload pages
+ DWORD e32_nrestab; // Offset of Non-resident Names Table
+ DWORD e32_cbnrestab; // Size of Non-resident Name Table
+ DWORD e32_nressum; // Non-resident Name Table Checksum
+ DWORD e32_autodata; // Object # for automatic data object
+ DWORD e32_debuginfo; // Offset of the debugging information
+ DWORD e32_debuglen; // The length of the debugging info. in bytes
+ DWORD e32_instpreload; // Number of instance pages in preload section of VXD file
+ DWORD e32_instdemand; // Number of instance pages in demand load section of VXD file
+ DWORD e32_heapsize; // Size of heap - for 16-bit apps
+ BYTE e32_res3[12]; // Reserved words
+ DWORD e32_winresoff;
+ DWORD e32_winreslen;
+ WORD e32_devid; // Device ID for VxD
+ WORD e32_ddkver; // DDK version for VxD
+ } IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER;
+
+#include "poppack.h" // Back to 4 byte packing
+
+//
+// File header format.
+//
+
+typedef struct _IMAGE_FILE_HEADER {
+ WORD Machine;
+ WORD NumberOfSections;
+ DWORD TimeDateStamp;
+ DWORD PointerToSymbolTable;
+ DWORD NumberOfSymbols;
+ WORD SizeOfOptionalHeader;
+ WORD Characteristics;
+} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
+
+#define IMAGE_SIZEOF_FILE_HEADER 20
+
+#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
+#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
+#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
+#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
+#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set
+#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
+#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
+#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
+#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
+#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
+#define IMAGE_FILE_SYSTEM 0x1000 // System File.
+#define IMAGE_FILE_DLL 0x2000 // File is a DLL.
+#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
+#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
+
+#define IMAGE_FILE_MACHINE_UNKNOWN 0
+#define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386.
+#define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian
+#define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian
+#define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian
+#define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP
+#define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian
+
+//
+// Directory format.
+//
+
+typedef struct _IMAGE_DATA_DIRECTORY {
+ DWORD VirtualAddress;
+ DWORD Size;
+} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
+
+#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
+
+//
+// Optional header format.
+//
+
+typedef struct _IMAGE_OPTIONAL_HEADER {
+ //
+ // Standard fields.
+ //
+
+ WORD Magic;
+ BYTE MajorLinkerVersion;
+ BYTE MinorLinkerVersion;
+ DWORD SizeOfCode;
+ DWORD SizeOfInitializedData;
+ DWORD SizeOfUninitializedData;
+ DWORD AddressOfEntryPoint;
+ DWORD BaseOfCode;
+ DWORD BaseOfData;
+
+ //
+ // NT additional fields.
+ //
+
+ DWORD ImageBase;
+ DWORD SectionAlignment;
+ DWORD FileAlignment;
+ WORD MajorOperatingSystemVersion;
+ WORD MinorOperatingSystemVersion;
+ WORD MajorImageVersion;
+ WORD MinorImageVersion;
+ WORD MajorSubsystemVersion;
+ WORD MinorSubsystemVersion;
+ DWORD Win32VersionValue;
+ DWORD SizeOfImage;
+ DWORD SizeOfHeaders;
+ DWORD CheckSum;
+ WORD Subsystem;
+ WORD DllCharacteristics;
+ DWORD SizeOfStackReserve;
+ DWORD SizeOfStackCommit;
+ DWORD SizeOfHeapReserve;
+ DWORD SizeOfHeapCommit;
+ DWORD LoaderFlags;
+ DWORD NumberOfRvaAndSizes;
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
+
+typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
+ WORD Magic;
+ BYTE MajorLinkerVersion;
+ BYTE MinorLinkerVersion;
+ DWORD SizeOfCode;
+ DWORD SizeOfInitializedData;
+ DWORD SizeOfUninitializedData;
+ DWORD AddressOfEntryPoint;
+ DWORD BaseOfCode;
+ DWORD BaseOfData;
+ DWORD BaseOfBss;
+ DWORD GprMask;
+ DWORD CprMask[4];
+ DWORD GpValue;
+} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
+
+#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56
+#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28
+#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224
+
+#define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b
+#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107
+
+typedef struct _IMAGE_NT_HEADERS {
+ DWORD Signature;
+ IMAGE_FILE_HEADER FileHeader;
+ IMAGE_OPTIONAL_HEADER OptionalHeader;
+} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
+
+typedef struct _IMAGE_ROM_HEADERS {
+ IMAGE_FILE_HEADER FileHeader;
+ IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
+} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;
+
+#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
+ ((DWORD)ntheader + \
+ FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \
+ ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \
+ ))
+
+
+// Subsystem Values
+
+#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem.
+#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem.
+#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem.
+#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem.
+#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem.
+#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem.
+#define IMAGE_SUBSYSTEM_RESERVED8 8 // image run in the 8 subsystem.
+
+
+// Directory Entries
+
+#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
+#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
+#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
+#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
+#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
+#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
+#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
+#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String
+#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP)
+#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
+#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
+#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
+#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
+
+//
+// Section header format.
+//
+
+#define IMAGE_SIZEOF_SHORT_NAME 8
+
+typedef struct _IMAGE_SECTION_HEADER {
+ BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
+ union {
+ DWORD PhysicalAddress;
+ DWORD VirtualSize;
+ } Misc;
+ DWORD VirtualAddress;
+ DWORD SizeOfRawData;
+ DWORD PointerToRawData;
+ DWORD PointerToRelocations;
+ DWORD PointerToLinenumbers;
+ WORD NumberOfRelocations;
+ WORD NumberOfLinenumbers;
+ DWORD Characteristics;
+} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
+
+#define IMAGE_SIZEOF_SECTION_HEADER 40
+
+//
+// Section characteristics.
+//
+
+// IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
+// IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
+// IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
+// IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
+#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
+// IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
+
+#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
+#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
+
+#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
+#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
+// IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
+#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
+#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
+// 0x00002000 // Reserved.
+
+// IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
+#define IMAGE_SCN_MEM_FARDATA 0x00008000
+// IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
+#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
+#define IMAGE_SCN_MEM_16BIT 0x00020000
+#define IMAGE_SCN_MEM_LOCKED 0x00040000
+#define IMAGE_SCN_MEM_PRELOAD 0x00080000
+
+#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
+#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
+#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
+#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
+#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
+#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
+#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
+// Unused 0x00800000
+
+#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
+#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
+#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
+#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
+#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
+#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
+#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
+#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
+
+
+//
+// TLS Chaacteristic Flags
+//
+#define IMAGE_SCN_SCALE_INDEX 0x00000001 // Tls index is scaled
+
+#include "pshpack2.h" // Symbols, relocs, and linenumbers are 2 byte packed
+
+//
+// Symbol format.
+//
+
+typedef struct _IMAGE_SYMBOL {
+ union {
+ BYTE ShortName[8];
+ struct {
+ DWORD Short; // if 0, use LongName
+ DWORD Long; // offset into string table
+ } Name;
+ PBYTE LongName[2];
+ } N;
+ DWORD Value;
+ SHORT SectionNumber;
+ WORD Type;
+ BYTE StorageClass;
+ BYTE NumberOfAuxSymbols;
+} IMAGE_SYMBOL;
+typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL;
+
+
+#define IMAGE_SIZEOF_SYMBOL 18
+
+//
+// Section values.
+//
+// Symbols have a section number of the section in which they are
+// defined. Otherwise, section numbers have the following meanings:
+//
+
+#define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common.
+#define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value.
+#define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item.
+
+//
+// Type (fundamental) values.
+//
+
+#define IMAGE_SYM_TYPE_NULL 0x0000 // no type.
+#define IMAGE_SYM_TYPE_VOID 0x0001 //
+#define IMAGE_SYM_TYPE_CHAR 0x0002 // type character.
+#define IMAGE_SYM_TYPE_SHORT 0x0003 // type short integer.
+#define IMAGE_SYM_TYPE_INT 0x0004 //
+#define IMAGE_SYM_TYPE_LONG 0x0005 //
+#define IMAGE_SYM_TYPE_FLOAT 0x0006 //
+#define IMAGE_SYM_TYPE_DOUBLE 0x0007 //
+#define IMAGE_SYM_TYPE_STRUCT 0x0008 //
+#define IMAGE_SYM_TYPE_UNION 0x0009 //
+#define IMAGE_SYM_TYPE_ENUM 0x000A // enumeration.
+#define IMAGE_SYM_TYPE_MOE 0x000B // member of enumeration.
+#define IMAGE_SYM_TYPE_BYTE 0x000C //
+#define IMAGE_SYM_TYPE_WORD 0x000D //
+#define IMAGE_SYM_TYPE_UINT 0x000E //
+#define IMAGE_SYM_TYPE_DWORD 0x000F //
+#define IMAGE_SYM_TYPE_PCODE 0x8000 //
+
+//
+// Type (derived) values.
+//
+
+#define IMAGE_SYM_DTYPE_NULL 0 // no derived type.
+#define IMAGE_SYM_DTYPE_POINTER 1 // pointer.
+#define IMAGE_SYM_DTYPE_FUNCTION 2 // function.
+#define IMAGE_SYM_DTYPE_ARRAY 3 // array.
+
+//
+// Storage classes.
+//
+
+#define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1
+#define IMAGE_SYM_CLASS_NULL 0x0000
+#define IMAGE_SYM_CLASS_AUTOMATIC 0x0001
+#define IMAGE_SYM_CLASS_EXTERNAL 0x0002
+#define IMAGE_SYM_CLASS_STATIC 0x0003
+#define IMAGE_SYM_CLASS_REGISTER 0x0004
+#define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005
+#define IMAGE_SYM_CLASS_LABEL 0x0006
+#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007
+#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008
+#define IMAGE_SYM_CLASS_ARGUMENT 0x0009
+#define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A
+#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B
+#define IMAGE_SYM_CLASS_UNION_TAG 0x000C
+#define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D
+#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E
+#define IMAGE_SYM_CLASS_ENUM_TAG 0x000F
+#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010
+#define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011
+#define IMAGE_SYM_CLASS_BIT_FIELD 0x0012
+
+#define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 //
+
+#define IMAGE_SYM_CLASS_BLOCK 0x0064
+#define IMAGE_SYM_CLASS_FUNCTION 0x0065
+#define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066
+#define IMAGE_SYM_CLASS_FILE 0x0067
+// new
+#define IMAGE_SYM_CLASS_SECTION 0x0068
+#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069
+
+// type packing constants
+
+#define N_BTMASK 0x000F
+#define N_TMASK 0x0030
+#define N_TMASK1 0x00C0
+#define N_TMASK2 0x00F0
+#define N_BTSHFT 4
+#define N_TSHIFT 2
+
+// MACROS
+
+// Basic Type of x
+#define BTYPE(x) ((x) & N_BTMASK)
+
+// Is x a pointer?
+#ifndef ISPTR
+#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT))
+#endif
+
+// Is x a function?
+#ifndef ISFCN
+#define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT))
+#endif
+
+// Is x an array?
+
+#ifndef ISARY
+#define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT))
+#endif
+
+// Is x a structure, union, or enumeration TAG?
+#ifndef ISTAG
+#define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG || (x)==IMAGE_SYM_CLASS_UNION_TAG || (x)==IMAGE_SYM_CLASS_ENUM_TAG)
+#endif
+
+#ifndef INCREF
+#define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)|((x)&N_BTMASK))
+#endif
+#ifndef DECREF
+#define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK))
+#endif
+
+//
+// Auxiliary entry format.
+//
+
+typedef union _IMAGE_AUX_SYMBOL {
+ struct {
+ DWORD TagIndex; // struct, union, or enum tag index
+ union {
+ struct {
+ WORD Linenumber; // declaration line number
+ WORD Size; // size of struct, union, or enum
+ } LnSz;
+ DWORD TotalSize;
+ } Misc;
+ union {
+ struct { // if ISFCN, tag, or .bb
+ DWORD PointerToLinenumber;
+ DWORD PointerToNextFunction;
+ } Function;
+ struct { // if ISARY, up to 4 dimen.
+ WORD Dimension[4];
+ } Array;
+ } FcnAry;
+ WORD TvIndex; // tv index
+ } Sym;
+ struct {
+ BYTE Name[IMAGE_SIZEOF_SYMBOL];
+ } File;
+ struct {
+ DWORD Length; // section length
+ WORD NumberOfRelocations; // number of relocation entries
+ WORD NumberOfLinenumbers; // number of line numbers
+ DWORD CheckSum; // checksum for communal
+ SHORT Number; // section number to associate with
+ BYTE Selection; // communal selection type
+ } Section;
+} IMAGE_AUX_SYMBOL;
+typedef IMAGE_AUX_SYMBOL UNALIGNED *PIMAGE_AUX_SYMBOL;
+
+#define IMAGE_SIZEOF_AUX_SYMBOL 18
+
+//
+// Communal selection types.
+//
+
+#define IMAGE_COMDAT_SELECT_NODUPLICATES 1
+#define IMAGE_COMDAT_SELECT_ANY 2
+#define IMAGE_COMDAT_SELECT_SAME_SIZE 3
+#define IMAGE_COMDAT_SELECT_EXACT_MATCH 4
+#define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5
+#define IMAGE_COMDAT_SELECT_LARGEST 6
+#define IMAGE_COMDAT_SELECT_NEWEST 7
+
+#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1
+#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2
+#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3
+
+//
+// Relocation format.
+//
+
+typedef struct _IMAGE_RELOCATION {
+ union {
+ DWORD VirtualAddress;
+ DWORD RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set
+ };
+ DWORD SymbolTableIndex;
+ WORD Type;
+} IMAGE_RELOCATION;
+typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION;
+
+#define IMAGE_SIZEOF_RELOCATION 10
+
+//
+// I386 relocation types.
+//
+
+#define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
+#define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address
+#define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address
+#define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address
+#define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included
+#define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address
+#define IMAGE_REL_I386_SECTION 0x000A
+#define IMAGE_REL_I386_SECREL 0x000B
+#define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address
+
+//
+// MIPS relocation types.
+//
+
+#define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
+#define IMAGE_REL_MIPS_REFHALF 0x0001
+#define IMAGE_REL_MIPS_REFWORD 0x0002
+#define IMAGE_REL_MIPS_JMPADDR 0x0003
+#define IMAGE_REL_MIPS_REFHI 0x0004
+#define IMAGE_REL_MIPS_REFLO 0x0005
+#define IMAGE_REL_MIPS_GPREL 0x0006
+#define IMAGE_REL_MIPS_LITERAL 0x0007
+#define IMAGE_REL_MIPS_SECTION 0x000A
+#define IMAGE_REL_MIPS_SECREL 0x000B
+#define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS)
+#define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS)
+#define IMAGE_REL_MIPS_REFWORDNB 0x0022
+#define IMAGE_REL_MIPS_PAIR 0x0025
+
+//
+// Alpha Relocation types.
+//
+
+#define IMAGE_REL_ALPHA_ABSOLUTE 0x0000
+#define IMAGE_REL_ALPHA_REFLONG 0x0001
+#define IMAGE_REL_ALPHA_REFQUAD 0x0002
+#define IMAGE_REL_ALPHA_GPREL32 0x0003
+#define IMAGE_REL_ALPHA_LITERAL 0x0004
+#define IMAGE_REL_ALPHA_LITUSE 0x0005
+#define IMAGE_REL_ALPHA_GPDISP 0x0006
+#define IMAGE_REL_ALPHA_BRADDR 0x0007
+#define IMAGE_REL_ALPHA_HINT 0x0008
+#define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009
+#define IMAGE_REL_ALPHA_REFHI 0x000A
+#define IMAGE_REL_ALPHA_REFLO 0x000B
+#define IMAGE_REL_ALPHA_PAIR 0x000C
+#define IMAGE_REL_ALPHA_MATCH 0x000D
+#define IMAGE_REL_ALPHA_SECTION 0x000E
+#define IMAGE_REL_ALPHA_SECREL 0x000F
+#define IMAGE_REL_ALPHA_REFLONGNB 0x0010
+#define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference
+#define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference
+
+//
+// IBM PowerPC relocation types.
+//
+
+#define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP
+#define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address
+#define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address
+#define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute)
+#define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address
+#define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword)
+#define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative)
+#define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative)
+#define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base
+#define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword)
+
+#define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base
+#define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr)
+#define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number
+#define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code
+#define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction
+#define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits)
+#define IMAGE_REL_PPC_REFHI 0x0010
+#define IMAGE_REL_PPC_REFLO 0x0011
+#define IMAGE_REL_PPC_PAIR 0x0012
+#define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS)
+#define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS)
+
+#define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type
+
+// Flag bits in IMAGE_RELOCATION.TYPE
+
+#define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it
+#define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken
+#define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken
+#define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc)
+
+//
+// Line number format.
+//
+
+typedef struct _IMAGE_LINENUMBER {
+ union {
+ DWORD SymbolTableIndex; // Symbol table index of function name if Linenumber is 0.
+ DWORD VirtualAddress; // Virtual address of line number.
+ } Type;
+ WORD Linenumber; // Line number.
+} IMAGE_LINENUMBER;
+typedef IMAGE_LINENUMBER UNALIGNED *PIMAGE_LINENUMBER;
+
+#define IMAGE_SIZEOF_LINENUMBER 6
+
+#include "poppack.h" // Back to 4 byte packing
+
+//
+// Based relocation format.
+//
+
+typedef struct _IMAGE_BASE_RELOCATION {
+ DWORD VirtualAddress;
+ DWORD SizeOfBlock;
+// WORD TypeOffset[1];
+} IMAGE_BASE_RELOCATION;
+typedef IMAGE_BASE_RELOCATION UNALIGNED * PIMAGE_BASE_RELOCATION;
+
+#define IMAGE_SIZEOF_BASE_RELOCATION 8
+
+//
+// Based relocation types.
+//
+
+#define IMAGE_REL_BASED_ABSOLUTE 0
+#define IMAGE_REL_BASED_HIGH 1
+#define IMAGE_REL_BASED_LOW 2
+#define IMAGE_REL_BASED_HIGHLOW 3
+#define IMAGE_REL_BASED_HIGHADJ 4
+#define IMAGE_REL_BASED_MIPS_JMPADDR 5
+#define IMAGE_REL_BASED_SECTION 6
+#define IMAGE_REL_BASED_REL32 7
+
+//
+// Archive format.
+//
+
+#define IMAGE_ARCHIVE_START_SIZE 8
+#define IMAGE_ARCHIVE_START "!<arch>\n"
+#define IMAGE_ARCHIVE_END "`\n"
+#define IMAGE_ARCHIVE_PAD "\n"
+#define IMAGE_ARCHIVE_LINKER_MEMBER "/ "
+#define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// "
+
+typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER {
+ BYTE Name[16]; // File member name - `/' terminated.
+ BYTE Date[12]; // File member date - decimal.
+ BYTE UserID[6]; // File member user id - decimal.
+ BYTE GroupID[6]; // File member group id - decimal.
+ BYTE Mode[8]; // File member mode - octal.
+ BYTE Size[10]; // File member size - decimal.
+ BYTE EndHeader[2]; // String to end header.
+} IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER;
+
+#define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60
+
+//
+// DLL support.
+//
+
+//
+// Export Format
+//
+
+typedef struct _IMAGE_EXPORT_DIRECTORY {
+ DWORD Characteristics;
+ DWORD TimeDateStamp;
+ WORD MajorVersion;
+ WORD MinorVersion;
+ DWORD Name;
+ DWORD Base;
+ DWORD NumberOfFunctions;
+ DWORD NumberOfNames;
+ PDWORD *AddressOfFunctions;
+ PDWORD *AddressOfNames;
+ PWORD *AddressOfNameOrdinals;
+} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
+
+//
+// Import Format
+//
+
+typedef struct _IMAGE_IMPORT_BY_NAME {
+ WORD Hint;
+ BYTE Name[1];
+} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;
+
+typedef struct _IMAGE_THUNK_DATA {
+ union {
+ PBYTE ForwarderString;
+ PDWORD Function;
+ DWORD Ordinal;
+ PIMAGE_IMPORT_BY_NAME AddressOfData;
+ } u1;
+} IMAGE_THUNK_DATA;
+typedef IMAGE_THUNK_DATA * PIMAGE_THUNK_DATA;
+
+#define IMAGE_ORDINAL_FLAG 0x80000000
+#define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0)
+#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
+
+typedef struct _IMAGE_IMPORT_DESCRIPTOR {
+ union {
+ DWORD Characteristics; // 0 for terminating null import descriptor
+ PIMAGE_THUNK_DATA OriginalFirstThunk; // RVA to original unbound IAT
+ };
+ DWORD TimeDateStamp; // 0 if not bound,
+ // -1 if bound, and real date\time stamp
+ // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
+ // O.W. date/time stamp of DLL bound to (Old BIND)
+
+ DWORD ForwarderChain; // -1 if no forwarders
+ DWORD Name;
+ PIMAGE_THUNK_DATA FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
+} IMAGE_IMPORT_DESCRIPTOR;
+typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR;
+
+//
+// New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ]
+//
+
+typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR {
+ DWORD TimeDateStamp;
+ WORD OffsetModuleName;
+ WORD NumberOfModuleForwarderRefs;
+// Array of zero or more IMAGE_BOUND_FORWARDER_REF follows
+} IMAGE_BOUND_IMPORT_DESCRIPTOR, *PIMAGE_BOUND_IMPORT_DESCRIPTOR;
+
+typedef struct _IMAGE_BOUND_FORWARDER_REF {
+ DWORD TimeDateStamp;
+ WORD OffsetModuleName;
+ WORD Reserved;
+} IMAGE_BOUND_FORWARDER_REF, *PIMAGE_BOUND_FORWARDER_REF;
+
+
+//
+// Thread Local Storage
+//
+
+typedef VOID
+(NTAPI *PIMAGE_TLS_CALLBACK) (
+ PVOID DllHandle,
+ DWORD Reason,
+ PVOID Reserved
+ );
+
+typedef struct _IMAGE_TLS_DIRECTORY {
+ DWORD StartAddressOfRawData;
+ DWORD EndAddressOfRawData;
+ PDWORD AddressOfIndex;
+ PIMAGE_TLS_CALLBACK *AddressOfCallBacks;
+ DWORD SizeOfZeroFill;
+ DWORD Characteristics;
+} IMAGE_TLS_DIRECTORY, *PIMAGE_TLS_DIRECTORY;
+
+
+//
+// Resource Format.
+//
+
+//
+// Resource directory consists of two counts, following by a variable length
+// array of directory entries. The first count is the number of entries at
+// beginning of the array that have actual names associated with each entry.
+// The entries are in ascending order, case insensitive strings. The second
+// count is the number of entries that immediately follow the named entries.
+// This second count identifies the number of entries that have 16-bit integer
+// Ids as their name. These entries are also sorted in ascending order.
+//
+// This structure allows fast lookup by either name or number, but for any
+// given resource entry only one form of lookup is supported, not both.
+// This is consistant with the syntax of the .RC file and the .RES file.
+//
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY {
+ DWORD Characteristics;
+ DWORD TimeDateStamp;
+ WORD MajorVersion;
+ WORD MinorVersion;
+ WORD NumberOfNamedEntries;
+ WORD NumberOfIdEntries;
+// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[];
+} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
+
+#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
+#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
+
+//
+// Each directory contains the 32-bit Name of the entry and an offset,
+// relative to the beginning of the resource directory of the data associated
+// with this directory entry. If the name of the entry is an actual text
+// string instead of an integer Id, then the high order bit of the name field
+// is set to one and the low order 31-bits are an offset, relative to the
+// beginning of the resource directory of the string, which is of type
+// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
+// low-order 16-bits are the integer Id that identify this resource directory
+// entry. If the directory entry is yet another resource directory (i.e. a
+// subdirectory), then the high order bit of the offset field will be
+// set to indicate this. Otherwise the high bit is clear and the offset
+// field points to a resource data entry.
+//
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
+ union {
+ struct {
+ DWORD NameOffset:31;
+ DWORD NameIsString:1;
+ };
+ DWORD Name;
+ WORD Id;
+ };
+ union {
+ DWORD OffsetToData;
+ struct {
+ DWORD OffsetToDirectory:31;
+ DWORD DataIsDirectory:1;
+ };
+ };
+} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
+
+//
+// For resource directory entries that have actual string names, the Name
+// field of the directory entry points to an object of the following type.
+// All of these string objects are stored together after the last resource
+// directory entry and before the first resource data object. This minimizes
+// the impact of these variable length objects on the alignment of the fixed
+// size directory entry objects.
+//
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
+ WORD Length;
+ CHAR NameString[ 1 ];
+} IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
+
+
+typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
+ WORD Length;
+ WCHAR NameString[ 1 ];
+} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
+
+
+//
+// Each resource data entry describes a leaf node in the resource directory
+// tree. It contains an offset, relative to the beginning of the resource
+// directory of the data for the resource, a size field that gives the number
+// of bytes of data at that offset, a CodePage that should be used when
+// decoding code point values within the resource data. Typically for new
+// applications the code page would be the unicode code page.
+//
+
+typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
+ DWORD OffsetToData;
+ DWORD Size;
+ DWORD CodePage;
+ DWORD Reserved;
+} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
+
+//
+// Load Configuration Directory Entry
+//
+
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY {
+ DWORD Characteristics;
+ DWORD TimeDateStamp;
+ WORD MajorVersion;
+ WORD MinorVersion;
+ DWORD GlobalFlagsClear;
+ DWORD GlobalFlagsSet;
+ DWORD CriticalSectionDefaultTimeout;
+ DWORD DeCommitFreeBlockThreshold;
+ DWORD DeCommitTotalFreeThreshold;
+ PVOID LockPrefixTable;
+ DWORD MaximumAllocationSize;
+ DWORD VirtualMemoryThreshold;
+ DWORD ProcessHeapFlags;
+ DWORD ProcessAffinityMask;
+ DWORD Reserved[ 3 ];
+} IMAGE_LOAD_CONFIG_DIRECTORY, *PIMAGE_LOAD_CONFIG_DIRECTORY;
+
+
+//
+// Function table entry format for MIPS/ALPHA images. Function table is
+// pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry.
+// This definition duplicates ones in ntmips.h and ntalpha.h for use
+// by portable image file mungers.
+//
+
+typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY {
+ DWORD BeginAddress;
+ DWORD EndAddress;
+ PVOID ExceptionHandler;
+ PVOID HandlerData;
+ DWORD PrologEndAddress;
+} IMAGE_RUNTIME_FUNCTION_ENTRY, *PIMAGE_RUNTIME_FUNCTION_ENTRY;
+
+//
+// Debug Format
+//
+
+typedef struct _IMAGE_DEBUG_DIRECTORY {
+ DWORD Characteristics;
+ DWORD TimeDateStamp;
+ WORD MajorVersion;
+ WORD MinorVersion;
+ DWORD Type;
+ DWORD SizeOfData;
+ DWORD AddressOfRawData;
+ DWORD PointerToRawData;
+} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
+
+#define IMAGE_DEBUG_TYPE_UNKNOWN 0
+#define IMAGE_DEBUG_TYPE_COFF 1
+#define IMAGE_DEBUG_TYPE_CODEVIEW 2
+#define IMAGE_DEBUG_TYPE_FPO 3
+#define IMAGE_DEBUG_TYPE_MISC 4
+#define IMAGE_DEBUG_TYPE_EXCEPTION 5
+#define IMAGE_DEBUG_TYPE_FIXUP 6
+#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
+#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
+
+
+typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
+ DWORD NumberOfSymbols;
+ DWORD LvaToFirstSymbol;
+ DWORD NumberOfLinenumbers;
+ DWORD LvaToFirstLinenumber;
+ DWORD RvaToFirstByteOfCode;
+ DWORD RvaToLastByteOfCode;
+ DWORD RvaToFirstByteOfData;
+ DWORD RvaToLastByteOfData;
+} IMAGE_COFF_SYMBOLS_HEADER, *PIMAGE_COFF_SYMBOLS_HEADER;
+
+#define FRAME_FPO 0
+#define FRAME_TRAP 1
+#define FRAME_TSS 2
+#define FRAME_NONFPO 3
+
+typedef struct _FPO_DATA {
+ DWORD ulOffStart; // offset 1st byte of function code
+ DWORD cbProcSize; // # bytes in function
+ DWORD cdwLocals; // # bytes in locals/4
+ WORD cdwParams; // # bytes in params/4
+ WORD cbProlog : 8; // # bytes in prolog
+ WORD cbRegs : 3; // # regs saved
+ WORD fHasSEH : 1; // TRUE if SEH in func
+ WORD fUseBP : 1; // TRUE if EBP has been allocated
+ WORD reserved : 1; // reserved for future use
+ WORD cbFrame : 2; // frame type
+} FPO_DATA, *PFPO_DATA;
+#define SIZEOF_RFPO_DATA 16
+
+
+#define IMAGE_DEBUG_MISC_EXENAME 1
+
+typedef struct _IMAGE_DEBUG_MISC {
+ DWORD DataType; // type of misc data, see defines
+ DWORD Length; // total length of record, rounded to four
+ // byte multiple.
+ BOOLEAN Unicode; // TRUE if data is unicode string
+ BYTE Reserved[ 3 ];
+ BYTE Data[ 1 ]; // Actual data
+} IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC;
+
+
+//
+// Function table extracted from MIPS/ALPHA images. Does not contain
+// information needed only for runtime support. Just those fields for
+// each entry needed by a debugger.
+//
+
+typedef struct _IMAGE_FUNCTION_ENTRY {
+ DWORD StartingAddress;
+ DWORD EndingAddress;
+ DWORD EndOfPrologue;
+} IMAGE_FUNCTION_ENTRY, *PIMAGE_FUNCTION_ENTRY;
+
+//
+// Debugging information can be stripped from an image file and placed
+// in a separate .DBG file, whose file name part is the same as the
+// image file name part (e.g. symbols for CMD.EXE could be stripped
+// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
+// flag in the Characteristics field of the file header. The beginning of
+// the .DBG file contains the following structure which captures certain
+// information from the image file. This allows a debug to proceed even if
+// the original image file is not accessable. This header is followed by
+// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
+// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
+// the image file contain file offsets relative to the beginning of the
+// .DBG file.
+//
+// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
+// is left in the image file, but not mapped. This allows a debugger to
+// compute the name of the .DBG file, from the name of the image in the
+// IMAGE_DEBUG_MISC structure.
+//
+
+typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
+ WORD Signature;
+ WORD Flags;
+ WORD Machine;
+ WORD Characteristics;
+ DWORD TimeDateStamp;
+ DWORD CheckSum;
+ DWORD ImageBase;
+ DWORD SizeOfImage;
+ DWORD NumberOfSections;
+ DWORD ExportedNamesSize;
+ DWORD DebugDirectorySize;
+ DWORD SectionAlignment;
+ DWORD Reserved[2];
+} IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
+
+#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
+
+#define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
+#define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
+ // old checksum didn't match.
+
+#include "poppack.h" // Return to the default
+
+//
+// End Image Format
+//
+
+//
+// for move macros
+//
+#include <string.h>
+#define HEAP_NO_SERIALIZE 0x00000001
+#define HEAP_GROWABLE 0x00000002
+#define HEAP_GENERATE_EXCEPTIONS 0x00000004
+#define HEAP_ZERO_MEMORY 0x00000008
+#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
+#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
+#define HEAP_FREE_CHECKING_ENABLED 0x00000040
+#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
+#define HEAP_CREATE_ALIGN_16 0x00010000
+#define HEAP_CREATE_ENABLE_TRACING 0x00020000
+#define HEAP_MAXIMUM_TAG 0x0FFF
+#define HEAP_PSEUDO_TAG_FLAG 0x8000
+#define HEAP_TAG_SHIFT 16
+#define HEAP_MAKE_TAG_FLAGS( b, o ) ((DWORD)((b) + ((o) << 16)))
+
+#define IS_TEXT_UNICODE_ASCII16 0x0001
+#define IS_TEXT_UNICODE_REVERSE_ASCII16 0x0010
+
+#define IS_TEXT_UNICODE_STATISTICS 0x0002
+#define IS_TEXT_UNICODE_REVERSE_STATISTICS 0x0020
+
+#define IS_TEXT_UNICODE_CONTROLS 0x0004
+#define IS_TEXT_UNICODE_REVERSE_CONTROLS 0x0040
+
+#define IS_TEXT_UNICODE_SIGNATURE 0x0008
+#define IS_TEXT_UNICODE_REVERSE_SIGNATURE 0x0080
+
+#define IS_TEXT_UNICODE_ILLEGAL_CHARS 0x0100
+#define IS_TEXT_UNICODE_ODD_LENGTH 0x0200
+#define IS_TEXT_UNICODE_DBCS_LEADBYTE 0x0400
+#define IS_TEXT_UNICODE_NULL_BYTES 0x1000
+
+#define IS_TEXT_UNICODE_UNICODE_MASK 0x000F
+#define IS_TEXT_UNICODE_REVERSE_MASK 0x00F0
+#define IS_TEXT_UNICODE_NOT_UNICODE_MASK 0x0F00
+#define IS_TEXT_UNICODE_NOT_ASCII_MASK 0xF000
+
+#define COMPRESSION_FORMAT_NONE (0x0000)
+#define COMPRESSION_FORMAT_DEFAULT (0x0001)
+#define COMPRESSION_FORMAT_LZNT1 (0x0002)
+#define COMPRESSION_ENGINE_STANDARD (0x0000)
+#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
+#if defined(_M_IX86) || defined(_M_MRX000) || defined(_M_ALPHA)
+
+#if defined(_M_MRX000)
+NTSYSAPI
+DWORD
+NTAPI
+RtlEqualMemory (
+ CONST VOID *Source1,
+ CONST VOID *Source2,
+ DWORD Length
+ );
+
+#else
+#define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length)))
+#endif
+
+#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
+#define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
+#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
+#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
+
+#else // _M_PPC
+
+NTSYSAPI
+DWORD
+NTAPI
+RtlEqualMemory (
+ CONST VOID *Source1,
+ CONST VOID *Source2,
+ DWORD Length
+ );
+
+NTSYSAPI
+VOID
+NTAPI
+RtlCopyMemory (
+ VOID UNALIGNED *Destination,
+ CONST VOID UNALIGNED *Source,
+ DWORD Length
+ );
+
+NTSYSAPI
+VOID
+NTAPI
+RtlCopyMemory32 (
+ VOID UNALIGNED *Destination,
+ CONST VOID UNALIGNED *Source,
+ DWORD Length
+ );
+
+NTSYSAPI
+VOID
+NTAPI
+RtlMoveMemory (
+ VOID UNALIGNED *Destination,
+ CONST VOID UNALIGNED *Source,
+ DWORD Length
+ );
+
+NTSYSAPI
+VOID
+NTAPI
+RtlFillMemory (
+ VOID UNALIGNED *Destination,
+ DWORD Length,
+ BYTE Fill
+ );
+
+NTSYSAPI
+VOID
+NTAPI
+RtlZeroMemory (
+ VOID UNALIGNED *Destination,
+ DWORD Length
+ );
+#endif
+
+typedef struct _MESSAGE_RESOURCE_ENTRY {
+ WORD Length;
+ WORD Flags;
+ BYTE Text[ 1 ];
+} MESSAGE_RESOURCE_ENTRY, *PMESSAGE_RESOURCE_ENTRY;
+
+#define MESSAGE_RESOURCE_UNICODE 0x0001
+
+typedef struct _MESSAGE_RESOURCE_BLOCK {
+ DWORD LowId;
+ DWORD HighId;
+ DWORD OffsetToEntries;
+} MESSAGE_RESOURCE_BLOCK, *PMESSAGE_RESOURCE_BLOCK;
+
+typedef struct _MESSAGE_RESOURCE_DATA {
+ DWORD NumberOfBlocks;
+ MESSAGE_RESOURCE_BLOCK Blocks[ 1 ];
+} MESSAGE_RESOURCE_DATA, *PMESSAGE_RESOURCE_DATA;
+
+
+typedef struct _RTL_CRITICAL_SECTION_DEBUG {
+ WORD Type;
+ WORD CreatorBackTraceIndex;
+ struct _RTL_CRITICAL_SECTION *CriticalSection;
+ LIST_ENTRY ProcessLocksList;
+ DWORD EntryCount;
+ DWORD ContentionCount;
+ DWORD Spare[ 2 ];
+} RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG;
+
+#define RTL_CRITSECT_TYPE 0
+#define RTL_RESOURCE_TYPE 1
+
+typedef struct _RTL_CRITICAL_SECTION {
+ PRTL_CRITICAL_SECTION_DEBUG DebugInfo;
+
+ //
+ // The following three fields control entering and exiting the critical
+ // section for the resource
+ //
+
+ LONG LockCount;
+ LONG RecursionCount;
+ HANDLE OwningThread; // from the thread's ClientId->UniqueThread
+ HANDLE LockSemaphore;
+ DWORD Reserved;
+} RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION;
+#define DLL_PROCESS_ATTACH 1
+#define DLL_THREAD_ATTACH 2
+#define DLL_THREAD_DETACH 3
+#define DLL_PROCESS_DETACH 0
+
+//
+// Defines for the READ flags for Eventlogging
+//
+#define EVENTLOG_SEQUENTIAL_READ 0X0001
+#define EVENTLOG_SEEK_READ 0X0002
+#define EVENTLOG_FORWARDS_READ 0X0004
+#define EVENTLOG_BACKWARDS_READ 0X0008
+
+//
+// The types of events that can be logged.
+//
+#define EVENTLOG_SUCCESS 0X0000
+#define EVENTLOG_ERROR_TYPE 0x0001
+#define EVENTLOG_WARNING_TYPE 0x0002
+#define EVENTLOG_INFORMATION_TYPE 0x0004
+#define EVENTLOG_AUDIT_SUCCESS 0x0008
+#define EVENTLOG_AUDIT_FAILURE 0x0010
+
+//
+// Defines for the WRITE flags used by Auditing for paired events
+// These are not implemented in Product 1
+//
+
+#define EVENTLOG_START_PAIRED_EVENT 0x0001
+#define EVENTLOG_END_PAIRED_EVENT 0x0002
+#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004
+#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008
+#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010
+
+//
+// Structure that defines the header of the Eventlog record. This is the
+// fixed-sized portion before all the variable-length strings, binary
+// data and pad bytes.
+//
+// TimeGenerated is the time it was generated at the client.
+// TimeWritten is the time it was put into the log at the server end.
+//
+
+typedef struct _EVENTLOGRECORD {
+ DWORD Length; // Length of full record
+ DWORD Reserved; // Used by the service
+ DWORD RecordNumber; // Absolute record number
+ DWORD TimeGenerated; // Seconds since 1-1-1970
+ DWORD TimeWritten; // Seconds since 1-1-1970
+ DWORD EventID;
+ WORD EventType;
+ WORD NumStrings;
+ WORD EventCategory;
+ WORD ReservedFlags; // For use with paired events (auditing)
+ DWORD ClosingRecordNumber; // For use with paired events (auditing)
+ DWORD StringOffset; // Offset from beginning of record
+ DWORD UserSidLength;
+ DWORD UserSidOffset;
+ DWORD DataLength;
+ DWORD DataOffset; // Offset from beginning of record
+ //
+ // Then follow:
+ //
+ // WCHAR SourceName[]
+ // WCHAR Computername[]
+ // SID UserSid
+ // WCHAR Strings[]
+ // BYTE Data[]
+ // CHAR Pad[]
+ // DWORD Length;
+ //
+} EVENTLOGRECORD, *PEVENTLOGRECORD;
+
+#define DBG_CONTINUE ((DWORD )0x00010002L)
+#define DBG_TERMINATE_THREAD ((DWORD )0x40010003L)
+#define DBG_TERMINATE_PROCESS ((DWORD )0x40010004L)
+#define DBG_CONTROL_C ((DWORD )0x40010005L)
+#define DBG_CONTROL_BREAK ((DWORD )0x40010008L)
+#define DBG_EXCEPTION_NOT_HANDLED ((DWORD )0x80010001L)
+//
+
+// begin_ntddk begin_nthal
+//
+// Registry Specific Access Rights.
+//
+
+#define KEY_QUERY_VALUE (0x0001)
+#define KEY_SET_VALUE (0x0002)
+#define KEY_CREATE_SUB_KEY (0x0004)
+#define KEY_ENUMERATE_SUB_KEYS (0x0008)
+#define KEY_NOTIFY (0x0010)
+#define KEY_CREATE_LINK (0x0020)
+
+#define KEY_READ ((STANDARD_RIGHTS_READ |\
+ KEY_QUERY_VALUE |\
+ KEY_ENUMERATE_SUB_KEYS |\
+ KEY_NOTIFY) \
+ & \
+ (~SYNCHRONIZE))
+
+
+#define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\
+ KEY_SET_VALUE |\
+ KEY_CREATE_SUB_KEY) \
+ & \
+ (~SYNCHRONIZE))
+
+#define KEY_EXECUTE ((KEY_READ) \
+ & \
+ (~SYNCHRONIZE))
+
+#define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\
+ KEY_QUERY_VALUE |\
+ KEY_SET_VALUE |\
+ KEY_CREATE_SUB_KEY |\
+ KEY_ENUMERATE_SUB_KEYS |\
+ KEY_NOTIFY |\
+ KEY_CREATE_LINK) \
+ & \
+ (~SYNCHRONIZE))
+
+//
+// Open/Create Options
+//
+
+#define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved
+
+#define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved
+ // when system is rebooted
+
+#define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved
+ // when system is rebooted
+
+#define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a
+ // symbolic link
+
+#define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore
+ // special access rules
+ // privilege required
+
+#define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link
+
+#define REG_LEGAL_OPTION \
+ (REG_OPTION_RESERVED |\
+ REG_OPTION_NON_VOLATILE |\
+ REG_OPTION_VOLATILE |\
+ REG_OPTION_CREATE_LINK |\
+ REG_OPTION_BACKUP_RESTORE |\
+ REG_OPTION_OPEN_LINK)
+
+//
+// Key creation/open disposition
+//
+
+#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created
+#define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened
+
+//
+// Key restore flags
+//
+
+#define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile
+#define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush
+#define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive
+
+// end_ntddk end_nthal
+
+//
+// Notify filter values
+//
+#define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child)
+#define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L)
+#define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp
+#define REG_NOTIFY_CHANGE_SECURITY (0x00000008L)
+
+#define REG_LEGAL_CHANGE_FILTER \
+ (REG_NOTIFY_CHANGE_NAME |\
+ REG_NOTIFY_CHANGE_ATTRIBUTES |\
+ REG_NOTIFY_CHANGE_LAST_SET |\
+ REG_NOTIFY_CHANGE_SECURITY)
+
+//
+//
+// Predefined Value Types.
+//
+
+#define REG_NONE ( 0 ) // No value type
+#define REG_SZ ( 1 ) // Unicode nul terminated string
+#define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string
+ // (with environment variable references)
+#define REG_BINARY ( 3 ) // Free form binary
+#define REG_DWORD ( 4 ) // 32-bit number
+#define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD)
+#define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number
+#define REG_LINK ( 6 ) // Symbolic Link (unicode)
+#define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings
+#define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map
+#define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description
+#define REG_RESOURCE_REQUIREMENTS_LIST ( 10 )
+
+// end_ntddk end_nthal
+
+// begin_ntddk begin_nthal
+//
+// Service Types (Bit Mask)
+//
+#define SERVICE_KERNEL_DRIVER 0x00000001
+#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002
+#define SERVICE_ADAPTER 0x00000004
+#define SERVICE_RECOGNIZER_DRIVER 0x00000008
+
+#define SERVICE_DRIVER (SERVICE_KERNEL_DRIVER | \
+ SERVICE_FILE_SYSTEM_DRIVER | \
+ SERVICE_RECOGNIZER_DRIVER)
+
+#define SERVICE_WIN32_OWN_PROCESS 0x00000010
+#define SERVICE_WIN32_SHARE_PROCESS 0x00000020
+#define SERVICE_WIN32 (SERVICE_WIN32_OWN_PROCESS | \
+ SERVICE_WIN32_SHARE_PROCESS)
+
+#define SERVICE_INTERACTIVE_PROCESS 0x00000100
+
+#define SERVICE_TYPE_ALL (SERVICE_WIN32 | \
+ SERVICE_ADAPTER | \
+ SERVICE_DRIVER | \
+ SERVICE_INTERACTIVE_PROCESS)
+
+//
+// Start Type
+//
+
+#define SERVICE_BOOT_START 0x00000000
+#define SERVICE_SYSTEM_START 0x00000001
+#define SERVICE_AUTO_START 0x00000002
+#define SERVICE_DEMAND_START 0x00000003
+#define SERVICE_DISABLED 0x00000004
+
+//
+// Error control type
+//
+#define SERVICE_ERROR_IGNORE 0x00000000
+#define SERVICE_ERROR_NORMAL 0x00000001
+#define SERVICE_ERROR_SEVERE 0x00000002
+#define SERVICE_ERROR_CRITICAL 0x00000003
+
+//
+//
+// Define the registry driver node enumerations
+//
+
+typedef enum _CM_SERVICE_NODE_TYPE {
+ DriverType = SERVICE_KERNEL_DRIVER,
+ FileSystemType = SERVICE_FILE_SYSTEM_DRIVER,
+ Win32ServiceOwnProcess = SERVICE_WIN32_OWN_PROCESS,
+ Win32ServiceShareProcess = SERVICE_WIN32_SHARE_PROCESS,
+ AdapterType = SERVICE_ADAPTER,
+ RecognizerType = SERVICE_RECOGNIZER_DRIVER
+} SERVICE_NODE_TYPE;
+
+typedef enum _CM_SERVICE_LOAD_TYPE {
+ BootLoad = SERVICE_BOOT_START,
+ SystemLoad = SERVICE_SYSTEM_START,
+ AutoLoad = SERVICE_AUTO_START,
+ DemandLoad = SERVICE_DEMAND_START,
+ DisableLoad = SERVICE_DISABLED
+} SERVICE_LOAD_TYPE;
+
+typedef enum _CM_ERROR_CONTROL_TYPE {
+ IgnoreError = SERVICE_ERROR_IGNORE,
+ NormalError = SERVICE_ERROR_NORMAL,
+ SevereError = SERVICE_ERROR_SEVERE,
+ CriticalError = SERVICE_ERROR_CRITICAL
+} SERVICE_ERROR_TYPE;
+
+
+//
+// IOCTL_TAPE_ERASE definitions
+//
+
+#define TAPE_ERASE_SHORT 0L
+#define TAPE_ERASE_LONG 1L
+
+typedef struct _TAPE_ERASE {
+ DWORD Type;
+ BOOLEAN Immediate;
+} TAPE_ERASE, *PTAPE_ERASE;
+
+//
+// IOCTL_TAPE_PREPARE definitions
+//
+
+#define TAPE_LOAD 0L
+#define TAPE_UNLOAD 1L
+#define TAPE_TENSION 2L
+#define TAPE_LOCK 3L
+#define TAPE_UNLOCK 4L
+#define TAPE_FORMAT 5L
+
+typedef struct _TAPE_PREPARE {
+ DWORD Operation;
+ BOOLEAN Immediate;
+} TAPE_PREPARE, *PTAPE_PREPARE;
+
+//
+// IOCTL_TAPE_WRITE_MARKS definitions
+//
+
+#define TAPE_SETMARKS 0L
+#define TAPE_FILEMARKS 1L
+#define TAPE_SHORT_FILEMARKS 2L
+#define TAPE_LONG_FILEMARKS 3L
+
+typedef struct _TAPE_WRITE_MARKS {
+ DWORD Type;
+ DWORD Count;
+ BOOLEAN Immediate;
+} TAPE_WRITE_MARKS, *PTAPE_WRITE_MARKS;
+
+//
+// IOCTL_TAPE_GET_POSITION definitions
+//
+
+#define TAPE_ABSOLUTE_POSITION 0L
+#define TAPE_LOGICAL_POSITION 1L
+#define TAPE_PSEUDO_LOGICAL_POSITION 2L
+
+typedef struct _TAPE_GET_POSITION {
+ DWORD Type;
+ DWORD Partition;
+ LARGE_INTEGER Offset;
+} TAPE_GET_POSITION, *PTAPE_GET_POSITION;
+
+//
+// IOCTL_TAPE_SET_POSITION definitions
+//
+
+#define TAPE_REWIND 0L
+#define TAPE_ABSOLUTE_BLOCK 1L
+#define TAPE_LOGICAL_BLOCK 2L
+#define TAPE_PSEUDO_LOGICAL_BLOCK 3L
+#define TAPE_SPACE_END_OF_DATA 4L
+#define TAPE_SPACE_RELATIVE_BLOCKS 5L
+#define TAPE_SPACE_FILEMARKS 6L
+#define TAPE_SPACE_SEQUENTIAL_FMKS 7L
+#define TAPE_SPACE_SETMARKS 8L
+#define TAPE_SPACE_SEQUENTIAL_SMKS 9L
+
+typedef struct _TAPE_SET_POSITION {
+ DWORD Method;
+ DWORD Partition;
+ LARGE_INTEGER Offset;
+ BOOLEAN Immediate;
+} TAPE_SET_POSITION, *PTAPE_SET_POSITION;
+
+//
+// IOCTL_TAPE_GET_DRIVE_PARAMS definitions
+//
+
+//
+// Definitions for FeaturesLow parameter
+//
+
+#define TAPE_DRIVE_FIXED 0x00000001
+#define TAPE_DRIVE_SELECT 0x00000002
+#define TAPE_DRIVE_INITIATOR 0x00000004
+
+#define TAPE_DRIVE_ERASE_SHORT 0x00000010
+#define TAPE_DRIVE_ERASE_LONG 0x00000020
+#define TAPE_DRIVE_ERASE_BOP_ONLY 0x00000040
+#define TAPE_DRIVE_ERASE_IMMEDIATE 0x00000080
+
+#define TAPE_DRIVE_TAPE_CAPACITY 0x00000100
+#define TAPE_DRIVE_TAPE_REMAINING 0x00000200
+#define TAPE_DRIVE_FIXED_BLOCK 0x00000400
+#define TAPE_DRIVE_VARIABLE_BLOCK 0x00000800
+
+#define TAPE_DRIVE_WRITE_PROTECT 0x00001000
+#define TAPE_DRIVE_EOT_WZ_SIZE 0x00002000
+
+#define TAPE_DRIVE_ECC 0x00010000
+#define TAPE_DRIVE_COMPRESSION 0x00020000
+#define TAPE_DRIVE_PADDING 0x00040000
+#define TAPE_DRIVE_REPORT_SMKS 0x00080000
+
+#define TAPE_DRIVE_GET_ABSOLUTE_BLK 0x00100000
+#define TAPE_DRIVE_GET_LOGICAL_BLK 0x00200000
+#define TAPE_DRIVE_SET_EOT_WZ_SIZE 0x00400000
+
+#define TAPE_DRIVE_EJECT_MEDIA 0x01000000
+
+#define TAPE_DRIVE_RESERVED_BIT 0x80000000 //don't use this bit!
+// //can't be a low features bit!
+// //reserved; high features only
+
+//
+// Definitions for FeaturesHigh parameter
+//
+
+#define TAPE_DRIVE_LOAD_UNLOAD 0x80000001
+#define TAPE_DRIVE_TENSION 0x80000002
+#define TAPE_DRIVE_LOCK_UNLOCK 0x80000004
+#define TAPE_DRIVE_REWIND_IMMEDIATE 0x80000008
+
+#define TAPE_DRIVE_SET_BLOCK_SIZE 0x80000010
+#define TAPE_DRIVE_LOAD_UNLD_IMMED 0x80000020
+#define TAPE_DRIVE_TENSION_IMMED 0x80000040
+#define TAPE_DRIVE_LOCK_UNLK_IMMED 0x80000080
+
+#define TAPE_DRIVE_SET_ECC 0x80000100
+#define TAPE_DRIVE_SET_COMPRESSION 0x80000200
+#define TAPE_DRIVE_SET_PADDING 0x80000400
+#define TAPE_DRIVE_SET_REPORT_SMKS 0x80000800
+
+#define TAPE_DRIVE_ABSOLUTE_BLK 0x80001000
+#define TAPE_DRIVE_ABS_BLK_IMMED 0x80002000
+#define TAPE_DRIVE_LOGICAL_BLK 0x80004000
+#define TAPE_DRIVE_LOG_BLK_IMMED 0x80008000
+
+#define TAPE_DRIVE_END_OF_DATA 0x80010000
+#define TAPE_DRIVE_RELATIVE_BLKS 0x80020000
+#define TAPE_DRIVE_FILEMARKS 0x80040000
+#define TAPE_DRIVE_SEQUENTIAL_FMKS 0x80080000
+
+#define TAPE_DRIVE_SETMARKS 0x80100000
+#define TAPE_DRIVE_SEQUENTIAL_SMKS 0x80200000
+#define TAPE_DRIVE_REVERSE_POSITION 0x80400000
+#define TAPE_DRIVE_SPACE_IMMEDIATE 0x80800000
+
+#define TAPE_DRIVE_WRITE_SETMARKS 0x81000000
+#define TAPE_DRIVE_WRITE_FILEMARKS 0x82000000
+#define TAPE_DRIVE_WRITE_SHORT_FMKS 0x84000000
+#define TAPE_DRIVE_WRITE_LONG_FMKS 0x88000000
+
+#define TAPE_DRIVE_WRITE_MARK_IMMED 0x90000000
+#define TAPE_DRIVE_FORMAT 0xA0000000
+#define TAPE_DRIVE_FORMAT_IMMEDIATE 0xC0000000
+#define TAPE_DRIVE_HIGH_FEATURES 0x80000000 //mask for high features flag
+
+typedef struct _TAPE_GET_DRIVE_PARAMETERS {
+ BOOLEAN ECC;
+ BOOLEAN Compression;
+ BOOLEAN DataPadding;
+ BOOLEAN ReportSetmarks;
+ DWORD DefaultBlockSize;
+ DWORD MaximumBlockSize;
+ DWORD MinimumBlockSize;
+ DWORD MaximumPartitionCount;
+ DWORD FeaturesLow;
+ DWORD FeaturesHigh;
+ DWORD EOTWarningZoneSize;
+} TAPE_GET_DRIVE_PARAMETERS, *PTAPE_GET_DRIVE_PARAMETERS;
+
+//
+// IOCTL_TAPE_SET_DRIVE_PARAMETERS definitions
+//
+
+typedef struct _TAPE_SET_DRIVE_PARAMETERS {
+ BOOLEAN ECC;
+ BOOLEAN Compression;
+ BOOLEAN DataPadding;
+ BOOLEAN ReportSetmarks;
+ DWORD EOTWarningZoneSize;
+} TAPE_SET_DRIVE_PARAMETERS, *PTAPE_SET_DRIVE_PARAMETERS;
+
+//
+// IOCTL_TAPE_GET_MEDIA_PARAMETERS definitions
+//
+
+typedef struct _TAPE_GET_MEDIA_PARAMETERS {
+ LARGE_INTEGER Capacity;
+ LARGE_INTEGER Remaining;
+ DWORD BlockSize;
+ DWORD PartitionCount;
+ BOOLEAN WriteProtected;
+} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS;
+
+//
+// IOCTL_TAPE_SET_MEDIA_PARAMETERS definitions
+//
+
+typedef struct _TAPE_SET_MEDIA_PARAMETERS {
+ DWORD BlockSize;
+} TAPE_SET_MEDIA_PARAMETERS, *PTAPE_SET_MEDIA_PARAMETERS;
+
+//
+// IOCTL_TAPE_CREATE_PARTITION definitions
+//
+
+#define TAPE_FIXED_PARTITIONS 0L
+#define TAPE_SELECT_PARTITIONS 1L
+#define TAPE_INITIATOR_PARTITIONS 2L
+
+typedef struct _TAPE_CREATE_PARTITION {
+ DWORD Method;
+ DWORD Count;
+ DWORD Size;
+} TAPE_CREATE_PARTITION, *PTAPE_CREATE_PARTITION;
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _WINNT_ */
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-04 06:04:08 +0200