diff options
author | Adam <you@example.com> | 2020-05-17 05:51:50 +0200 |
---|---|---|
committer | Adam <you@example.com> | 2020-05-17 05:51:50 +0200 |
commit | e611b132f9b8abe35b362e5870b74bce94a1e58e (patch) | |
tree | a5781d2ec0e085eeca33cf350cf878f2efea6fe5 /public/sdk/inc/winnt.h | |
download | NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.gz NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.bz2 NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.lz NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.xz NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.zst NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.zip |
Diffstat (limited to 'public/sdk/inc/winnt.h')
-rw-r--r-- | public/sdk/inc/winnt.h | 5133 |
1 files changed, 5133 insertions, 0 deletions
diff --git a/public/sdk/inc/winnt.h b/public/sdk/inc/winnt.h new file mode 100644 index 000000000..7d308def3 --- /dev/null +++ b/public/sdk/inc/winnt.h @@ -0,0 +1,5133 @@ +/*++ BUILD Version: 0093 Increment this if a change has global effects + +Copyright (c) 1990-1996 Microsoft Corporation + +Module Name: + + winnt.h + +Abstract: + + This module defines the 32-Bit Windows types and constants that are + defined by NT, but exposed through the Win32 API. + +Revision History: + +--*/ + +#ifndef _WINNT_ +#define _WINNT_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <ctype.h> +#define ANYSIZE_ARRAY 1 + +#if defined(_M_MRX000) && !(defined(MIDL_PASS) || defined(RC_INVOKED)) && defined(ENABLE_RESTRICTED) +#define RESTRICTED_POINTER __restrict +#else +#define RESTRICTED_POINTER +#endif + +#if defined(_M_MRX000) || defined(_M_ALPHA) || defined(_M_PPC) +#define UNALIGNED __unaligned +#else +#define UNALIGNED +#endif + + +#if (defined(_M_MRX000) || defined(_M_IX86) || defined(_M_ALPHA) || defined(_M_PPC)) && !defined(MIDL_PASS) +#define DECLSPEC_IMPORT __declspec(dllimport) +#else +#define DECLSPEC_IMPORT +#endif + +typedef void *PVOID; + +#if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED) +#define NTAPI __stdcall +#else +#define _cdecl +#define NTAPI +#endif + +// +// Define API decoration for direct importing system DLL references. +// + +#if !defined(_NTSYSTEM_) +#define NTSYSAPI DECLSPEC_IMPORT +#else +#define NTSYSAPI +#endif + + +// +// Basics +// + +#ifndef VOID +#define VOID void +typedef char CHAR; +typedef short SHORT; +typedef long LONG; +#endif + +// +// UNICODE (Wide Character) types +// + +typedef wchar_t WCHAR; // wc, 16-bit UNICODE character + +typedef WCHAR *PWCHAR; +typedef WCHAR *LPWCH, *PWCH; +typedef CONST WCHAR *LPCWCH, *PCWCH; +typedef WCHAR *NWPSTR; +typedef WCHAR *LPWSTR, *PWSTR; + +typedef CONST WCHAR *LPCWSTR, *PCWSTR; + +// +// ANSI (Multi-byte Character) types +// +typedef CHAR *PCHAR; +typedef CHAR *LPCH, *PCH; + +typedef CONST CHAR *LPCCH, *PCCH; +typedef CHAR *NPSTR; +typedef CHAR *LPSTR, *PSTR; +typedef CONST CHAR *LPCSTR, *PCSTR; + +// +// Neutral ANSI/UNICODE types and macros +// +#ifdef UNICODE // r_winnt + +#ifndef _TCHAR_DEFINED +typedef WCHAR TCHAR, *PTCHAR; +typedef WCHAR TBYTE , *PTBYTE ; +#define _TCHAR_DEFINED +#endif /* !_TCHAR_DEFINED */ + +typedef LPWSTR LPTCH, PTCH; +typedef LPWSTR PTSTR, LPTSTR; +typedef LPCWSTR LPCTSTR; +typedef LPWSTR LP; +#define __TEXT(quote) L##quote // r_winnt + +#else /* UNICODE */ // r_winnt + +#ifndef _TCHAR_DEFINED +typedef char TCHAR, *PTCHAR; +typedef unsigned char TBYTE , *PTBYTE ; +#define _TCHAR_DEFINED +#endif /* !_TCHAR_DEFINED */ + +typedef LPSTR LPTCH, PTCH; +typedef LPSTR PTSTR, LPTSTR; +typedef LPCSTR LPCTSTR; +#define __TEXT(quote) quote // r_winnt + +#endif /* UNICODE */ // r_winnt +#define TEXT(quote) __TEXT(quote) // r_winnt + + +typedef SHORT *PSHORT; +typedef LONG *PLONG; + +#ifdef STRICT +typedef void *HANDLE; +#define DECLARE_HANDLE(name) struct name##__ { int unused; }; typedef struct name##__ *name +#else +typedef PVOID HANDLE; +#define DECLARE_HANDLE(name) typedef HANDLE name +#endif +typedef HANDLE *PHANDLE; + +// +// Flag (bit) fields +// + +typedef BYTE FCHAR; +typedef WORD FSHORT; +typedef DWORD FLONG; + +typedef char CCHAR; +typedef DWORD LCID; +typedef PDWORD PLCID; +typedef WORD LANGID; +/*lint -e624 */ +/*lint +e624 */ +#define APPLICATION_ERROR_MASK 0x20000000 +#define ERROR_SEVERITY_SUCCESS 0x00000000 +#define ERROR_SEVERITY_INFORMATIONAL 0x40000000 +#define ERROR_SEVERITY_WARNING 0x80000000 +#define ERROR_SEVERITY_ERROR 0xC0000000 + +// +// __int64 is only supported by 2.0 and later midl. +// __midl is set by the 2.0 midl and not by 1.0 midl. +// + +#define _DWORDLONG_ +#if (!defined(MIDL_PASS) || defined(__midl)) && (!defined(_M_IX86) || (defined(_INTEGRAL_MAX_BITS) && _INTEGRAL_MAX_BITS >= 64)) +typedef __int64 LONGLONG; +typedef unsigned __int64 DWORDLONG; + +#define MAXLONGLONG (0x7fffffffffffffff) +#else +typedef double LONGLONG; +typedef double DWORDLONG; +#endif + +typedef LONGLONG *PLONGLONG; +typedef DWORDLONG *PDWORDLONG; + +// Update Sequence Number + +typedef LONGLONG USN; + +#if defined(MIDL_PASS) +typedef struct _LARGE_INTEGER { +#else // MIDL_PASS +typedef union _LARGE_INTEGER { + struct { + DWORD LowPart; + LONG HighPart; + }; + struct { + DWORD LowPart; + LONG HighPart; + } u; +#endif //MIDL_PASS + LONGLONG QuadPart; +} LARGE_INTEGER; + +typedef LARGE_INTEGER *PLARGE_INTEGER; + + +#if defined(MIDL_PASS) +typedef struct _ULARGE_INTEGER { +#else // MIDL_PASS +typedef union _ULARGE_INTEGER { + struct { + DWORD LowPart; + DWORD HighPart; + }; + struct { + DWORD LowPart; + DWORD HighPart; + } u; +#endif //MIDL_PASS + DWORDLONG QuadPart; +} ULARGE_INTEGER; + +typedef ULARGE_INTEGER *PULARGE_INTEGER; + +// end_ntminiport end_ntndis end_ntminitape + +// +// Locally Unique Identifier +// + +typedef struct _LUID { + DWORD LowPart; + LONG HighPart; +} LUID, *PLUID; + + +// +// Define operations to logically shift an int64 by 0..31 bits and to multiply +// 32-bits by 32-bits to form a 64-bit product. +// + +#if defined(MIDL_PASS) || defined(RC_INVOKED) + +// +// Midl does not understand inline assembler. Therefore, the Rtl functions +// are used for shifts by 0.31 and multiplies of 32-bits times 32-bits to +// form a 64-bit product. +// + +#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b))) +#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b))) + +#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b)) +#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b)) +#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b)) + +#elif defined(_M_MRX000) + +// +// MIPS uses intrinsic functions to perform shifts by 0..31 and multiplies of +// 32-bits times 32-bits to 64-bits. +// + +#define Int32x32To64 __emul +#define UInt32x32To64 __emulu + +#define Int64ShllMod32 __ll_lshift +#define Int64ShraMod32 __ll_rshift +#define Int64ShrlMod32 __ull_rshift + +#if defined (__cplusplus) +extern "C" { +#endif + +LONGLONG +NTAPI +Int32x32To64 ( + LONG Multiplier, + LONG Multiplicand + ); + +DWORDLONG +NTAPI +UInt32x32To64 ( + DWORD Multiplier, + DWORD Multiplicand + ); + +DWORDLONG +NTAPI +Int64ShllMod32 ( + DWORDLONG Value, + DWORD ShiftCount + ); + +LONGLONG +NTAPI +Int64ShraMod32 ( + LONGLONG Value, + DWORD ShiftCount + ); + +DWORDLONG +NTAPI +Int64ShrlMod32 ( + DWORDLONG Value, + DWORD ShiftCount + ); + +#if defined (__cplusplus) +}; +#endif + +#pragma intrinsic(__emul) +#pragma intrinsic(__emulu) + +#pragma intrinsic(__ll_lshift) +#pragma intrinsic(__ll_rshift) +#pragma intrinsic(__ull_rshift) + +#elif defined(_M_IX86) + +// +// The x86 C compiler understands inline assembler. Therefore, inline functions +// that employ inline assembler are used for shifts of 0..31. The multiplies +// rely on the compiler recognizing the cast of the multiplicand to int64 to +// generate the optimal code inline. +// + +#define Int32x32To64( a, b ) (LONGLONG)((LONGLONG)(LONG)(a) * (LONG)(b)) +#define UInt32x32To64( a, b ) (DWORDLONG)((DWORDLONG)(DWORD)(a) * (DWORD)(b)) + +DWORDLONG +NTAPI +Int64ShllMod32 ( + DWORDLONG Value, + DWORD ShiftCount + ); + +LONGLONG +NTAPI +Int64ShraMod32 ( + LONGLONG Value, + DWORD ShiftCount + ); + +DWORDLONG +NTAPI +Int64ShrlMod32 ( + DWORDLONG Value, + DWORD ShiftCount + ); + +#pragma warning(disable:4035) // re-enable below + +__inline DWORDLONG +NTAPI +Int64ShllMod32 ( + DWORDLONG Value, + DWORD ShiftCount + ) +{ + __asm { + mov ecx, ShiftCount + mov eax, dword ptr [Value] + mov edx, dword ptr [Value+4] + shld edx, eax, cl + shl eax, cl + } +} + +__inline LONGLONG +NTAPI +Int64ShraMod32 ( + LONGLONG Value, + DWORD ShiftCount + ) +{ + __asm { + mov ecx, ShiftCount + mov eax, dword ptr [Value] + mov edx, dword ptr [Value+4] + shrd eax, edx, cl + sar edx, cl + } +} + +__inline DWORDLONG +NTAPI +Int64ShrlMod32 ( + DWORDLONG Value, + DWORD ShiftCount + ) +{ + __asm { + mov ecx, ShiftCount + mov eax, dword ptr [Value] + mov edx, dword ptr [Value+4] + shrd eax, edx, cl + shr edx, cl + } +} + +#pragma warning(default:4035) + +#elif defined(_M_ALPHA) + +// +// Alpha has native 64-bit operations that are just as fast as their 32-bit +// counter parts. Therefore, the int64 data type is used directly to form +// shifts of 0..31 and multiplies of 32-bits times 32-bits to form a 64-bit +// product. +// + +#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b))) +#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b))) + +#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b)) +#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b)) +#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b)) + + +#elif defined(_M_PPC) + +#define Int32x32To64(a, b) ((LONGLONG)((LONG)(a)) * (LONGLONG)((LONG)(b))) +#define UInt32x32To64(a, b) ((DWORDLONG)((DWORD)(a)) * (DWORDLONG)((DWORD)(b))) + +#define Int64ShllMod32(a, b) ((DWORDLONG)(a) << (b)) +#define Int64ShraMod32(a, b) ((LONGLONG)(a) >> (b)) +#define Int64ShrlMod32(a, b) ((DWORDLONG)(a) >> (b)) + +#else + +#error Must define a target architecture. + +#endif + +#define UNICODE_NULL ((WCHAR)0) +typedef BYTE BOOLEAN; +typedef BOOLEAN *PBOOLEAN; +// +// Doubly linked list structure. Can be used as either a list head, or +// as link words. +// + +typedef struct _LIST_ENTRY { + struct _LIST_ENTRY * volatile Flink; + struct _LIST_ENTRY * volatile Blink; +} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY; + +// +// Singly linked list structure. Can be used as either a list head, or +// as link words. +// + +typedef struct _SINGLE_LIST_ENTRY { + struct _SINGLE_LIST_ENTRY *Next; +} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY; + +// +// Base data structures for OLE support +// + +#ifndef GUID_DEFINED +#define GUID_DEFINED + +typedef struct _GUID { // size is 16 + DWORD Data1; + WORD Data2; + WORD Data3; + BYTE Data4[8]; +} GUID; + +#endif // !GUID_DEFINED + +#ifndef __OBJECTID_DEFINED +#define __OBJECTID_DEFINED + +typedef struct _OBJECTID { // size is 20 + GUID Lineage; + DWORD Uniquifier; +} OBJECTID; +#endif // !_OBJECTID_DEFINED + +#define MINCHAR 0x80 +#define MAXCHAR 0x7f +#define MINSHORT 0x8000 +#define MAXSHORT 0x7fff +#define MINLONG 0x80000000 +#define MAXLONG 0x7fffffff +#define MAXBYTE 0xff +#define MAXWORD 0xffff +#define MAXDWORD 0xffffffff +// +// Calculate the byte offset of a field in a structure of type type. +// + +#define FIELD_OFFSET(type, field) ((LONG)&(((type *)0)->field)) + + +// +// Calculate the address of the base of the structure given its type, and an +// address of a field within the structure. +// + +#define CONTAINING_RECORD(address, type, field) ((type *)( \ + (PCHAR)(address) - \ + (PCHAR)(&((type *)0)->field))) + +// +// Language IDs. +// +// The following two combinations of primary language ID and +// sublanguage ID have special semantics: +// +// Primary Language ID Sublanguage ID Result +// ------------------- --------------- ------------------------ +// LANG_NEUTRAL SUBLANG_NEUTRAL Language neutral +// LANG_NEUTRAL SUBLANG_DEFAULT User default language +// LANG_NEUTRAL SUBLANG_SYS_DEFAULT System default language +// + +// +// Primary language IDs. +// + +#define LANG_NEUTRAL 0x00 + +#define LANG_AFRIKAANS 0x36 +#define LANG_ALBANIAN 0x1c +#define LANG_ARABIC 0x01 +#define LANG_BASQUE 0x2d +#define LANG_BELARUSIAN 0x23 +#define LANG_BULGARIAN 0x02 +#define LANG_CATALAN 0x03 +#define LANG_CHINESE 0x04 +#define LANG_CROATIAN 0x1a +#define LANG_CZECH 0x05 +#define LANG_DANISH 0x06 +#define LANG_DUTCH 0x13 +#define LANG_ENGLISH 0x09 +#define LANG_ESTONIAN 0x25 +#define LANG_FAEROESE 0x38 +#define LANG_FARSI 0x29 +#define LANG_FINNISH 0x0b +#define LANG_FRENCH 0x0c +#define LANG_GERMAN 0x07 +#define LANG_GREEK 0x08 +#define LANG_HEBREW 0x0d +#define LANG_HUNGARIAN 0x0e +#define LANG_ICELANDIC 0x0f +#define LANG_INDONESIAN 0x21 +#define LANG_ITALIAN 0x10 +#define LANG_JAPANESE 0x11 +#define LANG_KOREAN 0x12 +#define LANG_LATVIAN 0x26 +#define LANG_LITHUANIAN 0x27 +#define LANG_NORWEGIAN 0x14 +#define LANG_POLISH 0x15 +#define LANG_PORTUGUESE 0x16 +#define LANG_ROMANIAN 0x18 +#define LANG_RUSSIAN 0x19 +#define LANG_SERBIAN 0x1a +#define LANG_SLOVAK 0x1b +#define LANG_SLOVENIAN 0x24 +#define LANG_SPANISH 0x0a +#define LANG_SWEDISH 0x1d +#define LANG_THAI 0x1e +#define LANG_TURKISH 0x1f +#define LANG_UKRAINIAN 0x22 +#define LANG_VIETNAMESE 0x2a + +// +// Sublanguage IDs. +// +// The name immediately following SUBLANG_ dictates which primary +// language ID that sublanguage ID can be combined with to form a +// valid language ID. +// + +#define SUBLANG_NEUTRAL 0x00 // language neutral +#define SUBLANG_DEFAULT 0x01 // user default +#define SUBLANG_SYS_DEFAULT 0x02 // system default + +#define SUBLANG_ARABIC_SAUDI_ARABIA 0x01 // Arabic (Saudi Arabia) +#define SUBLANG_ARABIC_IRAQ 0x02 // Arabic (Iraq) +#define SUBLANG_ARABIC_EGYPT 0x03 // Arabic (Egypt) +#define SUBLANG_ARABIC_LIBYA 0x04 // Arabic (Libya) +#define SUBLANG_ARABIC_ALGERIA 0x05 // Arabic (Algeria) +#define SUBLANG_ARABIC_MOROCCO 0x06 // Arabic (Morocco) +#define SUBLANG_ARABIC_TUNISIA 0x07 // Arabic (Tunisia) +#define SUBLANG_ARABIC_OMAN 0x08 // Arabic (Oman) +#define SUBLANG_ARABIC_YEMEN 0x09 // Arabic (Yemen) +#define SUBLANG_ARABIC_SYRIA 0x0a // Arabic (Syria) +#define SUBLANG_ARABIC_JORDAN 0x0b // Arabic (Jordan) +#define SUBLANG_ARABIC_LEBANON 0x0c // Arabic (Lebanon) +#define SUBLANG_ARABIC_KUWAIT 0x0d // Arabic (Kuwait) +#define SUBLANG_ARABIC_UAE 0x0e // Arabic (U.A.E) +#define SUBLANG_ARABIC_BAHRAIN 0x0f // Arabic (Bahrain) +#define SUBLANG_ARABIC_QATAR 0x10 // Arabic (Qatar) +#define SUBLANG_CHINESE_TRADITIONAL 0x01 // Chinese (Taiwan) +#define SUBLANG_CHINESE_SIMPLIFIED 0x02 // Chinese (PR China) +#define SUBLANG_CHINESE_HONGKONG 0x03 // Chinese (Hong Kong) +#define SUBLANG_CHINESE_SINGAPORE 0x04 // Chinese (Singapore) +#define SUBLANG_DUTCH 0x01 // Dutch +#define SUBLANG_DUTCH_BELGIAN 0x02 // Dutch (Belgian) +#define SUBLANG_ENGLISH_US 0x01 // English (USA) +#define SUBLANG_ENGLISH_UK 0x02 // English (UK) +#define SUBLANG_ENGLISH_AUS 0x03 // English (Australian) +#define SUBLANG_ENGLISH_CAN 0x04 // English (Canadian) +#define SUBLANG_ENGLISH_NZ 0x05 // English (New Zealand) +#define SUBLANG_ENGLISH_EIRE 0x06 // English (Irish) +#define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07 // English (South Africa) +#define SUBLANG_ENGLISH_JAMAICA 0x08 // English (Jamaica) +#define SUBLANG_ENGLISH_CARIBBEAN 0x09 // English (Caribbean) +#define SUBLANG_ENGLISH_BELIZE 0x0a // English (Belize) +#define SUBLANG_ENGLISH_TRINIDAD 0x0b // English (Trinidad) +#define SUBLANG_FRENCH 0x01 // French +#define SUBLANG_FRENCH_BELGIAN 0x02 // French (Belgian) +#define SUBLANG_FRENCH_CANADIAN 0x03 // French (Canadian) +#define SUBLANG_FRENCH_SWISS 0x04 // French (Swiss) +#define SUBLANG_FRENCH_LUXEMBOURG 0x05 // French (Luxembourg) +#define SUBLANG_GERMAN 0x01 // German +#define SUBLANG_GERMAN_SWISS 0x02 // German (Swiss) +#define SUBLANG_GERMAN_AUSTRIAN 0x03 // German (Austrian) +#define SUBLANG_GERMAN_LUXEMBOURG 0x04 // German (Luxembourg) +#define SUBLANG_GERMAN_LIECHTENSTEIN 0x05 // German (Liechtenstein) +#define SUBLANG_ITALIAN 0x01 // Italian +#define SUBLANG_ITALIAN_SWISS 0x02 // Italian (Swiss) +#define SUBLANG_KOREAN 0x01 // Korean (Extended Wansung) +#define SUBLANG_KOREAN_JOHAB 0x02 // Korean (Johab) +#define SUBLANG_NORWEGIAN_BOKMAL 0x01 // Norwegian (Bokmal) +#define SUBLANG_NORWEGIAN_NYNORSK 0x02 // Norwegian (Nynorsk) +#define SUBLANG_PORTUGUESE 0x02 // Portuguese +#define SUBLANG_PORTUGUESE_BRAZILIAN 0x01 // Portuguese (Brazilian) +#define SUBLANG_SERBIAN_LATIN 0x02 // Serbian (Latin) +#define SUBLANG_SERBIAN_CYRILLIC 0x03 // Serbian (Cyrillic) +#define SUBLANG_SPANISH 0x01 // Spanish (Castilian) +#define SUBLANG_SPANISH_MEXICAN 0x02 // Spanish (Mexican) +#define SUBLANG_SPANISH_MODERN 0x03 // Spanish (Modern) +#define SUBLANG_SPANISH_GUATEMALA 0x04 // Spanish (Guatemala) +#define SUBLANG_SPANISH_COSTA_RICA 0x05 // Spanish (Costa Rica) +#define SUBLANG_SPANISH_PANAMA 0x06 // Spanish (Panama) +#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07 // Spanish (Dominican Republic) +#define SUBLANG_SPANISH_VENEZUELA 0x08 // Spanish (Venezuela) +#define SUBLANG_SPANISH_COLOMBIA 0x09 // Spanish (Colombia) +#define SUBLANG_SPANISH_PERU 0x0a // Spanish (Peru) +#define SUBLANG_SPANISH_ARGENTINA 0x0b // Spanish (Argentina) +#define SUBLANG_SPANISH_ECUADOR 0x0c // Spanish (Ecuador) +#define SUBLANG_SPANISH_CHILE 0x0d // Spanish (Chile) +#define SUBLANG_SPANISH_URUGUAY 0x0e // Spanish (Uruguay) +#define SUBLANG_SPANISH_PARAGUAY 0x0f // Spanish (Paraguay) +#define SUBLANG_SPANISH_BOLIVIA 0x10 // Spanish (Bolivia) +#define SUBLANG_SPANISH_EL_SALVADOR 0x11 // Spanish (El Salvador) +#define SUBLANG_SPANISH_HONDURAS 0x12 // Spanish (Honduras) +#define SUBLANG_SPANISH_NICARAGUA 0x13 // Spanish (Nicaragua) +#define SUBLANG_SPANISH_PUERTO_RICO 0x14 // Spanish (Puerto Rico) +#define SUBLANG_SWEDISH 0x01 // Swedish +#define SUBLANG_SWEDISH_FINLAND 0x02 // Swedish (Finland) + +// +// Sorting IDs. +// + +#define SORT_DEFAULT 0x0 // sorting default + +#define SORT_JAPANESE_XJIS 0x0 // Japanese XJIS order +#define SORT_JAPANESE_UNICODE 0x1 // Japanese Unicode order + +#define SORT_CHINESE_BIG5 0x0 // Chinese BIG5 order +#define SORT_CHINESE_PRCP 0x0 // PRC Chinese Phonetic order +#define SORT_CHINESE_UNICODE 0x1 // Chinese Unicode order +#define SORT_CHINESE_PRC 0x2 // PRC Chinese Stroke Count order + +#define SORT_KOREAN_KSC 0x0 // Korean KSC order +#define SORT_KOREAN_UNICODE 0x1 // Korean Unicode order + +#define SORT_GERMAN_PHONE_BOOK 0x1 // German Phone Book order + +// end_r_winnt + +// +// A language ID is a 16 bit value which is the combination of a +// primary language ID and a secondary language ID. The bits are +// allocated as follows: +// +// +-----------------------+-------------------------+ +// | Sublanguage ID | Primary Language ID | +// +-----------------------+-------------------------+ +// 15 10 9 0 bit +// +// +// Language ID creation/extraction macros: +// +// MAKELANGID - construct language id from a primary language id and +// a sublanguage id. +// PRIMARYLANGID - extract primary language id from a language id. +// SUBLANGID - extract sublanguage id from a language id. +// + +#define MAKELANGID(p, s) ((((WORD )(s)) << 10) | (WORD )(p)) +#define PRIMARYLANGID(lgid) ((WORD )(lgid) & 0x3ff) +#define SUBLANGID(lgid) ((WORD )(lgid) >> 10) + + +// +// A locale ID is a 32 bit value which is the combination of a +// language ID, a sort ID, and a reserved area. The bits are +// allocated as follows: +// +// +-------------+---------+-------------------------+ +// | Reserved | Sort ID | Language ID | +// +-------------+---------+-------------------------+ +// 31 20 19 16 15 0 bit +// +// +// Locale ID creation/extraction macros: +// +// MAKELCID - construct locale id from a language id and a sort id. +// LANGIDFROMLCID - extract language id from a locale id. +// SORTIDFROMLCID - extract sort id from a locale id. +// + +#define NLS_VALID_LOCALE_MASK 0x000fffff + +#define MAKELCID(lgid, srtid) ((DWORD)((((DWORD)((WORD )(srtid))) << 16) | \ + ((DWORD)((WORD )(lgid))))) +#define LANGIDFROMLCID(lcid) ((WORD )(lcid)) +#define SORTIDFROMLCID(lcid) ((WORD )((((DWORD)(lcid)) & NLS_VALID_LOCALE_MASK) >> 16)) + + +// +// Default System and User IDs for language and locale. +// + +#define LANG_SYSTEM_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_SYS_DEFAULT)) +#define LANG_USER_DEFAULT (MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT)) + +#define LOCALE_SYSTEM_DEFAULT (MAKELCID(LANG_SYSTEM_DEFAULT, SORT_DEFAULT)) +#define LOCALE_USER_DEFAULT (MAKELCID(LANG_USER_DEFAULT, SORT_DEFAULT)) + +#define LOCALE_NEUTRAL \ + (MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT)) + + +// begin_ntminiport begin_ntndis begin_ntminitape + +// +// Macros used to eliminate compiler warning generated when formal +// parameters or local variables are not declared. +// +// Use DBG_UNREFERENCED_PARAMETER() when a parameter is not yet +// referenced but will be once the module is completely developed. +// +// Use DBG_UNREFERENCED_LOCAL_VARIABLE() when a local variable is not yet +// referenced but will be once the module is completely developed. +// +// Use UNREFERENCED_PARAMETER() if a parameter will never be referenced. +// +// DBG_UNREFERENCED_PARAMETER and DBG_UNREFERENCED_LOCAL_VARIABLE will +// eventually be made into a null macro to help determine whether there +// is unfinished work. +// + +#if ! (defined(lint) || defined(_lint)) +#define UNREFERENCED_PARAMETER(P) (P) +#define DBG_UNREFERENCED_PARAMETER(P) (P) +#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) (V) + +#else // lint or _lint + +// Note: lint -e530 says don't complain about uninitialized variables for +// this. line +e530 turns that checking back on. Error 527 has to do with +// unreachable code. + +#define UNREFERENCED_PARAMETER(P) \ + /*lint -e527 -e530 */ \ + { \ + (P) = (P); \ + } \ + /*lint +e527 +e530 */ +#define DBG_UNREFERENCED_PARAMETER(P) \ + /*lint -e527 -e530 */ \ + { \ + (P) = (P); \ + } \ + /*lint +e527 +e530 */ +#define DBG_UNREFERENCED_LOCAL_VARIABLE(V) \ + /*lint -e527 -e530 */ \ + { \ + (V) = (V); \ + } \ + /*lint +e527 +e530 */ + +#endif // lint or _lint + + +#ifndef WIN32_NO_STATUS +/*lint -save -e767 */ +#define STATUS_WAIT_0 ((DWORD )0x00000000L) +#define STATUS_ABANDONED_WAIT_0 ((DWORD )0x00000080L) +#define STATUS_USER_APC ((DWORD )0x000000C0L) +#define STATUS_TIMEOUT ((DWORD )0x00000102L) +#define STATUS_PENDING ((DWORD )0x00000103L) +#define STATUS_SEGMENT_NOTIFICATION ((DWORD )0x40000005L) +#define STATUS_GUARD_PAGE_VIOLATION ((DWORD )0x80000001L) +#define STATUS_DATATYPE_MISALIGNMENT ((DWORD )0x80000002L) +#define STATUS_BREAKPOINT ((DWORD )0x80000003L) +#define STATUS_SINGLE_STEP ((DWORD )0x80000004L) +#define STATUS_ACCESS_VIOLATION ((DWORD )0xC0000005L) +#define STATUS_IN_PAGE_ERROR ((DWORD )0xC0000006L) +#define STATUS_INVALID_HANDLE ((DWORD )0xC0000008L) +#define STATUS_NO_MEMORY ((DWORD )0xC0000017L) +#define STATUS_ILLEGAL_INSTRUCTION ((DWORD )0xC000001DL) +#define STATUS_NONCONTINUABLE_EXCEPTION ((DWORD )0xC0000025L) +#define STATUS_INVALID_DISPOSITION ((DWORD )0xC0000026L) +#define STATUS_ARRAY_BOUNDS_EXCEEDED ((DWORD )0xC000008CL) +#define STATUS_FLOAT_DENORMAL_OPERAND ((DWORD )0xC000008DL) +#define STATUS_FLOAT_DIVIDE_BY_ZERO ((DWORD )0xC000008EL) +#define STATUS_FLOAT_INEXACT_RESULT ((DWORD )0xC000008FL) +#define STATUS_FLOAT_INVALID_OPERATION ((DWORD )0xC0000090L) +#define STATUS_FLOAT_OVERFLOW ((DWORD )0xC0000091L) +#define STATUS_FLOAT_STACK_CHECK ((DWORD )0xC0000092L) +#define STATUS_FLOAT_UNDERFLOW ((DWORD )0xC0000093L) +#define STATUS_INTEGER_DIVIDE_BY_ZERO ((DWORD )0xC0000094L) +#define STATUS_INTEGER_OVERFLOW ((DWORD )0xC0000095L) +#define STATUS_PRIVILEGED_INSTRUCTION ((DWORD )0xC0000096L) +#define STATUS_STACK_OVERFLOW ((DWORD )0xC00000FDL) +#define STATUS_CONTROL_C_EXIT ((DWORD )0xC000013AL) +/*lint -restore */ +#endif +#define MAXIMUM_WAIT_OBJECTS 64 // Maximum number of wait objects + +#define MAXIMUM_SUSPEND_COUNT MAXCHAR // Maximum times thread can be suspended +typedef DWORD KSPIN_LOCK; + +#ifdef _ALPHA_ // winnt +void *_rdteb(void); // winnt +#if defined(_M_ALPHA) // winnt +#pragma intrinsic(_rdteb) // winnt +#endif // winnt +#endif // winnt + +#if defined(_M_ALPHA) +#define NtCurrentTeb() ((struct _TEB *)_rdteb()) +#else +struct _TEB * +NtCurrentTeb(void); +#endif + +// +// Define function to return the current Thread Environment Block +// + +#ifdef _ALPHA_ + + + +// +// Define functions to get the address of the current fiber and the +// current fiber data. +// + +#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData) +#define GetFiberData() (*(PVOID *)(GetCurrentFiber())) + +// begin_ntddk begin_nthal +// +// The following flags control the contents of the CONTEXT structure. +// + +#if !defined(RC_INVOKED) + +#define CONTEXT_PORTABLE_32BIT 0x00100000 +#define CONTEXT_ALPHA 0x00020000 + +#define CONTEXT_CONTROL (CONTEXT_ALPHA | 0x00000001L) +#define CONTEXT_FLOATING_POINT (CONTEXT_ALPHA | 0x00000002L) +#define CONTEXT_INTEGER (CONTEXT_ALPHA | 0x00000004L) + +#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER) + +#endif + +#ifndef _PORTABLE_32BIT_CONTEXT + +// +// Context Frame +// +// This frame has a several purposes: 1) it is used as an argument to +// NtContinue, 2) it is used to construct a call frame for APC delivery, +// 3) it is used to construct a call frame for exception dispatching +// in user mode, 4) it is used in the user level thread creation +// routines, and 5) it is used to to pass thread state to debuggers. +// +// N.B. Because this record is used as a call frame, it must be EXACTLY +// a multiple of 16 bytes in length. +// +// There are two variations of the context structure. This is the real one. +// + +typedef struct _CONTEXT { + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_FLOATING_POINT. + // + + DWORDLONG FltF0; + DWORDLONG FltF1; + DWORDLONG FltF2; + DWORDLONG FltF3; + DWORDLONG FltF4; + DWORDLONG FltF5; + DWORDLONG FltF6; + DWORDLONG FltF7; + DWORDLONG FltF8; + DWORDLONG FltF9; + DWORDLONG FltF10; + DWORDLONG FltF11; + DWORDLONG FltF12; + DWORDLONG FltF13; + DWORDLONG FltF14; + DWORDLONG FltF15; + DWORDLONG FltF16; + DWORDLONG FltF17; + DWORDLONG FltF18; + DWORDLONG FltF19; + DWORDLONG FltF20; + DWORDLONG FltF21; + DWORDLONG FltF22; + DWORDLONG FltF23; + DWORDLONG FltF24; + DWORDLONG FltF25; + DWORDLONG FltF26; + DWORDLONG FltF27; + DWORDLONG FltF28; + DWORDLONG FltF29; + DWORDLONG FltF30; + DWORDLONG FltF31; + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_INTEGER. + // + // N.B. The registers gp, sp, and ra are defined in this section, but are + // considered part of the control context rather than part of the integer + // context. + // + + DWORDLONG IntV0; // $0: return value register, v0 + DWORDLONG IntT0; // $1: temporary registers, t0 - t7 + DWORDLONG IntT1; // $2: + DWORDLONG IntT2; // $3: + DWORDLONG IntT3; // $4: + DWORDLONG IntT4; // $5: + DWORDLONG IntT5; // $6: + DWORDLONG IntT6; // $7: + DWORDLONG IntT7; // $8: + DWORDLONG IntS0; // $9: nonvolatile registers, s0 - s5 + DWORDLONG IntS1; // $10: + DWORDLONG IntS2; // $11: + DWORDLONG IntS3; // $12: + DWORDLONG IntS4; // $13: + DWORDLONG IntS5; // $14: + DWORDLONG IntFp; // $15: frame pointer register, fp/s6 + DWORDLONG IntA0; // $16: argument registers, a0 - a5 + DWORDLONG IntA1; // $17: + DWORDLONG IntA2; // $18: + DWORDLONG IntA3; // $19: + DWORDLONG IntA4; // $20: + DWORDLONG IntA5; // $21: + DWORDLONG IntT8; // $22: temporary registers, t8 - t11 + DWORDLONG IntT9; // $23: + DWORDLONG IntT10; // $24: + DWORDLONG IntT11; // $25: + DWORDLONG IntRa; // $26: return address register, ra + DWORDLONG IntT12; // $27: temporary register, t12 + DWORDLONG IntAt; // $28: assembler temp register, at + DWORDLONG IntGp; // $29: global pointer register, gp + DWORDLONG IntSp; // $30: stack pointer register, sp + DWORDLONG IntZero; // $31: zero register, zero + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_FLOATING_POINT. + // + + DWORDLONG Fpcr; // floating point control register + DWORDLONG SoftFpcr; // software extension to FPCR + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_CONTROL. + // + // N.B. The registers gp, sp, and ra are defined in the integer section, + // but are considered part of the control context rather than part of + // the integer context. + // + + DWORDLONG Fir; // (fault instruction) continuation address + DWORD Psr; // processor status + + // + // The flags values within this flag control the contents of + // a CONTEXT record. + // + // If the context record is used as an input parameter, then + // for each portion of the context record controlled by a flag + // whose value is set, it is assumed that that portion of the + // context record contains valid context. If the context record + // is being used to modify a thread's context, then only that + // portion of the threads context will be modified. + // + // If the context record is used as an IN OUT parameter to capture + // the context of a thread, then only those portions of the thread's + // context corresponding to set flags will be returned. + // + // The context record is never used as an OUT only parameter. + // + + DWORD ContextFlags; + DWORD Fill[4]; // padding for 16-byte stack frame alignment + +} CONTEXT, *PCONTEXT; + +#else + +// +// 32-bit Context Frame +// +// This alternate version of the Alpha context structure parallels that +// of MIPS and IX86 in style for the first 64 entries: 32-bit machines +// can operate on the fields, and a value declared as a pointer to an +// array of int's can be used to index into the fields. This makes life +// with windbg and ntsd vastly easier. +// +// There are two parts: the first contains the lower 32-bits of each +// element in the 64-bit definition above. The second part contains +// the upper 32-bits of each 64-bit element above. +// +// The names in the first part are identical to the 64-bit names. +// The second part names are prefixed with "High". +// +// 1st half: at 32 bits each, (containing the low parts of 64-bit values) +// 32 floats, 32 ints, fpcrs, fir, psr, contextflags +// 2nd half: at 32 bits each +// 32 floats, 32 ints, fpcrs, fir, fill +// +// There is no external support for the 32-bit version of the context +// structure. It is only used internally by windbg and ntsd. +// +// This structure must be the same size as the 64-bit version above. +// + +typedef struct _CONTEXT { + + DWORD FltF0; + DWORD FltF1; + DWORD FltF2; + DWORD FltF3; + DWORD FltF4; + DWORD FltF5; + DWORD FltF6; + DWORD FltF7; + DWORD FltF8; + DWORD FltF9; + DWORD FltF10; + DWORD FltF11; + DWORD FltF12; + DWORD FltF13; + DWORD FltF14; + DWORD FltF15; + DWORD FltF16; + DWORD FltF17; + DWORD FltF18; + DWORD FltF19; + DWORD FltF20; + DWORD FltF21; + DWORD FltF22; + DWORD FltF23; + DWORD FltF24; + DWORD FltF25; + DWORD FltF26; + DWORD FltF27; + DWORD FltF28; + DWORD FltF29; + DWORD FltF30; + DWORD FltF31; + + DWORD IntV0; // $0: return value register, v0 + DWORD IntT0; // $1: temporary registers, t0 - t7 + DWORD IntT1; // $2: + DWORD IntT2; // $3: + DWORD IntT3; // $4: + DWORD IntT4; // $5: + DWORD IntT5; // $6: + DWORD IntT6; // $7: + DWORD IntT7; // $8: + DWORD IntS0; // $9: nonvolatile registers, s0 - s5 + DWORD IntS1; // $10: + DWORD IntS2; // $11: + DWORD IntS3; // $12: + DWORD IntS4; // $13: + DWORD IntS5; // $14: + DWORD IntFp; // $15: frame pointer register, fp/s6 + DWORD IntA0; // $16: argument registers, a0 - a5 + DWORD IntA1; // $17: + DWORD IntA2; // $18: + DWORD IntA3; // $19: + DWORD IntA4; // $20: + DWORD IntA5; // $21: + DWORD IntT8; // $22: temporary registers, t8 - t11 + DWORD IntT9; // $23: + DWORD IntT10; // $24: + DWORD IntT11; // $25: + DWORD IntRa; // $26: return address register, ra + DWORD IntT12; // $27: temporary register, t12 + DWORD IntAt; // $28: assembler temp register, at + DWORD IntGp; // $29: global pointer register, gp + DWORD IntSp; // $30: stack pointer register, sp + DWORD IntZero; // $31: zero register, zero + + DWORD Fpcr; // floating point control register + DWORD SoftFpcr; // software extension to FPCR + + DWORD Fir; // (fault instruction) continuation address + + DWORD Psr; // processor status + DWORD ContextFlags; + + // + // Beginning of the "second half". + // The name "High" parallels the HighPart of a LargeInteger. + // + + DWORD HighFltF0; + DWORD HighFltF1; + DWORD HighFltF2; + DWORD HighFltF3; + DWORD HighFltF4; + DWORD HighFltF5; + DWORD HighFltF6; + DWORD HighFltF7; + DWORD HighFltF8; + DWORD HighFltF9; + DWORD HighFltF10; + DWORD HighFltF11; + DWORD HighFltF12; + DWORD HighFltF13; + DWORD HighFltF14; + DWORD HighFltF15; + DWORD HighFltF16; + DWORD HighFltF17; + DWORD HighFltF18; + DWORD HighFltF19; + DWORD HighFltF20; + DWORD HighFltF21; + DWORD HighFltF22; + DWORD HighFltF23; + DWORD HighFltF24; + DWORD HighFltF25; + DWORD HighFltF26; + DWORD HighFltF27; + DWORD HighFltF28; + DWORD HighFltF29; + DWORD HighFltF30; + DWORD HighFltF31; + + DWORD HighIntV0; // $0: return value register, v0 + DWORD HighIntT0; // $1: temporary registers, t0 - t7 + DWORD HighIntT1; // $2: + DWORD HighIntT2; // $3: + DWORD HighIntT3; // $4: + DWORD HighIntT4; // $5: + DWORD HighIntT5; // $6: + DWORD HighIntT6; // $7: + DWORD HighIntT7; // $8: + DWORD HighIntS0; // $9: nonvolatile registers, s0 - s5 + DWORD HighIntS1; // $10: + DWORD HighIntS2; // $11: + DWORD HighIntS3; // $12: + DWORD HighIntS4; // $13: + DWORD HighIntS5; // $14: + DWORD HighIntFp; // $15: frame pointer register, fp/s6 + DWORD HighIntA0; // $16: argument registers, a0 - a5 + DWORD HighIntA1; // $17: + DWORD HighIntA2; // $18: + DWORD HighIntA3; // $19: + DWORD HighIntA4; // $20: + DWORD HighIntA5; // $21: + DWORD HighIntT8; // $22: temporary registers, t8 - t11 + DWORD HighIntT9; // $23: + DWORD HighIntT10; // $24: + DWORD HighIntT11; // $25: + DWORD HighIntRa; // $26: return address register, ra + DWORD HighIntT12; // $27: temporary register, t12 + DWORD HighIntAt; // $28: assembler temp register, at + DWORD HighIntGp; // $29: global pointer register, gp + DWORD HighIntSp; // $30: stack pointer register, sp + DWORD HighIntZero; // $31: zero register, zero + + DWORD HighFpcr; // floating point control register + DWORD HighSoftFpcr; // software extension to FPCR + DWORD HighFir; // processor status + + double DoNotUseThisField; // to force quadword structure alignment + DWORD HighFill[2]; // padding for 16-byte stack frame alignment + +} CONTEXT, *PCONTEXT; + +// +// These should name the fields in the _PORTABLE_32BIT structure +// that overlay the Psr and ContextFlags in the normal structure. +// + +#define _QUAD_PSR_OFFSET HighSoftFpcr +#define _QUAD_FLAGS_OFFSET HighFir + +#endif // _PORTABLE_32BIT_CONTEXT + +// end_ntddk end_nthal + +#endif // _ALPHA_ + + +#ifdef _ALPHA_ + +VOID +__jump_unwind ( + PVOID VirtualFramePointer, + PVOID TargetPc + ); + +#endif // _ALPHA_ + + +#ifdef _X86_ + +// +// Disable these two pramas that evaluate to "sti" "cli" on x86 so that driver +// writers to not leave them inadvertantly in their code. +// + +#if !defined(MIDL_PASS) +#if !defined(RC_INVOKED) + +#pragma warning(disable:4164) // disable C4164 warning so that apps that + // build with /Od don't get weird errors ! +#ifdef _M_IX86 +#pragma function(_enable) +#pragma function(_disable) +#endif + +#pragma warning(default:4164) // reenable C4164 warning + +#endif +#endif + + +#if !defined(MIDL_PASS) && defined(_M_IX86) +#pragma warning (disable:4035) // disable 4035 (function must return something) +_inline PVOID GetFiberData( void ) { __asm { + mov eax, fs:[0x10] + mov eax,[eax] + } + } +_inline PVOID GetCurrentFiber( void ) { __asm mov eax, fs:[0x10] } + +#pragma warning (default:4035) // Reenable it +#endif + +// begin_wx86 + +// +// Define the size of the 80387 save area, which is in the context frame. +// + +#define SIZE_OF_80387_REGISTERS 80 + +// +// The following flags control the contents of the CONTEXT structure. +// + +#if !defined(RC_INVOKED) + +#define CONTEXT_i386 0x00010000 // this assumes that i386 and +#define CONTEXT_i486 0x00010000 // i486 have identical context records + +// end_wx86 + +#define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP +#define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI +#define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS +#define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state +#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7 + +#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\ + CONTEXT_SEGMENTS) + +// begin_wx86 + +#endif + +typedef struct _FLOATING_SAVE_AREA { + DWORD ControlWord; + DWORD StatusWord; + DWORD TagWord; + DWORD ErrorOffset; + DWORD ErrorSelector; + DWORD DataOffset; + DWORD DataSelector; + BYTE RegisterArea[SIZE_OF_80387_REGISTERS]; + DWORD Cr0NpxState; +} FLOATING_SAVE_AREA; + +typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA; + +// +// Context Frame +// +// This frame has a several purposes: 1) it is used as an argument to +// NtContinue, 2) is is used to constuct a call frame for APC delivery, +// and 3) it is used in the user level thread creation routines. +// +// The layout of the record conforms to a standard call frame. +// + +typedef struct _CONTEXT { + + // + // The flags values within this flag control the contents of + // a CONTEXT record. + // + // If the context record is used as an input parameter, then + // for each portion of the context record controlled by a flag + // whose value is set, it is assumed that that portion of the + // context record contains valid context. If the context record + // is being used to modify a threads context, then only that + // portion of the threads context will be modified. + // + // If the context record is used as an IN OUT parameter to capture + // the context of a thread, then only those portions of the thread's + // context corresponding to set flags will be returned. + // + // The context record is never used as an OUT only parameter. + // + + DWORD ContextFlags; + + // + // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is + // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT + // included in CONTEXT_FULL. + // + + DWORD Dr0; + DWORD Dr1; + DWORD Dr2; + DWORD Dr3; + DWORD Dr6; + DWORD Dr7; + + // + // This section is specified/returned if the + // ContextFlags word contians the flag CONTEXT_FLOATING_POINT. + // + + FLOATING_SAVE_AREA FloatSave; + + // + // This section is specified/returned if the + // ContextFlags word contians the flag CONTEXT_SEGMENTS. + // + + DWORD SegGs; + DWORD SegFs; + DWORD SegEs; + DWORD SegDs; + + // + // This section is specified/returned if the + // ContextFlags word contians the flag CONTEXT_INTEGER. + // + + DWORD Edi; + DWORD Esi; + DWORD Ebx; + DWORD Edx; + DWORD Ecx; + DWORD Eax; + + // + // This section is specified/returned if the + // ContextFlags word contians the flag CONTEXT_CONTROL. + // + + DWORD Ebp; + DWORD Eip; + DWORD SegCs; // MUST BE SANITIZED + DWORD EFlags; // MUST BE SANITIZED + DWORD Esp; + DWORD SegSs; + +} CONTEXT; + + + +typedef CONTEXT *PCONTEXT; + +// begin_ntminiport + +#endif //_X86_ + + +typedef struct _LDT_ENTRY { + WORD LimitLow; + WORD BaseLow; + union { + struct { + BYTE BaseMid; + BYTE Flags1; // Declare as bytes to avoid alignment + BYTE Flags2; // Problems. + BYTE BaseHi; + } Bytes; + struct { + DWORD BaseMid : 8; + DWORD Type : 5; + DWORD Dpl : 2; + DWORD Pres : 1; + DWORD LimitHi : 4; + DWORD Sys : 1; + DWORD Reserved_0 : 1; + DWORD Default_Big : 1; + DWORD Granularity : 1; + DWORD BaseHi : 8; + } Bits; + } HighWord; +} LDT_ENTRY, *PLDT_ENTRY; + + +#if defined(_MIPS_) + +// +// Define functions to get the address of the current fiber and the +// current fiber data. +// + +#define GetCurrentFiber() ((*(PNT_TIB *)0x7ffff4a8)->FiberData) +#define GetFiberData() (*(PVOID *)(GetCurrentFiber())) + +// begin_ntddk begin_nthal +// +// The following flags control the contents of the CONTEXT structure. +// + +#if !defined(RC_INVOKED) + +#define CONTEXT_R4000 0x00010000 // r4000 context + +#define CONTEXT_CONTROL (CONTEXT_R4000 | 0x00000001) +#define CONTEXT_FLOATING_POINT (CONTEXT_R4000 | 0x00000002) +#define CONTEXT_INTEGER (CONTEXT_R4000 | 0x00000004) +#define CONTEXT_EXTENDED_FLOAT (CONTEXT_FLOATING_POINT | 0x00000008) +#define CONTEXT_EXTENDED_INTEGER (CONTEXT_INTEGER | 0x00000010) + +#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | \ + CONTEXT_INTEGER | CONTEXT_EXTENDED_INTEGER) + +#endif + +// +// Context Frame +// +// N.B. This frame must be exactly a multiple of 16 bytes in length. +// +// This frame has a several purposes: 1) it is used as an argument to +// NtContinue, 2) it is used to constuct a call frame for APC delivery, +// 3) it is used to construct a call frame for exception dispatching +// in user mode, and 4) it is used in the user level thread creation +// routines. +// +// The layout of the record conforms to a standard call frame. +// + +typedef struct _CONTEXT { + + // + // This section is always present and is used as an argument build + // area. + // + // N.B. Context records are 0 mod 8 aligned starting with NT 4.0. + // + + union { + DWORD Argument[4]; + DWORDLONG Alignment; + }; + + // + // The following union defines the 32-bit and 64-bit register context. + // + + union { + + // + // 32-bit context. + // + + struct { + + // + // This section is specified/returned if the ContextFlags contains + // the flag CONTEXT_FLOATING_POINT. + // + // N.B. This section contains the 16 double floating registers f0, + // f2, ..., f30. + // + + DWORD FltF0; + DWORD FltF1; + DWORD FltF2; + DWORD FltF3; + DWORD FltF4; + DWORD FltF5; + DWORD FltF6; + DWORD FltF7; + DWORD FltF8; + DWORD FltF9; + DWORD FltF10; + DWORD FltF11; + DWORD FltF12; + DWORD FltF13; + DWORD FltF14; + DWORD FltF15; + DWORD FltF16; + DWORD FltF17; + DWORD FltF18; + DWORD FltF19; + DWORD FltF20; + DWORD FltF21; + DWORD FltF22; + DWORD FltF23; + DWORD FltF24; + DWORD FltF25; + DWORD FltF26; + DWORD FltF27; + DWORD FltF28; + DWORD FltF29; + DWORD FltF30; + DWORD FltF31; + + // + // This section is specified/returned if the ContextFlags contains + // the flag CONTEXT_INTEGER. + // + // N.B. The registers gp, sp, and ra are defined in this section, + // but are considered part of the control context rather than + // part of the integer context. + // + // N.B. Register zero is not stored in the frame. + // + + DWORD IntZero; + DWORD IntAt; + DWORD IntV0; + DWORD IntV1; + DWORD IntA0; + DWORD IntA1; + DWORD IntA2; + DWORD IntA3; + DWORD IntT0; + DWORD IntT1; + DWORD IntT2; + DWORD IntT3; + DWORD IntT4; + DWORD IntT5; + DWORD IntT6; + DWORD IntT7; + DWORD IntS0; + DWORD IntS1; + DWORD IntS2; + DWORD IntS3; + DWORD IntS4; + DWORD IntS5; + DWORD IntS6; + DWORD IntS7; + DWORD IntT8; + DWORD IntT9; + DWORD IntK0; + DWORD IntK1; + DWORD IntGp; + DWORD IntSp; + DWORD IntS8; + DWORD IntRa; + DWORD IntLo; + DWORD IntHi; + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_FLOATING_POINT. + // + + DWORD Fsr; + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_CONTROL. + // + // N.B. The registers gp, sp, and ra are defined in the integer section, + // but are considered part of the control context rather than part of + // the integer context. + // + + DWORD Fir; + DWORD Psr; + + // + // The flags values within this flag control the contents of + // a CONTEXT record. + // + // If the context record is used as an input parameter, then + // for each portion of the context record controlled by a flag + // whose value is set, it is assumed that that portion of the + // context record contains valid context. If the context record + // is being used to modify a thread's context, then only that + // portion of the threads context will be modified. + // + // If the context record is used as an IN OUT parameter to capture + // the context of a thread, then only those portions of the thread's + // context corresponding to set flags will be returned. + // + // The context record is never used as an OUT only parameter. + // + + DWORD ContextFlags; + }; + + // + // 64-bit context. + // + + struct { + + // + // This section is specified/returned if the ContextFlags contains + // the flag CONTEXT_EXTENDED_FLOAT. + // + // N.B. This section contains the 32 double floating registers f0, + // f1, ..., f31. + // + + DWORDLONG XFltF0; + DWORDLONG XFltF1; + DWORDLONG XFltF2; + DWORDLONG XFltF3; + DWORDLONG XFltF4; + DWORDLONG XFltF5; + DWORDLONG XFltF6; + DWORDLONG XFltF7; + DWORDLONG XFltF8; + DWORDLONG XFltF9; + DWORDLONG XFltF10; + DWORDLONG XFltF11; + DWORDLONG XFltF12; + DWORDLONG XFltF13; + DWORDLONG XFltF14; + DWORDLONG XFltF15; + DWORDLONG XFltF16; + DWORDLONG XFltF17; + DWORDLONG XFltF18; + DWORDLONG XFltF19; + DWORDLONG XFltF20; + DWORDLONG XFltF21; + DWORDLONG XFltF22; + DWORDLONG XFltF23; + DWORDLONG XFltF24; + DWORDLONG XFltF25; + DWORDLONG XFltF26; + DWORDLONG XFltF27; + DWORDLONG XFltF28; + DWORDLONG XFltF29; + DWORDLONG XFltF30; + DWORDLONG XFltF31; + + // + // The following sections must exactly overlay the 32-bit context. + // + + DWORD Fill1; + DWORD Fill2; + + // + // This section is specified/returned if the ContextFlags contains + // the flag CONTEXT_FLOATING_POINT. + // + + DWORD XFsr; + + // + // This section is specified/returned if the ContextFlags contains + // the flag CONTEXT_CONTROL. + // + // N.B. The registers gp, sp, and ra are defined in the integer + // section, but are considered part of the control context + // rather than part of the integer context. + // + + DWORD XFir; + DWORD XPsr; + + // + // The flags values within this flag control the contents of + // a CONTEXT record. + // + // If the context record is used as an input parameter, then + // for each portion of the context record controlled by a flag + // whose value is set, it is assumed that that portion of the + // context record contains valid context. If the context record + // is being used to modify a thread's context, then only that + // portion of the threads context will be modified. + // + // If the context record is used as an IN OUT parameter to capture + // the context of a thread, then only those portions of the thread's + // context corresponding to set flags will be returned. + // + // The context record is never used as an OUT only parameter. + // + + DWORD XContextFlags; + + // + // This section is specified/returned if the ContextFlags contains + // the flag CONTEXT_EXTENDED_INTEGER. + // + // N.B. The registers gp, sp, and ra are defined in this section, + // but are considered part of the control context rather than + // part of the integer context. + // + // N.B. Register zero is not stored in the frame. + // + + DWORDLONG XIntZero; + DWORDLONG XIntAt; + DWORDLONG XIntV0; + DWORDLONG XIntV1; + DWORDLONG XIntA0; + DWORDLONG XIntA1; + DWORDLONG XIntA2; + DWORDLONG XIntA3; + DWORDLONG XIntT0; + DWORDLONG XIntT1; + DWORDLONG XIntT2; + DWORDLONG XIntT3; + DWORDLONG XIntT4; + DWORDLONG XIntT5; + DWORDLONG XIntT6; + DWORDLONG XIntT7; + DWORDLONG XIntS0; + DWORDLONG XIntS1; + DWORDLONG XIntS2; + DWORDLONG XIntS3; + DWORDLONG XIntS4; + DWORDLONG XIntS5; + DWORDLONG XIntS6; + DWORDLONG XIntS7; + DWORDLONG XIntT8; + DWORDLONG XIntT9; + DWORDLONG XIntK0; + DWORDLONG XIntK1; + DWORDLONG XIntGp; + DWORDLONG XIntSp; + DWORDLONG XIntS8; + DWORDLONG XIntRa; + DWORDLONG XIntLo; + DWORDLONG XIntHi; + }; + }; +} CONTEXT, *PCONTEXT; + +// end_ntddk end_nthal + +#define CONTEXT32_LENGTH 0x130 // The original 32-bit Context length (pre NT 4.0) + +#endif // MIPS + + +#if defined(_MIPS_) + +VOID +__jump_unwind ( + PVOID Fp, + PVOID TargetPc + ); + +#endif // MIPS + + +#if defined(_PPC_) + + +// +// The address of the TEB is placed into GPR 13 at context switch time +// and should never be destroyed. To get the address of the TEB use +// the compiler intrinsic to access it directly from GPR 13. +// + +#if defined(_M_PPC) && defined(_MSC_VER) && (_MSC_VER>=1000) +unsigned __gregister_get( unsigned const regnum ); +#define NtCurrentTeb() ((struct _TEB *)__gregister_get(13)) +#elif defined(_M_PPC) +struct _TEB * __builtin_get_gpr13(VOID); +#define NtCurrentTeb() ((struct _TEB *)__builtin_get_gpr13()) +#endif + + +// +// Define functions to get the address of the current fiber and the +// current fiber data. +// + +#define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData) +#define GetFiberData() (*(PVOID *)(GetCurrentFiber())) + +// begin_ntddk begin_nthal +// +// The following flags control the contents of the CONTEXT structure. +// + +#if !defined(RC_INVOKED) + +#define CONTEXT_CONTROL 0x00000001L +#define CONTEXT_FLOATING_POINT 0x00000002L +#define CONTEXT_INTEGER 0x00000004L +#define CONTEXT_DEBUG_REGISTERS 0x00000008L + +#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER) + +#endif + +// +// Context Frame +// +// N.B. This frame must be exactly a multiple of 16 bytes in length. +// +// This frame has a several purposes: 1) it is used as an argument to +// NtContinue, 2) it is used to constuct a call frame for APC delivery, +// 3) it is used to construct a call frame for exception dispatching +// in user mode, and 4) it is used in the user level thread creation +// routines. +// +// Requires at least 8-byte alignment (double) +// + +typedef struct _CONTEXT { + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_FLOATING_POINT. + // + + double Fpr0; // Floating registers 0..31 + double Fpr1; + double Fpr2; + double Fpr3; + double Fpr4; + double Fpr5; + double Fpr6; + double Fpr7; + double Fpr8; + double Fpr9; + double Fpr10; + double Fpr11; + double Fpr12; + double Fpr13; + double Fpr14; + double Fpr15; + double Fpr16; + double Fpr17; + double Fpr18; + double Fpr19; + double Fpr20; + double Fpr21; + double Fpr22; + double Fpr23; + double Fpr24; + double Fpr25; + double Fpr26; + double Fpr27; + double Fpr28; + double Fpr29; + double Fpr30; + double Fpr31; + double Fpscr; // Floating point status/control reg + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_INTEGER. + // + + DWORD Gpr0; // General registers 0..31 + DWORD Gpr1; + DWORD Gpr2; + DWORD Gpr3; + DWORD Gpr4; + DWORD Gpr5; + DWORD Gpr6; + DWORD Gpr7; + DWORD Gpr8; + DWORD Gpr9; + DWORD Gpr10; + DWORD Gpr11; + DWORD Gpr12; + DWORD Gpr13; + DWORD Gpr14; + DWORD Gpr15; + DWORD Gpr16; + DWORD Gpr17; + DWORD Gpr18; + DWORD Gpr19; + DWORD Gpr20; + DWORD Gpr21; + DWORD Gpr22; + DWORD Gpr23; + DWORD Gpr24; + DWORD Gpr25; + DWORD Gpr26; + DWORD Gpr27; + DWORD Gpr28; + DWORD Gpr29; + DWORD Gpr30; + DWORD Gpr31; + + DWORD Cr; // Condition register + DWORD Xer; // Fixed point exception register + + // + // This section is specified/returned if the ContextFlags word contains + // the flag CONTEXT_CONTROL. + // + + DWORD Msr; // Machine status register + DWORD Iar; // Instruction address register + DWORD Lr; // Link register + DWORD Ctr; // Count register + + // + // The flags values within this flag control the contents of + // a CONTEXT record. + // + // If the context record is used as an input parameter, then + // for each portion of the context record controlled by a flag + // whose value is set, it is assumed that that portion of the + // context record contains valid context. If the context record + // is being used to modify a thread's context, then only that + // portion of the threads context will be modified. + // + // If the context record is used as an IN OUT parameter to capture + // the context of a thread, then only those portions of the thread's + // context corresponding to set flags will be returned. + // + // The context record is never used as an OUT only parameter. + // + + DWORD ContextFlags; + + DWORD Fill[3]; // Pad out to multiple of 16 bytes + + // + // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is + // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT + // included in CONTEXT_FULL. + // + DWORD Dr0; // Breakpoint Register 1 + DWORD Dr1; // Breakpoint Register 2 + DWORD Dr2; // Breakpoint Register 3 + DWORD Dr3; // Breakpoint Register 4 + DWORD Dr4; // Breakpoint Register 5 + DWORD Dr5; // Breakpoint Register 6 + DWORD Dr6; // Debug Status Register + DWORD Dr7; // Debug Control Register + +} CONTEXT, *PCONTEXT; + +// end_ntddk end_nthal + + +// +// Stack frame header +// +// Order of appearance in stack frame: +// Header (six words) +// Parameters (at least eight words) +// Local variables +// Saved GPRs +// Saved FPRs +// +// Minimum alignment is 8 bytes + +typedef struct _STACK_FRAME_HEADER { // GPR 1 points here + DWORD BackChain; // Addr of previous frame + DWORD GlueSaved1; // Used by glue code + DWORD GlueSaved2; + DWORD Reserved1; // Reserved + DWORD Spare1; // Used by tracing, profiling, ... + DWORD Spare2; + + DWORD Parameter0; // First 8 parameter words are + DWORD Parameter1; // always present + DWORD Parameter2; + DWORD Parameter3; + DWORD Parameter4; + DWORD Parameter5; + DWORD Parameter6; + DWORD Parameter7; + +} STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER; + + +VOID +__jump_unwind ( + PVOID Fp, + PVOID TargetPc + ); + +#endif // defined(_PPC_) +#define EXCEPTION_NONCONTINUABLE 0x1 // Noncontinuable exception +#define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters + +// +// Exception record definition. +// + +typedef struct _EXCEPTION_RECORD { + /*lint -e18 */ // Don't complain about different definitions + DWORD ExceptionCode; + /*lint +e18 */ // Resume checking for different definitions + DWORD ExceptionFlags; + struct _EXCEPTION_RECORD *ExceptionRecord; + PVOID ExceptionAddress; + DWORD NumberParameters; + DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; + } EXCEPTION_RECORD; + +typedef EXCEPTION_RECORD *PEXCEPTION_RECORD; + +// +// Typedef for pointer returned by exception_info() +// + +typedef struct _EXCEPTION_POINTERS { + PEXCEPTION_RECORD ExceptionRecord; + PCONTEXT ContextRecord; +} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS; +#define PROCESS_TERMINATE (0x0001) +#define PROCESS_CREATE_THREAD (0x0002) +#define PROCESS_VM_OPERATION (0x0008) +#define PROCESS_VM_READ (0x0010) +#define PROCESS_VM_WRITE (0x0020) +#define PROCESS_DUP_HANDLE (0x0040) +#define PROCESS_CREATE_PROCESS (0x0080) +#define PROCESS_SET_QUOTA (0x0100) +#define PROCESS_SET_INFORMATION (0x0200) +#define PROCESS_QUERY_INFORMATION (0x0400) +#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ + 0xFFF) + + +#define MAXIMUM_PROCESSORS 32 + +#define THREAD_TERMINATE (0x0001) +#define THREAD_SUSPEND_RESUME (0x0002) +#define THREAD_GET_CONTEXT (0x0008) +#define THREAD_SET_CONTEXT (0x0010) +#define THREAD_SET_INFORMATION (0x0020) +#define THREAD_QUERY_INFORMATION (0x0040) +#define THREAD_SET_THREAD_TOKEN (0x0080) +#define THREAD_IMPERSONATE (0x0100) +#define THREAD_DIRECT_IMPERSONATION (0x0200) +// begin_ntddk + +#define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ + 0x3FF) + +// end_ntddk +#define TLS_MINIMUM_AVAILABLE 64 + +typedef struct _NT_TIB { + struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList; + PVOID StackBase; + PVOID StackLimit; + PVOID SubSystemTib; + union { + PVOID FiberData; + DWORD Version; + }; + PVOID ArbitraryUserPointer; + struct _NT_TIB *Self; +} NT_TIB; +typedef NT_TIB *PNT_TIB; +#define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1 +#define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost +#define THREAD_BASE_PRIORITY_MIN -2 // minimum thread base priority boost +#define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle + +typedef struct _QUOTA_LIMITS { + DWORD PagedPoolLimit; + DWORD NonPagedPoolLimit; + DWORD MinimumWorkingSetSize; + DWORD MaximumWorkingSetSize; + DWORD PagefileLimit; + LARGE_INTEGER TimeLimit; +} QUOTA_LIMITS; +typedef QUOTA_LIMITS *PQUOTA_LIMITS; + +#define EVENT_MODIFY_STATE 0x0002 +#define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) +#define MUTANT_QUERY_STATE 0x0001 + +#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\ + MUTANT_QUERY_STATE) +#define SEMAPHORE_MODIFY_STATE 0x0002 +#define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) +#define TIME_ZONE_ID_UNKNOWN 0 +#define TIME_ZONE_ID_STANDARD 1 +#define TIME_ZONE_ID_DAYLIGHT 2 + +#define PROCESSOR_INTEL_386 386 +#define PROCESSOR_INTEL_486 486 +#define PROCESSOR_INTEL_PENTIUM 586 +#define PROCESSOR_MIPS_R4000 4000 +#define PROCESSOR_ALPHA_21064 21064 + +#define PROCESSOR_ARCHITECTURE_INTEL 0 +#define PROCESSOR_ARCHITECTURE_MIPS 1 +#define PROCESSOR_ARCHITECTURE_ALPHA 2 +#define PROCESSOR_ARCHITECTURE_PPC 3 +#define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF + +#define PF_FLOATING_POINT_PRECISION_ERRATA 0 +#define PF_FLOATING_POINT_EMULATED 1 +#define PF_COMPARE_EXCHANGE_DOUBLE 2 +#define PF_MMX_INSTRUCTIONS_AVAILABLE 3 +typedef struct _MEMORY_BASIC_INFORMATION { + PVOID BaseAddress; + PVOID AllocationBase; + DWORD AllocationProtect; + DWORD RegionSize; + DWORD State; + DWORD Protect; + DWORD Type; +} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; +#define SECTION_QUERY 0x0001 +#define SECTION_MAP_WRITE 0x0002 +#define SECTION_MAP_READ 0x0004 +#define SECTION_MAP_EXECUTE 0x0008 +#define SECTION_EXTEND_SIZE 0x0010 + +#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\ + SECTION_MAP_WRITE | \ + SECTION_MAP_READ | \ + SECTION_MAP_EXECUTE | \ + SECTION_EXTEND_SIZE) +#define PAGE_NOACCESS 0x01 +#define PAGE_READONLY 0x02 +#define PAGE_READWRITE 0x04 +#define PAGE_WRITECOPY 0x08 +#define PAGE_EXECUTE 0x10 +#define PAGE_EXECUTE_READ 0x20 +#define PAGE_EXECUTE_READWRITE 0x40 +#define PAGE_EXECUTE_WRITECOPY 0x80 +#define PAGE_GUARD 0x100 +#define PAGE_NOCACHE 0x200 +#define MEM_COMMIT 0x1000 +#define MEM_RESERVE 0x2000 +#define MEM_DECOMMIT 0x4000 +#define MEM_RELEASE 0x8000 +#define MEM_FREE 0x10000 +#define MEM_PRIVATE 0x20000 +#define MEM_MAPPED 0x40000 +#define MEM_RESET 0x80000 +#define MEM_TOP_DOWN 0x100000 +#define SEC_FILE 0x800000 +#define SEC_IMAGE 0x1000000 +#define SEC_RESERVE 0x4000000 +#define SEC_COMMIT 0x8000000 +#define SEC_NOCACHE 0x10000000 +#define MEM_IMAGE SEC_IMAGE + +// +// Define access rights to files and directories +// + +// +// The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in +// devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these +// constants *MUST* always be in sync. +// The values are redefined in devioctl.h because they must be available to +// both DOS and NT. +// + +#define FILE_READ_DATA ( 0x0001 ) // file & pipe +#define FILE_LIST_DIRECTORY ( 0x0001 ) // directory + +#define FILE_WRITE_DATA ( 0x0002 ) // file & pipe +#define FILE_ADD_FILE ( 0x0002 ) // directory + +#define FILE_APPEND_DATA ( 0x0004 ) // file +#define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory +#define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe + +#define FILE_READ_EA ( 0x0008 ) // file & directory + +#define FILE_WRITE_EA ( 0x0010 ) // file & directory + +#define FILE_EXECUTE ( 0x0020 ) // file +#define FILE_TRAVERSE ( 0x0020 ) // directory + +#define FILE_DELETE_CHILD ( 0x0040 ) // directory + +#define FILE_READ_ATTRIBUTES ( 0x0080 ) // all + +#define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all + +#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF) + +#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\ + FILE_READ_DATA |\ + FILE_READ_ATTRIBUTES |\ + FILE_READ_EA |\ + SYNCHRONIZE) + + +#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\ + FILE_WRITE_DATA |\ + FILE_WRITE_ATTRIBUTES |\ + FILE_WRITE_EA |\ + FILE_APPEND_DATA |\ + SYNCHRONIZE) + + +#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\ + FILE_READ_ATTRIBUTES |\ + FILE_EXECUTE |\ + SYNCHRONIZE) + +#define FILE_SHARE_READ 0x00000001 +#define FILE_SHARE_WRITE 0x00000002 +#define FILE_SHARE_DELETE 0x00000004 +#define FILE_ATTRIBUTE_READONLY 0x00000001 +#define FILE_ATTRIBUTE_HIDDEN 0x00000002 +#define FILE_ATTRIBUTE_SYSTEM 0x00000004 +#define FILE_ATTRIBUTE_DIRECTORY 0x00000010 +#define FILE_ATTRIBUTE_ARCHIVE 0x00000020 +#define FILE_ATTRIBUTE_NORMAL 0x00000080 +#define FILE_ATTRIBUTE_TEMPORARY 0x00000100 +#define FILE_ATTRIBUTE_COMPRESSED 0x00000800 +#define FILE_ATTRIBUTE_OFFLINE 0x00001000 +#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 +#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 +#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 +#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 +#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 +#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 +#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 +#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 +#define FILE_ACTION_ADDED 0x00000001 +#define FILE_ACTION_REMOVED 0x00000002 +#define FILE_ACTION_MODIFIED 0x00000003 +#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 +#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 +#define MAILSLOT_NO_MESSAGE ((DWORD)-1) +#define MAILSLOT_WAIT_FOREVER ((DWORD)-1) +#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 +#define FILE_CASE_PRESERVED_NAMES 0x00000002 +#define FILE_UNICODE_ON_DISK 0x00000004 +#define FILE_PERSISTENT_ACLS 0x00000008 +#define FILE_FILE_COMPRESSION 0x00000010 +#define FILE_VOLUME_IS_COMPRESSED 0x00008000 + +// +// Define the file notification information structure +// + +typedef struct _FILE_NOTIFY_INFORMATION { + DWORD NextEntryOffset; + DWORD Action; + DWORD FileNameLength; + WCHAR FileName[1]; +} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION; + + +// +// Define segement buffer structure for scatter/gather read/write. +// + +typedef union _FILE_SEGMENT_ELEMENT { + PVOID Buffer; + DWORDLONG Alignment; +}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT; + +#define IO_COMPLETION_MODIFY_STATE 0x0002 +#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) +#define DUPLICATE_CLOSE_SOURCE 0x00000001 +#define DUPLICATE_SAME_ACCESS 0x00000002 +typedef PVOID PACCESS_TOKEN; +typedef PVOID PSECURITY_DESCRIPTOR; +typedef PVOID PSID; +//////////////////////////////////////////////////////////////////////// +// // +// ACCESS MASK // +// // +//////////////////////////////////////////////////////////////////////// + +// +// Define the access mask as a longword sized structure divided up as +// follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------+---------------+-------------------------------+ +// |G|G|G|G|Res'd|A| StandardRights| SpecificRights | +// |R|W|E|A| |S| | | +// +-+-------------+---------------+-------------------------------+ +// +// typedef struct _ACCESS_MASK { +// WORD SpecificRights; +// BYTE StandardRights; +// BYTE AccessSystemAcl : 1; +// BYTE Reserved : 3; +// BYTE GenericAll : 1; +// BYTE GenericExecute : 1; +// BYTE GenericWrite : 1; +// BYTE GenericRead : 1; +// } ACCESS_MASK; +// typedef ACCESS_MASK *PACCESS_MASK; +// +// but to make life simple for programmer's we'll allow them to specify +// a desired access mask by simply OR'ing together mulitple single rights +// and treat an access mask as a DWORD. For example +// +// DesiredAccess = DELETE | READ_CONTROL +// +// So we'll declare ACCESS_MASK as DWORD +// + +// begin_ntddk begin_nthal begin_ntifs +typedef DWORD ACCESS_MASK; +typedef ACCESS_MASK *PACCESS_MASK; + +//////////////////////////////////////////////////////////////////////// +// // +// ACCESS TYPES // +// // +//////////////////////////////////////////////////////////////////////// + + +// begin_ntddk begin_nthal begin_ntifs +// +// The following are masks for the predefined standard access types +// + +#define DELETE (0x00010000L) +#define READ_CONTROL (0x00020000L) +#define WRITE_DAC (0x00040000L) +#define WRITE_OWNER (0x00080000L) +#define SYNCHRONIZE (0x00100000L) + +#define STANDARD_RIGHTS_REQUIRED (0x000F0000L) + +#define STANDARD_RIGHTS_READ (READ_CONTROL) +#define STANDARD_RIGHTS_WRITE (READ_CONTROL) +#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL) + +#define STANDARD_RIGHTS_ALL (0x001F0000L) + +#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL) + +// +// AccessSystemAcl access type +// + +#define ACCESS_SYSTEM_SECURITY (0x01000000L) + +// +// MaximumAllowed access type +// + +#define MAXIMUM_ALLOWED (0x02000000L) + +// +// These are the generic rights. +// + +#define GENERIC_READ (0x80000000L) +#define GENERIC_WRITE (0x40000000L) +#define GENERIC_EXECUTE (0x20000000L) +#define GENERIC_ALL (0x10000000L) + + +// +// Define the generic mapping array. This is used to denote the +// mapping of each generic access right to a specific access mask. +// + +typedef struct _GENERIC_MAPPING { + ACCESS_MASK GenericRead; + ACCESS_MASK GenericWrite; + ACCESS_MASK GenericExecute; + ACCESS_MASK GenericAll; +} GENERIC_MAPPING; +typedef GENERIC_MAPPING *PGENERIC_MAPPING; + + + +//////////////////////////////////////////////////////////////////////// +// // +// LUID_AND_ATTRIBUTES // +// // +//////////////////////////////////////////////////////////////////////// +// +// + + +#include <pshpack4.h> + +typedef struct _LUID_AND_ATTRIBUTES { + LUID Luid; + DWORD Attributes; + } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES; +typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; +typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; + +#include <poppack.h> + + +//////////////////////////////////////////////////////////////////////// +// // +// Security Id (SID) // +// // +//////////////////////////////////////////////////////////////////////// +// +// +// Pictorially the structure of an SID is as follows: +// +// 1 1 1 1 1 1 +// 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------------------------------------------------------+ +// | SubAuthorityCount |Reserved1 (SBZ)| Revision | +// +---------------------------------------------------------------+ +// | IdentifierAuthority[0] | +// +---------------------------------------------------------------+ +// | IdentifierAuthority[1] | +// +---------------------------------------------------------------+ +// | IdentifierAuthority[2] | +// +---------------------------------------------------------------+ +// | | +// +- - - - - - - - SubAuthority[] - - - - - - - - -+ +// | | +// +---------------------------------------------------------------+ +// +// + + +// begin_ntifs + +#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED +#define SID_IDENTIFIER_AUTHORITY_DEFINED +typedef struct _SID_IDENTIFIER_AUTHORITY { + BYTE Value[6]; +} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; +#endif + + +#ifndef SID_DEFINED +#define SID_DEFINED +typedef struct _SID { + BYTE Revision; + BYTE SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; +#ifdef MIDL_PASS + [size_is(SubAuthorityCount)] DWORD SubAuthority[*]; +#else // MIDL_PASS + DWORD SubAuthority[ANYSIZE_ARRAY]; +#endif // MIDL_PASS +} SID, *PISID; +#endif + +#define SID_REVISION (1) // Current revision level +#define SID_MAX_SUB_AUTHORITIES (15) +#define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6 + // in a future release. + +typedef enum _SID_NAME_USE { + SidTypeUser = 1, + SidTypeGroup, + SidTypeDomain, + SidTypeAlias, + SidTypeWellKnownGroup, + SidTypeDeletedAccount, + SidTypeInvalid, + SidTypeUnknown +} SID_NAME_USE, *PSID_NAME_USE; + +typedef struct _SID_AND_ATTRIBUTES { + PSID Sid; + DWORD Attributes; + } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES; + +typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; +typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; + + + +///////////////////////////////////////////////////////////////////////////// +// // +// Universal well-known SIDs // +// // +// Null SID S-1-0-0 // +// World S-1-1-0 // +// Local S-1-2-0 // +// Creator Owner ID S-1-3-0 // +// Creator Group ID S-1-3-1 // +// Creator Owner Server ID S-1-3-2 // +// Creator Group Server ID S-1-3-3 // +// // +// (Non-unique IDs) S-1-4 // +// // +///////////////////////////////////////////////////////////////////////////// + +#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} +#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} +#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} +#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} +#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} + +#define SECURITY_NULL_RID (0x00000000L) +#define SECURITY_WORLD_RID (0x00000000L) +#define SECURITY_LOCAL_RID (0X00000000L) + +#define SECURITY_CREATOR_OWNER_RID (0x00000000L) +#define SECURITY_CREATOR_GROUP_RID (0x00000001L) + +#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) +#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) + + +///////////////////////////////////////////////////////////////////////////// +// // +// NT well-known SIDs // +// // +// NT Authority S-1-5 // +// Dialup S-1-5-1 // +// // +// Network S-1-5-2 // +// Batch S-1-5-3 // +// Interactive S-1-5-4 // +// Service S-1-5-6 // +// AnonymousLogon S-1-5-7 (aka null logon session) // +// Proxy S-1-5-8 // +// ServerLogon S-1-5-8 (aka domain controller account) // +// // +// (Logon IDs) S-1-5-5-X-Y // +// // +// (NT non-unique IDs) S-1-5-0x15-... // +// // +// (Built-in domain) s-1-5-0x20 // +// // +///////////////////////////////////////////////////////////////////////////// + + +#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs + +#define SECURITY_DIALUP_RID (0x00000001L) +#define SECURITY_NETWORK_RID (0x00000002L) +#define SECURITY_BATCH_RID (0x00000003L) +#define SECURITY_INTERACTIVE_RID (0x00000004L) +#define SECURITY_SERVICE_RID (0x00000006L) +#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) +#define SECURITY_PROXY_RID (0x00000008L) +#define SECURITY_SERVER_LOGON_RID (0x00000009L) + +#define SECURITY_LOGON_IDS_RID (0x00000005L) +#define SECURITY_LOGON_IDS_RID_COUNT (3L) + +#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) + +#define SECURITY_NT_NON_UNIQUE (0x00000015L) + +#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) + + + + + +///////////////////////////////////////////////////////////////////////////// +// // +// well-known domain relative sub-authority values (RIDs)... // +// // +///////////////////////////////////////////////////////////////////////////// + +// Well-known users ... + +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) + + + +// well-known groups ... + +#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) +#define DOMAIN_GROUP_RID_USERS (0x00000201L) +#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) + + + + +// well-known aliases ... + +#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) +#define DOMAIN_ALIAS_RID_USERS (0x00000221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) + +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) + +#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) + + + + + + +// +// Allocate the System Luid. The first 1000 LUIDs are reserved. +// Use #999 here (0x3E7 = 999) +// + +#define SYSTEM_LUID { 0x3E7, 0x0 } + +// end_ntifs + +//////////////////////////////////////////////////////////////////////// +// // +// User and Group related SID attributes // +// // +//////////////////////////////////////////////////////////////////////// + +// +// Group attributes +// + +#define SE_GROUP_MANDATORY (0x00000001L) +#define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L) +#define SE_GROUP_ENABLED (0x00000004L) +#define SE_GROUP_OWNER (0x00000008L) +#define SE_GROUP_LOGON_ID (0xC0000000L) + + + +// +// User attributes +// + +// (None yet defined.) + + + + +//////////////////////////////////////////////////////////////////////// +// // +// ACL and ACE // +// // +//////////////////////////////////////////////////////////////////////// + +// +// Define an ACL and the ACE format. The structure of an ACL header +// followed by one or more ACEs. Pictorally the structure of an ACL header +// is as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +-------------------------------+---------------+---------------+ +// | AclSize | Sbz1 | AclRevision | +// +-------------------------------+---------------+---------------+ +// | Sbz2 | AceCount | +// +-------------------------------+-------------------------------+ +// +// The current AclRevision is defined to be ACL_REVISION. +// +// AclSize is the size, in bytes, allocated for the ACL. This includes +// the ACL header, ACES, and remaining free space in the buffer. +// +// AceCount is the number of ACES in the ACL. +// + +// begin_ntddk begin_ntifs +// This is the *current* ACL revision + +#define ACL_REVISION (2) + +// This is the history of ACL revisions. Add a new one whenever +// ACL_REVISION is updated + +#define ACL_REVISION1 (1) +#define ACL_REVISION2 (2) +#define ACL_REVISION3 (3) + +typedef struct _ACL { + BYTE AclRevision; + BYTE Sbz1; + WORD AclSize; + WORD AceCount; + WORD Sbz2; +} ACL; +typedef ACL *PACL; + +// end_ntddk + +// +// The structure of an ACE is a common ace header followed by ace type +// specific data. Pictorally the structure of the common ace header is +// as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------+-------+-------+---------------+---------------+ +// | AceSize | AceFlags | AceType | +// +---------------+-------+-------+---------------+---------------+ +// +// AceType denotes the type of the ace, there are some predefined ace +// types +// +// AceSize is the size, in bytes, of ace. +// +// AceFlags are the Ace flags for audit and inheritance, defined shortly. + +typedef struct _ACE_HEADER { + BYTE AceType; + BYTE AceFlags; + WORD AceSize; +} ACE_HEADER; +typedef ACE_HEADER *PACE_HEADER; + +// +// The following are the predefined ace types that go into the AceType +// field of an Ace header. +// + +#define ACCESS_ALLOWED_ACE_TYPE (0x0) +#define ACCESS_DENIED_ACE_TYPE (0x1) +#define SYSTEM_AUDIT_ACE_TYPE (0x2) +#define SYSTEM_ALARM_ACE_TYPE (0x3) + +// +// The following are the inherit flags that go into the AceFlags field +// of an Ace header. +// + +#define OBJECT_INHERIT_ACE (0x1) +#define CONTAINER_INHERIT_ACE (0x2) +#define NO_PROPAGATE_INHERIT_ACE (0x4) +#define INHERIT_ONLY_ACE (0x8) +#define VALID_INHERIT_FLAGS (0xF) + + +// The following are the currently defined ACE flags that go into the +// AceFlags field of an ACE header. Each ACE type has its own set of +// AceFlags. +// +// SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE +// types to indicate that a message is generated for successful accesses. +// +// FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types +// to indicate that a message is generated for failed accesses. +// + +// +// SYSTEM_AUDIT and SYSTEM_ALARM AceFlags +// +// These control the signaling of audit and alarms for success or failure. +// + +#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) +#define FAILED_ACCESS_ACE_FLAG (0x80) + + +// +// We'll define the structure of the predefined ACE types. Pictorally +// the structure of the predefined ACE's is as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------+-------+-------+---------------+---------------+ +// | AceFlags | Resd |Inherit| AceSize | AceType | +// +---------------+-------+-------+---------------+---------------+ +// | Mask | +// +---------------------------------------------------------------+ +// | | +// + + +// | | +// + Sid + +// | | +// + + +// | | +// +---------------------------------------------------------------+ +// +// Mask is the access mask associated with the ACE. This is either the +// access allowed, access denied, audit, or alarm mask. +// +// Sid is the Sid associated with the ACE. +// + +// The following are the four predefined ACE types. + +// Examine the AceType field in the Header to determine +// which structure is appropriate to use for casting. + + +typedef struct _ACCESS_ALLOWED_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_ALLOWED_ACE; + +typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE; + +typedef struct _ACCESS_DENIED_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_DENIED_ACE; +typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE; + +typedef struct _SYSTEM_AUDIT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_AUDIT_ACE; +typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE; + +typedef struct _SYSTEM_ALARM_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_ALARM_ACE; +typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE; + +// end_ntifs + + + +// +// The following declarations are used for setting and querying information +// about and ACL. First are the various information classes available to +// the user. +// + +typedef enum _ACL_INFORMATION_CLASS { + AclRevisionInformation = 1, + AclSizeInformation +} ACL_INFORMATION_CLASS; + +// +// This record is returned/sent if the user is requesting/setting the +// AclRevisionInformation +// + +typedef struct _ACL_REVISION_INFORMATION { + DWORD AclRevision; +} ACL_REVISION_INFORMATION; +typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION; + +// +// This record is returned if the user is requesting AclSizeInformation +// + +typedef struct _ACL_SIZE_INFORMATION { + DWORD AceCount; + DWORD AclBytesInUse; + DWORD AclBytesFree; +} ACL_SIZE_INFORMATION; +typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION; + + +//////////////////////////////////////////////////////////////////////// +// // +// SECURITY_DESCRIPTOR // +// // +//////////////////////////////////////////////////////////////////////// +// +// Define the Security Descriptor and related data types. +// This is an opaque data structure. +// + +// begin_ntddk begin_ntifs +// +// Current security descriptor revision value +// + +#define SECURITY_DESCRIPTOR_REVISION (1) +#define SECURITY_DESCRIPTOR_REVISION1 (1) + +// end_ntddk + +// +// Minimum length, in bytes, needed to build a security descriptor +// (NOTE: This must manually be kept consistent with the) +// (sizeof(SECURITY_DESCRIPTOR) ) +// + +#define SECURITY_DESCRIPTOR_MIN_LENGTH (20) + + +typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + +#define SE_OWNER_DEFAULTED (0x0001) +#define SE_GROUP_DEFAULTED (0x0002) +#define SE_DACL_PRESENT (0x0004) +#define SE_DACL_DEFAULTED (0x0008) +#define SE_SACL_PRESENT (0x0010) +#define SE_SACL_DEFAULTED (0x0020) +#define SE_SELF_RELATIVE (0x8000) + +// +// Where: +// +// SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the +// SID pointed to by the Owner field was provided by a +// defaulting mechanism rather than explicitly provided by the +// original provider of the security descriptor. This may +// affect the treatment of the SID with respect to inheritence +// of an owner. +// +// SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the +// SID in the Group field was provided by a defaulting mechanism +// rather than explicitly provided by the original provider of +// the security descriptor. This may affect the treatment of +// the SID with respect to inheritence of a primary group. +// +// SE_DACL_PRESENT - This boolean flag, when set, indicates that the +// security descriptor contains a discretionary ACL. If this +// flag is set and the Dacl field of the SECURITY_DESCRIPTOR is +// null, then a null ACL is explicitly being specified. +// +// SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the +// ACL pointed to by the Dacl field was provided by a defaulting +// mechanism rather than explicitly provided by the original +// provider of the security descriptor. This may affect the +// treatment of the ACL with respect to inheritence of an ACL. +// This flag is ignored if the DaclPresent flag is not set. +// +// SE_SACL_PRESENT - This boolean flag, when set, indicates that the +// security descriptor contains a system ACL pointed to by the +// Sacl field. If this flag is set and the Sacl field of the +// SECURITY_DESCRIPTOR is null, then an empty (but present) +// ACL is being specified. +// +// SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the +// ACL pointed to by the Sacl field was provided by a defaulting +// mechanism rather than explicitly provided by the original +// provider of the security descriptor. This may affect the +// treatment of the ACL with respect to inheritence of an ACL. +// This flag is ignored if the SaclPresent flag is not set. +// +// SE_SELF_RELATIVE - This boolean flag, when set, indicates that the +// security descriptor is in self-relative form. In this form, +// all fields of the security descriptor are contiguous in memory +// and all pointer fields are expressed as offsets from the +// beginning of the security descriptor. This form is useful +// for treating security descriptors as opaque data structures +// for transmission in communication protocol or for storage on +// secondary media. +// +// +// +// Pictorially the structure of a security descriptor is as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------------------------------------------------------+ +// | Control |Reserved1 (SBZ)| Revision | +// +---------------------------------------------------------------+ +// | Owner | +// +---------------------------------------------------------------+ +// | Group | +// +---------------------------------------------------------------+ +// | Sacl | +// +---------------------------------------------------------------+ +// | Dacl | +// +---------------------------------------------------------------+ +// +// In general, this data structure should be treated opaquely to ensure future +// compatibility. +// +// + +typedef struct _SECURITY_DESCRIPTOR { + BYTE Revision; + BYTE Sbz1; + SECURITY_DESCRIPTOR_CONTROL Control; + PSID Owner; + PSID Group; + PACL Sacl; + PACL Dacl; + } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; + +// end_ntifs + +// Where: +// +// Revision - Contains the revision level of the security +// descriptor. This allows this structure to be passed between +// systems or stored on disk even though it is expected to +// change in the future. +// +// Control - A set of flags which qualify the meaning of the +// security descriptor or individual fields of the security +// descriptor. +// +// Owner - is a pointer to an SID representing an object's owner. +// If this field is null, then no owner SID is present in the +// security descriptor. If the security descriptor is in +// self-relative form, then this field contains an offset to +// the SID, rather than a pointer. +// +// Group - is a pointer to an SID representing an object's primary +// group. If this field is null, then no primary group SID is +// present in the security descriptor. If the security descriptor +// is in self-relative form, then this field contains an offset to +// the SID, rather than a pointer. +// +// Sacl - is a pointer to a system ACL. This field value is only +// valid if the DaclPresent control flag is set. If the +// SaclPresent flag is set and this field is null, then a null +// ACL is specified. If the security descriptor is in +// self-relative form, then this field contains an offset to +// the ACL, rather than a pointer. +// +// Dacl - is a pointer to a discretionary ACL. This field value is +// only valid if the DaclPresent control flag is set. If the +// DaclPresent flag is set and this field is null, then a null +// ACL (unconditionally granting access) is specified. If the +// security descriptor is in self-relative form, then this field +// contains an offset to the ACL, rather than a pointer. +// + + + +//////////////////////////////////////////////////////////////////////// +// // +// Privilege Related Data Structures // +// // +//////////////////////////////////////////////////////////////////////// + + +// begin_ntddk begin_nthal begin_ntifs +// +// Privilege attributes +// + +#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L) +#define SE_PRIVILEGE_ENABLED (0x00000002L) +#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) + +// +// Privilege Set Control flags +// + +#define PRIVILEGE_SET_ALL_NECESSARY (1) + +// +// Privilege Set - This is defined for a privilege set of one. +// If more than one privilege is needed, then this structure +// will need to be allocated with more space. +// +// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET +// structure (defined in se.h) +// + +typedef struct _PRIVILEGE_SET { + DWORD PrivilegeCount; + DWORD Control; + LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; + } PRIVILEGE_SET, * PPRIVILEGE_SET; + + +//////////////////////////////////////////////////////////////////////// +// // +// NT Defined Privileges // +// // +//////////////////////////////////////////////////////////////////////// + +#define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege") +#define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege") +#define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege") +#define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege") +#define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege") +#define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege") +#define SE_TCB_NAME TEXT("SeTcbPrivilege") +#define SE_SECURITY_NAME TEXT("SeSecurityPrivilege") +#define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege") +#define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege") +#define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege") +#define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege") +#define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege") +#define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege") +#define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege") +#define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege") +#define SE_BACKUP_NAME TEXT("SeBackupPrivilege") +#define SE_RESTORE_NAME TEXT("SeRestorePrivilege") +#define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege") +#define SE_DEBUG_NAME TEXT("SeDebugPrivilege") +#define SE_AUDIT_NAME TEXT("SeAuditPrivilege") +#define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege") +#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege") +#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege") + + +//////////////////////////////////////////////////////////////////// +// // +// Security Quality Of Service // +// // +// // +//////////////////////////////////////////////////////////////////// + +// begin_ntddk begin_nthal begin_ntifs +// +// Impersonation Level +// +// Impersonation level is represented by a pair of bits in Windows. +// If a new impersonation level is added or lowest value is changed from +// 0 to something else, fix the Windows CreateFile call. +// + +typedef enum _SECURITY_IMPERSONATION_LEVEL { + SecurityAnonymous, + SecurityIdentification, + SecurityImpersonation, + SecurityDelegation + } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; + +#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation + +#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation + + +//////////////////////////////////////////////////////////////////// +// // +// Token Object Definitions // +// // +// // +//////////////////////////////////////////////////////////////////// + + +// +// Token Specific Access Rights. +// + +#define TOKEN_ASSIGN_PRIMARY (0x0001) +#define TOKEN_DUPLICATE (0x0002) +#define TOKEN_IMPERSONATE (0x0004) +#define TOKEN_QUERY (0x0008) +#define TOKEN_QUERY_SOURCE (0x0010) +#define TOKEN_ADJUST_PRIVILEGES (0x0020) +#define TOKEN_ADJUST_GROUPS (0x0040) +#define TOKEN_ADJUST_DEFAULT (0x0080) + +#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ + TOKEN_ASSIGN_PRIMARY |\ + TOKEN_DUPLICATE |\ + TOKEN_IMPERSONATE |\ + TOKEN_QUERY |\ + TOKEN_QUERY_SOURCE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + + +#define TOKEN_READ (STANDARD_RIGHTS_READ |\ + TOKEN_QUERY) + + +#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + +#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) + + +// +// +// Token Types +// + +typedef enum _TOKEN_TYPE { + TokenPrimary = 1, + TokenImpersonation + } TOKEN_TYPE; +typedef TOKEN_TYPE *PTOKEN_TYPE; + + +// +// Token Information Classes. +// + + +typedef enum _TOKEN_INFORMATION_CLASS { + TokenUser = 1, + TokenGroups, + TokenPrivileges, + TokenOwner, + TokenPrimaryGroup, + TokenDefaultDacl, + TokenSource, + TokenType, + TokenImpersonationLevel, + TokenStatistics +} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; +// end_ntifs + +// +// Token information class structures +// + + +typedef struct _TOKEN_USER { + SID_AND_ATTRIBUTES User; +} TOKEN_USER, *PTOKEN_USER; + +// begin_ntifs + +typedef struct _TOKEN_GROUPS { + DWORD GroupCount; + SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; +} TOKEN_GROUPS, *PTOKEN_GROUPS; + + +typedef struct _TOKEN_PRIVILEGES { + DWORD PrivilegeCount; + LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; +} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; + +// end_ntifs + +typedef struct _TOKEN_OWNER { + PSID Owner; +} TOKEN_OWNER, *PTOKEN_OWNER; + + +typedef struct _TOKEN_PRIMARY_GROUP { + PSID PrimaryGroup; +} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP; + + +typedef struct _TOKEN_DEFAULT_DACL { + PACL DefaultDacl; +} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL; + + + +#define TOKEN_SOURCE_LENGTH 8 + +typedef struct _TOKEN_SOURCE { + CHAR SourceName[TOKEN_SOURCE_LENGTH]; + LUID SourceIdentifier; +} TOKEN_SOURCE, *PTOKEN_SOURCE; + +// end_ntifs + +typedef struct _TOKEN_STATISTICS { + LUID TokenId; + LUID AuthenticationId; + LARGE_INTEGER ExpirationTime; + TOKEN_TYPE TokenType; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + DWORD DynamicCharged; + DWORD DynamicAvailable; + DWORD GroupCount; + DWORD PrivilegeCount; + LUID ModifiedId; +} TOKEN_STATISTICS, *PTOKEN_STATISTICS; + + +// begin_ntifs + +typedef struct _TOKEN_CONTROL { + LUID TokenId; + LUID AuthenticationId; + LUID ModifiedId; + TOKEN_SOURCE TokenSource; + } TOKEN_CONTROL, *PTOKEN_CONTROL; + +// +// Security Tracking Mode +// + +#define SECURITY_DYNAMIC_TRACKING (TRUE) +#define SECURITY_STATIC_TRACKING (FALSE) + +typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, + * PSECURITY_CONTEXT_TRACKING_MODE; + + + +// +// Quality Of Service +// + +typedef struct _SECURITY_QUALITY_OF_SERVICE { + DWORD Length; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; + BOOLEAN EffectiveOnly; + } SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE; + + +// +// Used to represent information related to a thread impersonation +// + +typedef struct _SE_IMPERSONATION_STATE { + PACCESS_TOKEN Token; + BOOLEAN CopyOnOpen; + BOOLEAN EffectiveOnly; + SECURITY_IMPERSONATION_LEVEL Level; +} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; + + +typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; + +#define OWNER_SECURITY_INFORMATION (0X00000001L) +#define GROUP_SECURITY_INFORMATION (0X00000002L) +#define DACL_SECURITY_INFORMATION (0X00000004L) +#define SACL_SECURITY_INFORMATION (0X00000008L) + + +// +// Image Format +// + +#include "pshpack4.h" // 4 byte packing is the default + +#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ +#define IMAGE_OS2_SIGNATURE 0x454E // NE +#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE +#define IMAGE_VXD_SIGNATURE 0x454C // LE +#define IMAGE_NT_SIGNATURE 0x00004550 // PE00 + +#include "pshpack2.h" // 16 bit headers are 2 byte packed + +typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header + WORD e_magic; // Magic number + WORD e_cblp; // Bytes on last page of file + WORD e_cp; // Pages in file + WORD e_crlc; // Relocations + WORD e_cparhdr; // Size of header in paragraphs + WORD e_minalloc; // Minimum extra paragraphs needed + WORD e_maxalloc; // Maximum extra paragraphs needed + WORD e_ss; // Initial (relative) SS value + WORD e_sp; // Initial SP value + WORD e_csum; // Checksum + WORD e_ip; // Initial IP value + WORD e_cs; // Initial (relative) CS value + WORD e_lfarlc; // File address of relocation table + WORD e_ovno; // Overlay number + WORD e_res[4]; // Reserved words + WORD e_oemid; // OEM identifier (for e_oeminfo) + WORD e_oeminfo; // OEM information; e_oemid specific + WORD e_res2[10]; // Reserved words + LONG e_lfanew; // File address of new exe header + } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; + +typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header + WORD ne_magic; // Magic number + CHAR ne_ver; // Version number + CHAR ne_rev; // Revision number + WORD ne_enttab; // Offset of Entry Table + WORD ne_cbenttab; // Number of bytes in Entry Table + LONG ne_crc; // Checksum of whole file + WORD ne_flags; // Flag word + WORD ne_autodata; // Automatic data segment number + WORD ne_heap; // Initial heap allocation + WORD ne_stack; // Initial stack allocation + LONG ne_csip; // Initial CS:IP setting + LONG ne_sssp; // Initial SS:SP setting + WORD ne_cseg; // Count of file segments + WORD ne_cmod; // Entries in Module Reference Table + WORD ne_cbnrestab; // Size of non-resident name table + WORD ne_segtab; // Offset of Segment Table + WORD ne_rsrctab; // Offset of Resource Table + WORD ne_restab; // Offset of resident name table + WORD ne_modtab; // Offset of Module Reference Table + WORD ne_imptab; // Offset of Imported Names Table + LONG ne_nrestab; // Offset of Non-resident Names Table + WORD ne_cmovent; // Count of movable entries + WORD ne_align; // Segment alignment shift count + WORD ne_cres; // Count of resource segments + BYTE ne_exetyp; // Target Operating system + BYTE ne_flagsothers; // Other .EXE flags + WORD ne_pretthunks; // offset to return thunks + WORD ne_psegrefbytes; // offset to segment ref. bytes + WORD ne_swaparea; // Minimum code swap area size + WORD ne_expver; // Expected Windows version number + } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER; + +typedef struct _IMAGE_VXD_HEADER { // Windows VXD header + WORD e32_magic; // Magic number + BYTE e32_border; // The byte ordering for the VXD + BYTE e32_worder; // The word ordering for the VXD + DWORD e32_level; // The EXE format level for now = 0 + WORD e32_cpu; // The CPU type + WORD e32_os; // The OS type + DWORD e32_ver; // Module version + DWORD e32_mflags; // Module flags + DWORD e32_mpages; // Module # pages + DWORD e32_startobj; // Object # for instruction pointer + DWORD e32_eip; // Extended instruction pointer + DWORD e32_stackobj; // Object # for stack pointer + DWORD e32_esp; // Extended stack pointer + DWORD e32_pagesize; // VXD page size + DWORD e32_lastpagesize; // Last page size in VXD + DWORD e32_fixupsize; // Fixup section size + DWORD e32_fixupsum; // Fixup section checksum + DWORD e32_ldrsize; // Loader section size + DWORD e32_ldrsum; // Loader section checksum + DWORD e32_objtab; // Object table offset + DWORD e32_objcnt; // Number of objects in module + DWORD e32_objmap; // Object page map offset + DWORD e32_itermap; // Object iterated data map offset + DWORD e32_rsrctab; // Offset of Resource Table + DWORD e32_rsrccnt; // Number of resource entries + DWORD e32_restab; // Offset of resident name table + DWORD e32_enttab; // Offset of Entry Table + DWORD e32_dirtab; // Offset of Module Directive Table + DWORD e32_dircnt; // Number of module directives + DWORD e32_fpagetab; // Offset of Fixup Page Table + DWORD e32_frectab; // Offset of Fixup Record Table + DWORD e32_impmod; // Offset of Import Module Name Table + DWORD e32_impmodcnt; // Number of entries in Import Module Name Table + DWORD e32_impproc; // Offset of Import Procedure Name Table + DWORD e32_pagesum; // Offset of Per-Page Checksum Table + DWORD e32_datapage; // Offset of Enumerated Data Pages + DWORD e32_preload; // Number of preload pages + DWORD e32_nrestab; // Offset of Non-resident Names Table + DWORD e32_cbnrestab; // Size of Non-resident Name Table + DWORD e32_nressum; // Non-resident Name Table Checksum + DWORD e32_autodata; // Object # for automatic data object + DWORD e32_debuginfo; // Offset of the debugging information + DWORD e32_debuglen; // The length of the debugging info. in bytes + DWORD e32_instpreload; // Number of instance pages in preload section of VXD file + DWORD e32_instdemand; // Number of instance pages in demand load section of VXD file + DWORD e32_heapsize; // Size of heap - for 16-bit apps + BYTE e32_res3[12]; // Reserved words + DWORD e32_winresoff; + DWORD e32_winreslen; + WORD e32_devid; // Device ID for VxD + WORD e32_ddkver; // DDK version for VxD + } IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER; + +#include "poppack.h" // Back to 4 byte packing + +// +// File header format. +// + +typedef struct _IMAGE_FILE_HEADER { + WORD Machine; + WORD NumberOfSections; + DWORD TimeDateStamp; + DWORD PointerToSymbolTable; + DWORD NumberOfSymbols; + WORD SizeOfOptionalHeader; + WORD Characteristics; +} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; + +#define IMAGE_SIZEOF_FILE_HEADER 20 + +#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. +#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). +#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. +#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. +#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set +#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. +#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. +#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file +#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file. +#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file. +#define IMAGE_FILE_SYSTEM 0x1000 // System File. +#define IMAGE_FILE_DLL 0x2000 // File is a DLL. +#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine +#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. + +#define IMAGE_FILE_MACHINE_UNKNOWN 0 +#define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. +#define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian +#define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian +#define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian +#define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP +#define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian + +// +// Directory format. +// + +typedef struct _IMAGE_DATA_DIRECTORY { + DWORD VirtualAddress; + DWORD Size; +} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; + +#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 + +// +// Optional header format. +// + +typedef struct _IMAGE_OPTIONAL_HEADER { + // + // Standard fields. + // + + WORD Magic; + BYTE MajorLinkerVersion; + BYTE MinorLinkerVersion; + DWORD SizeOfCode; + DWORD SizeOfInitializedData; + DWORD SizeOfUninitializedData; + DWORD AddressOfEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; + + // + // NT additional fields. + // + + DWORD ImageBase; + DWORD SectionAlignment; + DWORD FileAlignment; + WORD MajorOperatingSystemVersion; + WORD MinorOperatingSystemVersion; + WORD MajorImageVersion; + WORD MinorImageVersion; + WORD MajorSubsystemVersion; + WORD MinorSubsystemVersion; + DWORD Win32VersionValue; + DWORD SizeOfImage; + DWORD SizeOfHeaders; + DWORD CheckSum; + WORD Subsystem; + WORD DllCharacteristics; + DWORD SizeOfStackReserve; + DWORD SizeOfStackCommit; + DWORD SizeOfHeapReserve; + DWORD SizeOfHeapCommit; + DWORD LoaderFlags; + DWORD NumberOfRvaAndSizes; + IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; +} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; + +typedef struct _IMAGE_ROM_OPTIONAL_HEADER { + WORD Magic; + BYTE MajorLinkerVersion; + BYTE MinorLinkerVersion; + DWORD SizeOfCode; + DWORD SizeOfInitializedData; + DWORD SizeOfUninitializedData; + DWORD AddressOfEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; + DWORD BaseOfBss; + DWORD GprMask; + DWORD CprMask[4]; + DWORD GpValue; +} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER; + +#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56 +#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28 +#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224 + +#define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b +#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 + +typedef struct _IMAGE_NT_HEADERS { + DWORD Signature; + IMAGE_FILE_HEADER FileHeader; + IMAGE_OPTIONAL_HEADER OptionalHeader; +} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS; + +typedef struct _IMAGE_ROM_HEADERS { + IMAGE_FILE_HEADER FileHeader; + IMAGE_ROM_OPTIONAL_HEADER OptionalHeader; +} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS; + +#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ + ((DWORD)ntheader + \ + FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \ + ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \ + )) + + +// Subsystem Values + +#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. +#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. +#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. +#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. +#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. +#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem. +#define IMAGE_SUBSYSTEM_RESERVED8 8 // image run in the 8 subsystem. + + +// Directory Entries + +#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory +#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory +#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory +#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory +#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory +#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table +#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory +#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String +#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) +#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory +#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory +#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers +#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table + +// +// Section header format. +// + +#define IMAGE_SIZEOF_SHORT_NAME 8 + +typedef struct _IMAGE_SECTION_HEADER { + BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; + union { + DWORD PhysicalAddress; + DWORD VirtualSize; + } Misc; + DWORD VirtualAddress; + DWORD SizeOfRawData; + DWORD PointerToRawData; + DWORD PointerToRelocations; + DWORD PointerToLinenumbers; + WORD NumberOfRelocations; + WORD NumberOfLinenumbers; + DWORD Characteristics; +} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; + +#define IMAGE_SIZEOF_SECTION_HEADER 40 + +// +// Section characteristics. +// + +// IMAGE_SCN_TYPE_REG 0x00000000 // Reserved. +// IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved. +// IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved. +// IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved. +#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. +// IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved. + +#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. +#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. +#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. + +#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. +#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. +// IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved. +#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. +#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. +// 0x00002000 // Reserved. + +// IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000 +#define IMAGE_SCN_MEM_FARDATA 0x00008000 +// IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000 +#define IMAGE_SCN_MEM_PURGEABLE 0x00020000 +#define IMAGE_SCN_MEM_16BIT 0x00020000 +#define IMAGE_SCN_MEM_LOCKED 0x00040000 +#define IMAGE_SCN_MEM_PRELOAD 0x00080000 + +#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // +#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // +#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // +#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // +#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified. +#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // +#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // +// Unused 0x00800000 + +#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations. +#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. +#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. +#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. +#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. +#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. +#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. +#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. + + +// +// TLS Chaacteristic Flags +// +#define IMAGE_SCN_SCALE_INDEX 0x00000001 // Tls index is scaled + +#include "pshpack2.h" // Symbols, relocs, and linenumbers are 2 byte packed + +// +// Symbol format. +// + +typedef struct _IMAGE_SYMBOL { + union { + BYTE ShortName[8]; + struct { + DWORD Short; // if 0, use LongName + DWORD Long; // offset into string table + } Name; + PBYTE LongName[2]; + } N; + DWORD Value; + SHORT SectionNumber; + WORD Type; + BYTE StorageClass; + BYTE NumberOfAuxSymbols; +} IMAGE_SYMBOL; +typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL; + + +#define IMAGE_SIZEOF_SYMBOL 18 + +// +// Section values. +// +// Symbols have a section number of the section in which they are +// defined. Otherwise, section numbers have the following meanings: +// + +#define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common. +#define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value. +#define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item. + +// +// Type (fundamental) values. +// + +#define IMAGE_SYM_TYPE_NULL 0x0000 // no type. +#define IMAGE_SYM_TYPE_VOID 0x0001 // +#define IMAGE_SYM_TYPE_CHAR 0x0002 // type character. +#define IMAGE_SYM_TYPE_SHORT 0x0003 // type short integer. +#define IMAGE_SYM_TYPE_INT 0x0004 // +#define IMAGE_SYM_TYPE_LONG 0x0005 // +#define IMAGE_SYM_TYPE_FLOAT 0x0006 // +#define IMAGE_SYM_TYPE_DOUBLE 0x0007 // +#define IMAGE_SYM_TYPE_STRUCT 0x0008 // +#define IMAGE_SYM_TYPE_UNION 0x0009 // +#define IMAGE_SYM_TYPE_ENUM 0x000A // enumeration. +#define IMAGE_SYM_TYPE_MOE 0x000B // member of enumeration. +#define IMAGE_SYM_TYPE_BYTE 0x000C // +#define IMAGE_SYM_TYPE_WORD 0x000D // +#define IMAGE_SYM_TYPE_UINT 0x000E // +#define IMAGE_SYM_TYPE_DWORD 0x000F // +#define IMAGE_SYM_TYPE_PCODE 0x8000 // + +// +// Type (derived) values. +// + +#define IMAGE_SYM_DTYPE_NULL 0 // no derived type. +#define IMAGE_SYM_DTYPE_POINTER 1 // pointer. +#define IMAGE_SYM_DTYPE_FUNCTION 2 // function. +#define IMAGE_SYM_DTYPE_ARRAY 3 // array. + +// +// Storage classes. +// + +#define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1 +#define IMAGE_SYM_CLASS_NULL 0x0000 +#define IMAGE_SYM_CLASS_AUTOMATIC 0x0001 +#define IMAGE_SYM_CLASS_EXTERNAL 0x0002 +#define IMAGE_SYM_CLASS_STATIC 0x0003 +#define IMAGE_SYM_CLASS_REGISTER 0x0004 +#define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005 +#define IMAGE_SYM_CLASS_LABEL 0x0006 +#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007 +#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008 +#define IMAGE_SYM_CLASS_ARGUMENT 0x0009 +#define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A +#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B +#define IMAGE_SYM_CLASS_UNION_TAG 0x000C +#define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D +#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E +#define IMAGE_SYM_CLASS_ENUM_TAG 0x000F +#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010 +#define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011 +#define IMAGE_SYM_CLASS_BIT_FIELD 0x0012 + +#define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 // + +#define IMAGE_SYM_CLASS_BLOCK 0x0064 +#define IMAGE_SYM_CLASS_FUNCTION 0x0065 +#define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066 +#define IMAGE_SYM_CLASS_FILE 0x0067 +// new +#define IMAGE_SYM_CLASS_SECTION 0x0068 +#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069 + +// type packing constants + +#define N_BTMASK 0x000F +#define N_TMASK 0x0030 +#define N_TMASK1 0x00C0 +#define N_TMASK2 0x00F0 +#define N_BTSHFT 4 +#define N_TSHIFT 2 + +// MACROS + +// Basic Type of x +#define BTYPE(x) ((x) & N_BTMASK) + +// Is x a pointer? +#ifndef ISPTR +#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT)) +#endif + +// Is x a function? +#ifndef ISFCN +#define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT)) +#endif + +// Is x an array? + +#ifndef ISARY +#define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT)) +#endif + +// Is x a structure, union, or enumeration TAG? +#ifndef ISTAG +#define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG || (x)==IMAGE_SYM_CLASS_UNION_TAG || (x)==IMAGE_SYM_CLASS_ENUM_TAG) +#endif + +#ifndef INCREF +#define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)|((x)&N_BTMASK)) +#endif +#ifndef DECREF +#define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK)) +#endif + +// +// Auxiliary entry format. +// + +typedef union _IMAGE_AUX_SYMBOL { + struct { + DWORD TagIndex; // struct, union, or enum tag index + union { + struct { + WORD Linenumber; // declaration line number + WORD Size; // size of struct, union, or enum + } LnSz; + DWORD TotalSize; + } Misc; + union { + struct { // if ISFCN, tag, or .bb + DWORD PointerToLinenumber; + DWORD PointerToNextFunction; + } Function; + struct { // if ISARY, up to 4 dimen. + WORD Dimension[4]; + } Array; + } FcnAry; + WORD TvIndex; // tv index + } Sym; + struct { + BYTE Name[IMAGE_SIZEOF_SYMBOL]; + } File; + struct { + DWORD Length; // section length + WORD NumberOfRelocations; // number of relocation entries + WORD NumberOfLinenumbers; // number of line numbers + DWORD CheckSum; // checksum for communal + SHORT Number; // section number to associate with + BYTE Selection; // communal selection type + } Section; +} IMAGE_AUX_SYMBOL; +typedef IMAGE_AUX_SYMBOL UNALIGNED *PIMAGE_AUX_SYMBOL; + +#define IMAGE_SIZEOF_AUX_SYMBOL 18 + +// +// Communal selection types. +// + +#define IMAGE_COMDAT_SELECT_NODUPLICATES 1 +#define IMAGE_COMDAT_SELECT_ANY 2 +#define IMAGE_COMDAT_SELECT_SAME_SIZE 3 +#define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 +#define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 +#define IMAGE_COMDAT_SELECT_LARGEST 6 +#define IMAGE_COMDAT_SELECT_NEWEST 7 + +#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 +#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 +#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 + +// +// Relocation format. +// + +typedef struct _IMAGE_RELOCATION { + union { + DWORD VirtualAddress; + DWORD RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set + }; + DWORD SymbolTableIndex; + WORD Type; +} IMAGE_RELOCATION; +typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION; + +#define IMAGE_SIZEOF_RELOCATION 10 + +// +// I386 relocation types. +// + +#define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary +#define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address +#define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address +#define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address +#define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included +#define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address +#define IMAGE_REL_I386_SECTION 0x000A +#define IMAGE_REL_I386_SECREL 0x000B +#define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address + +// +// MIPS relocation types. +// + +#define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary +#define IMAGE_REL_MIPS_REFHALF 0x0001 +#define IMAGE_REL_MIPS_REFWORD 0x0002 +#define IMAGE_REL_MIPS_JMPADDR 0x0003 +#define IMAGE_REL_MIPS_REFHI 0x0004 +#define IMAGE_REL_MIPS_REFLO 0x0005 +#define IMAGE_REL_MIPS_GPREL 0x0006 +#define IMAGE_REL_MIPS_LITERAL 0x0007 +#define IMAGE_REL_MIPS_SECTION 0x000A +#define IMAGE_REL_MIPS_SECREL 0x000B +#define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS) +#define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS) +#define IMAGE_REL_MIPS_REFWORDNB 0x0022 +#define IMAGE_REL_MIPS_PAIR 0x0025 + +// +// Alpha Relocation types. +// + +#define IMAGE_REL_ALPHA_ABSOLUTE 0x0000 +#define IMAGE_REL_ALPHA_REFLONG 0x0001 +#define IMAGE_REL_ALPHA_REFQUAD 0x0002 +#define IMAGE_REL_ALPHA_GPREL32 0x0003 +#define IMAGE_REL_ALPHA_LITERAL 0x0004 +#define IMAGE_REL_ALPHA_LITUSE 0x0005 +#define IMAGE_REL_ALPHA_GPDISP 0x0006 +#define IMAGE_REL_ALPHA_BRADDR 0x0007 +#define IMAGE_REL_ALPHA_HINT 0x0008 +#define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009 +#define IMAGE_REL_ALPHA_REFHI 0x000A +#define IMAGE_REL_ALPHA_REFLO 0x000B +#define IMAGE_REL_ALPHA_PAIR 0x000C +#define IMAGE_REL_ALPHA_MATCH 0x000D +#define IMAGE_REL_ALPHA_SECTION 0x000E +#define IMAGE_REL_ALPHA_SECREL 0x000F +#define IMAGE_REL_ALPHA_REFLONGNB 0x0010 +#define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference +#define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference + +// +// IBM PowerPC relocation types. +// + +#define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP +#define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address +#define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address +#define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) +#define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address +#define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) +#define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) +#define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) +#define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base +#define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) + +#define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base +#define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) +#define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number +#define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code +#define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction +#define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits) +#define IMAGE_REL_PPC_REFHI 0x0010 +#define IMAGE_REL_PPC_REFLO 0x0011 +#define IMAGE_REL_PPC_PAIR 0x0012 +#define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS) +#define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS) + +#define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type + +// Flag bits in IMAGE_RELOCATION.TYPE + +#define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it +#define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken +#define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken +#define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) + +// +// Line number format. +// + +typedef struct _IMAGE_LINENUMBER { + union { + DWORD SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. + DWORD VirtualAddress; // Virtual address of line number. + } Type; + WORD Linenumber; // Line number. +} IMAGE_LINENUMBER; +typedef IMAGE_LINENUMBER UNALIGNED *PIMAGE_LINENUMBER; + +#define IMAGE_SIZEOF_LINENUMBER 6 + +#include "poppack.h" // Back to 4 byte packing + +// +// Based relocation format. +// + +typedef struct _IMAGE_BASE_RELOCATION { + DWORD VirtualAddress; + DWORD SizeOfBlock; +// WORD TypeOffset[1]; +} IMAGE_BASE_RELOCATION; +typedef IMAGE_BASE_RELOCATION UNALIGNED * PIMAGE_BASE_RELOCATION; + +#define IMAGE_SIZEOF_BASE_RELOCATION 8 + +// +// Based relocation types. +// + +#define IMAGE_REL_BASED_ABSOLUTE 0 +#define IMAGE_REL_BASED_HIGH 1 +#define IMAGE_REL_BASED_LOW 2 +#define IMAGE_REL_BASED_HIGHLOW 3 +#define IMAGE_REL_BASED_HIGHADJ 4 +#define IMAGE_REL_BASED_MIPS_JMPADDR 5 +#define IMAGE_REL_BASED_SECTION 6 +#define IMAGE_REL_BASED_REL32 7 + +// +// Archive format. +// + +#define IMAGE_ARCHIVE_START_SIZE 8 +#define IMAGE_ARCHIVE_START "!<arch>\n" +#define IMAGE_ARCHIVE_END "`\n" +#define IMAGE_ARCHIVE_PAD "\n" +#define IMAGE_ARCHIVE_LINKER_MEMBER "/ " +#define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " + +typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { + BYTE Name[16]; // File member name - `/' terminated. + BYTE Date[12]; // File member date - decimal. + BYTE UserID[6]; // File member user id - decimal. + BYTE GroupID[6]; // File member group id - decimal. + BYTE Mode[8]; // File member mode - octal. + BYTE Size[10]; // File member size - decimal. + BYTE EndHeader[2]; // String to end header. +} IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; + +#define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 + +// +// DLL support. +// + +// +// Export Format +// + +typedef struct _IMAGE_EXPORT_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD Name; + DWORD Base; + DWORD NumberOfFunctions; + DWORD NumberOfNames; + PDWORD *AddressOfFunctions; + PDWORD *AddressOfNames; + PWORD *AddressOfNameOrdinals; +} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; + +// +// Import Format +// + +typedef struct _IMAGE_IMPORT_BY_NAME { + WORD Hint; + BYTE Name[1]; +} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; + +typedef struct _IMAGE_THUNK_DATA { + union { + PBYTE ForwarderString; + PDWORD Function; + DWORD Ordinal; + PIMAGE_IMPORT_BY_NAME AddressOfData; + } u1; +} IMAGE_THUNK_DATA; +typedef IMAGE_THUNK_DATA * PIMAGE_THUNK_DATA; + +#define IMAGE_ORDINAL_FLAG 0x80000000 +#define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0) +#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff) + +typedef struct _IMAGE_IMPORT_DESCRIPTOR { + union { + DWORD Characteristics; // 0 for terminating null import descriptor + PIMAGE_THUNK_DATA OriginalFirstThunk; // RVA to original unbound IAT + }; + DWORD TimeDateStamp; // 0 if not bound, + // -1 if bound, and real date\time stamp + // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) + // O.W. date/time stamp of DLL bound to (Old BIND) + + DWORD ForwarderChain; // -1 if no forwarders + DWORD Name; + PIMAGE_THUNK_DATA FirstThunk; // RVA to IAT (if bound this IAT has actual addresses) +} IMAGE_IMPORT_DESCRIPTOR; +typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; + +// +// New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ] +// + +typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR { + DWORD TimeDateStamp; + WORD OffsetModuleName; + WORD NumberOfModuleForwarderRefs; +// Array of zero or more IMAGE_BOUND_FORWARDER_REF follows +} IMAGE_BOUND_IMPORT_DESCRIPTOR, *PIMAGE_BOUND_IMPORT_DESCRIPTOR; + +typedef struct _IMAGE_BOUND_FORWARDER_REF { + DWORD TimeDateStamp; + WORD OffsetModuleName; + WORD Reserved; +} IMAGE_BOUND_FORWARDER_REF, *PIMAGE_BOUND_FORWARDER_REF; + + +// +// Thread Local Storage +// + +typedef VOID +(NTAPI *PIMAGE_TLS_CALLBACK) ( + PVOID DllHandle, + DWORD Reason, + PVOID Reserved + ); + +typedef struct _IMAGE_TLS_DIRECTORY { + DWORD StartAddressOfRawData; + DWORD EndAddressOfRawData; + PDWORD AddressOfIndex; + PIMAGE_TLS_CALLBACK *AddressOfCallBacks; + DWORD SizeOfZeroFill; + DWORD Characteristics; +} IMAGE_TLS_DIRECTORY, *PIMAGE_TLS_DIRECTORY; + + +// +// Resource Format. +// + +// +// Resource directory consists of two counts, following by a variable length +// array of directory entries. The first count is the number of entries at +// beginning of the array that have actual names associated with each entry. +// The entries are in ascending order, case insensitive strings. The second +// count is the number of entries that immediately follow the named entries. +// This second count identifies the number of entries that have 16-bit integer +// Ids as their name. These entries are also sorted in ascending order. +// +// This structure allows fast lookup by either name or number, but for any +// given resource entry only one form of lookup is supported, not both. +// This is consistant with the syntax of the .RC file and the .RES file. +// + +typedef struct _IMAGE_RESOURCE_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + WORD NumberOfNamedEntries; + WORD NumberOfIdEntries; +// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; +} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY; + +#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000 +#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000 + +// +// Each directory contains the 32-bit Name of the entry and an offset, +// relative to the beginning of the resource directory of the data associated +// with this directory entry. If the name of the entry is an actual text +// string instead of an integer Id, then the high order bit of the name field +// is set to one and the low order 31-bits are an offset, relative to the +// beginning of the resource directory of the string, which is of type +// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the +// low-order 16-bits are the integer Id that identify this resource directory +// entry. If the directory entry is yet another resource directory (i.e. a +// subdirectory), then the high order bit of the offset field will be +// set to indicate this. Otherwise the high bit is clear and the offset +// field points to a resource data entry. +// + +typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY { + union { + struct { + DWORD NameOffset:31; + DWORD NameIsString:1; + }; + DWORD Name; + WORD Id; + }; + union { + DWORD OffsetToData; + struct { + DWORD OffsetToDirectory:31; + DWORD DataIsDirectory:1; + }; + }; +} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY; + +// +// For resource directory entries that have actual string names, the Name +// field of the directory entry points to an object of the following type. +// All of these string objects are stored together after the last resource +// directory entry and before the first resource data object. This minimizes +// the impact of these variable length objects on the alignment of the fixed +// size directory entry objects. +// + +typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING { + WORD Length; + CHAR NameString[ 1 ]; +} IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING; + + +typedef struct _IMAGE_RESOURCE_DIR_STRING_U { + WORD Length; + WCHAR NameString[ 1 ]; +} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U; + + +// +// Each resource data entry describes a leaf node in the resource directory +// tree. It contains an offset, relative to the beginning of the resource +// directory of the data for the resource, a size field that gives the number +// of bytes of data at that offset, a CodePage that should be used when +// decoding code point values within the resource data. Typically for new +// applications the code page would be the unicode code page. +// + +typedef struct _IMAGE_RESOURCE_DATA_ENTRY { + DWORD OffsetToData; + DWORD Size; + DWORD CodePage; + DWORD Reserved; +} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY; + +// +// Load Configuration Directory Entry +// + +typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD GlobalFlagsClear; + DWORD GlobalFlagsSet; + DWORD CriticalSectionDefaultTimeout; + DWORD DeCommitFreeBlockThreshold; + DWORD DeCommitTotalFreeThreshold; + PVOID LockPrefixTable; + DWORD MaximumAllocationSize; + DWORD VirtualMemoryThreshold; + DWORD ProcessHeapFlags; + DWORD ProcessAffinityMask; + DWORD Reserved[ 3 ]; +} IMAGE_LOAD_CONFIG_DIRECTORY, *PIMAGE_LOAD_CONFIG_DIRECTORY; + + +// +// Function table entry format for MIPS/ALPHA images. Function table is +// pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. +// This definition duplicates ones in ntmips.h and ntalpha.h for use +// by portable image file mungers. +// + +typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY { + DWORD BeginAddress; + DWORD EndAddress; + PVOID ExceptionHandler; + PVOID HandlerData; + DWORD PrologEndAddress; +} IMAGE_RUNTIME_FUNCTION_ENTRY, *PIMAGE_RUNTIME_FUNCTION_ENTRY; + +// +// Debug Format +// + +typedef struct _IMAGE_DEBUG_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD Type; + DWORD SizeOfData; + DWORD AddressOfRawData; + DWORD PointerToRawData; +} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY; + +#define IMAGE_DEBUG_TYPE_UNKNOWN 0 +#define IMAGE_DEBUG_TYPE_COFF 1 +#define IMAGE_DEBUG_TYPE_CODEVIEW 2 +#define IMAGE_DEBUG_TYPE_FPO 3 +#define IMAGE_DEBUG_TYPE_MISC 4 +#define IMAGE_DEBUG_TYPE_EXCEPTION 5 +#define IMAGE_DEBUG_TYPE_FIXUP 6 +#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7 +#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8 + + +typedef struct _IMAGE_COFF_SYMBOLS_HEADER { + DWORD NumberOfSymbols; + DWORD LvaToFirstSymbol; + DWORD NumberOfLinenumbers; + DWORD LvaToFirstLinenumber; + DWORD RvaToFirstByteOfCode; + DWORD RvaToLastByteOfCode; + DWORD RvaToFirstByteOfData; + DWORD RvaToLastByteOfData; +} IMAGE_COFF_SYMBOLS_HEADER, *PIMAGE_COFF_SYMBOLS_HEADER; + +#define FRAME_FPO 0 +#define FRAME_TRAP 1 +#define FRAME_TSS 2 +#define FRAME_NONFPO 3 + +typedef struct _FPO_DATA { + DWORD ulOffStart; // offset 1st byte of function code + DWORD cbProcSize; // # bytes in function + DWORD cdwLocals; // # bytes in locals/4 + WORD cdwParams; // # bytes in params/4 + WORD cbProlog : 8; // # bytes in prolog + WORD cbRegs : 3; // # regs saved + WORD fHasSEH : 1; // TRUE if SEH in func + WORD fUseBP : 1; // TRUE if EBP has been allocated + WORD reserved : 1; // reserved for future use + WORD cbFrame : 2; // frame type +} FPO_DATA, *PFPO_DATA; +#define SIZEOF_RFPO_DATA 16 + + +#define IMAGE_DEBUG_MISC_EXENAME 1 + +typedef struct _IMAGE_DEBUG_MISC { + DWORD DataType; // type of misc data, see defines + DWORD Length; // total length of record, rounded to four + // byte multiple. + BOOLEAN Unicode; // TRUE if data is unicode string + BYTE Reserved[ 3 ]; + BYTE Data[ 1 ]; // Actual data +} IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC; + + +// +// Function table extracted from MIPS/ALPHA images. Does not contain +// information needed only for runtime support. Just those fields for +// each entry needed by a debugger. +// + +typedef struct _IMAGE_FUNCTION_ENTRY { + DWORD StartingAddress; + DWORD EndingAddress; + DWORD EndOfPrologue; +} IMAGE_FUNCTION_ENTRY, *PIMAGE_FUNCTION_ENTRY; + +// +// Debugging information can be stripped from an image file and placed +// in a separate .DBG file, whose file name part is the same as the +// image file name part (e.g. symbols for CMD.EXE could be stripped +// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED +// flag in the Characteristics field of the file header. The beginning of +// the .DBG file contains the following structure which captures certain +// information from the image file. This allows a debug to proceed even if +// the original image file is not accessable. This header is followed by +// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more +// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in +// the image file contain file offsets relative to the beginning of the +// .DBG file. +// +// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure +// is left in the image file, but not mapped. This allows a debugger to +// compute the name of the .DBG file, from the name of the image in the +// IMAGE_DEBUG_MISC structure. +// + +typedef struct _IMAGE_SEPARATE_DEBUG_HEADER { + WORD Signature; + WORD Flags; + WORD Machine; + WORD Characteristics; + DWORD TimeDateStamp; + DWORD CheckSum; + DWORD ImageBase; + DWORD SizeOfImage; + DWORD NumberOfSections; + DWORD ExportedNamesSize; + DWORD DebugDirectorySize; + DWORD SectionAlignment; + DWORD Reserved[2]; +} IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER; + +#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944 + +#define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000 +#define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the + // old checksum didn't match. + +#include "poppack.h" // Return to the default + +// +// End Image Format +// + +// +// for move macros +// +#include <string.h> +#define HEAP_NO_SERIALIZE 0x00000001 +#define HEAP_GROWABLE 0x00000002 +#define HEAP_GENERATE_EXCEPTIONS 0x00000004 +#define HEAP_ZERO_MEMORY 0x00000008 +#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 +#define HEAP_TAIL_CHECKING_ENABLED 0x00000020 +#define HEAP_FREE_CHECKING_ENABLED 0x00000040 +#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 +#define HEAP_CREATE_ALIGN_16 0x00010000 +#define HEAP_CREATE_ENABLE_TRACING 0x00020000 +#define HEAP_MAXIMUM_TAG 0x0FFF +#define HEAP_PSEUDO_TAG_FLAG 0x8000 +#define HEAP_TAG_SHIFT 16 +#define HEAP_MAKE_TAG_FLAGS( b, o ) ((DWORD)((b) + ((o) << 16))) + +#define IS_TEXT_UNICODE_ASCII16 0x0001 +#define IS_TEXT_UNICODE_REVERSE_ASCII16 0x0010 + +#define IS_TEXT_UNICODE_STATISTICS 0x0002 +#define IS_TEXT_UNICODE_REVERSE_STATISTICS 0x0020 + +#define IS_TEXT_UNICODE_CONTROLS 0x0004 +#define IS_TEXT_UNICODE_REVERSE_CONTROLS 0x0040 + +#define IS_TEXT_UNICODE_SIGNATURE 0x0008 +#define IS_TEXT_UNICODE_REVERSE_SIGNATURE 0x0080 + +#define IS_TEXT_UNICODE_ILLEGAL_CHARS 0x0100 +#define IS_TEXT_UNICODE_ODD_LENGTH 0x0200 +#define IS_TEXT_UNICODE_DBCS_LEADBYTE 0x0400 +#define IS_TEXT_UNICODE_NULL_BYTES 0x1000 + +#define IS_TEXT_UNICODE_UNICODE_MASK 0x000F +#define IS_TEXT_UNICODE_REVERSE_MASK 0x00F0 +#define IS_TEXT_UNICODE_NOT_UNICODE_MASK 0x0F00 +#define IS_TEXT_UNICODE_NOT_ASCII_MASK 0xF000 + +#define COMPRESSION_FORMAT_NONE (0x0000) +#define COMPRESSION_FORMAT_DEFAULT (0x0001) +#define COMPRESSION_FORMAT_LZNT1 (0x0002) +#define COMPRESSION_ENGINE_STANDARD (0x0000) +#define COMPRESSION_ENGINE_MAXIMUM (0x0100) +#if defined(_M_IX86) || defined(_M_MRX000) || defined(_M_ALPHA) + +#if defined(_M_MRX000) +NTSYSAPI +DWORD +NTAPI +RtlEqualMemory ( + CONST VOID *Source1, + CONST VOID *Source2, + DWORD Length + ); + +#else +#define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length))) +#endif + +#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length)) +#define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length)) +#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length)) +#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length)) + +#else // _M_PPC + +NTSYSAPI +DWORD +NTAPI +RtlEqualMemory ( + CONST VOID *Source1, + CONST VOID *Source2, + DWORD Length + ); + +NTSYSAPI +VOID +NTAPI +RtlCopyMemory ( + VOID UNALIGNED *Destination, + CONST VOID UNALIGNED *Source, + DWORD Length + ); + +NTSYSAPI +VOID +NTAPI +RtlCopyMemory32 ( + VOID UNALIGNED *Destination, + CONST VOID UNALIGNED *Source, + DWORD Length + ); + +NTSYSAPI +VOID +NTAPI +RtlMoveMemory ( + VOID UNALIGNED *Destination, + CONST VOID UNALIGNED *Source, + DWORD Length + ); + +NTSYSAPI +VOID +NTAPI +RtlFillMemory ( + VOID UNALIGNED *Destination, + DWORD Length, + BYTE Fill + ); + +NTSYSAPI +VOID +NTAPI +RtlZeroMemory ( + VOID UNALIGNED *Destination, + DWORD Length + ); +#endif + +typedef struct _MESSAGE_RESOURCE_ENTRY { + WORD Length; + WORD Flags; + BYTE Text[ 1 ]; +} MESSAGE_RESOURCE_ENTRY, *PMESSAGE_RESOURCE_ENTRY; + +#define MESSAGE_RESOURCE_UNICODE 0x0001 + +typedef struct _MESSAGE_RESOURCE_BLOCK { + DWORD LowId; + DWORD HighId; + DWORD OffsetToEntries; +} MESSAGE_RESOURCE_BLOCK, *PMESSAGE_RESOURCE_BLOCK; + +typedef struct _MESSAGE_RESOURCE_DATA { + DWORD NumberOfBlocks; + MESSAGE_RESOURCE_BLOCK Blocks[ 1 ]; +} MESSAGE_RESOURCE_DATA, *PMESSAGE_RESOURCE_DATA; + + +typedef struct _RTL_CRITICAL_SECTION_DEBUG { + WORD Type; + WORD CreatorBackTraceIndex; + struct _RTL_CRITICAL_SECTION *CriticalSection; + LIST_ENTRY ProcessLocksList; + DWORD EntryCount; + DWORD ContentionCount; + DWORD Spare[ 2 ]; +} RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG; + +#define RTL_CRITSECT_TYPE 0 +#define RTL_RESOURCE_TYPE 1 + +typedef struct _RTL_CRITICAL_SECTION { + PRTL_CRITICAL_SECTION_DEBUG DebugInfo; + + // + // The following three fields control entering and exiting the critical + // section for the resource + // + + LONG LockCount; + LONG RecursionCount; + HANDLE OwningThread; // from the thread's ClientId->UniqueThread + HANDLE LockSemaphore; + DWORD Reserved; +} RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION; +#define DLL_PROCESS_ATTACH 1 +#define DLL_THREAD_ATTACH 2 +#define DLL_THREAD_DETACH 3 +#define DLL_PROCESS_DETACH 0 + +// +// Defines for the READ flags for Eventlogging +// +#define EVENTLOG_SEQUENTIAL_READ 0X0001 +#define EVENTLOG_SEEK_READ 0X0002 +#define EVENTLOG_FORWARDS_READ 0X0004 +#define EVENTLOG_BACKWARDS_READ 0X0008 + +// +// The types of events that can be logged. +// +#define EVENTLOG_SUCCESS 0X0000 +#define EVENTLOG_ERROR_TYPE 0x0001 +#define EVENTLOG_WARNING_TYPE 0x0002 +#define EVENTLOG_INFORMATION_TYPE 0x0004 +#define EVENTLOG_AUDIT_SUCCESS 0x0008 +#define EVENTLOG_AUDIT_FAILURE 0x0010 + +// +// Defines for the WRITE flags used by Auditing for paired events +// These are not implemented in Product 1 +// + +#define EVENTLOG_START_PAIRED_EVENT 0x0001 +#define EVENTLOG_END_PAIRED_EVENT 0x0002 +#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004 +#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008 +#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010 + +// +// Structure that defines the header of the Eventlog record. This is the +// fixed-sized portion before all the variable-length strings, binary +// data and pad bytes. +// +// TimeGenerated is the time it was generated at the client. +// TimeWritten is the time it was put into the log at the server end. +// + +typedef struct _EVENTLOGRECORD { + DWORD Length; // Length of full record + DWORD Reserved; // Used by the service + DWORD RecordNumber; // Absolute record number + DWORD TimeGenerated; // Seconds since 1-1-1970 + DWORD TimeWritten; // Seconds since 1-1-1970 + DWORD EventID; + WORD EventType; + WORD NumStrings; + WORD EventCategory; + WORD ReservedFlags; // For use with paired events (auditing) + DWORD ClosingRecordNumber; // For use with paired events (auditing) + DWORD StringOffset; // Offset from beginning of record + DWORD UserSidLength; + DWORD UserSidOffset; + DWORD DataLength; + DWORD DataOffset; // Offset from beginning of record + // + // Then follow: + // + // WCHAR SourceName[] + // WCHAR Computername[] + // SID UserSid + // WCHAR Strings[] + // BYTE Data[] + // CHAR Pad[] + // DWORD Length; + // +} EVENTLOGRECORD, *PEVENTLOGRECORD; + +#define DBG_CONTINUE ((DWORD )0x00010002L) +#define DBG_TERMINATE_THREAD ((DWORD )0x40010003L) +#define DBG_TERMINATE_PROCESS ((DWORD )0x40010004L) +#define DBG_CONTROL_C ((DWORD )0x40010005L) +#define DBG_CONTROL_BREAK ((DWORD )0x40010008L) +#define DBG_EXCEPTION_NOT_HANDLED ((DWORD )0x80010001L) +// + +// begin_ntddk begin_nthal +// +// Registry Specific Access Rights. +// + +#define KEY_QUERY_VALUE (0x0001) +#define KEY_SET_VALUE (0x0002) +#define KEY_CREATE_SUB_KEY (0x0004) +#define KEY_ENUMERATE_SUB_KEYS (0x0008) +#define KEY_NOTIFY (0x0010) +#define KEY_CREATE_LINK (0x0020) + +#define KEY_READ ((STANDARD_RIGHTS_READ |\ + KEY_QUERY_VALUE |\ + KEY_ENUMERATE_SUB_KEYS |\ + KEY_NOTIFY) \ + & \ + (~SYNCHRONIZE)) + + +#define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\ + KEY_SET_VALUE |\ + KEY_CREATE_SUB_KEY) \ + & \ + (~SYNCHRONIZE)) + +#define KEY_EXECUTE ((KEY_READ) \ + & \ + (~SYNCHRONIZE)) + +#define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\ + KEY_QUERY_VALUE |\ + KEY_SET_VALUE |\ + KEY_CREATE_SUB_KEY |\ + KEY_ENUMERATE_SUB_KEYS |\ + KEY_NOTIFY |\ + KEY_CREATE_LINK) \ + & \ + (~SYNCHRONIZE)) + +// +// Open/Create Options +// + +#define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved + +#define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved + // when system is rebooted + +#define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved + // when system is rebooted + +#define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a + // symbolic link + +#define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore + // special access rules + // privilege required + +#define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link + +#define REG_LEGAL_OPTION \ + (REG_OPTION_RESERVED |\ + REG_OPTION_NON_VOLATILE |\ + REG_OPTION_VOLATILE |\ + REG_OPTION_CREATE_LINK |\ + REG_OPTION_BACKUP_RESTORE |\ + REG_OPTION_OPEN_LINK) + +// +// Key creation/open disposition +// + +#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created +#define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened + +// +// Key restore flags +// + +#define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile +#define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush +#define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive + +// end_ntddk end_nthal + +// +// Notify filter values +// +#define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child) +#define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L) +#define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp +#define REG_NOTIFY_CHANGE_SECURITY (0x00000008L) + +#define REG_LEGAL_CHANGE_FILTER \ + (REG_NOTIFY_CHANGE_NAME |\ + REG_NOTIFY_CHANGE_ATTRIBUTES |\ + REG_NOTIFY_CHANGE_LAST_SET |\ + REG_NOTIFY_CHANGE_SECURITY) + +// +// +// Predefined Value Types. +// + +#define REG_NONE ( 0 ) // No value type +#define REG_SZ ( 1 ) // Unicode nul terminated string +#define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string + // (with environment variable references) +#define REG_BINARY ( 3 ) // Free form binary +#define REG_DWORD ( 4 ) // 32-bit number +#define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD) +#define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number +#define REG_LINK ( 6 ) // Symbolic Link (unicode) +#define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings +#define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map +#define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description +#define REG_RESOURCE_REQUIREMENTS_LIST ( 10 ) + +// end_ntddk end_nthal + +// begin_ntddk begin_nthal +// +// Service Types (Bit Mask) +// +#define SERVICE_KERNEL_DRIVER 0x00000001 +#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 +#define SERVICE_ADAPTER 0x00000004 +#define SERVICE_RECOGNIZER_DRIVER 0x00000008 + +#define SERVICE_DRIVER (SERVICE_KERNEL_DRIVER | \ + SERVICE_FILE_SYSTEM_DRIVER | \ + SERVICE_RECOGNIZER_DRIVER) + +#define SERVICE_WIN32_OWN_PROCESS 0x00000010 +#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 +#define SERVICE_WIN32 (SERVICE_WIN32_OWN_PROCESS | \ + SERVICE_WIN32_SHARE_PROCESS) + +#define SERVICE_INTERACTIVE_PROCESS 0x00000100 + +#define SERVICE_TYPE_ALL (SERVICE_WIN32 | \ + SERVICE_ADAPTER | \ + SERVICE_DRIVER | \ + SERVICE_INTERACTIVE_PROCESS) + +// +// Start Type +// + +#define SERVICE_BOOT_START 0x00000000 +#define SERVICE_SYSTEM_START 0x00000001 +#define SERVICE_AUTO_START 0x00000002 +#define SERVICE_DEMAND_START 0x00000003 +#define SERVICE_DISABLED 0x00000004 + +// +// Error control type +// +#define SERVICE_ERROR_IGNORE 0x00000000 +#define SERVICE_ERROR_NORMAL 0x00000001 +#define SERVICE_ERROR_SEVERE 0x00000002 +#define SERVICE_ERROR_CRITICAL 0x00000003 + +// +// +// Define the registry driver node enumerations +// + +typedef enum _CM_SERVICE_NODE_TYPE { + DriverType = SERVICE_KERNEL_DRIVER, + FileSystemType = SERVICE_FILE_SYSTEM_DRIVER, + Win32ServiceOwnProcess = SERVICE_WIN32_OWN_PROCESS, + Win32ServiceShareProcess = SERVICE_WIN32_SHARE_PROCESS, + AdapterType = SERVICE_ADAPTER, + RecognizerType = SERVICE_RECOGNIZER_DRIVER +} SERVICE_NODE_TYPE; + +typedef enum _CM_SERVICE_LOAD_TYPE { + BootLoad = SERVICE_BOOT_START, + SystemLoad = SERVICE_SYSTEM_START, + AutoLoad = SERVICE_AUTO_START, + DemandLoad = SERVICE_DEMAND_START, + DisableLoad = SERVICE_DISABLED +} SERVICE_LOAD_TYPE; + +typedef enum _CM_ERROR_CONTROL_TYPE { + IgnoreError = SERVICE_ERROR_IGNORE, + NormalError = SERVICE_ERROR_NORMAL, + SevereError = SERVICE_ERROR_SEVERE, + CriticalError = SERVICE_ERROR_CRITICAL +} SERVICE_ERROR_TYPE; + + +// +// IOCTL_TAPE_ERASE definitions +// + +#define TAPE_ERASE_SHORT 0L +#define TAPE_ERASE_LONG 1L + +typedef struct _TAPE_ERASE { + DWORD Type; + BOOLEAN Immediate; +} TAPE_ERASE, *PTAPE_ERASE; + +// +// IOCTL_TAPE_PREPARE definitions +// + +#define TAPE_LOAD 0L +#define TAPE_UNLOAD 1L +#define TAPE_TENSION 2L +#define TAPE_LOCK 3L +#define TAPE_UNLOCK 4L +#define TAPE_FORMAT 5L + +typedef struct _TAPE_PREPARE { + DWORD Operation; + BOOLEAN Immediate; +} TAPE_PREPARE, *PTAPE_PREPARE; + +// +// IOCTL_TAPE_WRITE_MARKS definitions +// + +#define TAPE_SETMARKS 0L +#define TAPE_FILEMARKS 1L +#define TAPE_SHORT_FILEMARKS 2L +#define TAPE_LONG_FILEMARKS 3L + +typedef struct _TAPE_WRITE_MARKS { + DWORD Type; + DWORD Count; + BOOLEAN Immediate; +} TAPE_WRITE_MARKS, *PTAPE_WRITE_MARKS; + +// +// IOCTL_TAPE_GET_POSITION definitions +// + +#define TAPE_ABSOLUTE_POSITION 0L +#define TAPE_LOGICAL_POSITION 1L +#define TAPE_PSEUDO_LOGICAL_POSITION 2L + +typedef struct _TAPE_GET_POSITION { + DWORD Type; + DWORD Partition; + LARGE_INTEGER Offset; +} TAPE_GET_POSITION, *PTAPE_GET_POSITION; + +// +// IOCTL_TAPE_SET_POSITION definitions +// + +#define TAPE_REWIND 0L +#define TAPE_ABSOLUTE_BLOCK 1L +#define TAPE_LOGICAL_BLOCK 2L +#define TAPE_PSEUDO_LOGICAL_BLOCK 3L +#define TAPE_SPACE_END_OF_DATA 4L +#define TAPE_SPACE_RELATIVE_BLOCKS 5L +#define TAPE_SPACE_FILEMARKS 6L +#define TAPE_SPACE_SEQUENTIAL_FMKS 7L +#define TAPE_SPACE_SETMARKS 8L +#define TAPE_SPACE_SEQUENTIAL_SMKS 9L + +typedef struct _TAPE_SET_POSITION { + DWORD Method; + DWORD Partition; + LARGE_INTEGER Offset; + BOOLEAN Immediate; +} TAPE_SET_POSITION, *PTAPE_SET_POSITION; + +// +// IOCTL_TAPE_GET_DRIVE_PARAMS definitions +// + +// +// Definitions for FeaturesLow parameter +// + +#define TAPE_DRIVE_FIXED 0x00000001 +#define TAPE_DRIVE_SELECT 0x00000002 +#define TAPE_DRIVE_INITIATOR 0x00000004 + +#define TAPE_DRIVE_ERASE_SHORT 0x00000010 +#define TAPE_DRIVE_ERASE_LONG 0x00000020 +#define TAPE_DRIVE_ERASE_BOP_ONLY 0x00000040 +#define TAPE_DRIVE_ERASE_IMMEDIATE 0x00000080 + +#define TAPE_DRIVE_TAPE_CAPACITY 0x00000100 +#define TAPE_DRIVE_TAPE_REMAINING 0x00000200 +#define TAPE_DRIVE_FIXED_BLOCK 0x00000400 +#define TAPE_DRIVE_VARIABLE_BLOCK 0x00000800 + +#define TAPE_DRIVE_WRITE_PROTECT 0x00001000 +#define TAPE_DRIVE_EOT_WZ_SIZE 0x00002000 + +#define TAPE_DRIVE_ECC 0x00010000 +#define TAPE_DRIVE_COMPRESSION 0x00020000 +#define TAPE_DRIVE_PADDING 0x00040000 +#define TAPE_DRIVE_REPORT_SMKS 0x00080000 + +#define TAPE_DRIVE_GET_ABSOLUTE_BLK 0x00100000 +#define TAPE_DRIVE_GET_LOGICAL_BLK 0x00200000 +#define TAPE_DRIVE_SET_EOT_WZ_SIZE 0x00400000 + +#define TAPE_DRIVE_EJECT_MEDIA 0x01000000 + +#define TAPE_DRIVE_RESERVED_BIT 0x80000000 //don't use this bit! +// //can't be a low features bit! +// //reserved; high features only + +// +// Definitions for FeaturesHigh parameter +// + +#define TAPE_DRIVE_LOAD_UNLOAD 0x80000001 +#define TAPE_DRIVE_TENSION 0x80000002 +#define TAPE_DRIVE_LOCK_UNLOCK 0x80000004 +#define TAPE_DRIVE_REWIND_IMMEDIATE 0x80000008 + +#define TAPE_DRIVE_SET_BLOCK_SIZE 0x80000010 +#define TAPE_DRIVE_LOAD_UNLD_IMMED 0x80000020 +#define TAPE_DRIVE_TENSION_IMMED 0x80000040 +#define TAPE_DRIVE_LOCK_UNLK_IMMED 0x80000080 + +#define TAPE_DRIVE_SET_ECC 0x80000100 +#define TAPE_DRIVE_SET_COMPRESSION 0x80000200 +#define TAPE_DRIVE_SET_PADDING 0x80000400 +#define TAPE_DRIVE_SET_REPORT_SMKS 0x80000800 + +#define TAPE_DRIVE_ABSOLUTE_BLK 0x80001000 +#define TAPE_DRIVE_ABS_BLK_IMMED 0x80002000 +#define TAPE_DRIVE_LOGICAL_BLK 0x80004000 +#define TAPE_DRIVE_LOG_BLK_IMMED 0x80008000 + +#define TAPE_DRIVE_END_OF_DATA 0x80010000 +#define TAPE_DRIVE_RELATIVE_BLKS 0x80020000 +#define TAPE_DRIVE_FILEMARKS 0x80040000 +#define TAPE_DRIVE_SEQUENTIAL_FMKS 0x80080000 + +#define TAPE_DRIVE_SETMARKS 0x80100000 +#define TAPE_DRIVE_SEQUENTIAL_SMKS 0x80200000 +#define TAPE_DRIVE_REVERSE_POSITION 0x80400000 +#define TAPE_DRIVE_SPACE_IMMEDIATE 0x80800000 + +#define TAPE_DRIVE_WRITE_SETMARKS 0x81000000 +#define TAPE_DRIVE_WRITE_FILEMARKS 0x82000000 +#define TAPE_DRIVE_WRITE_SHORT_FMKS 0x84000000 +#define TAPE_DRIVE_WRITE_LONG_FMKS 0x88000000 + +#define TAPE_DRIVE_WRITE_MARK_IMMED 0x90000000 +#define TAPE_DRIVE_FORMAT 0xA0000000 +#define TAPE_DRIVE_FORMAT_IMMEDIATE 0xC0000000 +#define TAPE_DRIVE_HIGH_FEATURES 0x80000000 //mask for high features flag + +typedef struct _TAPE_GET_DRIVE_PARAMETERS { + BOOLEAN ECC; + BOOLEAN Compression; + BOOLEAN DataPadding; + BOOLEAN ReportSetmarks; + DWORD DefaultBlockSize; + DWORD MaximumBlockSize; + DWORD MinimumBlockSize; + DWORD MaximumPartitionCount; + DWORD FeaturesLow; + DWORD FeaturesHigh; + DWORD EOTWarningZoneSize; +} TAPE_GET_DRIVE_PARAMETERS, *PTAPE_GET_DRIVE_PARAMETERS; + +// +// IOCTL_TAPE_SET_DRIVE_PARAMETERS definitions +// + +typedef struct _TAPE_SET_DRIVE_PARAMETERS { + BOOLEAN ECC; + BOOLEAN Compression; + BOOLEAN DataPadding; + BOOLEAN ReportSetmarks; + DWORD EOTWarningZoneSize; +} TAPE_SET_DRIVE_PARAMETERS, *PTAPE_SET_DRIVE_PARAMETERS; + +// +// IOCTL_TAPE_GET_MEDIA_PARAMETERS definitions +// + +typedef struct _TAPE_GET_MEDIA_PARAMETERS { + LARGE_INTEGER Capacity; + LARGE_INTEGER Remaining; + DWORD BlockSize; + DWORD PartitionCount; + BOOLEAN WriteProtected; +} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS; + +// +// IOCTL_TAPE_SET_MEDIA_PARAMETERS definitions +// + +typedef struct _TAPE_SET_MEDIA_PARAMETERS { + DWORD BlockSize; +} TAPE_SET_MEDIA_PARAMETERS, *PTAPE_SET_MEDIA_PARAMETERS; + +// +// IOCTL_TAPE_CREATE_PARTITION definitions +// + +#define TAPE_FIXED_PARTITIONS 0L +#define TAPE_SELECT_PARTITIONS 1L +#define TAPE_INITIATOR_PARTITIONS 2L + +typedef struct _TAPE_CREATE_PARTITION { + DWORD Method; + DWORD Count; + DWORD Size; +} TAPE_CREATE_PARTITION, *PTAPE_CREATE_PARTITION; + + +#ifdef __cplusplus +} +#endif + +#endif /* _WINNT_ */ + |