--- mstools/h/winnt.h 2018/08/09 18:20:01 1.1.1.1 +++ mstools/h/winnt.h 2018/08/09 18:21:01 1.1.1.3 @@ -1,6 +1,6 @@ -/*++ BUILD Version: 0047 // Increment this if a change has global effects +/*++ BUILD Version: 0082 // Increment this if a change has global effects -Copyright (c) 1990 Microsoft Corporation +Copyright (c) 1990-1992 Microsoft Corporation Module Name: @@ -11,10 +11,6 @@ Abstract: This module defines the 32-Bit Windows types and constants that are defined by NT, but exposed through the Win32 API. -Created: - - 18-Sep-1990 - Revision History: --*/ @@ -22,6 +18,7 @@ Revision History: #ifndef _WINNT_ #define _WINNT_ +#define ANYSIZE_ARRAY 1 #ifdef MIPS #define UNALIGNED __unaligned #else @@ -41,33 +38,110 @@ typedef long LONG; #endif // -// UNICODE +// UNICODE (Wide Character) types // typedef unsigned short WCHAR; // wc, 16-bit UNICODE character -typedef WCHAR *LPWCH, *PWCH; // pwc -typedef WCHAR *LPWSTR, *PWSTR; // pwsz, 0x0000 terminated UNICODE strings only +typedef WCHAR *PWCHAR; +typedef WCHAR *LPWCH, *PWCH; +typedef CONST WCHAR *LPCWCH, *PCWCH; +typedef WCHAR *NWPSTR; +typedef WCHAR *LPWSTR, *PWSTR; + +typedef CONST WCHAR *LPCWSTR, *PCWSTR; // -// Portable UNICODE types and macros +// ANSI (Multi-byte Character) types // +typedef CHAR *PCHAR; +typedef CHAR *LPCH, *PCH; + +typedef CONST CHAR *LPCCH, *PCCH; +typedef CHAR *NPSTR; +typedef CHAR *LPSTR, *PSTR; +typedef CONST CHAR *LPCSTR, *PCSTR; + +// +// Neutral ANSI/UNICODE types and macros +// #ifdef UNICODE -typedef WCHAR TCHAR; +#ifndef _TCHAR_DEFINED +typedef WCHAR TCHAR, *PTCHAR; +#define _TCHAR_DEFINED +#endif +typedef LPWSTR LPTCH, PTCH; +typedef LPWSTR PTSTR, LPTSTR; +typedef LPCWSTR LPCTSTR; +typedef LPWSTR LP; #define TEXT(quote) L##quote #else -typedef char TCHAR; +#ifndef _TCHAR_DEFINED +typedef char TCHAR, *PTCHAR; +#define _TCHAR_DEFINED +#endif +typedef LPSTR LPTCH, PTCH; +typedef LPSTR PTSTR, LPTSTR; +typedef LPCSTR LPCTSTR; #define TEXT(quote) quote #endif -typedef TCHAR *LPTSTR; typedef SHORT *PSHORT; typedef LONG *PLONG; -typedef PVOID HANDLE; -typedef HANDLE *PHANDLE; +#ifdef STRICT +typedef const void *HANDLE; +#define DECLARE_HANDLE(name) struct name##__ { int unused; }; typedef const struct name##__ *name + +#else +typedef PVOID HANDLE; +#define DECLARE_HANDLE(name) typedef HANDLE name +#endif +typedef HANDLE *PHANDLE; +typedef char CCHAR; +/*lint -e624 */ +/*lint +e624 */ +#define APPLICATION_ERROR_MASK 0x20000000 +#define ERROR_SEVERITY_SUCCESS 0x00000000 +#define ERROR_SEVERITY_INFORMATIONAL 0x40000000 +#define ERROR_SEVERITY_WARNING 0x80000000 +#define ERROR_SEVERITY_ERROR 0xC0000000 + +typedef struct _LARGE_INTEGER { + DWORD LowPart; + LONG HighPart; +} LARGE_INTEGER, *PLARGE_INTEGER; + +typedef struct _ULARGE_INTEGER { + DWORD LowPart; + DWORD HighPart; +} ULARGE_INTEGER, *PULARGE_INTEGER; + +typedef LARGE_INTEGER LUID; +typedef LUID *PLUID; #define UNICODE_NULL ((WCHAR)0) +typedef CCHAR BOOLEAN; +typedef BOOLEAN *PBOOLEAN; +// +// Doubly linked list structure. Can be used as either a list head, or +// as link words. +// + +typedef struct _LIST_ENTRY { + struct _LIST_ENTRY *Flink; + struct _LIST_ENTRY *Blink; +} LIST_ENTRY; +typedef LIST_ENTRY *PLIST_ENTRY; + +// +// Singly linked list structure. Can be used as either a list head, or +// as link words. +// + +typedef struct _SINGLE_LIST_ENTRY { + struct _SINGLE_LIST_ENTRY *Next; +} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY; #define MINCHAR 0x80 #define MAXCHAR 0x7f #define MINSHORT 0x8000 @@ -128,18 +202,33 @@ typedef HANDLE *PHANDLE; #endif // lint or _lint -/*lint -e767 */ // Don't complain about different definitions +/*lint -e767 */ #define STATUS_WAIT_0 ((DWORD )0x00000000L) #define STATUS_ABANDONED_WAIT_0 ((DWORD )0x00000080L) +#define STATUS_USER_APC ((DWORD )0x000000C0L) #define STATUS_TIMEOUT ((DWORD )0x00000102L) #define STATUS_PENDING ((DWORD )0x00000103L) #define STATUS_DATATYPE_MISALIGNMENT ((DWORD )0x80000002L) #define STATUS_BREAKPOINT ((DWORD )0x80000003L) #define STATUS_SINGLE_STEP ((DWORD )0x80000004L) #define STATUS_ACCESS_VIOLATION ((DWORD )0xC0000005L) +#define STATUS_ILLEGAL_INSTRUCTION ((DWORD )0xC000001DL) #define STATUS_NONCONTINUABLE_EXCEPTION ((DWORD )0xC0000025L) +#define STATUS_INVALID_DISPOSITION ((DWORD )0xC0000026L) +#define STATUS_ARRAY_BOUNDS_EXCEEDED ((DWORD )0xC000008CL) +#define STATUS_FLOAT_DENORMAL_OPERAND ((DWORD )0xC000008DL) +#define STATUS_FLOAT_DIVIDE_BY_ZERO ((DWORD )0xC000008EL) +#define STATUS_FLOAT_INEXACT_RESULT ((DWORD )0xC000008FL) +#define STATUS_FLOAT_INVALID_OPERATION ((DWORD )0xC0000090L) +#define STATUS_FLOAT_OVERFLOW ((DWORD )0xC0000091L) +#define STATUS_FLOAT_STACK_CHECK ((DWORD )0xC0000092L) +#define STATUS_FLOAT_UNDERFLOW ((DWORD )0xC0000093L) +#define STATUS_INTEGER_DIVIDE_BY_ZERO ((DWORD )0xC0000094L) +#define STATUS_INTEGER_OVERFLOW ((DWORD )0xC0000095L) +#define STATUS_PRIVILEGED_INSTRUCTION ((DWORD )0xC0000096L) +#define STATUS_STACK_OVERFLOW ((DWORD )0xC00000FDL) #define STATUS_CONTROL_C_EXIT ((DWORD )0xC000013AL) -/*lint +e767 */ // Resume checking for different macro definitions +/*lint +e767 */ #define MAXIMUM_WAIT_OBJECTS 64 // Maximum number of wait objects #define MAXIMUM_SUSPEND_COUNT MAXCHAR // Maximum times thread can be suspended @@ -151,7 +240,6 @@ typedef DWORD KSPIN_LOCK; // Define the size of the 80387 save area, which is in the context frame. // -#define SIZE_OF_80387_ENVIRONMENT 108 #define SIZE_OF_80387_REGISTERS 80 // @@ -159,7 +247,7 @@ typedef DWORD KSPIN_LOCK; // #define CONTEXT_i386 0x00010000 // this assumes that i386 and -#define CONTEXT_i486 0x00010000 // i486 have identical context records +#define CONTEXT_i486 0x00010000 // i486 have identical context records #define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP #define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI @@ -168,7 +256,7 @@ typedef DWORD KSPIN_LOCK; #define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7 #define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\ - CONTEXT_SEGMENTS) + CONTEXT_SEGMENTS) typedef struct _FLOATING_SAVE_AREA { DWORD ControlWord; @@ -179,6 +267,7 @@ typedef struct _FLOATING_SAVE_AREA { DWORD DataOffset; DWORD DataSelector; BYTE RegisterArea[SIZE_OF_80387_REGISTERS]; + DWORD Cr0NpxState; } FLOATING_SAVE_AREA; typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA; @@ -481,14 +570,16 @@ __jump_unwind ( #endif // MIPS #define EXCEPTION_NONCONTINUABLE 0x1 // Noncontinuable exception -#define EXCEPTION_MAXIMUM_PARAMETERS 4 // maximum number of exception parameters +#define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters // // Exception record definition. // typedef struct _EXCEPTION_RECORD { + /*lint -e18 */ // Don't complain about different definitions DWORD ExceptionCode; + /*lint +e18 */ // Resume checking for different definitions DWORD ExceptionFlags; struct _EXCEPTION_RECORD *ExceptionRecord; PVOID ExceptionAddress; @@ -507,6 +598,8 @@ typedef struct _EXCEPTION_POINTERS { PCONTEXT ContextRecord; } EXCEPTION_POINTERS, *PEXCEPTION_POINTERS; #define PROCESS_TERMINATE (0x0001) +#define PROCESS_CREATE_THREAD (0x0002) +#define PROCESS_VM_OPERATION (0x0008) #define PROCESS_VM_READ (0x0010) #define PROCESS_VM_WRITE (0x0020) #define PROCESS_DUP_HANDLE (0x0040) @@ -515,6 +608,7 @@ typedef struct _EXCEPTION_POINTERS { #define PROCESS_QUERY_INFORMATION (0x0400) #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ 0xFFF) + #define THREAD_TERMINATE (0x0001) #define THREAD_SUSPEND_RESUME (0x0002) #define THREAD_GET_CONTEXT (0x0008) @@ -527,8 +621,10 @@ typedef struct _EXCEPTION_POINTERS { #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ 0x3FF) #define TLS_MINIMUM_AVAILABLE 64 +#define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1 #define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost #define THREAD_BASE_PRIORITY_MIN -2 // minimum thread base priority boost +#define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle #define EVENT_MODIFY_STATE 0x0002 #define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) #define MUTANT_QUERY_STATE 0x0001 @@ -537,6 +633,9 @@ typedef struct _EXCEPTION_POINTERS { MUTANT_QUERY_STATE) #define SEMAPHORE_MODIFY_STATE 0x0002 #define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) +#define TIME_ZONE_ID_UNKNOWN 0 +#define TIME_ZONE_ID_STANDARD 1 +#define TIME_ZONE_ID_DAYLIGHT 2 #define PROCESSOR_INTEL_386 386 #define PROCESSOR_INTEL_486 486 @@ -545,19 +644,6 @@ typedef struct _EXCEPTION_POINTERS { #define PROCESSOR_MIPS_R3000 3000 #define PROCESSOR_MIPS_R4000 4000 -#define PROCESSOR_STEP_A0 0x00000000 -#define PROCESSOR_STEP_B0 0x00010000 -#define PROCESSOR_STEP_C0 0x00020000 -#define PROCESSOR_STEP_D0 0x00030000 -#define PROCESSOR_STEP_E0 0x00040000 -#define PROCESSOR_STEP_F0 0x00050000 -#define PROCESSOR_STEP_G0 0x00060000 -#define PROCESSOR_STEP_H0 0x00070000 -#define PROCESSOR_STEP_I0 0x00080000 - -#define PROCESSOR_OPTION_387 0x00000001 -#define PROCESSOR_OPTION_WEITEK 0x00000002 - typedef struct _MEMORY_BASIC_INFORMATION { PVOID BaseAddress; PVOID AllocationBase; @@ -566,8 +652,7 @@ typedef struct _MEMORY_BASIC_INFORMATION DWORD State; DWORD Protect; DWORD Type; -} MEMORY_BASIC_INFORMATION; -typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION; +} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; #define SECTION_QUERY 0x0001 #define SECTION_MAP_WRITE 0x0002 #define SECTION_MAP_READ 0x0004 @@ -593,16 +678,79 @@ typedef MEMORY_BASIC_INFORMATION *PMEMOR #define FILE_ATTRIBUTE_READONLY 0x00000001 #define FILE_ATTRIBUTE_HIDDEN 0x00000002 #define FILE_ATTRIBUTE_SYSTEM 0x00000004 +#define FILE_ATTRIBUTE_DIRECTORY 0x00000010 #define FILE_ATTRIBUTE_ARCHIVE 0x00000020 #define FILE_ATTRIBUTE_NORMAL 0x00000080 +#define FILE_ATTRIBUTE_TEMPORARY 0x00000100 +#define FILE_ATTRIBUTE_ATOMIC_WRITE 0x00000200 +#define FILE_ATTRIBUTE_XACTION_WRITE 0x00000400 +#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 +#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 +#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 +#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 +#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 +#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001 #define FILE_CASE_PRESERVED_NAMES 0x00000002 #define FILE_UNICODE_ON_DISK 0x00000004 +#define FILE_PERSISTENT_ACLS 0x00000008 #define DUPLICATE_CLOSE_SOURCE 0x00000001 #define DUPLICATE_SAME_ACCESS 0x00000002 +typedef PVOID PACCESS_TOKEN; typedef PVOID PSECURITY_DESCRIPTOR; typedef PVOID PSID; -typedef DWORD ACCESS_MASK; +//////////////////////////////////////////////////////////////////////// +// // +// ACCESS MASK // +// // +//////////////////////////////////////////////////////////////////////// + +// +// Define the access mask as a longword sized structure divided up as +// follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------+---------------+-------------------------------+ +// |G|G|G|G|Res'd|A| StandardRights| SpecificRights | +// |R|W|E|A| |S| | | +// +-+-------------+---------------+-------------------------------+ +// +// typedef struct _ACCESS_MASK { +// WORD SpecificRights; +// BYTE StandardRights; +// BYTE AccessSystemAcl : 1; +// BYTE Reserved : 3; +// BYTE GenericAll : 1; +// BYTE GenericExecute : 1; +// BYTE GenericWrite : 1; +// BYTE GenericRead : 1; +// } ACCESS_MASK; +// typedef ACCESS_MASK *PACCESS_MASK; +// +// but to make life simple for programmer's we'll allow them to specify +// a desired access mask by simply OR'ing together mulitple single rights +// and treat an access mask as a ulong. For example +// +// DesiredAccess = DELETE | READ_CONTROL +// +// So we'll declare ACCESS_MASK as DWORD +// + +typedef DWORD ACCESS_MASK; +typedef ACCESS_MASK *PACCESS_MASK; + +//////////////////////////////////////////////////////////////////////// +// // +// ACCESS TYPES // +// // +//////////////////////////////////////////////////////////////////////// + + +// +// The following are masks for the predefined standard access types +// + #define DELETE (0x00010000L) #define READ_CONTROL (0x00020000L) #define WRITE_DAC (0x00040000L) @@ -639,15 +787,907 @@ typedef DWORD ACCESS_MASK; #define GENERIC_WRITE (0x40000000L) #define GENERIC_EXECUTE (0x20000000L) #define GENERIC_ALL (0x10000000L) -// Obsolete definition - not portable. -// replaced by DWORD definition below -//typedef struct _SECURITY_INFORMATION { -// DWORD Owner :1; -// DWORD Group :1; -// DWORD Dacl :1; -// DWORD Sacl :1; -// DWORD Reserved :28; -// } SECURITY_INFORMATION, *PSECURITY_INFORMATION; + + +// +// Define the generic mapping array. This is used to denote the +// mapping of each generic access right to a specific access mask. +// + +typedef struct _GENERIC_MAPPING { + ACCESS_MASK GenericRead; + ACCESS_MASK GenericWrite; + ACCESS_MASK GenericExecute; + ACCESS_MASK GenericAll; +} GENERIC_MAPPING; +typedef GENERIC_MAPPING *PGENERIC_MAPPING; + + + +//////////////////////////////////////////////////////////////////////// +// // +// LUID_AND_ATTRIBUTES // +// // +//////////////////////////////////////////////////////////////////////// +// +// + + +typedef struct _LUID_AND_ATTRIBUTES { + LUID Luid; + DWORD Attributes; + } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES; + +typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; +typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; + + +//////////////////////////////////////////////////////////////////////// +// // +// Security Id (SID) // +// // +//////////////////////////////////////////////////////////////////////// +// +// +// Pictorially the structure of an SID is as follows: +// +// 1 1 1 1 1 1 +// 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------------------------------------------------------+ +// | SubAuthorityCount |Reserved1 (SBZ)| Revision | +// +---------------------------------------------------------------+ +// | IdentifierAuthority[0] | +// +---------------------------------------------------------------+ +// | IdentifierAuthority[1] | +// +---------------------------------------------------------------+ +// | IdentifierAuthority[2] | +// +---------------------------------------------------------------+ +// | | +// +- - - - - - - - SubAuthority[] - - - - - - - - -+ +// | | +// +---------------------------------------------------------------+ +// +// + +typedef struct _SID_IDENTIFIER_AUTHORITY { + BYTE Value[6]; +} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; + + +typedef struct _SID { + BYTE Revision; + BYTE SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; +#ifdef MIDL_PASS + [size_is(SubAuthorityCount)] DWORD SubAuthority[*]; +#else // MIDL_PASS + DWORD SubAuthority[ANYSIZE_ARRAY]; +#endif // MIDL_PASS +} SID, *PISID; + + + + + + + +#define SID_REVISION (1) // Current revision level +#define SID_MAX_SUB_AUTHORITIES (15) +#define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6 + // in a future release. + +typedef enum _SID_NAME_USE { + SidTypeUser = 1, + SidTypeGroup, + SidTypeDomain, + SidTypeAlias, + SidTypeWellKnownGroup, + SidTypeDeletedAccount, + SidTypeInvalid, + SidTypeUnknown +} SID_NAME_USE, *PSID_NAME_USE; + + +typedef struct _SID_AND_ATTRIBUTES { + PSID Sid; + DWORD Attributes; + } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES; + +typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; +typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; + + + + + + + + + +///////////////////////////////////////////////////////////////////////////// +// // +// Universal well-known SIDs // +// // +// Null SID S-1-0-0 // +// World S-1-1-0 // +// Local S-1-2-0 // +// Creator Owner ID S-1-3-0 // +// Creator Group ID S-1-3-1 // +// // +///////////////////////////////////////////////////////////////////////////// + +#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} +#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} +#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} +#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} + +#define SECURITY_NULL_RID (0x00000000L) +#define SECURITY_WORLD_RID (0x00000000L) +#define SECURITY_LOCAL_RID (0X00000000L) + +#define SECURITY_CREATOR_OWNER_RID (0x00000000L) +#define SECURITY_CREATOR_GROUP_RID (0x00000001L) + + + + +///////////////////////////////////////////////////////////////////////////// +// // +// NT well-known SIDs // +// // +// NT Authority S-1-5 // +// Dialup S-1-5-1 // +// // +// Network S-1-5-2 // +// Batch S-1-5-3 // +// Interactive S-1-5-4 // +// Service S-1-5-6 // +// // +// (Logon IDs) S-1-5-5-X-Y // +// // +// (Built-in domain) s-1-5-20 // +// // +///////////////////////////////////////////////////////////////////////////// + + +#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} + +#define SECURITY_DIALUP_RID (0x00000001L) +#define SECURITY_NETWORK_RID (0x00000002L) +#define SECURITY_BATCH_RID (0x00000003L) +#define SECURITY_INTERACTIVE_RID (0x00000004L) +#define SECURITY_SERVICE_RID (0x00000006L) + +#define SECURITY_LOGON_IDS_RID (0x00000005L) +#define SECURITY_LOGON_IDS_RID_COUNT (3L) + +#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) + +#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) + + + + + +///////////////////////////////////////////////////////////////////////////// +// // +// well-known domain relative sub-authority values (RIDs)... // +// // +///////////////////////////////////////////////////////////////////////////// + +// Well-known users ... + +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) + + + +// well-known groups ... + +#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) +#define DOMAIN_GROUP_RID_USERS (0x00000201L) + + + + +// well-known aliases ... + +#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) +#define DOMAIN_ALIAS_RID_USERS (0x00000221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) + +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) + +#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) + + + + + + +// +// Allocate the System Luid. The first 1000 LUIDs are reserved. +// Use #999 here (0x3E7 = 999) +// + +#define SYSTEM_LUID {0x0, 0x3E7} + + + +//////////////////////////////////////////////////////////////////////// +// // +// User and Group related SID attributes // +// // +//////////////////////////////////////////////////////////////////////// + +// +// Group attributes +// + +#define SE_GROUP_MANDATORY (0x00000001L) +#define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L) +#define SE_GROUP_ENABLED (0x00000004L) +#define SE_GROUP_OWNER (0x00000008L) +#define SE_GROUP_LOGON_ID (0xC0000000L) + + + +// +// User attributes +// + +// (None yet defined.) + + + + +//////////////////////////////////////////////////////////////////////// +// // +// ACL and ACE // +// // +//////////////////////////////////////////////////////////////////////// + +// +// Define an ACL and the ACE format. The structure of an ACL header +// followed by one or more ACEs. Pictorally the structure of an ACL header +// is as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +-------------------------------+---------------+---------------+ +// | AclSize | Sbz1 | AclRevision | +// +-------------------------------+---------------+---------------+ +// | Sbz2 | AceCount | +// +-------------------------------+-------------------------------+ +// +// The current AclRevision is defined to be ACL_REVISION. +// +// AclSize is the size, in bytes, allocated for the ACL. This includes +// the ACL header, ACES, and remaining free space in the buffer. +// +// AceCount is the number of ACES in the ACL. +// + +// This is the *current* ACL revision + +#define ACL_REVISION (2) + +// This is the history of ACL revisions. Add a new one whenever +// ACL_REVISION is updated + +#define ACL_REVISION1 (1) +#define ACL_REVISION2 (2) + +typedef struct _ACL { + BYTE AclRevision; + BYTE Sbz1; + WORD AclSize; + WORD AceCount; + WORD Sbz2; +} ACL; +typedef ACL *PACL; + +// +// The structure of an ACE is a common ace header followed by ace type +// specific data. Pictorally the structure of the common ace header is +// as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------+-------+-------+---------------+---------------+ +// | AceSize | AceFlags | AceType | +// +---------------+-------+-------+---------------+---------------+ +// +// AceType denotes the type of the ace, there are some predefined ace +// types +// +// AceSize is the size, in bytes, of ace. +// +// AceFlags are the Ace flags for audit and inheritance, defined shortly. + +typedef struct _ACE_HEADER { + BYTE AceType; + BYTE AceFlags; + WORD AceSize; +} ACE_HEADER; +typedef ACE_HEADER *PACE_HEADER; + +// +// The following are the predefined ace types that go into the AceType +// field of an Ace header. +// + +#define ACCESS_ALLOWED_ACE_TYPE (0x0) +#define ACCESS_DENIED_ACE_TYPE (0x1) +#define SYSTEM_AUDIT_ACE_TYPE (0x2) +#define SYSTEM_ALARM_ACE_TYPE (0x3) + +// +// The following are the inherit flags that go into the AceFlags field +// of an Ace header. +// + +#define OBJECT_INHERIT_ACE (0x1) +#define CONTAINER_INHERIT_ACE (0x2) +#define NO_PROPAGATE_INHERIT_ACE (0x4) +#define INHERIT_ONLY_ACE (0x8) +#define VALID_INHERIT_FLAGS (0xF) + + +// The following are the currently defined ACE flags that go into the +// AceFlags field of an ACE header. Each ACE type has its own set of +// AceFlags. +// +// SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE +// types to indicate that a message is generated for successful accesses. +// +// FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types +// to indicate that a message is generated for failed accesses. +// + +// +// SYSTEM_AUDIT and SYSTEM_ALARM AceFlags +// +// These control the signaling of audit and alarms for success or failure. +// + +#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) +#define FAILED_ACCESS_ACE_FLAG (0x80) + + +// +// We'll define the structure of the predefined ACE types. Pictorally +// the structure of the predefined ACE's is as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------+-------+-------+---------------+---------------+ +// | AceFlags | Resd |Inherit| AceSize | AceType | +// +---------------+-------+-------+---------------+---------------+ +// | Mask | +// +---------------------------------------------------------------+ +// | | +// + + +// | | +// + Sid + +// | | +// + + +// | | +// +---------------------------------------------------------------+ +// +// Mask is the access mask associated with the ACE. This is either the +// access allowed, access denied, audit, or alarm mask. +// +// Sid is the Sid associated with the ACE. +// + +// The following are the four predefined ACE types. + +// Examine the AceType field in the Header to determine +// which structure is appropriate to use for casting. + +typedef struct _ACCESS_ALLOWED_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_ALLOWED_ACE; + +typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE; + +typedef struct _ACCESS_DENIED_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_DENIED_ACE; +typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE; + +typedef struct _SYSTEM_AUDIT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_AUDIT_ACE; +typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE; + +typedef struct _SYSTEM_ALARM_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_ALARM_ACE; +typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE; + + + +// +// The following declarations are used for setting and querying information +// about and ACL. First are the various information classes available to +// the user. +// + +typedef enum _ACL_INFORMATION_CLASS { + AclRevisionInformation = 1, + AclSizeInformation +} ACL_INFORMATION_CLASS; + +// +// This record is returned/sent if the user is requesting/setting the +// AclRevisionInformation +// + +typedef struct _ACL_REVISION_INFORMATION { + DWORD AclRevision; +} ACL_REVISION_INFORMATION; +typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION; + +// +// This record is returned if the user is requesting AclSizeInformation +// + +typedef struct _ACL_SIZE_INFORMATION { + DWORD AceCount; + DWORD AclBytesInUse; + DWORD AclBytesFree; +} ACL_SIZE_INFORMATION; +typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION; + + +//////////////////////////////////////////////////////////////////////// +// // +// SECURITY_DESCRIPTOR // +// // +//////////////////////////////////////////////////////////////////////// +// +// Define the Security Descriptor and related data types. +// This is an opaque data structure. +// + +// +// Current security descriptor revision value +// + +#define SECURITY_DESCRIPTOR_REVISION (1) +#define SECURITY_DESCRIPTOR_REVISION1 (1) + +// +// Minimum length, in bytes, needed to build a security descriptor +// (NOTE: This must manually be kept consistent with the) +// (sizeof(SECURITY_DESCRIPTOR) ) +// + +#define SECURITY_DESCRIPTOR_MIN_LENGTH (20) + + +typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + +#define SE_OWNER_DEFAULTED (0x0001) +#define SE_GROUP_DEFAULTED (0x0002) +#define SE_DACL_PRESENT (0x0004) +#define SE_DACL_DEFAULTED (0x0008) +#define SE_SACL_PRESENT (0x0010) +#define SE_SACL_DEFAULTED (0x0020) +#define SE_SELF_RELATIVE (0x8000) + +// +// Where: +// +// SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the +// SID pointed to by the Owner field was provided by a +// defaulting mechanism rather than explicitly provided by the +// original provider of the security descriptor. This may +// affect the treatment of the SID with respect to inheritence +// of an owner. +// +// SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the +// SID in the Group field was provided by a defaulting mechanism +// rather than explicitly provided by the original provider of +// the security descriptor. This may affect the treatment of +// the SID with respect to inheritence of a primary group. +// +// SE_DACL_PRESENT - This boolean flag, when set, indicates that the +// security descriptor contains a discretionary ACL. If this +// flag is set and the Dacl field of the SECURITY_DESCRIPTOR is +// null, then a null ACL is explicitly being specified. +// +// SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the +// ACL pointed to by the Dacl field was provided by a defaulting +// mechanism rather than explicitly provided by the original +// provider of the security descriptor. This may affect the +// treatment of the ACL with respect to inheritence of an ACL. +// This flag is ignored if the DaclPresent flag is not set. +// +// SE_SACL_PRESENT - This boolean flag, when set, indicates that the +// security descriptor contains a system ACL pointed to by the +// Sacl field. If this flag is set and the Sacl field of the +// SECURITY_DESCRIPTOR is null, then an empty (but present) +// ACL is being specified. +// +// SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the +// ACL pointed to by the Sacl field was provided by a defaulting +// mechanism rather than explicitly provided by the original +// provider of the security descriptor. This may affect the +// treatment of the ACL with respect to inheritence of an ACL. +// This flag is ignored if the SaclPresent flag is not set. +// +// SE_SELF_RELATIVE - This boolean flag, when set, indicates that the +// security descriptor is in self-relative form. In this form, +// all fields of the security descriptor are contiguous in memory +// and all pointer fields are expressed as offsets from the +// beginning of the security descriptor. This form is useful +// for treating security descriptors as opaque data structures +// for transmission in communication protocol or for storage on +// secondary media. +// +// +// +// Pictorially the structure of a security descriptor is as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---------------------------------------------------------------+ +// | Control |Reserved1 (SBZ)| Revision | +// +---------------------------------------------------------------+ +// | Owner | +// +---------------------------------------------------------------+ +// | Group | +// +---------------------------------------------------------------+ +// | Sacl | +// +---------------------------------------------------------------+ +// | Dacl | +// +---------------------------------------------------------------+ +// +// In general, this data structure should be treated opaquely to ensure future +// compatibility. +// +// + +typedef struct _SECURITY_DESCRIPTOR { + BYTE Revision; + BYTE Sbz1; + SECURITY_DESCRIPTOR_CONTROL Control; + PSID Owner; + PSID Group; + PACL Sacl; + PACL Dacl; + } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; + + +// Where: +// +// Revision - Contains the revision level of the security +// descriptor. This allows this structure to be passed between +// systems or stored on disk even though it is expected to +// change in the future. +// +// Control - A set of flags which qualify the meaning of the +// security descriptor or individual fields of the security +// descriptor. +// +// Owner - is a pointer to an SID representing an object's owner. +// If this field is null, then no owner SID is present in the +// security descriptor. If the security descriptor is in +// self-relative form, then this field contains an offset to +// the SID, rather than a pointer. +// +// Group - is a pointer to an SID representing an object's primary +// group. If this field is null, then no primary group SID is +// present in the security descriptor. If the security descriptor +// is in self-relative form, then this field contains an offset to +// the SID, rather than a pointer. +// +// Sacl - is a pointer to a system ACL. This field value is only +// valid if the DaclPresent control flag is set. If the +// SaclPresent flag is set and this field is null, then a null +// ACL is specified. If the security descriptor is in +// self-relative form, then this field contains an offset to +// the ACL, rather than a pointer. +// +// Dacl - is a pointer to a discretionary ACL. This field value is +// only valid if the DaclPresent control flag is set. If the +// DaclPresent flag is set and this field is null, then a null +// ACL (unconditionally granting access) is specified. If the +// security descriptor is in self-relative form, then this field +// contains an offset to the ACL, rather than a pointer. +// + + + +//////////////////////////////////////////////////////////////////////// +// // +// Privilege Related Data Structures // +// // +//////////////////////////////////////////////////////////////////////// + + +// +// Privilege attributes +// + +#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L) +#define SE_PRIVILEGE_ENABLED (0x00000002L) +#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) + + + + +// +// Privilege Set Control flags +// + +#define PRIVILEGE_SET_ALL_NECESSARY (1) + + +// +// Privilege Set - This is defined for a privilege set of one. +// If more than one privilege is needed, then this structure +// will need to be allocated with more space. +// +// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET +// structure (defined in se.h) +// + +typedef struct _PRIVILEGE_SET { + DWORD PrivilegeCount; + DWORD Control; + LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; + } PRIVILEGE_SET, * PPRIVILEGE_SET; + + +//////////////////////////////////////////////////////////////////////// +// // +// NT Defined Privileges // +// // +//////////////////////////////////////////////////////////////////////// + +#define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege") +#define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege") +#define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege") +#define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege") +#define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege") +#define SE_TCB_NAME TEXT("SeTcbPrivilege") +#define SE_SECURITY_NAME TEXT("SeSecurityPrivilege") +#define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege") +#define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege") +#define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege") +#define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege") +#define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege") +#define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege") +#define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege") +#define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege") +#define SE_BACKUP_NAME TEXT("SeBackupPrivilege") +#define SE_RESTORE_NAME TEXT("SeRestorePrivilege") +#define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege") +#define SE_DEBUG_NAME TEXT("SeDebugPrivilege") +#define SE_AUDIT_NAME TEXT("SeAuditPrivilege") +#define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege") +#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege") +#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege") + + +//////////////////////////////////////////////////////////////////// +// // +// Security Quality Of Service // +// // +// // +//////////////////////////////////////////////////////////////////// + +// +// Impersonation Level +// +// Impersonation level is represented by a pair of bits in Windows. +// If a new impersonation level is added or lowest value is changed from +// 0 to something else, fix the Windows CreateFile call. +// + +typedef enum _SECURITY_IMPERSONATION_LEVEL { + SecurityAnonymous, + SecurityIdentification, + SecurityImpersonation, + SecurityDelegation + } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; + +#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation + +#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation + + +// +// Security Tracking Mode +// + +#define SECURITY_DYNAMIC_TRACKING (TRUE) +#define SECURITY_STATIC_TRACKING (FALSE) + +typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, + * PSECURITY_CONTEXT_TRACKING_MODE; + + + +// +// Quality Of Service +// + +typedef struct _SECURITY_QUALITY_OF_SERVICE { + DWORD Length; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; + BOOLEAN EffectiveOnly; + } SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE; + + +// +// Used to represent information related to a thread impersonation +// + +typedef struct _SE_IMPERSONATION_STATE { + PACCESS_TOKEN Token; + BOOLEAN CopyOnOpen; + BOOLEAN EffectiveOnly; + SECURITY_IMPERSONATION_LEVEL Level; +} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; + + +//////////////////////////////////////////////////////////////////// +// // +// Token Object Definitions // +// // +// // +//////////////////////////////////////////////////////////////////// + + +// +// Token Specific Access Rights. +// + +#define TOKEN_ASSIGN_PRIMARY (0x0001) +#define TOKEN_DUPLICATE (0x0002) +#define TOKEN_IMPERSONATE (0x0004) +#define TOKEN_QUERY (0x0008) +#define TOKEN_QUERY_SOURCE (0x0010) +#define TOKEN_ADJUST_PRIVILEGES (0x0020) +#define TOKEN_ADJUST_GROUPS (0x0040) +#define TOKEN_ADJUST_DEFAULT (0x0080) + +#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ + TOKEN_ASSIGN_PRIMARY |\ + TOKEN_DUPLICATE |\ + TOKEN_IMPERSONATE |\ + TOKEN_QUERY |\ + TOKEN_QUERY_SOURCE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + + +#define TOKEN_READ (STANDARD_RIGHTS_READ |\ + TOKEN_QUERY) + + +#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + +#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE |\ + TOKEN_IMPERSONATE) + + +// +// Token Types +// + +typedef enum _TOKEN_TYPE { + TokenPrimary = 1, + TokenImpersonation + } TOKEN_TYPE; +typedef TOKEN_TYPE *PTOKEN_TYPE; + + +// +// Token Information Classes. +// + + +typedef enum _TOKEN_INFORMATION_CLASS { + TokenUser = 1, + TokenGroups, + TokenPrivileges, + TokenOwner, + TokenPrimaryGroup, + TokenDefaultDacl, + TokenSource, + TokenType, + TokenImpersonationLevel, + TokenStatistics +} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; + +// +// Token information class structures +// + +typedef struct _TOKEN_USER { + SID_AND_ATTRIBUTES User; +} TOKEN_USER, *PTOKEN_USER; + + +typedef struct _TOKEN_GROUPS { + DWORD GroupCount; + SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; +} TOKEN_GROUPS, *PTOKEN_GROUPS; + + +typedef struct _TOKEN_PRIVILEGES { + DWORD PrivilegeCount; + LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; +} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; + + +typedef struct _TOKEN_OWNER { + PSID Owner; +} TOKEN_OWNER, *PTOKEN_OWNER; + + +typedef struct _TOKEN_PRIMARY_GROUP { + PSID PrimaryGroup; +} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP; + + +typedef struct _TOKEN_DEFAULT_DACL { + PACL DefaultDacl; +} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL; + + + +#define TOKEN_SOURCE_LENGTH 8 + +typedef struct _TOKEN_SOURCE { + CHAR SourceName[TOKEN_SOURCE_LENGTH]; + LUID SourceIdentifier; +} TOKEN_SOURCE, *PTOKEN_SOURCE; + + +typedef struct _TOKEN_STATISTICS { + LUID TokenId; + LUID AuthenticationId; + LARGE_INTEGER ExpirationTime; + TOKEN_TYPE TokenType; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + DWORD DynamicCharged; + DWORD DynamicAvailable; + DWORD GroupCount; + DWORD PrivilegeCount; + LUID ModifiedId; +} TOKEN_STATISTICS, *PTOKEN_STATISTICS; + + +typedef struct _TOKEN_CONTROL { + LUID TokenId; + LUID AuthenticationId; + LUID ModifiedId; + TOKEN_SOURCE TokenSource; + } TOKEN_CONTROL, *PTOKEN_CONTROL; typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; @@ -656,14 +1696,24 @@ typedef DWORD SECURITY_INFORMATION, *PSE #define GROUP_SECURITY_INFORMATION (0X00000002L) #define DACL_SECURITY_INFORMATION (0X00000004L) #define SACL_SECURITY_INFORMATION (0X00000008L) -#define HEAP_SERIALIZE 0x00000001 -typedef struct _RTL_CRITICAL_SECTION { +#define HEAP_SERIALIZE 0x00000001 +typedef struct _RTL_CRITICAL_SECTION_DEBUG { + WORD Type; + WORD CreatorBackTraceIndex; + struct _RTL_CRITICAL_SECTION *CriticalSection; + LIST_ENTRY ProcessLocksList; + DWORD EntryCount; + DWORD ContentionCount; + DWORD Depth; + PVOID OwnerBackTrace[ 5 ]; +} RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG; - PVOID CallingAddress; - PVOID CallersCaller; - PVOID Spare[5]; +#define RTL_CRITSECT_TYPE 0 +#define RTL_RESOURCE_TYPE 1 +typedef struct _RTL_CRITICAL_SECTION { + PRTL_CRITICAL_SECTION_DEBUG DebugInfo; // // The following three fields control entering and exiting the critical @@ -674,10 +1724,8 @@ typedef struct _RTL_CRITICAL_SECTION { LONG RecursionCount; HANDLE OwningThread; // from the thread's ClientId->UniqueThread HANDLE LockSemaphore; - KSPIN_LOCK SpinLock; - -} RTL_CRITICAL_SECTION; -typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION; + DWORD Reserved; +} RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION; #define DLL_PROCESS_ATTACH 1 #define DLL_THREAD_ATTACH 2 #define DLL_THREAD_DETACH 3 @@ -686,22 +1734,1214 @@ typedef RTL_CRITICAL_SECTION *PRTL_CRITI // // Defines for the READ flags for Eventlogging // -#define EVENTLOG_SEQUENTIAL_READ 0X0001 -#define EVENTLOG_SEEK_READ 0X0002 -#define EVENTLOG_FORWARDS_READ 0X0004 -#define EVENTLOG_BACKWARDS_READ 0X0008 +#define EVENTLOG_SEQUENTIAL_READ 0X0001 +#define EVENTLOG_SEEK_READ 0X0002 +#define EVENTLOG_FORWARDS_READ 0X0004 +#define EVENTLOG_BACKWARDS_READ 0X0008 // // The types of events that can be logged. // -#define EVENTLOG_ERROR_TYPE 0x0001 -#define EVENTLOG_WARNING_TYPE 0x0002 -#define EVENTLOG_INFORMATION_TYPE 0x0003 +#define EVENTLOG_SUCCESS 0X0000 +#define EVENTLOG_ERROR_TYPE 0x0001 +#define EVENTLOG_WARNING_TYPE 0x0002 +#define EVENTLOG_INFORMATION_TYPE 0x0004 +#define EVENTLOG_AUDIT_SUCCESS 0x0008 +#define EVENTLOG_AUDIT_FAILURE 0x0010 + +// +// Defines for the WRITE flags used by Auditing for paired events +// These are not implemented in Product 1 +// + +#define EVENTLOG_START_PAIRED_EVENT 0x0001 +#define EVENTLOG_END_PAIRED_EVENT 0x0002 +#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004 +#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008 +#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x000C + +// +// Structure that defines the header of the Eventlog record. This is the +// fixed-sized portion before all the variable-length strings, binary +// data and pad bytes. +// +// TimeGenerated is the time it was generated at the client. +// TimeWritten is the time it was put into the log at the server end. +// + +typedef struct _EVENTLOGRECORD { + DWORD Length; // Length of full record + DWORD Reserved; // Used by the service + DWORD RecordNumber; // Absolute record number + DWORD TimeGenerated; // Seconds since 1-1-1970 + DWORD TimeWritten; // Seconds since 1-1-1970 + DWORD EventID; + WORD EventType; + WORD NumStrings; + WORD EventCategory; + WORD ReservedFlags; // For use with paired events (auditing) + DWORD ClosingRecordNumber; // For use with paired events (auditing) + DWORD StringOffset; // Offset from beginning of record + DWORD UserSidLength; + DWORD UserSidOffset; + DWORD DataLength; + DWORD DataOffset; // Offset from beginning of record + // + // Then follow: + // + // WCHAR SourceName[] + // WCHAR Computername[] + // SID UserSid + // WCHAR Strings[] + // BYTE Data[] + // CHAR Pad[] + // DWORD Length; + // +} EVENTLOGRECORD, *PEVENTLOGRECORD; #define DBG_CONTINUE ((DWORD )0x00010002L) #define DBG_TERMINATE_THREAD ((DWORD )0x40010003L) #define DBG_TERMINATE_PROCESS ((DWORD )0x40010004L) #define DBG_CONTROL_C ((DWORD )0x40010005L) #define DBG_EXCEPTION_NOT_HANDLED ((DWORD )0x80010001L) +// + +// +// Registry Specific Access Rights. +// + +#define KEY_QUERY_VALUE (0x0001) +#define KEY_SET_VALUE (0x0002) +#define KEY_CREATE_SUB_KEY (0x0004) +#define KEY_ENUMERATE_SUB_KEYS (0x0008) +#define KEY_NOTIFY (0x0010) +#define KEY_CREATE_LINK (0x0020) + +#define KEY_READ ((STANDARD_RIGHTS_READ |\ + KEY_QUERY_VALUE |\ + KEY_ENUMERATE_SUB_KEYS |\ + KEY_NOTIFY) \ + & \ + (~SYNCHRONIZE)) + + +#define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\ + KEY_SET_VALUE |\ + KEY_CREATE_SUB_KEY) \ + & \ + (~SYNCHRONIZE)) + +#define KEY_EXECUTE ((KEY_READ) \ + & \ + (~SYNCHRONIZE)) + +#define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\ + KEY_QUERY_VALUE |\ + KEY_SET_VALUE |\ + KEY_CREATE_SUB_KEY |\ + KEY_ENUMERATE_SUB_KEYS |\ + KEY_NOTIFY |\ + KEY_CREATE_LINK) \ + & \ + (~SYNCHRONIZE)) + + + +// +// Open/Create Options +// + +#define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved + +#define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved + // when system is rebooted + +#define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved + // when system is rebooted + +#define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a + // symbolic link + +// +// Key creation/open disposition +// + +#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created +#define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened + +// +// Key restore flags +// + +#define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile + +// +// Notify filter values +// +#define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child) +#define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L) +#define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp +#define REG_NOTIFY_CHANGE_SECURITY (0x00000008L) + +#define REG_LEGAL_CHANGE_FILTER \ + (REG_NOTIFY_CHANGE_NAME |\ + REG_NOTIFY_CHANGE_ATTRIBUTES |\ + REG_NOTIFY_CHANGE_LAST_SET |\ + REG_NOTIFY_CHANGE_SECURITY) + +// +// + +// +// Predefined Value Types. +// + +#define REG_NONE ( 0 ) // No value type +#define REG_SZ ( 1 ) // Unicode nul terminated string +#define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string + // (with environment variable references) +#define REG_BINARY ( 3 ) // Free form binary +#define REG_DWORD ( 4 ) // 32-bit number +#define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD) +#define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number +#define REG_LINK ( 6 ) // Symbolic Link (unicode) +#define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings +#define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map +#define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description + + +// +// Service Types (Bit Mask) +// +#define SERVICE_KERNEL_DRIVER 0x00000001 +#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 +#define SERVICE_DRIVER (SERVICE_KERNEL_DRIVER | \ + SERVICE_FILE_SYSTEM_DRIVER) + +#define SERVICE_ADAPTER 0x00000004 + +#define SERVICE_WIN32_OWN_PROCESS 0x00000010 +#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 +#define SERVICE_WIN32 (SERVICE_WIN32_OWN_PROCESS | \ + SERVICE_WIN32_SHARE_PROCESS) + +#define SERVICE_TYPE_ALL (SERVICE_WIN32 | \ + SERVICE_ADAPTER | \ + SERVICE_DRIVER) + +// +// Start Type +// + +#define SERVICE_BOOT_START 0x00000000 +#define SERVICE_SYSTEM_START 0x00000001 +#define SERVICE_AUTO_START 0x00000002 +#define SERVICE_DEMAND_START 0x00000003 +#define SERVICE_DISABLED 0x00000004 + +// +// Error control type +// + +#define SERVICE_ERROR_NORMAL 0x00000001 +#define SERVICE_ERROR_SEVERE 0x00000002 +#define SERVICE_ERROR_CRITICAL 0x00000003 + +// +// +// Define the registry driver node enumerations +// + +typedef enum _CM_SERVICE_NODE_TYPE { + DriverType = SERVICE_KERNEL_DRIVER, + FileSystemType = SERVICE_FILE_SYSTEM_DRIVER, + Win32ServiceOwnProcess = SERVICE_WIN32_OWN_PROCESS, + Win32ServiceShareProcess = SERVICE_WIN32_SHARE_PROCESS, + AdapterType = SERVICE_ADAPTER +} SERVICE_NODE_TYPE; + +typedef enum _CM_SERVICE_LOAD_TYPE { + BootLoad = SERVICE_BOOT_START, + SystemLoad = SERVICE_SYSTEM_START, + AutoLoad = SERVICE_AUTO_START, + DemandLoad = SERVICE_DEMAND_START, + DisableLoad = SERVICE_DISABLED +} SERVICE_LOAD_TYPE; + +typedef enum _CM_ERROR_CONTROL_TYPE { + NormalError = SERVICE_ERROR_NORMAL, + SevereError = SERVICE_ERROR_SEVERE, + CriticalError = SERVICE_ERROR_CRITICAL +} SERVICE_ERROR_TYPE; + +// + +// +// IOCTL_TAPE_ERASE definitions +// + +#define TAPE_ERASE_SHORT 0L +#define TAPE_ERASE_SHORT_IMMED 1L +#define TAPE_ERASE_LONG 2L +#define TAPE_ERASE_LONG_IMMED 3L + +typedef struct _TAPE_ERASE { + DWORD Type; +} TAPE_ERASE, *PTAPE_ERASE; + +// +// IOCTL_TAPE_PREPARE definitions +// + +#define TAPE_LOAD 0L +#define TAPE_LOAD_IMMED 1L +#define TAPE_UNLOAD 2L +#define TAPE_UNLOAD_IMMED 3L +#define TAPE_TENSION 4L +#define TAPE_TENSION_IMMED 5L +#define TAPE_LOCK 6L +#define TAPE_UNLOCK 7L +typedef struct _TAPE_PREPARE { + DWORD Operation; +} TAPE_PREPARE, *PTAPE_PREPARE; + +// +// IOCTL_TAPE_WRITE_MARKS definitions +// + +#define TAPE_SETMARKS 0L +#define TAPE_SETMARKS_IMMED 1L +#define TAPE_FILEMARKS 2L +#define TAPE_FILEMARKS_IMMED 3L +#define TAPE_SHORT_FILEMARKS 4L +#define TAPE_SHORT_FILEMARKS_IMMED 5L +#define TAPE_LONG_FILEMARKS 6L +#define TAPE_LONG_FILEMARKS_IMMED 7L + +typedef struct _TAPE_WRITE_MARKS { + DWORD Type; + DWORD Count; +} TAPE_WRITE_MARKS, *PTAPE_WRITE_MARKS; + +// +// IOCTL_TAPE_GET_POSITION definitions +// + +#define TAPE_ABSOLUTE_POSITION 0L +#define TAPE_LOGICAL_POSITION 1L + +typedef struct _TAPE_GET_POSITION { + DWORD Type; + DWORD Partition; + DWORD OffsetLow; + DWORD OffsetHigh; +} TAPE_GET_POSITION, *PTAPE_GET_POSITION; + +// +// IOCTL_TAPE_SET_POSITION definitions +// + +#define TAPE_REWIND 0L +#define TAPE_REWIND_IMMED 1L +#define TAPE_ABSOLUTE_BLOCK 2L +#define TAPE_ABSOLUTE_BLOCK_IMMED 3L +#define TAPE_LOGICAL_BLOCK 4L +#define TAPE_LOGICAL_BLOCK_IMMED 5L +#define TAPE_SPACE_END_OF_DATA 6L +#define TAPE_SPACE_RELATIVE_BLOCKS 7L +#define TAPE_SPACE_FILEMARKS 8L +#define TAPE_SPACE_SEQUENTIAL_FMKS 9L +#define TAPE_SPACE_SETMARKS 10L +#define TAPE_SPACE_SEQUENTIAL_SMKS 11L + +typedef struct _TAPE_SET_POSITION { + DWORD Method; + DWORD Partition; + DWORD OffsetLow; + DWORD OffsetHigh; +} TAPE_SET_POSITION, *PTAPE_SET_POSITION; + +// +// IOCTL_TAPE_GET_DRIVE_PARAMS definitions +// + +// +// Definitions for FeaturesLow parameter +// + +#define TAPE_DRIVE_FIXED 0x00000001 +#define TAPE_DRIVE_SELECT 0x00000002 +#define TAPE_DRIVE_INITIATOR 0x00000004 + +#define TAPE_DRIVE_ERASE_SHORT 0x00000010 +#define TAPE_DRIVE_ERASE_LONG 0x00000020 +#define TAPE_DRIVE_ERASE_BOP_ONLY 0x00000040 + +#define TAPE_DRIVE_TAPE_CAPACITY 0x00000100 +#define TAPE_DRIVE_TAPE_REMAINING 0x00000200 +#define TAPE_DRIVE_FIXED_BLOCK 0x00000400 +#define TAPE_DRIVE_VARIABLE_BLOCK 0x00000800 +#define TAPE_DRIVE_WRITE_PROTECT 0x00001000 + +#define TAPE_DRIVE_ECC 0x00010000 +#define TAPE_DRIVE_COMPRESSION 0x00020000 +#define TAPE_DRIVE_PADDING 0x00040000 +#define TAPE_DRIVE_REPORT_SMKS 0x00080000 + +#define TAPE_DRIVE_GET_ABSOLUTE_BLK 0x00100000 +#define TAPE_DRIVE_GET_LOGICAL_BLK 0x00200000 + +// +// Definitions for FeaturesHigh parameter +// + +#define TAPE_DRIVE_LOAD_UNLOAD 0x00000001 +#define TAPE_DRIVE_TENSION 0x00000002 +#define TAPE_DRIVE_LOCK_UNLOCK 0x00000004 + +#define TAPE_DRIVE_SET_BLOCK_SIZE 0x00000010 + +#define TAPE_DRIVE_SET_ECC 0x00000100 +#define TAPE_DRIVE_SET_COMPRESSION 0x00000200 +#define TAPE_DRIVE_SET_PADDING 0x00000400 +#define TAPE_DRIVE_SET_REPORT_SMKS 0x00000800 + +#define TAPE_DRIVE_ABSOLUTE_BLK 0x00001000 +#define TAPE_DRIVE_ABS_BLK_IMMED 0x00002000 +#define TAPE_DRIVE_LOGICAL_BLK 0x00004000 +#define TAPE_DRIVE_LOG_BLK_IMMED 0x00008000 +#define TAPE_DRIVE_END_OF_DATA 0x00010000 +#define TAPE_DRIVE_RELATIVE_BLKS 0x00020000 +#define TAPE_DRIVE_FILEMARKS 0x00040000 +#define TAPE_DRIVE_SEQUENTIAL_FMKS 0x00080000 +#define TAPE_DRIVE_SETMARKS 0x00100000 +#define TAPE_DRIVE_SEQUENTIAL_SMKS 0x00200000 +#define TAPE_DRIVE_REVERSE_POSITION 0x00400000 + +#define TAPE_DRIVE_WRITE_SETMARKS 0x01000000 +#define TAPE_DRIVE_WRITE_FILEMARKS 0x02000000 +#define TAPE_DRIVE_WRITE_SHORT_FMKS 0x04000000 +#define TAPE_DRIVE_WRITE_LONG_FMKS 0x08000000 + +typedef struct _TAPE_GET_DRIVE_PARAMETERS { + BOOLEAN ECC; + BOOLEAN Compression; + BOOLEAN DataPadding; + BOOLEAN ReportSetmarks; + DWORD DefaultBlockSize; + DWORD MaximumBlockSize; + DWORD MinimumBlockSize; + DWORD MaximumPartitionCount; + DWORD FeaturesLow; + DWORD FeaturesHigh; +} TAPE_GET_DRIVE_PARAMETERS, *PTAPE_GET_DRIVE_PARAMETERS; + +// +// IOCTL_TAPE_SET_DRIVE_PARAMETERS definitions +// + +typedef struct _TAPE_SET_DRIVE_PARAMETERS { + BOOLEAN ECC; + BOOLEAN Compression; + BOOLEAN DataPadding; + BOOLEAN ReportSetmarks; +} TAPE_SET_DRIVE_PARAMETERS, *PTAPE_SET_DRIVE_PARAMETERS; + +// +// IOCTL_TAPE_GET_MEDIA_PARAMETERS definitions +// + +typedef struct _TAPE_GET_MEDIA_PARAMETERS { + DWORD CapacityLow; + DWORD CapacityHigh; + DWORD RemainingLow; + DWORD RemainingHigh; + DWORD BlockSize; + DWORD PartitionCount; + BOOLEAN WriteProtected; +} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS; + +// +// IOCTL_TAPE_SET_MEDIA_PARAMETERS definitions +// + +typedef struct _TAPE_SET_MEDIA_PARAMETERS { + DWORD BlockSize; +} TAPE_SET_MEDIA_PARAMETERS, *PTAPE_SET_MEDIA_PARAMETERS; + +// +// IOCTL_TAPE_CREATE_PARTITION definitions +// + +#define TAPE_FIXED_PARTITIONS 0L +#define TAPE_SELECT_PARTITIONS 1L +#define TAPE_INITIATOR_PARTITIONS 2L + +typedef struct _TAPE_CREATE_PARTITION { + DWORD Method; + DWORD Count; + DWORD Size; +} TAPE_CREATE_PARTITION, *PTAPE_CREATE_PARTITION; + + + +// +// Image Format +// + +#ifndef RC_INVOKED +#pragma pack (1) +#endif // !RC_INVOKED + +#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ +#define IMAGE_OS2_SIGNATURE 0x454E // NE +#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE +#define IMAGE_NT_SIGNATURE 0x00004550 // PE00 + +typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header + WORD e_magic; // Magic number + WORD e_cblp; // Bytes on last page of file + WORD e_cp; // Pages in file + WORD e_crlc; // Relocations + WORD e_cparhdr; // Size of header in paragraphs + WORD e_minalloc; // Minimum extra paragraphs needed + WORD e_maxalloc; // Maximum extra paragraphs needed + WORD e_ss; // Initial (relative) SS value + WORD e_sp; // Initial SP value + WORD e_csum; // Checksum + WORD e_ip; // Initial IP value + WORD e_cs; // Initial (relative) CS value + WORD e_lfarlc; // File address of relocation table + WORD e_ovno; // Overlay number + WORD e_res[4]; // Reserved words + WORD e_oemid; // OEM identifier (for e_oeminfo) + WORD e_oeminfo; // OEM information; e_oemid specific + WORD e_res2[10]; // Reserved words + LONG e_lfanew; // File address of new exe header + } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; + +typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header + WORD ne_magic; // Magic number + CHAR ne_ver; // Version number + CHAR ne_rev; // Revision number + WORD ne_enttab; // Offset of Entry Table + WORD ne_cbenttab; // Number of bytes in Entry Table + LONG ne_crc; // Checksum of whole file + WORD ne_flags; // Flag word + WORD ne_autodata; // Automatic data segment number + WORD ne_heap; // Initial heap allocation + WORD ne_stack; // Initial stack allocation + LONG ne_csip; // Initial CS:IP setting + LONG ne_sssp; // Initial SS:SP setting + WORD ne_cseg; // Count of file segments + WORD ne_cmod; // Entries in Module Reference Table + WORD ne_cbnrestab; // Size of non-resident name table + WORD ne_segtab; // Offset of Segment Table + WORD ne_rsrctab; // Offset of Resource Table + WORD ne_restab; // Offset of resident name table + WORD ne_modtab; // Offset of Module Reference Table + WORD ne_imptab; // Offset of Imported Names Table + LONG ne_nrestab; // Offset of Non-resident Names Table + WORD ne_cmovent; // Count of movable entries + WORD ne_align; // Segment alignment shift count + WORD ne_cres; // Count of resource segments + BYTE ne_exetyp; // Target Operating system + BYTE ne_flagsothers; // Other .EXE flags + WORD ne_pretthunks; // offset to return thunks + WORD ne_psegrefbytes; // offset to segment ref. bytes + WORD ne_swaparea; // Minimum code swap area size + WORD ne_expver; // Expected Windows version number + } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER; + +// +// File header format. +// + +typedef struct _IMAGE_FILE_HEADER { + WORD Machine; + WORD NumberOfSections; + DWORD TimeDateStamp; + DWORD PointerToSymbolTable; + DWORD NumberOfSymbols; + WORD SizeOfOptionalHeader; + WORD Characteristics; +} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; + +#define IMAGE_SIZEOF_FILE_HEADER 20 + +#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. +#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). +#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. +#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. +#define IMAGE_FILE_MINIMAL_OBJECT 0x0010 // Reserved. +#define IMAGE_FILE_UPDATE_OBJECT 0x0020 // Reserved. +#define IMAGE_FILE_16BIT_MACHINE 0x0040 // 16 bit word machine. +#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. +#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. +#define IMAGE_FILE_PATCH 0x0400 // Reserved. +#define IMAGE_FILE_SYSTEM 0x1000 // System File. +#define IMAGE_FILE_DLL 0x2000 // File is a DLL. +#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. + +#define IMAGE_FILE_MACHINE_UNKNOWN 0 +#define IMAGE_FILE_MACHINE_I860 0x14d // Intel 860. +#define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. +#define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0540 big-endian +#define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian + +// +// Directory format. +// + +typedef struct _IMAGE_DATA_DIRECTORY { + DWORD VirtualAddress; + DWORD Size; +} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; + +#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 + +// +// Optional header format. +// + +typedef struct _IMAGE_OPTIONAL_HEADER { + // + // Standard fields. + // + + WORD Magic; + BYTE MajorLinkerVersion; + BYTE MinorLinkerVersion; + DWORD SizeOfCode; + DWORD SizeOfInitializedData; + DWORD SizeOfUninitializedData; + DWORD AddressOfEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; + + // + // NT additional fields. + // + + DWORD ImageBase; + DWORD SectionAlignment; + DWORD FileAlignment; + WORD MajorOperatingSystemVersion; + WORD MinorOperatingSystemVersion; + WORD MajorImageVersion; + WORD MinorImageVersion; + WORD MajorSubsystemVersion; + WORD MinorSubsystemVersion; + DWORD Reserved1; + DWORD SizeOfImage; + DWORD SizeOfHeaders; + DWORD CheckSum; + WORD Subsystem; + WORD DllCharacteristics; + DWORD SizeOfStackReserve; + DWORD SizeOfStackCommit; + DWORD SizeOfHeapReserve; + DWORD SizeOfHeapCommit; + DWORD AddressOfTlsIndex; + DWORD NumberOfRvaAndSizes; + IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; +} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; + +#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28 +#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224 + +typedef struct _IMAGE_NT_HEADERS { + DWORD Signature; + IMAGE_FILE_HEADER FileHeader; + IMAGE_OPTIONAL_HEADER OptionalHeader; +} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS; + +#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ + ((DWORD)ntheader + \ + FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \ + ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \ + )) + + +// Subsystem Values + +#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. +#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. +#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. +#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. +#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. +#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem. + +// Dll Characteristics + +#define IMAGE_LIBRARY_PROCESS_INIT 1 // Dll has a process initialization routine. +#define IMAGE_LIBRARY_PROCESS_TERM 2 // Dll has a thread termination routine. +#define IMAGE_LIBRARY_THREAD_INIT 4 // Dll has a thread initialization routine. +#define IMAGE_LIBRARY_THREAD_TERM 8 // Dll has a thread termination routine. + +// Directory Entries + +#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory +#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory +#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory +#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory +#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory +#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table +#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory +#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String +#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) +#define IMAGE_DIRECTORY_ENTRY_THREAD_SPACE 9 // Thread Local Storage +#define IMAGE_DIRECTORY_ENTRY_CALLBACKS 10 // Other interesting entrypoints + +// +// Section header format. +// + +#define IMAGE_SIZEOF_SHORT_NAME 8 + +typedef struct _IMAGE_SECTION_HEADER { + BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; + union { + DWORD PhysicalAddress; + DWORD VirtualSize; + } Misc; + DWORD VirtualAddress; + DWORD SizeOfRawData; + DWORD PointerToRawData; + DWORD PointerToRelocations; + DWORD PointerToLinenumbers; + WORD NumberOfRelocations; + WORD NumberOfLinenumbers; + DWORD Characteristics; +} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; + +#define IMAGE_SIZEOF_SECTION_HEADER 40 + +#define IMAGE_SCN_TYPE_REGULAR 0x00000000 // +#define IMAGE_SCN_TYPE_DUMMY 0x00000001 // Reserved. +#define IMAGE_SCN_TYPE_NO_LOAD 0x00000002 // +#define IMAGE_SCN_TYPE_GROUPED 0x00000004 // Used for 16-bit offset code. +#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Specifies if section should not be padded to next boundary. +#define IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved. +#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. +#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. +#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. +#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. +#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. +#define IMAGE_SCN_LNK_OVERLAY 0x00000400 // Section contains an overlay. +#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. +#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. +#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. +#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. +#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. +#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. +#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. +#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. +#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. + +// +// Symbol format. +// + +typedef struct _IMAGE_SYMBOL { + union { + BYTE ShortName[8]; + struct { + DWORD Short; // if 0, use LongName + DWORD Long; // offset into string table + } Name; + PBYTE LongName[2]; + } N; + DWORD Value; + SHORT SectionNumber; + WORD Type; + BYTE StorageClass; + BYTE NumberOfAuxSymbols; +} IMAGE_SYMBOL; +typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL; + +#define IMAGE_SIZEOF_SYMBOL 18 + +// +// Section values. +// +// Symbols have a section number of the section in which they are +// defined. Otherwise, section numbers have the following meanings: +// + +#define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common. +#define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value. +#define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item. + +// +// Type (fundamental) values. +// + +#define IMAGE_SYM_TYPE_NULL 0 // no type. +#define IMAGE_SYM_TYPE_VOID 1 // +#define IMAGE_SYM_TYPE_CHAR 2 // type character. +#define IMAGE_SYM_TYPE_SHORT 3 // type short integer. +#define IMAGE_SYM_TYPE_INT 4 // +#define IMAGE_SYM_TYPE_LONG 5 // +#define IMAGE_SYM_TYPE_FLOAT 6 // +#define IMAGE_SYM_TYPE_DOUBLE 7 // +#define IMAGE_SYM_TYPE_STRUCT 8 // +#define IMAGE_SYM_TYPE_UNION 9 // +#define IMAGE_SYM_TYPE_ENUM 10 // enumeration. +#define IMAGE_SYM_TYPE_MOE 11 // member of enumeration. +#define IMAGE_SYM_TYPE_BYTE 12 // +#define IMAGE_SYM_TYPE_WORD 13 // +#define IMAGE_SYM_TYPE_UINT 14 // +#define IMAGE_SYM_TYPE_DWORD 15 // + +// +// Type (derived) values. +// + +#define IMAGE_SYM_DTYPE_NULL 0 // no derived type. +#define IMAGE_SYM_DTYPE_POINTER 1 // pointer. +#define IMAGE_SYM_DTYPE_FUNCTION 2 // function. +#define IMAGE_SYM_DTYPE_ARRAY 3 // array. + +// +// Storage classes. +// + +#define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1 +#define IMAGE_SYM_CLASS_NULL 0 +#define IMAGE_SYM_CLASS_AUTOMATIC 1 +#define IMAGE_SYM_CLASS_EXTERNAL 2 +#define IMAGE_SYM_CLASS_STATIC 3 +#define IMAGE_SYM_CLASS_REGISTER 4 +#define IMAGE_SYM_CLASS_EXTERNAL_DEF 5 +#define IMAGE_SYM_CLASS_LABEL 6 +#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 7 +#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 8 +#define IMAGE_SYM_CLASS_ARGUMENT 9 +#define IMAGE_SYM_CLASS_STRUCT_TAG 10 +#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 11 +#define IMAGE_SYM_CLASS_UNION_TAG 12 +#define IMAGE_SYM_CLASS_TYPE_DEFINITION 13 +#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 14 +#define IMAGE_SYM_CLASS_ENUM_TAG 15 +#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 16 +#define IMAGE_SYM_CLASS_REGISTER_PARAM 17 +#define IMAGE_SYM_CLASS_BIT_FIELD 18 +#define IMAGE_SYM_CLASS_BLOCK 100 +#define IMAGE_SYM_CLASS_FUNCTION 101 +#define IMAGE_SYM_CLASS_END_OF_STRUCT 102 +#define IMAGE_SYM_CLASS_FILE 103 +// new +#define IMAGE_SYM_CLASS_SECTION 104 +#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 105 + +// type packing constants + +#define N_BTMASK 017 +#define N_TMASK 060 +#define N_TMASK1 0300 +#define N_TMASK2 0360 +#define N_BTSHFT 4 +#define N_TSHIFT 2 + +// MACROS + +// Basic Type of x +#define BTYPE(x) ((x) & N_BTMASK) + +// Is x a pointer? +#ifndef ISPTR +#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT)) +#endif + +// Is x a function? +#ifndef ISFCN +#define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT)) +#endif + +// Is x an array? + +#ifndef ISARY +#define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT)) +#endif + +// Is x a structure, union, or enumeration TAG? +#ifndef ISTAG +#define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG || (x)==IMAGE_SYM_CLASS_UNION_TAG || (x)==IMAGE_SYM_CLASS_ENUM_TAG) +#endif + +#ifndef INCREF +#define INCREF(x) ((((x)&~N_BTMASK)<>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK)) #endif + +// +// Auxiliary entry format. +// + +typedef union _IMAGE_AUX_SYMBOL { + struct { + DWORD TagIndex; // struct, union, or enum tag index + union { + struct { + WORD Linenumber; // declaration line number + WORD Size; // size of struct, union, or enum + } LnSz; + DWORD TotalSize; + } Misc; + union { + struct { // if ISFCN, tag, or .bb + DWORD PointerToLinenumber; + DWORD PointerToNextFunction; + } Function; + struct { // if ISARY, up to 4 dimen. + WORD Dimension[4]; + } Array; + } FcnAry; + WORD TvIndex; // tv index + } Sym; + struct { + BYTE Name[IMAGE_SIZEOF_SYMBOL]; + } File; + struct { + DWORD Length; // section length + WORD NumberOfRelocations; // number of relocation entries + WORD NumberOfLinenumbers; // number of line numbers + DWORD CheckSum; // checksum for communal + SHORT Number; // section number to associate with + BYTE Selection; // communal selection type + } Section; +} IMAGE_AUX_SYMBOL; +typedef IMAGE_AUX_SYMBOL UNALIGNED *PIMAGE_AUX_SYMBOL; + +#define IMAGE_SIZEOF_AUX_SYMBOL 18 + +// +// Communal selection types. +// + +#define IMAGE_COMDAT_SELECT_UNKNOWN 0 +#define IMAGE_COMDAT_SELECT_NODUPLICATES 1 +#define IMAGE_COMDAT_SELECT_ANY 2 +#define IMAGE_COMDAT_SELECT_SAME_SIZE 3 +#define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 +#define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 + +#define IMAGE_WEAK_EXTERN_SEARCH_UNKNOWN 0 +#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 +#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 + + +// +// Relocation format. +// + +typedef struct _IMAGE_RELOCATION { + DWORD VirtualAddress; + DWORD SymbolTableIndex; + WORD Type; +} IMAGE_RELOCATION; +typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION; + +#define IMAGE_SIZEOF_RELOCATION 10 + +// +// I860 relocation types. +// + +#define IMAGE_REL_I860_ABSOLUTE 0 // Reference is absolute, no relocation is necessary +#define IMAGE_REL_I860_DIR32 06 // Direct 32-bit reference to the symbols virtual address +#define IMAGE_REL_I860_DIR32NB 07 +#define IMAGE_REL_I860_SECTION 012 +#define IMAGE_REL_I860_SECREL 013 +#define IMAGE_REL_I860_PAIR 034 +#define IMAGE_REL_I860_HIGH 036 +#define IMAGE_REL_I860_LOW0 037 +#define IMAGE_REL_I860_LOW1 040 +#define IMAGE_REL_I860_LOW2 041 +#define IMAGE_REL_I860_LOW3 042 +#define IMAGE_REL_I860_LOW4 043 +#define IMAGE_REL_I860_SPLIT0 044 +#define IMAGE_REL_I860_SPLIT1 045 +#define IMAGE_REL_I860_SPLIT2 046 +#define IMAGE_REL_I860_HIGHADJ 047 +#define IMAGE_REL_I860_BRADDR 050 + +// +// I386 relocation types. +// + +#define IMAGE_REL_I386_ABSOLUTE 0 // Reference is absolute, no relocation is necessary +#define IMAGE_REL_I386_DIR16 01 // Direct 16-bit reference to the symbols virtual address +#define IMAGE_REL_I386_REL16 02 // PC-relative 16-bit reference to the symbols virtual address +#define IMAGE_REL_I386_DIR32 06 // Direct 32-bit reference to the symbols virtual address +#define IMAGE_REL_I386_DIR32NB 07 // Direct 32-bit reference to the symbols virtual address, base not included +#define IMAGE_REL_I386_SEG12 011 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address +#define IMAGE_REL_I386_SECTION 012 +#define IMAGE_REL_I386_SECREL 013 +#define IMAGE_REL_I386_REL32 024 // PC-relative 32-bit reference to the symbols virtual address + +// +// MIPS relocation types. +// + +#define IMAGE_REL_MIPS_ABSOLUTE 0 // Reference is absolute, no relocation is necessary +#define IMAGE_REL_MIPS_REFHALF 01 +#define IMAGE_REL_MIPS_REFWORD 02 +#define IMAGE_REL_MIPS_JMPADDR 03 +#define IMAGE_REL_MIPS_REFHI 04 +#define IMAGE_REL_MIPS_REFLO 05 +#define IMAGE_REL_MIPS_GPREL 06 +#define IMAGE_REL_MIPS_LITERAL 07 +#define IMAGE_REL_MIPS_SECTION 012 +#define IMAGE_REL_MIPS_SECREL 013 +#define IMAGE_REL_MIPS_REFWORDNB 042 +#define IMAGE_REL_MIPS_PAIR 045 + +// +// Based relocation format. +// + +typedef struct _IMAGE_BASE_RELOCATION { + DWORD VirtualAddress; + DWORD SizeOfBlock; +// WORD TypeOffset[1]; +} IMAGE_BASE_RELOCATION, *PIMAGE_BASE_RELOCATION; + +#define IMAGE_SIZEOF_BASE_RELOCATION 8 + +// +// Based relocation types. +// + +#define IMAGE_REL_BASED_ABSOLUTE 0 +#define IMAGE_REL_BASED_HIGH 1 +#define IMAGE_REL_BASED_LOW 2 +#define IMAGE_REL_BASED_HIGHLOW 3 +#define IMAGE_REL_BASED_HIGHADJ 4 +#define IMAGE_REL_BASED_MIPS_JMPADDR 5 +#define IMAGE_REL_BASED_I860_BRADDR 6 +#define IMAGE_REL_BASED_I860_SPLIT 7 + +// +// Line number format. +// + +typedef struct _IMAGE_LINENUMBER { + union { + DWORD SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. + DWORD VirtualAddress; // Virtual address of line number. + } Type; + WORD Linenumber; // Line number. +} IMAGE_LINENUMBER; +typedef IMAGE_LINENUMBER UNALIGNED *PIMAGE_LINENUMBER; + +#define IMAGE_SIZEOF_LINENUMBER 6 + +// +// Archive format. +// + +#define IMAGE_ARCHIVE_START_SIZE 8 +#define IMAGE_ARCHIVE_START "!\n" +#define IMAGE_ARCHIVE_END "`\n" +#define IMAGE_ARCHIVE_PAD "\n" +#define IMAGE_ARCHIVE_LINKER_MEMBER "/ " +#define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " + +typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { + BYTE Name[16]; // File member name - `/' terminated. + BYTE Date[12]; // File member date - decimal. + BYTE UserID[6]; // File member user id - decimal. + BYTE GroupID[6]; // File member group id - decimal. + BYTE Mode[8]; // File member mode - octal. + BYTE Size[10]; // File member size - decimal. + BYTE EndHeader[2]; // String to end header. +} IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; + +#define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 + +// +// DLL support. +// + +// +// Export Format +// + +typedef struct _IMAGE_EXPORT_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD Name; + DWORD Base; + DWORD NumberOfFunctions; + DWORD NumberOfNames; + PDWORD *AddressOfFunctions; + PDWORD *AddressOfNames; + PWORD *AddressOfNameOrdinals; +} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; + +// +// Import Format +// + +typedef struct _IMAGE_IMPORT_BY_NAME { + WORD Hint; + BYTE Name[1]; +} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; + +typedef struct _IMAGE_THUNK_DATA { + union { + PDWORD Function; + DWORD Ordinal; + PIMAGE_IMPORT_BY_NAME AddressOfData; + } u1; +} IMAGE_THUNK_DATA, *PIMAGE_THUNK_DATA; + +#define IMAGE_ORDINAL_FLAG 0x80000000 +#define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0) +#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff) + +typedef struct _IMAGE_IMPORT_DESCRIPTOR { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD Name; + PIMAGE_THUNK_DATA FirstThunk; +} IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; + +// +// Resource Format. +// + +// +// Resource directory consists of two counts, following by a variable length +// array of directory entries. The first count is the number of entries at +// beginning of the array that have actual names associated with each entry. +// The entries are in ascending order, case insensitive strings. The second +// count is the number of entries that immediately follow the named entries. +// This second count identifies the number of entries that have 31-bit integer +// Ids as their name. These entries are also sorted in ascending order. +// +// This structure allows fast lookup by either name or number, but for any +// given resource entry only one form of lookup is supported, not both. +// This is consistant with the syntax of the .RC file and the .RES file. +// + +typedef struct _IMAGE_RESOURCE_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + WORD NumberOfNamedEntries; + WORD NumberOfIdEntries; +// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; +} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY; + +#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000 +#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000 + +// +// Each directory contains the 32-bit Name of the entry and an offset, +// relative to the beginning of the resource directory of the data associated +// with this directory entry. If the name of the entry is an actual text +// string instead of an integer Id, then the high order bit of the name field +// is set to one and the low order 31-bits are an offset, relative to the +// beginning of the resource directory of the string, which is of type +// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the +// low-order 31-bits are the integer Id that identify this resource directory +// entry. If the directory entry is yet another resource directory (i.e. a +// subdirectory), then the high order bit of the offset field will be +// set to indicate this. Otherwise the high bit is clear and the offset +// field points to a resource data entry. +// + +typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY { + DWORD Name; + DWORD OffsetToData; +} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY; + +// +// For resource directory entries that have actual string names, the Name +// field of the directory entry points to an object of the following type. +// All of these string objects are stored together after the last resource +// directory entry and before the first resource data object. This minimizes +// the impact of these variable length objects on the alignment of the fixed +// size directory entry objects. +// + +typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING { + WORD Length; + CHAR NameString[ 1 ]; +} IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING; + + +typedef struct _IMAGE_RESOURCE_DIR_STRING_U { + WORD Length; + WCHAR NameString[ 1 ]; +} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U; + + +// +// Each resource data entry describes a leaf node in the resource directory +// tree. It contains an offset, relative to the beginning of the resource +// directory of the data for the resource, a size field that gives the number +// of bytes of data at that offset, a CodePage that should be used when +// decoding code point values within the resource data. Typically for new +// applications the code page would be the unicode code page. +// + +typedef struct _IMAGE_RESOURCE_DATA_ENTRY { + DWORD OffsetToData; + DWORD Size; + DWORD CodePage; + DWORD Reserved; +} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY; + +// +// Debug Format +// + +typedef struct _IMAGE_DEBUG_DIRECTORY { + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD Type; + DWORD SizeOfData; + DWORD AddressOfRawData; + DWORD PointerToRawData; +} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY; + +#define IMAGE_DEBUG_TYPE_UNKNOWN 0 +#define IMAGE_DEBUG_TYPE_COFF 1 +#define IMAGE_DEBUG_TYPE_CODEVIEW 2 + +typedef struct _IMAGE_DEBUG_INFO { + DWORD NumberOfSymbols; + DWORD LvaToFirstSymbol; + DWORD NumberOfLinenumbers; + DWORD LvaToFirstLinenumber; + DWORD RvaToFirstByteOfCode; + DWORD RvaToLastByteOfCode; + DWORD RvaToFirstByteOfData; + DWORD RvaToLastByteOfData; +} IMAGE_DEBUG_INFO, *PIMAGE_DEBUG_INFO; + +#ifndef RC_INVOKED +#pragma pack () +#endif // !RC_INVOKED + +// +// End Image Format +// + + +#endif // _WINNT_ +