Source code for vstruct.defs.windows.win_6_1_amd64.ntoskrnl
# Version: 6.1
# Architecture: amd64
# CompanyName: Microsoft Corporation
# FileDescription: NT Kernel & System
# FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
# InternalName: ntkrnlmp.exe
# LegalCopyright: Microsoft Corporation. All rights reserved.
# OriginalFilename: ntkrnlmp.exe
# ProductName: Microsoft Windows Operating System
# ProductVersion: 6.1.7601.17514
import vstruct
from vstruct.primitives import *
KPROCESS_STATE = v_enum()
KPROCESS_STATE.ProcessInMemory = 0
KPROCESS_STATE.ProcessOutOfMemory = 1
KPROCESS_STATE.ProcessInTransition = 2
KPROCESS_STATE.ProcessOutTransition = 3
KPROCESS_STATE.ProcessInSwap = 4
KPROCESS_STATE.ProcessOutSwap = 5
KPROCESS_STATE.ProcessAllSwapStates = 6
MI_STORE_BIT_TYPE = v_enum()
MI_STORE_BIT_TYPE.MiStoreBitTypeInStore = 0
MI_STORE_BIT_TYPE.MiStoreBitTypeEvicted = 1
MI_STORE_BIT_TYPE.MiStoreBitTypeMax = 2
IO_ALLOCATION_ACTION = v_enum()
IO_ALLOCATION_ACTION.KeepObject = 1
IO_ALLOCATION_ACTION.DeallocateObject = 2
IO_ALLOCATION_ACTION.DeallocateObjectKeepRegisters = 3
LOCK_OPERATION = v_enum()
LOCK_OPERATION.IoReadAccess = 0
LOCK_OPERATION.IoWriteAccess = 1
LOCK_OPERATION.IoModifyAccess = 2
CONFIGURATION_TYPE = v_enum()
CONFIGURATION_TYPE.ArcSystem = 0
CONFIGURATION_TYPE.CentralProcessor = 1
CONFIGURATION_TYPE.FloatingPointProcessor = 2
CONFIGURATION_TYPE.PrimaryIcache = 3
CONFIGURATION_TYPE.PrimaryDcache = 4
CONFIGURATION_TYPE.SecondaryIcache = 5
CONFIGURATION_TYPE.SecondaryDcache = 6
CONFIGURATION_TYPE.SecondaryCache = 7
CONFIGURATION_TYPE.EisaAdapter = 8
CONFIGURATION_TYPE.TcAdapter = 9
CONFIGURATION_TYPE.ScsiAdapter = 10
CONFIGURATION_TYPE.DtiAdapter = 11
CONFIGURATION_TYPE.MultiFunctionAdapter = 12
CONFIGURATION_TYPE.DiskController = 13
CONFIGURATION_TYPE.TapeController = 14
CONFIGURATION_TYPE.CdromController = 15
CONFIGURATION_TYPE.WormController = 16
CONFIGURATION_TYPE.SerialController = 17
CONFIGURATION_TYPE.NetworkController = 18
CONFIGURATION_TYPE.DisplayController = 19
CONFIGURATION_TYPE.ParallelController = 20
CONFIGURATION_TYPE.PointerController = 21
CONFIGURATION_TYPE.KeyboardController = 22
CONFIGURATION_TYPE.AudioController = 23
CONFIGURATION_TYPE.OtherController = 24
CONFIGURATION_TYPE.DiskPeripheral = 25
CONFIGURATION_TYPE.FloppyDiskPeripheral = 26
CONFIGURATION_TYPE.TapePeripheral = 27
CONFIGURATION_TYPE.ModemPeripheral = 28
CONFIGURATION_TYPE.MonitorPeripheral = 29
CONFIGURATION_TYPE.PrinterPeripheral = 30
CONFIGURATION_TYPE.PointerPeripheral = 31
CONFIGURATION_TYPE.KeyboardPeripheral = 32
CONFIGURATION_TYPE.TerminalPeripheral = 33
CONFIGURATION_TYPE.OtherPeripheral = 34
CONFIGURATION_TYPE.LinePeripheral = 35
CONFIGURATION_TYPE.NetworkPeripheral = 36
CONFIGURATION_TYPE.SystemMemory = 37
CONFIGURATION_TYPE.DockingInformation = 38
CONFIGURATION_TYPE.RealModeIrqRoutingTable = 39
CONFIGURATION_TYPE.RealModePCIEnumeration = 40
CONFIGURATION_TYPE.MaximumType = 41
CM_SHARE_DISPOSITION = v_enum()
CM_SHARE_DISPOSITION.CmResourceShareUndetermined = 0
CM_SHARE_DISPOSITION.CmResourceShareDeviceExclusive = 1
CM_SHARE_DISPOSITION.CmResourceShareDriverExclusive = 2
CM_SHARE_DISPOSITION.CmResourceShareShared = 3
KWAIT_BLOCK_STATE = v_enum()
KWAIT_BLOCK_STATE.WaitBlockBypassStart = 0
KWAIT_BLOCK_STATE.WaitBlockBypassComplete = 1
KWAIT_BLOCK_STATE.WaitBlockActive = 2
KWAIT_BLOCK_STATE.WaitBlockInactive = 3
KWAIT_BLOCK_STATE.WaitBlockAllStates = 4
PROCESSOR_CACHE_TYPE = v_enum()
PROCESSOR_CACHE_TYPE.CacheUnified = 0
PROCESSOR_CACHE_TYPE.CacheInstruction = 1
PROCESSOR_CACHE_TYPE.CacheData = 2
PROCESSOR_CACHE_TYPE.CacheTrace = 3
EVENT_TYPE = v_enum()
EVENT_TYPE.NotificationEvent = 0
EVENT_TYPE.SynchronizationEvent = 1
WHEA_ERROR_TYPE = v_enum()
WHEA_ERROR_TYPE.WheaErrTypeProcessor = 0
WHEA_ERROR_TYPE.WheaErrTypeMemory = 1
WHEA_ERROR_TYPE.WheaErrTypePCIExpress = 2
WHEA_ERROR_TYPE.WheaErrTypeNMI = 3
WHEA_ERROR_TYPE.WheaErrTypePCIXBus = 4
WHEA_ERROR_TYPE.WheaErrTypePCIXDevice = 5
WHEA_ERROR_TYPE.WheaErrTypeGeneric = 6
PROFILE_DEPARTURE_STYLE = v_enum()
PROFILE_DEPARTURE_STYLE.PDS_UPDATE_DEFAULT = 1
PROFILE_DEPARTURE_STYLE.PDS_UPDATE_ON_REMOVE = 2
PROFILE_DEPARTURE_STYLE.PDS_UPDATE_ON_INTERFACE = 3
PROFILE_DEPARTURE_STYLE.PDS_UPDATE_ON_EJECT = 4
OB_OPEN_REASON = v_enum()
OB_OPEN_REASON.ObCreateHandle = 0
OB_OPEN_REASON.ObOpenHandle = 1
OB_OPEN_REASON.ObDuplicateHandle = 2
OB_OPEN_REASON.ObInheritHandle = 3
OB_OPEN_REASON.ObMaxOpenReason = 4
PNP_DEVNODE_STATE = v_enum()
PNP_DEVNODE_STATE.DeviceNodeUnspecified = 768
PNP_DEVNODE_STATE.DeviceNodeUninitialized = 769
PNP_DEVNODE_STATE.DeviceNodeInitialized = 770
PNP_DEVNODE_STATE.DeviceNodeDriversAdded = 771
PNP_DEVNODE_STATE.DeviceNodeResourcesAssigned = 772
PNP_DEVNODE_STATE.DeviceNodeStartPending = 773
PNP_DEVNODE_STATE.DeviceNodeStartCompletion = 774
PNP_DEVNODE_STATE.DeviceNodeStartPostWork = 775
PNP_DEVNODE_STATE.DeviceNodeStarted = 776
PNP_DEVNODE_STATE.DeviceNodeQueryStopped = 777
PNP_DEVNODE_STATE.DeviceNodeStopped = 778
PNP_DEVNODE_STATE.DeviceNodeRestartCompletion = 779
PNP_DEVNODE_STATE.DeviceNodeEnumeratePending = 780
PNP_DEVNODE_STATE.DeviceNodeEnumerateCompletion = 781
PNP_DEVNODE_STATE.DeviceNodeAwaitingQueuedDeletion = 782
PNP_DEVNODE_STATE.DeviceNodeAwaitingQueuedRemoval = 783
PNP_DEVNODE_STATE.DeviceNodeQueryRemoved = 784
PNP_DEVNODE_STATE.DeviceNodeRemovePendingCloses = 785
PNP_DEVNODE_STATE.DeviceNodeRemoved = 786
PNP_DEVNODE_STATE.DeviceNodeDeletePendingCloses = 787
PNP_DEVNODE_STATE.DeviceNodeDeleted = 788
PNP_DEVNODE_STATE.MaxDeviceNodeState = 789
POWER_STATE_TYPE = v_enum()
POWER_STATE_TYPE.SystemPowerState = 0
POWER_STATE_TYPE.DevicePowerState = 1
TYPE_OF_MEMORY = v_enum()
TYPE_OF_MEMORY.LoaderExceptionBlock = 0
TYPE_OF_MEMORY.LoaderSystemBlock = 1
TYPE_OF_MEMORY.LoaderFree = 2
TYPE_OF_MEMORY.LoaderBad = 3
TYPE_OF_MEMORY.LoaderLoadedProgram = 4
TYPE_OF_MEMORY.LoaderFirmwareTemporary = 5
TYPE_OF_MEMORY.LoaderFirmwarePermanent = 6
TYPE_OF_MEMORY.LoaderOsloaderHeap = 7
TYPE_OF_MEMORY.LoaderOsloaderStack = 8
TYPE_OF_MEMORY.LoaderSystemCode = 9
TYPE_OF_MEMORY.LoaderHalCode = 10
TYPE_OF_MEMORY.LoaderBootDriver = 11
TYPE_OF_MEMORY.LoaderConsoleInDriver = 12
TYPE_OF_MEMORY.LoaderConsoleOutDriver = 13
TYPE_OF_MEMORY.LoaderStartupDpcStack = 14
TYPE_OF_MEMORY.LoaderStartupKernelStack = 15
TYPE_OF_MEMORY.LoaderStartupPanicStack = 16
TYPE_OF_MEMORY.LoaderStartupPcrPage = 17
TYPE_OF_MEMORY.LoaderStartupPdrPage = 18
TYPE_OF_MEMORY.LoaderRegistryData = 19
TYPE_OF_MEMORY.LoaderMemoryData = 20
TYPE_OF_MEMORY.LoaderNlsData = 21
TYPE_OF_MEMORY.LoaderSpecialMemory = 22
TYPE_OF_MEMORY.LoaderBBTMemory = 23
TYPE_OF_MEMORY.LoaderReserve = 24
TYPE_OF_MEMORY.LoaderXIPRom = 25
TYPE_OF_MEMORY.LoaderHALCachedMemory = 26
TYPE_OF_MEMORY.LoaderLargePageFiller = 27
TYPE_OF_MEMORY.LoaderErrorLogMemory = 28
TYPE_OF_MEMORY.LoaderMaximum = 29
KTM_STATE = v_enum()
KTM_STATE.KKtmUninitialized = 0
KTM_STATE.KKtmInitialized = 1
KTM_STATE.KKtmRecovering = 2
KTM_STATE.KKtmOnline = 3
KTM_STATE.KKtmRecoveryFailed = 4
KTM_STATE.KKtmOffline = 5
PP_NPAGED_LOOKASIDE_NUMBER = v_enum()
PP_NPAGED_LOOKASIDE_NUMBER.LookasideSmallIrpList = 0
PP_NPAGED_LOOKASIDE_NUMBER.LookasideMediumIrpList = 1
PP_NPAGED_LOOKASIDE_NUMBER.LookasideLargeIrpList = 2
PP_NPAGED_LOOKASIDE_NUMBER.LookasideMdlList = 3
PP_NPAGED_LOOKASIDE_NUMBER.LookasideCreateInfoList = 4
PP_NPAGED_LOOKASIDE_NUMBER.LookasideNameBufferList = 5
PP_NPAGED_LOOKASIDE_NUMBER.LookasideTwilightList = 6
PP_NPAGED_LOOKASIDE_NUMBER.LookasideCompletionList = 7
PP_NPAGED_LOOKASIDE_NUMBER.LookasideScratchBufferList = 8
PP_NPAGED_LOOKASIDE_NUMBER.LookasideMaximumList = 9
PLUGPLAY_EVENT_CATEGORY = v_enum()
PLUGPLAY_EVENT_CATEGORY.HardwareProfileChangeEvent = 0
PLUGPLAY_EVENT_CATEGORY.TargetDeviceChangeEvent = 1
PLUGPLAY_EVENT_CATEGORY.DeviceClassChangeEvent = 2
PLUGPLAY_EVENT_CATEGORY.CustomDeviceEvent = 3
PLUGPLAY_EVENT_CATEGORY.DeviceInstallEvent = 4
PLUGPLAY_EVENT_CATEGORY.DeviceArrivalEvent = 5
PLUGPLAY_EVENT_CATEGORY.VetoEvent = 6
PLUGPLAY_EVENT_CATEGORY.BlockedDriverEvent = 7
PLUGPLAY_EVENT_CATEGORY.InvalidIDEvent = 8
PLUGPLAY_EVENT_CATEGORY.DevicePropertyChangeEvent = 9
PLUGPLAY_EVENT_CATEGORY.DeviceInstanceRemovalEvent = 10
PLUGPLAY_EVENT_CATEGORY.MaxPlugEventCategory = 11
IO_SESSION_STATE = v_enum()
IO_SESSION_STATE.IoSessionStateCreated = 1
IO_SESSION_STATE.IoSessionStateInitialized = 2
IO_SESSION_STATE.IoSessionStateConnected = 3
IO_SESSION_STATE.IoSessionStateDisconnected = 4
IO_SESSION_STATE.IoSessionStateDisconnectedLoggedOn = 5
IO_SESSION_STATE.IoSessionStateLoggedOn = 6
IO_SESSION_STATE.IoSessionStateLoggedOff = 7
IO_SESSION_STATE.IoSessionStateTerminated = 8
IO_SESSION_STATE.IoSessionStateMax = 9
PF_FILE_ACCESS_TYPE = v_enum()
PF_FILE_ACCESS_TYPE.PfFileAccessTypeRead = 0
PF_FILE_ACCESS_TYPE.PfFileAccessTypeWrite = 1
PF_FILE_ACCESS_TYPE.PfFileAccessTypeMax = 2
ARBITER_RESULT = v_enum()
ARBITER_RESULT.ArbiterResultUndefined = -1
ARBITER_RESULT.ArbiterResultSuccess = 0
ARBITER_RESULT.ArbiterResultExternalConflict = 1
ARBITER_RESULT.ArbiterResultNullRequest = 2
MI_DYNAMIC_MEMORY_LOCKTYPE = v_enum()
MI_DYNAMIC_MEMORY_LOCKTYPE.AlreadyHeld = 0
MI_DYNAMIC_MEMORY_LOCKTYPE.AcquiredShared = 1
MI_DYNAMIC_MEMORY_LOCKTYPE.UseSpinLock = 2
MI_DYNAMIC_MEMORY_LOCKTYPE.UseSpinLockRaiseIrql = 3
DEVICE_TEXT_TYPE = v_enum()
DEVICE_TEXT_TYPE.DeviceTextDescription = 0
DEVICE_TEXT_TYPE.DeviceTextLocationInformation = 1
POWER_ACTION = v_enum()
POWER_ACTION.PowerActionNone = 0
POWER_ACTION.PowerActionReserved = 1
POWER_ACTION.PowerActionSleep = 2
POWER_ACTION.PowerActionHibernate = 3
POWER_ACTION.PowerActionShutdown = 4
POWER_ACTION.PowerActionShutdownReset = 5
POWER_ACTION.PowerActionShutdownOff = 6
POWER_ACTION.PowerActionWarmEject = 7
CONFIGURATION_CLASS = v_enum()
CONFIGURATION_CLASS.SystemClass = 0
CONFIGURATION_CLASS.ProcessorClass = 1
CONFIGURATION_CLASS.CacheClass = 2
CONFIGURATION_CLASS.AdapterClass = 3
CONFIGURATION_CLASS.ControllerClass = 4
CONFIGURATION_CLASS.PeripheralClass = 5
CONFIGURATION_CLASS.MemoryClass = 6
CONFIGURATION_CLASS.MaximumClass = 7
ARBITER_REQUEST_SOURCE = v_enum()
ARBITER_REQUEST_SOURCE.ArbiterRequestUndefined = -1
ARBITER_REQUEST_SOURCE.ArbiterRequestLegacyReported = 0
ARBITER_REQUEST_SOURCE.ArbiterRequestHalReported = 1
ARBITER_REQUEST_SOURCE.ArbiterRequestLegacyAssigned = 2
ARBITER_REQUEST_SOURCE.ArbiterRequestPnpDetected = 3
ARBITER_REQUEST_SOURCE.ArbiterRequestPnpEnumerated = 4
PS_STD_HANDLE_STATE = v_enum()
PS_STD_HANDLE_STATE.PsNeverDuplicate = 0
PS_STD_HANDLE_STATE.PsRequestDuplicate = 1
PS_STD_HANDLE_STATE.PsAlwaysDuplicate = 2
PS_STD_HANDLE_STATE.PsMaxStdHandleStates = 3
KOBJECTS = v_enum()
KOBJECTS.EventNotificationObject = 0
KOBJECTS.EventSynchronizationObject = 1
KOBJECTS.MutantObject = 2
KOBJECTS.ProcessObject = 3
KOBJECTS.QueueObject = 4
KOBJECTS.SemaphoreObject = 5
KOBJECTS.ThreadObject = 6
KOBJECTS.GateObject = 7
KOBJECTS.TimerNotificationObject = 8
KOBJECTS.TimerSynchronizationObject = 9
KOBJECTS.Spare2Object = 10
KOBJECTS.Spare3Object = 11
KOBJECTS.Spare4Object = 12
KOBJECTS.Spare5Object = 13
KOBJECTS.Spare6Object = 14
KOBJECTS.Spare7Object = 15
KOBJECTS.Spare8Object = 16
KOBJECTS.Spare9Object = 17
KOBJECTS.ApcObject = 18
KOBJECTS.DpcObject = 19
KOBJECTS.DeviceQueueObject = 20
KOBJECTS.EventPairObject = 21
KOBJECTS.InterruptObject = 22
KOBJECTS.ProfileObject = 23
KOBJECTS.ThreadedDpcObject = 24
KOBJECTS.MaximumKernelObject = 25
CM_LOAD_FAILURE_TYPE = v_enum()
CM_LOAD_FAILURE_TYPE._None = 0
CM_LOAD_FAILURE_TYPE.CmInitializeHive = 1
CM_LOAD_FAILURE_TYPE.HvInitializeHive = 2
CM_LOAD_FAILURE_TYPE.HvpBuildMap = 3
CM_LOAD_FAILURE_TYPE.HvpBuildMapAndCopy = 4
CM_LOAD_FAILURE_TYPE.HvpInitMap = 5
CM_LOAD_FAILURE_TYPE.HvLoadHive = 6
CM_LOAD_FAILURE_TYPE.HvpReadFileImageAndBuildMap = 7
CM_LOAD_FAILURE_TYPE.HvpRecoverData = 8
CM_LOAD_FAILURE_TYPE.HvpRecoverWholeHive = 9
CM_LOAD_FAILURE_TYPE.HvpMapFileImageAndBuildMap = 10
CM_LOAD_FAILURE_TYPE.CmpValidateHiveSecurityDescriptors = 11
CM_LOAD_FAILURE_TYPE.HvpEnlistBinInMap = 12
CM_LOAD_FAILURE_TYPE.CmCheckRegistry = 13
CM_LOAD_FAILURE_TYPE.CmRegistryIO = 14
CM_LOAD_FAILURE_TYPE.CmCheckRegistry2 = 15
CM_LOAD_FAILURE_TYPE.CmpCheckKey = 16
CM_LOAD_FAILURE_TYPE.CmpCheckValueList = 17
CM_LOAD_FAILURE_TYPE.HvCheckHive = 18
CM_LOAD_FAILURE_TYPE.HvCheckBin = 19
ETW_BUFFER_STATE = v_enum()
ETW_BUFFER_STATE.EtwBufferStateFree = 0
ETW_BUFFER_STATE.EtwBufferStateGeneralLogging = 1
ETW_BUFFER_STATE.EtwBufferStateCSwitch = 2
ETW_BUFFER_STATE.EtwBufferStateFlush = 3
ETW_BUFFER_STATE.EtwBufferStateMaximum = 4
PS_ATTRIBUTE_NUM = v_enum()
PS_ATTRIBUTE_NUM.PsAttributeParentProcess = 0
PS_ATTRIBUTE_NUM.PsAttributeDebugObject = 1
PS_ATTRIBUTE_NUM.PsAttributeToken = 2
PS_ATTRIBUTE_NUM.PsAttributeClientId = 3
PS_ATTRIBUTE_NUM.PsAttributeTebAddress = 4
PS_ATTRIBUTE_NUM.PsAttributeImageName = 5
PS_ATTRIBUTE_NUM.PsAttributeImageInfo = 6
PS_ATTRIBUTE_NUM.PsAttributeMemoryReserve = 7
PS_ATTRIBUTE_NUM.PsAttributePriorityClass = 8
PS_ATTRIBUTE_NUM.PsAttributeErrorMode = 9
PS_ATTRIBUTE_NUM.PsAttributeStdHandleInfo = 10
PS_ATTRIBUTE_NUM.PsAttributeHandleList = 11
PS_ATTRIBUTE_NUM.PsAttributeGroupAffinity = 12
PS_ATTRIBUTE_NUM.PsAttributePreferredNode = 13
PS_ATTRIBUTE_NUM.PsAttributeIdealProcessor = 14
PS_ATTRIBUTE_NUM.PsAttributeUmsThread = 15
PS_ATTRIBUTE_NUM.PsAttributeExecuteOptions = 16
PS_ATTRIBUTE_NUM.PsAttributeMax = 17
POWER_POLICY_DEVICE_TYPE = v_enum()
POWER_POLICY_DEVICE_TYPE.PolicyDeviceSystemButton = 0
POWER_POLICY_DEVICE_TYPE.PolicyDeviceThermalZone = 1
POWER_POLICY_DEVICE_TYPE.PolicyDeviceBattery = 2
POWER_POLICY_DEVICE_TYPE.PolicyDeviceMemory = 3
POWER_POLICY_DEVICE_TYPE.PolicyInitiatePowerActionAPI = 4
POWER_POLICY_DEVICE_TYPE.PolicySetPowerStateAPI = 5
POWER_POLICY_DEVICE_TYPE.PolicyImmediateDozeS4 = 6
POWER_POLICY_DEVICE_TYPE.PolicySystemIdle = 7
POWER_POLICY_DEVICE_TYPE.PolicyDeviceMax = 8
UoWActionType = v_enum()
UoWActionType.UoWAddThisKey = 0
UoWActionType.UoWAddChildKey = 1
UoWActionType.UoWDeleteThisKey = 2
UoWActionType.UoWDeleteChildKey = 3
UoWActionType.UoWSetValueNew = 4
UoWActionType.UoWSetValueExisting = 5
UoWActionType.UoWDeleteValue = 6
UoWActionType.UoWSetKeyUserFlags = 7
UoWActionType.UoWSetLastWriteTime = 8
UoWActionType.UoWSetSecurityDescriptor = 9
UoWActionType.UoWRenameSubKey = 10
UoWActionType.UoWRenameOldSubKey = 11
UoWActionType.UoWRenameNewSubKey = 12
UoWActionType.UoWIsolation = 13
UoWActionType.UoWInvalid = 14
_unnamed_29164 = v_enum()
_unnamed_29164.KTMOH_CommitTransaction_Result = 1
_unnamed_29164.KTMOH_RollbackTransaction_Result = 2
WHEA_ERROR_PACKET_DATA_FORMAT = v_enum()
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatIPFSalRecord = 0
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatXPFMCA = 1
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatMemory = 2
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatPCIExpress = 3
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatNMIPort = 4
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatPCIXBus = 5
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatPCIXDevice = 6
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatGeneric = 7
WHEA_ERROR_PACKET_DATA_FORMAT.WheaDataFormatMax = 8
DPFLTR_TYPE = v_enum()
DPFLTR_TYPE.DPFLTR_SYSTEM_ID = 0
DPFLTR_TYPE.DPFLTR_SMSS_ID = 1
DPFLTR_TYPE.DPFLTR_SETUP_ID = 2
DPFLTR_TYPE.DPFLTR_NTFS_ID = 3
DPFLTR_TYPE.DPFLTR_FSTUB_ID = 4
DPFLTR_TYPE.DPFLTR_CRASHDUMP_ID = 5
DPFLTR_TYPE.DPFLTR_CDAUDIO_ID = 6
DPFLTR_TYPE.DPFLTR_CDROM_ID = 7
DPFLTR_TYPE.DPFLTR_CLASSPNP_ID = 8
DPFLTR_TYPE.DPFLTR_DISK_ID = 9
DPFLTR_TYPE.DPFLTR_REDBOOK_ID = 10
DPFLTR_TYPE.DPFLTR_STORPROP_ID = 11
DPFLTR_TYPE.DPFLTR_SCSIPORT_ID = 12
DPFLTR_TYPE.DPFLTR_SCSIMINIPORT_ID = 13
DPFLTR_TYPE.DPFLTR_CONFIG_ID = 14
DPFLTR_TYPE.DPFLTR_I8042PRT_ID = 15
DPFLTR_TYPE.DPFLTR_SERMOUSE_ID = 16
DPFLTR_TYPE.DPFLTR_LSERMOUS_ID = 17
DPFLTR_TYPE.DPFLTR_KBDHID_ID = 18
DPFLTR_TYPE.DPFLTR_MOUHID_ID = 19
DPFLTR_TYPE.DPFLTR_KBDCLASS_ID = 20
DPFLTR_TYPE.DPFLTR_MOUCLASS_ID = 21
DPFLTR_TYPE.DPFLTR_TWOTRACK_ID = 22
DPFLTR_TYPE.DPFLTR_WMILIB_ID = 23
DPFLTR_TYPE.DPFLTR_ACPI_ID = 24
DPFLTR_TYPE.DPFLTR_AMLI_ID = 25
DPFLTR_TYPE.DPFLTR_HALIA64_ID = 26
DPFLTR_TYPE.DPFLTR_VIDEO_ID = 27
DPFLTR_TYPE.DPFLTR_SVCHOST_ID = 28
DPFLTR_TYPE.DPFLTR_VIDEOPRT_ID = 29
DPFLTR_TYPE.DPFLTR_TCPIP_ID = 30
DPFLTR_TYPE.DPFLTR_DMSYNTH_ID = 31
DPFLTR_TYPE.DPFLTR_NTOSPNP_ID = 32
DPFLTR_TYPE.DPFLTR_FASTFAT_ID = 33
DPFLTR_TYPE.DPFLTR_SAMSS_ID = 34
DPFLTR_TYPE.DPFLTR_PNPMGR_ID = 35
DPFLTR_TYPE.DPFLTR_NETAPI_ID = 36
DPFLTR_TYPE.DPFLTR_SCSERVER_ID = 37
DPFLTR_TYPE.DPFLTR_SCCLIENT_ID = 38
DPFLTR_TYPE.DPFLTR_SERIAL_ID = 39
DPFLTR_TYPE.DPFLTR_SERENUM_ID = 40
DPFLTR_TYPE.DPFLTR_UHCD_ID = 41
DPFLTR_TYPE.DPFLTR_RPCPROXY_ID = 42
DPFLTR_TYPE.DPFLTR_AUTOCHK_ID = 43
DPFLTR_TYPE.DPFLTR_DCOMSS_ID = 44
DPFLTR_TYPE.DPFLTR_UNIMODEM_ID = 45
DPFLTR_TYPE.DPFLTR_SIS_ID = 46
DPFLTR_TYPE.DPFLTR_FLTMGR_ID = 47
DPFLTR_TYPE.DPFLTR_WMICORE_ID = 48
DPFLTR_TYPE.DPFLTR_BURNENG_ID = 49
DPFLTR_TYPE.DPFLTR_IMAPI_ID = 50
DPFLTR_TYPE.DPFLTR_SXS_ID = 51
DPFLTR_TYPE.DPFLTR_FUSION_ID = 52
DPFLTR_TYPE.DPFLTR_IDLETASK_ID = 53
DPFLTR_TYPE.DPFLTR_SOFTPCI_ID = 54
DPFLTR_TYPE.DPFLTR_TAPE_ID = 55
DPFLTR_TYPE.DPFLTR_MCHGR_ID = 56
DPFLTR_TYPE.DPFLTR_IDEP_ID = 57
DPFLTR_TYPE.DPFLTR_PCIIDE_ID = 58
DPFLTR_TYPE.DPFLTR_FLOPPY_ID = 59
DPFLTR_TYPE.DPFLTR_FDC_ID = 60
DPFLTR_TYPE.DPFLTR_TERMSRV_ID = 61
DPFLTR_TYPE.DPFLTR_W32TIME_ID = 62
DPFLTR_TYPE.DPFLTR_PREFETCHER_ID = 63
DPFLTR_TYPE.DPFLTR_RSFILTER_ID = 64
DPFLTR_TYPE.DPFLTR_FCPORT_ID = 65
DPFLTR_TYPE.DPFLTR_PCI_ID = 66
DPFLTR_TYPE.DPFLTR_DMIO_ID = 67
DPFLTR_TYPE.DPFLTR_DMCONFIG_ID = 68
DPFLTR_TYPE.DPFLTR_DMADMIN_ID = 69
DPFLTR_TYPE.DPFLTR_WSOCKTRANSPORT_ID = 70
DPFLTR_TYPE.DPFLTR_VSS_ID = 71
DPFLTR_TYPE.DPFLTR_PNPMEM_ID = 72
DPFLTR_TYPE.DPFLTR_PROCESSOR_ID = 73
DPFLTR_TYPE.DPFLTR_DMSERVER_ID = 74
DPFLTR_TYPE.DPFLTR_SR_ID = 75
DPFLTR_TYPE.DPFLTR_INFINIBAND_ID = 76
DPFLTR_TYPE.DPFLTR_IHVDRIVER_ID = 77
DPFLTR_TYPE.DPFLTR_IHVVIDEO_ID = 78
DPFLTR_TYPE.DPFLTR_IHVAUDIO_ID = 79
DPFLTR_TYPE.DPFLTR_IHVNETWORK_ID = 80
DPFLTR_TYPE.DPFLTR_IHVSTREAMING_ID = 81
DPFLTR_TYPE.DPFLTR_IHVBUS_ID = 82
DPFLTR_TYPE.DPFLTR_HPS_ID = 83
DPFLTR_TYPE.DPFLTR_RTLTHREADPOOL_ID = 84
DPFLTR_TYPE.DPFLTR_LDR_ID = 85
DPFLTR_TYPE.DPFLTR_TCPIP6_ID = 86
DPFLTR_TYPE.DPFLTR_ISAPNP_ID = 87
DPFLTR_TYPE.DPFLTR_SHPC_ID = 88
DPFLTR_TYPE.DPFLTR_STORPORT_ID = 89
DPFLTR_TYPE.DPFLTR_STORMINIPORT_ID = 90
DPFLTR_TYPE.DPFLTR_PRINTSPOOLER_ID = 91
DPFLTR_TYPE.DPFLTR_VSSDYNDISK_ID = 92
DPFLTR_TYPE.DPFLTR_VERIFIER_ID = 93
DPFLTR_TYPE.DPFLTR_VDS_ID = 94
DPFLTR_TYPE.DPFLTR_VDSBAS_ID = 95
DPFLTR_TYPE.DPFLTR_VDSDYN_ID = 96
DPFLTR_TYPE.DPFLTR_VDSDYNDR_ID = 97
DPFLTR_TYPE.DPFLTR_VDSLDR_ID = 98
DPFLTR_TYPE.DPFLTR_VDSUTIL_ID = 99
DPFLTR_TYPE.DPFLTR_DFRGIFC_ID = 100
DPFLTR_TYPE.DPFLTR_DEFAULT_ID = 101
DPFLTR_TYPE.DPFLTR_MM_ID = 102
DPFLTR_TYPE.DPFLTR_DFSC_ID = 103
DPFLTR_TYPE.DPFLTR_WOW64_ID = 104
DPFLTR_TYPE.DPFLTR_ALPC_ID = 105
DPFLTR_TYPE.DPFLTR_WDI_ID = 106
DPFLTR_TYPE.DPFLTR_PERFLIB_ID = 107
DPFLTR_TYPE.DPFLTR_KTM_ID = 108
DPFLTR_TYPE.DPFLTR_IOSTRESS_ID = 109
DPFLTR_TYPE.DPFLTR_HEAP_ID = 110
DPFLTR_TYPE.DPFLTR_WHEA_ID = 111
DPFLTR_TYPE.DPFLTR_USERGDI_ID = 112
DPFLTR_TYPE.DPFLTR_MMCSS_ID = 113
DPFLTR_TYPE.DPFLTR_TPM_ID = 114
DPFLTR_TYPE.DPFLTR_THREADORDER_ID = 115
DPFLTR_TYPE.DPFLTR_ENVIRON_ID = 116
DPFLTR_TYPE.DPFLTR_EMS_ID = 117
DPFLTR_TYPE.DPFLTR_WDT_ID = 118
DPFLTR_TYPE.DPFLTR_FVEVOL_ID = 119
DPFLTR_TYPE.DPFLTR_NDIS_ID = 120
DPFLTR_TYPE.DPFLTR_NVCTRACE_ID = 121
DPFLTR_TYPE.DPFLTR_LUAFV_ID = 122
DPFLTR_TYPE.DPFLTR_APPCOMPAT_ID = 123
DPFLTR_TYPE.DPFLTR_USBSTOR_ID = 124
DPFLTR_TYPE.DPFLTR_SBP2PORT_ID = 125
DPFLTR_TYPE.DPFLTR_COVERAGE_ID = 126
DPFLTR_TYPE.DPFLTR_CACHEMGR_ID = 127
DPFLTR_TYPE.DPFLTR_MOUNTMGR_ID = 128
DPFLTR_TYPE.DPFLTR_CFR_ID = 129
DPFLTR_TYPE.DPFLTR_TXF_ID = 130
DPFLTR_TYPE.DPFLTR_KSECDD_ID = 131
DPFLTR_TYPE.DPFLTR_FLTREGRESS_ID = 132
DPFLTR_TYPE.DPFLTR_MPIO_ID = 133
DPFLTR_TYPE.DPFLTR_MSDSM_ID = 134
DPFLTR_TYPE.DPFLTR_UDFS_ID = 135
DPFLTR_TYPE.DPFLTR_PSHED_ID = 136
DPFLTR_TYPE.DPFLTR_STORVSP_ID = 137
DPFLTR_TYPE.DPFLTR_LSASS_ID = 138
DPFLTR_TYPE.DPFLTR_SSPICLI_ID = 139
DPFLTR_TYPE.DPFLTR_CNG_ID = 140
DPFLTR_TYPE.DPFLTR_EXFAT_ID = 141
DPFLTR_TYPE.DPFLTR_FILETRACE_ID = 142
DPFLTR_TYPE.DPFLTR_XSAVE_ID = 143
DPFLTR_TYPE.DPFLTR_SE_ID = 144
DPFLTR_TYPE.DPFLTR_DRIVEEXTENDER_ID = 145
DPFLTR_TYPE.DPFLTR_ENDOFTABLE_ID = 146
INTERLOCKED_RESULT = v_enum()
INTERLOCKED_RESULT.ResultNegative = 1
INTERLOCKED_RESULT.ResultZero = 0
INTERLOCKED_RESULT.ResultPositive = 2
IO_PRIORITY_HINT = v_enum()
IO_PRIORITY_HINT.IoPriorityVeryLow = 0
IO_PRIORITY_HINT.IoPriorityLow = 1
IO_PRIORITY_HINT.IoPriorityNormal = 2
IO_PRIORITY_HINT.IoPriorityHigh = 3
IO_PRIORITY_HINT.IoPriorityCritical = 4
IO_PRIORITY_HINT.MaxIoPriorityTypes = 5
SYSTEM_POWER_CONDITION = v_enum()
SYSTEM_POWER_CONDITION.PoAc = 0
SYSTEM_POWER_CONDITION.PoDc = 1
SYSTEM_POWER_CONDITION.PoHot = 2
SYSTEM_POWER_CONDITION.PoConditionMaximum = 3
KTRANSACTION_OUTCOME = v_enum()
KTRANSACTION_OUTCOME.KTxOutcomeUninitialized = 0
KTRANSACTION_OUTCOME.KTxOutcomeUndetermined = 1
KTRANSACTION_OUTCOME.KTxOutcomeCommitted = 2
KTRANSACTION_OUTCOME.KTxOutcomeAborted = 3
KTRANSACTION_OUTCOME.KTxOutcomeUnavailable = 4
KENLISTMENT_STATE = v_enum()
KENLISTMENT_STATE.KEnlistmentUninitialized = 0
KENLISTMENT_STATE.KEnlistmentActive = 256
KENLISTMENT_STATE.KEnlistmentPreparing = 257
KENLISTMENT_STATE.KEnlistmentPrepared = 258
KENLISTMENT_STATE.KEnlistmentInDoubt = 259
KENLISTMENT_STATE.KEnlistmentCommitted = 260
KENLISTMENT_STATE.KEnlistmentCommittedNotify = 261
KENLISTMENT_STATE.KEnlistmentCommitRequested = 262
KENLISTMENT_STATE.KEnlistmentAborted = 263
KENLISTMENT_STATE.KEnlistmentDelegated = 264
KENLISTMENT_STATE.KEnlistmentDelegatedDisconnected = 265
KENLISTMENT_STATE.KEnlistmentPrePreparing = 266
KENLISTMENT_STATE.KEnlistmentForgotten = 267
KENLISTMENT_STATE.KEnlistmentRecovering = 268
KENLISTMENT_STATE.KEnlistmentAborting = 269
KENLISTMENT_STATE.KEnlistmentReadOnly = 270
KENLISTMENT_STATE.KEnlistmentOutcomeUnavailable = 271
KENLISTMENT_STATE.KEnlistmentOffline = 272
KENLISTMENT_STATE.KEnlistmentPrePrepared = 273
KENLISTMENT_STATE.KEnlistmentInitialized = 274
ETW_PROVIDER_STATE = v_enum()
ETW_PROVIDER_STATE.EtwProviderStateFree = 0
ETW_PROVIDER_STATE.EtwProviderStateTransition = 1
ETW_PROVIDER_STATE.EtwProviderStateActive = 2
ETW_PROVIDER_STATE.EtwProviderStateMax = 3
EX_POOL_PRIORITY = v_enum()
EX_POOL_PRIORITY.LowPoolPriority = 0
EX_POOL_PRIORITY.LowPoolPrioritySpecialPoolOverrun = 8
EX_POOL_PRIORITY.LowPoolPrioritySpecialPoolUnderrun = 9
EX_POOL_PRIORITY.NormalPoolPriority = 16
EX_POOL_PRIORITY.NormalPoolPrioritySpecialPoolOverrun = 24
EX_POOL_PRIORITY.NormalPoolPrioritySpecialPoolUnderrun = 25
EX_POOL_PRIORITY.HighPoolPriority = 32
EX_POOL_PRIORITY.HighPoolPrioritySpecialPoolOverrun = 40
EX_POOL_PRIORITY.HighPoolPrioritySpecialPoolUnderrun = 41
KINTERRUPT_POLARITY = v_enum()
KINTERRUPT_POLARITY.InterruptPolarityUnknown = 0
KINTERRUPT_POLARITY.InterruptActiveHigh = 1
KINTERRUPT_POLARITY.InterruptActiveLow = 2
PNP_VETO_TYPE = v_enum()
PNP_VETO_TYPE.PNP_VetoTypeUnknown = 0
PNP_VETO_TYPE.PNP_VetoLegacyDevice = 1
PNP_VETO_TYPE.PNP_VetoPendingClose = 2
PNP_VETO_TYPE.PNP_VetoWindowsApp = 3
PNP_VETO_TYPE.PNP_VetoWindowsService = 4
PNP_VETO_TYPE.PNP_VetoOutstandingOpen = 5
PNP_VETO_TYPE.PNP_VetoDevice = 6
PNP_VETO_TYPE.PNP_VetoDriver = 7
PNP_VETO_TYPE.PNP_VetoIllegalDeviceRequest = 8
PNP_VETO_TYPE.PNP_VetoInsufficientPower = 9
PNP_VETO_TYPE.PNP_VetoNonDisableable = 10
PNP_VETO_TYPE.PNP_VetoLegacyDriver = 11
PNP_VETO_TYPE.PNP_VetoInsufficientRights = 12
SECURITY_IMPERSONATION_LEVEL = v_enum()
SECURITY_IMPERSONATION_LEVEL.SecurityAnonymous = 0
SECURITY_IMPERSONATION_LEVEL.SecurityIdentification = 1
SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation = 2
SECURITY_IMPERSONATION_LEVEL.SecurityDelegation = 3
KRESOURCEMANAGER_STATE = v_enum()
KRESOURCEMANAGER_STATE.KResourceManagerUninitialized = 0
KRESOURCEMANAGER_STATE.KResourceManagerOffline = 1
KRESOURCEMANAGER_STATE.KResourceManagerOnline = 2
ALTERNATIVE_ARCHITECTURE_TYPE = v_enum()
ALTERNATIVE_ARCHITECTURE_TYPE.StandardDesign = 0
ALTERNATIVE_ARCHITECTURE_TYPE.NEC98x86 = 1
ALTERNATIVE_ARCHITECTURE_TYPE.EndAlternatives = 2
PCW_CALLBACK_TYPE = v_enum()
PCW_CALLBACK_TYPE.PcwCallbackAddCounter = 0
PCW_CALLBACK_TYPE.PcwCallbackRemoveCounter = 1
PCW_CALLBACK_TYPE.PcwCallbackEnumerateInstances = 2
PCW_CALLBACK_TYPE.PcwCallbackCollectData = 3
REQUESTER_TYPE = v_enum()
REQUESTER_TYPE.KernelRequester = 0
REQUESTER_TYPE.UserProcessRequester = 1
REQUESTER_TYPE.UserSharedServiceRequester = 2
SYSTEM_POWER_STATE = v_enum()
SYSTEM_POWER_STATE.PowerSystemUnspecified = 0
SYSTEM_POWER_STATE.PowerSystemWorking = 1
SYSTEM_POWER_STATE.PowerSystemSleeping1 = 2
SYSTEM_POWER_STATE.PowerSystemSleeping2 = 3
SYSTEM_POWER_STATE.PowerSystemSleeping3 = 4
SYSTEM_POWER_STATE.PowerSystemHibernate = 5
SYSTEM_POWER_STATE.PowerSystemShutdown = 6
SYSTEM_POWER_STATE.PowerSystemMaximum = 7
MEMORY_CACHING_TYPE_ORIG = v_enum()
MEMORY_CACHING_TYPE_ORIG.MmFrameBufferCached = 2
PROFILE_STATUS = v_enum()
PROFILE_STATUS.DOCK_NOTDOCKDEVICE = 0
PROFILE_STATUS.DOCK_QUIESCENT = 1
PROFILE_STATUS.DOCK_ARRIVING = 2
PROFILE_STATUS.DOCK_DEPARTING = 3
PROFILE_STATUS.DOCK_EJECTIRP_COMPLETED = 4
MM_POOL_PRIORITIES = v_enum()
MM_POOL_PRIORITIES.MmHighPriority = 0
MM_POOL_PRIORITIES.MmNormalPriority = 1
MM_POOL_PRIORITIES.MmLowPriority = 2
MM_POOL_PRIORITIES.MmMaximumPoolPriority = 3
BLOB_ID = v_enum()
BLOB_ID.BLOB_TYPE_UNKNOWN = 0
BLOB_ID.BLOB_TYPE_CONNECTION_INFO = 1
BLOB_ID.BLOB_TYPE_MESSAGE = 2
BLOB_ID.BLOB_TYPE_SECURITY_CONTEXT = 3
BLOB_ID.BLOB_TYPE_SECTION = 4
BLOB_ID.BLOB_TYPE_REGION = 5
BLOB_ID.BLOB_TYPE_VIEW = 6
BLOB_ID.BLOB_TYPE_RESERVE = 7
BLOB_ID.BLOB_TYPE_DIRECT_TRANSFER = 8
BLOB_ID.BLOB_TYPE_HANDLE_DATA = 9
BLOB_ID.BLOB_TYPE_MAX_ID = 10
REG_NOTIFY_CLASS = v_enum()
REG_NOTIFY_CLASS.RegNtDeleteKey = 0
REG_NOTIFY_CLASS.RegNtPreDeleteKey = 0
REG_NOTIFY_CLASS.RegNtSetValueKey = 1
REG_NOTIFY_CLASS.RegNtPreSetValueKey = 1
REG_NOTIFY_CLASS.RegNtDeleteValueKey = 2
REG_NOTIFY_CLASS.RegNtPreDeleteValueKey = 2
REG_NOTIFY_CLASS.RegNtSetInformationKey = 3
REG_NOTIFY_CLASS.RegNtPreSetInformationKey = 3
REG_NOTIFY_CLASS.RegNtRenameKey = 4
REG_NOTIFY_CLASS.RegNtPreRenameKey = 4
REG_NOTIFY_CLASS.RegNtEnumerateKey = 5
REG_NOTIFY_CLASS.RegNtPreEnumerateKey = 5
REG_NOTIFY_CLASS.RegNtEnumerateValueKey = 6
REG_NOTIFY_CLASS.RegNtPreEnumerateValueKey = 6
REG_NOTIFY_CLASS.RegNtQueryKey = 7
REG_NOTIFY_CLASS.RegNtPreQueryKey = 7
REG_NOTIFY_CLASS.RegNtQueryValueKey = 8
REG_NOTIFY_CLASS.RegNtPreQueryValueKey = 8
REG_NOTIFY_CLASS.RegNtQueryMultipleValueKey = 9
REG_NOTIFY_CLASS.RegNtPreQueryMultipleValueKey = 9
REG_NOTIFY_CLASS.RegNtPreCreateKey = 10
REG_NOTIFY_CLASS.RegNtPostCreateKey = 11
REG_NOTIFY_CLASS.RegNtPreOpenKey = 12
REG_NOTIFY_CLASS.RegNtPostOpenKey = 13
REG_NOTIFY_CLASS.RegNtKeyHandleClose = 14
REG_NOTIFY_CLASS.RegNtPreKeyHandleClose = 14
REG_NOTIFY_CLASS.RegNtPostDeleteKey = 15
REG_NOTIFY_CLASS.RegNtPostSetValueKey = 16
REG_NOTIFY_CLASS.RegNtPostDeleteValueKey = 17
REG_NOTIFY_CLASS.RegNtPostSetInformationKey = 18
REG_NOTIFY_CLASS.RegNtPostRenameKey = 19
REG_NOTIFY_CLASS.RegNtPostEnumerateKey = 20
REG_NOTIFY_CLASS.RegNtPostEnumerateValueKey = 21
REG_NOTIFY_CLASS.RegNtPostQueryKey = 22
REG_NOTIFY_CLASS.RegNtPostQueryValueKey = 23
REG_NOTIFY_CLASS.RegNtPostQueryMultipleValueKey = 24
REG_NOTIFY_CLASS.RegNtPostKeyHandleClose = 25
REG_NOTIFY_CLASS.RegNtPreCreateKeyEx = 26
REG_NOTIFY_CLASS.RegNtPostCreateKeyEx = 27
REG_NOTIFY_CLASS.RegNtPreOpenKeyEx = 28
REG_NOTIFY_CLASS.RegNtPostOpenKeyEx = 29
REG_NOTIFY_CLASS.RegNtPreFlushKey = 30
REG_NOTIFY_CLASS.RegNtPostFlushKey = 31
REG_NOTIFY_CLASS.RegNtPreLoadKey = 32
REG_NOTIFY_CLASS.RegNtPostLoadKey = 33
REG_NOTIFY_CLASS.RegNtPreUnLoadKey = 34
REG_NOTIFY_CLASS.RegNtPostUnLoadKey = 35
REG_NOTIFY_CLASS.RegNtPreQueryKeySecurity = 36
REG_NOTIFY_CLASS.RegNtPostQueryKeySecurity = 37
REG_NOTIFY_CLASS.RegNtPreSetKeySecurity = 38
REG_NOTIFY_CLASS.RegNtPostSetKeySecurity = 39
REG_NOTIFY_CLASS.RegNtCallbackObjectContextCleanup = 40
REG_NOTIFY_CLASS.RegNtPreRestoreKey = 41
REG_NOTIFY_CLASS.RegNtPostRestoreKey = 42
REG_NOTIFY_CLASS.RegNtPreSaveKey = 43
REG_NOTIFY_CLASS.RegNtPostSaveKey = 44
REG_NOTIFY_CLASS.RegNtPreReplaceKey = 45
REG_NOTIFY_CLASS.RegNtPostReplaceKey = 46
REG_NOTIFY_CLASS.MaxRegNtNotifyClass = 47
MM_POOL_FAILURE_REASONS = v_enum()
MM_POOL_FAILURE_REASONS.MmNonPagedNoPtes = 0
MM_POOL_FAILURE_REASONS.MmPriorityTooLow = 1
MM_POOL_FAILURE_REASONS.MmNonPagedNoPagesAvailable = 2
MM_POOL_FAILURE_REASONS.MmPagedNoPtes = 3
MM_POOL_FAILURE_REASONS.MmSessionPagedNoPtes = 4
MM_POOL_FAILURE_REASONS.MmPagedNoPagesAvailable = 5
MM_POOL_FAILURE_REASONS.MmSessionPagedNoPagesAvailable = 6
MM_POOL_FAILURE_REASONS.MmPagedNoCommit = 7
MM_POOL_FAILURE_REASONS.MmSessionPagedNoCommit = 8
MM_POOL_FAILURE_REASONS.MmNonPagedNoResidentAvailable = 9
MM_POOL_FAILURE_REASONS.MmNonPagedNoCommit = 10
MM_POOL_FAILURE_REASONS.MmMaximumFailureReason = 11
BUS_QUERY_ID_TYPE = v_enum()
BUS_QUERY_ID_TYPE.BusQueryDeviceID = 0
BUS_QUERY_ID_TYPE.BusQueryHardwareIDs = 1
BUS_QUERY_ID_TYPE.BusQueryCompatibleIDs = 2
BUS_QUERY_ID_TYPE.BusQueryInstanceID = 3
BUS_QUERY_ID_TYPE.BusQueryDeviceSerialNumber = 4
BUS_QUERY_ID_TYPE.BusQueryContainerID = 5
PROC_HYPERVISOR_STATE = v_enum()
PROC_HYPERVISOR_STATE.ProcHypervisorNone = 0
PROC_HYPERVISOR_STATE.ProcHypervisorPresent = 1
PROC_HYPERVISOR_STATE.ProcHypervisorPower = 2
MM_PREEMPTIVE_TRIMS = v_enum()
MM_PREEMPTIVE_TRIMS.MmPreemptForNonPaged = 0
MM_PREEMPTIVE_TRIMS.MmPreemptForPaged = 1
MM_PREEMPTIVE_TRIMS.MmPreemptForNonPagedPriority = 2
MM_PREEMPTIVE_TRIMS.MmPreemptForPagedPriority = 3
MM_PREEMPTIVE_TRIMS.MmMaximumPreempt = 4
WHEA_ERROR_SEVERITY = v_enum()
WHEA_ERROR_SEVERITY.WheaErrSevRecoverable = 0
WHEA_ERROR_SEVERITY.WheaErrSevFatal = 1
WHEA_ERROR_SEVERITY.WheaErrSevCorrected = 2
WHEA_ERROR_SEVERITY.WheaErrSevInformational = 3
VI_DEADLOCK_RESOURCE_TYPE = v_enum()
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockUnknown = 0
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockMutex = 1
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockMutexAbandoned = 2
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockFastMutex = 3
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockFastMutexUnsafe = 4
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockSpinLock = 5
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockInStackQueuedSpinLock = 6
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockUnusedSpinLock = 7
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockEresource = 8
VI_DEADLOCK_RESOURCE_TYPE.VfDeadlockTypeMaximum = 9
KWAIT_STATE = v_enum()
KWAIT_STATE.WaitInProgress = 0
KWAIT_STATE.WaitCommitted = 1
KWAIT_STATE.WaitAborted = 2
KWAIT_STATE.MaximumWaitState = 3
OBJECT_INFORMATION_CLASS = v_enum()
OBJECT_INFORMATION_CLASS.ObjectBasicInformation = 0
OBJECT_INFORMATION_CLASS.ObjectNameInformation = 1
OBJECT_INFORMATION_CLASS.ObjectTypeInformation = 2
OBJECT_INFORMATION_CLASS.ObjectTypesInformation = 3
OBJECT_INFORMATION_CLASS.ObjectHandleFlagInformation = 4
OBJECT_INFORMATION_CLASS.ObjectSessionInformation = 5
OBJECT_INFORMATION_CLASS.MaxObjectInfoClass = 6
PS_IFEO_KEY_STATE = v_enum()
PS_IFEO_KEY_STATE.PsReadIFEOAllValues = 0
PS_IFEO_KEY_STATE.PsSkipIFEODebugger = 1
PS_IFEO_KEY_STATE.PsSkipAllIFEO = 2
PS_IFEO_KEY_STATE.PsMaxIFEOKeyStates = 3
ARBITER_ACTION = v_enum()
ARBITER_ACTION.ArbiterActionTestAllocation = 0
ARBITER_ACTION.ArbiterActionRetestAllocation = 1
ARBITER_ACTION.ArbiterActionCommitAllocation = 2
ARBITER_ACTION.ArbiterActionRollbackAllocation = 3
ARBITER_ACTION.ArbiterActionQueryAllocatedResources = 4
ARBITER_ACTION.ArbiterActionWriteReservedResources = 5
ARBITER_ACTION.ArbiterActionQueryConflict = 6
ARBITER_ACTION.ArbiterActionQueryArbitrate = 7
ARBITER_ACTION.ArbiterActionAddReserved = 8
ARBITER_ACTION.ArbiterActionBootAllocation = 9
ETW_GUID_TYPE = v_enum()
ETW_GUID_TYPE.EtwTraceGuidType = 0
ETW_GUID_TYPE.EtwNotificationGuidType = 1
ETW_GUID_TYPE.EtwGuidTypeMax = 2
HEAP_FAILURE_TYPE = v_enum()
HEAP_FAILURE_TYPE.heap_failure_internal = 0
HEAP_FAILURE_TYPE.heap_failure_unknown = 1
HEAP_FAILURE_TYPE.heap_failure_generic = 2
HEAP_FAILURE_TYPE.heap_failure_entry_corruption = 3
HEAP_FAILURE_TYPE.heap_failure_multiple_entries_corruption = 4
HEAP_FAILURE_TYPE.heap_failure_virtual_block_corruption = 5
HEAP_FAILURE_TYPE.heap_failure_buffer_overrun = 6
HEAP_FAILURE_TYPE.heap_failure_buffer_underrun = 7
HEAP_FAILURE_TYPE.heap_failure_block_not_busy = 8
HEAP_FAILURE_TYPE.heap_failure_invalid_argument = 9
HEAP_FAILURE_TYPE.heap_failure_usage_after_free = 10
HEAP_FAILURE_TYPE.heap_failure_cross_heap_operation = 11
HEAP_FAILURE_TYPE.heap_failure_freelists_corruption = 12
HEAP_FAILURE_TYPE.heap_failure_listentry_corruption = 13
MM_POOL_TYPES = v_enum()
MM_POOL_TYPES.MmNonPagedPool = 0
MM_POOL_TYPES.MmPagedPool = 1
MM_POOL_TYPES.MmSessionPagedPool = 2
MM_POOL_TYPES.MmMaximumPoolType = 3
IO_PAGING_PRIORITY = v_enum()
IO_PAGING_PRIORITY.IoPagingPriorityInvalid = 0
IO_PAGING_PRIORITY.IoPagingPriorityNormal = 1
IO_PAGING_PRIORITY.IoPagingPriorityHigh = 2
IO_PAGING_PRIORITY.IoPagingPriorityReserved1 = 3
IO_PAGING_PRIORITY.IoPagingPriorityReserved2 = 4
POP_DEVICE_IDLE_TYPE = v_enum()
POP_DEVICE_IDLE_TYPE.DeviceIdleNormal = 0
POP_DEVICE_IDLE_TYPE.DeviceIdleDisk = 1
KTRANSACTION_STATE = v_enum()
KTRANSACTION_STATE.KTransactionUninitialized = 0
KTRANSACTION_STATE.KTransactionActive = 1
KTRANSACTION_STATE.KTransactionPreparing = 2
KTRANSACTION_STATE.KTransactionPrepared = 3
KTRANSACTION_STATE.KTransactionInDoubt = 4
KTRANSACTION_STATE.KTransactionCommitted = 5
KTRANSACTION_STATE.KTransactionAborted = 6
KTRANSACTION_STATE.KTransactionDelegated = 7
KTRANSACTION_STATE.KTransactionPrePreparing = 8
KTRANSACTION_STATE.KTransactionForgotten = 9
KTRANSACTION_STATE.KTransactionRecovering = 10
KTRANSACTION_STATE.KTransactionPrePrepared = 11
EXCEPTION_DISPOSITION = v_enum()
EXCEPTION_DISPOSITION.ExceptionContinueExecution = 0
EXCEPTION_DISPOSITION.ExceptionContinueSearch = 1
EXCEPTION_DISPOSITION.ExceptionNestedException = 2
EXCEPTION_DISPOSITION.ExceptionCollidedUnwind = 3
SECURITY_OPERATION_CODE = v_enum()
SECURITY_OPERATION_CODE.SetSecurityDescriptor = 0
SECURITY_OPERATION_CODE.QuerySecurityDescriptor = 1
SECURITY_OPERATION_CODE.DeleteSecurityDescriptor = 2
SECURITY_OPERATION_CODE.AssignSecurityDescriptor = 3
IRPLOCK = v_enum()
IRPLOCK.IRPLOCK_CANCELABLE = 0
IRPLOCK.IRPLOCK_CANCEL_STARTED = 1
IRPLOCK.IRPLOCK_CANCEL_COMPLETE = 2
IRPLOCK.IRPLOCK_COMPLETED = 3
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE = v_enum()
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE.NotifyTypeCreate = 0
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE.NotifyTypeRetired = 1
DEVICE_USAGE_NOTIFICATION_TYPE = v_enum()
DEVICE_USAGE_NOTIFICATION_TYPE.DeviceUsageTypeUndefined = 0
DEVICE_USAGE_NOTIFICATION_TYPE.DeviceUsageTypePaging = 1
DEVICE_USAGE_NOTIFICATION_TYPE.DeviceUsageTypeHibernation = 2
DEVICE_USAGE_NOTIFICATION_TYPE.DeviceUsageTypeDumpFile = 3
INTERFACE_TYPE = v_enum()
INTERFACE_TYPE.InterfaceTypeUndefined = -1
INTERFACE_TYPE.Internal = 0
INTERFACE_TYPE.Isa = 1
INTERFACE_TYPE.Eisa = 2
INTERFACE_TYPE.MicroChannel = 3
INTERFACE_TYPE.TurboChannel = 4
INTERFACE_TYPE.PCIBus = 5
INTERFACE_TYPE.VMEBus = 6
INTERFACE_TYPE.NuBus = 7
INTERFACE_TYPE.PCMCIABus = 8
INTERFACE_TYPE.CBus = 9
INTERFACE_TYPE.MPIBus = 10
INTERFACE_TYPE.MPSABus = 11
INTERFACE_TYPE.ProcessorInternal = 12
INTERFACE_TYPE.InternalPowerBus = 13
INTERFACE_TYPE.PNPISABus = 14
INTERFACE_TYPE.PNPBus = 15
INTERFACE_TYPE.Vmcs = 16
INTERFACE_TYPE.MaximumInterfaceType = 17
KWAIT_REASON = v_enum()
KWAIT_REASON.Executive = 0
KWAIT_REASON.FreePage = 1
KWAIT_REASON.PageIn = 2
KWAIT_REASON.PoolAllocation = 3
KWAIT_REASON.DelayExecution = 4
KWAIT_REASON.Suspended = 5
KWAIT_REASON.UserRequest = 6
KWAIT_REASON.WrExecutive = 7
KWAIT_REASON.WrFreePage = 8
KWAIT_REASON.WrPageIn = 9
KWAIT_REASON.WrPoolAllocation = 10
KWAIT_REASON.WrDelayExecution = 11
KWAIT_REASON.WrSuspended = 12
KWAIT_REASON.WrUserRequest = 13
KWAIT_REASON.WrEventPair = 14
KWAIT_REASON.WrQueue = 15
KWAIT_REASON.WrLpcReceive = 16
KWAIT_REASON.WrLpcReply = 17
KWAIT_REASON.WrVirtualMemory = 18
KWAIT_REASON.WrPageOut = 19
KWAIT_REASON.WrRendezvous = 20
KWAIT_REASON.WrKeyedEvent = 21
KWAIT_REASON.WrTerminated = 22
KWAIT_REASON.WrProcessInSwap = 23
KWAIT_REASON.WrCpuRateControl = 24
KWAIT_REASON.WrCalloutStack = 25
KWAIT_REASON.WrKernel = 26
KWAIT_REASON.WrResource = 27
KWAIT_REASON.WrPushLock = 28
KWAIT_REASON.WrMutex = 29
KWAIT_REASON.WrQuantumEnd = 30
KWAIT_REASON.WrDispatchInt = 31
KWAIT_REASON.WrPreempted = 32
KWAIT_REASON.WrYieldExecution = 33
KWAIT_REASON.WrFastMutex = 34
KWAIT_REASON.WrGuardedMutex = 35
KWAIT_REASON.WrRundown = 36
KWAIT_REASON.MaximumWaitReason = 37
PS_RESOURCE_TYPE = v_enum()
PS_RESOURCE_TYPE.PsResourceNonPagedPool = 0
PS_RESOURCE_TYPE.PsResourcePagedPool = 1
PS_RESOURCE_TYPE.PsResourcePageFile = 2
PS_RESOURCE_TYPE.PsResourceWorkingSet = 3
PS_RESOURCE_TYPE.PsResourceCpuRate = 4
PS_RESOURCE_TYPE.PsResourceMax = 5
MM_PAGE_ACCESS_TYPE = v_enum()
MM_PAGE_ACCESS_TYPE.MmPteAccessType = 0
MM_PAGE_ACCESS_TYPE.MmCcReadAheadType = 1
MM_PAGE_ACCESS_TYPE.MmPfnRepurposeType = 2
MM_PAGE_ACCESS_TYPE.MmMaximumPageAccessType = 3
ReplacesCorHdrNumericDefines = v_enum()
ReplacesCorHdrNumericDefines.COMIMAGE_FLAGS_ILONLY = 1
ReplacesCorHdrNumericDefines.COMIMAGE_FLAGS_32BITREQUIRED = 2
ReplacesCorHdrNumericDefines.COMIMAGE_FLAGS_IL_LIBRARY = 4
ReplacesCorHdrNumericDefines.COMIMAGE_FLAGS_STRONGNAMESIGNED = 8
ReplacesCorHdrNumericDefines.COMIMAGE_FLAGS_NATIVE_ENTRYPOINT = 16
ReplacesCorHdrNumericDefines.COMIMAGE_FLAGS_TRACKDEBUGDATA = 65536
ReplacesCorHdrNumericDefines.COR_VERSION_MAJOR_V2 = 2
ReplacesCorHdrNumericDefines.COR_VERSION_MAJOR = 2
ReplacesCorHdrNumericDefines.COR_VERSION_MINOR = 0
ReplacesCorHdrNumericDefines.COR_DELETED_NAME_LENGTH = 8
ReplacesCorHdrNumericDefines.COR_VTABLEGAP_NAME_LENGTH = 8
ReplacesCorHdrNumericDefines.NATIVE_TYPE_MAX_CB = 1
ReplacesCorHdrNumericDefines.COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE = 255
ReplacesCorHdrNumericDefines.IMAGE_COR_MIH_METHODRVA = 1
ReplacesCorHdrNumericDefines.IMAGE_COR_MIH_EHRVA = 2
ReplacesCorHdrNumericDefines.IMAGE_COR_MIH_BASICBLOCK = 8
ReplacesCorHdrNumericDefines.COR_VTABLE_32BIT = 1
ReplacesCorHdrNumericDefines.COR_VTABLE_64BIT = 2
ReplacesCorHdrNumericDefines.COR_VTABLE_FROM_UNMANAGED = 4
ReplacesCorHdrNumericDefines.COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN = 8
ReplacesCorHdrNumericDefines.COR_VTABLE_CALL_MOST_DERIVED = 16
ReplacesCorHdrNumericDefines.IMAGE_COR_EATJ_THUNK_SIZE = 32
ReplacesCorHdrNumericDefines.MAX_CLASS_NAME = 1024
ReplacesCorHdrNumericDefines.MAX_PACKAGE_NAME = 1024
HSTORAGE_TYPE = v_enum()
HSTORAGE_TYPE.Stable = 0
HSTORAGE_TYPE.Volatile = 1
HSTORAGE_TYPE.InvalidStorage = 2
MI_PFN_CACHE_ATTRIBUTE = v_enum()
MI_PFN_CACHE_ATTRIBUTE.MiNonCached = 0
MI_PFN_CACHE_ATTRIBUTE.MiCached = 1
MI_PFN_CACHE_ATTRIBUTE.MiWriteCombined = 2
MI_PFN_CACHE_ATTRIBUTE.MiNotMapped = 3
CREATE_FILE_TYPE = v_enum()
CREATE_FILE_TYPE.CreateFileTypeNone = 0
CREATE_FILE_TYPE.CreateFileTypeNamedPipe = 1
CREATE_FILE_TYPE.CreateFileTypeMailslot = 2
POLICY_AUDIT_EVENT_TYPE = v_enum()
POLICY_AUDIT_EVENT_TYPE.AuditCategorySystem = 0
POLICY_AUDIT_EVENT_TYPE.AuditCategoryLogon = 1
POLICY_AUDIT_EVENT_TYPE.AuditCategoryObjectAccess = 2
POLICY_AUDIT_EVENT_TYPE.AuditCategoryPrivilegeUse = 3
POLICY_AUDIT_EVENT_TYPE.AuditCategoryDetailedTracking = 4
POLICY_AUDIT_EVENT_TYPE.AuditCategoryPolicyChange = 5
POLICY_AUDIT_EVENT_TYPE.AuditCategoryAccountManagement = 6
POLICY_AUDIT_EVENT_TYPE.AuditCategoryDirectoryServiceAccess = 7
POLICY_AUDIT_EVENT_TYPE.AuditCategoryAccountLogon = 8
ETW_RT_EVENT_LOSS = v_enum()
ETW_RT_EVENT_LOSS.EtwRtEventNoLoss = 0
ETW_RT_EVENT_LOSS.EtwRtEventLost = 1
ETW_RT_EVENT_LOSS.EtwRtBufferLost = 2
ETW_RT_EVENT_LOSS.EtwRtBackupLost = 3
ETW_RT_EVENT_LOSS.EtwRtEventLossMax = 4
WOW64_SHARED_INFORMATION = v_enum()
WOW64_SHARED_INFORMATION.SharedNtdll32LdrInitializeThunk = 0
WOW64_SHARED_INFORMATION.SharedNtdll32KiUserExceptionDispatcher = 1
WOW64_SHARED_INFORMATION.SharedNtdll32KiUserApcDispatcher = 2
WOW64_SHARED_INFORMATION.SharedNtdll32KiUserCallbackDispatcher = 3
WOW64_SHARED_INFORMATION.SharedNtdll32LdrHotPatchRoutine = 4
WOW64_SHARED_INFORMATION.SharedNtdll32ExpInterlockedPopEntrySListFault = 5
WOW64_SHARED_INFORMATION.SharedNtdll32ExpInterlockedPopEntrySListResume = 6
WOW64_SHARED_INFORMATION.SharedNtdll32ExpInterlockedPopEntrySListEnd = 7
WOW64_SHARED_INFORMATION.SharedNtdll32RtlUserThreadStart = 8
WOW64_SHARED_INFORMATION.SharedNtdll32pQueryProcessDebugInformationRemote = 9
WOW64_SHARED_INFORMATION.SharedNtdll32EtwpNotificationThread = 10
WOW64_SHARED_INFORMATION.SharedNtdll32BaseAddress = 11
WOW64_SHARED_INFORMATION.Wow64SharedPageEntriesCount = 12
PNP_DEVICE_ACTION_REQUEST = v_enum()
PNP_DEVICE_ACTION_REQUEST.AssignResources = 0
PNP_DEVICE_ACTION_REQUEST.ClearDeviceProblem = 1
PNP_DEVICE_ACTION_REQUEST.ClearProblem = 2
PNP_DEVICE_ACTION_REQUEST.ClearEjectProblem = 3
PNP_DEVICE_ACTION_REQUEST.HaltDevice = 4
PNP_DEVICE_ACTION_REQUEST.QueryPowerRelations = 5
PNP_DEVICE_ACTION_REQUEST.Rebalance = 6
PNP_DEVICE_ACTION_REQUEST.ReenumerateBootDevices = 7
PNP_DEVICE_ACTION_REQUEST.ReenumerateDeviceOnly = 8
PNP_DEVICE_ACTION_REQUEST.ReenumerateDeviceTree = 9
PNP_DEVICE_ACTION_REQUEST.ReenumerateRootDevices = 10
PNP_DEVICE_ACTION_REQUEST.RequeryDeviceState = 11
PNP_DEVICE_ACTION_REQUEST.ResetDevice = 12
PNP_DEVICE_ACTION_REQUEST.ResourceRequirementsChanged = 13
PNP_DEVICE_ACTION_REQUEST.RestartEnumeration = 14
PNP_DEVICE_ACTION_REQUEST.SetDeviceProblem = 15
PNP_DEVICE_ACTION_REQUEST.StartDevice = 16
PNP_DEVICE_ACTION_REQUEST.StartSystemDevicesPass0 = 17
PNP_DEVICE_ACTION_REQUEST.StartSystemDevicesPass1 = 18
DEVICE_RELATION_TYPE = v_enum()
DEVICE_RELATION_TYPE.BusRelations = 0
DEVICE_RELATION_TYPE.EjectionRelations = 1
DEVICE_RELATION_TYPE.PowerRelations = 2
DEVICE_RELATION_TYPE.RemovalRelations = 3
DEVICE_RELATION_TYPE.TargetDeviceRelation = 4
DEVICE_RELATION_TYPE.SingleBusRelations = 5
DEVICE_RELATION_TYPE.TransportRelations = 6
FILE_INFORMATION_CLASS = v_enum()
FILE_INFORMATION_CLASS.FileDirectoryInformation = 1
FILE_INFORMATION_CLASS.FileFullDirectoryInformation = 2
FILE_INFORMATION_CLASS.FileBothDirectoryInformation = 3
FILE_INFORMATION_CLASS.FileBasicInformation = 4
FILE_INFORMATION_CLASS.FileStandardInformation = 5
FILE_INFORMATION_CLASS.FileInternalInformation = 6
FILE_INFORMATION_CLASS.FileEaInformation = 7
FILE_INFORMATION_CLASS.FileAccessInformation = 8
FILE_INFORMATION_CLASS.FileNameInformation = 9
FILE_INFORMATION_CLASS.FileRenameInformation = 10
FILE_INFORMATION_CLASS.FileLinkInformation = 11
FILE_INFORMATION_CLASS.FileNamesInformation = 12
FILE_INFORMATION_CLASS.FileDispositionInformation = 13
FILE_INFORMATION_CLASS.FilePositionInformation = 14
FILE_INFORMATION_CLASS.FileFullEaInformation = 15
FILE_INFORMATION_CLASS.FileModeInformation = 16
FILE_INFORMATION_CLASS.FileAlignmentInformation = 17
FILE_INFORMATION_CLASS.FileAllInformation = 18
FILE_INFORMATION_CLASS.FileAllocationInformation = 19
FILE_INFORMATION_CLASS.FileEndOfFileInformation = 20
FILE_INFORMATION_CLASS.FileAlternateNameInformation = 21
FILE_INFORMATION_CLASS.FileStreamInformation = 22
FILE_INFORMATION_CLASS.FilePipeInformation = 23
FILE_INFORMATION_CLASS.FilePipeLocalInformation = 24
FILE_INFORMATION_CLASS.FilePipeRemoteInformation = 25
FILE_INFORMATION_CLASS.FileMailslotQueryInformation = 26
FILE_INFORMATION_CLASS.FileMailslotSetInformation = 27
FILE_INFORMATION_CLASS.FileCompressionInformation = 28
FILE_INFORMATION_CLASS.FileObjectIdInformation = 29
FILE_INFORMATION_CLASS.FileCompletionInformation = 30
FILE_INFORMATION_CLASS.FileMoveClusterInformation = 31
FILE_INFORMATION_CLASS.FileQuotaInformation = 32
FILE_INFORMATION_CLASS.FileReparsePointInformation = 33
FILE_INFORMATION_CLASS.FileNetworkOpenInformation = 34
FILE_INFORMATION_CLASS.FileAttributeTagInformation = 35
FILE_INFORMATION_CLASS.FileTrackingInformation = 36
FILE_INFORMATION_CLASS.FileIdBothDirectoryInformation = 37
FILE_INFORMATION_CLASS.FileIdFullDirectoryInformation = 38
FILE_INFORMATION_CLASS.FileValidDataLengthInformation = 39
FILE_INFORMATION_CLASS.FileShortNameInformation = 40
FILE_INFORMATION_CLASS.FileIoCompletionNotificationInformation = 41
FILE_INFORMATION_CLASS.FileIoStatusBlockRangeInformation = 42
FILE_INFORMATION_CLASS.FileIoPriorityHintInformation = 43
FILE_INFORMATION_CLASS.FileSfioReserveInformation = 44
FILE_INFORMATION_CLASS.FileSfioVolumeInformation = 45
FILE_INFORMATION_CLASS.FileHardLinkInformation = 46
FILE_INFORMATION_CLASS.FileProcessIdsUsingFileInformation = 47
FILE_INFORMATION_CLASS.FileNormalizedNameInformation = 48
FILE_INFORMATION_CLASS.FileNetworkPhysicalNameInformation = 49
FILE_INFORMATION_CLASS.FileIdGlobalTxDirectoryInformation = 50
FILE_INFORMATION_CLASS.FileIsRemoteDeviceInformation = 51
FILE_INFORMATION_CLASS.FileAttributeCacheInformation = 52
FILE_INFORMATION_CLASS.FileNumaNodeInformation = 53
FILE_INFORMATION_CLASS.FileStandardLinkInformation = 54
FILE_INFORMATION_CLASS.FileRemoteProtocolInformation = 55
FILE_INFORMATION_CLASS.FileMaximumInformation = 56
DEVICE_POWER_STATE = v_enum()
DEVICE_POWER_STATE.PowerDeviceUnspecified = 0
DEVICE_POWER_STATE.PowerDeviceD0 = 1
DEVICE_POWER_STATE.PowerDeviceD1 = 2
DEVICE_POWER_STATE.PowerDeviceD2 = 3
DEVICE_POWER_STATE.PowerDeviceD3 = 4
DEVICE_POWER_STATE.PowerDeviceMaximum = 5
MEMORY_CACHING_TYPE = v_enum()
MEMORY_CACHING_TYPE.MmNonCached = 0
MEMORY_CACHING_TYPE.MmCached = 1
MEMORY_CACHING_TYPE.MmWriteCombined = 2
MEMORY_CACHING_TYPE.MmHardwareCoherentCached = 3
MEMORY_CACHING_TYPE.MmNonCachedUnordered = 4
MEMORY_CACHING_TYPE.MmUSWCCached = 5
MEMORY_CACHING_TYPE.MmMaximumCacheType = 6
NT_PRODUCT_TYPE = v_enum()
NT_PRODUCT_TYPE.NtProductWinNt = 1
NT_PRODUCT_TYPE.NtProductLanManNt = 2
NT_PRODUCT_TYPE.NtProductServer = 3
IOP_PRIORITY_HINT = v_enum()
IOP_PRIORITY_HINT.IopIoPriorityNotSet = 0
IOP_PRIORITY_HINT.IopIoPriorityVeryLow = 1
IOP_PRIORITY_HINT.IopIoPriorityLow = 2
IOP_PRIORITY_HINT.IopIoPriorityNormal = 3
IOP_PRIORITY_HINT.IopIoPriorityHigh = 4
IOP_PRIORITY_HINT.IopIoPriorityCritical = 5
IOP_PRIORITY_HINT.MaxIopIoPriorityTypes = 6
WHEA_ERROR_SOURCE_TYPE = v_enum()
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeMCE = 0
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeCMC = 1
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeCPE = 2
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeNMI = 3
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypePCIe = 4
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeGeneric = 5
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeINIT = 6
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeBOOT = 7
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeSCIGeneric = 8
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeIPFMCA = 9
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeIPFCMC = 10
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeIPFCPE = 11
WHEA_ERROR_SOURCE_TYPE.WheaErrSrcTypeMax = 12
PS_CREATE_STATE = v_enum()
PS_CREATE_STATE.PsCreateInitialState = 0
PS_CREATE_STATE.PsCreateFailOnFileOpen = 1
PS_CREATE_STATE.PsCreateFailOnSectionCreate = 2
PS_CREATE_STATE.PsCreateFailExeFormat = 3
PS_CREATE_STATE.PsCreateFailMachineMismatch = 4
PS_CREATE_STATE.PsCreateFailExeName = 5
PS_CREATE_STATE.PsCreateSuccess = 6
PS_CREATE_STATE.PsCreateMaximumStates = 7
RTL_GENERIC_COMPARE_RESULTS = v_enum()
RTL_GENERIC_COMPARE_RESULTS.GenericLessThan = 0
RTL_GENERIC_COMPARE_RESULTS.GenericGreaterThan = 1
RTL_GENERIC_COMPARE_RESULTS.GenericEqual = 2
TPM_BOOT_ENTROPY_RESULT_CODE = v_enum()
TPM_BOOT_ENTROPY_RESULT_CODE.TpmBootEntropyStructureUninitialized = 0
TPM_BOOT_ENTROPY_RESULT_CODE.TpmBootEntropyDisabledByPolicy = 1
TPM_BOOT_ENTROPY_RESULT_CODE.TpmBootEntropyNoTpmFound = 2
TPM_BOOT_ENTROPY_RESULT_CODE.TpmBootEntropyTpmError = 3
TPM_BOOT_ENTROPY_RESULT_CODE.TpmBootEntropySuccess = 4
TP_CALLBACK_PRIORITY = v_enum()
TP_CALLBACK_PRIORITY.TP_CALLBACK_PRIORITY_HIGH = 0
TP_CALLBACK_PRIORITY.TP_CALLBACK_PRIORITY_NORMAL = 1
TP_CALLBACK_PRIORITY.TP_CALLBACK_PRIORITY_LOW = 2
TP_CALLBACK_PRIORITY.TP_CALLBACK_PRIORITY_INVALID = 3
FSINFOCLASS = v_enum()
FSINFOCLASS.FileFsVolumeInformation = 1
FSINFOCLASS.FileFsLabelInformation = 2
FSINFOCLASS.FileFsSizeInformation = 3
FSINFOCLASS.FileFsDeviceInformation = 4
FSINFOCLASS.FileFsAttributeInformation = 5
FSINFOCLASS.FileFsControlInformation = 6
FSINFOCLASS.FileFsFullSizeInformation = 7
FSINFOCLASS.FileFsObjectIdInformation = 8
FSINFOCLASS.FileFsDriverPathInformation = 9
FSINFOCLASS.FileFsVolumeFlagsInformation = 10
FSINFOCLASS.FileFsMaximumInformation = 11
WORKING_SET_TYPE = v_enum()
WORKING_SET_TYPE.WorkingSetTypeUser = 0
WORKING_SET_TYPE.WorkingSetTypeSession = 1
WORKING_SET_TYPE.WorkingSetTypeSystemTypes = 2
WORKING_SET_TYPE.WorkingSetTypeSystemCache = 2
WORKING_SET_TYPE.WorkingSetTypePagedPool = 3
WORKING_SET_TYPE.WorkingSetTypeSystemPtes = 4
WORKING_SET_TYPE.WorkingSetTypeMaximum = 5
POOL_TYPE = v_enum()
POOL_TYPE.NonPagedPool = 0
POOL_TYPE.PagedPool = 1
POOL_TYPE.NonPagedPoolMustSucceed = 2
POOL_TYPE.DontUseThisType = 3
POOL_TYPE.NonPagedPoolCacheAligned = 4
POOL_TYPE.PagedPoolCacheAligned = 5
POOL_TYPE.NonPagedPoolCacheAlignedMustS = 6
POOL_TYPE.MaxPoolType = 7
POOL_TYPE.NonPagedPoolSession = 32
POOL_TYPE.PagedPoolSession = 33
POOL_TYPE.NonPagedPoolMustSucceedSession = 34
POOL_TYPE.DontUseThisTypeSession = 35
POOL_TYPE.NonPagedPoolCacheAlignedSession = 36
POOL_TYPE.PagedPoolCacheAlignedSession = 37
POOL_TYPE.NonPagedPoolCacheAlignedMustSSession = 38
MODE = v_enum()
MODE.KernelMode = 0
MODE.UserMode = 1
MODE.MaximumMode = 2
FS_FILTER_SECTION_SYNC_TYPE = v_enum()
FS_FILTER_SECTION_SYNC_TYPE.SyncTypeOther = 0
FS_FILTER_SECTION_SYNC_TYPE.SyncTypeCreateSection = 1
FILE_OBJECT_EXTENSION_TYPE = v_enum()
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeTransactionParams = 0
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeDeviceObjectHint = 1
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeIosbRange = 2
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeGeneric = 3
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeSfio = 4
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeSymlink = 5
FILE_OBJECT_EXTENSION_TYPE.FoExtTypeOplockKey = 6
FILE_OBJECT_EXTENSION_TYPE.MaxFoExtTypes = 7
IRQ_PRIORITY = v_enum()
IRQ_PRIORITY.IrqPriorityUndefined = 0
IRQ_PRIORITY.IrqPriorityLow = 1
IRQ_PRIORITY.IrqPriorityNormal = 2
IRQ_PRIORITY.IrqPriorityHigh = 3
MI_SYSTEM_VA_TYPE = v_enum()
MI_SYSTEM_VA_TYPE.MiVaUnused = 0
MI_SYSTEM_VA_TYPE.MiVaSessionSpace = 1
MI_SYSTEM_VA_TYPE.MiVaProcessSpace = 2
MI_SYSTEM_VA_TYPE.MiVaBootLoaded = 3
MI_SYSTEM_VA_TYPE.MiVaPfnDatabase = 4
MI_SYSTEM_VA_TYPE.MiVaNonPagedPool = 5
MI_SYSTEM_VA_TYPE.MiVaPagedPool = 6
MI_SYSTEM_VA_TYPE.MiVaSpecialPoolPaged = 7
MI_SYSTEM_VA_TYPE.MiVaSystemCache = 8
MI_SYSTEM_VA_TYPE.MiVaSystemPtes = 9
MI_SYSTEM_VA_TYPE.MiVaHal = 10
MI_SYSTEM_VA_TYPE.MiVaSessionGlobalSpace = 11
MI_SYSTEM_VA_TYPE.MiVaDriverImages = 12
MI_SYSTEM_VA_TYPE.MiVaSpecialPoolNonPaged = 13
MI_SYSTEM_VA_TYPE.MiVaMaximumType = 14
LSA_FOREST_TRUST_RECORD_TYPE = v_enum()
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName = 0
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx = 1
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo = 2
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast = 2
MMLISTS = v_enum()
MMLISTS.ZeroedPageList = 0
MMLISTS.FreePageList = 1
MMLISTS.StandbyPageList = 2
MMLISTS.ModifiedPageList = 3
MMLISTS.ModifiedNoWritePageList = 4
MMLISTS.BadPageList = 5
MMLISTS.ActiveAndValid = 6
MMLISTS.TransitionPage = 7
TOKEN_TYPE = v_enum()
TOKEN_TYPE.TokenPrimary = 1
TOKEN_TYPE.TokenImpersonation = 2
HARDWARE_COUNTER_TYPE = v_enum()
HARDWARE_COUNTER_TYPE.PMCCounter = 0
HARDWARE_COUNTER_TYPE.MaxHardwareCounterType = 1
TRANSFER_TYPE = v_enum()
TRANSFER_TYPE.ReadTransfer = 0
TRANSFER_TYPE.WriteTransfer = 1
TRANSFER_TYPE.OtherTransfer = 2
KINTERRUPT_MODE = v_enum()
KINTERRUPT_MODE.LevelSensitive = 0
KINTERRUPT_MODE.Latched = 1
class _unnamed_21437(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SystemContext = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Type = v_uint32()
self._pad0010 = v_bytes(size=4)
self.State = POWER_STATE()
self._pad0018 = v_bytes(size=4)
self.ShutdownType = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class KEXECUTE_OPTIONS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExecuteDisable = v_uint8()
[docs]class MI_COLOR_BASE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ColorPointer = v_ptr64()
self.ColorMask = v_uint16()
self.ColorNode = v_uint16()
self._pad0010 = v_bytes(size=4)
class _unnamed_21384(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceTextType = v_uint32()
self._pad0008 = v_bytes(size=4)
self.LocaleId = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class IO_PRIORITY_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint32()
self.ThreadPriority = v_uint32()
self.PagePriority = v_uint32()
self.IoPriority = v_uint32()
[docs]class IOV_FORCED_PENDING_TRACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Irp = v_ptr64()
self.Thread = v_ptr64()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(62) ])
[docs]class SEGMENT_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BaseAddress = v_ptr64()
self.TotalNumberOfPtes = v_uint32()
self._pad0010 = v_bytes(size=4)
self.SizeOfSegment = LARGE_INTEGER()
self.NonExtendedPtes = v_uint32()
self.ImageCommitment = v_uint32()
self.ControlArea = v_ptr64()
self.Subsection = v_ptr64()
self.MmSectionFlags = v_ptr64()
self.MmSubSectionFlags = v_ptr64()
[docs]class VOLUME_CACHE_MAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NodeTypeCode = v_uint16()
self.NodeByteCode = v_uint16()
self.UseCount = v_uint32()
self.DeviceObject = v_ptr64()
self.VolumeCacheMapLinks = LIST_ENTRY()
self.Flags = v_uint32()
self._pad0028 = v_bytes(size=4)
self.DirtyPages = v_uint64()
self.PagesQueuedToDisk = v_uint32()
self._pad0038 = v_bytes(size=4)
[docs]class SID(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revision = v_uint8()
self.SubAuthorityCount = v_uint8()
self.IdentifierAuthority = SID_IDENTIFIER_AUTHORITY()
self.SubAuthority = vstruct.VArray([ v_uint32() for i in xrange(1) ])
[docs]class MMPTE_HARDWARE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
class _unnamed_23507(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReadMemory = DBGKD_READ_MEMORY32()
self._pad0028 = v_bytes(size=28)
[docs]class WHEA_ERROR_PACKET_V2(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self.Version = v_uint32()
self.Length = v_uint32()
self.Flags = WHEA_ERROR_PACKET_FLAGS()
self.ErrorType = v_uint32()
self.ErrorSeverity = v_uint32()
self.ErrorSourceId = v_uint32()
self.ErrorSourceType = v_uint32()
self.NotifyType = GUID()
self.Context = v_uint64()
self.DataFormat = v_uint32()
self.Reserved1 = v_uint32()
self.DataOffset = v_uint32()
self.DataLength = v_uint32()
self.PshedDataOffset = v_uint32()
self.PshedDataLength = v_uint32()
[docs]class GROUP_AFFINITY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Mask = v_uint64()
self.Group = v_uint16()
self.Reserved = vstruct.VArray([ v_uint16() for i in xrange(3) ])
[docs]class UMS_CONTROL_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UmsContext = v_ptr64()
self.CompletionListEntry = v_ptr64()
self.CompletionListEvent = v_ptr64()
self.ServiceSequenceNumber = v_uint32()
self._pad0020 = v_bytes(size=4)
self.UmsQueue = KQUEUE()
self.QueueEntry = LIST_ENTRY()
self.YieldingUmsContext = v_ptr64()
self.YieldingParam = v_ptr64()
self.UmsTeb = v_ptr64()
self.PrimaryFlags = v_uint32()
self._pad0090 = v_bytes(size=4)
self.TebSelector = v_uint16()
self._pad0098 = v_bytes(size=6)
[docs]class VI_VERIFIER_ISSUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IssueType = v_uint64()
self.Address = v_ptr64()
self.Parameters = vstruct.VArray([ v_uint64() for i in xrange(2) ])
[docs]class DBGKD_LOAD_SYMBOLS32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PathNameLength = v_uint32()
self.BaseOfDll = v_uint32()
self.ProcessId = v_uint32()
self.CheckSum = v_uint32()
self.SizeOfImage = v_uint32()
self.UnloadSymbols = v_uint8()
self._pad0018 = v_bytes(size=3)
class _unnamed_24120(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24174()
[docs]class CURDIR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DosPath = UNICODE_STRING()
self.Handle = v_ptr64()
[docs]class DBGKD_GET_INTERNAL_BREAKPOINT32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakpointAddress = v_uint32()
self.Flags = v_uint32()
self.Calls = v_uint32()
self.MaxCallsPerPeriod = v_uint32()
self.MinInstructions = v_uint32()
self.MaxInstructions = v_uint32()
self.TotalInstructions = v_uint32()
[docs]class DBGKD_MANIPULATE_STATE32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ApiNumber = v_uint32()
self.ProcessorLevel = v_uint16()
self.Processor = v_uint16()
self.ReturnStatus = v_uint32()
self.u = _unnamed_23507()
class _unnamed_21448(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AllocatedResources = v_ptr64()
self.AllocatedResourcesTranslated = v_ptr64()
[docs]class SEP_TOKEN_PRIVILEGES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Present = v_uint64()
self.Enabled = v_uint64()
self.EnabledByDefault = v_uint64()
[docs]class KALPC_SECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SectionObject = v_ptr64()
self.Size = v_uint64()
self.HandleTable = v_ptr64()
self.SectionHandle = v_ptr64()
self.OwnerProcess = v_ptr64()
self.OwnerPort = v_ptr64()
self.u1 = _unnamed_24120()
self.NumberOfRegions = v_uint32()
self.RegionListHead = LIST_ENTRY()
[docs]class KREQUEST_PACKET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CurrentPacket = vstruct.VArray([ v_ptr64() for i in xrange(3) ])
self.WorkerRoutine = v_ptr64()
[docs]class PERFINFO_GROUPMASK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Masks = vstruct.VArray([ v_uint32() for i in xrange(8) ])
[docs]class HARDWARE_PTE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
[docs]class ETW_PERF_COUNTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TotalActiveSessions = v_uint32()
self.TotalBufferMemoryNonPagedPool = v_uint32()
self.TotalBufferMemoryPagedPool = v_uint32()
self.TotalGuidsEnabled = v_uint32()
self.TotalGuidsNotEnabled = v_uint32()
self.TotalGuidsPreEnabled = v_uint32()
[docs]class HANDLE_TABLE_ENTRY_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AuditMask = v_uint32()
[docs]class DBGKD_WRITE_MEMORY32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TargetBaseAddress = v_uint32()
self.TransferCount = v_uint32()
self.ActualBytesWritten = v_uint32()
[docs]class SINGLE_LIST_ENTRY32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_uint32()
[docs]class CACHED_KSTACK_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SListHead = SLIST_HEADER()
self.MinimumFree = v_uint32()
self.Misses = v_uint32()
self.MissesLast = v_uint32()
self.Pad0 = v_uint32()
class _unnamed_22378(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFlags = v_uint64()
class _unnamed_22379(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFlags3 = v_uint64()
[docs]class WHEA_ERROR_RECORD_SECTION_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SectionOffset = v_uint32()
self.SectionLength = v_uint32()
self.Revision = WHEA_REVISION()
self.ValidBits = WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS()
self.Reserved = v_uint8()
self.Flags = WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS()
self.SectionType = GUID()
self.FRUId = GUID()
self.SectionSeverity = v_uint32()
self.FRUText = vstruct.VArray([ v_uint8() for i in xrange(20) ])
[docs]class AUX_ACCESS_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PrivilegesUsed = v_ptr64()
self.GenericMapping = GENERIC_MAPPING()
self.AccessesToAudit = v_uint32()
self.MaximumAuditMask = v_uint32()
self.TransactionId = GUID()
self.NewSecurityDescriptor = v_ptr64()
self.ExistingSecurityDescriptor = v_ptr64()
self.ParentSecurityDescriptor = v_ptr64()
self.DeRefSecurityDescriptor = v_ptr64()
self.SDLock = v_ptr64()
self.AccessReasons = ACCESS_REASONS()
[docs]class EX_WORK_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WorkerQueue = KQUEUE()
self.DynamicThreadCount = v_uint32()
self.WorkItemsProcessed = v_uint32()
self.WorkItemsProcessedLastPass = v_uint32()
self.QueueDepthLastPass = v_uint32()
self.Info = EX_QUEUE_WORKER_INFO()
self._pad0058 = v_bytes(size=4)
[docs]class MMWSLENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
[docs]class PNP_DEVICE_COMPLETION_REQUEST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.DeviceNode = v_ptr64()
self.Context = v_ptr64()
self.CompletionState = v_uint32()
self.IrpPended = v_uint32()
self.Status = v_uint32()
self._pad0030 = v_bytes(size=4)
self.Information = v_ptr64()
self.WorkItem = WORK_QUEUE_ITEM()
self.FailingDriver = v_ptr64()
self.ReferenceCount = v_uint32()
self._pad0068 = v_bytes(size=4)
class _unnamed_22375(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Balance = v_uint64()
[docs]class PS_CPU_QUOTA_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.SessionId = v_uint32()
self.CpuShareWeight = v_uint32()
self.CapturedWeightData = PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA()
self.DuplicateInputMarker = v_uint32()
self._pad0040 = v_bytes(size=28)
self.CycleCredit = v_uint64()
self.BlockCurrentGeneration = v_uint32()
self.CpuCyclePercent = v_uint32()
self.CyclesFinishedForCurrentGeneration = v_uint8()
self._pad0080 = v_bytes(size=47)
self.Cpu = vstruct.VArray([ PS_PER_CPU_QUOTA_CACHE_AWARE() for i in xrange(256) ])
class _unnamed_29494(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Mbr = _unnamed_29540()
self._pad0010 = v_bytes(size=8)
[docs]class CM_PARTIAL_RESOURCE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Version = v_uint16()
self.Revision = v_uint16()
self.Count = v_uint32()
self.PartialDescriptors = vstruct.VArray([ CM_PARTIAL_RESOURCE_DESCRIPTOR() for i in xrange(1) ])
[docs]class DBGKD_RESTORE_BREAKPOINT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakPointHandle = v_uint32()
[docs]class IMAGE_SECURITY_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PageHashes = v_ptr64()
[docs]class DEVICE_CAPABILITIES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint16()
self.Version = v_uint16()
self.DeviceD1 = v_uint32()
self.Address = v_uint32()
self.UINumber = v_uint32()
self.DeviceState = vstruct.VArray([ DEVICE_POWER_STATE() for i in xrange(7) ])
self.SystemWake = v_uint32()
self.DeviceWake = v_uint32()
self.D1Latency = v_uint32()
self.D2Latency = v_uint32()
self.D3Latency = v_uint32()
[docs]class IOP_FILE_OBJECT_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FoExtFlags = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FoExtPerTypeExtension = vstruct.VArray([ v_ptr64() for i in xrange(7) ])
self.FoIoPriorityHint = v_uint32()
self._pad0048 = v_bytes(size=4)
[docs]class VACB_LEVEL_REFERENCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Reference = v_uint32()
self.SpecialReference = v_uint32()
class _unnamed_26924(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ClassGuid = GUID()
self.SymbolicLinkName = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0014 = v_bytes(size=2)
class _unnamed_26927(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceIds = vstruct.VArray([ v_uint16() for i in xrange(1) ])
[docs]class TOKEN_AUDIT_POLICY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PerUserPolicy = vstruct.VArray([ v_uint8() for i in xrange(27) ])
[docs]class PCW_INSTANCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class DUAL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Map = v_ptr64()
self.SmallDir = v_ptr64()
self.Guard = v_uint32()
self._pad0020 = v_bytes(size=4)
self.FreeDisplay = vstruct.VArray([ FREE_DISPLAY() for i in xrange(24) ])
self.FreeSummary = v_uint32()
self._pad0268 = v_bytes(size=4)
self.FreeBins = LIST_ENTRY()
[docs]class CALLBACK_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class RTL_RANGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = v_uint64()
self.End = v_uint64()
self.UserData = v_ptr64()
self.Owner = v_ptr64()
self.Attributes = v_uint8()
self.Flags = v_uint8()
self._pad0028 = v_bytes(size=6)
[docs]class CONFIGURATION_COMPONENT_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Parent = v_ptr64()
self.Child = v_ptr64()
self.Sibling = v_ptr64()
self.ComponentEntry = CONFIGURATION_COMPONENT()
self.ConfigurationData = v_ptr64()
class _unnamed_28582(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AsUSHORT = v_uint16()
[docs]class EXCEPTION_RECORD64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionCode = v_uint32()
self.ExceptionFlags = v_uint32()
self.ExceptionRecord = v_uint64()
self.ExceptionAddress = v_uint64()
self.NumberParameters = v_uint32()
self.unusedAlignment = v_uint32()
self.ExceptionInformation = vstruct.VArray([ v_uint64() for i in xrange(15) ])
[docs]class KPROCESS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
self.ProfileListHead = LIST_ENTRY()
self.DirectoryTableBase = v_uint64()
self.ThreadListHead = LIST_ENTRY()
self.ProcessLock = v_uint64()
self.Affinity = KAFFINITY_EX()
self.ReadyListHead = LIST_ENTRY()
self.SwapListEntry = SINGLE_LIST_ENTRY()
self.ActiveProcessors = KAFFINITY_EX()
self.AutoAlignment = v_uint32()
self.BasePriority = v_uint8()
self.QuantumReset = v_uint8()
self.Visited = v_uint8()
self.Unused3 = v_uint8()
self.ThreadSeed = vstruct.VArray([ v_uint32() for i in xrange(4) ])
self.IdealNode = vstruct.VArray([ v_uint16() for i in xrange(4) ])
self.IdealGlobalNode = v_uint16()
self.Flags = KEXECUTE_OPTIONS()
self.Unused1 = v_uint8()
self.Unused2 = v_uint32()
self.Unused4 = v_uint32()
self.StackCount = KSTACK_COUNT()
self.ProcessListEntry = LIST_ENTRY()
self.CycleTime = v_uint64()
self.KernelTime = v_uint32()
self.UserTime = v_uint32()
self.InstrumentationCallback = v_ptr64()
self.LdtSystemDescriptor = KGDTENTRY64()
self.LdtBaseAddress = v_ptr64()
self.LdtProcessLock = KGUARDED_MUTEX()
self.LdtFreeSelectorHint = v_uint16()
self.LdtTableLength = v_uint16()
self._pad0160 = v_bytes(size=4)
[docs]class ALPC_COMMUNICATION_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ConnectionPort = v_ptr64()
self.ServerCommunicationPort = v_ptr64()
self.ClientCommunicationPort = v_ptr64()
self.CommunicationList = LIST_ENTRY()
self.HandleTable = ALPC_HANDLE_TABLE()
[docs]class DEVICE_OBJECT_POWER_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IdleCount = v_uint32()
self.BusyCount = v_uint32()
self.BusyReference = v_uint32()
self.TotalBusyCount = v_uint32()
self.ConservationIdleTime = v_uint32()
self.PerformanceIdleTime = v_uint32()
self.DeviceObject = v_ptr64()
self.IdleList = LIST_ENTRY()
self.IdleType = v_uint32()
self.IdleState = v_uint32()
self.CurrentState = v_uint32()
self._pad0040 = v_bytes(size=4)
self.Volume = LIST_ENTRY()
self.Specific = _unnamed_23077()
class _unnamed_24379(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.QueueType = v_uint32()
[docs]class MMPTE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
[docs]class COUNTER_READING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint32()
self.Index = v_uint32()
self.Start = v_uint64()
self.Total = v_uint64()
[docs]class HEAP_TAG_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Allocs = v_uint32()
self.Frees = v_uint32()
self.Size = v_uint64()
self.TagIndex = v_uint16()
self.CreatorBackTraceIndex = v_uint16()
self.TagName = vstruct.VArray([ v_uint16() for i in xrange(24) ])
self._pad0048 = v_bytes(size=4)
class _unnamed_29211(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Head = v_uint64()
[docs]class ALPC_COMPLETION_LIST_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_27537()
[docs]class WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Primary = v_uint32()
[docs]class TP_CALLBACK_ENVIRON_V3(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Version = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Pool = v_ptr64()
self.CleanupGroup = v_ptr64()
self.CleanupGroupCancelCallback = v_ptr64()
self.RaceDll = v_ptr64()
self.ActivationContext = v_ptr64()
self.FinalizationCallback = v_ptr64()
self.u = _unnamed_18815()
self.CallbackPriority = v_uint32()
self.Size = v_uint32()
self._pad0048 = v_bytes(size=4)
class _unnamed_24051(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.DataInfoOffset = v_uint16()
[docs]class MEMORY_ALLOCATION_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.MemoryType = v_uint32()
self._pad0018 = v_bytes(size=4)
self.BasePage = v_uint64()
self.PageCount = v_uint64()
[docs]class MMPTE_TRANSITION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
[docs]class WHEA_ERROR_PACKET_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PreviousError = v_uint32()
[docs]class ARM_DBGKD_CONTROL_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Continue = v_uint32()
self.CurrentSymbolStart = v_uint32()
self.CurrentSymbolEnd = v_uint32()
[docs]class ALPC_PROCESS_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = EX_PUSH_LOCK()
self.ViewListHead = LIST_ENTRY()
self.PagedPoolQuotaCache = v_uint64()
[docs]class DIAGNOSTIC_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CallerType = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Process = v_ptr64()
self.ServiceTag = v_uint32()
self._pad0018 = v_bytes(size=4)
self.ReasonSize = v_uint64()
[docs]class KSPIN_LOCK_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.Lock = v_ptr64()
[docs]class HEAP_LOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = _unnamed_23833()
[docs]class XSTATE_CONFIGURATION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.EnabledFeatures = v_uint64()
self.Size = v_uint32()
self.OptimizedSave = v_uint32()
self.Features = vstruct.VArray([ XSTATE_FEATURE() for i in xrange(64) ])
[docs]class PS_CLIENT_SECURITY_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ImpersonationData = v_uint64()
[docs]class RTL_AVL_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BalancedRoot = RTL_BALANCED_LINKS()
self.OrderedPointer = v_ptr64()
self.WhichOrderedElement = v_uint32()
self.NumberGenericTableElements = v_uint32()
self.DepthOfTree = v_uint32()
self._pad0038 = v_bytes(size=4)
self.RestartKey = v_ptr64()
self.DeleteCount = v_uint32()
self._pad0048 = v_bytes(size=4)
self.CompareRoutine = v_ptr64()
self.AllocateRoutine = v_ptr64()
self.FreeRoutine = v_ptr64()
self.TableContext = v_ptr64()
class _unnamed_26621(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Generic = _unnamed_27286()
self._pad0010 = v_bytes(size=4)
class _unnamed_27306(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = v_uint32()
self.Length = v_uint32()
self.Reserved = v_uint32()
[docs]class PNP_ASSIGN_RESOURCES_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IncludeFailedDevices = v_uint32()
self.DeviceCount = v_uint32()
self.DeviceList = vstruct.VArray([ v_ptr64() for i in xrange(1) ])
class _unnamed_27302(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Channel = v_uint32()
self.Port = v_uint32()
self.Reserved1 = v_uint32()
[docs]class MAPPED_FILE_SEGMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ControlArea = v_ptr64()
self.TotalNumberOfPtes = v_uint32()
self.SegmentFlags = SEGMENT_FLAGS()
self.NumberOfCommittedPages = v_uint64()
self.SizeOfSegment = v_uint64()
self.ExtendInfo = v_ptr64()
self.SegmentLock = EX_PUSH_LOCK()
class _unnamed_26712(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length64 = v_uint32()
self.Alignment64 = v_uint32()
self.MinimumAddress = LARGE_INTEGER()
self.MaximumAddress = LARGE_INTEGER()
[docs]class DBGKD_GET_INTERNAL_BREAKPOINT64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakpointAddress = v_uint64()
self.Flags = v_uint32()
self.Calls = v_uint32()
self.MaxCallsPerPeriod = v_uint32()
self.MinInstructions = v_uint32()
self.MaxInstructions = v_uint32()
self.TotalInstructions = v_uint32()
[docs]class OWNER_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OwnerThread = v_uint64()
self.IoPriorityBoosted = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class ETW_BUFFER_HANDLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TraceBuffer = v_ptr64()
self.BufferFastRef = v_ptr64()
[docs]class DEVOBJ_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.DeviceObject = v_ptr64()
self.PowerFlags = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Dope = v_ptr64()
self.ExtensionFlags = v_uint32()
self._pad0028 = v_bytes(size=4)
self.DeviceNode = v_ptr64()
self.AttachedTo = v_ptr64()
self.StartIoCount = v_uint32()
self.StartIoKey = v_uint32()
self.StartIoFlags = v_uint32()
self._pad0048 = v_bytes(size=4)
self.Vpb = v_ptr64()
self.DependentList = LIST_ENTRY()
self.ProviderList = LIST_ENTRY()
[docs]class HEAP_LOCAL_SEGMENT_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class ARBITER_ALLOCATION_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = v_uint64()
self.End = v_uint64()
self.CurrentMinimum = v_uint64()
self.CurrentMaximum = v_uint64()
self.Entry = v_ptr64()
self.CurrentAlternative = v_ptr64()
self.AlternativeCount = v_uint32()
self._pad0038 = v_bytes(size=4)
self.Alternatives = v_ptr64()
self.Flags = v_uint16()
self.RangeAttributes = v_uint8()
self.RangeAvailableAttributes = v_uint8()
self._pad0048 = v_bytes(size=4)
self.WorkSpace = v_uint64()
[docs]class BLOB_TYPE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ResourceId = v_uint32()
self.PoolTag = v_uint32()
self.Flags = v_uint32()
self.CreatedObjects = v_uint32()
self.DeletedObjects = v_uint32()
self._pad0018 = v_bytes(size=4)
self.DeleteProcedure = v_ptr64()
self.DestroyProcedure = v_ptr64()
self.UsualSize = v_uint64()
self.LookasideIndex = v_uint32()
self._pad0038 = v_bytes(size=4)
[docs]class DBGKD_SET_INTERNAL_BREAKPOINT64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakpointAddress = v_uint64()
self.Flags = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class OPEN_PACKET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.FileObject = v_ptr64()
self.FinalStatus = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Information = v_uint64()
self.ParseCheck = v_uint32()
self._pad0028 = v_bytes(size=4)
self.RelatedFileObject = v_ptr64()
self.OriginalAttributes = v_ptr64()
self.AllocationSize = LARGE_INTEGER()
self.CreateOptions = v_uint32()
self.FileAttributes = v_uint16()
self.ShareAccess = v_uint16()
self.EaBuffer = v_ptr64()
self.EaLength = v_uint32()
self.Options = v_uint32()
self.Disposition = v_uint32()
self._pad0060 = v_bytes(size=4)
self.BasicInformation = v_ptr64()
self.NetworkInformation = v_ptr64()
self.CreateFileType = v_uint32()
self._pad0078 = v_bytes(size=4)
self.MailslotOrPipeParameters = v_ptr64()
self.Override = v_uint8()
self.QueryOnly = v_uint8()
self.DeleteOnly = v_uint8()
self.FullAttributes = v_uint8()
self._pad0088 = v_bytes(size=4)
self.LocalFileObject = v_ptr64()
self.InternalFlags = v_uint32()
self._pad0098 = v_bytes(size=4)
self.DriverCreateContext = IO_DRIVER_CREATE_CONTEXT()
[docs]class HANDLE_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Object = v_ptr64()
self.GrantedAccess = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class HEAP_COUNTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TotalMemoryReserved = v_uint64()
self.TotalMemoryCommitted = v_uint64()
self.TotalMemoryLargeUCR = v_uint64()
self.TotalSizeInVirtualBlocks = v_uint64()
self.TotalSegments = v_uint32()
self.TotalUCRs = v_uint32()
self.CommittOps = v_uint32()
self.DeCommitOps = v_uint32()
self.LockAcquires = v_uint32()
self.LockCollisions = v_uint32()
self.CommitRate = v_uint32()
self.DecommittRate = v_uint32()
self.CommitFailures = v_uint32()
self.InBlockCommitFailures = v_uint32()
self.CompactHeapCalls = v_uint32()
self.CompactedUCRs = v_uint32()
self.AllocAndFreeOps = v_uint32()
self.InBlockDeccommits = v_uint32()
self.InBlockDeccomitSize = v_uint64()
self.HighWatermarkSize = v_uint64()
self.LastPolledSize = v_uint64()
[docs]class WHEA_MEMORY_ERROR_SECTION_VALIDBITS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ErrorStatus = v_uint64()
[docs]class BLOB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ResourceList = LIST_ENTRY()
self.u1 = _unnamed_24097()
self.ResourceId = v_uint8()
self.CachedReferences = v_uint16()
self.ReferenceCount = v_uint32()
self.Lock = EX_PUSH_LOCK()
[docs]class WORK_QUEUE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WorkQueueLinks = LIST_ENTRY()
self.Parameters = _unnamed_23696()
self.Function = v_uint8()
self._pad0020 = v_bytes(size=7)
[docs]class PI_BUS_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self.NumberCSNs = v_uint8()
self._pad0008 = v_bytes(size=3)
self.ReadDataPort = v_ptr64()
self.DataPortMapped = v_uint8()
self._pad0018 = v_bytes(size=7)
self.AddressPort = v_ptr64()
self.AddrPortMapped = v_uint8()
self._pad0028 = v_bytes(size=7)
self.CommandPort = v_ptr64()
self.CmdPortMapped = v_uint8()
self._pad0034 = v_bytes(size=3)
self.NextSlotNumber = v_uint32()
self.DeviceList = SINGLE_LIST_ENTRY()
self.CardList = SINGLE_LIST_ENTRY()
self.PhysicalBusDevice = v_ptr64()
self.FunctionalBusDevice = v_ptr64()
self.AttachedDevice = v_ptr64()
self.BusNumber = v_uint32()
self.SystemPowerState = v_uint32()
self.DevicePowerState = v_uint32()
self._pad0070 = v_bytes(size=4)
[docs]class MAILSLOT_CREATE_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MailslotQuota = v_uint32()
self.MaximumMessageSize = v_uint32()
self.ReadTimeout = LARGE_INTEGER()
self.TimeoutSpecified = v_uint8()
self._pad0018 = v_bytes(size=7)
[docs]class FS_FILTER_CALLBACK_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SizeOfFsFilterCallbackData = v_uint32()
self.Operation = v_uint8()
self.Reserved = v_uint8()
self._pad0008 = v_bytes(size=2)
self.DeviceObject = v_ptr64()
self.FileObject = v_ptr64()
self.Parameters = FS_FILTER_PARAMETERS()
[docs]class REQUEST_MAILBOX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.RequestSummary = v_uint64()
self.RequestPacket = KREQUEST_PACKET()
self._pad0040 = v_bytes(size=16)
[docs]class PPM_IDLE_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DomainMembers = KAFFINITY_EX()
self.IdleCheck = v_ptr64()
self.IdleHandler = v_ptr64()
self.HvConfig = v_uint64()
self.Context = v_ptr64()
self.Latency = v_uint32()
self.Power = v_uint32()
self.TimeCheck = v_uint32()
self.StateFlags = v_uint32()
self.PromotePercent = v_uint8()
self.DemotePercent = v_uint8()
self.PromotePercentBase = v_uint8()
self.DemotePercentBase = v_uint8()
self.StateType = v_uint8()
self._pad0060 = v_bytes(size=3)
[docs]class XSTATE_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Mask = v_uint64()
self.Length = v_uint32()
self.Reserved1 = v_uint32()
self.Area = v_ptr64()
self.Buffer = v_ptr64()
[docs]class ACCESS_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OperationID = LUID()
self.SecurityEvaluated = v_uint8()
self.GenerateAudit = v_uint8()
self.GenerateOnClose = v_uint8()
self.PrivilegesAllocated = v_uint8()
self.Flags = v_uint32()
self.RemainingDesiredAccess = v_uint32()
self.PreviouslyGrantedAccess = v_uint32()
self.OriginalDesiredAccess = v_uint32()
self._pad0020 = v_bytes(size=4)
self.SubjectSecurityContext = SECURITY_SUBJECT_CONTEXT()
self.SecurityDescriptor = v_ptr64()
self.AuxData = v_ptr64()
self.Privileges = _unnamed_20937()
self.AuditPrivileges = v_uint8()
self._pad0080 = v_bytes(size=3)
self.ObjectName = UNICODE_STRING()
self.ObjectTypeName = UNICODE_STRING()
[docs]class DBGKD_SWITCH_PARTITION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Partition = v_uint32()
[docs]class TP_CALLBACK_INSTANCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class AMD64_DBGKD_CONTROL_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TraceFlag = v_uint32()
self.Dr7 = v_uint64()
self.CurrentSymbolStart = v_uint64()
self.CurrentSymbolEnd = v_uint64()
[docs]class PROC_IDLE_ACCOUNTING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StateCount = v_uint32()
self.TotalTransitions = v_uint32()
self.ResetCount = v_uint32()
self._pad0010 = v_bytes(size=4)
self.StartTime = v_uint64()
self.BucketLimits = vstruct.VArray([ v_uint64() for i in xrange(16) ])
self.State = vstruct.VArray([ PROC_IDLE_STATE_ACCOUNTING() for i in xrange(1) ])
class _unnamed_19929(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Depth = v_uint64()
self.HeaderType = v_uint64()
[docs]class GDI_TEB_BATCH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Offset = v_uint32()
self._pad0008 = v_bytes(size=4)
self.HDC = v_uint64()
self.Buffer = vstruct.VArray([ v_uint32() for i in xrange(310) ])
[docs]class DBGKD_SET_SPECIAL_CALL32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SpecialCall = v_uint32()
[docs]class SYSTEM_POWER_LEVEL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Enable = v_uint8()
self.Spare = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self.BatteryLevel = v_uint32()
self.PowerPolicy = POWER_ACTION_POLICY()
self.MinSystemState = v_uint32()
[docs]class DBGKD_SET_SPECIAL_CALL64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SpecialCall = v_uint64()
[docs]class DBGKM_EXCEPTION32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionRecord = EXCEPTION_RECORD32()
self.FirstChance = v_uint32()
[docs]class PAGEFAULT_HISTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_27001(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AsUCHAR = v_uint8()
[docs]class ECP_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self.Flags = v_uint32()
self.EcpList = LIST_ENTRY()
class _unnamed_21379(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IdType = v_uint32()
[docs]class PEB32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InheritedAddressSpace = v_uint8()
self.ReadImageFileExecOptions = v_uint8()
self.BeingDebugged = v_uint8()
self.BitField = v_uint8()
self.Mutant = v_uint32()
self.ImageBaseAddress = v_uint32()
self.Ldr = v_uint32()
self.ProcessParameters = v_uint32()
self.SubSystemData = v_uint32()
self.ProcessHeap = v_uint32()
self.FastPebLock = v_uint32()
self.AtlThunkSListPtr = v_uint32()
self.IFEOKey = v_uint32()
self.CrossProcessFlags = v_uint32()
self.KernelCallbackTable = v_uint32()
self.SystemReserved = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.AtlThunkSListPtr32 = v_uint32()
self.ApiSetMap = v_uint32()
self.TlsExpansionCounter = v_uint32()
self.TlsBitmap = v_uint32()
self.TlsBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.ReadOnlySharedMemoryBase = v_uint32()
self.HotpatchInformation = v_uint32()
self.ReadOnlyStaticServerData = v_uint32()
self.AnsiCodePageData = v_uint32()
self.OemCodePageData = v_uint32()
self.UnicodeCaseTableData = v_uint32()
self.NumberOfProcessors = v_uint32()
self.NtGlobalFlag = v_uint32()
self._pad0070 = v_bytes(size=4)
self.CriticalSectionTimeout = LARGE_INTEGER()
self.HeapSegmentReserve = v_uint32()
self.HeapSegmentCommit = v_uint32()
self.HeapDeCommitTotalFreeThreshold = v_uint32()
self.HeapDeCommitFreeBlockThreshold = v_uint32()
self.NumberOfHeaps = v_uint32()
self.MaximumNumberOfHeaps = v_uint32()
self.ProcessHeaps = v_uint32()
self.GdiSharedHandleTable = v_uint32()
self.ProcessStarterHelper = v_uint32()
self.GdiDCAttributeList = v_uint32()
self.LoaderLock = v_uint32()
self.OSMajorVersion = v_uint32()
self.OSMinorVersion = v_uint32()
self.OSBuildNumber = v_uint16()
self.OSCSDVersion = v_uint16()
self.OSPlatformId = v_uint32()
self.ImageSubsystem = v_uint32()
self.ImageSubsystemMajorVersion = v_uint32()
self.ImageSubsystemMinorVersion = v_uint32()
self.ActiveProcessAffinityMask = v_uint32()
self.GdiHandleBuffer = vstruct.VArray([ v_uint32() for i in xrange(34) ])
self.PostProcessInitRoutine = v_uint32()
self.TlsExpansionBitmap = v_uint32()
self.TlsExpansionBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(32) ])
self.SessionId = v_uint32()
self.AppCompatFlags = ULARGE_INTEGER()
self.AppCompatFlagsUser = ULARGE_INTEGER()
self.pShimData = v_uint32()
self.AppCompatInfo = v_uint32()
self.CSDVersion = STRING32()
self.ActivationContextData = v_uint32()
self.ProcessAssemblyStorageMap = v_uint32()
self.SystemDefaultActivationContextData = v_uint32()
self.SystemAssemblyStorageMap = v_uint32()
self.MinimumStackCommit = v_uint32()
self.FlsCallback = v_uint32()
self.FlsListHead = LIST_ENTRY32()
self.FlsBitmap = v_uint32()
self.FlsBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(4) ])
self.FlsHighIndex = v_uint32()
self.WerRegistrationData = v_uint32()
self.WerShipAssertPtr = v_uint32()
self.pContextData = v_uint32()
self.pImageHeaderHash = v_uint32()
self.TracingFlags = v_uint32()
self._pad0248 = v_bytes(size=4)
[docs]class NT_TIB64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionList = v_uint64()
self.StackBase = v_uint64()
self.StackLimit = v_uint64()
self.SubSystemTib = v_uint64()
self.FiberData = v_uint64()
self.ArbitraryUserPointer = v_uint64()
self.Self = v_uint64()
[docs]class SECTION_OBJECT_POINTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DataSectionObject = v_ptr64()
self.SharedCacheMap = v_ptr64()
self.ImageSectionObject = v_ptr64()
[docs]class MDL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.Size = v_uint16()
self.MdlFlags = v_uint16()
self._pad0010 = v_bytes(size=4)
self.Process = v_ptr64()
self.MappedSystemVa = v_ptr64()
self.StartVa = v_ptr64()
self.ByteCount = v_uint32()
self.ByteOffset = v_uint32()
class _unnamed_21370(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = v_uint8()
[docs]class KTRAP_FRAME(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.P1Home = v_uint64()
self.P2Home = v_uint64()
self.P3Home = v_uint64()
self.P4Home = v_uint64()
self.P5 = v_uint64()
self.PreviousMode = v_uint8()
self.PreviousIrql = v_uint8()
self.FaultIndicator = v_uint8()
self.ExceptionActive = v_uint8()
self.MxCsr = v_uint32()
self.Rax = v_uint64()
self.Rcx = v_uint64()
self.Rdx = v_uint64()
self.R8 = v_uint64()
self.R9 = v_uint64()
self.R10 = v_uint64()
self.R11 = v_uint64()
self.GsBase = v_uint64()
self.Xmm0 = M128A()
self.Xmm1 = M128A()
self.Xmm2 = M128A()
self.Xmm3 = M128A()
self.Xmm4 = M128A()
self.Xmm5 = M128A()
self.FaultAddress = v_uint64()
self.Dr0 = v_uint64()
self.Dr1 = v_uint64()
self.Dr2 = v_uint64()
self.Dr3 = v_uint64()
self.Dr6 = v_uint64()
self.Dr7 = v_uint64()
self.DebugControl = v_uint64()
self.LastBranchToRip = v_uint64()
self.LastBranchFromRip = v_uint64()
self.LastExceptionToRip = v_uint64()
self.LastExceptionFromRip = v_uint64()
self.SegDs = v_uint16()
self.SegEs = v_uint16()
self.SegFs = v_uint16()
self.SegGs = v_uint16()
self.TrapFrame = v_uint64()
self.Rbx = v_uint64()
self.Rdi = v_uint64()
self.Rsi = v_uint64()
self.Rbp = v_uint64()
self.ErrorCode = v_uint64()
self.Rip = v_uint64()
self.SegCs = v_uint16()
self.Fill0 = v_uint8()
self.Logging = v_uint8()
self.Fill1 = vstruct.VArray([ v_uint16() for i in xrange(2) ])
self.EFlags = v_uint32()
self.Fill2 = v_uint32()
self.Rsp = v_uint64()
self.SegSs = v_uint16()
self.Fill3 = v_uint16()
self.CodePatchCycle = v_uint32()
[docs]class CM_INDEX_HINT_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.HashKey = vstruct.VArray([ v_uint32() for i in xrange(1) ])
[docs]class PRIVATE_CACHE_MAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NodeTypeCode = v_uint16()
self._pad0004 = v_bytes(size=2)
self.ReadAheadMask = v_uint32()
self.FileObject = v_ptr64()
self.FileOffset1 = LARGE_INTEGER()
self.BeyondLastByte1 = LARGE_INTEGER()
self.FileOffset2 = LARGE_INTEGER()
self.BeyondLastByte2 = LARGE_INTEGER()
self.SequentialReadCount = v_uint32()
self.ReadAheadLength = v_uint32()
self.ReadAheadOffset = LARGE_INTEGER()
self.ReadAheadBeyondLastByte = LARGE_INTEGER()
self.ReadAheadSpinLock = v_uint64()
self.PrivateLinks = LIST_ENTRY()
self.ReadAheadWorkItem = v_ptr64()
[docs]class MMPTE_SOFTWARE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
class _unnamed_21275(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Srb = v_ptr64()
[docs]class IO_TIMER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.TimerFlag = v_uint16()
self._pad0008 = v_bytes(size=4)
self.TimerList = LIST_ENTRY()
self.TimerRoutine = v_ptr64()
self.Context = v_ptr64()
self.DeviceObject = v_ptr64()
[docs]class MM_STORE_KEY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.KeyLow = v_uint64()
[docs]class WHEA_REVISION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MinorRevision = v_uint8()
self.MajorRevision = v_uint8()
class _unnamed_25432(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = MMSECURE_FLAGS()
self._pad0008 = v_bytes(size=4)
class _unnamed_21118(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityContext = v_ptr64()
self.Options = v_uint32()
self._pad0010 = v_bytes(size=4)
self.Reserved = v_uint16()
self.ShareAccess = v_uint16()
self._pad0018 = v_bytes(size=4)
self.Parameters = v_ptr64()
[docs]class MM_SESSION_SPACE_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Initialized = v_uint32()
class _unnamed_18815(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
[docs]class PROC_IDLE_SNAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Time = v_uint64()
self.Idle = v_uint64()
class _unnamed_28620(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MissedEtwRegistration = v_uint32()
[docs]class RTL_DYNAMIC_HASH_TABLE_ENUMERATOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HashEntry = RTL_DYNAMIC_HASH_TABLE_ENTRY()
self.ChainHead = v_ptr64()
self.BucketIndex = v_uint32()
self._pad0028 = v_bytes(size=4)
[docs]class SECURITY_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revision = v_uint8()
self.Sbz1 = v_uint8()
self.Control = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Owner = v_ptr64()
self.Group = v_ptr64()
self.Sacl = v_ptr64()
self.Dacl = v_ptr64()
class _unnamed_22477(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Mdl = MDL()
self.Page = vstruct.VArray([ v_uint64() for i in xrange(1) ])
[docs]class PCW_PROCESSOR_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IdleTime = v_uint64()
self.AvailableTime = v_uint64()
self.UserTime = v_uint64()
self.KernelTime = v_uint64()
self.Interrupts = v_uint32()
self._pad0028 = v_bytes(size=4)
self.DpcTime = v_uint64()
self.InterruptTime = v_uint64()
self.DpcCount = v_uint32()
self.DpcRate = v_uint32()
self.C1Time = v_uint64()
self.C2Time = v_uint64()
self.C3Time = v_uint64()
self.C1Transitions = v_uint64()
self.C2Transitions = v_uint64()
self.C3Transitions = v_uint64()
self.ParkingStatus = v_uint32()
self.CurrentFrequency = v_uint32()
self.PercentMaxFrequency = v_uint32()
self.StateFlags = v_uint32()
[docs]class OBJECT_TYPE_INITIALIZER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint16()
self.ObjectTypeFlags = v_uint8()
self._pad0004 = v_bytes(size=1)
self.ObjectTypeCode = v_uint32()
self.InvalidAttributes = v_uint32()
self.GenericMapping = GENERIC_MAPPING()
self.ValidAccessMask = v_uint32()
self.RetainAccess = v_uint32()
self.PoolType = v_uint32()
self.DefaultPagedPoolCharge = v_uint32()
self.DefaultNonPagedPoolCharge = v_uint32()
self.DumpProcedure = v_ptr64()
self.OpenProcedure = v_ptr64()
self.CloseProcedure = v_ptr64()
self.DeleteProcedure = v_ptr64()
self.ParseProcedure = v_ptr64()
self.SecurityProcedure = v_ptr64()
self.QueryNameProcedure = v_ptr64()
self.OkayToCloseProcedure = v_ptr64()
[docs]class TP_DIRECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Callback = v_ptr64()
self.NumaNode = v_uint32()
self.IdealProcessor = v_uint8()
self._pad0010 = v_bytes(size=3)
[docs]class XSTATE_SAVE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Prev = v_ptr64()
self.Thread = v_ptr64()
self.Level = v_uint8()
self._pad0018 = v_bytes(size=7)
self.XStateContext = XSTATE_CONTEXT()
[docs]class PTE_TRACKER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.Mdl = v_ptr64()
self.Count = v_uint64()
self.SystemVa = v_ptr64()
self.StartVa = v_ptr64()
self.Offset = v_uint32()
self.Length = v_uint32()
self.Page = v_uint64()
self.IoMapping = v_uint32()
self._pad0048 = v_bytes(size=4)
self.CallingAddress = v_ptr64()
self.CallersCaller = v_ptr64()
[docs]class POP_DEVICE_SYS_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IrpMinor = v_uint8()
self._pad0004 = v_bytes(size=3)
self.SystemState = v_uint32()
self.SpinLock = v_uint64()
self.Thread = v_ptr64()
self.AbortEvent = v_ptr64()
self.ReadySemaphore = v_ptr64()
self.FinishedSemaphore = v_ptr64()
self.GetNewDeviceList = v_uint8()
self._pad0038 = v_bytes(size=7)
self.Order = PO_DEVICE_NOTIFY_ORDER()
self.Pending = LIST_ENTRY()
self.Status = v_uint32()
self._pad02e8 = v_bytes(size=4)
self.FailedDevice = v_ptr64()
self.Waking = v_uint8()
self.Cancelled = v_uint8()
self.IgnoreErrors = v_uint8()
self.IgnoreNotImplemented = v_uint8()
self.TimeRefreshLockAcquired = v_uint8()
self._pad02f8 = v_bytes(size=3)
[docs]class VI_DEADLOCK_RESOURCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint32()
self.NodeCount = v_uint32()
self.ResourceAddress = v_ptr64()
self.ThreadOwner = v_ptr64()
self.ResourceList = LIST_ENTRY()
self.HashChainList = LIST_ENTRY()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
self.LastAcquireTrace = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
self.LastReleaseTrace = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
[docs]class UNEXPECTED_INTERRUPT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PushImmOp = v_uint8()
self.PushImm = v_uint32()
self.PushRbp = v_uint8()
self.JmpOp = v_uint8()
self.JmpOffset = v_uint32()
self._pad0010 = v_bytes(size=5)
[docs]class HEAP_PSEUDO_TAG_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Allocs = v_uint32()
self.Frees = v_uint32()
self.Size = v_uint64()
[docs]class MMPFNLIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Total = v_uint64()
self.ListName = v_uint32()
self._pad0010 = v_bytes(size=4)
self.Flink = v_uint64()
self.Blink = v_uint64()
self.Lock = v_uint64()
[docs]class CM_KEY_REFERENCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.KeyCell = v_uint32()
self._pad0008 = v_bytes(size=4)
self.KeyHive = v_ptr64()
[docs]class MMSECTION_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BeingDeleted = v_uint32()
[docs]class MI_SPECIAL_POOL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PteBase = v_ptr64()
self.Lock = v_uint64()
self.Paged = MI_SPECIAL_POOL_PTE_LIST()
self.NonPaged = MI_SPECIAL_POOL_PTE_LIST()
self.PagesInUse = v_uint64()
self.SpecialPoolPdes = RTL_BITMAP()
[docs]class MM_SUBSECTION_AVL_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BalancedRoot = MMSUBSECTION_NODE()
self.DepthOfTree = v_uint64()
self.NodeHint = v_ptr64()
[docs]class NETWORK_LOADER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DHCPServerACK = v_ptr64()
self.DHCPServerACKLength = v_uint32()
self._pad0010 = v_bytes(size=4)
self.BootServerReplyPacket = v_ptr64()
self.BootServerReplyPacketLength = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class CM_TRANS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TransactionListEntry = LIST_ENTRY()
self.KCBUoWListHead = LIST_ENTRY()
self.LazyCommitListEntry = LIST_ENTRY()
self.KtmTrans = v_ptr64()
self.CmRm = v_ptr64()
self.KtmEnlistmentObject = v_ptr64()
self.KtmEnlistmentHandle = v_ptr64()
self.KtmUow = GUID()
self.StartLsn = v_uint64()
self.TransState = v_uint32()
self.HiveCount = v_uint32()
self.HiveArray = vstruct.VArray([ v_ptr64() for i in xrange(7) ])
[docs]class POP_POWER_ACTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Updates = v_uint8()
self.State = v_uint8()
self.Shutdown = v_uint8()
self._pad0004 = v_bytes(size=1)
self.Action = v_uint32()
self.LightestState = v_uint32()
self.Flags = v_uint32()
self.Status = v_uint32()
self.DeviceType = v_uint32()
self.DeviceTypeFlags = v_uint32()
self.IrpMinor = v_uint8()
self.Waking = v_uint8()
self._pad0020 = v_bytes(size=2)
self.SystemState = v_uint32()
self.NextSystemState = v_uint32()
self.EffectiveSystemState = v_uint32()
self.CurrentSystemState = v_uint32()
self.ShutdownBugCode = v_ptr64()
self.DevState = v_ptr64()
self.HiberContext = v_ptr64()
self.WakeTime = v_uint64()
self.SleepTime = v_uint64()
self.ProgrammedRTCTime = v_uint64()
self.WakeOnRTC = v_uint8()
self._pad0068 = v_bytes(size=7)
self.WakeTimerInfo = v_ptr64()
self.FilteredCapabilities = SYSTEM_POWER_CAPABILITIES()
self._pad00c0 = v_bytes(size=4)
[docs]class PAGED_LOOKASIDE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.L = GENERAL_LOOKASIDE()
[docs]class ETHREAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Tcb = KTHREAD()
self.CreateTime = LARGE_INTEGER()
self.ExitTime = LARGE_INTEGER()
self._pad0378 = v_bytes(size=8)
self.ExitStatus = v_uint32()
self._pad0380 = v_bytes(size=4)
self.PostBlockList = LIST_ENTRY()
self.TerminationPort = v_ptr64()
self.ActiveTimerListLock = v_uint64()
self.ActiveTimerListHead = LIST_ENTRY()
self.Cid = CLIENT_ID()
self.KeyedWaitSemaphore = KSEMAPHORE()
self.ClientSecurity = PS_CLIENT_SECURITY_CONTEXT()
self.IrpList = LIST_ENTRY()
self.TopLevelIrp = v_uint64()
self.DeviceToVerify = v_ptr64()
self.CpuQuotaApc = v_ptr64()
self.Win32StartAddress = v_ptr64()
self.LegacyPowerObject = v_ptr64()
self.ThreadListEntry = LIST_ENTRY()
self.RundownProtect = EX_RUNDOWN_REF()
self.ThreadLock = EX_PUSH_LOCK()
self.ReadClusterSize = v_uint32()
self.MmLockOrdering = v_uint32()
self.CrossThreadFlags = v_uint32()
self.SameThreadPassiveFlags = v_uint32()
self.SameThreadApcFlags = v_uint32()
self.CacheManagerActive = v_uint8()
self.DisablePageFaultClustering = v_uint8()
self.ActiveFaultCount = v_uint8()
self.LockOrderState = v_uint8()
self.AlpcMessageId = v_uint64()
self.AlpcMessage = v_ptr64()
self.AlpcWaitListEntry = LIST_ENTRY()
self.CacheManagerCount = v_uint32()
self.IoBoostCount = v_uint32()
self.IrpListLock = v_uint64()
self.ReservedForSynchTracking = v_ptr64()
self.CmCallbackListHead = SINGLE_LIST_ENTRY()
[docs]class PO_NOTIFY_ORDER_LEVEL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceCount = v_uint32()
self.ActiveCount = v_uint32()
self.WaitSleep = LIST_ENTRY()
self.ReadySleep = LIST_ENTRY()
self.ReadyS0 = LIST_ENTRY()
self.WaitS0 = LIST_ENTRY()
[docs]class RTL_BITMAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SizeOfBitMap = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Buffer = v_ptr64()
[docs]class LARGE_INTEGER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LowPart = v_uint32()
self.HighPart = v_uint32()
[docs]class IA64_DBGKD_CONTROL_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Continue = v_uint32()
self.CurrentSymbolStart = v_uint64()
self.CurrentSymbolEnd = v_uint64()
[docs]class NPAGED_LOOKASIDE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.L = GENERAL_LOOKASIDE()
[docs]class HBIN(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self.FileOffset = v_uint32()
self.Size = v_uint32()
self.Reserved1 = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.TimeStamp = LARGE_INTEGER()
self.Spare = v_uint32()
class _unnamed_21245(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_ptr64()
self.Key = v_uint32()
self._pad0010 = v_bytes(size=4)
self.ByteOffset = LARGE_INTEGER()
class _unnamed_23833(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CriticalSection = RTL_CRITICAL_SECTION()
[docs]class BITMAP_RANGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Links = LIST_ENTRY()
self.BasePage = v_uint64()
self.FirstDirtyPage = v_uint32()
self.LastDirtyPage = v_uint32()
self.DirtyPages = v_uint32()
self._pad0028 = v_bytes(size=4)
self.Bitmap = v_ptr64()
[docs]class ETW_REG_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RegList = LIST_ENTRY()
self.GuidEntry = v_ptr64()
self.Index = v_uint16()
self.Flags = v_uint16()
self.EnableMask = v_uint8()
self._pad0020 = v_bytes(size=3)
self.SessionId = v_uint32()
self._pad0040 = v_bytes(size=28)
self.Process = v_ptr64()
self.CallbackContext = v_ptr64()
[docs]class KLOCK_QUEUE_HANDLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LockQueue = KSPIN_LOCK_QUEUE()
self.OldIrql = v_uint8()
self._pad0018 = v_bytes(size=7)
[docs]class CLIENT_ID32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UniqueProcess = v_uint32()
self.UniqueThread = v_uint32()
[docs]class CLS_LSN(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.offset = _unnamed_29085()
[docs]class ALIGNED_AFFINITY_SUMMARY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CpuSet = KAFFINITY_EX()
self.SMTSet = KAFFINITY_EX()
self._pad0080 = v_bytes(size=48)
[docs]class VPB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self.Flags = v_uint16()
self.VolumeLabelLength = v_uint16()
self.DeviceObject = v_ptr64()
self.RealDevice = v_ptr64()
self.SerialNumber = v_uint32()
self.ReferenceCount = v_uint32()
self.VolumeLabel = vstruct.VArray([ v_uint16() for i in xrange(32) ])
[docs]class OBP_LOOKUP_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Directory = v_ptr64()
self.Object = v_ptr64()
self.HashValue = v_uint32()
self.HashIndex = v_uint16()
self.DirectoryLocked = v_uint8()
self.LockedExclusive = v_uint8()
self.LockStateSignature = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class OB_DUPLICATE_OBJECT_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SourceProcess = v_ptr64()
self.SourceHandle = v_ptr64()
self.Object = v_ptr64()
self.TargetAccess = v_uint32()
self.ObjectInfo = HANDLE_TABLE_ENTRY_INFO()
self.HandleAttributes = v_uint32()
self._pad0028 = v_bytes(size=4)
[docs]class PP_LOOKASIDE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.P = v_ptr64()
self.L = v_ptr64()
[docs]class SEP_LOGON_SESSION_REFERENCES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.LogonId = LUID()
self.BuddyLogonId = LUID()
self.ReferenceCount = v_uint32()
self.Flags = v_uint32()
self.pDeviceMap = v_ptr64()
self.Token = v_ptr64()
self.AccountName = UNICODE_STRING()
self.AuthorityName = UNICODE_STRING()
class _unnamed_18818(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFunction = v_uint32()
[docs]class PSP_CPU_QUOTA_APC(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class MMPTE_TIMESTAMP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MustBeZero = v_uint64()
[docs]class KUSER_SHARED_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TickCountLowDeprecated = v_uint32()
self.TickCountMultiplier = v_uint32()
self.InterruptTime = KSYSTEM_TIME()
self.SystemTime = KSYSTEM_TIME()
self.TimeZoneBias = KSYSTEM_TIME()
self.ImageNumberLow = v_uint16()
self.ImageNumberHigh = v_uint16()
self.NtSystemRoot = vstruct.VArray([ v_uint16() for i in xrange(260) ])
self.MaxStackTraceDepth = v_uint32()
self.CryptoExponent = v_uint32()
self.TimeZoneId = v_uint32()
self.LargePageMinimum = v_uint32()
self.Reserved2 = vstruct.VArray([ v_uint32() for i in xrange(7) ])
self.NtProductType = v_uint32()
self.ProductTypeIsValid = v_uint8()
self._pad026c = v_bytes(size=3)
self.NtMajorVersion = v_uint32()
self.NtMinorVersion = v_uint32()
self.ProcessorFeatures = vstruct.VArray([ v_uint8() for i in xrange(64) ])
self.Reserved1 = v_uint32()
self.Reserved3 = v_uint32()
self.TimeSlip = v_uint32()
self.AlternativeArchitecture = v_uint32()
self.AltArchitecturePad = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.SystemExpirationDate = LARGE_INTEGER()
self.SuiteMask = v_uint32()
self.KdDebuggerEnabled = v_uint8()
self.NXSupportPolicy = v_uint8()
self._pad02d8 = v_bytes(size=2)
self.ActiveConsoleId = v_uint32()
self.DismountCount = v_uint32()
self.ComPlusPackage = v_uint32()
self.LastSystemRITEventTickCount = v_uint32()
self.NumberOfPhysicalPages = v_uint32()
self.SafeBootMode = v_uint8()
self.TscQpcData = v_uint8()
self.TscQpcPad = vstruct.VArray([ v_uint8() for i in xrange(2) ])
self.SharedDataFlags = v_uint32()
self.DataFlagsPad = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.TestRetInstruction = v_uint64()
self.SystemCall = v_uint32()
self.SystemCallReturn = v_uint32()
self.SystemCallPad = vstruct.VArray([ v_uint64() for i in xrange(3) ])
self.TickCount = KSYSTEM_TIME()
self.TickCountPad = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.Cookie = v_uint32()
self.CookiePad = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.ConsoleSessionForegroundProcessId = v_uint64()
self.Wow64SharedInformation = vstruct.VArray([ v_uint32() for i in xrange(16) ])
self.UserModeGlobalLogger = vstruct.VArray([ v_uint16() for i in xrange(16) ])
self.ImageFileExecutionOptions = v_uint32()
self.LangGenerationCount = v_uint32()
self.Reserved5 = v_uint64()
self.InterruptTimeBias = v_uint64()
self.TscQpcBias = v_uint64()
self.ActiveProcessorCount = v_uint32()
self.ActiveGroupCount = v_uint16()
self.Reserved4 = v_uint16()
self.AitSamplingValue = v_uint32()
self.AppCompatFlag = v_uint32()
self.SystemDllNativeRelocation = v_uint64()
self.SystemDllWowRelocation = v_uint32()
self.XStatePad = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.XState = XSTATE_CONFIGURATION()
class _unnamed_27347(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PhysicalAddress = v_uint32()
[docs]class LPCP_MESSAGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = LIST_ENTRY()
self.SenderPort = v_ptr64()
self.RepliedToThread = v_ptr64()
self.PortContext = v_ptr64()
self.Request = PORT_MESSAGE()
[docs]class HEAP_FREE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PreviousBlockPrivateData = v_ptr64()
self.Size = v_uint16()
self.Flags = v_uint8()
self.SmallTagIndex = v_uint8()
self.PreviousSize = v_uint16()
self.SegmentOffset = v_uint8()
self.UnusedBytes = v_uint8()
self.FreeList = LIST_ENTRY()
[docs]class KTM(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.cookie = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Mutex = KMUTANT()
self.State = v_uint32()
self._pad0048 = v_bytes(size=4)
self.NamespaceLink = KTMOBJECT_NAMESPACE_LINK()
self.TmIdentity = GUID()
self.Flags = v_uint32()
self.VolatileFlags = v_uint32()
self.LogFileName = UNICODE_STRING()
self.LogFileObject = v_ptr64()
self.MarshallingContext = v_ptr64()
self.LogManagementContext = v_ptr64()
self.Transactions = KTMOBJECT_NAMESPACE()
self.ResourceManagers = KTMOBJECT_NAMESPACE()
self.LsnOrderedMutex = KMUTANT()
self.LsnOrderedList = LIST_ENTRY()
self.CommitVirtualClock = LARGE_INTEGER()
self.CommitVirtualClockMutex = FAST_MUTEX()
self.BaseLsn = CLS_LSN()
self.CurrentReadLsn = CLS_LSN()
self.LastRecoveredLsn = CLS_LSN()
self.TmRmHandle = v_ptr64()
self.TmRm = v_ptr64()
self.LogFullNotifyEvent = KEVENT()
self.CheckpointWorkItem = WORK_QUEUE_ITEM()
self.CheckpointTargetLsn = CLS_LSN()
self.LogFullCompletedWorkItem = WORK_QUEUE_ITEM()
self.LogWriteResource = ERESOURCE()
self.LogFlags = v_uint32()
self.LogFullStatus = v_uint32()
self.RecoveryStatus = v_uint32()
self._pad0388 = v_bytes(size=4)
self.LastCheckBaseLsn = CLS_LSN()
self.RestartOrderedList = LIST_ENTRY()
self.OfflineWorkItem = WORK_QUEUE_ITEM()
[docs]class PRIVATE_CACHE_MAP_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DontUse = v_uint32()
[docs]class VF_TARGET_VERIFIED_DRIVER_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SuspectDriverEntry = v_ptr64()
self.WMICallback = v_ptr64()
self.EtwHandlesListHead = LIST_ENTRY()
self.u1 = _unnamed_26910()
self._pad0028 = v_bytes(size=4)
self.Signature = v_uint64()
self.PoolPageHeaders = SLIST_HEADER()
self.PoolTrackers = SLIST_HEADER()
self.CurrentPagedPoolAllocations = v_uint32()
self.CurrentNonPagedPoolAllocations = v_uint32()
self.PeakPagedPoolAllocations = v_uint32()
self.PeakNonPagedPoolAllocations = v_uint32()
self.PagedBytes = v_uint64()
self.NonPagedBytes = v_uint64()
self.PeakPagedBytes = v_uint64()
self.PeakNonPagedBytes = v_uint64()
self.RaiseIrqls = v_uint32()
self.AcquireSpinLocks = v_uint32()
self.SynchronizeExecutions = v_uint32()
self.AllocationsWithNoTag = v_uint32()
self.AllocationsFailed = v_uint32()
self.AllocationsFailedDeliberately = v_uint32()
self.LockedBytes = v_uint64()
self.PeakLockedBytes = v_uint64()
self.MappedLockedBytes = v_uint64()
self.PeakMappedLockedBytes = v_uint64()
self.MappedIoSpaceBytes = v_uint64()
self.PeakMappedIoSpaceBytes = v_uint64()
self.PagesForMdlBytes = v_uint64()
self.PeakPagesForMdlBytes = v_uint64()
self.ContiguousMemoryBytes = v_uint64()
self.PeakContiguousMemoryBytes = v_uint64()
self.ContiguousMemoryListHead = LIST_ENTRY()
self._pad0100 = v_bytes(size=8)
[docs]class TEB64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NtTib = NT_TIB64()
self.EnvironmentPointer = v_uint64()
self.ClientId = CLIENT_ID64()
self.ActiveRpcHandle = v_uint64()
self.ThreadLocalStoragePointer = v_uint64()
self.ProcessEnvironmentBlock = v_uint64()
self.LastErrorValue = v_uint32()
self.CountOfOwnedCriticalSections = v_uint32()
self.CsrClientThread = v_uint64()
self.Win32ThreadInfo = v_uint64()
self.User32Reserved = vstruct.VArray([ v_uint32() for i in xrange(26) ])
self.UserReserved = vstruct.VArray([ v_uint32() for i in xrange(5) ])
self._pad0100 = v_bytes(size=4)
self.WOW32Reserved = v_uint64()
self.CurrentLocale = v_uint32()
self.FpSoftwareStatusRegister = v_uint32()
self.SystemReserved1 = vstruct.VArray([ v_uint64() for i in xrange(54) ])
self.ExceptionCode = v_uint32()
self._pad02c8 = v_bytes(size=4)
self.ActivationContextStackPointer = v_uint64()
self.SpareBytes = vstruct.VArray([ v_uint8() for i in xrange(24) ])
self.TxFsContext = v_uint32()
self._pad02f0 = v_bytes(size=4)
self.GdiTebBatch = GDI_TEB_BATCH64()
self.RealClientId = CLIENT_ID64()
self.GdiCachedProcessHandle = v_uint64()
self.GdiClientPID = v_uint32()
self.GdiClientTID = v_uint32()
self.GdiThreadLocalInfo = v_uint64()
self.Win32ClientInfo = vstruct.VArray([ v_uint64() for i in xrange(62) ])
self.glDispatchTable = vstruct.VArray([ v_uint64() for i in xrange(233) ])
self.glReserved1 = vstruct.VArray([ v_uint64() for i in xrange(29) ])
self.glReserved2 = v_uint64()
self.glSectionInfo = v_uint64()
self.glSection = v_uint64()
self.glTable = v_uint64()
self.glCurrentRC = v_uint64()
self.glContext = v_uint64()
self.LastStatusValue = v_uint32()
self._pad1258 = v_bytes(size=4)
self.StaticUnicodeString = STRING64()
self.StaticUnicodeBuffer = vstruct.VArray([ v_uint16() for i in xrange(261) ])
self._pad1478 = v_bytes(size=6)
self.DeallocationStack = v_uint64()
self.TlsSlots = vstruct.VArray([ v_uint64() for i in xrange(64) ])
self.TlsLinks = LIST_ENTRY64()
self.Vdm = v_uint64()
self.ReservedForNtRpc = v_uint64()
self.DbgSsReserved = vstruct.VArray([ v_uint64() for i in xrange(2) ])
self.HardErrorMode = v_uint32()
self._pad16b8 = v_bytes(size=4)
self.Instrumentation = vstruct.VArray([ v_uint64() for i in xrange(11) ])
self.ActivityId = GUID()
self.SubProcessTag = v_uint64()
self.EtwLocalData = v_uint64()
self.EtwTraceData = v_uint64()
self.WinSockData = v_uint64()
self.GdiBatchCount = v_uint32()
self.CurrentIdealProcessor = PROCESSOR_NUMBER()
self.GuaranteedStackBytes = v_uint32()
self._pad1750 = v_bytes(size=4)
self.ReservedForPerf = v_uint64()
self.ReservedForOle = v_uint64()
self.WaitingOnLoaderLock = v_uint32()
self._pad1768 = v_bytes(size=4)
self.SavedPriorityState = v_uint64()
self.SoftPatchPtr1 = v_uint64()
self.ThreadPoolData = v_uint64()
self.TlsExpansionSlots = v_uint64()
self.DeallocationBStore = v_uint64()
self.BStoreLimit = v_uint64()
self.MuiGeneration = v_uint32()
self.IsImpersonating = v_uint32()
self.NlsCache = v_uint64()
self.pShimData = v_uint64()
self.HeapVirtualAffinity = v_uint32()
self._pad17b8 = v_bytes(size=4)
self.CurrentTransactionHandle = v_uint64()
self.ActiveFrame = v_uint64()
self.FlsData = v_uint64()
self.PreferredLanguages = v_uint64()
self.UserPrefLanguages = v_uint64()
self.MergedPrefLanguages = v_uint64()
self.MuiImpersonation = v_uint32()
self.CrossTebFlags = v_uint16()
self.SameTebFlags = v_uint16()
self.TxnScopeEnterCallback = v_uint64()
self.TxnScopeExitCallback = v_uint64()
self.TxnScopeContext = v_uint64()
self.LockCount = v_uint32()
self.SpareUlong0 = v_uint32()
self.ResourceRetValue = v_uint64()
[docs]class IO_STATUS_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Status = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Information = v_uint64()
[docs]class HCELL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint32()
self.u = _unnamed_22910()
[docs]class CM_RESOURCE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.List = vstruct.VArray([ CM_FULL_RESOURCE_DESCRIPTOR() for i in xrange(1) ])
[docs]class EPROCESS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Pcb = KPROCESS()
self.ProcessLock = EX_PUSH_LOCK()
self.CreateTime = LARGE_INTEGER()
self.ExitTime = LARGE_INTEGER()
self.RundownProtect = EX_RUNDOWN_REF()
self.UniqueProcessId = v_ptr64()
self.ActiveProcessLinks = LIST_ENTRY()
self.ProcessQuotaUsage = vstruct.VArray([ v_uint64() for i in xrange(2) ])
self.ProcessQuotaPeak = vstruct.VArray([ v_uint64() for i in xrange(2) ])
self.CommitCharge = v_uint64()
self.QuotaBlock = v_ptr64()
self.CpuQuotaBlock = v_ptr64()
self.PeakVirtualSize = v_uint64()
self.VirtualSize = v_uint64()
self.SessionProcessLinks = LIST_ENTRY()
self.DebugPort = v_ptr64()
self.ExceptionPortData = v_ptr64()
self.ObjectTable = v_ptr64()
self.Token = EX_FAST_REF()
self.WorkingSetPage = v_uint64()
self.AddressCreationLock = EX_PUSH_LOCK()
self.RotateInProgress = v_ptr64()
self.ForkInProgress = v_ptr64()
self.HardwareTrigger = v_uint64()
self.PhysicalVadRoot = v_ptr64()
self.CloneRoot = v_ptr64()
self.NumberOfPrivatePages = v_uint64()
self.NumberOfLockedPages = v_uint64()
self.Win32Process = v_ptr64()
self.Job = v_ptr64()
self.SectionObject = v_ptr64()
self.SectionBaseAddress = v_ptr64()
self.Cookie = v_uint32()
self.UmsScheduledThreads = v_uint32()
self.WorkingSetWatch = v_ptr64()
self.Win32WindowStation = v_ptr64()
self.InheritedFromUniqueProcessId = v_ptr64()
self.LdtInformation = v_ptr64()
self.Spare = v_ptr64()
self.ConsoleHostProcess = v_uint64()
self.DeviceMap = v_ptr64()
self.EtwDataSource = v_ptr64()
self.FreeTebHint = v_ptr64()
self.FreeUmsTebHint = v_ptr64()
self.PageDirectoryPte = HARDWARE_PTE()
self.Session = v_ptr64()
self.ImageFileName = vstruct.VArray([ v_uint8() for i in xrange(15) ])
self.PriorityClass = v_uint8()
self.JobLinks = LIST_ENTRY()
self.LockedPagesList = v_ptr64()
self.ThreadListHead = LIST_ENTRY()
self.SecurityPort = v_ptr64()
self.Wow64Process = v_ptr64()
self.ActiveThreads = v_uint32()
self.ImagePathHash = v_uint32()
self.DefaultHardErrorProcessing = v_uint32()
self.LastThreadExitStatus = v_uint32()
self.Peb = v_ptr64()
self.PrefetchTrace = EX_FAST_REF()
self.ReadOperationCount = LARGE_INTEGER()
self.WriteOperationCount = LARGE_INTEGER()
self.OtherOperationCount = LARGE_INTEGER()
self.ReadTransferCount = LARGE_INTEGER()
self.WriteTransferCount = LARGE_INTEGER()
self.OtherTransferCount = LARGE_INTEGER()
self.CommitChargeLimit = v_uint64()
self.CommitChargePeak = v_uint64()
self.AweInfo = v_ptr64()
self.SeAuditProcessCreationInfo = SE_AUDIT_PROCESS_CREATION_INFO()
self.Vm = MMSUPPORT()
self.MmProcessLinks = LIST_ENTRY()
self.HighestUserAddress = v_ptr64()
self.ModifiedPageCount = v_uint32()
self.Flags2 = v_uint32()
self.Flags = v_uint32()
self.ExitStatus = v_uint32()
self.VadRoot = MM_AVL_TABLE()
self.AlpcContext = ALPC_PROCESS_CONTEXT()
self.TimerResolutionLink = LIST_ENTRY()
self.RequestedTimerResolution = v_uint32()
self.ActiveThreadsHighWatermark = v_uint32()
self.SmallestTimerResolution = v_uint32()
self._pad04c8 = v_bytes(size=4)
self.TimerResolutionStackRecord = v_ptr64()
[docs]class ALPC_PORT_ATTRIBUTES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self.SecurityQos = SECURITY_QUALITY_OF_SERVICE()
self.MaxMessageLength = v_uint64()
self.MemoryBandwidth = v_uint64()
self.MaxPoolUsage = v_uint64()
self.MaxSectionSize = v_uint64()
self.MaxViewSize = v_uint64()
self.MaxTotalSectionSize = v_uint64()
self.DupObjectTypes = v_uint32()
self.Reserved = v_uint32()
[docs]class CM_KEY_BODY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint32()
self._pad0008 = v_bytes(size=4)
self.KeyControlBlock = v_ptr64()
self.NotifyBlock = v_ptr64()
self.ProcessID = v_ptr64()
self.KeyBodyList = LIST_ENTRY()
self.Flags = v_uint32()
self._pad0038 = v_bytes(size=4)
self.KtmTrans = v_ptr64()
self.KtmUow = v_ptr64()
self.ContextListHead = LIST_ENTRY()
[docs]class KMUTANT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
self.MutantListEntry = LIST_ENTRY()
self.OwnerThread = v_ptr64()
self.Abandoned = v_uint8()
self.ApcDisable = v_uint8()
self._pad0038 = v_bytes(size=6)
[docs]class POWER_SEQUENCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SequenceD1 = v_uint32()
self.SequenceD2 = v_uint32()
self.SequenceD3 = v_uint32()
[docs]class TEB_ACTIVE_FRAME_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FrameName = v_ptr64()
class _unnamed_22448(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFlags = v_uint32()
[docs]class KTIMER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
self.DueTime = ULARGE_INTEGER()
self.TimerListEntry = LIST_ENTRY()
self.Dpc = v_ptr64()
self.Processor = v_uint32()
self.Period = v_uint32()
[docs]class RTL_UMS_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Link = SINGLE_LIST_ENTRY()
self._pad0010 = v_bytes(size=8)
self.Context = CONTEXT()
self.Teb = v_ptr64()
self.UserContext = v_ptr64()
self.ScheduledThread = v_uint32()
self._pad04f8 = v_bytes(size=4)
self.KernelUpdateLock = v_uint64()
self.QuantumValue = v_uint64()
self.AffinityMask = GROUP_AFFINITY()
self.Priority = v_uint32()
self._pad0520 = v_bytes(size=4)
self.PrimaryUmsContext = v_ptr64()
self.SwitchCount = v_uint32()
self.KernelYieldCount = v_uint32()
self.MixedYieldCount = v_uint32()
self.YieldCount = v_uint32()
self._pad0540 = v_bytes(size=8)
[docs]class MM_PAGED_POOL_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Mutex = KGUARDED_MUTEX()
self.PagedPoolAllocationMap = RTL_BITMAP()
self.FirstPteForPagedPool = v_ptr64()
self.PagedPoolHint = v_uint32()
self._pad0058 = v_bytes(size=4)
self.PagedPoolCommit = v_uint64()
self.AllocatedPagedPool = v_uint64()
[docs]class HIVE_LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FileName = v_ptr64()
self.BaseName = v_ptr64()
self.RegRootName = v_ptr64()
self.CmHive = v_ptr64()
self.HHiveFlags = v_uint32()
self.CmHiveFlags = v_uint32()
self.CmKcbCacheSize = v_uint32()
self._pad0030 = v_bytes(size=4)
self.CmHive2 = v_ptr64()
self.HiveMounted = v_uint8()
self.ThreadFinished = v_uint8()
self.ThreadStarted = v_uint8()
self.Allocate = v_uint8()
self.WinPERequired = v_uint8()
self._pad0040 = v_bytes(size=3)
self.StartEvent = KEVENT()
self.FinishedEvent = KEVENT()
self.MountLock = KEVENT()
[docs]class WHEA_ERROR_STATUS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ErrorStatus = v_uint64()
[docs]class CM_PARTIAL_RESOURCE_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint8()
self.ShareDisposition = v_uint8()
self.Flags = v_uint16()
self.u = _unnamed_26621()
[docs]class RTLP_RANGE_LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = v_uint64()
self.End = v_uint64()
self.Allocated = _unnamed_28570()
self.Attributes = v_uint8()
self.PublicFlags = v_uint8()
self.PrivateFlags = v_uint16()
self._pad0028 = v_bytes(size=4)
self.ListEntry = LIST_ENTRY()
class _unnamed_21102(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityContext = v_ptr64()
self.Options = v_uint32()
self._pad0010 = v_bytes(size=4)
self.FileAttributes = v_uint16()
self.ShareAccess = v_uint16()
self._pad0018 = v_bytes(size=4)
self.EaLength = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class KBUGCHECK_ACTIVE_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BugCheckState = v_uint32()
class _unnamed_19928(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Depth = v_uint64()
self.HeaderType = v_uint64()
class _unnamed_20590(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self._pad0048 = v_bytes(size=56)
[docs]class ALPC_COMPLETION_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = LIST_ENTRY()
self.OwnerProcess = v_ptr64()
self.Mdl = v_ptr64()
self.UserVa = v_ptr64()
self.UserLimit = v_ptr64()
self.DataUserVa = v_ptr64()
self.SystemVa = v_ptr64()
self.TotalSize = v_uint64()
self.Header = v_ptr64()
self.List = v_ptr64()
self.ListSize = v_uint64()
self.Bitmap = v_ptr64()
self.BitmapSize = v_uint64()
self.Data = v_ptr64()
self.DataSize = v_uint64()
self.BitmapLimit = v_uint32()
self.BitmapNextHint = v_uint32()
self.ConcurrencyCount = v_uint32()
self.AttributeFlags = v_uint32()
self.AttributeSize = v_uint32()
self._pad0098 = v_bytes(size=4)
[docs]class CM_FULL_RESOURCE_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InterfaceType = v_uint32()
self.BusNumber = v_uint32()
self.PartialResourceList = CM_PARTIAL_RESOURCE_LIST()
[docs]class DBGKD_GET_VERSION64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MajorVersion = v_uint16()
self.MinorVersion = v_uint16()
self.ProtocolVersion = v_uint8()
self.KdSecondaryVersion = v_uint8()
self.Flags = v_uint16()
self.MachineType = v_uint16()
self.MaxPacketType = v_uint8()
self.MaxStateChange = v_uint8()
self.MaxManipulate = v_uint8()
self.Simulation = v_uint8()
self.Unused = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self.KernBase = v_uint64()
self.PsLoadedModuleList = v_uint64()
self.DebuggerDataList = v_uint64()
[docs]class KTIMER_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TimerExpiry = vstruct.VArray([ v_ptr64() for i in xrange(64) ])
self.TimerEntries = vstruct.VArray([ KTIMER_TABLE_ENTRY() for i in xrange(256) ])
class _unnamed_27299(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Raw = _unnamed_27294()
[docs]class FAST_IO_DISPATCH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SizeOfFastIoDispatch = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FastIoCheckIfPossible = v_ptr64()
self.FastIoRead = v_ptr64()
self.FastIoWrite = v_ptr64()
self.FastIoQueryBasicInfo = v_ptr64()
self.FastIoQueryStandardInfo = v_ptr64()
self.FastIoLock = v_ptr64()
self.FastIoUnlockSingle = v_ptr64()
self.FastIoUnlockAll = v_ptr64()
self.FastIoUnlockAllByKey = v_ptr64()
self.FastIoDeviceControl = v_ptr64()
self.AcquireFileForNtCreateSection = v_ptr64()
self.ReleaseFileForNtCreateSection = v_ptr64()
self.FastIoDetachDevice = v_ptr64()
self.FastIoQueryNetworkOpenInfo = v_ptr64()
self.AcquireForModWrite = v_ptr64()
self.MdlRead = v_ptr64()
self.MdlReadComplete = v_ptr64()
self.PrepareMdlWrite = v_ptr64()
self.MdlWriteComplete = v_ptr64()
self.FastIoReadCompressed = v_ptr64()
self.FastIoWriteCompressed = v_ptr64()
self.MdlReadCompleteCompressed = v_ptr64()
self.MdlWriteCompleteCompressed = v_ptr64()
self.FastIoQueryOpen = v_ptr64()
self.ReleaseForModWrite = v_ptr64()
self.AcquireForCcFlush = v_ptr64()
self.ReleaseForCcFlush = v_ptr64()
class _unnamed_21237(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FsInformationClass = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class CM_KEY_CONTROL_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RefCount = v_uint32()
self.ExtFlags = v_uint32()
self.DelayedDeref = v_uint32()
self._pad0010 = v_bytes(size=4)
self.KeyHash = CM_KEY_HASH()
self.KcbPushlock = EX_PUSH_LOCK()
self.Owner = v_ptr64()
self.SlotHint = v_uint32()
self._pad0048 = v_bytes(size=4)
self.ParentKcb = v_ptr64()
self.NameBlock = v_ptr64()
self.CachedSecurity = v_ptr64()
self.ValueCache = CACHED_CHILD_LIST()
self.IndexHint = v_ptr64()
self.KeyBodyListHead = LIST_ENTRY()
self.KeyBodyArray = vstruct.VArray([ v_ptr64() for i in xrange(4) ])
self.KcbLastWriteTime = LARGE_INTEGER()
self.KcbMaxNameLen = v_uint16()
self.KcbMaxValueNameLen = v_uint16()
self.KcbMaxValueDataLen = v_uint32()
self.KcbUserFlags = v_uint32()
self._pad00c0 = v_bytes(size=4)
self.RealKeyName = v_ptr64()
self.KCBUoWListHead = LIST_ENTRY()
self.DelayQueueEntry = LIST_ENTRY()
self.TransKCBOwner = v_ptr64()
self.KCBLock = CM_INTENT_LOCK()
self.KeyLock = CM_INTENT_LOCK()
self.TransValueCache = CHILD_LIST()
self.TransValueListOwner = v_ptr64()
self.FullKCBName = v_ptr64()
class _unnamed_27294(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Group = v_uint16()
self.MessageCount = v_uint16()
self.Vector = v_uint32()
self.Affinity = v_uint64()
[docs]class RTL_DYNAMIC_HASH_TABLE_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ChainHead = v_ptr64()
self.PrevLinkage = v_ptr64()
self.Signature = v_uint64()
[docs]class MMWSL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FirstFree = v_uint32()
self.FirstDynamic = v_uint32()
self.LastEntry = v_uint32()
self.NextSlot = v_uint32()
self.Wsle = v_ptr64()
self.LowestPagableAddress = v_ptr64()
self.LastInitializedWsle = v_uint32()
self.NextAgingSlot = v_uint32()
self.NumberOfCommittedPageTables = v_uint32()
self.VadBitMapHint = v_uint32()
self.NonDirectCount = v_uint32()
self.LastVadBit = v_uint32()
self.MaximumLastVadBit = v_uint32()
self.LastAllocationSizeHint = v_uint32()
self.LastAllocationSize = v_uint32()
self._pad0048 = v_bytes(size=4)
self.NonDirectHash = v_ptr64()
self.HashTableStart = v_ptr64()
self.HighestPermittedHashAddress = v_ptr64()
self.MaximumUserPageTablePages = v_uint32()
self.MaximumUserPageDirectoryPages = v_uint32()
self.CommittedPageTables = v_ptr64()
self.NumberOfCommittedPageDirectories = v_uint32()
self._pad0078 = v_bytes(size=4)
self.CommittedPageDirectories = vstruct.VArray([ v_uint64() for i in xrange(128) ])
self.NumberOfCommittedPageDirectoryParents = v_uint32()
self._pad0480 = v_bytes(size=4)
self.CommittedPageDirectoryParents = vstruct.VArray([ v_uint64() for i in xrange(1) ])
[docs]class KTMOBJECT_NAMESPACE_LINK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Links = RTL_BALANCED_LINKS()
self.Expired = v_uint8()
self._pad0028 = v_bytes(size=7)
[docs]class MI_IMAGE_SECURITY_REFERENCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityContext = IMAGE_SECURITY_CONTEXT()
self.DynamicRelocations = v_ptr64()
self.ReferenceCount = v_uint32()
self._pad0018 = v_bytes(size=4)
[docs]class WHEA_MEMORY_ERROR_SECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ValidBits = WHEA_MEMORY_ERROR_SECTION_VALIDBITS()
self.ErrorStatus = WHEA_ERROR_STATUS()
self.PhysicalAddress = v_uint64()
self.PhysicalAddressMask = v_uint64()
self.Node = v_uint16()
self.Card = v_uint16()
self.Module = v_uint16()
self.Bank = v_uint16()
self.Device = v_uint16()
self.Row = v_uint16()
self.Column = v_uint16()
self.BitPosition = v_uint16()
self.RequesterId = v_uint64()
self.ResponderId = v_uint64()
self.TargetId = v_uint64()
self.ErrorType = v_uint8()
[docs]class DBGKD_CONTINUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ContinueStatus = v_uint32()
[docs]class PROC_IDLE_STATE_ACCOUNTING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TotalTime = v_uint64()
self.IdleTransitions = v_uint32()
self.FailedTransitions = v_uint32()
self.InvalidBucketIndex = v_uint32()
self._pad0018 = v_bytes(size=4)
self.MinTime = v_uint64()
self.MaxTime = v_uint64()
self.IdleTimeBuckets = vstruct.VArray([ PROC_IDLE_STATE_BUCKET() for i in xrange(16) ])
class _unnamed_28314(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFlags = v_uint32()
[docs]class CALL_HASH_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.CallersAddress = v_ptr64()
self.CallersCaller = v_ptr64()
self.CallCount = v_uint32()
self._pad0028 = v_bytes(size=4)
[docs]class WORK_QUEUE_ITEM(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.List = LIST_ENTRY()
self.WorkerRoutine = v_ptr64()
self.Parameter = v_ptr64()
class _unnamed_21392(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InPath = v_uint8()
self.Reserved = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self._pad0008 = v_bytes(size=4)
self.Type = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class KGDTENTRY64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LimitLow = v_uint16()
self.BaseLow = v_uint16()
self.Bytes = _unnamed_19309()
self.BaseUpper = v_uint32()
self.MustBeZero = v_uint32()
[docs]class KSPECIAL_REGISTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Cr0 = v_uint64()
self.Cr2 = v_uint64()
self.Cr3 = v_uint64()
self.Cr4 = v_uint64()
self.KernelDr0 = v_uint64()
self.KernelDr1 = v_uint64()
self.KernelDr2 = v_uint64()
self.KernelDr3 = v_uint64()
self.KernelDr6 = v_uint64()
self.KernelDr7 = v_uint64()
self.Gdtr = KDESCRIPTOR()
self.Idtr = KDESCRIPTOR()
self.Tr = v_uint16()
self.Ldtr = v_uint16()
self.MxCsr = v_uint32()
self.DebugControl = v_uint64()
self.LastBranchToRip = v_uint64()
self.LastBranchFromRip = v_uint64()
self.LastExceptionToRip = v_uint64()
self.LastExceptionFromRip = v_uint64()
self.Cr8 = v_uint64()
self.MsrGsBase = v_uint64()
self.MsrGsSwap = v_uint64()
self.MsrStar = v_uint64()
self.MsrLStar = v_uint64()
self.MsrCStar = v_uint64()
self.MsrSyscallMask = v_uint64()
[docs]class POWER_ACTION_POLICY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Action = v_uint32()
self.Flags = v_uint32()
self.EventCode = v_uint32()
[docs]class FLS_CALLBACK_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class RTL_CRITICAL_SECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DebugInfo = v_ptr64()
self.LockCount = v_uint32()
self.RecursionCount = v_uint32()
self.OwningThread = v_ptr64()
self.LockSemaphore = v_ptr64()
self.SpinCount = v_uint64()
[docs]class DBGKM_EXCEPTION64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionRecord = EXCEPTION_RECORD64()
self.FirstChance = v_uint32()
self._pad00a0 = v_bytes(size=4)
class _unnamed_23696(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Read = _unnamed_23697()
class _unnamed_23697(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FileObject = v_ptr64()
[docs]class KSYSTEM_TIME(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LowPart = v_uint32()
self.High1Time = v_uint32()
self.High2Time = v_uint32()
class _unnamed_22182(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.VirtualAddress = v_ptr64()
[docs]class SEGMENT_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TotalNumberOfPtes4132 = v_uint32()
[docs]class ACL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AclRevision = v_uint8()
self.Sbz1 = v_uint8()
self.AclSize = v_uint16()
self.AceCount = v_uint16()
self.Sbz2 = v_uint16()
class _unnamed_26929(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceId = vstruct.VArray([ v_uint16() for i in xrange(1) ])
[docs]class KQUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
self.EntryListHead = LIST_ENTRY()
self.CurrentCount = v_uint32()
self.MaximumCount = v_uint32()
self.ThreadListHead = LIST_ENTRY()
[docs]class POOL_TRACKER_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Key = v_uint32()
self.NonPagedAllocs = v_uint32()
self.NonPagedFrees = v_uint32()
self._pad0010 = v_bytes(size=4)
self.NonPagedBytes = v_uint64()
self.PagedAllocs = v_uint32()
self.PagedFrees = v_uint32()
self.PagedBytes = v_uint64()
[docs]class VF_TRACKER_STAMP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Thread = v_ptr64()
self.Flags = v_uint8()
self.OldIrql = v_uint8()
self.NewIrql = v_uint8()
self.Processor = v_uint8()
self._pad0010 = v_bytes(size=4)
[docs]class SEGMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ControlArea = v_ptr64()
self.TotalNumberOfPtes = v_uint32()
self.SegmentFlags = SEGMENT_FLAGS()
self.NumberOfCommittedPages = v_uint64()
self.SizeOfSegment = v_uint64()
self.ExtendInfo = v_ptr64()
self.SegmentLock = EX_PUSH_LOCK()
self.u1 = _unnamed_22243()
self.u2 = _unnamed_22244()
self.PrototypePte = v_ptr64()
self.ThePtes = vstruct.VArray([ MMPTE() for i in xrange(1) ])
[docs]class LUID_AND_ATTRIBUTES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Luid = LUID()
self.Attributes = v_uint32()
class _unnamed_18785(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LowPart = v_uint32()
self.HighPart = v_uint32()
[docs]class iobuf(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ptr = v_ptr64()
self.cnt = v_uint32()
self._pad0010 = v_bytes(size=4)
self.base = v_ptr64()
self.flag = v_uint32()
self.file = v_uint32()
self.charbuf = v_uint32()
self.bufsiz = v_uint32()
self.tmpfname = v_ptr64()
[docs]class PCW_COUNTER_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Id = v_uint16()
self.StructIndex = v_uint16()
self.Offset = v_uint16()
self.Size = v_uint16()
class _unnamed_21306(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InterfaceType = v_ptr64()
self.Size = v_uint16()
self.Version = v_uint16()
self._pad0010 = v_bytes(size=4)
self.Interface = v_ptr64()
self.InterfaceSpecificData = v_ptr64()
[docs]class MMMOD_WRITER_MDL_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Links = LIST_ENTRY()
self.u = _unnamed_22354()
self.Irp = v_ptr64()
self.u1 = _unnamed_22355()
self.PagingFile = v_ptr64()
self.File = v_ptr64()
self.ControlArea = v_ptr64()
self.FileResource = v_ptr64()
self.WriteOffset = LARGE_INTEGER()
self.IssueTime = LARGE_INTEGER()
self.PointerMdl = v_ptr64()
self.Mdl = MDL()
self.Page = vstruct.VArray([ v_uint64() for i in xrange(1) ])
[docs]class CACHED_CHILD_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self._pad0008 = v_bytes(size=4)
self.ValueList = v_uint64()
[docs]class KTHREAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
self.CycleTime = v_uint64()
self.QuantumTarget = v_uint64()
self.InitialStack = v_ptr64()
self.StackLimit = v_ptr64()
self.KernelStack = v_ptr64()
self.ThreadLock = v_uint64()
self.WaitRegister = KWAIT_STATUS_REGISTER()
self.Running = v_uint8()
self.Alerted = vstruct.VArray([ v_uint8() for i in xrange(2) ])
self.KernelStackResident = v_uint32()
self.ApcState = KAPC_STATE()
self.DeferredProcessor = v_uint32()
self._pad0088 = v_bytes(size=4)
self.ApcQueueLock = v_uint64()
self.WaitStatus = v_uint64()
self.WaitBlockList = v_ptr64()
self.WaitListEntry = LIST_ENTRY()
self.Queue = v_ptr64()
self.Teb = v_ptr64()
self.Timer = KTIMER()
self.AutoAlignment = v_uint32()
self.Spare0 = v_uint32()
self.WaitBlock = vstruct.VArray([ KWAIT_BLOCK() for i in xrange(4) ])
self.QueueListEntry = LIST_ENTRY()
self.TrapFrame = v_ptr64()
self.FirstArgument = v_ptr64()
self.CallbackStack = v_ptr64()
self.ApcStateIndex = v_uint8()
self.BasePriority = v_uint8()
self.PriorityDecrement = v_uint8()
self.Preempted = v_uint8()
self.AdjustReason = v_uint8()
self.AdjustIncrement = v_uint8()
self.PreviousMode = v_uint8()
self.Saturation = v_uint8()
self.SystemCallNumber = v_uint32()
self.FreezeCount = v_uint32()
self.UserAffinity = GROUP_AFFINITY()
self.Process = v_ptr64()
self.Affinity = GROUP_AFFINITY()
self.IdealProcessor = v_uint32()
self.UserIdealProcessor = v_uint32()
self.ApcStatePointer = vstruct.VArray([ v_ptr64() for i in xrange(2) ])
self.SavedApcState = KAPC_STATE()
self.Win32Thread = v_ptr64()
self.StackBase = v_ptr64()
self.SuspendApc = KAPC()
self.SuspendSemaphore = KSEMAPHORE()
self.ThreadListEntry = LIST_ENTRY()
self.MutantListHead = LIST_ENTRY()
self.SListFaultAddress = v_ptr64()
self.ReadOperationCount = v_uint64()
self.WriteOperationCount = v_uint64()
self.OtherOperationCount = v_uint64()
self.ReadTransferCount = v_uint64()
self.WriteTransferCount = v_uint64()
self.OtherTransferCount = v_uint64()
self.ThreadCounters = v_ptr64()
self.XStateSave = v_ptr64()
[docs]class WMI_TRACE_PACKET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint16()
self.HookId = v_uint16()
class _unnamed_21966(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.I386 = I386_LOADER_BLOCK()
[docs]class ALPC_PORT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PortListEntry = LIST_ENTRY()
self.CommunicationInfo = v_ptr64()
self.OwnerProcess = v_ptr64()
self.CompletionPort = v_ptr64()
self.CompletionKey = v_ptr64()
self.CompletionPacketLookaside = v_ptr64()
self.PortContext = v_ptr64()
self.StaticSecurity = SECURITY_CLIENT_CONTEXT()
self.MainQueue = LIST_ENTRY()
self.PendingQueue = LIST_ENTRY()
self.LargeMessageQueue = LIST_ENTRY()
self.WaitQueue = LIST_ENTRY()
self.Semaphore = v_ptr64()
self.PortAttributes = ALPC_PORT_ATTRIBUTES()
self.Lock = EX_PUSH_LOCK()
self.ResourceListLock = EX_PUSH_LOCK()
self.ResourceListHead = LIST_ENTRY()
self.CompletionList = v_ptr64()
self.MessageZone = v_ptr64()
self.CallbackObject = v_ptr64()
self.CallbackContext = v_ptr64()
self.CanceledQueue = LIST_ENTRY()
self.SequenceNo = v_uint32()
self.u1 = _unnamed_24171()
self.TargetQueuePort = v_ptr64()
self.TargetSequencePort = v_ptr64()
self.CachedMessage = v_ptr64()
self.MainQueueLength = v_uint32()
self.PendingQueueLength = v_uint32()
self.LargeMessageQueueLength = v_uint32()
self.CanceledQueueLength = v_uint32()
self.WaitQueueLength = v_uint32()
self._pad01a0 = v_bytes(size=4)
class _unnamed_22244(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ImageInformation = v_ptr64()
[docs]class ADAPTER_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_22243(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ImageCommitment = v_uint64()
class _unnamed_25467(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AsULONG = v_uint32()
class _unnamed_22363(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Balance = v_uint64()
[docs]class PROC_HISTORY_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Utility = v_uint16()
self.Frequency = v_uint8()
self.Reserved = v_uint8()
[docs]class CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.P1Home = v_uint64()
self.P2Home = v_uint64()
self.P3Home = v_uint64()
self.P4Home = v_uint64()
self.P5Home = v_uint64()
self.P6Home = v_uint64()
self.ContextFlags = v_uint32()
self.MxCsr = v_uint32()
self.SegCs = v_uint16()
self.SegDs = v_uint16()
self.SegEs = v_uint16()
self.SegFs = v_uint16()
self.SegGs = v_uint16()
self.SegSs = v_uint16()
self.EFlags = v_uint32()
self.Dr0 = v_uint64()
self.Dr1 = v_uint64()
self.Dr2 = v_uint64()
self.Dr3 = v_uint64()
self.Dr6 = v_uint64()
self.Dr7 = v_uint64()
self.Rax = v_uint64()
self.Rcx = v_uint64()
self.Rdx = v_uint64()
self.Rbx = v_uint64()
self.Rsp = v_uint64()
self.Rbp = v_uint64()
self.Rsi = v_uint64()
self.Rdi = v_uint64()
self.R8 = v_uint64()
self.R9 = v_uint64()
self.R10 = v_uint64()
self.R11 = v_uint64()
self.R12 = v_uint64()
self.R13 = v_uint64()
self.R14 = v_uint64()
self.R15 = v_uint64()
self.Rip = v_uint64()
self.FltSave = XSAVE_FORMAT()
self.VectorRegister = vstruct.VArray([ M128A() for i in xrange(26) ])
self.VectorControl = v_uint64()
self.DebugControl = v_uint64()
self.LastBranchToRip = v_uint64()
self.LastBranchFromRip = v_uint64()
self.LastExceptionToRip = v_uint64()
self.LastExceptionFromRip = v_uint64()
[docs]class MMSUBSECTION_NODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u = _unnamed_22448()
self.StartingSector = v_uint32()
self.NumberOfFullSectors = v_uint32()
self._pad0010 = v_bytes(size=4)
self.u1 = _unnamed_22464()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
[docs]class DBGKD_GET_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Unused = v_uint32()
[docs]class VACB_LEVEL_ALLOCATION_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.VacbLevelList = LIST_ENTRY()
self.VacbLevelWithBcbListHeads = v_ptr64()
self.VacbLevelsAllocated = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class KTRANSACTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OutcomeEvent = KEVENT()
self.cookie = v_uint32()
self._pad0020 = v_bytes(size=4)
self.Mutex = KMUTANT()
self.TreeTx = v_ptr64()
self.GlobalNamespaceLink = KTMOBJECT_NAMESPACE_LINK()
self.TmNamespaceLink = KTMOBJECT_NAMESPACE_LINK()
self.UOW = GUID()
self.State = v_uint32()
self.Flags = v_uint32()
self.EnlistmentHead = LIST_ENTRY()
self.EnlistmentCount = v_uint32()
self.RecoverableEnlistmentCount = v_uint32()
self.PrePrepareRequiredEnlistmentCount = v_uint32()
self.PrepareRequiredEnlistmentCount = v_uint32()
self.OutcomeRequiredEnlistmentCount = v_uint32()
self.PendingResponses = v_uint32()
self.SuperiorEnlistment = v_ptr64()
self.LastLsn = CLS_LSN()
self.PromotedEntry = LIST_ENTRY()
self.PromoterTransaction = v_ptr64()
self.PromotePropagation = v_ptr64()
self.IsolationLevel = v_uint32()
self.IsolationFlags = v_uint32()
self.Timeout = LARGE_INTEGER()
self.Description = UNICODE_STRING()
self.RollbackThread = v_ptr64()
self.RollbackWorkItem = WORK_QUEUE_ITEM()
self.RollbackDpc = KDPC()
self.RollbackTimer = KTIMER()
self.LsnOrderedEntry = LIST_ENTRY()
self.Outcome = v_uint32()
self._pad0200 = v_bytes(size=4)
self.Tm = v_ptr64()
self.CommitReservation = v_uint64()
self.TransactionHistory = vstruct.VArray([ KTRANSACTION_HISTORY() for i in xrange(10) ])
self.TransactionHistoryCount = v_uint32()
self._pad0268 = v_bytes(size=4)
self.DTCPrivateInformation = v_ptr64()
self.DTCPrivateInformationLength = v_uint32()
self._pad0278 = v_bytes(size=4)
self.DTCPrivateInformationMutex = KMUTANT()
self.PromotedTxSelfHandle = v_ptr64()
self.PendingPromotionCount = v_uint32()
self._pad02c0 = v_bytes(size=4)
self.PromotionCompletedEvent = KEVENT()
[docs]class GENERIC_MAPPING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.GenericRead = v_uint32()
self.GenericWrite = v_uint32()
self.GenericExecute = v_uint32()
self.GenericAll = v_uint32()
[docs]class DEVICE_NODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Sibling = v_ptr64()
self.Child = v_ptr64()
self.Parent = v_ptr64()
self.LastChild = v_ptr64()
self.PhysicalDeviceObject = v_ptr64()
self.InstancePath = UNICODE_STRING()
self.ServiceName = UNICODE_STRING()
self.PendingIrp = v_ptr64()
self.Level = v_uint32()
self._pad0058 = v_bytes(size=4)
self.Notify = PO_DEVICE_NOTIFY()
self.PoIrpManager = PO_IRP_MANAGER()
self.State = v_uint32()
self.PreviousState = v_uint32()
self.StateHistory = vstruct.VArray([ PNP_DEVNODE_STATE() for i in xrange(20) ])
self.StateHistoryEntry = v_uint32()
self.CompletionStatus = v_uint32()
self.Flags = v_uint32()
self.UserFlags = v_uint32()
self.Problem = v_uint32()
self._pad0150 = v_bytes(size=4)
self.ResourceList = v_ptr64()
self.ResourceListTranslated = v_ptr64()
self.DuplicatePDO = v_ptr64()
self.ResourceRequirements = v_ptr64()
self.InterfaceType = v_uint32()
self.BusNumber = v_uint32()
self.ChildInterfaceType = v_uint32()
self.ChildBusNumber = v_uint32()
self.ChildBusTypeIndex = v_uint16()
self.RemovalPolicy = v_uint8()
self.HardwareRemovalPolicy = v_uint8()
self._pad0188 = v_bytes(size=4)
self.TargetDeviceNotify = LIST_ENTRY()
self.DeviceArbiterList = LIST_ENTRY()
self.DeviceTranslatorList = LIST_ENTRY()
self.NoTranslatorMask = v_uint16()
self.QueryTranslatorMask = v_uint16()
self.NoArbiterMask = v_uint16()
self.QueryArbiterMask = v_uint16()
self.OverUsed1 = _unnamed_23139()
self.OverUsed2 = _unnamed_23140()
self.BootResources = v_ptr64()
self.BootResourcesTranslated = v_ptr64()
self.CapabilityFlags = v_uint32()
self._pad01e8 = v_bytes(size=4)
self.DockInfo = _unnamed_23141()
self.DisableableDepends = v_uint32()
self._pad0210 = v_bytes(size=4)
self.PendedSetInterfaceState = LIST_ENTRY()
self.LegacyBusListEntry = LIST_ENTRY()
self.DriverUnloadRetryCount = v_uint32()
self._pad0238 = v_bytes(size=4)
self.PreviousParent = v_ptr64()
self.DeletedChildren = v_uint32()
self.NumaNodeIndex = v_uint32()
self.ContainerID = GUID()
self.OverrideFlags = v_uint8()
self.RequiresUnloadedDriver = v_uint8()
self._pad0260 = v_bytes(size=6)
self.PendingEjectRelations = v_ptr64()
[docs]class KALPC_MESSAGE_ATTRIBUTES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ClientContext = v_ptr64()
self.ServerContext = v_ptr64()
self.PortContext = v_ptr64()
self.CancelPortContext = v_ptr64()
self.SecurityData = v_ptr64()
self.View = v_ptr64()
self.HandleData = v_ptr64()
[docs]class IO_CLIENT_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NextExtension = v_ptr64()
self.ClientIdentificationAddress = v_ptr64()
class _unnamed_21018(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UserApcRoutine = v_ptr64()
self.UserApcContext = v_ptr64()
[docs]class PROC_PERF_LOAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BusyPercentage = v_uint8()
self.FrequencyPercentage = v_uint8()
class _unnamed_26910(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = _unnamed_28620()
[docs]class PROCESSOR_PERFSTATE_POLICY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revision = v_uint32()
self.MaxThrottle = v_uint8()
self.MinThrottle = v_uint8()
self.BusyAdjThreshold = v_uint8()
self.Spare = v_uint8()
self.TimeCheck = v_uint32()
self.IncreaseTime = v_uint32()
self.DecreaseTime = v_uint32()
self.IncreasePercent = v_uint32()
self.DecreasePercent = v_uint32()
[docs]class IO_RESOURCE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Version = v_uint16()
self.Revision = v_uint16()
self.Count = v_uint32()
self.Descriptors = vstruct.VArray([ IO_RESOURCE_DESCRIPTOR() for i in xrange(1) ])
[docs]class STACK_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NumStackTraces = v_uint16()
self.TraceCapacity = v_uint16()
self._pad0008 = v_bytes(size=4)
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(16) ])
self.StackTableHash = vstruct.VArray([ v_uint16() for i in xrange(16381) ])
self._pad8088 = v_bytes(size=6)
[docs]class OBJECT_REF_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ObjectHeader = v_ptr64()
self.NextRef = v_ptr64()
self.ImageFileName = vstruct.VArray([ v_uint8() for i in xrange(16) ])
self.NextPos = v_uint16()
self.MaxStacks = v_uint16()
self.StackInfo = vstruct.VArray([ OBJECT_REF_STACK_INFO() for i in xrange(0) ])
self._pad0028 = v_bytes(size=4)
[docs]class OBJECT_HEADER_HANDLE_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HandleCountDataBase = v_ptr64()
self._pad0010 = v_bytes(size=8)
[docs]class ETW_LOGGER_HANDLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DereferenceAndLeave = v_uint8()
[docs]class SYSTEM_POWER_STATE_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Reserved1 = v_uint32()
class _unnamed_25217(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FilePointerIndex = v_uint32()
[docs]class OBJECT_REF_STACK_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Sequence = v_uint32()
self.Index = v_uint16()
self.NumTraces = v_uint16()
self.Tag = v_uint32()
[docs]class PF_KERNEL_GLOBALS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AccessBufferAgeThreshold = v_uint64()
self.AccessBufferRef = EX_RUNDOWN_REF()
self.AccessBufferExistsEvent = KEVENT()
self.AccessBufferMax = v_uint32()
self._pad0040 = v_bytes(size=20)
self.AccessBufferList = SLIST_HEADER()
self.StreamSequenceNumber = v_uint32()
self.Flags = v_uint32()
self.ScenarioPrefetchCount = v_uint32()
self._pad0060 = v_bytes(size=4)
class _unnamed_24209(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24211()
[docs]class DBGKD_QUERY_SPECIAL_CALLS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NumberOfSpecialCalls = v_uint32()
class _unnamed_25218(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FilePointerIndex = v_uint32()
[docs]class DBGKD_READ_MEMORY64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TargetBaseAddress = v_uint64()
self.TransferCount = v_uint32()
self.ActualBytesRead = v_uint32()
[docs]class MI_SYSTEM_PTE_TYPE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Bitmap = RTL_BITMAP()
self.Flags = v_uint32()
self.Hint = v_uint32()
self.BasePte = v_ptr64()
self.FailureCount = v_ptr64()
self.Vm = v_ptr64()
self.TotalSystemPtes = v_uint32()
self.TotalFreeSystemPtes = v_uint32()
self.CachedPteCount = v_uint32()
self.PteFailures = v_uint32()
self.SpinLock = v_uint64()
[docs]class KEXCEPTION_FRAME(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.P1Home = v_uint64()
self.P2Home = v_uint64()
self.P3Home = v_uint64()
self.P4Home = v_uint64()
self.P5 = v_uint64()
self.InitialStack = v_uint64()
self.Xmm6 = M128A()
self.Xmm7 = M128A()
self.Xmm8 = M128A()
self.Xmm9 = M128A()
self.Xmm10 = M128A()
self.Xmm11 = M128A()
self.Xmm12 = M128A()
self.Xmm13 = M128A()
self.Xmm14 = M128A()
self.Xmm15 = M128A()
self.TrapFrame = v_uint64()
self.CallbackStack = v_uint64()
self.OutputBuffer = v_uint64()
self.OutputLength = v_uint64()
self.MxCsr = v_uint64()
self.Rbp = v_uint64()
self.Rbx = v_uint64()
self.Rdi = v_uint64()
self.Rsi = v_uint64()
self.R12 = v_uint64()
self.R13 = v_uint64()
self.R14 = v_uint64()
self.R15 = v_uint64()
self.Return = v_uint64()
[docs]class KALPC_HANDLE_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self.ObjectType = v_uint32()
self.DuplicateContext = v_ptr64()
[docs]class PO_MEMORY_IMAGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self.ImageType = v_uint32()
self.CheckSum = v_uint32()
self.LengthSelf = v_uint32()
self.PageSelf = v_uint64()
self.PageSize = v_uint32()
self._pad0020 = v_bytes(size=4)
self.SystemTime = LARGE_INTEGER()
self.InterruptTime = v_uint64()
self.FeatureFlags = v_uint32()
self.HiberFlags = v_uint8()
self.spare = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self.NoHiberPtes = v_uint32()
self._pad0040 = v_bytes(size=4)
self.HiberVa = v_uint64()
self.HiberPte = LARGE_INTEGER()
self.NoFreePages = v_uint32()
self.FreeMapCheck = v_uint32()
self.WakeCheck = v_uint32()
self._pad0060 = v_bytes(size=4)
self.FirstTablePage = v_uint64()
self.PerfInfo = PO_HIBER_PERF()
self.FirmwareRuntimeInformationPages = v_uint32()
self._pad00c8 = v_bytes(size=4)
self.FirmwareRuntimeInformation = vstruct.VArray([ v_uint64() for i in xrange(1) ])
self.NoBootLoaderLogPages = v_uint32()
self._pad00d8 = v_bytes(size=4)
self.BootLoaderLogPages = vstruct.VArray([ v_uint64() for i in xrange(8) ])
self.NotUsed = v_uint32()
self.ResumeContextCheck = v_uint32()
self.ResumeContextPages = v_uint32()
self._pad0128 = v_bytes(size=4)
[docs]class LOOKASIDE_LIST_EX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.L = GENERAL_LOOKASIDE_POOL()
[docs]class ACTIVATION_CONTEXT_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class EVENT_DATA_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Ptr = v_uint64()
self.Size = v_uint32()
self.Reserved = v_uint32()
[docs]class HHIVE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self._pad0008 = v_bytes(size=4)
self.GetCellRoutine = v_ptr64()
self.ReleaseCellRoutine = v_ptr64()
self.Allocate = v_ptr64()
self.Free = v_ptr64()
self.FileSetSize = v_ptr64()
self.FileWrite = v_ptr64()
self.FileRead = v_ptr64()
self.FileFlush = v_ptr64()
self.HiveLoadFailure = v_ptr64()
self.BaseBlock = v_ptr64()
self.DirtyVector = RTL_BITMAP()
self.DirtyCount = v_uint32()
self.DirtyAlloc = v_uint32()
self.BaseBlockAlloc = v_uint32()
self.Cluster = v_uint32()
self.Flat = v_uint8()
self.ReadOnly = v_uint8()
self.DirtyFlag = v_uint8()
self._pad007c = v_bytes(size=1)
self.HvBinHeadersUse = v_uint32()
self.HvFreeCellsUse = v_uint32()
self.HvUsedCellsUse = v_uint32()
self.CmUsedCellsUse = v_uint32()
self.HiveFlags = v_uint32()
self.CurrentLog = v_uint32()
self.LogSize = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.RefreshCount = v_uint32()
self.StorageTypeCount = v_uint32()
self.Version = v_uint32()
self.Storage = vstruct.VArray([ DUAL() for i in xrange(2) ])
[docs]class VF_AVL_TREE_NODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.p = v_ptr64()
self.RangeSize = v_uint64()
[docs]class IO_DRIVER_CREATE_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint16()
self._pad0008 = v_bytes(size=6)
self.ExtraCreateParameter = v_ptr64()
self.DeviceObjectHint = v_ptr64()
self.TxnParameters = v_ptr64()
[docs]class TEB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NtTib = NT_TIB()
self.EnvironmentPointer = v_ptr64()
self.ClientId = CLIENT_ID()
self.ActiveRpcHandle = v_ptr64()
self.ThreadLocalStoragePointer = v_ptr64()
self.ProcessEnvironmentBlock = v_ptr64()
self.LastErrorValue = v_uint32()
self.CountOfOwnedCriticalSections = v_uint32()
self.CsrClientThread = v_ptr64()
self.Win32ThreadInfo = v_ptr64()
self.User32Reserved = vstruct.VArray([ v_uint32() for i in xrange(26) ])
self.UserReserved = vstruct.VArray([ v_uint32() for i in xrange(5) ])
self._pad0100 = v_bytes(size=4)
self.WOW32Reserved = v_ptr64()
self.CurrentLocale = v_uint32()
self.FpSoftwareStatusRegister = v_uint32()
self.SystemReserved1 = vstruct.VArray([ v_ptr64() for i in xrange(54) ])
self.ExceptionCode = v_uint32()
self._pad02c8 = v_bytes(size=4)
self.ActivationContextStackPointer = v_ptr64()
self.SpareBytes = vstruct.VArray([ v_uint8() for i in xrange(24) ])
self.TxFsContext = v_uint32()
self._pad02f0 = v_bytes(size=4)
self.GdiTebBatch = GDI_TEB_BATCH()
self.RealClientId = CLIENT_ID()
self.GdiCachedProcessHandle = v_ptr64()
self.GdiClientPID = v_uint32()
self.GdiClientTID = v_uint32()
self.GdiThreadLocalInfo = v_ptr64()
self.Win32ClientInfo = vstruct.VArray([ v_uint64() for i in xrange(62) ])
self.glDispatchTable = vstruct.VArray([ v_ptr64() for i in xrange(233) ])
self.glReserved1 = vstruct.VArray([ v_uint64() for i in xrange(29) ])
self.glReserved2 = v_ptr64()
self.glSectionInfo = v_ptr64()
self.glSection = v_ptr64()
self.glTable = v_ptr64()
self.glCurrentRC = v_ptr64()
self.glContext = v_ptr64()
self.LastStatusValue = v_uint32()
self._pad1258 = v_bytes(size=4)
self.StaticUnicodeString = UNICODE_STRING()
self.StaticUnicodeBuffer = vstruct.VArray([ v_uint16() for i in xrange(261) ])
self._pad1478 = v_bytes(size=6)
self.DeallocationStack = v_ptr64()
self.TlsSlots = vstruct.VArray([ v_ptr64() for i in xrange(64) ])
self.TlsLinks = LIST_ENTRY()
self.Vdm = v_ptr64()
self.ReservedForNtRpc = v_ptr64()
self.DbgSsReserved = vstruct.VArray([ v_ptr64() for i in xrange(2) ])
self.HardErrorMode = v_uint32()
self._pad16b8 = v_bytes(size=4)
self.Instrumentation = vstruct.VArray([ v_ptr64() for i in xrange(11) ])
self.ActivityId = GUID()
self.SubProcessTag = v_ptr64()
self.EtwLocalData = v_ptr64()
self.EtwTraceData = v_ptr64()
self.WinSockData = v_ptr64()
self.GdiBatchCount = v_uint32()
self.CurrentIdealProcessor = PROCESSOR_NUMBER()
self.GuaranteedStackBytes = v_uint32()
self._pad1750 = v_bytes(size=4)
self.ReservedForPerf = v_ptr64()
self.ReservedForOle = v_ptr64()
self.WaitingOnLoaderLock = v_uint32()
self._pad1768 = v_bytes(size=4)
self.SavedPriorityState = v_ptr64()
self.SoftPatchPtr1 = v_uint64()
self.ThreadPoolData = v_ptr64()
self.TlsExpansionSlots = v_ptr64()
self.DeallocationBStore = v_ptr64()
self.BStoreLimit = v_ptr64()
self.MuiGeneration = v_uint32()
self.IsImpersonating = v_uint32()
self.NlsCache = v_ptr64()
self.pShimData = v_ptr64()
self.HeapVirtualAffinity = v_uint32()
self._pad17b8 = v_bytes(size=4)
self.CurrentTransactionHandle = v_ptr64()
self.ActiveFrame = v_ptr64()
self.FlsData = v_ptr64()
self.PreferredLanguages = v_ptr64()
self.UserPrefLanguages = v_ptr64()
self.MergedPrefLanguages = v_ptr64()
self.MuiImpersonation = v_uint32()
self.CrossTebFlags = v_uint16()
self.SameTebFlags = v_uint16()
self.TxnScopeEnterCallback = v_ptr64()
self.TxnScopeExitCallback = v_ptr64()
self.TxnScopeContext = v_ptr64()
self.LockCount = v_uint32()
self.SpareUlong0 = v_uint32()
self.ResourceRetValue = v_ptr64()
[docs]class CLIENT_ID64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UniqueProcess = v_uint64()
self.UniqueThread = v_uint64()
[docs]class IA64_LOADER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PlaceHolder = v_uint32()
[docs]class OBJECT_SYMBOLIC_LINK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CreationTime = LARGE_INTEGER()
self.LinkTarget = UNICODE_STRING()
self.DosDeviceDriveIndex = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class HEAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = HEAP_ENTRY()
self.SegmentSignature = v_uint32()
self.SegmentFlags = v_uint32()
self.SegmentListEntry = LIST_ENTRY()
self.Heap = v_ptr64()
self.BaseAddress = v_ptr64()
self.NumberOfPages = v_uint32()
self._pad0040 = v_bytes(size=4)
self.FirstEntry = v_ptr64()
self.LastValidEntry = v_ptr64()
self.NumberOfUnCommittedPages = v_uint32()
self.NumberOfUnCommittedRanges = v_uint32()
self.SegmentAllocatorBackTraceIndex = v_uint16()
self.Reserved = v_uint16()
self._pad0060 = v_bytes(size=4)
self.UCRSegmentList = LIST_ENTRY()
self.Flags = v_uint32()
self.ForceFlags = v_uint32()
self.CompatibilityFlags = v_uint32()
self.EncodeFlagMask = v_uint32()
self.Encoding = HEAP_ENTRY()
self.PointerKey = v_uint64()
self.Interceptor = v_uint32()
self.VirtualMemoryThreshold = v_uint32()
self.Signature = v_uint32()
self._pad00a8 = v_bytes(size=4)
self.SegmentReserve = v_uint64()
self.SegmentCommit = v_uint64()
self.DeCommitFreeBlockThreshold = v_uint64()
self.DeCommitTotalFreeThreshold = v_uint64()
self.TotalFreeSize = v_uint64()
self.MaximumAllocationSize = v_uint64()
self.ProcessHeapsListIndex = v_uint16()
self.HeaderValidateLength = v_uint16()
self._pad00e0 = v_bytes(size=4)
self.HeaderValidateCopy = v_ptr64()
self.NextAvailableTagIndex = v_uint16()
self.MaximumTagIndex = v_uint16()
self._pad00f0 = v_bytes(size=4)
self.TagEntries = v_ptr64()
self.UCRList = LIST_ENTRY()
self.AlignRound = v_uint64()
self.AlignMask = v_uint64()
self.VirtualAllocdBlocks = LIST_ENTRY()
self.SegmentList = LIST_ENTRY()
self.AllocatorBackTraceIndex = v_uint16()
self._pad013c = v_bytes(size=2)
self.NonDedicatedListLength = v_uint32()
self.BlocksIndex = v_ptr64()
self.UCRIndex = v_ptr64()
self.PseudoTagEntries = v_ptr64()
self.FreeLists = LIST_ENTRY()
self.LockVariable = v_ptr64()
self.CommitRoutine = v_ptr64()
self.FrontEndHeap = v_ptr64()
self.FrontHeapLockCount = v_uint16()
self.FrontEndHeapType = v_uint8()
self._pad0188 = v_bytes(size=5)
self.Counters = HEAP_COUNTERS()
self.TuningParameters = HEAP_TUNING_PARAMETERS()
[docs]class EJOB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Event = KEVENT()
self.JobLinks = LIST_ENTRY()
self.ProcessListHead = LIST_ENTRY()
self.JobLock = ERESOURCE()
self.TotalUserTime = LARGE_INTEGER()
self.TotalKernelTime = LARGE_INTEGER()
self.ThisPeriodTotalUserTime = LARGE_INTEGER()
self.ThisPeriodTotalKernelTime = LARGE_INTEGER()
self.TotalPageFaultCount = v_uint32()
self.TotalProcesses = v_uint32()
self.ActiveProcesses = v_uint32()
self.TotalTerminatedProcesses = v_uint32()
self.PerProcessUserTimeLimit = LARGE_INTEGER()
self.PerJobUserTimeLimit = LARGE_INTEGER()
self.MinimumWorkingSetSize = v_uint64()
self.MaximumWorkingSetSize = v_uint64()
self.LimitFlags = v_uint32()
self.ActiveProcessLimit = v_uint32()
self.Affinity = KAFFINITY_EX()
self.PriorityClass = v_uint8()
self._pad0128 = v_bytes(size=7)
self.AccessState = v_ptr64()
self.UIRestrictionsClass = v_uint32()
self.EndOfJobTimeAction = v_uint32()
self.CompletionPort = v_ptr64()
self.CompletionKey = v_ptr64()
self.SessionId = v_uint32()
self.SchedulingClass = v_uint32()
self.ReadOperationCount = v_uint64()
self.WriteOperationCount = v_uint64()
self.OtherOperationCount = v_uint64()
self.ReadTransferCount = v_uint64()
self.WriteTransferCount = v_uint64()
self.OtherTransferCount = v_uint64()
self.ProcessMemoryLimit = v_uint64()
self.JobMemoryLimit = v_uint64()
self.PeakProcessMemoryUsed = v_uint64()
self.PeakJobMemoryUsed = v_uint64()
self.CurrentJobMemoryUsed = v_uint64()
self.MemoryLimitsLock = EX_PUSH_LOCK()
self.JobSetLinks = LIST_ENTRY()
self.MemberLevel = v_uint32()
self.JobFlags = v_uint32()
[docs]class PROCESSOR_IDLESTATE_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TimeCheck = v_uint32()
self.DemotePercent = v_uint8()
self.PromotePercent = v_uint8()
self.Spare = vstruct.VArray([ v_uint8() for i in xrange(2) ])
[docs]class DBGKD_READ_WRITE_IO_EXTENDED64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DataSize = v_uint32()
self.InterfaceType = v_uint32()
self.BusNumber = v_uint32()
self.AddressSpace = v_uint32()
self.IoAddress = v_uint64()
self.DataValue = v_uint32()
self._pad0020 = v_bytes(size=4)
class _unnamed_18772(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LowPart = v_uint32()
self.HighPart = v_uint32()
[docs]class ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = SINGLE_LIST_ENTRY()
self.Packet = v_ptr64()
self.Lookaside = v_ptr64()
[docs]class HANDLE_TRACE_DEBUG_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RefCount = v_uint32()
self.TableSize = v_uint32()
self.BitMaskFlags = v_uint32()
self._pad0010 = v_bytes(size=4)
self.CloseCompactionLock = FAST_MUTEX()
self.CurrentStackIndex = v_uint32()
self._pad0050 = v_bytes(size=4)
self.TraceDb = vstruct.VArray([ HANDLE_TRACE_DB_ENTRY() for i in xrange(1) ])
class _unnamed_27317(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = LARGE_INTEGER()
self.Length48 = v_uint32()
[docs]class KPROCESSOR_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SpecialRegisters = KSPECIAL_REGISTERS()
self._pad00e0 = v_bytes(size=8)
self.ContextFrame = CONTEXT()
class _unnamed_27310(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DataSize = v_uint32()
self.Reserved1 = v_uint32()
self.Reserved2 = v_uint32()
[docs]class KAPC(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint8()
self.SpareByte0 = v_uint8()
self.Size = v_uint8()
self.SpareByte1 = v_uint8()
self.SpareLong0 = v_uint32()
self.Thread = v_ptr64()
self.ApcListEntry = LIST_ENTRY()
self.KernelRoutine = v_ptr64()
self.RundownRoutine = v_ptr64()
self.NormalRoutine = v_ptr64()
self.NormalContext = v_ptr64()
self.SystemArgument1 = v_ptr64()
self.SystemArgument2 = v_ptr64()
self.ApcStateIndex = v_uint8()
self.ApcMode = v_uint8()
self.Inserted = v_uint8()
self._pad0058 = v_bytes(size=5)
[docs]class ETW_BUFFER_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ProcessorNumber = v_uint8()
self.Alignment = v_uint8()
self.LoggerId = v_uint16()
[docs]class POOL_TRACKER_BIG_PAGES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Va = v_ptr64()
self.Key = v_uint32()
self.PoolType = v_uint32()
self.NumberOfBytes = v_uint64()
class _unnamed_21130(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityContext = v_ptr64()
self.Options = v_uint32()
self._pad0010 = v_bytes(size=4)
self.Reserved = v_uint16()
self.ShareAccess = v_uint16()
self._pad0018 = v_bytes(size=4)
self.Parameters = v_ptr64()
[docs]class SID_IDENTIFIER_AUTHORITY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Value = vstruct.VArray([ v_uint8() for i in xrange(6) ])
[docs]class RTL_RANGE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListHead = LIST_ENTRY()
self.Flags = v_uint32()
self.Count = v_uint32()
self.Stamp = v_uint32()
self._pad0020 = v_bytes(size=4)
class _unnamed_24045(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s2 = _unnamed_24051()
[docs]class DRIVER_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.DeviceObject = v_ptr64()
self.Flags = v_uint32()
self._pad0018 = v_bytes(size=4)
self.DriverStart = v_ptr64()
self.DriverSize = v_uint32()
self._pad0028 = v_bytes(size=4)
self.DriverSection = v_ptr64()
self.DriverExtension = v_ptr64()
self.DriverName = UNICODE_STRING()
self.HardwareDatabase = v_ptr64()
self.FastIoDispatch = v_ptr64()
self.DriverInit = v_ptr64()
self.DriverStartIo = v_ptr64()
self.DriverUnload = v_ptr64()
self.MajorFunction = vstruct.VArray([ v_ptr64() for i in xrange(28) ])
[docs]class VI_POOL_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PageHeader = VI_POOL_PAGE_HEADER()
self._pad0020 = v_bytes(size=8)
[docs]class SHARED_CACHE_MAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NodeTypeCode = v_uint16()
self.NodeByteSize = v_uint16()
self.OpenCount = v_uint32()
self.FileSize = LARGE_INTEGER()
self.BcbList = LIST_ENTRY()
self.SectionSize = LARGE_INTEGER()
self.ValidDataLength = LARGE_INTEGER()
self.ValidDataGoal = LARGE_INTEGER()
self.InitialVacbs = vstruct.VArray([ v_ptr64() for i in xrange(4) ])
self.Vacbs = v_ptr64()
self.FileObjectFastRef = EX_FAST_REF()
self.VacbLock = EX_PUSH_LOCK()
self.DirtyPages = v_uint32()
self._pad0078 = v_bytes(size=4)
self.LoggedStreamLinks = LIST_ENTRY()
self.SharedCacheMapLinks = LIST_ENTRY()
self.Flags = v_uint32()
self.Status = v_uint32()
self.Mbcb = v_ptr64()
self.Section = v_ptr64()
self.CreateEvent = v_ptr64()
self.WaitOnActiveCount = v_ptr64()
self.PagesToWrite = v_uint32()
self._pad00c8 = v_bytes(size=4)
self.BeyondLastFlush = v_uint64()
self.Callbacks = v_ptr64()
self.LazyWriteContext = v_ptr64()
self.PrivateList = LIST_ENTRY()
self.LogHandle = v_ptr64()
self.FlushToLsnRoutine = v_ptr64()
self.DirtyPageThreshold = v_uint32()
self.LazyWritePassCount = v_uint32()
self.UninitializeEvent = v_ptr64()
self.BcbLock = KGUARDED_MUTEX()
self.LastUnmapBehindOffset = LARGE_INTEGER()
self.Event = KEVENT()
self.HighWaterMappingOffset = LARGE_INTEGER()
self.PrivateCacheMap = PRIVATE_CACHE_MAP()
self.WriteBehindWorkQueueEntry = v_ptr64()
self.VolumeCacheMap = v_ptr64()
self.ProcImagePathHash = v_uint32()
self.WritesInProgress = v_uint32()
self.PipelinedReadAheadSize = v_uint32()
self._pad01f8 = v_bytes(size=4)
[docs]class REMOTE_PORT_VIEW(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.ViewSize = v_uint64()
self.ViewBase = v_ptr64()
[docs]class IO_MINI_COMPLETION_PACKET_USER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.PacketType = v_uint32()
self._pad0018 = v_bytes(size=4)
self.KeyContext = v_ptr64()
self.ApcContext = v_ptr64()
self.IoStatus = v_uint32()
self._pad0030 = v_bytes(size=4)
self.IoStatusInformation = v_uint64()
self.MiniPacketCallback = v_ptr64()
self.Context = v_ptr64()
self.Allocated = v_uint8()
self._pad0050 = v_bytes(size=7)
[docs]class XSTATE_FEATURE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Offset = v_uint32()
self.Size = v_uint32()
[docs]class KALPC_VIEW(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ViewListEntry = LIST_ENTRY()
self.Region = v_ptr64()
self.OwnerPort = v_ptr64()
self.OwnerProcess = v_ptr64()
self.Address = v_ptr64()
self.Size = v_uint64()
self.SecureViewHandle = v_ptr64()
self.WriteAccessHandle = v_ptr64()
self.u1 = _unnamed_24209()
self.NumberOfOwnerMessages = v_uint32()
self.ProcessViewListEntry = LIST_ENTRY()
[docs]class LOADER_PARAMETER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OsMajorVersion = v_uint32()
self.OsMinorVersion = v_uint32()
self.Size = v_uint32()
self.Reserved = v_uint32()
self.LoadOrderListHead = LIST_ENTRY()
self.MemoryDescriptorListHead = LIST_ENTRY()
self.BootDriverListHead = LIST_ENTRY()
self.KernelStack = v_uint64()
self.Prcb = v_uint64()
self.Process = v_uint64()
self.Thread = v_uint64()
self.RegistryLength = v_uint32()
self._pad0068 = v_bytes(size=4)
self.RegistryBase = v_ptr64()
self.ConfigurationRoot = v_ptr64()
self.ArcBootDeviceName = v_ptr64()
self.ArcHalDeviceName = v_ptr64()
self.NtBootPathName = v_ptr64()
self.NtHalPathName = v_ptr64()
self.LoadOptions = v_ptr64()
self.NlsData = v_ptr64()
self.ArcDiskInformation = v_ptr64()
self.OemFontFile = v_ptr64()
self.Extension = v_ptr64()
self.u = _unnamed_21966()
self.FirmwareInformation = FIRMWARE_INFORMATION_LOADER_BLOCK()
[docs]class KAFFINITY_ENUMERATION_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Affinity = v_ptr64()
self.CurrentMask = v_uint64()
self.CurrentIndex = v_uint16()
self._pad0018 = v_bytes(size=6)
[docs]class WHEA_TIMESTAMP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Seconds = v_uint64()
[docs]class ACTIVATION_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class TRACE_ENABLE_CONTEXT_EX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LoggerId = v_uint16()
self.Level = v_uint8()
self.InternalFlag = v_uint8()
self.EnableFlags = v_uint32()
self.EnableFlagsHigh = v_uint32()
self.Reserved = v_uint32()
[docs]class ETW_REF_CLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StartTime = LARGE_INTEGER()
self.StartPerfClock = LARGE_INTEGER()
class _unnamed_21297(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint32()
[docs]class RTL_CRITICAL_SECTION_DEBUG(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.CreatorBackTraceIndex = v_uint16()
self._pad0008 = v_bytes(size=4)
self.CriticalSection = v_ptr64()
self.ProcessLocksList = LIST_ENTRY()
self.EntryCount = v_uint32()
self.ContentionCount = v_uint32()
self.Flags = v_uint32()
self.CreatorBackTraceIndexHigh = v_uint16()
self.SpareUSHORT = v_uint16()
[docs]class PNP_DEVICE_EVENT_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.Argument = v_uint32()
self._pad0018 = v_bytes(size=4)
self.CallerEvent = v_ptr64()
self.Callback = v_ptr64()
self.Context = v_ptr64()
self.VetoType = v_ptr64()
self.VetoName = v_ptr64()
self.Data = PLUGPLAY_EVENT_BLOCK()
[docs]class ARBITER_CONFLICT_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OwningObject = v_ptr64()
self.Start = v_uint64()
self.End = v_uint64()
[docs]class SHARED_CACHE_MAP_LIST_CURSOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SharedCacheMapLinks = LIST_ENTRY()
self.Flags = v_uint32()
self._pad0018 = v_bytes(size=4)
[docs]class ETW_SESSION_PERF_COUNTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BufferMemoryPagedPool = v_uint32()
self.BufferMemoryNonPagedPool = v_uint32()
self.EventsLoggedCount = v_uint64()
self.EventsLost = v_uint32()
self.NumConsumers = v_uint32()
[docs]class PHYSICAL_MEMORY_RUN(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BasePage = v_uint64()
self.PageCount = v_uint64()
[docs]class MMVAD_FLAGS3(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PreferredNode = v_uint64()
[docs]class MMVAD_FLAGS2(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FileOffset = v_uint32()
[docs]class ARBITER_BOOT_ALLOCATION_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ArbitrationList = v_ptr64()
[docs]class TOKEN(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TokenSource = TOKEN_SOURCE()
self.TokenId = LUID()
self.AuthenticationId = LUID()
self.ParentTokenId = LUID()
self.ExpirationTime = LARGE_INTEGER()
self.TokenLock = v_ptr64()
self.ModifiedId = LUID()
self.Privileges = SEP_TOKEN_PRIVILEGES()
self.AuditPolicy = SEP_AUDIT_POLICY()
self.SessionId = v_uint32()
self.UserAndGroupCount = v_uint32()
self.RestrictedSidCount = v_uint32()
self.VariableLength = v_uint32()
self.DynamicCharged = v_uint32()
self.DynamicAvailable = v_uint32()
self.DefaultOwnerIndex = v_uint32()
self.UserAndGroups = v_ptr64()
self.RestrictedSids = v_ptr64()
self.PrimaryGroup = v_ptr64()
self.DynamicPart = v_ptr64()
self.DefaultDacl = v_ptr64()
self.TokenType = v_uint32()
self.ImpersonationLevel = v_uint32()
self.TokenFlags = v_uint32()
self.TokenInUse = v_uint8()
self._pad00c8 = v_bytes(size=3)
self.IntegrityLevelIndex = v_uint32()
self.MandatoryPolicy = v_uint32()
self.LogonSession = v_ptr64()
self.OriginatingLogonSession = LUID()
self.SidHash = SID_AND_ATTRIBUTES_HASH()
self.RestrictedSidHash = SID_AND_ATTRIBUTES_HASH()
self.pSecurityAttributes = v_ptr64()
self.VariablePart = v_uint64()
class _unnamed_23415(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReadMemory = DBGKD_READ_MEMORY64()
self._pad0028 = v_bytes(size=24)
[docs]class PROCESSOR_IDLESTATE_POLICY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revision = v_uint16()
self.Flags = _unnamed_28582()
self.PolicyCount = v_uint32()
self.Policy = vstruct.VArray([ PROCESSOR_IDLESTATE_INFO() for i in xrange(3) ])
class _unnamed_26681(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MinimumVector = v_uint32()
self.MaximumVector = v_uint32()
self.AffinityPolicy = v_uint16()
self.Group = v_uint16()
self.PriorityPolicy = v_uint32()
self.TargetedProcessors = v_uint64()
[docs]class DBGKD_READ_WRITE_IO64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IoAddress = v_uint64()
self.DataSize = v_uint32()
self.DataValue = v_uint32()
[docs]class ASSEMBLY_STORAGE_MAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_26702(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length40 = v_uint32()
self.Alignment40 = v_uint32()
self.MinimumAddress = LARGE_INTEGER()
self.MaximumAddress = LARGE_INTEGER()
class _unnamed_19310(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BaseMiddle = v_uint32()
[docs]class PROCESSOR_POWER_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IdleStates = v_ptr64()
self.IdleTimeLast = v_uint64()
self.IdleTimeTotal = v_uint64()
self.IdleTimeEntry = v_uint64()
self.IdleAccounting = v_ptr64()
self.Hypervisor = v_uint32()
self.PerfHistoryTotal = v_uint32()
self.ThermalConstraint = v_uint8()
self.PerfHistoryCount = v_uint8()
self.PerfHistorySlot = v_uint8()
self.Reserved = v_uint8()
self.LastSysTime = v_uint32()
self.WmiDispatchPtr = v_uint64()
self.WmiInterfaceEnabled = v_uint32()
self._pad0048 = v_bytes(size=4)
self.FFHThrottleStateInfo = PPM_FFH_THROTTLE_STATE_INFO()
self.PerfActionDpc = KDPC()
self.PerfActionMask = v_uint32()
self._pad00b0 = v_bytes(size=4)
self.IdleCheck = PROC_IDLE_SNAP()
self.PerfCheck = PROC_IDLE_SNAP()
self.Domain = v_ptr64()
self.PerfConstraint = v_ptr64()
self.Load = v_ptr64()
self.PerfHistory = v_ptr64()
self.Utility = v_uint32()
self.OverUtilizedHistory = v_uint32()
self.AffinityCount = v_uint32()
self.AffinityHistory = v_uint32()
[docs]class TP_TASK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Callbacks = v_ptr64()
self.NumaNode = v_uint32()
self.IdealProcessor = v_uint8()
self._pad0010 = v_bytes(size=3)
self.PostGuard = TP_NBQ_GUARD()
self.NBQNode = v_ptr64()
[docs]class SECURITY_CLIENT_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityQos = SECURITY_QUALITY_OF_SERVICE()
self._pad0010 = v_bytes(size=4)
self.ClientToken = v_ptr64()
self.DirectlyAccessClientToken = v_uint8()
self.DirectAccessEffectiveOnly = v_uint8()
self.ServerIsRemote = v_uint8()
self._pad001c = v_bytes(size=1)
self.ClientTokenControl = TOKEN_CONTROL()
self._pad0048 = v_bytes(size=4)
class _unnamed_21348(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Capabilities = v_ptr64()
[docs]class SID_AND_ATTRIBUTES_HASH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SidCount = v_uint32()
self._pad0008 = v_bytes(size=4)
self.SidAttr = v_ptr64()
self.Hash = vstruct.VArray([ v_uint64() for i in xrange(32) ])
[docs]class DBGKD_MANIPULATE_STATE64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ApiNumber = v_uint32()
self.ProcessorLevel = v_uint16()
self.Processor = v_uint16()
self.ReturnStatus = v_uint32()
self._pad0010 = v_bytes(size=4)
self.u = _unnamed_23415()
class _unnamed_26707(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length48 = v_uint32()
self.Alignment48 = v_uint32()
self.MinimumAddress = LARGE_INTEGER()
self.MaximumAddress = LARGE_INTEGER()
[docs]class LPCP_PORT_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NonPagedPortQueue = v_ptr64()
self.Semaphore = v_ptr64()
self.ReceiveHead = LIST_ENTRY()
[docs]class PHYSICAL_MEMORY_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NumberOfRuns = v_uint32()
self._pad0008 = v_bytes(size=4)
self.NumberOfPages = v_uint64()
self.Run = vstruct.VArray([ PHYSICAL_MEMORY_RUN() for i in xrange(1) ])
[docs]class MMWSLE_FREE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MustBeZero = v_uint64()
[docs]class MMBANKED_SECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BasePhysicalPage = v_uint64()
self.BasedPte = v_ptr64()
self.BankSize = v_uint32()
self.BankShift = v_uint32()
self.BankedRoutine = v_ptr64()
self.Context = v_ptr64()
self.CurrentMappedPte = v_ptr64()
self.BankTemplate = vstruct.VArray([ MMPTE() for i in xrange(1) ])
[docs]class JOB_ACCESS_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class DEVICE_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Failed = v_uint32()
[docs]class SECURITY_QUALITY_OF_SERVICE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self.ImpersonationLevel = v_uint32()
self.ContextTrackingMode = v_uint8()
self.EffectiveOnly = v_uint8()
self._pad000c = v_bytes(size=2)
[docs]class MSUBSECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ControlArea = v_ptr64()
self.SubsectionBase = v_ptr64()
self.NextSubsection = v_ptr64()
self.PtesInSubsection = v_uint32()
self._pad0020 = v_bytes(size=4)
self.UnusedPtes = v_uint32()
self._pad0028 = v_bytes(size=4)
self.u = _unnamed_22448()
self.StartingSector = v_uint32()
self.NumberOfFullSectors = v_uint32()
self._pad0038 = v_bytes(size=4)
self.u1 = _unnamed_22464()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.DereferenceList = LIST_ENTRY()
self.NumberOfMappedViews = v_uint64()
[docs]class KSTACK_AREA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StackControl = KERNEL_STACK_CONTROL()
self.NpxFrame = XSAVE_FORMAT()
[docs]class WHEA_ERROR_RECORD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = WHEA_ERROR_RECORD_HEADER()
self.SectionDescriptor = vstruct.VArray([ WHEA_ERROR_RECORD_SECTION_DESCRIPTOR() for i in xrange(1) ])
class _unnamed_21040(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Create = _unnamed_21102()
class _unnamed_22855(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.List = v_ptr64()
self.Index = v_uint32()
self.Cell = v_uint32()
self.CellPoint = v_ptr64()
class _unnamed_22854(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Cell = v_uint32()
self._pad0008 = v_bytes(size=4)
self.CellPoint = v_ptr64()
self.RootPoint = v_ptr64()
self.Index = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class POP_SHUTDOWN_BUG_CHECK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ThreadHandle = v_ptr64()
self.ThreadId = v_ptr64()
self.ProcessId = v_ptr64()
self.Code = v_uint32()
self._pad0020 = v_bytes(size=4)
self.Parameter1 = v_uint64()
self.Parameter2 = v_uint64()
self.Parameter3 = v_uint64()
self.Parameter4 = v_uint64()
class _unnamed_22856(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Space = v_uint32()
self.MapPoint = v_uint32()
self.BinPoint = v_ptr64()
class _unnamed_22851(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Failure = v_uint32()
self.Status = v_uint32()
self.Point = v_uint32()
[docs]class ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AllocatedResources = v_ptr64()
[docs]class VIRTUAL_EFI_RUNTIME_SERVICES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.GetTime = v_uint64()
self.SetTime = v_uint64()
self.GetWakeupTime = v_uint64()
self.SetWakeupTime = v_uint64()
self.SetVirtualAddressMap = v_uint64()
self.ConvertPointer = v_uint64()
self.GetVariable = v_uint64()
self.GetNextVariableName = v_uint64()
self.SetVariable = v_uint64()
self.GetNextHighMonotonicCount = v_uint64()
self.ResetSystem = v_uint64()
self.UpdateCapsule = v_uint64()
self.QueryCapsuleCapabilities = v_uint64()
self.QueryVariableInfo = v_uint64()
class _unnamed_22852(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Action = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Handle = v_ptr64()
self.Status = v_uint32()
self._pad0018 = v_bytes(size=4)
[docs]class RTL_DYNAMIC_HASH_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Linkage = LIST_ENTRY()
self.Signature = v_uint64()
class _unnamed_23139(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LegacyDeviceNode = v_ptr64()
[docs]class CLIENT_ID(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UniqueProcess = v_ptr64()
self.UniqueThread = v_ptr64()
class _unnamed_23643(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FileOffset = LARGE_INTEGER()
[docs]class MMPFN(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_22080()
self.u2 = _unnamed_22081()
self.PteAddress = v_ptr64()
self.u3 = _unnamed_22083()
self.UsedPageTableEntries = v_uint16()
self.VaType = v_uint8()
self.ViewCount = v_uint8()
self.OriginalPte = MMPTE()
self.u4 = _unnamed_22084()
[docs]class OBJECT_DUMP_CONTROL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Stream = v_ptr64()
self.Detail = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class CACHE_MANAGER_CALLBACKS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AcquireForLazyWrite = v_ptr64()
self.ReleaseFromLazyWrite = v_ptr64()
self.AcquireForReadAhead = v_ptr64()
self.ReleaseFromReadAhead = v_ptr64()
[docs]class DBGKD_CONTINUE2(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ContinueStatus = v_uint32()
self.ControlSet = AMD64_DBGKD_CONTROL_SET()
[docs]class HANDLE_TRACE_DB_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ClientId = CLIENT_ID()
self.Handle = v_ptr64()
self.Type = v_uint32()
self._pad0020 = v_bytes(size=4)
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(16) ])
[docs]class CPU_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Eax = v_uint32()
self.Ebx = v_uint32()
self.Ecx = v_uint32()
self.Edx = v_uint32()
[docs]class TOKEN_CONTROL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TokenId = LUID()
self.AuthenticationId = LUID()
self.ModifiedId = LUID()
self.TokenSource = TOKEN_SOURCE()
[docs]class GENERAL_LOOKASIDE_POOL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListHead = SLIST_HEADER()
self.Depth = v_uint16()
self.MaximumDepth = v_uint16()
self.TotalAllocates = v_uint32()
self.AllocateMisses = v_uint32()
self.TotalFrees = v_uint32()
self.FreeMisses = v_uint32()
self.Type = v_uint32()
self.Tag = v_uint32()
self.Size = v_uint32()
self.AllocateEx = v_ptr64()
self.FreeEx = v_ptr64()
self.ListEntry = LIST_ENTRY()
self.LastTotalAllocates = v_uint32()
self.LastAllocateMisses = v_uint32()
self.Future = vstruct.VArray([ v_uint32() for i in xrange(2) ])
class _unnamed_22858(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FileOffset = v_uint32()
[docs]class ALPC_DISPATCH_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PortObject = v_ptr64()
self.Message = v_ptr64()
self.CommunicationInfo = v_ptr64()
self.TargetThread = v_ptr64()
self.TargetPort = v_ptr64()
self.Flags = v_uint32()
self.TotalLength = v_uint16()
self.Type = v_uint16()
self.DataInfoOffset = v_uint16()
self._pad0038 = v_bytes(size=6)
[docs]class LPCP_NONPAGED_PORT_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Semaphore = KSEMAPHORE()
self.BackPointer = v_ptr64()
[docs]class KTRANSACTION_HISTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RecordType = v_uint32()
self.Payload = v_uint32()
[docs]class RTL_SRWLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Locked = v_uint64()
[docs]class BATTERY_REPORTING_SCALE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Granularity = v_uint32()
self.Capacity = v_uint32()
[docs]class MMPAGING_FILE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint64()
self.MaximumSize = v_uint64()
self.MinimumSize = v_uint64()
self.FreeSpace = v_uint64()
self.PeakUsage = v_uint64()
self.HighestPage = v_uint64()
self.File = v_ptr64()
self.Entry = vstruct.VArray([ v_ptr64() for i in xrange(2) ])
self.PageFileName = UNICODE_STRING()
self.Bitmap = v_ptr64()
self.EvictStoreBitmap = v_ptr64()
self.BitmapHint = v_uint32()
self.LastAllocationSize = v_uint32()
self.ToBeEvictedCount = v_uint32()
self.PageFileNumber = v_uint16()
self.AdriftMdls = v_uint16()
self.FileHandle = v_ptr64()
self.Lock = v_uint64()
self.LockOwner = v_ptr64()
[docs]class STRING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint16()
self.MaximumLength = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Buffer = v_ptr64()
[docs]class SID_AND_ATTRIBUTES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Sid = v_ptr64()
self.Attributes = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class TP_POOL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_24321(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24379()
[docs]class CMP_OFFSET_ARRAY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FileOffset = v_uint32()
self._pad0008 = v_bytes(size=4)
self.DataBuffer = v_ptr64()
self.DataLength = v_uint32()
self._pad0018 = v_bytes(size=4)
[docs]class CM_KEY_VALUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint16()
self.NameLength = v_uint16()
self.DataLength = v_uint32()
self.Data = v_uint32()
self.Type = v_uint32()
self.Flags = v_uint16()
self.Spare = v_uint16()
self.Name = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0018 = v_bytes(size=2)
class _unnamed_22355(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.KeepForever = v_uint64()
[docs]class LIST_ENTRY32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flink = v_uint32()
self.Blink = v_uint32()
[docs]class KDESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Pad = vstruct.VArray([ v_uint16() for i in xrange(3) ])
self.Limit = v_uint16()
self.Base = v_ptr64()
class _unnamed_26688(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MinimumChannel = v_uint32()
self.MaximumChannel = v_uint32()
[docs]class SINGLE_LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
[docs]class DBGKD_QUERY_MEMORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Address = v_uint64()
self.Reserved = v_uint64()
self.AddressSpace = v_uint32()
self.Flags = v_uint32()
[docs]class MMVAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_22375()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.StartingVpn = v_uint64()
self.EndingVpn = v_uint64()
self.u = _unnamed_22378()
self.PushLock = EX_PUSH_LOCK()
self.u5 = _unnamed_22379()
self.u2 = _unnamed_22395()
self._pad0048 = v_bytes(size=4)
self.Subsection = v_ptr64()
self.FirstPrototypePte = v_ptr64()
self.LastContiguousPte = v_ptr64()
self.ViewLinks = LIST_ENTRY()
self.VadsProcess = v_ptr64()
[docs]class VF_AVL_TREE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = v_uint32()
self._pad0008 = v_bytes(size=4)
self.NodeToFree = v_ptr64()
self.NodeRangeSize = v_uint64()
self.NodeCount = v_uint64()
self.Tables = v_ptr64()
self.TablesNo = v_uint32()
self.u1 = _unnamed_29012()
self._pad0040 = v_bytes(size=16)
[docs]class CONTEXT32_UPDATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NumberEntries = v_uint32()
[docs]class KDEVICE_QUEUE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceListEntry = LIST_ENTRY()
self.SortKey = v_uint32()
self.Inserted = v_uint8()
self._pad0018 = v_bytes(size=3)
[docs]class MMPTE_SUBSECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
[docs]class PO_DEVICE_NOTIFY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Link = LIST_ENTRY()
self.PowerChildren = LIST_ENTRY()
self.PowerParents = LIST_ENTRY()
self.TargetDevice = v_ptr64()
self.OrderLevel = v_uint8()
self._pad0040 = v_bytes(size=7)
self.DeviceObject = v_ptr64()
self.DeviceName = v_ptr64()
self.DriverName = v_ptr64()
self.ChildCount = v_uint32()
self.ActiveChild = v_uint32()
self.ParentCount = v_uint32()
self.ActiveParent = v_uint32()
[docs]class ALPC_HANDLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Object = v_ptr64()
[docs]class HMAP_DIRECTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Directory = vstruct.VArray([ v_ptr64() for i in xrange(1024) ])
[docs]class TPM_BOOT_ENTROPY_LDR_RESULT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Policy = v_uint64()
self.ResultCode = v_uint32()
self.ResultStatus = v_uint32()
self.Time = v_uint64()
self.EntropyLength = v_uint32()
self.EntropyData = vstruct.VArray([ v_uint8() for i in xrange(40) ])
self._pad0048 = v_bytes(size=4)
[docs]class NBQUEUE_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SListEntry = SLIST_ENTRY()
self.Next = v_uint64()
self.Data = v_uint64()
[docs]class KTMOBJECT_NAMESPACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Table = RTL_AVL_TABLE()
self.Mutex = KMUTANT()
self.LinksOffset = v_uint16()
self.GuidOffset = v_uint16()
self.Expired = v_uint8()
self._pad00a8 = v_bytes(size=3)
class _unnamed_25427(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.List = LIST_ENTRY()
[docs]class HEAP_STOP_ON_VALUES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AllocAddress = v_uint64()
self.AllocTag = HEAP_STOP_ON_TAG()
self._pad0010 = v_bytes(size=4)
self.ReAllocAddress = v_uint64()
self.ReAllocTag = HEAP_STOP_ON_TAG()
self._pad0020 = v_bytes(size=4)
self.FreeAddress = v_uint64()
self.FreeTag = HEAP_STOP_ON_TAG()
self._pad0030 = v_bytes(size=4)
[docs]class FS_FILTER_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AcquireForModifiedPageWriter = _unnamed_27930()
self._pad0028 = v_bytes(size=24)
[docs]class DBGKD_READ_MEMORY32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TargetBaseAddress = v_uint32()
self.TransferCount = v_uint32()
self.ActualBytesRead = v_uint32()
[docs]class RTL_HANDLE_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self._pad0008 = v_bytes(size=4)
[docs]class VI_POOL_ENTRY_INUSE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.VirtualAddress = v_ptr64()
self.CallingAddress = v_ptr64()
self.NumberOfBytes = v_uint64()
self.Tag = v_uint64()
[docs]class PEB64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InheritedAddressSpace = v_uint8()
self.ReadImageFileExecOptions = v_uint8()
self.BeingDebugged = v_uint8()
self.BitField = v_uint8()
self._pad0008 = v_bytes(size=4)
self.Mutant = v_uint64()
self.ImageBaseAddress = v_uint64()
self.Ldr = v_uint64()
self.ProcessParameters = v_uint64()
self.SubSystemData = v_uint64()
self.ProcessHeap = v_uint64()
self.FastPebLock = v_uint64()
self.AtlThunkSListPtr = v_uint64()
self.IFEOKey = v_uint64()
self.CrossProcessFlags = v_uint32()
self._pad0058 = v_bytes(size=4)
self.KernelCallbackTable = v_uint64()
self.SystemReserved = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.AtlThunkSListPtr32 = v_uint32()
self.ApiSetMap = v_uint64()
self.TlsExpansionCounter = v_uint32()
self._pad0078 = v_bytes(size=4)
self.TlsBitmap = v_uint64()
self.TlsBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.ReadOnlySharedMemoryBase = v_uint64()
self.HotpatchInformation = v_uint64()
self.ReadOnlyStaticServerData = v_uint64()
self.AnsiCodePageData = v_uint64()
self.OemCodePageData = v_uint64()
self.UnicodeCaseTableData = v_uint64()
self.NumberOfProcessors = v_uint32()
self.NtGlobalFlag = v_uint32()
self.CriticalSectionTimeout = LARGE_INTEGER()
self.HeapSegmentReserve = v_uint64()
self.HeapSegmentCommit = v_uint64()
self.HeapDeCommitTotalFreeThreshold = v_uint64()
self.HeapDeCommitFreeBlockThreshold = v_uint64()
self.NumberOfHeaps = v_uint32()
self.MaximumNumberOfHeaps = v_uint32()
self.ProcessHeaps = v_uint64()
self.GdiSharedHandleTable = v_uint64()
self.ProcessStarterHelper = v_uint64()
self.GdiDCAttributeList = v_uint32()
self._pad0110 = v_bytes(size=4)
self.LoaderLock = v_uint64()
self.OSMajorVersion = v_uint32()
self.OSMinorVersion = v_uint32()
self.OSBuildNumber = v_uint16()
self.OSCSDVersion = v_uint16()
self.OSPlatformId = v_uint32()
self.ImageSubsystem = v_uint32()
self.ImageSubsystemMajorVersion = v_uint32()
self.ImageSubsystemMinorVersion = v_uint32()
self._pad0138 = v_bytes(size=4)
self.ActiveProcessAffinityMask = v_uint64()
self.GdiHandleBuffer = vstruct.VArray([ v_uint32() for i in xrange(60) ])
self.PostProcessInitRoutine = v_uint64()
self.TlsExpansionBitmap = v_uint64()
self.TlsExpansionBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(32) ])
self.SessionId = v_uint32()
self._pad02c8 = v_bytes(size=4)
self.AppCompatFlags = ULARGE_INTEGER()
self.AppCompatFlagsUser = ULARGE_INTEGER()
self.pShimData = v_uint64()
self.AppCompatInfo = v_uint64()
self.CSDVersion = STRING64()
self.ActivationContextData = v_uint64()
self.ProcessAssemblyStorageMap = v_uint64()
self.SystemDefaultActivationContextData = v_uint64()
self.SystemAssemblyStorageMap = v_uint64()
self.MinimumStackCommit = v_uint64()
self.FlsCallback = v_uint64()
self.FlsListHead = LIST_ENTRY64()
self.FlsBitmap = v_uint64()
self.FlsBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(4) ])
self.FlsHighIndex = v_uint32()
self._pad0358 = v_bytes(size=4)
self.WerRegistrationData = v_uint64()
self.WerShipAssertPtr = v_uint64()
self.pContextData = v_uint64()
self.pImageHeaderHash = v_uint64()
self.TracingFlags = v_uint32()
self._pad0380 = v_bytes(size=4)
[docs]class ARBITER_ALTERNATIVE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Minimum = v_uint64()
self.Maximum = v_uint64()
self.Length = v_uint64()
self.Alignment = v_uint64()
self.Priority = v_uint32()
self.Flags = v_uint32()
self.Descriptor = v_ptr64()
self.Reserved = vstruct.VArray([ v_uint32() for i in xrange(3) ])
self._pad0040 = v_bytes(size=4)
[docs]class HEAP_LOOKASIDE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListHead = SLIST_HEADER()
self.Depth = v_uint16()
self.MaximumDepth = v_uint16()
self.TotalAllocates = v_uint32()
self.AllocateMisses = v_uint32()
self.TotalFrees = v_uint32()
self.FreeMisses = v_uint32()
self.LastTotalAllocates = v_uint32()
self.LastAllocateMisses = v_uint32()
self.Counters = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self._pad0040 = v_bytes(size=12)
class _unnamed_20937(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InitialPrivilegeSet = INITIAL_PRIVILEGE_SET()
[docs]class EX_FAST_REF(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Object = v_ptr64()
[docs]class INTERLOCK_SEQ(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Depth = v_uint16()
self.FreeEntryOffset = v_uint16()
self.Sequence = v_uint32()
[docs]class HMAP_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Table = vstruct.VArray([ HMAP_ENTRY() for i in xrange(512) ])
[docs]class PNP_RESOURCE_REQUEST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PhysicalDevice = v_ptr64()
self.Flags = v_uint32()
self.AllocationType = v_uint32()
self.Priority = v_uint32()
self.Position = v_uint32()
self.ResourceRequirements = v_ptr64()
self.ReqList = v_ptr64()
self.ResourceAssignment = v_ptr64()
self.TranslatedResourceAssignment = v_ptr64()
self.Status = v_uint32()
self._pad0040 = v_bytes(size=4)
[docs]class RTL_ACTIVATION_CONTEXT_STACK_FRAME(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Previous = v_ptr64()
self.ActivationContext = v_ptr64()
self.Flags = v_uint32()
self._pad0018 = v_bytes(size=4)
[docs]class VI_DEADLOCK_GLOBALS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TimeAcquire = v_uint64()
self.TimeRelease = v_uint64()
self.ResourceDatabase = v_ptr64()
self.ResourceDatabaseCount = v_uint64()
self.ResourceAddressRange = vstruct.VArray([ VF_ADDRESS_RANGE() for i in xrange(1023) ])
self.ThreadDatabase = v_ptr64()
self.ThreadDatabaseCount = v_uint64()
self.ThreadAddressRange = vstruct.VArray([ VF_ADDRESS_RANGE() for i in xrange(1023) ])
self.AllocationFailures = v_uint32()
self.NodesTrimmedBasedOnAge = v_uint32()
self.NodesTrimmedBasedOnCount = v_uint32()
self.NodesSearched = v_uint32()
self.MaxNodesSearched = v_uint32()
self.SequenceNumber = v_uint32()
self.RecursionDepthLimit = v_uint32()
self.SearchedNodesLimit = v_uint32()
self.DepthLimitHits = v_uint32()
self.SearchLimitHits = v_uint32()
self.ABC_ACB_Skipped = v_uint32()
self.OutOfOrderReleases = v_uint32()
self.NodesReleasedOutOfOrder = v_uint32()
self.TotalReleases = v_uint32()
self.RootNodesDeleted = v_uint32()
self.ForgetHistoryCounter = v_uint32()
self.Instigator = v_ptr64()
self.NumberOfParticipants = v_uint32()
self._pad8060 = v_bytes(size=4)
self.Participant = vstruct.VArray([ v_ptr64() for i in xrange(32) ])
self.ChildrenCountWatermark = v_uint32()
self._pad8168 = v_bytes(size=4)
[docs]class FS_FILTER_CALLBACKS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SizeOfFsFilterCallbacks = v_uint32()
self.Reserved = v_uint32()
self.PreAcquireForSectionSynchronization = v_ptr64()
self.PostAcquireForSectionSynchronization = v_ptr64()
self.PreReleaseForSectionSynchronization = v_ptr64()
self.PostReleaseForSectionSynchronization = v_ptr64()
self.PreAcquireForCcFlush = v_ptr64()
self.PostAcquireForCcFlush = v_ptr64()
self.PreReleaseForCcFlush = v_ptr64()
self.PostReleaseForCcFlush = v_ptr64()
self.PreAcquireForModifiedPageWriter = v_ptr64()
self.PostAcquireForModifiedPageWriter = v_ptr64()
self.PreReleaseForModifiedPageWriter = v_ptr64()
self.PostReleaseForModifiedPageWriter = v_ptr64()
[docs]class MM_DRIVER_VERIFIER_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Level = v_uint32()
self.RaiseIrqls = v_uint32()
self.AcquireSpinLocks = v_uint32()
self.SynchronizeExecutions = v_uint32()
self.AllocationsAttempted = v_uint32()
self.AllocationsSucceeded = v_uint32()
self.AllocationsSucceededSpecialPool = v_uint32()
self.AllocationsWithNoTag = v_uint32()
self.TrimRequests = v_uint32()
self.Trims = v_uint32()
self.AllocationsFailed = v_uint32()
self.AllocationsFailedDeliberately = v_uint32()
self.Loads = v_uint32()
self.Unloads = v_uint32()
self.UnTrackedPool = v_uint32()
self.UserTrims = v_uint32()
self.CurrentPagedPoolAllocations = v_uint32()
self.CurrentNonPagedPoolAllocations = v_uint32()
self.PeakPagedPoolAllocations = v_uint32()
self.PeakNonPagedPoolAllocations = v_uint32()
self.PagedBytes = v_uint64()
self.NonPagedBytes = v_uint64()
self.PeakPagedBytes = v_uint64()
self.PeakNonPagedBytes = v_uint64()
self.BurstAllocationsFailedDeliberately = v_uint32()
self.SessionTrims = v_uint32()
self.OptionChanges = v_uint32()
self.VerifyMode = v_uint32()
self.PreviousBucketName = UNICODE_STRING()
self.ActivityCounter = v_uint32()
self.PreviousActivityCounter = v_uint32()
self.WorkerTrimRequests = v_uint32()
self._pad00a0 = v_bytes(size=4)
[docs]class IO_RESOURCE_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Option = v_uint8()
self.Type = v_uint8()
self.ShareDisposition = v_uint8()
self.Spare1 = v_uint8()
self.Flags = v_uint16()
self.Spare2 = v_uint16()
self.u = _unnamed_26616()
[docs]class EX_PUSH_LOCK_CACHE_AWARE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Locks = vstruct.VArray([ v_ptr64() for i in xrange(32) ])
class _unnamed_29543(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DiskId = GUID()
class _unnamed_29540(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self.CheckSum = v_uint32()
[docs]class CM_KCB_UOW(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TransactionListEntry = LIST_ENTRY()
self.KCBLock = v_ptr64()
self.KeyLock = v_ptr64()
self.KCBListEntry = LIST_ENTRY()
self.KeyControlBlock = v_ptr64()
self.Transaction = v_ptr64()
self.UoWState = v_uint32()
self.ActionType = v_uint32()
self.StorageType = v_uint32()
self._pad0050 = v_bytes(size=4)
self.ChildKCB = v_ptr64()
self.NewChildKCB = v_ptr64()
[docs]class WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FRUId = v_uint8()
class _unnamed_27515(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TestAllocation = ARBITER_TEST_ALLOCATION_PARAMETERS()
self._pad0020 = v_bytes(size=8)
class _unnamed_24280(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Initialized = v_uint32()
[docs]class SCSI_REQUEST_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class MMVAD_LONG(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_22375()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.StartingVpn = v_uint64()
self.EndingVpn = v_uint64()
self.u = _unnamed_22378()
self.PushLock = EX_PUSH_LOCK()
self.u5 = _unnamed_22379()
self.u2 = _unnamed_22395()
self._pad0048 = v_bytes(size=4)
self.Subsection = v_ptr64()
self.FirstPrototypePte = v_ptr64()
self.LastContiguousPte = v_ptr64()
self.ViewLinks = LIST_ENTRY()
self.VadsProcess = v_ptr64()
self.u3 = _unnamed_25427()
self.u4 = _unnamed_25428()
[docs]class ARBITER_ADD_RESERVED_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReserveDevice = v_ptr64()
[docs]class VF_ADDRESS_RANGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = v_ptr64()
self.End = v_ptr64()
[docs]class STRING64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint16()
self.MaximumLength = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Buffer = v_uint64()
[docs]class MBCB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NodeTypeCode = v_uint16()
self.NodeIsInZone = v_uint16()
self.PagesToWrite = v_uint32()
self.DirtyPages = v_uint32()
self.Reserved = v_uint32()
self.BitmapRanges = LIST_ENTRY()
self.ResumeWritePage = v_uint64()
self.MostRecentlyDirtiedPage = v_uint64()
self.BitmapRange1 = BITMAP_RANGE()
self.BitmapRange2 = BITMAP_RANGE()
self.BitmapRange3 = BITMAP_RANGE()
class _unnamed_22107(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReferenceCount = v_uint16()
self.ShortFlags = v_uint16()
[docs]class FAST_MUTEX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Owner = v_ptr64()
self.Contention = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Event = KEVENT()
self.OldIrql = v_uint32()
self._pad0038 = v_bytes(size=4)
[docs]class TRACE_ENABLE_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IsEnabled = v_uint32()
self.Level = v_uint8()
self.Reserved1 = v_uint8()
self.LoggerId = v_uint16()
self.EnableProperty = v_uint32()
self.Reserved2 = v_uint32()
self.MatchAnyKeyword = v_uint64()
self.MatchAllKeyword = v_uint64()
[docs]class MM_AVL_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BalancedRoot = MMADDRESS_NODE()
self.DepthOfTree = v_uint64()
self.NodeHint = v_ptr64()
self.NodeFreeHint = v_ptr64()
[docs]class VF_SUSPECT_DRIVER_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Links = LIST_ENTRY()
self.Loads = v_uint32()
self.Unloads = v_uint32()
self.BaseName = UNICODE_STRING()
[docs]class MM_SESSION_SPACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReferenceCount = v_uint32()
self.u = _unnamed_28314()
self.SessionId = v_uint32()
self.ProcessReferenceToSession = v_uint32()
self.ProcessList = LIST_ENTRY()
self.LastProcessSwappedOutTime = LARGE_INTEGER()
self.SessionPageDirectoryIndex = v_uint64()
self.NonPagablePages = v_uint64()
self.CommittedPages = v_uint64()
self.PagedPoolStart = v_ptr64()
self.PagedPoolEnd = v_ptr64()
self.SessionObject = v_ptr64()
self.SessionObjectHandle = v_ptr64()
self.ResidentProcessCount = v_uint32()
self.SessionPoolAllocationFailures = vstruct.VArray([ v_uint32() for i in xrange(4) ])
self._pad0078 = v_bytes(size=4)
self.ImageList = LIST_ENTRY()
self.LocaleId = v_uint32()
self.AttachCount = v_uint32()
self.AttachGate = KGATE()
self.WsListEntry = LIST_ENTRY()
self._pad00c0 = v_bytes(size=8)
self.Lookaside = vstruct.VArray([ GENERAL_LOOKASIDE() for i in xrange(21) ])
self.Session = MMSESSION()
self.PagedPoolInfo = MM_PAGED_POOL_INFO()
self.Vm = MMSUPPORT()
self.Wsle = v_ptr64()
self.DriverUnload = v_ptr64()
self._pad0cc0 = v_bytes(size=40)
self.PagedPool = POOL_DESCRIPTOR()
self.PageDirectory = MMPTE()
self.SessionVaLock = KGUARDED_MUTEX()
self.DynamicVaBitMap = RTL_BITMAP()
self.DynamicVaHint = v_uint32()
self._pad1e58 = v_bytes(size=4)
self.SpecialPool = MI_SPECIAL_POOL()
self.SessionPteLock = KGUARDED_MUTEX()
self.PoolBigEntriesInUse = v_uint32()
self.PagedPoolPdeCount = v_uint32()
self.SpecialPoolPdeCount = v_uint32()
self.DynamicSessionPdeCount = v_uint32()
self.SystemPteInfo = MI_SYSTEM_PTE_TYPE()
self.PoolTrackTableExpansion = v_ptr64()
self.PoolTrackTableExpansionSize = v_uint64()
self.PoolTrackBigPages = v_ptr64()
self.PoolTrackBigPagesSize = v_uint64()
self.IoState = v_uint32()
self.IoStateSequence = v_uint32()
self.IoNotificationEvent = KEVENT()
self.CpuQuotaBlock = v_ptr64()
self._pad1f80 = v_bytes(size=8)
[docs]class CM_NAME_CONTROL_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Compressed = v_uint8()
self._pad0002 = v_bytes(size=1)
self.RefCount = v_uint16()
self._pad0008 = v_bytes(size=4)
self.NameHash = CM_NAME_HASH()
class _unnamed_29012(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NodeSize = v_uint32()
[docs]class KDEVICE_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.DeviceListHead = LIST_ENTRY()
self.Lock = v_uint64()
self.Busy = v_uint8()
self._pad0028 = v_bytes(size=7)
[docs]class ARBITER_RETEST_ALLOCATION_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ArbitrationList = v_ptr64()
self.AllocateFromCount = v_uint32()
self._pad0010 = v_bytes(size=4)
self.AllocateFrom = v_ptr64()
[docs]class NT_TIB32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionList = v_uint32()
self.StackBase = v_uint32()
self.StackLimit = v_uint32()
self.SubSystemTib = v_uint32()
self.FiberData = v_uint32()
self.ArbitraryUserPointer = v_uint32()
self.Self = v_uint32()
class _unnamed_21223(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
class _unnamed_27286(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = LARGE_INTEGER()
self.Length = v_uint32()
[docs]class PORT_MESSAGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_24044()
self.u2 = _unnamed_24045()
self.ClientId = CLIENT_ID()
self.MessageId = v_uint32()
self._pad0020 = v_bytes(size=4)
self.ClientViewSize = v_uint64()
[docs]class RELATIVE_SYMLINK_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExposedNamespaceLength = v_uint16()
self.Flags = v_uint16()
self.DeviceNameLength = v_uint16()
self.Reserved = v_uint16()
self.InteriorMountPoint = v_ptr64()
self.OpenedName = UNICODE_STRING()
[docs]class IO_SECURITY_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityQos = v_ptr64()
self.AccessState = v_ptr64()
self.DesiredAccess = v_uint32()
self.FullCreateOptions = v_uint32()
[docs]class TERMINATION_PORT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.Port = v_ptr64()
class _unnamed_27289(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Level = v_uint16()
self.Group = v_uint16()
self.Vector = v_uint32()
self.Affinity = v_uint64()
[docs]class VF_AVL_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RtlTable = RTL_AVL_TABLE()
self.ReservedNode = v_ptr64()
[docs]class SYSTEM_POWER_POLICY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revision = v_uint32()
self.PowerButton = POWER_ACTION_POLICY()
self.SleepButton = POWER_ACTION_POLICY()
self.LidClose = POWER_ACTION_POLICY()
self.LidOpenWake = v_uint32()
self.Reserved = v_uint32()
self.Idle = POWER_ACTION_POLICY()
self.IdleTimeout = v_uint32()
self.IdleSensitivity = v_uint8()
self.DynamicThrottle = v_uint8()
self.Spare2 = vstruct.VArray([ v_uint8() for i in xrange(2) ])
self.MinSleep = v_uint32()
self.MaxSleep = v_uint32()
self.ReducedLatencySleep = v_uint32()
self.WinLogonFlags = v_uint32()
self.Spare3 = v_uint32()
self.DozeS4Timeout = v_uint32()
self.BroadcastCapacityResolution = v_uint32()
self.DischargePolicy = vstruct.VArray([ SYSTEM_POWER_LEVEL() for i in xrange(4) ])
self.VideoTimeout = v_uint32()
self.VideoDimDisplay = v_uint8()
self._pad00c8 = v_bytes(size=3)
self.VideoReserved = vstruct.VArray([ v_uint32() for i in xrange(3) ])
self.SpindownTimeout = v_uint32()
self.OptimizeForPower = v_uint8()
self.FanThrottleTolerance = v_uint8()
self.ForcedThrottle = v_uint8()
self.MinThrottle = v_uint8()
self.OverThrottled = POWER_ACTION_POLICY()
class _unnamed_27930(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.EndingOffset = v_ptr64()
self.ResourceToRelease = v_ptr64()
class _unnamed_27933(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NotificationType = v_uint32()
self._pad0008 = v_bytes(size=4)
self.SafeToRecurse = v_uint8()
self._pad0010 = v_bytes(size=7)
class _unnamed_27932(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SyncType = v_uint32()
self.PageProtection = v_uint32()
[docs]class INITIAL_PRIVILEGE_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PrivilegeCount = v_uint32()
self.Control = v_uint32()
self.Privilege = vstruct.VArray([ LUID_AND_ATTRIBUTES() for i in xrange(3) ])
class _unnamed_27934(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Argument1 = v_ptr64()
self.Argument2 = v_ptr64()
self.Argument3 = v_ptr64()
self.Argument4 = v_ptr64()
self.Argument5 = v_ptr64()
[docs]class GENERAL_LOOKASIDE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListHead = SLIST_HEADER()
self.Depth = v_uint16()
self.MaximumDepth = v_uint16()
self.TotalAllocates = v_uint32()
self.AllocateMisses = v_uint32()
self.TotalFrees = v_uint32()
self.FreeMisses = v_uint32()
self.Type = v_uint32()
self.Tag = v_uint32()
self.Size = v_uint32()
self.AllocateEx = v_ptr64()
self.FreeEx = v_ptr64()
self.ListEntry = LIST_ENTRY()
self.LastTotalAllocates = v_uint32()
self.LastAllocateMisses = v_uint32()
self.Future = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self._pad0080 = v_bytes(size=32)
class _unnamed_26671(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self.Alignment = v_uint32()
self.MinimumAddress = LARGE_INTEGER()
self.MaximumAddress = LARGE_INTEGER()
[docs]class POOL_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PoolType = v_uint32()
self._pad0008 = v_bytes(size=4)
self.PagedLock = KGUARDED_MUTEX()
self.RunningAllocs = v_uint32()
self.RunningDeAllocs = v_uint32()
self.TotalBigPages = v_uint32()
self.ThreadsProcessingDeferrals = v_uint32()
self.TotalBytes = v_uint64()
self._pad0080 = v_bytes(size=40)
self.PoolIndex = v_uint32()
self._pad00c0 = v_bytes(size=60)
self.TotalPages = v_uint32()
self._pad0100 = v_bytes(size=60)
self.PendingFrees = v_ptr64()
self.PendingFreeDepth = v_uint32()
self._pad0140 = v_bytes(size=52)
self.ListHeads = vstruct.VArray([ LIST_ENTRY() for i in xrange(256) ])
[docs]class GDI_TEB_BATCH64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Offset = v_uint32()
self._pad0008 = v_bytes(size=4)
self.HDC = v_uint64()
self.Buffer = vstruct.VArray([ v_uint32() for i in xrange(310) ])
[docs]class CM_RM(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RmListEntry = LIST_ENTRY()
self.TransactionListHead = LIST_ENTRY()
self.TmHandle = v_ptr64()
self.Tm = v_ptr64()
self.RmHandle = v_ptr64()
self.KtmRm = v_ptr64()
self.RefCount = v_uint32()
self.ContainerNum = v_uint32()
self.ContainerSize = v_uint64()
self.CmHive = v_ptr64()
self.LogFileObject = v_ptr64()
self.MarshallingContext = v_ptr64()
self.RmFlags = v_uint32()
self.LogStartStatus1 = v_uint32()
self.LogStartStatus2 = v_uint32()
self._pad0078 = v_bytes(size=4)
self.BaseLsn = v_uint64()
self.RmLock = v_ptr64()
class _unnamed_21410(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PowerSequence = v_ptr64()
class _unnamed_24171(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24280()
class _unnamed_24174(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Internal = v_uint32()
[docs]class DUMP_STACK_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Init = DUMP_INITIALIZATION_CONTEXT()
self.PartitionOffset = LARGE_INTEGER()
self.DumpPointers = v_ptr64()
self.PointersLength = v_uint32()
self._pad00b8 = v_bytes(size=4)
self.ModulePrefix = v_ptr64()
self.DriverList = LIST_ENTRY()
self.InitMsg = STRING()
self.ProgMsg = STRING()
self.DoneMsg = STRING()
self.FileObject = v_ptr64()
self.UsageType = v_uint32()
self._pad0110 = v_bytes(size=4)
[docs]class PNP_DEVICE_EVENT_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Status = v_uint32()
self._pad0008 = v_bytes(size=4)
self.EventQueueMutex = KMUTANT()
self.Lock = KGUARDED_MUTEX()
self.List = LIST_ENTRY()
[docs]class KWAIT_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WaitListEntry = LIST_ENTRY()
self.Thread = v_ptr64()
self.Object = v_ptr64()
self.NextWaitBlock = v_ptr64()
self.WaitKey = v_uint16()
self.WaitType = v_uint8()
self.BlockState = v_uint8()
self.SpareLong = v_uint32()
[docs]class DBGKD_READ_WRITE_IO32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DataSize = v_uint32()
self.IoAddress = v_uint32()
self.DataValue = v_uint32()
[docs]class POP_HIBER_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WriteToFile = v_uint8()
self.ReserveLoaderMemory = v_uint8()
self.ReserveFreeMemory = v_uint8()
self.Reset = v_uint8()
self.HiberFlags = v_uint8()
self.WroteHiberFile = v_uint8()
self.MapFrozen = v_uint8()
self._pad0008 = v_bytes(size=1)
self.MemoryMap = RTL_BITMAP()
self.DiscardedMemoryPages = RTL_BITMAP()
self.ClonedRanges = LIST_ENTRY()
self.ClonedRangeCount = v_uint32()
self._pad0040 = v_bytes(size=4)
self.NextCloneRange = v_ptr64()
self.NextPreserve = v_uint64()
self.LoaderMdl = v_ptr64()
self.AllocatedMdl = v_ptr64()
self.PagesOut = v_uint64()
self.IoPages = v_ptr64()
self.IoPagesCount = v_uint32()
self._pad0078 = v_bytes(size=4)
self.CurrentMcb = v_ptr64()
self.DumpStack = v_ptr64()
self.WakeState = v_ptr64()
self.PreferredIoWriteSize = v_uint32()
self.IoProgress = v_uint32()
self.HiberVa = v_uint64()
self.HiberPte = LARGE_INTEGER()
self.Status = v_uint32()
self._pad00b0 = v_bytes(size=4)
self.MemoryImage = v_ptr64()
self.CompressionWorkspace = v_ptr64()
self.CompressedWriteBuffer = v_ptr64()
self.CompressedWriteBufferSize = v_uint32()
self.MaxCompressedOutputSize = v_uint32()
self.PerformanceStats = v_ptr64()
self.CompressionBlock = v_ptr64()
self.DmaIO = v_ptr64()
self.TemporaryHeap = v_ptr64()
self.BootLoaderLogMdl = v_ptr64()
self.FirmwareRuntimeInformationMdl = v_ptr64()
self.ResumeContext = v_ptr64()
self.ResumeContextPages = v_uint32()
self._pad0110 = v_bytes(size=4)
[docs]class RTL_HANDLE_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MaximumNumberOfHandles = v_uint32()
self.SizeOfHandleTableEntry = v_uint32()
self.Reserved = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.FreeHandles = v_ptr64()
self.CommittedHandles = v_ptr64()
self.UnCommittedHandles = v_ptr64()
self.MaxReservedHandles = v_ptr64()
[docs]class OBJECT_ATTRIBUTES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.RootDirectory = v_ptr64()
self.ObjectName = v_ptr64()
self.Attributes = v_uint32()
self._pad0020 = v_bytes(size=4)
self.SecurityDescriptor = v_ptr64()
self.SecurityQualityOfService = v_ptr64()
[docs]class CM_KEY_SECURITY_CACHE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Cell = v_uint32()
self.ConvKey = v_uint32()
self.List = LIST_ENTRY()
self.DescriptorLength = v_uint32()
self.RealRefCount = v_uint32()
self.Descriptor = SECURITY_DESCRIPTOR_RELATIVE()
self._pad0038 = v_bytes(size=4)
[docs]class PPC_DBGKD_CONTROL_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Continue = v_uint32()
self.CurrentSymbolStart = v_uint32()
self.CurrentSymbolEnd = v_uint32()
class _unnamed_23077(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Disk = _unnamed_27387()
[docs]class ETW_SYSTEMTIME(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Year = v_uint16()
self.Month = v_uint16()
self.DayOfWeek = v_uint16()
self.Day = v_uint16()
self.Hour = v_uint16()
self.Minute = v_uint16()
self.Second = v_uint16()
self.Milliseconds = v_uint16()
[docs]class PROCESSOR_NUMBER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Group = v_uint16()
self.Number = v_uint8()
self.Reserved = v_uint8()
class _unnamed_29085(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.idxRecord = v_uint32()
self.cidContainer = v_uint32()
class _unnamed_21255(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityInformation = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Length = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class RTL_DRIVE_LETTER_CURDIR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint16()
self.Length = v_uint16()
self.TimeStamp = v_uint32()
self.DosPath = STRING()
class _unnamed_21250(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OutputBufferLength = v_uint32()
self._pad0008 = v_bytes(size=4)
self.InputBufferLength = v_uint32()
self._pad0010 = v_bytes(size=4)
self.IoControlCode = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Type3InputBuffer = v_ptr64()
[docs]class VF_TRACKER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TrackerFlags = v_uint32()
self.TrackerSize = v_uint32()
self.TrackerIndex = v_uint32()
self.TraceDepth = v_uint32()
[docs]class KIDTENTRY64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OffsetLow = v_uint16()
self.Selector = v_uint16()
self.IstIndex = v_uint16()
self.OffsetMiddle = v_uint16()
self.OffsetHigh = v_uint32()
self.Reserved1 = v_uint32()
[docs]class CACHE_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Level = v_uint8()
self.Associativity = v_uint8()
self.LineSize = v_uint16()
self.Size = v_uint32()
self.Type = v_uint32()
class _unnamed_21258(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SecurityInformation = v_uint32()
self._pad0008 = v_bytes(size=4)
self.SecurityDescriptor = v_ptr64()
[docs]class ARBITER_QUERY_ARBITRATE_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ArbitrationList = v_ptr64()
[docs]class DBGKD_BREAKPOINTEX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakPointCount = v_uint32()
self.ContinueStatus = v_uint32()
[docs]class ULARGE_INTEGER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LowPart = v_uint32()
self.HighPart = v_uint32()
class _unnamed_21079(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceQueueEntry = KDEVICE_QUEUE_ENTRY()
self._pad0020 = v_bytes(size=8)
self.Thread = v_ptr64()
self.AuxiliaryBuffer = v_ptr64()
self.ListEntry = LIST_ENTRY()
self.CurrentStackLocation = v_ptr64()
self.OriginalFileObject = v_ptr64()
[docs]class TEB_ACTIVE_FRAME(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Previous = v_ptr64()
self.Context = v_ptr64()
[docs]class ETIMER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.KeTimer = KTIMER()
self.TimerApc = KAPC()
self.TimerDpc = KDPC()
self.ActiveTimerListEntry = LIST_ENTRY()
self.Lock = v_uint64()
self.Period = v_uint32()
self.ApcAssociated = v_uint8()
self._pad00f8 = v_bytes(size=3)
self.WakeReason = v_ptr64()
self.WakeTimerListEntry = LIST_ENTRY()
[docs]class DBGKD_LOAD_SYMBOLS64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PathNameLength = v_uint32()
self._pad0008 = v_bytes(size=4)
self.BaseOfDll = v_uint64()
self.ProcessId = v_uint64()
self.CheckSum = v_uint32()
self.SizeOfImage = v_uint32()
self.UnloadSymbols = v_uint8()
self._pad0028 = v_bytes(size=7)
[docs]class KTIMER_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = v_uint64()
self.Entry = LIST_ENTRY()
self.Time = ULARGE_INTEGER()
[docs]class FREE_DISPLAY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RealVectorSize = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Display = RTL_BITMAP()
[docs]class MM_PAGE_ACCESS_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = MM_PAGE_ACCESS_INFO_FLAGS()
self._pad0008 = v_bytes(size=4)
[docs]class ARBITER_ORDERING_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint16()
self.Maximum = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Orderings = v_ptr64()
[docs]class OBJECT_DIRECTORY_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ChainLink = v_ptr64()
self.Object = v_ptr64()
self.HashValue = v_uint32()
self._pad0018 = v_bytes(size=4)
[docs]class CM_KEY_HASH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ConvKey = v_uint32()
self._pad0008 = v_bytes(size=4)
self.NextHash = v_ptr64()
self.KeyHive = v_ptr64()
self.KeyCell = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class KTMNOTIFICATION_PACKET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class ARBITER_LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.AlternativeCount = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Alternatives = v_ptr64()
self.PhysicalDeviceObject = v_ptr64()
self.RequestSource = v_uint32()
self.Flags = v_uint32()
self.WorkSpace = v_uint64()
self.InterfaceType = v_uint32()
self.SlotNumber = v_uint32()
self.BusNumber = v_uint32()
self._pad0048 = v_bytes(size=4)
self.Assignment = v_ptr64()
self.SelectedAlternative = v_ptr64()
self.Result = v_uint32()
self._pad0060 = v_bytes(size=4)
class _unnamed_21210(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FileInformationClass = v_uint32()
self._pad0010 = v_bytes(size=4)
self.FileObject = v_ptr64()
self.ReplaceIfExists = v_uint8()
self.AdvanceOnly = v_uint8()
self._pad0020 = v_bytes(size=6)
class _unnamed_22083(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReferenceCount = v_uint16()
self.e1 = MMPFNENTRY()
[docs]class KWAIT_STATUS_REGISTER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint8()
[docs]class CACHE_UNINITIALIZE_EVENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.Event = KEVENT()
class _unnamed_22084(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PteFrame = v_uint64()
[docs]class MMPFNENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PageLocation = v_uint8()
self.Priority = v_uint8()
[docs]class NT_TIB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionList = v_ptr64()
self.StackBase = v_ptr64()
self.StackLimit = v_ptr64()
self.SubSystemTib = v_ptr64()
self.FiberData = v_ptr64()
self.ArbitraryUserPointer = v_ptr64()
self.Self = v_ptr64()
[docs]class ARBITER_TEST_ALLOCATION_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ArbitrationList = v_ptr64()
self.AllocateFromCount = v_uint32()
self._pad0010 = v_bytes(size=4)
self.AllocateFrom = v_ptr64()
[docs]class POWER_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SystemState = v_uint32()
class _unnamed_21003(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AsynchronousParameters = _unnamed_21018()
[docs]class UNICODE_STRING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint16()
self.MaximumLength = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Buffer = v_ptr64()
class _unnamed_21001(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MasterIrp = v_ptr64()
[docs]class MMSESSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SystemSpaceViewLock = KGUARDED_MUTEX()
self.SystemSpaceViewLockPointer = v_ptr64()
self.SystemSpaceViewTable = v_ptr64()
self.SystemSpaceHashSize = v_uint32()
self.SystemSpaceHashEntries = v_uint32()
self.SystemSpaceHashKey = v_uint32()
self.BitmapFailures = v_uint32()
class _unnamed_21006(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Overlay = _unnamed_21079()
self._pad0058 = v_bytes(size=8)
[docs]class HEAP_LIST_LOOKUP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExtendedLookup = v_ptr64()
self.ArraySize = v_uint32()
self.ExtraItem = v_uint32()
self.ItemCount = v_uint32()
self.OutOfRangeItems = v_uint32()
self.BaseIndex = v_uint32()
self._pad0020 = v_bytes(size=4)
self.ListHead = v_ptr64()
self.ListsInUseUlong = v_ptr64()
self.ListHints = v_ptr64()
[docs]class DUMMY_FILE_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ObjectHeader = OBJECT_HEADER()
self.FileObjectBody = vstruct.VArray([ v_uint8() for i in xrange(216) ])
class _unnamed_25428(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Banked = v_ptr64()
[docs]class LOADER_PARAMETER_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint32()
self.Profile = PROFILE_PARAMETER_BLOCK()
self._pad0018 = v_bytes(size=4)
self.EmInfFileImage = v_ptr64()
self.EmInfFileSize = v_uint32()
self._pad0028 = v_bytes(size=4)
self.TriageDumpBlock = v_ptr64()
self.LoaderPagesSpanned = v_uint64()
self.HeadlessLoaderBlock = v_ptr64()
self.SMBiosEPSHeader = v_ptr64()
self.DrvDBImage = v_ptr64()
self.DrvDBSize = v_uint32()
self._pad0058 = v_bytes(size=4)
self.NetworkLoaderBlock = v_ptr64()
self.FirmwareDescriptorListHead = LIST_ENTRY()
self.AcpiTable = v_ptr64()
self.AcpiTableSize = v_uint32()
self.LastBootSucceeded = v_uint32()
self.LoaderPerformanceData = v_ptr64()
self.BootApplicationPersistentData = LIST_ENTRY()
self.WmdTestResult = v_ptr64()
self.BootIdentifier = GUID()
self.ResumePages = v_uint32()
self._pad00b8 = v_bytes(size=4)
self.DumpHeader = v_ptr64()
self.BgContext = v_ptr64()
self.NumaLocalityInfo = v_ptr64()
self.NumaGroupAssignment = v_ptr64()
self.AttachedHives = LIST_ENTRY()
self.MemoryCachingRequirementsCount = v_uint32()
self._pad00f0 = v_bytes(size=4)
self.MemoryCachingRequirements = v_ptr64()
self.TpmBootEntropyResult = TPM_BOOT_ENTROPY_LDR_RESULT()
self.ProcessorCounterFrequency = v_uint64()
[docs]class EPROCESS_QUOTA_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_24211(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WriteAccess = v_uint32()
[docs]class FILE_SEGMENT_ELEMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Buffer = v_ptr64()
class _unnamed_22226(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.e2 = _unnamed_22291()
[docs]class PENDING_RELATIONS_LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Link = LIST_ENTRY()
self.WorkItem = WORK_QUEUE_ITEM()
self.DeviceEvent = v_ptr64()
self.DeviceObject = v_ptr64()
self.RelationsList = v_ptr64()
self.EjectIrp = v_ptr64()
self.Lock = v_uint32()
self.Problem = v_uint32()
self.ProfileChangingEject = v_uint8()
self.DisplaySafeRemovalDialog = v_uint8()
self._pad005c = v_bytes(size=2)
self.LightestSleepState = v_uint32()
self.DockInterface = v_ptr64()
class _unnamed_22223(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFlags = v_uint32()
[docs]class ACCESS_REASONS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Data = vstruct.VArray([ v_uint32() for i in xrange(32) ])
[docs]class DOCK_INTERFACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint16()
self.Version = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Context = v_ptr64()
self.InterfaceReference = v_ptr64()
self.InterfaceDereference = v_ptr64()
self.ProfileDepartureSetMode = v_ptr64()
self.ProfileDepartureUpdate = v_ptr64()
[docs]class MMVAD_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CommitCharge = v_uint64()
[docs]class MMSUPPORT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WorkingSetMutex = EX_PUSH_LOCK()
self.ExitGate = v_ptr64()
self.AccessLog = v_ptr64()
self.WorkingSetExpansionLinks = LIST_ENTRY()
self.AgeDistribution = vstruct.VArray([ v_uint32() for i in xrange(7) ])
self.MinimumWorkingSetSize = v_uint32()
self.WorkingSetSize = v_uint32()
self.WorkingSetPrivateSize = v_uint32()
self.MaximumWorkingSetSize = v_uint32()
self.ChargedWslePages = v_uint32()
self.ActualWslePages = v_uint32()
self.WorkingSetSizeOverhead = v_uint32()
self.PeakWorkingSetSize = v_uint32()
self.HardFaultCount = v_uint32()
self.VmWorkingSetList = v_ptr64()
self.NextPageColor = v_uint16()
self.LastTrimStamp = v_uint16()
self.PageFaultCount = v_uint32()
self.RepurposeCount = v_uint32()
self.Spare = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.Flags = MMSUPPORT_FLAGS()
[docs]class HBASE_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self.Sequence1 = v_uint32()
self.Sequence2 = v_uint32()
self.TimeStamp = LARGE_INTEGER()
self.Major = v_uint32()
self.Minor = v_uint32()
self.Type = v_uint32()
self.Format = v_uint32()
self.RootCell = v_uint32()
self.Length = v_uint32()
self.Cluster = v_uint32()
self.FileName = vstruct.VArray([ v_uint8() for i in xrange(64) ])
self.RmId = GUID()
self.LogId = GUID()
self.Flags = v_uint32()
self.TmId = GUID()
self.GuidSignature = v_uint32()
self.Reserved1 = vstruct.VArray([ v_uint32() for i in xrange(85) ])
self.CheckSum = v_uint32()
self.Reserved2 = vstruct.VArray([ v_uint32() for i in xrange(882) ])
self.ThawTmId = GUID()
self.ThawRmId = GUID()
self.ThawLogId = GUID()
self.BootType = v_uint32()
self.BootRecover = v_uint32()
[docs]class BUS_EXTENSION_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.BusExtension = v_ptr64()
class _unnamed_23701(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Event = v_ptr64()
[docs]class CMHIVE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Hive = HHIVE()
self.FileHandles = vstruct.VArray([ v_ptr64() for i in xrange(6) ])
self.NotifyList = LIST_ENTRY()
self.HiveList = LIST_ENTRY()
self.PreloadedHiveList = LIST_ENTRY()
self.HiveRundown = EX_RUNDOWN_REF()
self.ParseCacheEntries = LIST_ENTRY()
self.KcbCacheTable = v_ptr64()
self.KcbCacheTableSize = v_uint32()
self.Identity = v_uint32()
self.HiveLock = v_ptr64()
self.ViewLock = EX_PUSH_LOCK()
self.ViewLockOwner = v_ptr64()
self.ViewLockLast = v_uint32()
self.ViewUnLockLast = v_uint32()
self.WriterLock = v_ptr64()
self.FlusherLock = v_ptr64()
self.FlushDirtyVector = RTL_BITMAP()
self.FlushOffsetArray = v_ptr64()
self.FlushOffsetArrayCount = v_uint32()
self.FlushHiveTruncated = v_uint32()
self.FlushLock2 = v_ptr64()
self.SecurityLock = EX_PUSH_LOCK()
self.MappedViewList = LIST_ENTRY()
self.PinnedViewList = LIST_ENTRY()
self.FlushedViewList = LIST_ENTRY()
self.MappedViewCount = v_uint16()
self.PinnedViewCount = v_uint16()
self.UseCount = v_uint32()
self.ViewsPerHive = v_uint32()
self._pad06c0 = v_bytes(size=4)
self.FileObject = v_ptr64()
self.LastShrinkHiveSize = v_uint32()
self._pad06d0 = v_bytes(size=4)
self.ActualFileSize = LARGE_INTEGER()
self.FileFullPath = UNICODE_STRING()
self.FileUserName = UNICODE_STRING()
self.HiveRootPath = UNICODE_STRING()
self.SecurityCount = v_uint32()
self.SecurityCacheSize = v_uint32()
self.SecurityHitHint = v_uint32()
self._pad0718 = v_bytes(size=4)
self.SecurityCache = v_ptr64()
self.SecurityHash = vstruct.VArray([ LIST_ENTRY() for i in xrange(64) ])
self.UnloadEventCount = v_uint32()
self._pad0b28 = v_bytes(size=4)
self.UnloadEventArray = v_ptr64()
self.RootKcb = v_ptr64()
self.Frozen = v_uint8()
self._pad0b40 = v_bytes(size=7)
self.UnloadWorkItem = v_ptr64()
self.UnloadWorkItemHolder = CM_WORKITEM()
self.GrowOnlyMode = v_uint8()
self._pad0b74 = v_bytes(size=3)
self.GrowOffset = v_uint32()
self.KcbConvertListHead = LIST_ENTRY()
self.KnodeConvertListHead = LIST_ENTRY()
self.CellRemapArray = v_ptr64()
self.Flags = v_uint32()
self._pad0ba8 = v_bytes(size=4)
self.TrustClassEntry = LIST_ENTRY()
self.FlushCount = v_uint32()
self._pad0bc0 = v_bytes(size=4)
self.CmRm = v_ptr64()
self.CmRmInitFailPoint = v_uint32()
self.CmRmInitFailStatus = v_uint32()
self.CreatorOwner = v_ptr64()
self.RundownThread = v_ptr64()
self.LastWriteTime = LARGE_INTEGER()
[docs]class I386_LOADER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CommonDataArea = v_ptr64()
self.MachineType = v_uint32()
self.VirtualBias = v_uint32()
[docs]class PS_PER_CPU_QUOTA_CACHE_AWARE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SortedListEntry = LIST_ENTRY()
self.IdleOnlyListHead = LIST_ENTRY()
self.CycleBaseAllowance = v_uint64()
self.CyclesRemaining = v_uint64()
self.CurrentGeneration = v_uint32()
self._pad0040 = v_bytes(size=12)
[docs]class DBGKD_GET_SET_BUS_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BusDataType = v_uint32()
self.BusNumber = v_uint32()
self.SlotNumber = v_uint32()
self.Offset = v_uint32()
self.Length = v_uint32()
[docs]class KDPC(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint8()
self.Importance = v_uint8()
self.Number = v_uint16()
self._pad0008 = v_bytes(size=4)
self.DpcListEntry = LIST_ENTRY()
self.DeferredRoutine = v_ptr64()
self.DeferredContext = v_ptr64()
self.SystemArgument1 = v_ptr64()
self.SystemArgument2 = v_ptr64()
self.DpcData = v_ptr64()
class _unnamed_22857(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Bin = v_ptr64()
self.CellPoint = v_ptr64()
[docs]class KEVENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
class _unnamed_23703(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Reason = v_uint32()
[docs]class KSEMAPHORE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
self.Limit = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class SECTION_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StartingVa = v_ptr64()
self.EndingVa = v_ptr64()
self.Parent = v_ptr64()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.Segment = v_ptr64()
[docs]class IMAGE_DEBUG_DIRECTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Characteristics = v_uint32()
self.TimeDateStamp = v_uint32()
self.MajorVersion = v_uint16()
self.MinorVersion = v_uint16()
self.Type = v_uint32()
self.SizeOfData = v_uint32()
self.AddressOfRawData = v_uint32()
self.PointerToRawData = v_uint32()
[docs]class CONFIGURATION_COMPONENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Class = v_uint32()
self.Type = v_uint32()
self.Flags = DEVICE_FLAGS()
self.Version = v_uint16()
self.Revision = v_uint16()
self.Key = v_uint32()
self.AffinityMask = v_uint32()
self.ConfigurationDataLength = v_uint32()
self.IdentifierLength = v_uint32()
self.Identifier = v_ptr64()
[docs]class PROC_PERF_CONSTRAINT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Prcb = v_ptr64()
self.PerfContext = v_uint64()
self.PercentageCap = v_uint32()
self.ThermalCap = v_uint32()
self.TargetFrequency = v_uint32()
self.AcumulatedFullFrequency = v_uint32()
self.AcumulatedZeroFrequency = v_uint32()
self.FrequencyHistoryTotal = v_uint32()
self.AverageFrequency = v_uint32()
self._pad0030 = v_bytes(size=4)
[docs]class CM_INTENT_LOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OwnerCount = v_uint32()
self._pad0008 = v_bytes(size=4)
self.OwnerTable = v_ptr64()
class _unnamed_22080(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flink = v_uint64()
class _unnamed_27320(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = LARGE_INTEGER()
self.Length64 = v_uint32()
class _unnamed_22081(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Blink = v_uint64()
[docs]class KALPC_SECURITY_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HandleTable = v_ptr64()
self.ContextHandle = v_ptr64()
self.OwningProcess = v_ptr64()
self.OwnerPort = v_ptr64()
self.DynamicSecurity = SECURITY_CLIENT_CONTEXT()
self.u1 = _unnamed_24437()
self._pad0070 = v_bytes(size=4)
[docs]class LUID(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LowPart = v_uint32()
self.HighPart = v_uint32()
[docs]class RELATION_LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.MaxCount = v_uint32()
self.Devices = vstruct.VArray([ v_ptr64() for i in xrange(1) ])
[docs]class DBGKD_SET_INTERNAL_BREAKPOINT32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakpointAddress = v_uint32()
self.Flags = v_uint32()
[docs]class POP_THERMAL_ZONE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Link = LIST_ENTRY()
self.State = v_uint8()
self.Flags = v_uint8()
self.Mode = v_uint8()
self.PendingMode = v_uint8()
self.ActivePoint = v_uint8()
self.PendingActivePoint = v_uint8()
self._pad0018 = v_bytes(size=2)
self.Throttle = v_uint32()
self._pad0020 = v_bytes(size=4)
self.LastTime = v_uint64()
self.SampleRate = v_uint32()
self.LastTemp = v_uint32()
self.PassiveTimer = KTIMER()
self.PassiveDpc = KDPC()
self.OverThrottled = POP_ACTION_TRIGGER()
self.Irp = v_ptr64()
self.Info = THERMAL_INFORMATION_EX()
self.InfoLastUpdateTime = LARGE_INTEGER()
self.Metrics = POP_THERMAL_ZONE_METRICS()
[docs]class POOL_HACKER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = POOL_HEADER()
self.Contents = vstruct.VArray([ v_uint32() for i in xrange(8) ])
[docs]class COMPRESSED_DATA_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CompressionFormatAndEngine = v_uint16()
self.CompressionUnitShift = v_uint8()
self.ChunkShift = v_uint8()
self.ClusterShift = v_uint8()
self.Reserved = v_uint8()
self.NumberOfChunks = v_uint16()
self.CompressedChunkSizes = vstruct.VArray([ v_uint32() for i in xrange(1) ])
[docs]class HANDLE_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TableCode = v_uint64()
self.QuotaProcess = v_ptr64()
self.UniqueProcessId = v_ptr64()
self.HandleLock = EX_PUSH_LOCK()
self.HandleTableList = LIST_ENTRY()
self.HandleContentionEvent = EX_PUSH_LOCK()
self.DebugInfo = v_ptr64()
self.ExtraInfoPages = v_uint32()
self.Flags = v_uint32()
self.FirstFreeHandle = v_uint32()
self._pad0050 = v_bytes(size=4)
self.LastFreeHandleEntry = v_ptr64()
self.HandleCount = v_uint32()
self.NextHandleNeedingPool = v_uint32()
self.HandleCountHighWatermark = v_uint32()
self._pad0068 = v_bytes(size=4)
[docs]class PO_HIBER_PERF(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IoTicks = v_uint64()
self.InitTicks = v_uint64()
self.CopyTicks = v_uint64()
self.ElapsedTicks = v_uint64()
self.CompressTicks = v_uint64()
self.ResumeAppTime = v_uint64()
self.HiberFileResumeTime = v_uint64()
self.BytesCopied = v_uint64()
self.PagesProcessed = v_uint64()
self.PagesWritten = v_uint32()
self.DumpCount = v_uint32()
self.FileRuns = v_uint32()
self._pad0058 = v_bytes(size=4)
[docs]class DEFERRED_WRITE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NodeTypeCode = v_uint16()
self.NodeByteSize = v_uint16()
self._pad0008 = v_bytes(size=4)
self.FileObject = v_ptr64()
self.BytesToWrite = v_uint32()
self._pad0018 = v_bytes(size=4)
self.DeferredWriteLinks = LIST_ENTRY()
self.Event = v_ptr64()
self.PostRoutine = v_ptr64()
self.Context1 = v_ptr64()
self.Context2 = v_ptr64()
[docs]class HEAP_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PreviousBlockPrivateData = v_ptr64()
self.Size = v_uint16()
self.Flags = v_uint8()
self.SmallTagIndex = v_uint8()
self.PreviousSize = v_uint16()
self.SegmentOffset = v_uint8()
self.UnusedBytes = v_uint8()
class _unnamed_21137(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Key = v_uint32()
self._pad0010 = v_bytes(size=4)
self.ByteOffset = LARGE_INTEGER()
class _unnamed_21283(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.StartSid = v_ptr64()
self.SidList = v_ptr64()
self.SidListLength = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class ARBITER_INSTANCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self._pad0008 = v_bytes(size=4)
self.MutexEvent = v_ptr64()
self.Name = v_ptr64()
self.OrderingName = v_ptr64()
self.ResourceType = v_uint32()
self._pad0028 = v_bytes(size=4)
self.Allocation = v_ptr64()
self.PossibleAllocation = v_ptr64()
self.OrderingList = ARBITER_ORDERING_LIST()
self.ReservedList = ARBITER_ORDERING_LIST()
self.ReferenceCount = v_uint32()
self._pad0060 = v_bytes(size=4)
self.Interface = v_ptr64()
self.AllocationStackMaxSize = v_uint32()
self._pad0070 = v_bytes(size=4)
self.AllocationStack = v_ptr64()
self.UnpackRequirement = v_ptr64()
self.PackResource = v_ptr64()
self.UnpackResource = v_ptr64()
self.ScoreRequirement = v_ptr64()
self.TestAllocation = v_ptr64()
self.RetestAllocation = v_ptr64()
self.CommitAllocation = v_ptr64()
self.RollbackAllocation = v_ptr64()
self.BootAllocation = v_ptr64()
self.QueryArbitrate = v_ptr64()
self.QueryConflict = v_ptr64()
self.AddReserved = v_ptr64()
self.StartArbiter = v_ptr64()
self.PreprocessEntry = v_ptr64()
self.AllocateEntry = v_ptr64()
self.GetNextAllocationRange = v_ptr64()
self.FindSuitableRange = v_ptr64()
self.AddAllocation = v_ptr64()
self.BacktrackAllocation = v_ptr64()
self.OverrideConflict = v_ptr64()
self.InitializeRangeList = v_ptr64()
self.TransactionInProgress = v_uint8()
self._pad0128 = v_bytes(size=7)
self.TransactionEvent = v_ptr64()
self.Extension = v_ptr64()
self.BusDeviceObject = v_ptr64()
self.ConflictCallbackContext = v_ptr64()
self.ConflictCallback = v_ptr64()
self.PdoDescriptionString = vstruct.VArray([ v_uint16() for i in xrange(336) ])
self.PdoSymbolicNameString = vstruct.VArray([ v_uint8() for i in xrange(672) ])
self.PdoAddressString = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0698 = v_bytes(size=6)
[docs]class NAMED_PIPE_CREATE_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NamedPipeType = v_uint32()
self.ReadMode = v_uint32()
self.CompletionMode = v_uint32()
self.MaximumInstances = v_uint32()
self.InboundQuota = v_uint32()
self.OutboundQuota = v_uint32()
self.DefaultTimeout = LARGE_INTEGER()
self.TimeoutSpecified = v_uint8()
self._pad0028 = v_bytes(size=7)
[docs]class MMSUPPORT_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WorkingSetType = v_uint8()
self.SessionMaster = v_uint8()
self.MemoryPriority = v_uint8()
self.WsleDeleted = v_uint8()
[docs]class PROC_PERF_DOMAIN(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Link = LIST_ENTRY()
self.Master = v_ptr64()
self.Members = KAFFINITY_EX()
self.FeedbackHandler = v_ptr64()
self.GetFFHThrottleState = v_ptr64()
self.BoostPolicyHandler = v_ptr64()
self.PerfSelectionHandler = v_ptr64()
self.PerfHandler = v_ptr64()
self.Processors = v_ptr64()
self.PerfChangeTime = v_uint64()
self.ProcessorCount = v_uint32()
self.PreviousFrequencyMhz = v_uint32()
self.CurrentFrequencyMhz = v_uint32()
self.PreviousFrequency = v_uint32()
self.CurrentFrequency = v_uint32()
self.CurrentPerfContext = v_uint32()
self.DesiredFrequency = v_uint32()
self.MaxFrequency = v_uint32()
self.MinPerfPercent = v_uint32()
self.MinThrottlePercent = v_uint32()
self.MaxPercent = v_uint32()
self.MinPercent = v_uint32()
self.ConstrainedMaxPercent = v_uint32()
self.ConstrainedMinPercent = v_uint32()
self.Coordination = v_uint8()
self._pad00b4 = v_bytes(size=3)
self.PerfChangeIntervalCount = v_uint32()
[docs]class EXCEPTION_REGISTRATION_RECORD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.Handler = v_ptr64()
[docs]class PLUGPLAY_EVENT_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.EventGuid = GUID()
self.EventCategory = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Result = v_ptr64()
self.Flags = v_uint32()
self.TotalSize = v_uint32()
self.DeviceObject = v_ptr64()
self.u = _unnamed_25968()
[docs]class LIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flink = v_ptr64()
self.Blink = v_ptr64()
[docs]class M128A(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Low = v_uint64()
self.High = v_uint64()
[docs]class CM_KEY_SECURITY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint16()
self.Reserved = v_uint16()
self.Flink = v_uint32()
self.Blink = v_uint32()
self.ReferenceCount = v_uint32()
self.DescriptorLength = v_uint32()
self.Descriptor = SECURITY_DESCRIPTOR_RELATIVE()
class _unnamed_22031(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.EfiInformation = EFI_FIRMWARE_INFORMATION()
[docs]class PNP_DEVICE_COMPLETION_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DispatchedList = LIST_ENTRY()
self.DispatchedCount = v_uint32()
self._pad0018 = v_bytes(size=4)
self.CompletedList = LIST_ENTRY()
self.CompletedSemaphore = KSEMAPHORE()
self.SpinLock = v_uint64()
[docs]class HMAP_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BlockAddress = v_uint64()
self.BinAddress = v_uint64()
self.CmView = v_ptr64()
self.MemAlloc = v_uint32()
self._pad0020 = v_bytes(size=4)
class _unnamed_22853(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CheckStack = v_ptr64()
[docs]class POP_ACTION_TRIGGER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint32()
self.Flags = v_uint32()
self.Wait = v_ptr64()
self.Battery = _unnamed_26758()
self._pad0018 = v_bytes(size=4)
[docs]class ETW_REALTIME_CONSUMER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Links = LIST_ENTRY()
self.ProcessHandle = v_ptr64()
self.ProcessObject = v_ptr64()
self.NextNotDelivered = v_ptr64()
self.RealtimeConnectContext = v_ptr64()
self.DisconnectEvent = v_ptr64()
self.DataAvailableEvent = v_ptr64()
self.UserBufferCount = v_ptr64()
self.UserBufferListHead = v_ptr64()
self.BuffersLost = v_uint32()
self.EmptyBuffersCount = v_uint32()
self.LoggerId = v_uint32()
self.ShutDownRequested = v_uint8()
self.NewBuffersLost = v_uint8()
self.Disconnected = v_uint8()
self._pad0060 = v_bytes(size=1)
self.ReservedBufferSpaceBitMap = RTL_BITMAP()
self.ReservedBufferSpace = v_ptr64()
self.ReservedBufferSpaceSize = v_uint32()
self.UserPagesAllocated = v_uint32()
self.UserPagesReused = v_uint32()
self.Wow = v_uint8()
self._pad0088 = v_bytes(size=3)
class _unnamed_26860(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AllSharedExportThunks = VF_TARGET_ALL_SHARED_EXPORT_THUNKS()
[docs]class CM_CACHED_VALUE_INDEX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CellIndex = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Data = _unnamed_27360()
[docs]class DEVICE_MAP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DosDevicesDirectory = v_ptr64()
self.GlobalDosDevicesDirectory = v_ptr64()
self.DosDevicesDirectoryHandle = v_ptr64()
self.ReferenceCount = v_uint32()
self.DriveMap = v_uint32()
self.DriveType = vstruct.VArray([ v_uint8() for i in xrange(32) ])
[docs]class DBGKD_READ_WRITE_IO_EXTENDED32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DataSize = v_uint32()
self.InterfaceType = v_uint32()
self.BusNumber = v_uint32()
self.AddressSpace = v_uint32()
self.IoAddress = v_uint32()
self.DataValue = v_uint32()
class _unnamed_26693(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self.MinBusNumber = v_uint32()
self.MaxBusNumber = v_uint32()
self.Reserved = v_uint32()
[docs]class CONTROL_AREA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Segment = v_ptr64()
self.DereferenceList = LIST_ENTRY()
self.NumberOfSectionReferences = v_uint64()
self.NumberOfPfnReferences = v_uint64()
self.NumberOfMappedViews = v_uint64()
self.NumberOfUserReferences = v_uint64()
self.u = _unnamed_22223()
self.FlushInProgressCount = v_uint32()
self.FilePointer = EX_FAST_REF()
self.ControlAreaLock = v_uint32()
self.ModifiedWriteCount = v_uint32()
self.WaitingForDeletion = v_ptr64()
self.u2 = _unnamed_22226()
self.LockedPages = v_uint64()
self.ViewList = LIST_ENTRY()
class _unnamed_26691(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Data = vstruct.VArray([ v_uint32() for i in xrange(3) ])
[docs]class KERNEL_STACK_CONTROL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Current = KERNEL_STACK_SEGMENT()
self.Previous = KERNEL_STACK_SEGMENT()
[docs]class VI_TRACK_IRQL(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Thread = v_ptr64()
self.OldIrql = v_uint8()
self.NewIrql = v_uint8()
self.Processor = v_uint16()
self.TickCount = v_uint32()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(5) ])
[docs]class GUID(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Data1 = v_uint32()
self.Data2 = v_uint16()
self.Data3 = v_uint16()
self.Data4 = vstruct.VArray([ v_uint8() for i in xrange(8) ])
[docs]class HEAP_UCR_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.SegmentEntry = LIST_ENTRY()
self.Address = v_ptr64()
self.Size = v_uint64()
class _unnamed_26698(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Priority = v_uint32()
self.Reserved1 = v_uint32()
self.Reserved2 = v_uint32()
class _unnamed_26653(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Last = v_uint32()
self.u = _unnamed_26650()
class _unnamed_21218(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.EaList = v_ptr64()
self.EaListLength = v_uint32()
self._pad0018 = v_bytes(size=4)
self.EaIndex = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class POP_SYSTEM_IDLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AverageIdleness = v_uint32()
self.LowestIdleness = v_uint32()
self.Time = v_uint32()
self.Timeout = v_uint32()
self.LastUserInput = v_uint32()
self.Action = POWER_ACTION_POLICY()
self.MinState = v_uint32()
self.SystemRequired = v_uint8()
self.IdleWorker = v_uint8()
self.Sampling = v_uint8()
self._pad0028 = v_bytes(size=1)
self.LastTick = v_uint64()
self.LastSystemRequiredTime = v_uint32()
self._pad0038 = v_bytes(size=4)
[docs]class KAPC_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ApcListHead = vstruct.VArray([ LIST_ENTRY() for i in xrange(2) ])
self.Process = v_ptr64()
self.KernelApcInProgress = v_uint8()
self.KernelApcPending = v_uint8()
self.UserApcPending = v_uint8()
self._pad0030 = v_bytes(size=5)
[docs]class SLIST_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self._pad0010 = v_bytes(size=8)
class _unnamed_19309(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BaseMiddle = v_uint8()
self.Flags1 = v_uint8()
self.Flags2 = v_uint8()
self.BaseHigh = v_uint8()
[docs]class MMVAD_SHORT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_22375()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.StartingVpn = v_uint64()
self.EndingVpn = v_uint64()
self.u = _unnamed_22378()
self.PushLock = EX_PUSH_LOCK()
self.u5 = _unnamed_22379()
[docs]class DBGKD_GET_VERSION32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MajorVersion = v_uint16()
self.MinorVersion = v_uint16()
self.ProtocolVersion = v_uint16()
self.Flags = v_uint16()
self.KernBase = v_uint32()
self.PsLoadedModuleList = v_uint32()
self.MachineType = v_uint16()
self.ThCallbackStack = v_uint16()
self.NextCallback = v_uint16()
self.FramePointer = v_uint16()
self.KiCallUserMode = v_uint32()
self.KeUserCallbackDispatcher = v_uint32()
self.BreakpointWithStatus = v_uint32()
self.DebuggerDataList = v_uint32()
[docs]class CM_CELL_REMAP_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OldCell = v_uint32()
self.NewCell = v_uint32()
[docs]class PNP_DEVICE_ACTION_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.DeviceObject = v_ptr64()
self.RequestType = v_uint32()
self.ReorderingBarrier = v_uint8()
self._pad0020 = v_bytes(size=3)
self.RequestArgument = v_uint64()
self.CompletionEvent = v_ptr64()
self.CompletionStatus = v_ptr64()
class _unnamed_26650(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UserData = v_uint32()
[docs]class KDPC_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DpcListHead = LIST_ENTRY()
self.DpcLock = v_uint64()
self.DpcQueueDepth = v_uint32()
self.DpcCount = v_uint32()
class _unnamed_26656(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u = _unnamed_26650()
class _unnamed_24439(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revoked = v_uint32()
[docs]class IO_STATUS_BLOCK32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Status = v_uint32()
self.Information = v_uint32()
[docs]class XSAVE_AREA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LegacyState = XSAVE_FORMAT()
self.Header = XSAVE_AREA_HEADER()
class _unnamed_21198(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FileName = v_ptr64()
self.FileInformationClass = v_uint32()
self._pad0018 = v_bytes(size=4)
self.FileIndex = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class IRP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.MdlAddress = v_ptr64()
self.Flags = v_uint32()
self._pad0018 = v_bytes(size=4)
self.AssociatedIrp = _unnamed_21001()
self.ThreadListEntry = LIST_ENTRY()
self.IoStatus = IO_STATUS_BLOCK()
self.RequestorMode = v_uint8()
self.PendingReturned = v_uint8()
self.StackCount = v_uint8()
self.CurrentLocation = v_uint8()
self.Cancel = v_uint8()
self.CancelIrql = v_uint8()
self.ApcEnvironment = v_uint8()
self.AllocationFlags = v_uint8()
self.UserIosb = v_ptr64()
self.UserEvent = v_ptr64()
self.Overlay = _unnamed_21003()
self.CancelRoutine = v_ptr64()
self.UserBuffer = v_ptr64()
self.Tail = _unnamed_21006()
[docs]class KTHREAD_COUNTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WaitReasonBitMap = v_uint64()
self.UserData = v_ptr64()
self.Flags = v_uint32()
self.ContextSwitches = v_uint32()
self.CycleTimeBias = v_uint64()
self.HardwareCounters = v_uint64()
self.HwCounter = vstruct.VArray([ COUNTER_READING() for i in xrange(16) ])
class _unnamed_24437(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24439()
[docs]class MMADDRESS_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_25432()
self.EndVa = v_ptr64()
class _unnamed_21850(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Long = v_uint64()
[docs]class OBJECT_REF_TRACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(16) ])
[docs]class KALPC_RESERVE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OwnerPort = v_ptr64()
self.HandleTable = v_ptr64()
self.Handle = v_ptr64()
self.Message = v_ptr64()
self.Active = v_uint32()
self._pad0028 = v_bytes(size=4)
[docs]class KINTERRUPT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.InterruptListEntry = LIST_ENTRY()
self.ServiceRoutine = v_ptr64()
self.MessageServiceRoutine = v_ptr64()
self.MessageIndex = v_uint32()
self._pad0030 = v_bytes(size=4)
self.ServiceContext = v_ptr64()
self.SpinLock = v_uint64()
self.TickCount = v_uint32()
self._pad0048 = v_bytes(size=4)
self.ActualLock = v_ptr64()
self.DispatchAddress = v_ptr64()
self.Vector = v_uint32()
self.Irql = v_uint8()
self.SynchronizeIrql = v_uint8()
self.FloatingSave = v_uint8()
self.Connected = v_uint8()
self.Number = v_uint32()
self.ShareVector = v_uint8()
self.Pad = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self.Mode = v_uint32()
self.Polarity = v_uint32()
self.ServiceCount = v_uint32()
self.DispatchCount = v_uint32()
self.Rsvd1 = v_uint64()
self.TrapFrame = v_ptr64()
self.Reserved = v_ptr64()
self.DispatchCode = vstruct.VArray([ v_uint32() for i in xrange(4) ])
[docs]class SECURITY_DESCRIPTOR_RELATIVE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Revision = v_uint8()
self.Sbz1 = v_uint8()
self.Control = v_uint16()
self.Owner = v_uint32()
self.Group = v_uint32()
self.Sacl = v_uint32()
self.Dacl = v_uint32()
[docs]class DUMP_INITIALIZATION_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self.Reserved = v_uint32()
self.MemoryBlock = v_ptr64()
self.CommonBuffer = vstruct.VArray([ v_ptr64() for i in xrange(2) ])
self.PhysicalAddress = vstruct.VArray([ LARGE_INTEGER() for i in xrange(2) ])
self.StallRoutine = v_ptr64()
self.OpenRoutine = v_ptr64()
self.WriteRoutine = v_ptr64()
self.FinishRoutine = v_ptr64()
self.AdapterObject = v_ptr64()
self.MappedRegisterBase = v_ptr64()
self.PortConfiguration = v_ptr64()
self.CrashDump = v_uint8()
self._pad006c = v_bytes(size=3)
self.MaximumTransferSize = v_uint32()
self.CommonBufferSize = v_uint32()
self._pad0078 = v_bytes(size=4)
self.TargetAddress = v_ptr64()
self.WritePendingRoutine = v_ptr64()
self.PartitionStyle = v_uint32()
self.DiskInfo = _unnamed_29494()
self._pad00a0 = v_bytes(size=4)
class _unnamed_27314(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = LARGE_INTEGER()
self.Length40 = v_uint32()
[docs]class CELL_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u = u()
[docs]class VERIFIER_SHARED_EXPORT_THUNK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class OBJECT_HANDLE_COUNT_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Process = v_ptr64()
self.HandleCount = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class PORT_MESSAGE32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_24044()
self.u2 = _unnamed_24045()
self.ClientId = CLIENT_ID32()
self.MessageId = v_uint32()
self.ClientViewSize = v_uint32()
[docs]class KGATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = DISPATCHER_HEADER()
[docs]class IO_COMPLETION_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Port = v_ptr64()
self.Key = v_ptr64()
class _unnamed_26942(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BlockedDriverGuid = GUID()
[docs]class DRIVER_EXTENSION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DriverObject = v_ptr64()
self.AddDevice = v_ptr64()
self.Count = v_uint32()
self._pad0018 = v_bytes(size=4)
self.ServiceKeyName = UNICODE_STRING()
self.ClientDriverExtension = v_ptr64()
self.FsFilterCallbacks = v_ptr64()
class _unnamed_26946(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PowerSettingGuid = GUID()
self.Flags = v_uint32()
self.SessionId = v_uint32()
self.DataLength = v_uint32()
self.Data = vstruct.VArray([ v_uint8() for i in xrange(1) ])
self._pad0020 = v_bytes(size=3)
[docs]class PCW_REGISTRATION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_26944(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ParentId = vstruct.VArray([ v_uint16() for i in xrange(1) ])
[docs]class PO_IRP_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CurrentIrp = v_ptr64()
self.PendingIrpList = v_ptr64()
[docs]class TP_NBQ_GUARD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.GuardLinks = LIST_ENTRY()
self.Guards = vstruct.VArray([ v_ptr64() for i in xrange(2) ])
class _unnamed_21457(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Argument1 = v_ptr64()
self.Argument2 = v_ptr64()
self.Argument3 = v_ptr64()
self.Argument4 = v_ptr64()
[docs]class flags(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Removable = v_uint8()
class _unnamed_21452(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ProviderId = v_uint64()
self.DataPath = v_ptr64()
self.BufferSize = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Buffer = v_ptr64()
[docs]class DBGKD_SEARCH_MEMORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SearchAddress = v_uint64()
self.SearchLength = v_uint64()
self.PatternLength = v_uint32()
self._pad0018 = v_bytes(size=4)
class _unnamed_22910(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OldCell = _unnamed_26653()
[docs]class ALPC_COMPLETION_PACKET_LOOKASIDE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = v_uint64()
self.Size = v_uint32()
self.ActiveCount = v_uint32()
self.PendingNullCount = v_uint32()
self.PendingCheckCompletionListCount = v_uint32()
self.PendingDelete = v_uint32()
self._pad0020 = v_bytes(size=4)
self.FreeListHead = SINGLE_LIST_ENTRY()
self.CompletionPort = v_ptr64()
self.CompletionKey = v_ptr64()
self.Entry = vstruct.VArray([ ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY() for i in xrange(1) ])
[docs]class WHEA_PERSISTENCE_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint64()
[docs]class ETW_LAST_ENABLE_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.EnableFlags = LARGE_INTEGER()
self.LoggerId = v_uint16()
self.Level = v_uint8()
self.Enabled = v_uint8()
self._pad0010 = v_bytes(size=4)
[docs]class HEAP_VIRTUAL_ALLOC_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = LIST_ENTRY()
self.ExtraStuff = HEAP_ENTRY_EXTRA()
self.CommitSize = v_uint64()
self.ReserveSize = v_uint64()
self.BusyBlock = HEAP_ENTRY()
[docs]class VI_DEADLOCK_THREAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Thread = v_ptr64()
self.CurrentSpinNode = v_ptr64()
self.CurrentOtherNode = v_ptr64()
self.ListEntry = LIST_ENTRY()
self.NodeCount = v_uint32()
self.PagingCount = v_uint32()
self.ThreadUsesEresources = v_uint8()
self._pad0038 = v_bytes(size=7)
[docs]class PPM_PERF_STATES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.MaxFrequency = v_uint32()
self.PStateCap = v_uint32()
self.TStateCap = v_uint32()
self.MaxPerfState = v_uint32()
self.MinPerfState = v_uint32()
self.LowestPState = v_uint32()
self.IncreaseTime = v_uint32()
self.DecreaseTime = v_uint32()
self.BusyAdjThreshold = v_uint8()
self.Reserved = v_uint8()
self.ThrottleStatesOnly = v_uint8()
self.PolicyType = v_uint8()
self.TimerInterval = v_uint32()
self.Flags = _unnamed_27702()
self.TargetProcessors = KAFFINITY_EX()
self.PStateHandler = v_ptr64()
self.PStateContext = v_uint64()
self.TStateHandler = v_ptr64()
self.TStateContext = v_uint64()
self.FeedbackHandler = v_ptr64()
self.GetFFHThrottleState = v_ptr64()
self.State = vstruct.VArray([ PPM_PERF_STATE() for i in xrange(1) ])
class _unnamed_24097(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24098()
[docs]class GDI_TEB_BATCH32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Offset = v_uint32()
self.HDC = v_uint32()
self.Buffer = vstruct.VArray([ v_uint32() for i in xrange(310) ])
[docs]class ARBITER_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Parameters = _unnamed_27515()
[docs]class EXCEPTION_RECORD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionCode = v_uint32()
self.ExceptionFlags = v_uint32()
self.ExceptionRecord = v_ptr64()
self.ExceptionAddress = v_ptr64()
self.NumberParameters = v_uint32()
self._pad0020 = v_bytes(size=4)
self.ExceptionInformation = vstruct.VArray([ v_uint64() for i in xrange(15) ])
class _unnamed_23699(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SharedCacheMap = v_ptr64()
[docs]class MMPTE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u = _unnamed_21850()
[docs]class VI_DEADLOCK_NODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Parent = v_ptr64()
self.ChildrenList = LIST_ENTRY()
self.SiblingsList = LIST_ENTRY()
self.ResourceList = LIST_ENTRY()
self.Root = v_ptr64()
self.ThreadEntry = v_ptr64()
self.u1 = _unnamed_28937()
self.ChildrenCount = v_uint32()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
self.ParentStackTrace = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
[docs]class PROC_IDLE_STATE_BUCKET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TotalTime = v_uint64()
self.MinTime = v_uint64()
self.MaxTime = v_uint64()
self.Count = v_uint32()
self._pad0020 = v_bytes(size=4)
class _unnamed_24098(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReferenceCache = v_uint8()
[docs]class HEAP_STOP_ON_TAG(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HeapAndTagIndex = v_uint32()
[docs]class KPCR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NtTib = NT_TIB()
self.IdtBase = v_ptr64()
self.Unused = vstruct.VArray([ v_uint64() for i in xrange(2) ])
self.Irql = v_uint8()
self.SecondLevelCacheAssociativity = v_uint8()
self.ObsoleteNumber = v_uint8()
self.Fill0 = v_uint8()
self.Unused0 = vstruct.VArray([ v_uint32() for i in xrange(3) ])
self.MajorVersion = v_uint16()
self.MinorVersion = v_uint16()
self.StallScaleFactor = v_uint32()
self.Unused1 = vstruct.VArray([ v_ptr64() for i in xrange(3) ])
self.KernelReserved = vstruct.VArray([ v_uint32() for i in xrange(15) ])
self.SecondLevelCacheSize = v_uint32()
self.HalReserved = vstruct.VArray([ v_uint32() for i in xrange(16) ])
self.Unused2 = v_uint32()
self._pad0108 = v_bytes(size=4)
self.KdVersionBlock = v_ptr64()
self.Unused3 = v_ptr64()
self.PcrAlign1 = vstruct.VArray([ v_uint32() for i in xrange(24) ])
self._pad0180 = v_bytes(size=8)
self.Prcb = KPRCB()
[docs]class CM_KEY_INDEX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint16()
self.Count = v_uint16()
self.List = vstruct.VArray([ v_uint32() for i in xrange(1) ])
[docs]class RELATION_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.TagCount = v_uint32()
self.FirstLevel = v_uint32()
self.MaxLevel = v_uint32()
self.Entries = vstruct.VArray([ v_ptr64() for i in xrange(1) ])
[docs]class PI_RESOURCE_ARBITER_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceArbiterList = LIST_ENTRY()
self.ResourceType = v_uint8()
self._pad0018 = v_bytes(size=7)
self.ArbiterInterface = v_ptr64()
self.DeviceNode = v_ptr64()
self.ResourceList = LIST_ENTRY()
self.BestResourceList = LIST_ENTRY()
self.BestConfig = LIST_ENTRY()
self.ActiveArbiterList = LIST_ENTRY()
self.State = v_uint8()
self.ResourcesChanged = v_uint8()
self._pad0070 = v_bytes(size=6)
class _unnamed_26939(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.VetoType = v_uint32()
self.DeviceIdVetoNameBuffer = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0008 = v_bytes(size=2)
class _unnamed_26936(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NotificationCode = v_uint32()
self.NotificationData = v_uint32()
class _unnamed_21404(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PowerState = v_uint32()
class _unnamed_26934(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Notification = v_ptr64()
[docs]class TOKEN_SOURCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SourceName = vstruct.VArray([ v_uint8() for i in xrange(8) ])
self.SourceIdentifier = LUID()
class _unnamed_25968(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceClass = _unnamed_26924()
self._pad0020 = v_bytes(size=12)
class _unnamed_22291(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NumberOfSystemCacheViews = v_uint32()
self.WritableUserReferences = v_uint32()
self.SubsectionRoot = v_ptr64()
class _unnamed_26931(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NotificationStructure = v_ptr64()
self.DeviceIds = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0010 = v_bytes(size=6)
[docs]class TRACE_ENABLE_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LoggerId = v_uint16()
self.Level = v_uint8()
self.InternalFlag = v_uint8()
self.EnableFlags = v_uint32()
class _unnamed_27360(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CellData = CELL_DATA()
[docs]class PEB_LDR_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self.Initialized = v_uint8()
self._pad0008 = v_bytes(size=3)
self.SsHandle = v_ptr64()
self.InLoadOrderModuleList = LIST_ENTRY()
self.InMemoryOrderModuleList = LIST_ENTRY()
self.InInitializationOrderModuleList = LIST_ENTRY()
self.EntryInProgress = v_ptr64()
self.ShutdownInProgress = v_uint8()
self._pad0050 = v_bytes(size=7)
self.ShutdownThreadId = v_ptr64()
[docs]class DBGKD_WRITE_BREAKPOINT64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakPointAddress = v_uint64()
self.BreakPointHandle = v_uint32()
self._pad0010 = v_bytes(size=4)
class _unnamed_21271(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Vpb = v_ptr64()
self.DeviceObject = v_ptr64()
[docs]class DIAGNOSTIC_BUFFER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint64()
self.CallerType = v_uint32()
self._pad0010 = v_bytes(size=4)
self.ProcessImageNameOffset = v_uint64()
self.ProcessId = v_uint32()
self.ServiceTag = v_uint32()
self.ReasonOffset = v_uint64()
[docs]class MM_PAGE_ACCESS_INFO_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.File = _unnamed_25217()
[docs]class SECURITY_SUBJECT_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ClientToken = v_ptr64()
self.ImpersonationLevel = v_uint32()
self._pad0010 = v_bytes(size=4)
self.PrimaryToken = v_ptr64()
self.ProcessAuditId = v_ptr64()
class _unnamed_22464(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Balance = v_uint64()
[docs]class X86_DBGKD_CONTROL_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TraceFlag = v_uint32()
self.Dr7 = v_uint32()
self.CurrentSymbolStart = v_uint32()
self.CurrentSymbolEnd = v_uint32()
[docs]class PROFILE_PARAMETER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Status = v_uint16()
self.Reserved = v_uint16()
self.DockingState = v_uint16()
self.Capabilities = v_uint16()
self.DockID = v_uint32()
self.SerialNumber = v_uint32()
[docs]class ALPC_MESSAGE_ATTRIBUTES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AllocatedAttributes = v_uint32()
self.ValidAttributes = v_uint32()
[docs]class POP_THERMAL_ZONE_METRICS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MetricsResource = ERESOURCE()
self.ActiveCount = v_uint32()
self.PassiveCount = v_uint32()
self.LastActiveStartTick = LARGE_INTEGER()
self.AverageActiveTime = LARGE_INTEGER()
self.LastPassiveStartTick = LARGE_INTEGER()
self.AveragePassiveTime = LARGE_INTEGER()
self.StartTickSinceLastReset = LARGE_INTEGER()
[docs]class PCW_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Data = v_ptr64()
self.Size = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class DEVICE_RELATIONS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Objects = vstruct.VArray([ v_ptr64() for i in xrange(1) ])
[docs]class ETW_PROVIDER_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RefCount = v_uint32()
self.State = v_uint32()
self.RegEntry = v_ptr64()
self.Caller = v_ptr64()
[docs]class MMSUBSECTION_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SubsectionAccessed = v_uint16()
self.SubsectionStatic = v_uint16()
[docs]class INTERFACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint16()
self.Version = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Context = v_ptr64()
self.InterfaceReference = v_ptr64()
self.InterfaceDereference = v_ptr64()
[docs]class STRING32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint16()
self.MaximumLength = v_uint16()
self.Buffer = v_uint32()
[docs]class WMI_LOGGER_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LoggerId = v_uint32()
self.BufferSize = v_uint32()
self.MaximumEventSize = v_uint32()
self.CollectionOn = v_uint32()
self.LoggerMode = v_uint32()
self.AcceptNewEvents = v_uint32()
self.GetCpuClock = v_ptr64()
self.StartTime = LARGE_INTEGER()
self.LogFileHandle = v_ptr64()
self.LoggerThread = v_ptr64()
self.LoggerStatus = v_uint32()
self._pad0040 = v_bytes(size=4)
self.NBQHead = v_ptr64()
self.OverflowNBQHead = v_ptr64()
self.QueueBlockFreeList = SLIST_HEADER()
self.GlobalList = LIST_ENTRY()
self.BatchedBufferList = v_ptr64()
self.LoggerName = UNICODE_STRING()
self.LogFileName = UNICODE_STRING()
self.LogFilePattern = UNICODE_STRING()
self.NewLogFileName = UNICODE_STRING()
self.ClockType = v_uint32()
self.MaximumFileSize = v_uint32()
self.LastFlushedBuffer = v_uint32()
self.FlushTimer = v_uint32()
self.FlushThreshold = v_uint32()
self._pad00d0 = v_bytes(size=4)
self.ByteOffset = LARGE_INTEGER()
self.MinimumBuffers = v_uint32()
self.BuffersAvailable = v_uint32()
self.NumberOfBuffers = v_uint32()
self.MaximumBuffers = v_uint32()
self.EventsLost = v_uint32()
self.BuffersWritten = v_uint32()
self.LogBuffersLost = v_uint32()
self.RealTimeBuffersDelivered = v_uint32()
self.RealTimeBuffersLost = v_uint32()
self._pad0100 = v_bytes(size=4)
self.SequencePtr = v_ptr64()
self.LocalSequence = v_uint32()
self.InstanceGuid = GUID()
self.FileCounter = v_uint32()
self.BufferCallback = v_ptr64()
self.PoolType = v_uint32()
self._pad0130 = v_bytes(size=4)
self.ReferenceTime = ETW_REF_CLOCK()
self.Consumers = LIST_ENTRY()
self.NumConsumers = v_uint32()
self._pad0158 = v_bytes(size=4)
self.TransitionConsumer = v_ptr64()
self.RealtimeLogfileHandle = v_ptr64()
self.RealtimeLogfileName = UNICODE_STRING()
self.RealtimeWriteOffset = LARGE_INTEGER()
self.RealtimeReadOffset = LARGE_INTEGER()
self.RealtimeLogfileSize = LARGE_INTEGER()
self.RealtimeLogfileUsage = v_uint64()
self.RealtimeMaximumFileSize = v_uint64()
self.RealtimeBuffersSaved = v_uint32()
self._pad01a8 = v_bytes(size=4)
self.RealtimeReferenceTime = ETW_REF_CLOCK()
self.NewRTEventsLost = v_uint32()
self._pad01c0 = v_bytes(size=4)
self.LoggerEvent = KEVENT()
self.FlushEvent = KEVENT()
self.FlushTimeOutTimer = KTIMER()
self.FlushDpc = KDPC()
self.LoggerMutex = KMUTANT()
self.LoggerLock = EX_PUSH_LOCK()
self.BufferListSpinLock = v_uint64()
self.ClientSecurityContext = SECURITY_CLIENT_CONTEXT()
self.SecurityDescriptor = EX_FAST_REF()
self.BufferSequenceNumber = v_uint64()
self.Flags = v_uint32()
self.RequestFlag = v_uint32()
self.HookIdMap = RTL_BITMAP()
self._pad0330 = v_bytes(size=8)
[docs]class IO_STACK_LOCATION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MajorFunction = v_uint8()
self.MinorFunction = v_uint8()
self.Flags = v_uint8()
self.Control = v_uint8()
self._pad0008 = v_bytes(size=4)
self.Parameters = _unnamed_21040()
self.DeviceObject = v_ptr64()
self.FileObject = v_ptr64()
self.CompletionRoutine = v_ptr64()
self.Context = v_ptr64()
[docs]class DBGKD_READ_WRITE_MSR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Msr = v_uint32()
self.DataValueLow = v_uint32()
self.DataValueHigh = v_uint32()
[docs]class ARBITER_QUERY_CONFLICT_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PhysicalDeviceObject = v_ptr64()
self.ConflictingResource = v_ptr64()
self.ConflictCount = v_ptr64()
self.Conflicts = v_ptr64()
class _unnamed_27931(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ResourceToRelease = v_ptr64()
[docs]class IMAGE_DATA_DIRECTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.VirtualAddress = v_uint32()
self.Size = v_uint32()
[docs]class FILE_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self._pad0008 = v_bytes(size=4)
self.DeviceObject = v_ptr64()
self.Vpb = v_ptr64()
self.FsContext = v_ptr64()
self.FsContext2 = v_ptr64()
self.SectionObjectPointer = v_ptr64()
self.PrivateCacheMap = v_ptr64()
self.FinalStatus = v_uint32()
self._pad0040 = v_bytes(size=4)
self.RelatedFileObject = v_ptr64()
self.LockOperation = v_uint8()
self.DeletePending = v_uint8()
self.ReadAccess = v_uint8()
self.WriteAccess = v_uint8()
self.DeleteAccess = v_uint8()
self.SharedRead = v_uint8()
self.SharedWrite = v_uint8()
self.SharedDelete = v_uint8()
self.Flags = v_uint32()
self._pad0058 = v_bytes(size=4)
self.FileName = UNICODE_STRING()
self.CurrentByteOffset = LARGE_INTEGER()
self.Waiters = v_uint32()
self.Busy = v_uint32()
self.LastLock = v_ptr64()
self.Lock = KEVENT()
self.Event = KEVENT()
self.CompletionContext = v_ptr64()
self.IrpListLock = v_uint64()
self.IrpList = LIST_ENTRY()
self.FileObjectExtension = v_ptr64()
[docs]class PPM_IDLE_STATES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.Flags = _unnamed_25467()
self.TargetState = v_uint32()
self.ActualState = v_uint32()
self.OldState = v_uint32()
self._pad0018 = v_bytes(size=4)
self.TargetProcessors = KAFFINITY_EX()
self.State = vstruct.VArray([ PPM_IDLE_STATE() for i in xrange(1) ])
[docs]class MMWSLE_HASH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Index = v_uint32()
class _unnamed_27702(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AsULONG = v_uint32()
[docs]class MMPTE_PROTOTYPE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Valid = v_uint64()
[docs]class VF_TARGET_DRIVER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TreeNode = VF_AVL_TREE_NODE()
self.u1 = _unnamed_26860()
self.VerifiedData = v_ptr64()
[docs]class KENLISTMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.cookie = v_uint32()
self._pad0008 = v_bytes(size=4)
self.NamespaceLink = KTMOBJECT_NAMESPACE_LINK()
self.EnlistmentId = GUID()
self.Mutex = KMUTANT()
self.NextSameTx = LIST_ENTRY()
self.NextSameRm = LIST_ENTRY()
self.ResourceManager = v_ptr64()
self.Transaction = v_ptr64()
self.State = v_uint32()
self.Flags = v_uint32()
self.NotificationMask = v_uint32()
self._pad00b8 = v_bytes(size=4)
self.Key = v_ptr64()
self.KeyRefCount = v_uint32()
self._pad00c8 = v_bytes(size=4)
self.RecoveryInformation = v_ptr64()
self.RecoveryInformationLength = v_uint32()
self._pad00d8 = v_bytes(size=4)
self.DynamicNameInformation = v_ptr64()
self.DynamicNameInformationLength = v_uint32()
self._pad00e8 = v_bytes(size=4)
self.FinalNotification = v_ptr64()
self.SupSubEnlistment = v_ptr64()
self.SupSubEnlHandle = v_ptr64()
self.SubordinateTxHandle = v_ptr64()
self.CrmEnlistmentEnId = GUID()
self.CrmEnlistmentTmId = GUID()
self.CrmEnlistmentRmId = GUID()
self.NextHistory = v_uint32()
self.History = vstruct.VArray([ KENLISTMENT_HISTORY() for i in xrange(20) ])
self._pad01e0 = v_bytes(size=4)
[docs]class HEAP_SUBSEGMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LocalInfo = v_ptr64()
self.UserBlocks = v_ptr64()
self.AggregateExchg = INTERLOCK_SEQ()
self.BlockSize = v_uint16()
self.Flags = v_uint16()
self.BlockCount = v_uint16()
self.SizeIndex = v_uint8()
self.AffinityIndex = v_uint8()
self.SFreeListEntry = SINGLE_LIST_ENTRY()
self.Lock = v_uint32()
self._pad0030 = v_bytes(size=4)
[docs]class ERESOURCE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SystemResourcesList = LIST_ENTRY()
self.OwnerTable = v_ptr64()
self.ActiveCount = v_uint16()
self.Flag = v_uint16()
self._pad0020 = v_bytes(size=4)
self.SharedWaiters = v_ptr64()
self.ExclusiveWaiters = v_ptr64()
self.OwnerEntry = OWNER_ENTRY()
self.ActiveEntries = v_uint32()
self.ContentionCount = v_uint32()
self.NumberOfSharedWaiters = v_uint32()
self.NumberOfExclusiveWaiters = v_uint32()
self.Reserved2 = v_ptr64()
self.Address = v_ptr64()
self.SpinLock = v_uint64()
[docs]class SUBSECTION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ControlArea = v_ptr64()
self.SubsectionBase = v_ptr64()
self.NextSubsection = v_ptr64()
self.PtesInSubsection = v_uint32()
self._pad0020 = v_bytes(size=4)
self.UnusedPtes = v_uint32()
self._pad0028 = v_bytes(size=4)
self.u = _unnamed_22448()
self.StartingSector = v_uint32()
self.NumberOfFullSectors = v_uint32()
self._pad0038 = v_bytes(size=4)
[docs]class CM_WORKITEM(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.Private = v_uint32()
self._pad0018 = v_bytes(size=4)
self.WorkerRoutine = v_ptr64()
self.Parameter = v_ptr64()
[docs]class KGUARDED_MUTEX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Owner = v_ptr64()
self.Contention = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Gate = KGATE()
self.KernelApcDisable = v_uint16()
self.SpecialApcDisable = v_uint16()
self._pad0038 = v_bytes(size=4)
[docs]class DBGKD_SET_CONTEXT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ContextFlags = v_uint32()
[docs]class HEADLESS_LOADER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UsedBiosSettings = v_uint8()
self.DataBits = v_uint8()
self.StopBits = v_uint8()
self.Parity = v_uint8()
self.BaudRate = v_uint32()
self.PortNumber = v_uint32()
self._pad0010 = v_bytes(size=4)
self.PortAddress = v_ptr64()
self.PciDeviceId = v_uint16()
self.PciVendorId = v_uint16()
self.PciBusNumber = v_uint8()
self._pad001e = v_bytes(size=1)
self.PciBusSegment = v_uint16()
self.PciSlotNumber = v_uint8()
self.PciFunctionNumber = v_uint8()
self._pad0024 = v_bytes(size=2)
self.PciFlags = v_uint32()
self.SystemGUID = GUID()
self.IsMMIODevice = v_uint8()
self.TerminalType = v_uint8()
self._pad0040 = v_bytes(size=6)
[docs]class KALPC_REGION(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.RegionListEntry = LIST_ENTRY()
self.Section = v_ptr64()
self.Offset = v_uint64()
self.Size = v_uint64()
self.ViewSize = v_uint64()
self.u1 = _unnamed_24191()
self.NumberOfViews = v_uint32()
self.ViewListHead = LIST_ENTRY()
self.ReadOnlyView = v_ptr64()
self.ReadWriteView = v_ptr64()
[docs]class POOL_BLOCK_HEAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Header = POOL_HEADER()
self.List = LIST_ENTRY()
[docs]class TEB32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NtTib = NT_TIB32()
self.EnvironmentPointer = v_uint32()
self.ClientId = CLIENT_ID32()
self.ActiveRpcHandle = v_uint32()
self.ThreadLocalStoragePointer = v_uint32()
self.ProcessEnvironmentBlock = v_uint32()
self.LastErrorValue = v_uint32()
self.CountOfOwnedCriticalSections = v_uint32()
self.CsrClientThread = v_uint32()
self.Win32ThreadInfo = v_uint32()
self.User32Reserved = vstruct.VArray([ v_uint32() for i in xrange(26) ])
self.UserReserved = vstruct.VArray([ v_uint32() for i in xrange(5) ])
self.WOW32Reserved = v_uint32()
self.CurrentLocale = v_uint32()
self.FpSoftwareStatusRegister = v_uint32()
self.SystemReserved1 = vstruct.VArray([ v_uint32() for i in xrange(54) ])
self.ExceptionCode = v_uint32()
self.ActivationContextStackPointer = v_uint32()
self.SpareBytes = vstruct.VArray([ v_uint8() for i in xrange(36) ])
self.TxFsContext = v_uint32()
self.GdiTebBatch = GDI_TEB_BATCH32()
self.RealClientId = CLIENT_ID32()
self.GdiCachedProcessHandle = v_uint32()
self.GdiClientPID = v_uint32()
self.GdiClientTID = v_uint32()
self.GdiThreadLocalInfo = v_uint32()
self.Win32ClientInfo = vstruct.VArray([ v_uint32() for i in xrange(62) ])
self.glDispatchTable = vstruct.VArray([ v_uint32() for i in xrange(233) ])
self.glReserved1 = vstruct.VArray([ v_uint32() for i in xrange(29) ])
self.glReserved2 = v_uint32()
self.glSectionInfo = v_uint32()
self.glSection = v_uint32()
self.glTable = v_uint32()
self.glCurrentRC = v_uint32()
self.glContext = v_uint32()
self.LastStatusValue = v_uint32()
self.StaticUnicodeString = STRING32()
self.StaticUnicodeBuffer = vstruct.VArray([ v_uint16() for i in xrange(261) ])
self._pad0e0c = v_bytes(size=2)
self.DeallocationStack = v_uint32()
self.TlsSlots = vstruct.VArray([ v_uint32() for i in xrange(64) ])
self.TlsLinks = LIST_ENTRY32()
self.Vdm = v_uint32()
self.ReservedForNtRpc = v_uint32()
self.DbgSsReserved = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.HardErrorMode = v_uint32()
self.Instrumentation = vstruct.VArray([ v_uint32() for i in xrange(9) ])
self.ActivityId = GUID()
self.SubProcessTag = v_uint32()
self.EtwLocalData = v_uint32()
self.EtwTraceData = v_uint32()
self.WinSockData = v_uint32()
self.GdiBatchCount = v_uint32()
self.CurrentIdealProcessor = PROCESSOR_NUMBER()
self.GuaranteedStackBytes = v_uint32()
self.ReservedForPerf = v_uint32()
self.ReservedForOle = v_uint32()
self.WaitingOnLoaderLock = v_uint32()
self.SavedPriorityState = v_uint32()
self.SoftPatchPtr1 = v_uint32()
self.ThreadPoolData = v_uint32()
self.TlsExpansionSlots = v_uint32()
self.MuiGeneration = v_uint32()
self.IsImpersonating = v_uint32()
self.NlsCache = v_uint32()
self.pShimData = v_uint32()
self.HeapVirtualAffinity = v_uint32()
self.CurrentTransactionHandle = v_uint32()
self.ActiveFrame = v_uint32()
self.FlsData = v_uint32()
self.PreferredLanguages = v_uint32()
self.UserPrefLanguages = v_uint32()
self.MergedPrefLanguages = v_uint32()
self.MuiImpersonation = v_uint32()
self.CrossTebFlags = v_uint16()
self.SameTebFlags = v_uint16()
self.TxnScopeEnterCallback = v_uint32()
self.TxnScopeExitCallback = v_uint32()
self.TxnScopeContext = v_uint32()
self.LockCount = v_uint32()
self.SpareUlong0 = v_uint32()
self.ResourceRetValue = v_uint32()
[docs]class PEB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InheritedAddressSpace = v_uint8()
self.ReadImageFileExecOptions = v_uint8()
self.BeingDebugged = v_uint8()
self.BitField = v_uint8()
self._pad0008 = v_bytes(size=4)
self.Mutant = v_ptr64()
self.ImageBaseAddress = v_ptr64()
self.Ldr = v_ptr64()
self.ProcessParameters = v_ptr64()
self.SubSystemData = v_ptr64()
self.ProcessHeap = v_ptr64()
self.FastPebLock = v_ptr64()
self.AtlThunkSListPtr = v_ptr64()
self.IFEOKey = v_ptr64()
self.CrossProcessFlags = v_uint32()
self._pad0058 = v_bytes(size=4)
self.KernelCallbackTable = v_ptr64()
self.SystemReserved = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.AtlThunkSListPtr32 = v_uint32()
self.ApiSetMap = v_ptr64()
self.TlsExpansionCounter = v_uint32()
self._pad0078 = v_bytes(size=4)
self.TlsBitmap = v_ptr64()
self.TlsBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.ReadOnlySharedMemoryBase = v_ptr64()
self.HotpatchInformation = v_ptr64()
self.ReadOnlyStaticServerData = v_ptr64()
self.AnsiCodePageData = v_ptr64()
self.OemCodePageData = v_ptr64()
self.UnicodeCaseTableData = v_ptr64()
self.NumberOfProcessors = v_uint32()
self.NtGlobalFlag = v_uint32()
self.CriticalSectionTimeout = LARGE_INTEGER()
self.HeapSegmentReserve = v_uint64()
self.HeapSegmentCommit = v_uint64()
self.HeapDeCommitTotalFreeThreshold = v_uint64()
self.HeapDeCommitFreeBlockThreshold = v_uint64()
self.NumberOfHeaps = v_uint32()
self.MaximumNumberOfHeaps = v_uint32()
self.ProcessHeaps = v_ptr64()
self.GdiSharedHandleTable = v_ptr64()
self.ProcessStarterHelper = v_ptr64()
self.GdiDCAttributeList = v_uint32()
self._pad0110 = v_bytes(size=4)
self.LoaderLock = v_ptr64()
self.OSMajorVersion = v_uint32()
self.OSMinorVersion = v_uint32()
self.OSBuildNumber = v_uint16()
self.OSCSDVersion = v_uint16()
self.OSPlatformId = v_uint32()
self.ImageSubsystem = v_uint32()
self.ImageSubsystemMajorVersion = v_uint32()
self.ImageSubsystemMinorVersion = v_uint32()
self._pad0138 = v_bytes(size=4)
self.ActiveProcessAffinityMask = v_uint64()
self.GdiHandleBuffer = vstruct.VArray([ v_uint32() for i in xrange(60) ])
self.PostProcessInitRoutine = v_ptr64()
self.TlsExpansionBitmap = v_ptr64()
self.TlsExpansionBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(32) ])
self.SessionId = v_uint32()
self._pad02c8 = v_bytes(size=4)
self.AppCompatFlags = ULARGE_INTEGER()
self.AppCompatFlagsUser = ULARGE_INTEGER()
self.pShimData = v_ptr64()
self.AppCompatInfo = v_ptr64()
self.CSDVersion = UNICODE_STRING()
self.ActivationContextData = v_ptr64()
self.ProcessAssemblyStorageMap = v_ptr64()
self.SystemDefaultActivationContextData = v_ptr64()
self.SystemAssemblyStorageMap = v_ptr64()
self.MinimumStackCommit = v_uint64()
self.FlsCallback = v_ptr64()
self.FlsListHead = LIST_ENTRY()
self.FlsBitmap = v_ptr64()
self.FlsBitmapBits = vstruct.VArray([ v_uint32() for i in xrange(4) ])
self.FlsHighIndex = v_uint32()
self._pad0358 = v_bytes(size=4)
self.WerRegistrationData = v_ptr64()
self.WerShipAssertPtr = v_ptr64()
self.pContextData = v_ptr64()
self.pImageHeaderHash = v_ptr64()
self.TracingFlags = v_uint32()
self._pad0380 = v_bytes(size=4)
[docs]class CHILD_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint32()
self.List = v_uint32()
[docs]class TP_TASK_CALLBACKS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExecuteCallback = v_ptr64()
self.Unposted = v_ptr64()
[docs]class RTL_BALANCED_LINKS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Parent = v_ptr64()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.Balance = v_uint8()
self.Reserved = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self._pad0020 = v_bytes(size=4)
[docs]class DBGKD_ANY_CONTROL_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.X86ControlSet = X86_DBGKD_CONTROL_SET()
self._pad001c = v_bytes(size=12)
class _unnamed_23140(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NextResourceDeviceNode = v_ptr64()
class _unnamed_23141(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DockStatus = v_uint32()
self._pad0008 = v_bytes(size=4)
self.ListEntry = LIST_ENTRY()
self.SerialNumber = v_ptr64()
[docs]class KENLISTMENT_HISTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Notification = v_uint32()
self.NewState = v_uint32()
[docs]class ARBITER_INTERFACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Size = v_uint16()
self.Version = v_uint16()
self._pad0008 = v_bytes(size=4)
self.Context = v_ptr64()
self.InterfaceReference = v_ptr64()
self.InterfaceDereference = v_ptr64()
self.ArbiterHandler = v_ptr64()
self.Flags = v_uint32()
self._pad0030 = v_bytes(size=4)
[docs]class MI_SECTION_CREATION_GATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Next = v_ptr64()
self.Gate = KGATE()
[docs]class OBJECT_DIRECTORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HashBuckets = vstruct.VArray([ v_ptr64() for i in xrange(37) ])
self.Lock = EX_PUSH_LOCK()
self.DeviceMap = v_ptr64()
self.SessionId = v_uint32()
self._pad0140 = v_bytes(size=4)
self.NamespaceEntry = v_ptr64()
self.Flags = v_uint32()
self._pad0150 = v_bytes(size=4)
[docs]class MI_SPECIAL_POOL_PTE_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.FreePteHead = MMPTE()
self.FreePteTail = MMPTE()
[docs]class EX_PUSH_LOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Locked = v_uint64()
[docs]class KSTACK_COUNT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Value = v_uint32()
[docs]class MI_PAGEFILE_TRACES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Status = v_uint32()
self.Priority = v_uint8()
self.IrpPriority = v_uint8()
self._pad0008 = v_bytes(size=2)
self.CurrentTime = LARGE_INTEGER()
self.AvailablePages = v_uint64()
self.ModifiedPagesTotal = v_uint64()
self.ModifiedPagefilePages = v_uint64()
self.ModifiedNoWritePages = v_uint64()
self.MdlHack = _unnamed_22477()
class _unnamed_21362(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IoResourceRequirementList = v_ptr64()
class _unnamed_27387(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IdleTime = v_uint32()
self.NonIdleTime = v_uint32()
[docs]class PPM_PERF_STATE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Frequency = v_uint32()
self.Power = v_uint32()
self.PercentFrequency = v_uint8()
self.IncreaseLevel = v_uint8()
self.DecreaseLevel = v_uint8()
self.Type = v_uint8()
self._pad0010 = v_bytes(size=4)
self.Control = v_uint64()
self.Status = v_uint64()
self.TotalHitCount = v_uint32()
self.DesiredCount = v_uint32()
class _unnamed_21365(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WhichSpace = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Buffer = v_ptr64()
self.Offset = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Length = v_uint32()
self._pad0020 = v_bytes(size=4)
[docs]class HEAP_SEGMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = HEAP_ENTRY()
self.SegmentSignature = v_uint32()
self.SegmentFlags = v_uint32()
self.SegmentListEntry = LIST_ENTRY()
self.Heap = v_ptr64()
self.BaseAddress = v_ptr64()
self.NumberOfPages = v_uint32()
self._pad0040 = v_bytes(size=4)
self.FirstEntry = v_ptr64()
self.LastValidEntry = v_ptr64()
self.NumberOfUnCommittedPages = v_uint32()
self.NumberOfUnCommittedRanges = v_uint32()
self.SegmentAllocatorBackTraceIndex = v_uint16()
self.Reserved = v_uint16()
self._pad0060 = v_bytes(size=4)
self.UCRSegmentList = LIST_ENTRY()
class _unnamed_21240(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.OutputBufferLength = v_uint32()
self._pad0008 = v_bytes(size=4)
self.InputBufferLength = v_uint32()
self._pad0010 = v_bytes(size=4)
self.FsControlCode = v_uint32()
self._pad0018 = v_bytes(size=4)
self.Type3InputBuffer = v_ptr64()
[docs]class EVENT_DESCRIPTOR(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Id = v_uint16()
self.Version = v_uint8()
self.Channel = v_uint8()
self.Level = v_uint8()
self.Opcode = v_uint8()
self.Task = v_uint16()
self.Keyword = v_uint64()
[docs]class CM_VIEW_OF_FILE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MappedViewLinks = LIST_ENTRY()
self.PinnedViewLinks = LIST_ENTRY()
self.FlushedViewLinks = LIST_ENTRY()
self.CmHive = v_ptr64()
self.Bcb = v_ptr64()
self.ViewAddress = v_ptr64()
self.FileOffset = v_uint32()
self.Size = v_uint32()
self.UseCount = v_uint32()
self._pad0058 = v_bytes(size=4)
[docs]class PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CapturedCpuShareWeight = v_uint32()
self.CapturedTotalWeight = v_uint32()
[docs]class PO_DEVICE_NOTIFY_ORDER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Locked = v_uint8()
self._pad0008 = v_bytes(size=7)
self.WarmEjectPdoPointer = v_ptr64()
self.OrderLevel = vstruct.VArray([ PO_NOTIFY_ORDER_LEVEL() for i in xrange(9) ])
[docs]class RTL_ATOM_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint32()
self._pad0008 = v_bytes(size=4)
self.CriticalSection = RTL_CRITICAL_SECTION()
self.RtlHandleTable = RTL_HANDLE_TABLE()
self.NumberOfBuckets = v_uint32()
self._pad0068 = v_bytes(size=4)
self.Buckets = vstruct.VArray([ v_ptr64() for i in xrange(1) ])
[docs]class MMSECURE_FLAGS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ReadOnly = v_uint32()
[docs]class DBGKD_WRITE_MEMORY64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TargetBaseAddress = v_uint64()
self.TransferCount = v_uint32()
self.ActualBytesWritten = v_uint32()
class _unnamed_24194(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Secure = v_uint32()
[docs]class LIST_ENTRY64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flink = v_uint64()
self.Blink = v_uint64()
[docs]class VACB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BaseAddress = v_ptr64()
self.SharedCacheMap = v_ptr64()
self.Overlay = _unnamed_23643()
self.Links = LIST_ENTRY()
self.ArrayHead = v_ptr64()
[docs]class WAIT_CONTEXT_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WaitQueueEntry = KDEVICE_QUEUE_ENTRY()
self.DeviceRoutine = v_ptr64()
self.DeviceContext = v_ptr64()
self.NumberOfMapRegisters = v_uint32()
self._pad0030 = v_bytes(size=4)
self.DeviceObject = v_ptr64()
self.CurrentIrp = v_ptr64()
self.BufferChainingDpc = v_ptr64()
[docs]class CM_KEY_NODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint16()
self.Flags = v_uint16()
self.LastWriteTime = LARGE_INTEGER()
self.Spare = v_uint32()
self.Parent = v_uint32()
self.SubKeyCounts = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.SubKeyLists = vstruct.VArray([ v_uint32() for i in xrange(2) ])
self.ValueList = CHILD_LIST()
self.Security = v_uint32()
self.Class = v_uint32()
self.MaxNameLen = v_uint32()
self.MaxClassLen = v_uint32()
self.MaxValueNameLen = v_uint32()
self.MaxValueDataLen = v_uint32()
self.WorkVar = v_uint32()
self.NameLength = v_uint16()
self.ClassLength = v_uint16()
self.Name = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0050 = v_bytes(size=2)
class _unnamed_22354(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.IoStatus = IO_STATUS_BLOCK()
[docs]class SE_AUDIT_PROCESS_CREATION_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ImageFileName = v_ptr64()
[docs]class ACTIVATION_CONTEXT_STACK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ActiveFrame = v_ptr64()
self.FrameListCache = LIST_ENTRY()
self.Flags = v_uint32()
self.NextCookieSequenceNumber = v_uint32()
self.StackId = v_uint32()
self._pad0028 = v_bytes(size=4)
[docs]class KRESOURCEMANAGER_COMPLETION_BINDING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NotificationListHead = LIST_ENTRY()
self.Port = v_ptr64()
self.Key = v_uint64()
self.BindingProcess = v_ptr64()
[docs]class LDR_DATA_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.InLoadOrderLinks = LIST_ENTRY()
self.InMemoryOrderLinks = LIST_ENTRY()
self.InInitializationOrderLinks = LIST_ENTRY()
self.DllBase = v_ptr64()
self.EntryPoint = v_ptr64()
self.SizeOfImage = v_uint32()
self._pad0048 = v_bytes(size=4)
self.FullDllName = UNICODE_STRING()
self.BaseDllName = UNICODE_STRING()
self.Flags = v_uint32()
self.LoadCount = v_uint16()
self.TlsIndex = v_uint16()
self.HashLinks = LIST_ENTRY()
self.TimeDateStamp = v_uint32()
self._pad0088 = v_bytes(size=4)
self.EntryPointActivationContext = v_ptr64()
self.PatchInformation = v_ptr64()
self.ForwarderLinks = LIST_ENTRY()
self.ServiceTagLinks = LIST_ENTRY()
self.StaticLinks = LIST_ENTRY()
self.ContextInformation = v_ptr64()
self.OriginalBase = v_uint64()
self.LoadTime = LARGE_INTEGER()
[docs]class SEP_AUDIT_POLICY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AdtTokenPolicy = TOKEN_AUDIT_POLICY()
self.PolicySetStatus = v_uint8()
class _unnamed_26871(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SnapSharedExportsFailed = v_uint32()
[docs]class EX_RUNDOWN_REF(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint64()
class _unnamed_24044(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24046()
[docs]class CM_NOTIFY_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HiveList = LIST_ENTRY()
self.PostList = LIST_ENTRY()
self.KeyControlBlock = v_ptr64()
self.KeyBody = v_ptr64()
self.Filter = v_uint32()
self._pad0038 = v_bytes(size=4)
self.SubjectContext = SECURITY_SUBJECT_CONTEXT()
class _unnamed_24046(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DataLength = v_uint16()
self.TotalLength = v_uint16()
[docs]class PO_IRP_MANAGER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.DeviceIrpQueue = PO_IRP_QUEUE()
self.SystemIrpQueue = PO_IRP_QUEUE()
class _unnamed_24191(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_24194()
[docs]class CM_BIG_DATA(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Signature = v_uint16()
self.Count = v_uint16()
self.List = v_uint32()
[docs]class MMWSLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_22182()
class _unnamed_19930(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Depth = v_uint64()
self.HeaderType = v_uint64()
[docs]class PO_DIAG_STACK_RECORD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StackDepth = v_uint32()
self._pad0008 = v_bytes(size=4)
self.Stack = vstruct.VArray([ v_ptr64() for i in xrange(1) ])
class _unnamed_22395(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LongFlags2 = v_uint32()
class _unnamed_27537(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.s1 = _unnamed_29211()
[docs]class DBGKD_FILL_MEMORY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Address = v_uint64()
self.Length = v_uint32()
self.Flags = v_uint16()
self.PatternLength = v_uint16()
[docs]class CM_KEY_SECURITY_CACHE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Cell = v_uint32()
self._pad0008 = v_bytes(size=4)
self.CachedSecurity = v_ptr64()
[docs]class MMADDRESS_NODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.u1 = _unnamed_22363()
self.LeftChild = v_ptr64()
self.RightChild = v_ptr64()
self.StartingVpn = v_uint64()
self.EndingVpn = v_uint64()
[docs]class TXN_PARAMETER_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint16()
self.TxFsContext = v_uint16()
self._pad0008 = v_bytes(size=4)
self.TransactionObject = v_ptr64()
[docs]class KALPC_MESSAGE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = LIST_ENTRY()
self.ExtensionBuffer = v_ptr64()
self.ExtensionBufferSize = v_uint64()
self.QuotaProcess = v_ptr64()
self.SequenceNo = v_uint32()
self.u1 = _unnamed_24321()
self.CancelSequencePort = v_ptr64()
self.CancelQueuePort = v_ptr64()
self.CancelSequenceNo = v_uint32()
self._pad0048 = v_bytes(size=4)
self.CancelListEntry = LIST_ENTRY()
self.WaitingThread = v_ptr64()
self.Reserve = v_ptr64()
self.PortQueue = v_ptr64()
self.OwnerPort = v_ptr64()
self.MessageAttributes = KALPC_MESSAGE_ATTRIBUTES()
self.DataUserVa = v_ptr64()
self.DataSystemVa = v_ptr64()
self.CommunicationInfo = v_ptr64()
self.ConnectionPort = v_ptr64()
self.ServerThread = v_ptr64()
self.PortMessage = PORT_MESSAGE()
[docs]class ARBITER_ORDERING(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Start = v_uint64()
self.End = v_uint64()
[docs]class MMVIEW(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Entry = v_uint64()
self.Writable = v_uint64()
self.ViewLinks = LIST_ENTRY()
self.SessionViewVa = v_ptr64()
self.SessionId = v_uint32()
self._pad0030 = v_bytes(size=4)
[docs]class EXCEPTION_RECORD32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionCode = v_uint32()
self.ExceptionFlags = v_uint32()
self.ExceptionRecord = v_uint32()
self.ExceptionAddress = v_uint32()
self.NumberParameters = v_uint32()
self.ExceptionInformation = vstruct.VArray([ v_uint32() for i in xrange(15) ])
[docs]class ETW_GUID_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.GuidList = LIST_ENTRY()
self.RefCount = v_uint32()
self.Guid = GUID()
self._pad0028 = v_bytes(size=4)
self.RegListHead = LIST_ENTRY()
self.SecurityDescriptor = v_ptr64()
self.LastEnable = ETW_LAST_ENABLE_INFO()
self.ProviderEnableInfo = TRACE_ENABLE_INFO()
self.EnableInfo = vstruct.VArray([ TRACE_ENABLE_INFO() for i in xrange(8) ])
self.FilterData = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
[docs]class QUAD(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UseThisFieldToCopy = v_uint64()
[docs]class OBJECT_HANDLE_COUNT_DATABASE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CountEntries = v_uint32()
self._pad0008 = v_bytes(size=4)
self.HandleCountEntries = vstruct.VArray([ OBJECT_HANDLE_COUNT_ENTRY() for i in xrange(1) ])
[docs]class VF_KE_CRITICAL_REGION_TRACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Thread = v_ptr64()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(7) ])
[docs]class TIME_FIELDS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Year = v_uint16()
self.Month = v_uint16()
self.Day = v_uint16()
self.Hour = v_uint16()
self.Minute = v_uint16()
self.Second = v_uint16()
self.Milliseconds = v_uint16()
self.Weekday = v_uint16()
[docs]class HEAP_TUNING_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CommittThresholdShift = v_uint32()
self._pad0008 = v_bytes(size=4)
self.MaxPreCommittThreshold = v_uint64()
[docs]class LPCP_PORT_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ConnectionPort = v_ptr64()
self.ConnectedPort = v_ptr64()
self.MsgQueue = LPCP_PORT_QUEUE()
self.Creator = CLIENT_ID()
self.ClientSectionBase = v_ptr64()
self.ServerSectionBase = v_ptr64()
self.PortContext = v_ptr64()
self.ClientThread = v_ptr64()
self.SecurityQos = SECURITY_QUALITY_OF_SERVICE()
self._pad0070 = v_bytes(size=4)
self.StaticSecurity = SECURITY_CLIENT_CONTEXT()
self.LpcReplyChainHead = LIST_ENTRY()
self.LpcDataInfoChainHead = LIST_ENTRY()
self.ServerProcess = v_ptr64()
self.MaxMessageLength = v_uint16()
self.MaxConnectionInfoLength = v_uint16()
self.Flags = v_uint32()
self.WaitEvent = KEVENT()
[docs]class KPRCB(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MxCsr = v_uint32()
self.LegacyNumber = v_uint8()
self.ReservedMustBeZero = v_uint8()
self.InterruptRequest = v_uint8()
self.IdleHalt = v_uint8()
self.CurrentThread = v_ptr64()
self.NextThread = v_ptr64()
self.IdleThread = v_ptr64()
self.NestingLevel = v_uint8()
self.PrcbPad00 = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self.Number = v_uint32()
self.RspBase = v_uint64()
self.PrcbLock = v_uint64()
self.PrcbPad01 = v_uint64()
self.ProcessorState = KPROCESSOR_STATE()
self.CpuType = v_uint8()
self.CpuID = v_uint8()
self.CpuStep = v_uint16()
self.MHz = v_uint32()
self.HalReserved = vstruct.VArray([ v_uint64() for i in xrange(8) ])
self.MinorVersion = v_uint16()
self.MajorVersion = v_uint16()
self.BuildType = v_uint8()
self.CpuVendor = v_uint8()
self.CoresPerPhysicalProcessor = v_uint8()
self.LogicalProcessorsPerCore = v_uint8()
self.ApicMask = v_uint32()
self.CFlushSize = v_uint32()
self.AcpiReserved = v_ptr64()
self.InitialApicId = v_uint32()
self.Stride = v_uint32()
self.Group = v_uint16()
self._pad0660 = v_bytes(size=6)
self.GroupSetMember = v_uint64()
self.GroupIndex = v_uint8()
self._pad0670 = v_bytes(size=7)
self.LockQueue = vstruct.VArray([ KSPIN_LOCK_QUEUE() for i in xrange(17) ])
self.PPLookasideList = vstruct.VArray([ PP_LOOKASIDE_LIST() for i in xrange(16) ])
self.PPNPagedLookasideList = vstruct.VArray([ GENERAL_LOOKASIDE_POOL() for i in xrange(32) ])
self.PPPagedLookasideList = vstruct.VArray([ GENERAL_LOOKASIDE_POOL() for i in xrange(32) ])
self.PacketBarrier = v_uint32()
self._pad2088 = v_bytes(size=4)
self.DeferredReadyListHead = SINGLE_LIST_ENTRY()
self.MmPageFaultCount = v_uint32()
self.MmCopyOnWriteCount = v_uint32()
self.MmTransitionCount = v_uint32()
self.MmDemandZeroCount = v_uint32()
self.MmPageReadCount = v_uint32()
self.MmPageReadIoCount = v_uint32()
self.MmDirtyPagesWriteCount = v_uint32()
self.MmDirtyWriteIoCount = v_uint32()
self.MmMappedPagesWriteCount = v_uint32()
self.MmMappedWriteIoCount = v_uint32()
self.KeSystemCalls = v_uint32()
self.KeContextSwitches = v_uint32()
self.CcFastReadNoWait = v_uint32()
self.CcFastReadWait = v_uint32()
self.CcFastReadNotPossible = v_uint32()
self.CcCopyReadNoWait = v_uint32()
self.CcCopyReadWait = v_uint32()
self.CcCopyReadNoWaitMiss = v_uint32()
self.LookasideIrpFloat = v_uint32()
self.IoReadOperationCount = v_uint32()
self.IoWriteOperationCount = v_uint32()
self.IoOtherOperationCount = v_uint32()
self.IoReadTransferCount = LARGE_INTEGER()
self.IoWriteTransferCount = LARGE_INTEGER()
self.IoOtherTransferCount = LARGE_INTEGER()
self.TargetCount = v_uint32()
self.IpiFrozen = v_uint32()
self._pad2180 = v_bytes(size=120)
self.DpcData = vstruct.VArray([ KDPC_DATA() for i in xrange(2) ])
self.DpcStack = v_ptr64()
self.MaximumDpcQueueDepth = v_uint32()
self.DpcRequestRate = v_uint32()
self.MinimumDpcRate = v_uint32()
self.DpcLastCount = v_uint32()
self.ThreadDpcEnable = v_uint8()
self.QuantumEnd = v_uint8()
self.DpcRoutineActive = v_uint8()
self.IdleSchedule = v_uint8()
self.DpcRequestSummary = v_uint32()
self.TimerHand = v_uint32()
self.MasterOffset = v_uint32()
self.LastTick = v_uint32()
self.UnusedPad = v_uint32()
self.PrcbPad50 = vstruct.VArray([ v_uint64() for i in xrange(2) ])
self.TimerTable = KTIMER_TABLE()
self.DpcGate = KGATE()
self.PrcbPad52 = v_ptr64()
self.CallDpc = KDPC()
self.ClockKeepAlive = v_uint32()
self.ClockCheckSlot = v_uint8()
self.ClockPollCycle = v_uint8()
self.NmiActive = v_uint16()
self.DpcWatchdogPeriod = v_uint32()
self.DpcWatchdogCount = v_uint32()
self.TickOffset = v_uint64()
self.KeSpinLockOrdering = v_uint32()
self.PrcbPad70 = v_uint32()
self.WaitListHead = LIST_ENTRY()
self.WaitLock = v_uint64()
self.ReadySummary = v_uint32()
self.QueueIndex = v_uint32()
self.TimerExpirationDpc = KDPC()
self.PrcbPad72 = vstruct.VArray([ v_uint64() for i in xrange(4) ])
self.DispatcherReadyListHead = vstruct.VArray([ LIST_ENTRY() for i in xrange(32) ])
self.InterruptCount = v_uint32()
self.KernelTime = v_uint32()
self.UserTime = v_uint32()
self.DpcTime = v_uint32()
self.InterruptTime = v_uint32()
self.AdjustDpcThreshold = v_uint32()
self.DebuggerSavedIRQL = v_uint8()
self.PrcbPad80 = vstruct.VArray([ v_uint8() for i in xrange(7) ])
self.DpcTimeCount = v_uint32()
self.DpcTimeLimit = v_uint32()
self.PeriodicCount = v_uint32()
self.PeriodicBias = v_uint32()
self.AvailableTime = v_uint32()
self.KeExceptionDispatchCount = v_uint32()
self.ParentNode = v_ptr64()
self.StartCycles = v_uint64()
self.PrcbPad82 = vstruct.VArray([ v_uint64() for i in xrange(3) ])
self.MmSpinLockOrdering = v_uint32()
self.PageColor = v_uint32()
self.NodeColor = v_uint32()
self.NodeShiftedColor = v_uint32()
self.SecondaryColorMask = v_uint32()
self.PrcbPad83 = v_uint32()
self.CycleTime = v_uint64()
self.CcFastMdlReadNoWait = v_uint32()
self.CcFastMdlReadWait = v_uint32()
self.CcFastMdlReadNotPossible = v_uint32()
self.CcMapDataNoWait = v_uint32()
self.CcMapDataWait = v_uint32()
self.CcPinMappedDataCount = v_uint32()
self.CcPinReadNoWait = v_uint32()
self.CcPinReadWait = v_uint32()
self.CcMdlReadNoWait = v_uint32()
self.CcMdlReadWait = v_uint32()
self.CcLazyWriteHotSpots = v_uint32()
self.CcLazyWriteIos = v_uint32()
self.CcLazyWritePages = v_uint32()
self.CcDataFlushes = v_uint32()
self.CcDataPages = v_uint32()
self.CcLostDelayedWrites = v_uint32()
self.CcFastReadResourceMiss = v_uint32()
self.CcCopyReadWaitMiss = v_uint32()
self.CcFastMdlReadResourceMiss = v_uint32()
self.CcMapDataNoWaitMiss = v_uint32()
self.CcMapDataWaitMiss = v_uint32()
self.CcPinReadNoWaitMiss = v_uint32()
self.CcPinReadWaitMiss = v_uint32()
self.CcMdlReadNoWaitMiss = v_uint32()
self.CcMdlReadWaitMiss = v_uint32()
self.CcReadAheadIos = v_uint32()
self.MmCacheTransitionCount = v_uint32()
self.MmCacheReadCount = v_uint32()
self.MmCacheIoCount = v_uint32()
self.PrcbPad91 = vstruct.VArray([ v_uint32() for i in xrange(1) ])
self.RuntimeAccumulation = v_uint64()
self.PowerState = PROCESSOR_POWER_STATE()
self.PrcbPad92 = vstruct.VArray([ v_uint8() for i in xrange(16) ])
self.KeAlignmentFixupCount = v_uint32()
self._pad4918 = v_bytes(size=4)
self.DpcWatchdogDpc = KDPC()
self.DpcWatchdogTimer = KTIMER()
self.Cache = vstruct.VArray([ CACHE_DESCRIPTOR() for i in xrange(5) ])
self.CacheCount = v_uint32()
self.CachedCommit = v_uint32()
self.CachedResidentAvailable = v_uint32()
self.HyperPte = v_ptr64()
self.WheaInfo = v_ptr64()
self.EtwSupport = v_ptr64()
self._pad4a00 = v_bytes(size=8)
self.InterruptObjectPool = SLIST_HEADER()
self.HypercallPageList = SLIST_HEADER()
self.HypercallPageVirtual = v_ptr64()
self.VirtualApicAssist = v_ptr64()
self.StatisticsPage = v_ptr64()
self.RateControl = v_ptr64()
self.CacheProcessorMask = vstruct.VArray([ v_uint64() for i in xrange(5) ])
self.PackageProcessorSet = KAFFINITY_EX()
self.CoreProcessorSet = v_uint64()
self.PebsIndexAddress = v_ptr64()
self.PrcbPad93 = vstruct.VArray([ v_uint64() for i in xrange(12) ])
self.SpinLockAcquireCount = v_uint32()
self.SpinLockContentionCount = v_uint32()
self.SpinLockSpinCount = v_uint32()
self.IpiSendRequestBroadcastCount = v_uint32()
self.IpiSendRequestRoutineCount = v_uint32()
self.IpiSendSoftwareInterruptCount = v_uint32()
self.ExInitializeResourceCount = v_uint32()
self.ExReInitializeResourceCount = v_uint32()
self.ExDeleteResourceCount = v_uint32()
self.ExecutiveResourceAcquiresCount = v_uint32()
self.ExecutiveResourceContentionsCount = v_uint32()
self.ExecutiveResourceReleaseExclusiveCount = v_uint32()
self.ExecutiveResourceReleaseSharedCount = v_uint32()
self.ExecutiveResourceConvertsCount = v_uint32()
self.ExAcqResExclusiveAttempts = v_uint32()
self.ExAcqResExclusiveAcquiresExclusive = v_uint32()
self.ExAcqResExclusiveAcquiresExclusiveRecursive = v_uint32()
self.ExAcqResExclusiveWaits = v_uint32()
self.ExAcqResExclusiveNotAcquires = v_uint32()
self.ExAcqResSharedAttempts = v_uint32()
self.ExAcqResSharedAcquiresExclusive = v_uint32()
self.ExAcqResSharedAcquiresShared = v_uint32()
self.ExAcqResSharedAcquiresSharedRecursive = v_uint32()
self.ExAcqResSharedWaits = v_uint32()
self.ExAcqResSharedNotAcquires = v_uint32()
self.ExAcqResSharedStarveExclusiveAttempts = v_uint32()
self.ExAcqResSharedStarveExclusiveAcquiresExclusive = v_uint32()
self.ExAcqResSharedStarveExclusiveAcquiresShared = v_uint32()
self.ExAcqResSharedStarveExclusiveAcquiresSharedRecursive = v_uint32()
self.ExAcqResSharedStarveExclusiveWaits = v_uint32()
self.ExAcqResSharedStarveExclusiveNotAcquires = v_uint32()
self.ExAcqResSharedWaitForExclusiveAttempts = v_uint32()
self.ExAcqResSharedWaitForExclusiveAcquiresExclusive = v_uint32()
self.ExAcqResSharedWaitForExclusiveAcquiresShared = v_uint32()
self.ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive = v_uint32()
self.ExAcqResSharedWaitForExclusiveWaits = v_uint32()
self.ExAcqResSharedWaitForExclusiveNotAcquires = v_uint32()
self.ExSetResOwnerPointerExclusive = v_uint32()
self.ExSetResOwnerPointerSharedNew = v_uint32()
self.ExSetResOwnerPointerSharedOld = v_uint32()
self.ExTryToAcqExclusiveAttempts = v_uint32()
self.ExTryToAcqExclusiveAcquires = v_uint32()
self.ExBoostExclusiveOwner = v_uint32()
self.ExBoostSharedOwners = v_uint32()
self.ExEtwSynchTrackingNotificationsCount = v_uint32()
self.ExEtwSynchTrackingNotificationsAccountedCount = v_uint32()
self.VendorString = vstruct.VArray([ v_uint8() for i in xrange(13) ])
self.PrcbPad10 = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self.FeatureBits = v_uint32()
self._pad4bd0 = v_bytes(size=4)
self.UpdateSignature = LARGE_INTEGER()
self.Context = v_ptr64()
self.ContextFlags = v_uint32()
self._pad4be8 = v_bytes(size=4)
self.ExtendedState = v_ptr64()
self._pad4c00 = v_bytes(size=16)
self.Mailbox = v_ptr64()
self._pad4c80 = v_bytes(size=120)
self.RequestMailbox = vstruct.VArray([ REQUEST_MAILBOX() for i in xrange(1) ])
self._pad4d00 = v_bytes(size=64)
[docs]class EXCEPTION_POINTERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ExceptionRecord = v_ptr64()
self.ContextRecord = v_ptr64()
[docs]class PPM_FFH_THROTTLE_STATE_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.EnableLogging = v_uint8()
self._pad0004 = v_bytes(size=3)
self.MismatchCount = v_uint32()
self.Initialized = v_uint8()
self._pad0010 = v_bytes(size=7)
self.LastValue = v_uint64()
self.LastLogTickCount = LARGE_INTEGER()
[docs]class RTL_DYNAMIC_HASH_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Flags = v_uint32()
self.Shift = v_uint32()
self.TableSize = v_uint32()
self.Pivot = v_uint32()
self.DivisorMask = v_uint32()
self.NumEntries = v_uint32()
self.NonEmptyBuckets = v_uint32()
self.NumEnumerators = v_uint32()
self.Directory = v_ptr64()
[docs]class POP_TRIGGER_WAIT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Event = KEVENT()
self.Status = v_uint32()
self._pad0020 = v_bytes(size=4)
self.Link = LIST_ENTRY()
self.Trigger = v_ptr64()
[docs]class KAFFINITY_EX(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Count = v_uint16()
self.Size = v_uint16()
self.Reserved = v_uint32()
self.Bitmap = vstruct.VArray([ v_uint64() for i in xrange(4) ])
[docs]class ETW_WMITRACE_WORK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.LoggerId = v_uint32()
self._pad0008 = v_bytes(size=4)
self.LoggerName = vstruct.VArray([ v_uint8() for i in xrange(65) ])
self.FileName = vstruct.VArray([ v_uint8() for i in xrange(129) ])
self._pad00cc = v_bytes(size=2)
self.MaximumFileSize = v_uint32()
self.MinBuffers = v_uint32()
self.MaxBuffers = v_uint32()
self.BufferSize = v_uint32()
self.Mode = v_uint32()
self.FlushTimer = v_uint32()
self._pad00e8 = v_bytes(size=4)
self.Status = v_uint32()
self._pad00f0 = v_bytes(size=4)
[docs]class DEVICE_OBJECT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint16()
self.Size = v_uint16()
self.ReferenceCount = v_uint32()
self.DriverObject = v_ptr64()
self.NextDevice = v_ptr64()
self.AttachedDevice = v_ptr64()
self.CurrentIrp = v_ptr64()
self.Timer = v_ptr64()
self.Flags = v_uint32()
self.Characteristics = v_uint32()
self.Vpb = v_ptr64()
self.DeviceExtension = v_ptr64()
self.DeviceType = v_uint32()
self.StackSize = v_uint8()
self._pad0050 = v_bytes(size=3)
self.Queue = _unnamed_20590()
self.AlignmentRequirement = v_uint32()
self._pad00a0 = v_bytes(size=4)
self.DeviceQueue = KDEVICE_QUEUE()
self.Dpc = KDPC()
self.ActiveThreadCount = v_uint32()
self._pad0110 = v_bytes(size=4)
self.SecurityDescriptor = v_ptr64()
self.DeviceLock = KEVENT()
self.SectorSize = v_uint16()
self.Spare1 = v_uint16()
self._pad0138 = v_bytes(size=4)
self.DeviceObjectExtension = v_ptr64()
self.Reserved = v_ptr64()
self._pad0150 = v_bytes(size=8)
[docs]class KRESOURCEMANAGER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.NotificationAvailable = KEVENT()
self.cookie = v_uint32()
self.State = v_uint32()
self.Flags = v_uint32()
self._pad0028 = v_bytes(size=4)
self.Mutex = KMUTANT()
self.NamespaceLink = KTMOBJECT_NAMESPACE_LINK()
self.RmId = GUID()
self.NotificationQueue = KQUEUE()
self.NotificationMutex = KMUTANT()
self.EnlistmentHead = LIST_ENTRY()
self.EnlistmentCount = v_uint32()
self._pad0128 = v_bytes(size=4)
self.NotificationRoutine = v_ptr64()
self.Key = v_ptr64()
self.ProtocolListHead = LIST_ENTRY()
self.PendingPropReqListHead = LIST_ENTRY()
self.CRMListEntry = LIST_ENTRY()
self.Tm = v_ptr64()
self.Description = UNICODE_STRING()
self.Enlistments = KTMOBJECT_NAMESPACE()
self.CompletionBinding = KRESOURCEMANAGER_COMPLETION_BINDING()
[docs]class CM_NAME_HASH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ConvKey = v_uint32()
self._pad0008 = v_bytes(size=4)
self.NextHash = v_ptr64()
self.NameLength = v_uint16()
self.Name = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0018 = v_bytes(size=4)
[docs]class KTSS64(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Reserved0 = v_uint32()
self.Rsp0 = v_uint64()
self.Rsp1 = v_uint64()
self.Rsp2 = v_uint64()
self.Ist = vstruct.VArray([ v_uint64() for i in xrange(8) ])
self.Reserved1 = v_uint64()
self.Reserved2 = v_uint16()
self.IoMapBase = v_uint16()
[docs]class EX_PUSH_LOCK_WAIT_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WakeEvent = KEVENT()
self.Next = v_ptr64()
self.Last = v_ptr64()
self.Previous = v_ptr64()
self.ShareCount = v_uint32()
self.Flags = v_uint32()
self._pad0040 = v_bytes(size=8)
class _unnamed_26758(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Level = v_uint32()
class _unnamed_26759(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Type = v_uint32()
[docs]class KERNEL_STACK_SEGMENT(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.StackBase = v_uint64()
self.StackLimit = v_uint64()
self.KernelStack = v_uint64()
self.InitialStack = v_uint64()
self.ActualLimit = v_uint64()
[docs]class VF_POOL_TRACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Address = v_ptr64()
self.Size = v_uint64()
self.Thread = v_ptr64()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(13) ])
[docs]class HIVE_LOAD_FAILURE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Hive = v_ptr64()
self.Index = v_uint32()
self.RecoverableIndex = v_uint32()
self.Locations = vstruct.VArray([ _unnamed_22851() for i in xrange(8) ])
self.RecoverableLocations = vstruct.VArray([ _unnamed_22851() for i in xrange(8) ])
self.RegistryIO = _unnamed_22852()
self.CheckRegistry2 = _unnamed_22853()
self.CheckKey = _unnamed_22854()
self.CheckValueList = _unnamed_22855()
self.CheckHive = _unnamed_22856()
self.CheckHive1 = _unnamed_22856()
self.CheckBin = _unnamed_22857()
self.RecoverData = _unnamed_22858()
self._pad0160 = v_bytes(size=4)
[docs]class PCW_BUFFER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
[docs]class EX_QUEUE_WORKER_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.QueueDisabled = v_uint32()
[docs]class DBGKD_WRITE_BREAKPOINT32(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.BreakPointAddress = v_uint32()
self.BreakPointHandle = v_uint32()
[docs]class TP_CLEANUP_GROUP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
class _unnamed_28937(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Active = v_uint32()
[docs]class ETW_REPLY_QUEUE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Queue = KQUEUE()
self.EventsLost = v_uint32()
self._pad0048 = v_bytes(size=4)
[docs]class OBJECT_TYPE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.TypeList = LIST_ENTRY()
self.Name = UNICODE_STRING()
self.DefaultObject = v_ptr64()
self.Index = v_uint8()
self._pad002c = v_bytes(size=3)
self.TotalNumberOfObjects = v_uint32()
self.TotalNumberOfHandles = v_uint32()
self.HighWaterNumberOfObjects = v_uint32()
self.HighWaterNumberOfHandles = v_uint32()
self._pad0040 = v_bytes(size=4)
self.TypeInfo = OBJECT_TYPE_INITIALIZER()
self.TypeLock = EX_PUSH_LOCK()
self.Key = v_uint32()
self._pad00c0 = v_bytes(size=4)
self.CallbackList = LIST_ENTRY()
[docs]class ALPC_MESSAGE_ZONE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Mdl = v_ptr64()
self.UserVa = v_ptr64()
self.UserLimit = v_ptr64()
self.SystemVa = v_ptr64()
self.SystemLimit = v_ptr64()
self.Size = v_uint64()
[docs]class KNODE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PagedPoolSListHead = SLIST_HEADER()
self.NonPagedPoolSListHead = vstruct.VArray([ SLIST_HEADER() for i in xrange(3) ])
self.Affinity = GROUP_AFFINITY()
self.ProximityId = v_uint32()
self.NodeNumber = v_uint16()
self.PrimaryNodeNumber = v_uint16()
self.MaximumProcessors = v_uint8()
self.Color = v_uint8()
self.Flags = flags()
self.NodePad0 = v_uint8()
self.Seed = v_uint32()
self.MmShiftedColor = v_uint32()
self._pad0068 = v_bytes(size=4)
self.FreeCount = vstruct.VArray([ v_uint64() for i in xrange(2) ])
self.Right = v_uint32()
self.Left = v_uint32()
self.CachedKernelStacks = CACHED_KSTACK_LIST()
self.ParkLock = v_uint32()
self.NodePad1 = v_uint32()
self._pad00c0 = v_bytes(size=24)
[docs]class PRIVILEGE_SET(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PrivilegeCount = v_uint32()
self.Control = v_uint32()
self.Privilege = vstruct.VArray([ LUID_AND_ATTRIBUTES() for i in xrange(1) ])
[docs]class ALPC_HANDLE_TABLE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Handles = v_ptr64()
self.TotalHandles = v_uint32()
self.Flags = v_uint32()
self.Lock = EX_PUSH_LOCK()
[docs]class CM_KEY_HASH_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Lock = EX_PUSH_LOCK()
self.Owner = v_ptr64()
self.Entry = v_ptr64()
[docs]class IO_WORKITEM(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.WorkItem = WORK_QUEUE_ITEM()
self.Routine = v_ptr64()
self.IoObject = v_ptr64()
self.Context = v_ptr64()
self.Type = v_uint32()
self._pad0040 = v_bytes(size=4)
[docs]class NLS_DATA_BLOCK(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.AnsiCodePageData = v_ptr64()
self.OemCodePageData = v_ptr64()
self.UnicodeCaseTableData = v_ptr64()
[docs]class SYSTEM_POWER_CAPABILITIES(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.PowerButtonPresent = v_uint8()
self.SleepButtonPresent = v_uint8()
self.LidPresent = v_uint8()
self.SystemS1 = v_uint8()
self.SystemS2 = v_uint8()
self.SystemS3 = v_uint8()
self.SystemS4 = v_uint8()
self.SystemS5 = v_uint8()
self.HiberFilePresent = v_uint8()
self.FullWake = v_uint8()
self.VideoDimPresent = v_uint8()
self.ApmPresent = v_uint8()
self.UpsPresent = v_uint8()
self.ThermalControl = v_uint8()
self.ProcessorThrottle = v_uint8()
self.ProcessorMinThrottle = v_uint8()
self.ProcessorMaxThrottle = v_uint8()
self.FastSystemS4 = v_uint8()
self.spare2 = vstruct.VArray([ v_uint8() for i in xrange(3) ])
self.DiskSpinDown = v_uint8()
self.spare3 = vstruct.VArray([ v_uint8() for i in xrange(8) ])
self.SystemBatteriesPresent = v_uint8()
self.BatteriesAreShortTerm = v_uint8()
self.BatteryScale = vstruct.VArray([ BATTERY_REPORTING_SCALE() for i in xrange(3) ])
self.AcOnLineWake = v_uint32()
self.SoftLidWake = v_uint32()
self.RtcWake = v_uint32()
self.MinDeviceWakeState = v_uint32()
self.DefaultLowLatencyWake = v_uint32()
[docs]class MMEXTEND_INFO(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.CommittedSize = v_uint64()
self.ReferenceCount = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class VF_TARGET_ALL_SHARED_EXPORT_THUNKS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.SharedExportThunks = v_ptr64()
self.PoolSharedExportThunks = v_ptr64()
self.OrderDependentSharedExportThunks = v_ptr64()
[docs]class RTL_USER_PROCESS_PARAMETERS(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.MaximumLength = v_uint32()
self.Length = v_uint32()
self.Flags = v_uint32()
self.DebugFlags = v_uint32()
self.ConsoleHandle = v_ptr64()
self.ConsoleFlags = v_uint32()
self._pad0020 = v_bytes(size=4)
self.StandardInput = v_ptr64()
self.StandardOutput = v_ptr64()
self.StandardError = v_ptr64()
self.CurrentDirectory = CURDIR()
self.DllPath = UNICODE_STRING()
self.ImagePathName = UNICODE_STRING()
self.CommandLine = UNICODE_STRING()
self.Environment = v_ptr64()
self.StartingX = v_uint32()
self.StartingY = v_uint32()
self.CountX = v_uint32()
self.CountY = v_uint32()
self.CountCharsX = v_uint32()
self.CountCharsY = v_uint32()
self.FillAttribute = v_uint32()
self.WindowFlags = v_uint32()
self.ShowWindowFlags = v_uint32()
self._pad00b0 = v_bytes(size=4)
self.WindowTitle = UNICODE_STRING()
self.DesktopInfo = UNICODE_STRING()
self.ShellInfo = UNICODE_STRING()
self.RuntimeData = UNICODE_STRING()
self.CurrentDirectores = vstruct.VArray([ RTL_DRIVE_LETTER_CURDIR() for i in xrange(32) ])
self.EnvironmentSize = v_uint64()
self.EnvironmentVersion = v_uint64()
class _unnamed_28570(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.UserData = v_ptr64()
self.Owner = v_ptr64()
class _unnamed_28571(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListHead = LIST_ENTRY()
class _unnamed_21204(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.CompletionFilter = v_uint32()
self._pad0010 = v_bytes(size=4)
class _unnamed_21207(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Length = v_uint32()
self._pad0008 = v_bytes(size=4)
self.FileInformationClass = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class LAZY_WRITER(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ScanDpc = KDPC()
self.ScanTimer = KTIMER()
self.ScanActive = v_uint8()
self.OtherWork = v_uint8()
self.PendingTeardownScan = v_uint8()
self.PendingPeriodicScan = v_uint8()
self.PendingLowMemoryScan = v_uint8()
self.PendingPowerScan = v_uint8()
self._pad0088 = v_bytes(size=2)
[docs]class u(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.KeyNode = CM_KEY_NODE()
[docs]class VI_FAULT_TRACE(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Thread = v_ptr64()
self.StackTrace = vstruct.VArray([ v_ptr64() for i in xrange(8) ])
[docs]class IO_RESOURCE_REQUIREMENTS_LIST(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListSize = v_uint32()
self.InterfaceType = v_uint32()
self.BusNumber = v_uint32()
self.SlotNumber = v_uint32()
self.Reserved = vstruct.VArray([ v_uint32() for i in xrange(3) ])
self.AlternativeLists = v_uint32()
self.List = vstruct.VArray([ IO_RESOURCE_LIST() for i in xrange(1) ])
class _unnamed_26616(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Port = _unnamed_26671()
[docs]class VF_WATCHDOG_IRP(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.ListEntry = LIST_ENTRY()
self.Irp = v_ptr64()
self.DueTickCount = v_uint32()
self.Inserted = v_uint8()
self.TrackedStackLocation = v_uint8()
self.CancelTimeoutTicks = v_uint16()
[docs]class MMWSLE_NONDIRECT_HASH(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.Key = v_ptr64()
self.Index = v_uint32()
self._pad0010 = v_bytes(size=4)
[docs]class RTL_ATOM_TABLE_ENTRY(vstruct.VStruct):
def __init__(self):
vstruct.VStruct.__init__(self)
self.HashLink = v_ptr64()
self.HandleIndex = v_uint16()
self.Atom = v_uint16()
self.ReferenceCount = v_uint16()
self.Flags = v_uint8()
self.NameLength = v_uint8()
self.Name = vstruct.VArray([ v_uint16() for i in xrange(1) ])
self._pad0018 = v_bytes(size=6)