From 2b382ba5baa2877aa501389413cd44148c52c35a Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Thu, 20 Jun 2024 03:19:03 +0800 Subject: [PATCH] bind sdk fix decode bit start index --- gengo/bind/sdkMerge/bug/tmp/bug.go | 102 +- gengo/bind/sdkMerge/combined_headers.h | 6 +- gengo/bind/sdkMerge/tmp/HPRDBGCTRL.go | 1730 ++++-------------------- 3 files changed, 324 insertions(+), 1514 deletions(-) diff --git a/gengo/bind/sdkMerge/bug/tmp/bug.go b/gengo/bind/sdkMerge/bug/tmp/bug.go index 0c3d51641..2d174e1be 100644 --- a/gengo/bind/sdkMerge/bug/tmp/bug.go +++ b/gengo/bind/sdkMerge/bug/tmp/bug.go @@ -3,6 +3,7 @@ package bug import ( "unsafe" + "github.com/can1357/gengo/gengort" ) @@ -54,78 +55,87 @@ type XedImmdisS struct { Present int32 ImmediateIsUnsigned int32 } -type _Int128T = any -type _Uint128T = any -type __NSConstantString = any -type SizeT = uint64 -type _BuiltinMsVaList = *byte -type _BuiltinVaList = *byte -type Qword = uint64 -type Uint64 = uint64 -type Puint64 = *uint64 -type Dword = uint64 -type Bool = int32 -type Byte = uint8 -type Word = uint16 -type Int = int32 -type Uint = uint32 -type Puint = *uint32 -type Ulong64 = uint64 -type Pulong64 = *uint64 -type Dword64 = uint64 -type Pdword64 = *uint64 -type Char = byte -type Uchar = uint8 -type Ushort = uint16 -type Ulong = uint64 -type Boolean = Uchar -type Pboolean = *Boolean -type Int8 = int8 -type Pint8 = *int8 -type Int16 = int16 -type Pint16 = *int16 -type Int32 = int32 -type Pint32 = *int32 -type Int64 = int64 -type Pint64 = *int64 -type Uint8 = uint8 -type Puint8 = *uint8 -type Uint16 = uint16 -type Puint16 = *uint16 -type Uint32 = uint32 -type Puint32 = *uint32 -type Uint64 = uint64 -type Puint64 = *uint64 -type Pcr3Type = *Cr3Type -type VmxSegmentAccessRightsType = any -type XedImmdisT = XedImmdisS +type ( + _Int128T = any + _Uint128T = any + __NSConstantString = any + SizeT = uint64 + _BuiltinMsVaList = *byte + _BuiltinVaList = *byte + Qword = uint64 + Uint64 = uint64 + Puint64 = *uint64 + Dword = uint64 + Bool = int32 + Byte = uint8 + Word = uint16 + Int = int32 + Uint = uint32 + Puint = *uint32 + Ulong64 = uint64 + Pulong64 = *uint64 + Dword64 = uint64 + Pdword64 = *uint64 + Char = byte + Uchar = uint8 + Ushort = uint16 + Ulong = uint64 + Boolean = Uchar + Pboolean = *Boolean + Int8 = int8 + Pint8 = *int8 + Int16 = int16 + Pint16 = *int16 + Int32 = int32 + Pint32 = *int32 + Int64 = int64 + Pint64 = *int64 + Uint8 = uint8 + Puint8 = *uint8 + Uint16 = uint16 + Puint16 = *uint16 + Uint32 = uint32 + Puint32 = *uint32 + Uint64 = uint64 + Puint64 = *uint64 + Pcr3Type = *Cr3Type + VmxSegmentAccessRightsType = any + XedImmdisT = XedImmdisS +) func (s Anon46_6) Flags() Uint64 { return gengort.ReadBitcast[Uint64](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) } + func (s *Anon46_6) SetFlags(v Uint64) { gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) } + func (s Anon46_6) Fields() Anon50_10 { return gengort.ReadBitcast[Anon50_10](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) } + func (s *Anon46_6) SetFields(v Anon50_10) { gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) } + func (s Anon61_9) get() Anon63_5 { return gengort.ReadBitcast[Anon63_5](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) } + func (s *Anon61_9) Set(v Anon63_5) { gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) } + func (s Anon61_9) AsUInt() Uint32 { return gengort.ReadBitcast[Uint32](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) } + func (s *Anon61_9) SetAsUInt(v Uint32) { gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) } -// Gengo init function. +// Gengo init function. func init() { gengort.Validate((*Cr3Type)(nil), 0x8, 0x8) gengort.Validate((*Anon46_6)(nil), 0x8, 0x8) diff --git a/gengo/bind/sdkMerge/combined_headers.h b/gengo/bind/sdkMerge/combined_headers.h index aa6584507..038b49c73 100644 --- a/gengo/bind/sdkMerge/combined_headers.h +++ b/gengo/bind/sdkMerge/combined_headers.h @@ -742,9 +742,9 @@ const unsigned char BuildSignature[] = { // Basic Datatypes // ////////////////////////////////////////////////// -#include //for wchar_t -#include //for PVOID -#include //warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] +//#include //for wchar_t +//#include //for PVOID +//#include //warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] typedef unsigned long long QWORD; typedef unsigned __int64 UINT64, *PUINT64; diff --git a/gengo/bind/sdkMerge/tmp/HPRDBGCTRL.go b/gengo/bind/sdkMerge/tmp/HPRDBGCTRL.go index a0e175c39..ba67dcf5b 100644 --- a/gengo/bind/sdkMerge/tmp/HPRDBGCTRL.go +++ b/gengo/bind/sdkMerge/tmp/HPRDBGCTRL.go @@ -2,7 +2,6 @@ package HPRDBGCTRL import ( - "unsafe" "github.com/can1357/gengo/gengort" ) @@ -10,1488 +9,289 @@ const GengoLibraryName = "HPRDBGCTRL" var GengoLibrary = gengort.NewLibrary(GengoLibraryName) -type _ExceptionDisposition int32 - -const ( - EXCEPTION_CONTINUE_EXECUTION _ExceptionDisposition = 0 - EXCEPTION_CONTINUE_SEARCH _ExceptionDisposition = 1 - EXCEPTION_NESTED_EXCEPTION _ExceptionDisposition = 2 - EXCEPTION_COLLIDED_UNWIND _ExceptionDisposition = 3 -) - -type int32 - -const ( - UNSPECIFIED_COMPARTMENT_ID = 0 - DEFAULT_COMPARTMENT_ID = 1 -) - -type _SidNameUse int32 - -const ( - SID_TYPE_USER _SidNameUse = 1 - SID_TYPE_GROUP _SidNameUse = 2 - SID_TYPE_DOMAIN _SidNameUse = 3 - SID_TYPE_ALIAS _SidNameUse = 4 - SID_TYPE_WELL_KNOWN_GROUP _SidNameUse = 5 - SID_TYPE_DELETED_ACCOUNT _SidNameUse = 6 - SID_TYPE_INVALID _SidNameUse = 7 - SID_TYPE_UNKNOWN _SidNameUse = 8 - SID_TYPE_COMPUTER _SidNameUse = 9 - SID_TYPE_LABEL _SidNameUse = 10 - SID_TYPE_LOGON_SESSION _SidNameUse = 11 -) - -type int32 - -const ( - WIN_NULL_SID = 0 - WIN_WORLD_SID = 1 - WIN_LOCAL_SID = 2 - WIN_CREATOR_OWNER_SID = 3 - WIN_CREATOR_GROUP_SID = 4 - WIN_CREATOR_OWNER_SERVER_SID = 5 - WIN_CREATOR_GROUP_SERVER_SID = 6 - WIN_NT_AUTHORITY_SID = 7 - WIN_DIALUP_SID = 8 - WIN_NETWORK_SID = 9 - WIN_BATCH_SID = 10 - WIN_INTERACTIVE_SID = 11 - WIN_SERVICE_SID = 12 - WIN_ANONYMOUS_SID = 13 - WIN_PROXY_SID = 14 - WIN_ENTERPRISE_CONTROLLERS_SID = 15 - WIN_SELF_SID = 16 - WIN_AUTHENTICATED_USER_SID = 17 - WIN_RESTRICTED_CODE_SID = 18 - WIN_TERMINAL_SERVER_SID = 19 - WIN_REMOTE_LOGON_ID_SID = 20 - WIN_LOGON_IDS_SID = 21 - WIN_LOCAL_SYSTEM_SID = 22 - WIN_LOCAL_SERVICE_SID = 23 - WIN_NETWORK_SERVICE_SID = 24 - WIN_BUILTIN_DOMAIN_SID = 25 - WIN_BUILTIN_ADMINISTRATORS_SID = 26 - WIN_BUILTIN_USERS_SID = 27 - WIN_BUILTIN_GUESTS_SID = 28 - WIN_BUILTIN_POWER_USERS_SID = 29 - WIN_BUILTIN_ACCOUNT_OPERATORS_SID = 30 - WIN_BUILTIN_SYSTEM_OPERATORS_SID = 31 - WIN_BUILTIN_PRINT_OPERATORS_SID = 32 - WIN_BUILTIN_BACKUP_OPERATORS_SID = 33 - WIN_BUILTIN_REPLICATOR_SID = 34 - WIN_BUILTIN_PRE_WINDOWS2000_COMPATIBLE_ACCESS_SID = 35 - WIN_BUILTIN_REMOTE_DESKTOP_USERS_SID = 36 - WIN_BUILTIN_NETWORK_CONFIGURATION_OPERATORS_SID = 37 - WIN_ACCOUNT_ADMINISTRATOR_SID = 38 - WIN_ACCOUNT_GUEST_SID = 39 - WIN_ACCOUNT_KRBTGT_SID = 40 - WIN_ACCOUNT_DOMAIN_ADMINS_SID = 41 - WIN_ACCOUNT_DOMAIN_USERS_SID = 42 - WIN_ACCOUNT_DOMAIN_GUESTS_SID = 43 - WIN_ACCOUNT_COMPUTERS_SID = 44 - WIN_ACCOUNT_CONTROLLERS_SID = 45 - WIN_ACCOUNT_CERT_ADMINS_SID = 46 - WIN_ACCOUNT_SCHEMA_ADMINS_SID = 47 - WIN_ACCOUNT_ENTERPRISE_ADMINS_SID = 48 - WIN_ACCOUNT_POLICY_ADMINS_SID = 49 - WIN_ACCOUNT_RAS_AND_IAS_SERVERS_SID = 50 - WIN_NTLMAUTHENTICATION_SID = 51 - WIN_DIGEST_AUTHENTICATION_SID = 52 - WIN_SCHANNEL_AUTHENTICATION_SID = 53 - WIN_THIS_ORGANIZATION_SID = 54 - WIN_OTHER_ORGANIZATION_SID = 55 - WIN_BUILTIN_INCOMING_FOREST_TRUST_BUILDERS_SID = 56 - WIN_BUILTIN_PERF_MONITORING_USERS_SID = 57 - WIN_BUILTIN_PERF_LOGGING_USERS_SID = 58 - WIN_BUILTIN_AUTHORIZATION_ACCESS_SID = 59 - WIN_BUILTIN_TERMINAL_SERVER_LICENSE_SERVERS_SID = 60 - WIN_BUILTIN_DCOMUSERS_SID = 61 - WIN_BUILTIN_IUSERS_SID = 62 - WIN_IUSER_SID = 63 - WIN_BUILTIN_CRYPTO_OPERATORS_SID = 64 - WIN_UNTRUSTED_LABEL_SID = 65 - WIN_LOW_LABEL_SID = 66 - WIN_MEDIUM_LABEL_SID = 67 - WIN_HIGH_LABEL_SID = 68 - WIN_SYSTEM_LABEL_SID = 69 - WIN_WRITE_RESTRICTED_CODE_SID = 70 - WIN_CREATOR_OWNER_RIGHTS_SID = 71 - WIN_CACHEABLE_PRINCIPALS_GROUP_SID = 72 - WIN_NON_CACHEABLE_PRINCIPALS_GROUP_SID = 73 - WIN_ENTERPRISE_READONLY_CONTROLLERS_SID = 74 - WIN_ACCOUNT_READONLY_CONTROLLERS_SID = 75 - WIN_BUILTIN_EVENT_LOG_READERS_GROUP = 76 - WIN_NEW_ENTERPRISE_READONLY_CONTROLLERS_SID = 77 - WIN_BUILTIN_CERT_SVC_DCOM_ACCESS_GROUP = 78 - WIN_MEDIUM_PLUS_LABEL_SID = 79 - WIN_LOCAL_LOGON_SID = 80 - WIN_CONSOLE_LOGON_SID = 81 - WIN_THIS_ORGANIZATION_CERTIFICATE_SID = 82 - WIN_APPLICATION_PACKAGE_AUTHORITY_SID = 83 - WIN_BUILTIN_ANY_PACKAGE_SID = 84 - WIN_CAPABILITY_INTERNET_CLIENT_SID = 85 - WIN_CAPABILITY_INTERNET_CLIENT_SERVER_SID = 86 - WIN_CAPABILITY_PRIVATE_NETWORK_CLIENT_SERVER_SID = 87 - WIN_CAPABILITY_PICTURES_LIBRARY_SID = 88 - WIN_CAPABILITY_VIDEOS_LIBRARY_SID = 89 - WIN_CAPABILITY_MUSIC_LIBRARY_SID = 90 - WIN_CAPABILITY_DOCUMENTS_LIBRARY_SID = 91 - WIN_CAPABILITY_SHARED_USER_CERTIFICATES_SID = 92 - WIN_CAPABILITY_ENTERPRISE_AUTHENTICATION_SID = 93 - WIN_CAPABILITY_REMOVABLE_STORAGE_SID = 94 - WIN_BUILTIN_RDSREMOTE_ACCESS_SERVERS_SID = 95 - WIN_BUILTIN_RDSENDPOINT_SERVERS_SID = 96 - WIN_BUILTIN_RDSMANAGEMENT_SERVERS_SID = 97 - WIN_USER_MODE_DRIVERS_SID = 98 - WIN_BUILTIN_HYPER_VADMINS_SID = 99 - WIN_ACCOUNT_CLONEABLE_CONTROLLERS_SID = 100 - WIN_BUILTIN_ACCESS_CONTROL_ASSISTANCE_OPERATORS_SID = 101 - WIN_BUILTIN_REMOTE_MANAGEMENT_USERS_SID = 102 - WIN_AUTHENTICATION_AUTHORITY_ASSERTED_SID = 103 - WIN_AUTHENTICATION_SERVICE_ASSERTED_SID = 104 - WIN_LOCAL_ACCOUNT_SID = 105 - WIN_LOCAL_ACCOUNT_AND_ADMINISTRATOR_SID = 106 - WIN_ACCOUNT_PROTECTED_USERS_SID = 107 - WIN_CAPABILITY_APPOINTMENTS_SID = 108 - WIN_CAPABILITY_CONTACTS_SID = 109 - WIN_ACCOUNT_DEFAULT_SYSTEM_MANAGED_SID = 110 - WIN_BUILTIN_DEFAULT_SYSTEM_MANAGED_GROUP_SID = 111 - WIN_BUILTIN_STORAGE_REPLICA_ADMINS_SID = 112 - WIN_ACCOUNT_KEY_ADMINS_SID = 113 - WIN_ACCOUNT_ENTERPRISE_KEY_ADMINS_SID = 114 - WIN_AUTHENTICATION_KEY_TRUST_SID = 115 - WIN_AUTHENTICATION_KEY_PROPERTY_MFASID = 116 - WIN_AUTHENTICATION_KEY_PROPERTY_ATTESTATION_SID = 117 - WIN_AUTHENTICATION_FRESH_KEY_AUTH_SID = 118 - WIN_BUILTIN_DEVICE_OWNERS_SID = 119 - WIN_BUILTIN_USER_MODE_HARDWARE_OPERATORS_SID = 120 - WIN_BUILTIN_OPEN_SSHUSERS_SID = 121 -) - -type _AclInformationClass int32 - -const ( - ACL_REVISION_INFORMATION _AclInformationClass = 1 - ACL_SIZE_INFORMATION _AclInformationClass = 2 -) - -type _AuditEventType int32 - -const ( - AUDIT_EVENT_OBJECT_ACCESS _AuditEventType = 0 - AUDIT_EVENT_DIRECTORY_SERVICE_ACCESS _AuditEventType = 1 -) - -type _AccessReasonType int32 - -const ( - ACCESS_REASON_NONE _AccessReasonType = 0 - ACCESS_REASON_ALLOWED_ACE _AccessReasonType = 65536 - ACCESS_REASON_DENIED_ACE _AccessReasonType = 131072 - ACCESS_REASON_ALLOWED_PARENT_ACE _AccessReasonType = 196608 - ACCESS_REASON_DENIED_PARENT_ACE _AccessReasonType = 262144 - ACCESS_REASON_NOT_GRANTED_BY_CAPE _AccessReasonType = 327680 - ACCESS_REASON_NOT_GRANTED_BY_PARENT_CAPE _AccessReasonType = 393216 - ACCESS_REASON_NOT_GRANTED_TO_APP_CONTAINER _AccessReasonType = 458752 - ACCESS_REASON_MISSING_PRIVILEGE _AccessReasonType = 1048576 - ACCESS_REASON_FROM_PRIVILEGE _AccessReasonType = 2097152 - ACCESS_REASON_INTEGRITY_LEVEL _AccessReasonType = 3145728 - ACCESS_REASON_OWNERSHIP _AccessReasonType = 4194304 - ACCESS_REASON_NULL_DACL _AccessReasonType = 5242880 - ACCESS_REASON_EMPTY_DACL _AccessReasonType = 6291456 - ACCESS_REASON_NO_SD _AccessReasonType = 7340032 - ACCESS_REASON_NO_GRANT _AccessReasonType = 8388608 - ACCESS_REASON_TRUST_LABEL _AccessReasonType = 9437184 - ACCESS_REASON_FILTER_ACE _AccessReasonType = 10485760 -) - -type _SecurityImpersonationLevel int32 - -const ( - SECURITY_ANONYMOUS _SecurityImpersonationLevel = 0 - SECURITY_IDENTIFICATION _SecurityImpersonationLevel = 1 - SECURITY_IMPERSONATION _SecurityImpersonationLevel = 2 - SECURITY_DELEGATION _SecurityImpersonationLevel = 3 -) - -type _TokenType int32 - -const ( - TOKEN_PRIMARY _TokenType = 1 - TOKEN_IMPERSONATION _TokenType = 2 -) - -type _TokenElevationType int32 - -const ( - TOKEN_ELEVATION_TYPE_DEFAULT _TokenElevationType = 1 - TOKEN_ELEVATION_TYPE_FULL _TokenElevationType = 2 - TOKEN_ELEVATION_TYPE_LIMITED _TokenElevationType = 3 -) - -type _TokenInformationClass int32 - -const ( - TOKEN_USER _TokenInformationClass = 1 - TOKEN_GROUPS _TokenInformationClass = 2 - TOKEN_PRIVILEGES _TokenInformationClass = 3 - TOKEN_OWNER _TokenInformationClass = 4 - TOKEN_PRIMARY_GROUP _TokenInformationClass = 5 - TOKEN_DEFAULT_DACL _TokenInformationClass = 6 - TOKEN_SOURCE _TokenInformationClass = 7 - TOKEN_TYPE _TokenInformationClass = 8 - TOKEN_IMPERSONATION_LEVEL _TokenInformationClass = 9 - TOKEN_STATISTICS _TokenInformationClass = 10 - TOKEN_RESTRICTED_SIDS _TokenInformationClass = 11 - TOKEN_SESSION_ID _TokenInformationClass = 12 - TOKEN_GROUPS_AND_PRIVILEGES _TokenInformationClass = 13 - TOKEN_SESSION_REFERENCE _TokenInformationClass = 14 - TOKEN_SAND_BOX_INERT _TokenInformationClass = 15 - TOKEN_AUDIT_POLICY _TokenInformationClass = 16 - TOKEN_ORIGIN _TokenInformationClass = 17 - TOKEN_ELEVATION_TYPE _TokenInformationClass = 18 - TOKEN_LINKED_TOKEN _TokenInformationClass = 19 - TOKEN_ELEVATION _TokenInformationClass = 20 - TOKEN_HAS_RESTRICTIONS _TokenInformationClass = 21 - TOKEN_ACCESS_INFORMATION _TokenInformationClass = 22 - TOKEN_VIRTUALIZATION_ALLOWED _TokenInformationClass = 23 - TOKEN_VIRTUALIZATION_ENABLED _TokenInformationClass = 24 - TOKEN_INTEGRITY_LEVEL _TokenInformationClass = 25 - TOKEN_UIACCESS _TokenInformationClass = 26 - TOKEN_MANDATORY_POLICY _TokenInformationClass = 27 - TOKEN_LOGON_SID _TokenInformationClass = 28 - TOKEN_IS_APP_CONTAINER _TokenInformationClass = 29 - TOKEN_CAPABILITIES _TokenInformationClass = 30 - TOKEN_APP_CONTAINER_SID _TokenInformationClass = 31 - TOKEN_APP_CONTAINER_NUMBER _TokenInformationClass = 32 - TOKEN_USER_CLAIM_ATTRIBUTES _TokenInformationClass = 33 - TOKEN_DEVICE_CLAIM_ATTRIBUTES _TokenInformationClass = 34 - TOKEN_RESTRICTED_USER_CLAIM_ATTRIBUTES _TokenInformationClass = 35 - TOKEN_RESTRICTED_DEVICE_CLAIM_ATTRIBUTES _TokenInformationClass = 36 - TOKEN_DEVICE_GROUPS _TokenInformationClass = 37 - TOKEN_RESTRICTED_DEVICE_GROUPS _TokenInformationClass = 38 - TOKEN_SECURITY_ATTRIBUTES _TokenInformationClass = 39 - TOKEN_IS_RESTRICTED _TokenInformationClass = 40 - TOKEN_PROCESS_TRUST_LEVEL _TokenInformationClass = 41 - TOKEN_PRIVATE_NAME_SPACE _TokenInformationClass = 42 - TOKEN_SINGLETON_ATTRIBUTES _TokenInformationClass = 43 - TOKEN_BNO_ISOLATION _TokenInformationClass = 44 - TOKEN_CHILD_PROCESS_FLAGS _TokenInformationClass = 45 - TOKEN_IS_LESS_PRIVILEGED_APP_CONTAINER _TokenInformationClass = 46 - TOKEN_IS_SANDBOXED _TokenInformationClass = 47 - TOKEN_IS_APP_SILO _TokenInformationClass = 48 - TOKEN_LOGGING_INFORMATION _TokenInformationClass = 49 - MAX_TOKEN_INFO_CLASS _TokenInformationClass = 50 -) - -type _MandatoryLevel int32 - -const ( - MANDATORY_LEVEL_UNTRUSTED _MandatoryLevel = 0 - MANDATORY_LEVEL_LOW _MandatoryLevel = 1 - MANDATORY_LEVEL_MEDIUM _MandatoryLevel = 2 - MANDATORY_LEVEL_HIGH _MandatoryLevel = 3 - MANDATORY_LEVEL_SYSTEM _MandatoryLevel = 4 - MANDATORY_LEVEL_SECURE_PROCESS _MandatoryLevel = 5 - MANDATORY_LEVEL_COUNT _MandatoryLevel = 6 -) - -type _SeImageSignatureType int32 - -const ( - SE_IMAGE_SIGNATURE_NONE _SeImageSignatureType = 0 - SE_IMAGE_SIGNATURE_EMBEDDED _SeImageSignatureType = 1 - SE_IMAGE_SIGNATURE_CACHE _SeImageSignatureType = 2 - SE_IMAGE_SIGNATURE_CATALOG_CACHED _SeImageSignatureType = 3 - SE_IMAGE_SIGNATURE_CATALOG_NOT_CACHED _SeImageSignatureType = 4 - SE_IMAGE_SIGNATURE_CATALOG_HINT _SeImageSignatureType = 5 - SE_IMAGE_SIGNATURE_PACKAGE_CATALOG _SeImageSignatureType = 6 - SE_IMAGE_SIGNATURE_PPL_MITIGATED _SeImageSignatureType = 7 +// @brief enum for reasons why debuggee is paused +type _DebuggeePausingReason int32 + +const ( + DEBUGGEE_PAUSING_REASON_NOT_PAUSED _DebuggeePausingReason = 0 + DEBUGGEE_PAUSING_REASON_PAUSE _DebuggeePausingReason = 1 + DEBUGGEE_PAUSING_REASON_REQUEST_FROM_DEBUGGER _DebuggeePausingReason = 2 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_STEPPED _DebuggeePausingReason = 3 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_TRACKING_STEPPED _DebuggeePausingReason = 4 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_SOFTWARE_BREAKPOINT_HIT _DebuggeePausingReason = 5 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_HARDWARE_DEBUG_REGISTER_HIT _DebuggeePausingReason = 6 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_CORE_SWITCHED _DebuggeePausingReason = 7 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_PROCESS_SWITCHED _DebuggeePausingReason = 8 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_THREAD_SWITCHED _DebuggeePausingReason = 9 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_COMMAND_EXECUTION_FINISHED _DebuggeePausingReason = 10 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_EVENT_TRIGGERED _DebuggeePausingReason = 11 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_STARTING_MODULE_LOADED _DebuggeePausingReason = 12 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_GENERAL_DEBUG_BREAK _DebuggeePausingReason = 13 + DEBUGGEE_PAUSING_REASON_DEBUGGEE_GENERAL_THREAD_INTERCEPTED _DebuggeePausingReason = 14 + DEBUGGEE_PAUSING_REASON_HARDWARE_BASED_DEBUGGEE_GENERAL_BREAK _DebuggeePausingReason = 15 +) + +// @brief enum for requested action for HyperDbg packet +type _DebuggerRemotePacketRequestedAction int32 + +const ( + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_USER_MODE_PAUSE _DebuggerRemotePacketRequestedAction = 1 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_USER_MODE_DO_NOT_READ_ANY_PACKET _DebuggerRemotePacketRequestedAction = 2 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_USER_MODE_DEBUGGER_VERSION _DebuggerRemotePacketRequestedAction = 3 + DEBUGGER_REMOTE_PACKET_PING_AND_SEND_SUPPORTED_VERSION _DebuggerRemotePacketRequestedAction = 4 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_STEP _DebuggerRemotePacketRequestedAction = 5 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CONTINUE _DebuggerRemotePacketRequestedAction = 6 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CLOSE_AND_UNLOAD_DEBUGGEE _DebuggerRemotePacketRequestedAction = 7 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_CORE _DebuggerRemotePacketRequestedAction = 8 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_FLUSH_BUFFERS _DebuggerRemotePacketRequestedAction = 9 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CALLSTACK _DebuggerRemotePacketRequestedAction = 10 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_TEST_QUERY _DebuggerRemotePacketRequestedAction = 11 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_PROCESS _DebuggerRemotePacketRequestedAction = 12 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_THREAD _DebuggerRemotePacketRequestedAction = 13 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_RUN_SCRIPT _DebuggerRemotePacketRequestedAction = 14 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_USER_INPUT_BUFFER _DebuggerRemotePacketRequestedAction = 15 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SEARCH_QUERY _DebuggerRemotePacketRequestedAction = 16 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_REGISTER_EVENT _DebuggerRemotePacketRequestedAction = 17 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_ADD_ACTION_TO_EVENT _DebuggerRemotePacketRequestedAction = 18 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_QUERY_AND_MODIFY_EVENT _DebuggerRemotePacketRequestedAction = 19 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_READ_REGISTERS _DebuggerRemotePacketRequestedAction = 20 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_READ_MEMORY _DebuggerRemotePacketRequestedAction = 21 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_EDIT_MEMORY _DebuggerRemotePacketRequestedAction = 22 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_BP _DebuggerRemotePacketRequestedAction = 23 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_LIST_OR_MODIFY_BREAKPOINTS _DebuggerRemotePacketRequestedAction = 24 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SYMBOL_RELOAD _DebuggerRemotePacketRequestedAction = 25 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_QUERY_PA2VA_AND_VA2PA _DebuggerRemotePacketRequestedAction = 26 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SYMBOL_QUERY_PTE _DebuggerRemotePacketRequestedAction = 27 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SET_SHORT_CIRCUITING_STATE _DebuggerRemotePacketRequestedAction = 28 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_INJECT_PAGE_FAULT _DebuggerRemotePacketRequestedAction = 29 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_NO_ACTION _DebuggerRemotePacketRequestedAction = 30 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_STARTED _DebuggerRemotePacketRequestedAction = 31 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_LOGGING_MECHANISM _DebuggerRemotePacketRequestedAction = 32 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_PAUSED_AND_CURRENT_INSTRUCTION _DebuggerRemotePacketRequestedAction = 33 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CHANGING_CORE _DebuggerRemotePacketRequestedAction = 34 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CHANGING_PROCESS _DebuggerRemotePacketRequestedAction = 35 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CHANGING_THREAD _DebuggerRemotePacketRequestedAction = 36 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_RUNNING_SCRIPT _DebuggerRemotePacketRequestedAction = 37 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_FORMATS _DebuggerRemotePacketRequestedAction = 38 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_FLUSH _DebuggerRemotePacketRequestedAction = 39 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CALLSTACK _DebuggerRemotePacketRequestedAction = 40 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_TEST_QUERY _DebuggerRemotePacketRequestedAction = 41 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_REGISTERING_EVENT _DebuggerRemotePacketRequestedAction = 42 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_ADDING_ACTION_TO_EVENT _DebuggerRemotePacketRequestedAction = 43 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_QUERY_AND_MODIFY_EVENT _DebuggerRemotePacketRequestedAction = 44 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_SHORT_CIRCUITING_EVENT _DebuggerRemotePacketRequestedAction = 45 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_READING_REGISTERS _DebuggerRemotePacketRequestedAction = 46 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_READING_MEMORY _DebuggerRemotePacketRequestedAction = 47 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_EDITING_MEMORY _DebuggerRemotePacketRequestedAction = 48 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_BP _DebuggerRemotePacketRequestedAction = 49 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_SHORT_CIRCUITING_STATE _DebuggerRemotePacketRequestedAction = 50 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_LIST_OR_MODIFY_BREAKPOINTS _DebuggerRemotePacketRequestedAction = 51 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_UPDATE_SYMBOL_INFO _DebuggerRemotePacketRequestedAction = 52 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RELOAD_SYMBOL_FINISHED _DebuggerRemotePacketRequestedAction = 53 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RELOAD_SEARCH_QUERY _DebuggerRemotePacketRequestedAction = 54 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_PTE _DebuggerRemotePacketRequestedAction = 55 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_VA2PA_AND_PA2VA _DebuggerRemotePacketRequestedAction = 56 + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_BRINGING_PAGES_IN _DebuggerRemotePacketRequestedAction = 57 ) -type _HardwareCounterType int32 - -const ( - P_MCCOUNTER _HardwareCounterType = 0 - MAX_HARDWARE_COUNTER_TYPE _HardwareCounterType = 1 -) - -type _ProcessMitigationPolicy int32 - -const ( - PROCESS_DEPPOLICY _ProcessMitigationPolicy = 0 - PROCESS_ASLRPOLICY _ProcessMitigationPolicy = 1 - PROCESS_DYNAMIC_CODE_POLICY _ProcessMitigationPolicy = 2 - PROCESS_STRICT_HANDLE_CHECK_POLICY _ProcessMitigationPolicy = 3 - PROCESS_SYSTEM_CALL_DISABLE_POLICY _ProcessMitigationPolicy = 4 - PROCESS_MITIGATION_OPTIONS_MASK _ProcessMitigationPolicy = 5 - PROCESS_EXTENSION_POINT_DISABLE_POLICY _ProcessMitigationPolicy = 6 - PROCESS_CONTROL_FLOW_GUARD_POLICY _ProcessMitigationPolicy = 7 - PROCESS_SIGNATURE_POLICY _ProcessMitigationPolicy = 8 - PROCESS_FONT_DISABLE_POLICY _ProcessMitigationPolicy = 9 - PROCESS_IMAGE_LOAD_POLICY _ProcessMitigationPolicy = 10 - PROCESS_SYSTEM_CALL_FILTER_POLICY _ProcessMitigationPolicy = 11 - PROCESS_PAYLOAD_RESTRICTION_POLICY _ProcessMitigationPolicy = 12 - PROCESS_CHILD_PROCESS_POLICY _ProcessMitigationPolicy = 13 - PROCESS_SIDE_CHANNEL_ISOLATION_POLICY _ProcessMitigationPolicy = 14 - PROCESS_USER_SHADOW_STACK_POLICY _ProcessMitigationPolicy = 15 - PROCESS_REDIRECTION_TRUST_POLICY _ProcessMitigationPolicy = 16 - PROCESS_USER_POINTER_AUTH_POLICY _ProcessMitigationPolicy = 17 - PROCESS_SEHOPPOLICY _ProcessMitigationPolicy = 18 - MAX_PROCESS_MITIGATION_POLICY _ProcessMitigationPolicy = 19 -) - -type _JobobjectRateControlTolerance int32 - -const ( - TOLERANCE_LOW _JobobjectRateControlTolerance = 1 - TOLERANCE_MEDIUM _JobobjectRateControlTolerance = 2 - TOLERANCE_HIGH _JobobjectRateControlTolerance = 3 -) - -type _JobobjectRateControlToleranceInterval int32 - -const ( - TOLERANCE_INTERVAL_SHORT _JobobjectRateControlToleranceInterval = 1 - TOLERANCE_INTERVAL_MEDIUM _JobobjectRateControlToleranceInterval = 2 - TOLERANCE_INTERVAL_LONG _JobobjectRateControlToleranceInterval = 3 -) - -type JobObjectNetRateControlFlags int32 - -const ( - JOB_OBJECT_NET_RATE_CONTROL_ENABLE JobObjectNetRateControlFlags = 1 - JOB_OBJECT_NET_RATE_CONTROL_MAX_BANDWIDTH JobObjectNetRateControlFlags = 2 - JOB_OBJECT_NET_RATE_CONTROL_DSCP_TAG JobObjectNetRateControlFlags = 4 - JOB_OBJECT_NET_RATE_CONTROL_VALID_FLAGS JobObjectNetRateControlFlags = 7 -) - -type JobObjectIoRateControlFlags int32 - -const ( - JOB_OBJECT_IO_RATE_CONTROL_ENABLE JobObjectIoRateControlFlags = 1 - JOB_OBJECT_IO_RATE_CONTROL_STANDALONE_VOLUME JobObjectIoRateControlFlags = 2 - JOB_OBJECT_IO_RATE_CONTROL_FORCE_UNIT_ACCESS_ALL JobObjectIoRateControlFlags = 4 - JOB_OBJECT_IO_RATE_CONTROL_FORCE_UNIT_ACCESS_ON_SOFT_CAP JobObjectIoRateControlFlags = 8 - JOB_OBJECT_IO_RATE_CONTROL_VALID_FLAGS JobObjectIoRateControlFlags = 15 -) - -type JobobjectIoAttributionControlFlags int32 - -const ( - JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE JobobjectIoAttributionControlFlags = 1 - JOBOBJECT_IO_ATTRIBUTION_CONTROL_DISABLE JobobjectIoAttributionControlFlags = 2 - JOBOBJECT_IO_ATTRIBUTION_CONTROL_VALID_FLAGS JobobjectIoAttributionControlFlags = 3 -) - -type _Jobobjectinfoclass int32 - -const ( - JOB_OBJECT_BASIC_ACCOUNTING_INFORMATION _Jobobjectinfoclass = 1 - JOB_OBJECT_BASIC_LIMIT_INFORMATION _Jobobjectinfoclass = 2 - JOB_OBJECT_BASIC_PROCESS_ID_LIST _Jobobjectinfoclass = 3 - JOB_OBJECT_BASIC_UIRESTRICTIONS _Jobobjectinfoclass = 4 - JOB_OBJECT_SECURITY_LIMIT_INFORMATION _Jobobjectinfoclass = 5 - JOB_OBJECT_END_OF_JOB_TIME_INFORMATION _Jobobjectinfoclass = 6 - JOB_OBJECT_ASSOCIATE_COMPLETION_PORT_INFORMATION _Jobobjectinfoclass = 7 - JOB_OBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION _Jobobjectinfoclass = 8 - JOB_OBJECT_EXTENDED_LIMIT_INFORMATION _Jobobjectinfoclass = 9 - JOB_OBJECT_JOB_SET_INFORMATION _Jobobjectinfoclass = 10 - JOB_OBJECT_GROUP_INFORMATION _Jobobjectinfoclass = 11 - JOB_OBJECT_NOTIFICATION_LIMIT_INFORMATION _Jobobjectinfoclass = 12 - JOB_OBJECT_LIMIT_VIOLATION_INFORMATION _Jobobjectinfoclass = 13 - JOB_OBJECT_GROUP_INFORMATION_EX _Jobobjectinfoclass = 14 - JOB_OBJECT_CPU_RATE_CONTROL_INFORMATION _Jobobjectinfoclass = 15 - JOB_OBJECT_COMPLETION_FILTER _Jobobjectinfoclass = 16 - JOB_OBJECT_COMPLETION_COUNTER _Jobobjectinfoclass = 17 - JOB_OBJECT_RESERVED1_INFORMATION _Jobobjectinfoclass = 18 - JOB_OBJECT_RESERVED2_INFORMATION _Jobobjectinfoclass = 19 - JOB_OBJECT_RESERVED3_INFORMATION _Jobobjectinfoclass = 20 - JOB_OBJECT_RESERVED4_INFORMATION _Jobobjectinfoclass = 21 - JOB_OBJECT_RESERVED5_INFORMATION _Jobobjectinfoclass = 22 - JOB_OBJECT_RESERVED6_INFORMATION _Jobobjectinfoclass = 23 - JOB_OBJECT_RESERVED7_INFORMATION _Jobobjectinfoclass = 24 - JOB_OBJECT_RESERVED8_INFORMATION _Jobobjectinfoclass = 25 - JOB_OBJECT_RESERVED9_INFORMATION _Jobobjectinfoclass = 26 - JOB_OBJECT_RESERVED10_INFORMATION _Jobobjectinfoclass = 27 - JOB_OBJECT_RESERVED11_INFORMATION _Jobobjectinfoclass = 28 - JOB_OBJECT_RESERVED12_INFORMATION _Jobobjectinfoclass = 29 - JOB_OBJECT_RESERVED13_INFORMATION _Jobobjectinfoclass = 30 - JOB_OBJECT_RESERVED14_INFORMATION _Jobobjectinfoclass = 31 - JOB_OBJECT_NET_RATE_CONTROL_INFORMATION _Jobobjectinfoclass = 32 - JOB_OBJECT_NOTIFICATION_LIMIT_INFORMATION2 _Jobobjectinfoclass = 33 - JOB_OBJECT_LIMIT_VIOLATION_INFORMATION2 _Jobobjectinfoclass = 34 - JOB_OBJECT_CREATE_SILO _Jobobjectinfoclass = 35 - JOB_OBJECT_SILO_BASIC_INFORMATION _Jobobjectinfoclass = 36 - JOB_OBJECT_RESERVED15_INFORMATION _Jobobjectinfoclass = 37 - JOB_OBJECT_RESERVED16_INFORMATION _Jobobjectinfoclass = 38 - JOB_OBJECT_RESERVED17_INFORMATION _Jobobjectinfoclass = 39 - JOB_OBJECT_RESERVED18_INFORMATION _Jobobjectinfoclass = 40 - JOB_OBJECT_RESERVED19_INFORMATION _Jobobjectinfoclass = 41 - JOB_OBJECT_RESERVED20_INFORMATION _Jobobjectinfoclass = 42 - JOB_OBJECT_RESERVED21_INFORMATION _Jobobjectinfoclass = 43 - JOB_OBJECT_RESERVED22_INFORMATION _Jobobjectinfoclass = 44 - JOB_OBJECT_RESERVED23_INFORMATION _Jobobjectinfoclass = 45 - JOB_OBJECT_RESERVED24_INFORMATION _Jobobjectinfoclass = 46 - JOB_OBJECT_RESERVED25_INFORMATION _Jobobjectinfoclass = 47 - JOB_OBJECT_RESERVED26_INFORMATION _Jobobjectinfoclass = 48 - JOB_OBJECT_RESERVED27_INFORMATION _Jobobjectinfoclass = 49 - JOB_OBJECT_RESERVED28_INFORMATION _Jobobjectinfoclass = 50 - JOB_OBJECT_NETWORK_ACCOUNTING_INFORMATION _Jobobjectinfoclass = 51 - MAX_JOB_OBJECT_INFO_CLASS _Jobobjectinfoclass = 52 -) - -type _ServersiloState int32 - -const ( - SERVERSILO_INITING _ServersiloState = 0 - SERVERSILO_STARTED _ServersiloState = 1 - SERVERSILO_SHUTTING_DOWN _ServersiloState = 2 - SERVERSILO_TERMINATING _ServersiloState = 3 - SERVERSILO_TERMINATED _ServersiloState = 4 -) - -type _FirmwareType int32 - -const ( - FIRMWARE_TYPE_UNKNOWN _FirmwareType = 0 - FIRMWARE_TYPE_BIOS _FirmwareType = 1 - FIRMWARE_TYPE_UEFI _FirmwareType = 2 - FIRMWARE_TYPE_MAX _FirmwareType = 3 -) - -type _LogicalProcessorRelationship int32 - -const ( - RELATION_PROCESSOR_CORE _LogicalProcessorRelationship = 0 - RELATION_NUMA_NODE _LogicalProcessorRelationship = 1 - RELATION_CACHE _LogicalProcessorRelationship = 2 - RELATION_PROCESSOR_PACKAGE _LogicalProcessorRelationship = 3 - RELATION_GROUP _LogicalProcessorRelationship = 4 - RELATION_PROCESSOR_DIE _LogicalProcessorRelationship = 5 - RELATION_NUMA_NODE_EX _LogicalProcessorRelationship = 6 - RELATION_PROCESSOR_MODULE _LogicalProcessorRelationship = 7 - RELATION_ALL _LogicalProcessorRelationship = 65535 -) - -type _ProcessorCacheType int32 - -const ( - CACHE_UNIFIED _ProcessorCacheType = 0 - CACHE_INSTRUCTION _ProcessorCacheType = 1 - CACHE_DATA _ProcessorCacheType = 2 - CACHE_TRACE _ProcessorCacheType = 3 - CACHE_UNKNOWN _ProcessorCacheType = 4 -) - -type _CpuSetInformationType int32 - -const CPU_SET_INFORMATION _CpuSetInformationType = 0 - -type MemExtendedParameterType int32 - -const ( - MEM_EXTENDED_PARAMETER_INVALID_TYPE MemExtendedParameterType = 0 - MEM_EXTENDED_PARAMETER_ADDRESS_REQUIREMENTS MemExtendedParameterType = 1 - MEM_EXTENDED_PARAMETER_NUMA_NODE MemExtendedParameterType = 2 - MEM_EXTENDED_PARAMETER_PARTITION_HANDLE MemExtendedParameterType = 3 - MEM_EXTENDED_PARAMETER_USER_PHYSICAL_HANDLE MemExtendedParameterType = 4 - MEM_EXTENDED_PARAMETER_ATTRIBUTE_FLAGS MemExtendedParameterType = 5 - MEM_EXTENDED_PARAMETER_IMAGE_MACHINE MemExtendedParameterType = 6 - MEM_EXTENDED_PARAMETER_MAX MemExtendedParameterType = 7 -) - -type _MemDedicatedAttributeType int32 - -const ( - MEM_DEDICATED_ATTRIBUTE_READ_BANDWIDTH _MemDedicatedAttributeType = 0 - MEM_DEDICATED_ATTRIBUTE_READ_LATENCY _MemDedicatedAttributeType = 1 - MEM_DEDICATED_ATTRIBUTE_WRITE_BANDWIDTH _MemDedicatedAttributeType = 2 - MEM_DEDICATED_ATTRIBUTE_WRITE_LATENCY _MemDedicatedAttributeType = 3 - MEM_DEDICATED_ATTRIBUTE_MAX _MemDedicatedAttributeType = 4 -) - -type MemSectionExtendedParameterType int32 - -const ( - MEM_SECTION_EXTENDED_PARAMETER_INVALID_TYPE MemSectionExtendedParameterType = 0 - MEM_SECTION_EXTENDED_PARAMETER_USER_PHYSICAL_FLAGS MemSectionExtendedParameterType = 1 - MEM_SECTION_EXTENDED_PARAMETER_NUMA_NODE MemSectionExtendedParameterType = 2 - MEM_SECTION_EXTENDED_PARAMETER_SIGNING_LEVEL MemSectionExtendedParameterType = 3 - MEM_SECTION_EXTENDED_PARAMETER_MAX MemSectionExtendedParameterType = 4 -) - -type _SharedVirtualDiskSupportType int32 - -const ( - SHARED_VIRTUAL_DISKS_UNSUPPORTED _SharedVirtualDiskSupportType = 0 - SHARED_VIRTUAL_DISKS_SUPPORTED _SharedVirtualDiskSupportType = 1 - SHARED_VIRTUAL_DISK_SNAPSHOTS_SUPPORTED _SharedVirtualDiskSupportType = 3 - SHARED_VIRTUAL_DISK_CDPSNAPSHOTS_SUPPORTED _SharedVirtualDiskSupportType = 7 -) - -type _SharedVirtualDiskHandleState int32 - -const ( - SHARED_VIRTUAL_DISK_HANDLE_STATE_NONE _SharedVirtualDiskHandleState = 0 - SHARED_VIRTUAL_DISK_HANDLE_STATE_FILE_SHARED _SharedVirtualDiskHandleState = 1 - SHARED_VIRTUAL_DISK_HANDLE_STATE_HANDLE_SHARED _SharedVirtualDiskHandleState = 3 -) - -type _SystemPowerState int32 - -const ( - POWER_SYSTEM_UNSPECIFIED _SystemPowerState = 0 - POWER_SYSTEM_WORKING _SystemPowerState = 1 - POWER_SYSTEM_SLEEPING1 _SystemPowerState = 2 - POWER_SYSTEM_SLEEPING2 _SystemPowerState = 3 - POWER_SYSTEM_SLEEPING3 _SystemPowerState = 4 - POWER_SYSTEM_HIBERNATE _SystemPowerState = 5 - POWER_SYSTEM_SHUTDOWN _SystemPowerState = 6 - POWER_SYSTEM_MAXIMUM _SystemPowerState = 7 -) - -type int32 - -const ( - POWER_ACTION_NONE = 0 - POWER_ACTION_RESERVED = 1 - POWER_ACTION_SLEEP = 2 - POWER_ACTION_HIBERNATE = 3 - POWER_ACTION_SHUTDOWN = 4 - POWER_ACTION_SHUTDOWN_RESET = 5 - POWER_ACTION_SHUTDOWN_OFF = 6 - POWER_ACTION_WARM_EJECT = 7 - POWER_ACTION_DISPLAY_OFF = 8 -) - -type _DevicePowerState int32 - -const ( - POWER_DEVICE_UNSPECIFIED _DevicePowerState = 0 - POWER_DEVICE_D0 _DevicePowerState = 1 - POWER_DEVICE_D1 _DevicePowerState = 2 - POWER_DEVICE_D2 _DevicePowerState = 3 - POWER_DEVICE_D3 _DevicePowerState = 4 - POWER_DEVICE_MAXIMUM _DevicePowerState = 5 -) - -type _MonitorDisplayState int32 - -const ( - POWER_MONITOR_OFF _MonitorDisplayState = 0 - POWER_MONITOR_ON _MonitorDisplayState = 1 - POWER_MONITOR_DIM _MonitorDisplayState = 2 -) - -type _UserActivityPresence int32 - -const ( - POWER_USER_PRESENT _UserActivityPresence = 0 - POWER_USER_NOT_PRESENT _UserActivityPresence = 1 - POWER_USER_INACTIVE _UserActivityPresence = 2 - POWER_USER_MAXIMUM _UserActivityPresence = 3 - POWER_USER_INVALID _UserActivityPresence = 3 -) - -type _EnergySaverStatus int32 - -const ( - ENERGY_SAVER_OFF _EnergySaverStatus = 0 - ENERGY_SAVER_STANDARD _EnergySaverStatus = 1 - ENERGY_SAVER_HIGH_SAVINGS _EnergySaverStatus = 2 -) - -type int32 - -const ( - LT_DONT_CARE = 0 - LT_LOWEST_LATENCY = 1 -) - -type _PowerRequestType int32 - -const ( - POWER_REQUEST_DISPLAY_REQUIRED _PowerRequestType = 0 - POWER_REQUEST_SYSTEM_REQUIRED _PowerRequestType = 1 - POWER_REQUEST_AWAY_MODE_REQUIRED _PowerRequestType = 2 - POWER_REQUEST_EXECUTION_REQUIRED _PowerRequestType = 3 -) - -type int32 - -const ( - SYSTEM_POWER_POLICY_AC = 0 - SYSTEM_POWER_POLICY_DC = 1 - VERIFY_SYSTEM_POLICY_AC = 2 - VERIFY_SYSTEM_POLICY_DC = 3 - SYSTEM_POWER_CAPABILITIES = 4 - SYSTEM_BATTERY_STATE = 5 - SYSTEM_POWER_STATE_HANDLER = 6 - PROCESSOR_STATE_HANDLER = 7 - SYSTEM_POWER_POLICY_CURRENT = 8 - ADMINISTRATOR_POWER_POLICY = 9 - SYSTEM_RESERVE_HIBER_FILE = 10 - PROCESSOR_INFORMATION = 11 - SYSTEM_POWER_INFORMATION = 12 - PROCESSOR_STATE_HANDLER2 = 13 - LAST_WAKE_TIME = 14 - LAST_SLEEP_TIME = 15 - SYSTEM_EXECUTION_STATE = 16 - SYSTEM_POWER_STATE_NOTIFY_HANDLER = 17 - PROCESSOR_POWER_POLICY_AC = 18 - PROCESSOR_POWER_POLICY_DC = 19 - VERIFY_PROCESSOR_POWER_POLICY_AC = 20 - VERIFY_PROCESSOR_POWER_POLICY_DC = 21 - PROCESSOR_POWER_POLICY_CURRENT = 22 - SYSTEM_POWER_STATE_LOGGING = 23 - SYSTEM_POWER_LOGGING_ENTRY = 24 - SET_POWER_SETTING_VALUE = 25 - NOTIFY_USER_POWER_SETTING = 26 - POWER_INFORMATION_LEVEL_UNUSED0 = 27 - SYSTEM_MONITOR_HIBER_BOOT_POWER_OFF = 28 - SYSTEM_VIDEO_STATE = 29 - TRACE_APPLICATION_POWER_MESSAGE = 30 - TRACE_APPLICATION_POWER_MESSAGE_END = 31 - PROCESSOR_PERF_STATES = 32 - PROCESSOR_IDLE_STATES = 33 - PROCESSOR_CAP = 34 - SYSTEM_WAKE_SOURCE = 35 - SYSTEM_HIBER_FILE_INFORMATION = 36 - TRACE_SERVICE_POWER_MESSAGE = 37 - PROCESSOR_LOAD = 38 - POWER_SHUTDOWN_NOTIFICATION = 39 - MONITOR_CAPABILITIES = 40 - SESSION_POWER_INIT = 41 - SESSION_DISPLAY_STATE = 42 - POWER_REQUEST_CREATE = 43 - POWER_REQUEST_ACTION = 44 - GET_POWER_REQUEST_LIST = 45 - PROCESSOR_INFORMATION_EX = 46 - NOTIFY_USER_MODE_LEGACY_POWER_EVENT = 47 - GROUP_PARK = 48 - PROCESSOR_IDLE_DOMAINS = 49 - WAKE_TIMER_LIST = 50 - SYSTEM_HIBER_FILE_SIZE = 51 - PROCESSOR_IDLE_STATES_HV = 52 - PROCESSOR_PERF_STATES_HV = 53 - PROCESSOR_PERF_CAP_HV = 54 - PROCESSOR_SET_IDLE = 55 - LOGICAL_PROCESSOR_IDLING = 56 - USER_PRESENCE = 57 - POWER_SETTING_NOTIFICATION_NAME = 58 - GET_POWER_SETTING_VALUE = 59 - IDLE_RESILIENCY = 60 - SESSION_RITSTATE = 61 - SESSION_CONNECT_NOTIFICATION = 62 - SESSION_POWER_CLEANUP = 63 - SESSION_LOCK_STATE = 64 - SYSTEM_HIBERBOOT_STATE = 65 - PLATFORM_INFORMATION = 66 - PDC_INVOCATION = 67 - MONITOR_INVOCATION = 68 - FIRMWARE_TABLE_INFORMATION_REGISTERED = 69 - SET_SHUTDOWN_SELECTED_TIME = 70 - SUSPEND_RESUME_INVOCATION = 71 - PLM_POWER_REQUEST_CREATE = 72 - SCREEN_OFF = 73 - CS_DEVICE_NOTIFICATION = 74 - PLATFORM_ROLE = 75 - LAST_RESUME_PERFORMANCE = 76 - DISPLAY_BURST = 77 - EXIT_LATENCY_SAMPLING_PERCENTAGE = 78 - REGISTER_SPM_POWER_SETTINGS = 79 - PLATFORM_IDLE_STATES = 80 - PROCESSOR_IDLE_VETO = 81 - PLATFORM_IDLE_VETO = 82 - SYSTEM_BATTERY_STATE_PRECISE = 83 - THERMAL_EVENT = 84 - POWER_REQUEST_ACTION_INTERNAL = 85 - BATTERY_DEVICE_STATE = 86 - POWER_INFORMATION_INTERNAL = 87 - THERMAL_STANDBY = 88 - SYSTEM_HIBER_FILE_TYPE = 89 - PHYSICAL_POWER_BUTTON_PRESS = 90 - QUERY_POTENTIAL_DRIPS_CONSTRAINT = 91 - ENERGY_TRACKER_CREATE = 92 - ENERGY_TRACKER_QUERY = 93 - UPDATE_BLACK_BOX_RECORDER = 94 - SESSION_ALLOW_EXTERNAL_DMA_DEVICES = 95 - SEND_SUSPEND_RESUME_NOTIFICATION = 96 - BLACK_BOX_RECORDER_DIRECT_ACCESS_BUFFER = 97 - POWER_INFORMATION_LEVEL_MAXIMUM = 98 -) - -type int32 - -const ( - USER_NOT_PRESENT = 0 - USER_PRESENT = 1 - USER_UNKNOWN = 255 -) - -type int32 - -const ( - MONITOR_REQUEST_REASON_UNKNOWN = 0 - MONITOR_REQUEST_REASON_POWER_BUTTON = 1 - MONITOR_REQUEST_REASON_REMOTE_CONNECTION = 2 - MONITOR_REQUEST_REASON_SC_MONITORPOWER = 3 - MONITOR_REQUEST_REASON_USER_INPUT = 4 - MONITOR_REQUEST_REASON_AC_DC_DISPLAY_BURST = 5 - MONITOR_REQUEST_REASON_USER_DISPLAY_BURST = 6 - MONITOR_REQUEST_REASON_PO_SET_SYSTEM_STATE = 7 - MONITOR_REQUEST_REASON_SET_THREAD_EXECUTION_STATE = 8 - MONITOR_REQUEST_REASON_FULL_WAKE = 9 - MONITOR_REQUEST_REASON_SESSION_UNLOCK = 10 - MONITOR_REQUEST_REASON_SCREEN_OFF_REQUEST = 11 - MONITOR_REQUEST_REASON_IDLE_TIMEOUT = 12 - MONITOR_REQUEST_REASON_POLICY_CHANGE = 13 - MONITOR_REQUEST_REASON_SLEEP_BUTTON = 14 - MONITOR_REQUEST_REASON_LID = 15 - MONITOR_REQUEST_REASON_BATTERY_COUNT_CHANGE = 16 - MONITOR_REQUEST_REASON_GRACE_PERIOD = 17 - MONITOR_REQUEST_REASON_PN_P = 18 - MONITOR_REQUEST_REASON_DP = 19 - MONITOR_REQUEST_REASON_SX_TRANSITION = 20 - MONITOR_REQUEST_REASON_SYSTEM_IDLE = 21 - MONITOR_REQUEST_REASON_NEAR_PROXIMITY = 22 - MONITOR_REQUEST_REASON_THERMAL_STANDBY = 23 - MONITOR_REQUEST_REASON_RESUME_PDC = 24 - MONITOR_REQUEST_REASON_RESUME_S4 = 25 - MONITOR_REQUEST_REASON_TERMINAL = 26 - MONITOR_REQUEST_REASON_PDC_SIGNAL = 27 - MONITOR_REQUEST_REASON_AC_DC_DISPLAY_BURST_SUPPRESSED = 28 - MONITOR_REQUEST_REASON_SYSTEM_STATE_ENTERED = 29 - MONITOR_REQUEST_REASON_WINRT = 30 - MONITOR_REQUEST_REASON_USER_INPUT_KEYBOARD = 31 - MONITOR_REQUEST_REASON_USER_INPUT_MOUSE = 32 - MONITOR_REQUEST_REASON_USER_INPUT_TOUCHPAD = 33 - MONITOR_REQUEST_REASON_USER_INPUT_PEN = 34 - MONITOR_REQUEST_REASON_USER_INPUT_ACCELEROMETER = 35 - MONITOR_REQUEST_REASON_USER_INPUT_HID = 36 - MONITOR_REQUEST_REASON_USER_INPUT_PO_USER_PRESENT = 37 - MONITOR_REQUEST_REASON_USER_INPUT_SESSION_SWITCH = 38 - MONITOR_REQUEST_REASON_USER_INPUT_INITIALIZATION = 39 - MONITOR_REQUEST_REASON_PDC_SIGNAL_WINDOWS_MOBILE_PWR_NOTIF = 40 - MONITOR_REQUEST_REASON_PDC_SIGNAL_WINDOWS_MOBILE_SHELL = 41 - MONITOR_REQUEST_REASON_PDC_SIGNAL_HEY_CORTANA = 42 - MONITOR_REQUEST_REASON_PDC_SIGNAL_HOLOGRAPHIC_SHELL = 43 - MONITOR_REQUEST_REASON_PDC_SIGNAL_FINGERPRINT = 44 - MONITOR_REQUEST_REASON_DIRECTED_DRIPS = 45 - MONITOR_REQUEST_REASON_DIM = 46 - MONITOR_REQUEST_REASON_BUILTIN_PANEL = 47 - MONITOR_REQUEST_REASON_DISPLAY_REQUIRED_UN_DIM = 48 - MONITOR_REQUEST_REASON_BATTERY_COUNT_CHANGE_SUPPRESSED = 49 - MONITOR_REQUEST_REASON_RESUME_MODERN_STANDBY = 50 - MONITOR_REQUEST_REASON_TERMINAL_INIT = 51 - MONITOR_REQUEST_REASON_PDC_SIGNAL_SENSORS_HUMAN_PRESENCE = 52 - MONITOR_REQUEST_REASON_BATTERY_PRE_CRITICAL = 53 - MONITOR_REQUEST_REASON_USER_INPUT_TOUCH = 54 - MONITOR_REQUEST_REASON_AUSTERITY_BATTERY_DRAIN = 55 - MONITOR_REQUEST_REASON_DOZE_RESTRICTED_STANDBY = 56 - MONITOR_REQUEST_REASON_SMART_RESTRICTED_STANDBY = 57 - MONITOR_REQUEST_REASON_MAX = 58 -) - -type _PowerMonitorRequestType int32 - -const ( - MONITOR_REQUEST_TYPE_OFF _PowerMonitorRequestType = 0 - MONITOR_REQUEST_TYPE_ON_AND_PRESENT _PowerMonitorRequestType = 1 - MONITOR_REQUEST_TYPE_TOGGLE_ON _PowerMonitorRequestType = 2 -) - -type _PowerLimitTypes int32 - -const ( - POWER_LIMIT_CONTINUOUS _PowerLimitTypes = 0 - POWER_LIMIT_BURST _PowerLimitTypes = 1 - POWER_LIMIT_RAPID _PowerLimitTypes = 2 - POWER_LIMIT_PREEMPTIVE _PowerLimitTypes = 3 - POWER_LIMIT_PREEMPTIVE_OFFSET _PowerLimitTypes = 4 - POWER_LIMIT_TYPE_MAX _PowerLimitTypes = 5 -) - -type int32 - -const ( - PO_AC = 0 - PO_DC = 1 - PO_HOT = 2 - PO_CONDITION_MAXIMUM = 3 -) - -type _PowerPlatformRole int32 - -const ( - PLATFORM_ROLE_UNSPECIFIED _PowerPlatformRole = 0 - PLATFORM_ROLE_DESKTOP _PowerPlatformRole = 1 - PLATFORM_ROLE_MOBILE _PowerPlatformRole = 2 - PLATFORM_ROLE_WORKSTATION _PowerPlatformRole = 3 - PLATFORM_ROLE_ENTERPRISE_SERVER _PowerPlatformRole = 4 - PLATFORM_ROLE_SOHOSERVER _PowerPlatformRole = 5 - PLATFORM_ROLE_APPLIANCE_PC _PowerPlatformRole = 6 - PLATFORM_ROLE_PERFORMANCE_SERVER _PowerPlatformRole = 7 - PLATFORM_ROLE_SLATE _PowerPlatformRole = 8 - PLATFORM_ROLE_MAXIMUM _PowerPlatformRole = 9 -) - -type PowerSettingAltitude int32 - -const ( - ALTITUDE_GROUP_POLICY PowerSettingAltitude = 0 - ALTITUDE_USER PowerSettingAltitude = 1 - ALTITUDE_RUNTIME_OVERRIDE PowerSettingAltitude = 2 - ALTITUDE_PROVISIONING PowerSettingAltitude = 3 - ALTITUDE_OEM_CUSTOMIZATION PowerSettingAltitude = 4 - ALTITUDE_INTERNAL_OVERRIDE PowerSettingAltitude = 5 - ALTITUDE_OS_DEFAULT PowerSettingAltitude = 6 -) - -type _HiberfileBucketSize int32 - -const ( - HIBER_FILE_BUCKET1_GB _HiberfileBucketSize = 0 - HIBER_FILE_BUCKET2_GB _HiberfileBucketSize = 1 - HIBER_FILE_BUCKET4_GB _HiberfileBucketSize = 2 - HIBER_FILE_BUCKET8_GB _HiberfileBucketSize = 3 - HIBER_FILE_BUCKET16_GB _HiberfileBucketSize = 4 - HIBER_FILE_BUCKET32_GB _HiberfileBucketSize = 5 - HIBER_FILE_BUCKET_UNLIMITED _HiberfileBucketSize = 6 - HIBER_FILE_BUCKET_MAX _HiberfileBucketSize = 7 -) - -type ImageAuxSymbolType int32 - -const IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF ImageAuxSymbolType = 1 - -type Arm64FnpdataFlags int32 - -const ( - PDATA_REF_TO_FULL_XDATA Arm64FnpdataFlags = 0 - PDATA_PACKED_UNWIND_FUNCTION Arm64FnpdataFlags = 1 - PDATA_PACKED_UNWIND_FRAGMENT Arm64FnpdataFlags = 2 -) - -type Arm64FnpdataCr int32 - -const ( - PDATA_CR_UNCHAINED Arm64FnpdataCr = 0 - PDATA_CR_UNCHAINED_SAVED_LR Arm64FnpdataCr = 1 - PDATA_CR_CHAINED_WITH_PAC Arm64FnpdataCr = 2 - PDATA_CR_CHAINED Arm64FnpdataCr = 3 -) +// @brief enum for different packet types in HyperDbg packets +// +// @warning used in hwdbg +type _DebuggerRemotePacketType int32 -type ImportObjectType int32 +const ( + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT _DebuggerRemotePacketType = 1 + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_USER_MODE _DebuggerRemotePacketType = 2 + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER _DebuggerRemotePacketType = 3 + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_HARDWARE_LEVEL _DebuggerRemotePacketType = 4 + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER_HARDWARE_LEVEL _DebuggerRemotePacketType = 5 +) + +// @brief Different levels of paging +type _PagingLevel int32 + +const ( + PAGING_LEVEL_PAGE_TABLE _PagingLevel = 0 + PAGING_LEVEL_PAGE_DIRECTORY _PagingLevel = 1 + PAGING_LEVEL_PAGE_DIRECTORY_POINTER_TABLE _PagingLevel = 2 + PAGING_LEVEL_PAGE_MAP_LEVEL4 _PagingLevel = 3 +) + +// @brief Inum of intentions for buffers (buffer tag) +type _PoolAllocationIntention int32 + +const ( + TRACKING_HOOKED_PAGES _PoolAllocationIntention = 0 + EXEC_TRAMPOLINE _PoolAllocationIntention = 1 + SPLIT_2MB_PAGING_TO_4KB_PAGE _PoolAllocationIntention = 2 + DETOUR_HOOK_DETAILS _PoolAllocationIntention = 3 + BREAKPOINT_DEFINITION_STRUCTURE _PoolAllocationIntention = 4 + PROCESS_THREAD_HOLDER _PoolAllocationIntention = 5 + INSTANT_REGULAR_EVENT_BUFFER _PoolAllocationIntention = 6 + INSTANT_BIG_EVENT_BUFFER _PoolAllocationIntention = 7 + INSTANT_REGULAR_EVENT_ACTION_BUFFER _PoolAllocationIntention = 8 + INSTANT_BIG_EVENT_ACTION_BUFFER _PoolAllocationIntention = 9 + INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS _PoolAllocationIntention = 10 + INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS _PoolAllocationIntention = 11 +) + +// /////////////////////////////////////////////// +type _DebugRegisterType int32 + +const ( + BREAK_ON_INSTRUCTION_FETCH _DebugRegisterType = 0 + BREAK_ON_WRITE_ONLY _DebugRegisterType = 1 + BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED _DebugRegisterType = 2 + BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH _DebugRegisterType = 3 +) + +// /////////////////////////////////////////////// +type _VmxExecutionMode int32 + +const ( + VMX_EXECUTION_MODE_NON_ROOT _VmxExecutionMode = 0 + VMX_EXECUTION_MODE_ROOT _VmxExecutionMode = 1 +) + +// @brief Type of calling the event +type _VmmCallbackEventCallingStageType int32 + +const ( + VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION _VmmCallbackEventCallingStageType = 0 + VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION _VmmCallbackEventCallingStageType = 1 + VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION _VmmCallbackEventCallingStageType = 2 + VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION _VmmCallbackEventCallingStageType = 3 +) + +// @brief enum to query different process and thread interception mechanisms +type _DebuggerThreadProcessTracing int32 + +const ( + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE _DebuggerThreadProcessTracing = 0 + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE _DebuggerThreadProcessTracing = 1 + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION _DebuggerThreadProcessTracing = 2 + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS _DebuggerThreadProcessTracing = 3 +) + +// @brief Type of transferring buffer between user-to-kernel +type _NotifyType int32 const ( - IMPORT_OBJECT_CODE ImportObjectType = 0 - IMPORT_OBJECT_DATA ImportObjectType = 1 - IMPORT_OBJECT_CONST ImportObjectType = 2 + IRP_BASED _NotifyType = 0 + EVENT_BASED _NotifyType = 1 ) -type ImportObjectNameType int32 +// @brief different type of memory addresses +type _DebuggerHookMemoryType int32 const ( - IMPORT_OBJECT_ORDINAL ImportObjectNameType = 0 - IMPORT_OBJECT_NAME ImportObjectNameType = 1 - IMPORT_OBJECT_NAME_NO_PREFIX ImportObjectNameType = 2 - IMPORT_OBJECT_NAME_UNDECORATE ImportObjectNameType = 3 - IMPORT_OBJECT_NAME_EXPORTAS ImportObjectNameType = 4 + DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS _DebuggerHookMemoryType = 0 + DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS _DebuggerHookMemoryType = 1 ) -type ReplacesCorHdrNumericDefines int32 +// @brief Exceptions enum +type _ExceptionVectors int32 const ( - COMIMAGE_FLAGS_ILONLY ReplacesCorHdrNumericDefines = 1 - COMIMAGE_FLAGS_32BITREQUIRED ReplacesCorHdrNumericDefines = 2 - COMIMAGE_FLAGS_IL_LIBRARY ReplacesCorHdrNumericDefines = 4 - COMIMAGE_FLAGS_STRONGNAMESIGNED ReplacesCorHdrNumericDefines = 8 - COMIMAGE_FLAGS_NATIVE_ENTRYPOINT ReplacesCorHdrNumericDefines = 16 - COMIMAGE_FLAGS_TRACKDEBUGDATA ReplacesCorHdrNumericDefines = 65536 - COMIMAGE_FLAGS_32BITPREFERRED ReplacesCorHdrNumericDefines = 131072 - COR_VERSION_MAJOR_V2 ReplacesCorHdrNumericDefines = 2 - COR_VERSION_MAJOR ReplacesCorHdrNumericDefines = 2 - COR_VERSION_MINOR ReplacesCorHdrNumericDefines = 5 - COR_DELETED_NAME_LENGTH ReplacesCorHdrNumericDefines = 8 - COR_VTABLEGAP_NAME_LENGTH ReplacesCorHdrNumericDefines = 8 - NATIVE_TYPE_MAX_CB ReplacesCorHdrNumericDefines = 1 - COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE ReplacesCorHdrNumericDefines = 255 - IMAGE_COR_MIH_METHODRVA ReplacesCorHdrNumericDefines = 1 - IMAGE_COR_MIH_EHRVA ReplacesCorHdrNumericDefines = 2 - IMAGE_COR_MIH_BASICBLOCK ReplacesCorHdrNumericDefines = 8 - COR_VTABLE_32BIT ReplacesCorHdrNumericDefines = 1 - COR_VTABLE_64BIT ReplacesCorHdrNumericDefines = 2 - COR_VTABLE_FROM_UNMANAGED ReplacesCorHdrNumericDefines = 4 - COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN ReplacesCorHdrNumericDefines = 8 - COR_VTABLE_CALL_MOST_DERIVED ReplacesCorHdrNumericDefines = 16 - IMAGE_COR_EATJ_THUNK_SIZE ReplacesCorHdrNumericDefines = 32 - MAX_CLASS_NAME ReplacesCorHdrNumericDefines = 1024 - MAX_PACKAGE_NAME ReplacesCorHdrNumericDefines = 1024 + EXCEPTION_VECTOR_DIVIDE_ERROR _ExceptionVectors = 0 + EXCEPTION_VECTOR_DEBUG_BREAKPOINT _ExceptionVectors = 1 + EXCEPTION_VECTOR_NMI _ExceptionVectors = 2 + EXCEPTION_VECTOR_BREAKPOINT _ExceptionVectors = 3 + EXCEPTION_VECTOR_OVERFLOW _ExceptionVectors = 4 + EXCEPTION_VECTOR_BOUND_RANGE_EXCEEDED _ExceptionVectors = 5 + EXCEPTION_VECTOR_UNDEFINED_OPCODE _ExceptionVectors = 6 + EXCEPTION_VECTOR_NO_MATH_COPROCESSOR _ExceptionVectors = 7 + EXCEPTION_VECTOR_DOUBLE_FAULT _ExceptionVectors = 8 + EXCEPTION_VECTOR_RESERVED0 _ExceptionVectors = 9 + EXCEPTION_VECTOR_INVALID_TASK_SEGMENT_SELECTOR _ExceptionVectors = 10 + EXCEPTION_VECTOR_SEGMENT_NOT_PRESENT _ExceptionVectors = 11 + EXCEPTION_VECTOR_STACK_SEGMENT_FAULT _ExceptionVectors = 12 + EXCEPTION_VECTOR_GENERAL_PROTECTION_FAULT _ExceptionVectors = 13 + EXCEPTION_VECTOR_PAGE_FAULT _ExceptionVectors = 14 + EXCEPTION_VECTOR_RESERVED1 _ExceptionVectors = 15 + EXCEPTION_VECTOR_MATH_FAULT _ExceptionVectors = 16 + EXCEPTION_VECTOR_ALIGNMENT_CHECK _ExceptionVectors = 17 + EXCEPTION_VECTOR_MACHINE_CHECK _ExceptionVectors = 18 + EXCEPTION_VECTOR_SIMD_FLOATING_POINT_NUMERIC_ERROR _ExceptionVectors = 19 + EXCEPTION_VECTOR_VIRTUAL_EXCEPTION _ExceptionVectors = 20 + EXCEPTION_VECTOR_RESERVED2 _ExceptionVectors = 21 + EXCEPTION_VECTOR_RESERVED3 _ExceptionVectors = 22 + EXCEPTION_VECTOR_RESERVED4 _ExceptionVectors = 23 + EXCEPTION_VECTOR_RESERVED5 _ExceptionVectors = 24 + EXCEPTION_VECTOR_RESERVED6 _ExceptionVectors = 25 + EXCEPTION_VECTOR_RESERVED7 _ExceptionVectors = 26 + EXCEPTION_VECTOR_RESERVED8 _ExceptionVectors = 27 + EXCEPTION_VECTOR_RESERVED9 _ExceptionVectors = 28 + EXCEPTION_VECTOR_RESERVED10 _ExceptionVectors = 29 + EXCEPTION_VECTOR_RESERVED11 _ExceptionVectors = 30 + EXCEPTION_VECTOR_RESERVED12 _ExceptionVectors = 31 + APC_INTERRUPT _ExceptionVectors = 31 + DPC_INTERRUPT _ExceptionVectors = 47 + CLOCK_INTERRUPT _ExceptionVectors = 209 + IPI_INTERRUPT _ExceptionVectors = 225 + PMI_INTERRUPT _ExceptionVectors = 254 ) -type _RtlUmsThreadInfoClass int32 +// @brief The status of triggering events +type _VmmCallbackTriggeringEventStatusType int32 const ( - UMS_THREAD_INVALID_INFO_CLASS _RtlUmsThreadInfoClass = 0 - UMS_THREAD_USER_CONTEXT _RtlUmsThreadInfoClass = 1 - UMS_THREAD_PRIORITY _RtlUmsThreadInfoClass = 2 - UMS_THREAD_AFFINITY _RtlUmsThreadInfoClass = 3 - UMS_THREAD_TEB _RtlUmsThreadInfoClass = 4 - UMS_THREAD_IS_SUSPENDED _RtlUmsThreadInfoClass = 5 - UMS_THREAD_IS_TERMINATED _RtlUmsThreadInfoClass = 6 - UMS_THREAD_MAX_INFO_CLASS _RtlUmsThreadInfoClass = 7 + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_NO_INITIALIZED _VmmCallbackTriggeringEventStatusType = 0 + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL _VmmCallbackTriggeringEventStatusType = 0 + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_IGNORE_EVENT _VmmCallbackTriggeringEventStatusType = 1 + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_DEBUGGER_NOT_ENABLED _VmmCallbackTriggeringEventStatusType = 2 + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_INVALID_EVENT_TYPE _VmmCallbackTriggeringEventStatusType = 3 ) -type _RtlUmsSchedulerReason int32 +// @brief enum to show type of all HyperDbg events +type _VmmEventTypeEnum int32 const ( - UMS_SCHEDULER_STARTUP _RtlUmsSchedulerReason = 0 - UMS_SCHEDULER_THREAD_BLOCKED _RtlUmsSchedulerReason = 1 - UMS_SCHEDULER_THREAD_YIELD _RtlUmsSchedulerReason = 2 -) - -type _OsDeployementStateValues int32 - -const ( - OS_DEPLOYMENT_STANDARD _OsDeployementStateValues = 1 - OS_DEPLOYMENT_COMPACT _OsDeployementStateValues = 2 -) - -type _ImagePolicyEntryType int32 - -const ( - IMAGE_POLICY_ENTRY_TYPE_NONE _ImagePolicyEntryType = 0 - IMAGE_POLICY_ENTRY_TYPE_BOOL _ImagePolicyEntryType = 1 - IMAGE_POLICY_ENTRY_TYPE_INT8 _ImagePolicyEntryType = 2 - IMAGE_POLICY_ENTRY_TYPE_UINT8 _ImagePolicyEntryType = 3 - IMAGE_POLICY_ENTRY_TYPE_INT16 _ImagePolicyEntryType = 4 - IMAGE_POLICY_ENTRY_TYPE_UINT16 _ImagePolicyEntryType = 5 - IMAGE_POLICY_ENTRY_TYPE_INT32 _ImagePolicyEntryType = 6 - IMAGE_POLICY_ENTRY_TYPE_UINT32 _ImagePolicyEntryType = 7 - IMAGE_POLICY_ENTRY_TYPE_INT64 _ImagePolicyEntryType = 8 - IMAGE_POLICY_ENTRY_TYPE_UINT64 _ImagePolicyEntryType = 9 - IMAGE_POLICY_ENTRY_TYPE_ANSI_STRING _ImagePolicyEntryType = 10 - IMAGE_POLICY_ENTRY_TYPE_UNICODE_STRING _ImagePolicyEntryType = 11 - IMAGE_POLICY_ENTRY_TYPE_OVERRIDE _ImagePolicyEntryType = 12 - IMAGE_POLICY_ENTRY_TYPE_MAXIMUM _ImagePolicyEntryType = 13 -) - -type _ImagePolicyId int32 - -const ( - IMAGE_POLICY_ID_NONE _ImagePolicyId = 0 - IMAGE_POLICY_ID_ETW _ImagePolicyId = 1 - IMAGE_POLICY_ID_DEBUG _ImagePolicyId = 2 - IMAGE_POLICY_ID_CRASH_DUMP _ImagePolicyId = 3 - IMAGE_POLICY_ID_CRASH_DUMP_KEY _ImagePolicyId = 4 - IMAGE_POLICY_ID_CRASH_DUMP_KEY_GUID _ImagePolicyId = 5 - IMAGE_POLICY_ID_PARENT_SD _ImagePolicyId = 6 - IMAGE_POLICY_ID_PARENT_SD_REV _ImagePolicyId = 7 - IMAGE_POLICY_ID_SVN _ImagePolicyId = 8 - IMAGE_POLICY_ID_DEVICE_ID _ImagePolicyId = 9 - IMAGE_POLICY_ID_CAPABILITY _ImagePolicyId = 10 - IMAGE_POLICY_ID_SCENARIO_ID _ImagePolicyId = 11 - IMAGE_POLICY_ID_CAPABILITY_OVERRIDABLE _ImagePolicyId = 12 - IMAGE_POLICY_ID_TRUSTLET_ID_OVERRIDABLE _ImagePolicyId = 13 - IMAGE_POLICY_ID_MAXIMUM _ImagePolicyId = 14 -) - -type _RtlSystemGlobalDataId int32 - -const ( - GLOBAL_DATA_ID_UNKNOWN _RtlSystemGlobalDataId = 0 - GLOBAL_DATA_ID_RNG_SEED_VERSION _RtlSystemGlobalDataId = 1 - GLOBAL_DATA_ID_INTERRUPT_TIME _RtlSystemGlobalDataId = 2 - GLOBAL_DATA_ID_TIME_ZONE_BIAS _RtlSystemGlobalDataId = 3 - GLOBAL_DATA_ID_IMAGE_NUMBER_LOW _RtlSystemGlobalDataId = 4 - GLOBAL_DATA_ID_IMAGE_NUMBER_HIGH _RtlSystemGlobalDataId = 5 - GLOBAL_DATA_ID_TIME_ZONE_ID _RtlSystemGlobalDataId = 6 - GLOBAL_DATA_ID_NT_MAJOR_VERSION _RtlSystemGlobalDataId = 7 - GLOBAL_DATA_ID_NT_MINOR_VERSION _RtlSystemGlobalDataId = 8 - GLOBAL_DATA_ID_SYSTEM_EXPIRATION_DATE _RtlSystemGlobalDataId = 9 - GLOBAL_DATA_ID_KD_DEBUGGER_ENABLED _RtlSystemGlobalDataId = 10 - GLOBAL_DATA_ID_CYCLES_PER_YIELD _RtlSystemGlobalDataId = 11 - GLOBAL_DATA_ID_SAFE_BOOT_MODE _RtlSystemGlobalDataId = 12 - GLOBAL_DATA_ID_LAST_SYSTEM_RITEVENT_TICK_COUNT _RtlSystemGlobalDataId = 13 - GLOBAL_DATA_ID_CONSOLE_SHARED_DATA_FLAGS _RtlSystemGlobalDataId = 14 - GLOBAL_DATA_ID_NT_SYSTEM_ROOT_DRIVE _RtlSystemGlobalDataId = 15 - GLOBAL_DATA_ID_QPC_BYPASS_ENABLED _RtlSystemGlobalDataId = 16 - GLOBAL_DATA_ID_QPC_DATA _RtlSystemGlobalDataId = 17 - GLOBAL_DATA_ID_QPC_BIAS _RtlSystemGlobalDataId = 18 -) - -type _HeapInformationClass int32 - -const ( - HEAP_COMPATIBILITY_INFORMATION _HeapInformationClass = 0 - HEAP_ENABLE_TERMINATION_ON_CORRUPTION _HeapInformationClass = 1 - HEAP_OPTIMIZE_RESOURCES _HeapInformationClass = 3 - HEAP_TAG _HeapInformationClass = 7 -) - -type _ActivationContextInfoClass int32 - -const ( - ACTIVATION_CONTEXT_BASIC_INFORMATION _ActivationContextInfoClass = 1 - ACTIVATION_CONTEXT_DETAILED_INFORMATION _ActivationContextInfoClass = 2 - ASSEMBLY_DETAILED_INFORMATION_IN_ACTIVATION_CONTEXT _ActivationContextInfoClass = 3 - FILE_INFORMATION_IN_ASSEMBLY_OF_ASSEMBLY_IN_ACTIVATION_CONTEXT _ActivationContextInfoClass = 4 - RUNLEVEL_INFORMATION_IN_ACTIVATION_CONTEXT _ActivationContextInfoClass = 5 - COMPATIBILITY_INFORMATION_IN_ACTIVATION_CONTEXT _ActivationContextInfoClass = 6 - ACTIVATION_CONTEXT_MANIFEST_RESOURCE_NAME _ActivationContextInfoClass = 7 - MAX_ACTIVATION_CONTEXT_INFO_CLASS _ActivationContextInfoClass = 8 - ASSEMBLY_DETAILED_INFORMATION_IN_ACTIVATION_CONTXT _ActivationContextInfoClass = 3 - FILE_INFORMATION_IN_ASSEMBLY_OF_ASSEMBLY_IN_ACTIVATION_CONTXT _ActivationContextInfoClass = 4 -) - -type int32 - -const ( - ACTCTX_RUN_LEVEL_UNSPECIFIED = 0 - ACTCTX_RUN_LEVEL_AS_INVOKER = 1 - ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE = 2 - ACTCTX_RUN_LEVEL_REQUIRE_ADMIN = 3 - ACTCTX_RUN_LEVEL_NUMBERS = 4 -) - -type int32 - -const ( - ACTCTX_COMPATIBILITY_ELEMENT_TYPE_UNKNOWN = 0 - ACTCTX_COMPATIBILITY_ELEMENT_TYPE_OS = 1 - ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MITIGATION = 2 - ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MAXVERSIONTESTED = 3 -) - -type _CmServiceNodeType int32 - -const ( - DRIVER_TYPE _CmServiceNodeType = 1 - FILE_SYSTEM_TYPE _CmServiceNodeType = 2 - WIN32_SERVICE_OWN_PROCESS _CmServiceNodeType = 16 - WIN32_SERVICE_SHARE_PROCESS _CmServiceNodeType = 32 - ADAPTER_TYPE _CmServiceNodeType = 4 - RECOGNIZER_TYPE _CmServiceNodeType = 8 -) - -type _CmServiceLoadType int32 - -const ( - BOOT_LOAD _CmServiceLoadType = 0 - SYSTEM_LOAD _CmServiceLoadType = 1 - AUTO_LOAD _CmServiceLoadType = 2 - DEMAND_LOAD _CmServiceLoadType = 3 - DISABLE_LOAD _CmServiceLoadType = 4 -) - -type _CmErrorControlType int32 - -const ( - IGNORE_ERROR _CmErrorControlType = 0 - NORMAL_ERROR _CmErrorControlType = 1 - SEVERE_ERROR _CmErrorControlType = 2 - CRITICAL_ERROR _CmErrorControlType = 3 -) - -type _TapeDriveProblemType int32 - -const ( - TAPE_DRIVE_PROBLEM_NONE _TapeDriveProblemType = 0 - TAPE_DRIVE_READ_WRITE_WARNING _TapeDriveProblemType = 1 - TAPE_DRIVE_READ_WRITE_ERROR _TapeDriveProblemType = 2 - TAPE_DRIVE_READ_WARNING _TapeDriveProblemType = 3 - TAPE_DRIVE_WRITE_WARNING _TapeDriveProblemType = 4 - TAPE_DRIVE_READ_ERROR _TapeDriveProblemType = 5 - TAPE_DRIVE_WRITE_ERROR _TapeDriveProblemType = 6 - TAPE_DRIVE_HARDWARE_ERROR _TapeDriveProblemType = 7 - TAPE_DRIVE_UNSUPPORTED_MEDIA _TapeDriveProblemType = 8 - TAPE_DRIVE_SCSI_CONNECTION_ERROR _TapeDriveProblemType = 9 - TAPE_DRIVE_TIMETO_CLEAN _TapeDriveProblemType = 10 - TAPE_DRIVE_CLEAN_DRIVE_NOW _TapeDriveProblemType = 11 - TAPE_DRIVE_MEDIA_LIFE_EXPIRED _TapeDriveProblemType = 12 - TAPE_DRIVE_SNAPPED_TAPE _TapeDriveProblemType = 13 -) - -type _TransactionOutcome int32 - -const ( - TRANSACTION_OUTCOME_UNDETERMINED _TransactionOutcome = 1 - TRANSACTION_OUTCOME_COMMITTED _TransactionOutcome = 2 - TRANSACTION_OUTCOME_ABORTED _TransactionOutcome = 3 -) - -type _TransactionState int32 - -const ( - TRANSACTION_STATE_NORMAL _TransactionState = 1 - TRANSACTION_STATE_INDOUBT _TransactionState = 2 - TRANSACTION_STATE_COMMITTED_NOTIFY _TransactionState = 3 -) - -type _TransactionInformationClass int32 - -const ( - TRANSACTION_BASIC_INFORMATION _TransactionInformationClass = 0 - TRANSACTION_PROPERTIES_INFORMATION _TransactionInformationClass = 1 - TRANSACTION_ENLISTMENT_INFORMATION _TransactionInformationClass = 2 - TRANSACTION_SUPERIOR_ENLISTMENT_INFORMATION _TransactionInformationClass = 3 - TRANSACTION_BIND_INFORMATION _TransactionInformationClass = 4 - TRANSACTION_DTCPRIVATE_INFORMATION _TransactionInformationClass = 5 -) - -type _TransactionmanagerInformationClass int32 - -const ( - TRANSACTION_MANAGER_BASIC_INFORMATION _TransactionmanagerInformationClass = 0 - TRANSACTION_MANAGER_LOG_INFORMATION _TransactionmanagerInformationClass = 1 - TRANSACTION_MANAGER_LOG_PATH_INFORMATION _TransactionmanagerInformationClass = 2 - TRANSACTION_MANAGER_RECOVERY_INFORMATION _TransactionmanagerInformationClass = 4 - TRANSACTION_MANAGER_ONLINE_PROBE_INFORMATION _TransactionmanagerInformationClass = 3 - TRANSACTION_MANAGER_OLDEST_TRANSACTION_INFORMATION _TransactionmanagerInformationClass = 5 -) - -type _ResourcemanagerInformationClass int32 - -const ( - RESOURCE_MANAGER_BASIC_INFORMATION _ResourcemanagerInformationClass = 0 - RESOURCE_MANAGER_COMPLETION_INFORMATION _ResourcemanagerInformationClass = 1 -) - -type _EnlistmentInformationClass int32 - -const ( - ENLISTMENT_BASIC_INFORMATION _EnlistmentInformationClass = 0 - ENLISTMENT_RECOVERY_INFORMATION _EnlistmentInformationClass = 1 - ENLISTMENT_CRM_INFORMATION _EnlistmentInformationClass = 2 -) - -type _KtmobjectType int32 - -const ( - KTMOBJECT_TRANSACTION _KtmobjectType = 0 - KTMOBJECT_TRANSACTION_MANAGER _KtmobjectType = 1 - KTMOBJECT_RESOURCE_MANAGER _KtmobjectType = 2 - KTMOBJECT_ENLISTMENT _KtmobjectType = 3 - KTMOBJECT_INVALID _KtmobjectType = 4 -) - -type _TpCallbackPriority int32 - -const ( - TP_CALLBACK_PRIORITY_HIGH _TpCallbackPriority = 0 - TP_CALLBACK_PRIORITY_NORMAL _TpCallbackPriority = 1 - TP_CALLBACK_PRIORITY_LOW _TpCallbackPriority = 2 - TP_CALLBACK_PRIORITY_INVALID _TpCallbackPriority = 3 - TP_CALLBACK_PRIORITY_COUNT _TpCallbackPriority = 3 -) - -type DpiAwareness int32 - -const ( - DPI_AWARENESS_INVALID DpiAwareness = -1 - DPI_AWARENESS_UNAWARE DpiAwareness = 0 - DPI_AWARENESS_SYSTEM_AWARE DpiAwareness = 1 - DPI_AWARENESS_PER_MONITOR_AWARE DpiAwareness = 2 -) - -type DpiHostingBehavior int32 - -const ( - DPI_HOSTING_BEHAVIOR_INVALID DpiHostingBehavior = -1 - DPI_HOSTING_BEHAVIOR_DEFAULT DpiHostingBehavior = 0 - DPI_HOSTING_BEHAVIOR_MIXED DpiHostingBehavior = 1 -) - -type _FindexInfoLevels int32 - -const ( - FIND_EX_INFO_STANDARD _FindexInfoLevels = 0 - FIND_EX_INFO_BASIC _FindexInfoLevels = 1 - FIND_EX_INFO_MAX_INFO_LEVEL _FindexInfoLevels = 2 -) - -type _FindexSearchOps int32 - -const ( - FIND_EX_SEARCH_NAME_MATCH _FindexSearchOps = 0 - FIND_EX_SEARCH_LIMIT_TO_DIRECTORIES _FindexSearchOps = 1 - FIND_EX_SEARCH_LIMIT_TO_DEVICES _FindexSearchOps = 2 - FIND_EX_SEARCH_MAX_SEARCH_OP _FindexSearchOps = 3 -) - -type _ReadDirectoryNotifyInformationClass int32 - -const ( - READ_DIRECTORY_NOTIFY_INFORMATION _ReadDirectoryNotifyInformationClass = 1 - READ_DIRECTORY_NOTIFY_EXTENDED_INFORMATION _ReadDirectoryNotifyInformationClass = 2 - READ_DIRECTORY_NOTIFY_FULL_INFORMATION _ReadDirectoryNotifyInformationClass = 3 - READ_DIRECTORY_NOTIFY_MAXIMUM_INFORMATION _ReadDirectoryNotifyInformationClass = 4 -) - -type _GetFileexInfoLevels int32 - -const ( - GET_FILE_EX_INFO_STANDARD _GetFileexInfoLevels = 0 - GET_FILE_EX_MAX_INFO_LEVEL _GetFileexInfoLevels = 1 -) - -type _FileInfoByHandleClass int32 - -const ( - FILE_BASIC_INFO _FileInfoByHandleClass = 0 - FILE_STANDARD_INFO _FileInfoByHandleClass = 1 - FILE_NAME_INFO _FileInfoByHandleClass = 2 - FILE_RENAME_INFO _FileInfoByHandleClass = 3 - FILE_DISPOSITION_INFO _FileInfoByHandleClass = 4 - FILE_ALLOCATION_INFO _FileInfoByHandleClass = 5 - FILE_END_OF_FILE_INFO _FileInfoByHandleClass = 6 - FILE_STREAM_INFO _FileInfoByHandleClass = 7 - FILE_COMPRESSION_INFO _FileInfoByHandleClass = 8 - FILE_ATTRIBUTE_TAG_INFO _FileInfoByHandleClass = 9 - FILE_ID_BOTH_DIRECTORY_INFO _FileInfoByHandleClass = 10 - FILE_ID_BOTH_DIRECTORY_RESTART_INFO _FileInfoByHandleClass = 11 - FILE_IO_PRIORITY_HINT_INFO _FileInfoByHandleClass = 12 - FILE_REMOTE_PROTOCOL_INFO _FileInfoByHandleClass = 13 - FILE_FULL_DIRECTORY_INFO _FileInfoByHandleClass = 14 - FILE_FULL_DIRECTORY_RESTART_INFO _FileInfoByHandleClass = 15 - FILE_STORAGE_INFO _FileInfoByHandleClass = 16 - FILE_ALIGNMENT_INFO _FileInfoByHandleClass = 17 - FILE_ID_INFO _FileInfoByHandleClass = 18 - FILE_ID_EXTD_DIRECTORY_INFO _FileInfoByHandleClass = 19 - FILE_ID_EXTD_DIRECTORY_RESTART_INFO _FileInfoByHandleClass = 20 - FILE_DISPOSITION_INFO_EX _FileInfoByHandleClass = 21 - FILE_RENAME_INFO_EX _FileInfoByHandleClass = 22 - FILE_CASE_SENSITIVE_INFO _FileInfoByHandleClass = 23 - FILE_NORMALIZED_NAME_INFO _FileInfoByHandleClass = 24 - MAXIMUM_FILE_INFO_BY_HANDLE_CLASS _FileInfoByHandleClass = 25 -) - -type _FileInfoByNameClass int32 - -const ( - FILE_STAT_BY_NAME_INFO _FileInfoByNameClass = 0 - FILE_STAT_LX_BY_NAME_INFO _FileInfoByNameClass = 1 - FILE_CASE_SENSITIVE_BY_NAME_INFO _FileInfoByNameClass = 2 - FILE_STAT_BASIC_BY_NAME_INFO _FileInfoByNameClass = 3 - MAXIMUM_FILE_INFO_BY_NAME_CLASS _FileInfoByNameClass = 4 -) - -type _StreamInfoLevels int32 - -const ( - FIND_STREAM_INFO_STANDARD _StreamInfoLevels = 0 - FIND_STREAM_INFO_MAX_INFO_LEVEL _StreamInfoLevels = 1 -) - -type _QueueUserApcFlags int32 - -const ( - QUEUE_USER_APC_FLAGS_NONE _QueueUserApcFlags = 0 - QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC _QueueUserApcFlags = 1 - QUEUE_USER_APC_CALLBACK_DATA_CONTEXT _QueueUserApcFlags = 65536 -) - -type _ThreadInformationClass int32 - -const ( - THREAD_MEMORY_PRIORITY _ThreadInformationClass = 0 - THREAD_ABSOLUTE_CPU_PRIORITY _ThreadInformationClass = 1 - THREAD_DYNAMIC_CODE_POLICY _ThreadInformationClass = 2 - THREAD_POWER_THROTTLING _ThreadInformationClass = 3 - THREAD_INFORMATION_CLASS_MAX _ThreadInformationClass = 4 -) - -type _ProcessInformationClass int32 - -const ( - PROCESS_MEMORY_PRIORITY _ProcessInformationClass = 0 - PROCESS_MEMORY_EXHAUSTION_INFO _ProcessInformationClass = 1 - PROCESS_APP_MEMORY_INFO _ProcessInformationClass = 2 - PROCESS_IN_PRIVATE_INFO _ProcessInformationClass = 3 - PROCESS_POWER_THROTTLING _ProcessInformationClass = 4 - PROCESS_RESERVED_VALUE1 _ProcessInformationClass = 5 - PROCESS_TELEMETRY_COVERAGE_INFO _ProcessInformationClass = 6 - PROCESS_PROTECTION_LEVEL_INFO _ProcessInformationClass = 7 - PROCESS_LEAP_SECOND_INFO _ProcessInformationClass = 8 - PROCESS_MACHINE_TYPE_INFO _ProcessInformationClass = 9 - PROCESS_OVERRIDE_SUBSEQUENT_PREFETCH_PARAMETER _ProcessInformationClass = 10 - PROCESS_MAX_OVERRIDE_PREFETCH_PARAMETER _ProcessInformationClass = 11 - PROCESS_INFORMATION_CLASS_MAX _ProcessInformationClass = 12 -) - -type _MachineAttributes int32 - -const ( - USER_ENABLED _MachineAttributes = 1 - KERNEL_ENABLED _MachineAttributes = 2 - WOW64_CONTAINER _MachineAttributes = 4 -) - -type _ProcessMemoryExhaustionType int32 - -const ( - P_METYPE_FAIL_FAST_ON_COMMIT_FAILURE _ProcessMemoryExhaustionType = 0 - P_METYPE_MAX _ProcessMemoryExhaustionType = 1 -) - -type _ComputerNameFormat int32 - -const ( - COMPUTER_NAME_NET_BIOS _ComputerNameFormat = 0 - COMPUTER_NAME_DNS_HOSTNAME _ComputerNameFormat = 1 - COMPUTER_NAME_DNS_DOMAIN _ComputerNameFormat = 2 - COMPUTER_NAME_DNS_FULLY_QUALIFIED _ComputerNameFormat = 3 - COMPUTER_NAME_PHYSICAL_NET_BIOS _ComputerNameFormat = 4 - COMPUTER_NAME_PHYSICAL_DNS_HOSTNAME _ComputerNameFormat = 5 - COMPUTER_NAME_PHYSICAL_DNS_DOMAIN _ComputerNameFormat = 6 - COMPUTER_NAME_PHYSICAL_DNS_FULLY_QUALIFIED _ComputerNameFormat = 7 - COMPUTER_NAME_MAX _ComputerNameFormat = 8 -) - -type DeveloperDriveEnablementState int32 - -const ( - DEVELOPER_DRIVE_ENABLEMENT_STATE_ERROR DeveloperDriveEnablementState = 0 - DEVELOPER_DRIVE_ENABLED DeveloperDriveEnablementState = 1 - DEVELOPER_DRIVE_DISABLED_BY_SYSTEM_POLICY DeveloperDriveEnablementState = 2 - DEVELOPER_DRIVE_DISABLED_BY_GROUP_POLICY DeveloperDriveEnablementState = 3 -) - -type _MemoryResourceNotificationType int32 - -const ( - LOW_MEMORY_RESOURCE_NOTIFICATION _MemoryResourceNotificationType = 0 - HIGH_MEMORY_RESOURCE_NOTIFICATION _MemoryResourceNotificationType = 1 -) - -type OfferPriority int32 - -const ( - VM_OFFER_PRIORITY_VERY_LOW OfferPriority = 1 - VM_OFFER_PRIORITY_LOW OfferPriority = 2 - VM_OFFER_PRIORITY_BELOW_NORMAL OfferPriority = 3 - VM_OFFER_PRIORITY_NORMAL OfferPriority = 4 -) - -type Win32MemoryInformationClass int32 - -const MEMORY_REGION_INFO Win32MemoryInformationClass = 0 - -type Win32MemoryPartitionInformationClass int32 - -const ( - MEMORY_PARTITION_INFO Win32MemoryPartitionInformationClass = 0 - MEMORY_PARTITION_DEDICATED_MEMORY_INFO Win32MemoryPartitionInformationClass = 1 -) - -type FileWriteFlags int32 - -const ( - FILE_WRITE_FLAGS_NONE FileWriteFlags = 0 - FILE_WRITE_FLAGS_WRITE_THROUGH FileWriteFlags = 1 -) - -type FileFlushMode int32 - -const ( - FILE_FLUSH_DEFAULT FileFlushMode = 0 - FILE_FLUSH_DATA FileFlushMode = 1 - FILE_FLUSH_MIN_METADATA FileFlushMode = 2 - FILE_FLUSH_NO_SYNC FileFlushMode = 3 -) - -type _DepSystemPolicyType int32 - -const ( - D_EPPOLICY_ALWAYS_OFF _DepSystemPolicyType = 0 - D_EPPOLICY_ALWAYS_ON _DepSystemPolicyType = 1 - D_EPPOLICY_OPT_IN _DepSystemPolicyType = 2 - D_EPPOLICY_OPT_OUT _DepSystemPolicyType = 3 - D_EPTOTAL_POLICY_COUNT _DepSystemPolicyType = 4 -) - -type _ProcThreadAttributeNum int32 - -const ( - PROC_THREAD_ATTRIBUTE_PARENT_PROCESS _ProcThreadAttributeNum = 0 - PROC_THREAD_ATTRIBUTE_HANDLE_LIST _ProcThreadAttributeNum = 2 - PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY _ProcThreadAttributeNum = 3 - PROC_THREAD_ATTRIBUTE_PREFERRED_NODE _ProcThreadAttributeNum = 4 - PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR _ProcThreadAttributeNum = 5 - PROC_THREAD_ATTRIBUTE_UMS_THREAD _ProcThreadAttributeNum = 6 - PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY _ProcThreadAttributeNum = 7 - PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES _ProcThreadAttributeNum = 9 - PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL _ProcThreadAttributeNum = 11 - PROC_THREAD_ATTRIBUTE_JOB_LIST _ProcThreadAttributeNum = 13 - PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY _ProcThreadAttributeNum = 14 - PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY _ProcThreadAttributeNum = 15 - PROC_THREAD_ATTRIBUTE_WIN32K_FILTER _ProcThreadAttributeNum = 16 - PROC_THREAD_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM _ProcThreadAttributeNum = 17 - PROC_THREAD_ATTRIBUTE_DESKTOP_APP_POLICY _ProcThreadAttributeNum = 18 - PROC_THREAD_ATTRIBUTE_PSEUDO_CONSOLE _ProcThreadAttributeNum = 22 - PROC_THREAD_ATTRIBUTE_MITIGATION_AUDIT_POLICY _ProcThreadAttributeNum = 24 - PROC_THREAD_ATTRIBUTE_MACHINE_TYPE _ProcThreadAttributeNum = 25 - PROC_THREAD_ATTRIBUTE_COMPONENT_FILTER _ProcThreadAttributeNum = 26 - PROC_THREAD_ATTRIBUTE_ENABLE_OPTIONAL_XSTATE_FEATURES _ProcThreadAttributeNum = 27 - PROC_THREAD_ATTRIBUTE_TRUSTED_APP _ProcThreadAttributeNum = 29 - PROC_THREAD_ATTRIBUTE_SVE_VECTOR_LENGTH _ProcThreadAttributeNum = 30 -) - -type _Copyfile2MessageType int32 - -const ( - COPYFILE2_CALLBACK_NONE _Copyfile2MessageType = 0 - COPYFILE2_CALLBACK_CHUNK_STARTED _Copyfile2MessageType = 1 - COPYFILE2_CALLBACK_CHUNK_FINISHED _Copyfile2MessageType = 2 - COPYFILE2_CALLBACK_STREAM_STARTED _Copyfile2MessageType = 3 - COPYFILE2_CALLBACK_STREAM_FINISHED _Copyfile2MessageType = 4 - COPYFILE2_CALLBACK_POLL_CONTINUE _Copyfile2MessageType = 5 - COPYFILE2_CALLBACK_ERROR _Copyfile2MessageType = 6 - COPYFILE2_CALLBACK_MAX _Copyfile2MessageType = 7 -) - -type _Copyfile2MessageAction int32 - -const ( - COPYFILE2_PROGRESS_CONTINUE _Copyfile2MessageAction = 0 - COPYFILE2_PROGRESS_CANCEL _Copyfile2MessageAction = 1 - COPYFILE2_PROGRESS_STOP _Copyfile2MessageAction = 2 - COPYFILE2_PROGRESS_QUIET _Copyfile2MessageAction = 3 - COPYFILE2_PROGRESS_PAUSE _Copyfile2MessageAction = 4 -) - -type _Copyfile2CopyPhase int32 - -const ( - COPYFILE2_PHASE_NONE _Copyfile2CopyPhase = 0 - COPYFILE2_PHASE_PREPARE_SOURCE _Copyfile2CopyPhase = 1 - COPYFILE2_PHASE_PREPARE_DEST _Copyfile2CopyPhase = 2 - COPYFILE2_PHASE_READ_SOURCE _Copyfile2CopyPhase = 3 - COPYFILE2_PHASE_WRITE_DESTINATION _Copyfile2CopyPhase = 4 - COPYFILE2_PHASE_SERVER_COPY _Copyfile2CopyPhase = 5 - COPYFILE2_PHASE_NAMEGRAFT_COPY _Copyfile2CopyPhase = 6 - COPYFILE2_PHASE_MAX _Copyfile2CopyPhase = 7 -) - -type _PriorityHint int32 - -const ( - IO_PRIORITY_HINT_VERY_LOW _PriorityHint = 0 - IO_PRIORITY_HINT_LOW _PriorityHint = 1 - IO_PRIORITY_HINT_NORMAL _PriorityHint = 2 - MAXIMUM_IO_PRIORITY_HINT_TYPE _PriorityHint = 3 -) - -type _FileIdType int32 - -const ( - FILE_ID_TYPE _FileIdType = 0 - OBJECT_ID_TYPE _FileIdType = 1 - EXTENDED_FILE_ID_TYPE _FileIdType = 2 - MAXIMUM_FILE_ID_TYPE _FileIdType = 3 -) - -type int32 + HIDDEN_HOOK_READ_AND_WRITE_AND_EXECUTE _VmmEventTypeEnum = 0 + HIDDEN_HOOK_READ_AND_WRITE _VmmEventTypeEnum = 1 + HIDDEN_HOOK_READ_AND_EXECUTE _VmmEventTypeEnum = 2 + HIDDEN_HOOK_WRITE_AND_EXECUTE _VmmEventTypeEnum = 3 + HIDDEN_HOOK_READ _VmmEventTypeEnum = 4 + HIDDEN_HOOK_WRITE _VmmEventTypeEnum = 5 + HIDDEN_HOOK_EXECUTE _VmmEventTypeEnum = 6 + HIDDEN_HOOK_EXEC_DETOURS _VmmEventTypeEnum = 7 + HIDDEN_HOOK_EXEC_CC _VmmEventTypeEnum = 8 + SYSCALL_HOOK_EFER_SYSCALL _VmmEventTypeEnum = 9 + SYSCALL_HOOK_EFER_SYSRET _VmmEventTypeEnum = 10 + CPUID_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 11 + RDMSR_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 12 + WRMSR_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 13 + IN_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 14 + OUT_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 15 + EXCEPTION_OCCURRED _VmmEventTypeEnum = 16 + EXTERNAL_INTERRUPT_OCCURRED _VmmEventTypeEnum = 17 + DEBUG_REGISTERS_ACCESSED _VmmEventTypeEnum = 18 + TSC_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 19 + PMC_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 20 + VMCALL_INSTRUCTION_EXECUTION _VmmEventTypeEnum = 21 + CONTROL_REGISTER_MODIFIED _VmmEventTypeEnum = 22 + CONTROL_REGISTER_READ _VmmEventTypeEnum = 23 + CONTROL_REGISTER_3_MODIFIED _VmmEventTypeEnum = 24 + TRAP_EXECUTION_MODE_CHANGED _VmmEventTypeEnum = 25 + TRAP_EXECUTION_INSTRUCTION_TRACE _VmmEventTypeEnum = 26 +) + +// @brief Type of Actions +type _DebuggerEventActionTypeEnum int32 + +const ( + BREAK_TO_DEBUGGER _DebuggerEventActionTypeEnum = 0 + RUN_SCRIPT _DebuggerEventActionTypeEnum = 1 + RUN_CUSTOM_CODE _DebuggerEventActionTypeEnum = 2 +) + +// @brief Type of handling !syscall or !sysret +type _DebuggerEventSyscallSysretType int32 + +const ( + DEBUGGER_EVENT_SYSCALL_SYSRET_SAFE_ACCESS_MEMORY _DebuggerEventSyscallSysretType = 0 + DEBUGGER_EVENT_SYSCALL_SYSRET_HANDLE_ALL_UD _DebuggerEventSyscallSysretType = 1 +) + +// @brief Type of mode change traps +type _DebuggerEventModeType int32