├── apis_def ├── mydocs.api ├── headers │ ├── storprop.h.api │ ├── fxsutility.h.api │ ├── ip.h.api │ ├── sechost.h.api │ ├── normaliz.h.api │ ├── sxs.h.api │ ├── wab32.h.api │ ├── wlanui.h.api │ ├── bthprops.h.api │ ├── scarddlg.h.api │ ├── nspr4.h.api │ ├── avrt.h.api │ ├── dhcpcsvc6.h.api │ ├── winshfhc.h.api │ ├── ncrypt.h.api │ ├── msimg32.h.api │ ├── slwga.h.api │ ├── mqrt.h.api │ ├── mspatcha.h.api │ ├── dotnet.h.api │ ├── aclui.h.api │ ├── imagehlp.h.api │ ├── api-ms-win-net-isolation-l1.h.api │ ├── prntvpt.h.api │ ├── peerdist.h.api │ ├── sensapi.h.api │ ├── wdsbp.h.api │ ├── network.h.api │ ├── faultrep.h.api │ ├── shcore.h.api │ ├── dssec.h.api │ ├── ntdsbcli.h.api │ ├── rstrtmgr.h.api │ ├── fax.h.api │ ├── gpedit.h.api │ ├── traffic.h.api │ ├── wdstptc.h.api │ ├── ndfapi.h.api │ ├── rasdlg.h.api │ ├── icm32.h.api │ ├── combase.h.api │ ├── mswsock.h.api │ ├── wcmapi.h.api │ ├── wintrust.h.api │ ├── icmui.h.api │ ├── msmapi32.h.api │ ├── wsdapi.h.api │ ├── lz32.h.api │ ├── avifil32.h.api │ ├── snmp.h.api │ ├── userenv.h.api │ ├── input.h.api │ ├── mscms.h.api │ ├── srclient.h.api │ ├── common.h.api │ ├── winscard.h.api │ ├── credui.h.api │ ├── wdsmc.h.api │ ├── odbc32.h.api │ ├── wdspxe.h.api │ ├── usp10.h.api │ ├── processes.h.api │ ├── slc.h.api │ ├── dsprop.h.api │ ├── cryptnet.h.api │ ├── patch.h.api │ ├── oleaut32.h.api │ ├── hid.h.api │ ├── ole32.h.api │ ├── dxva2.h.api │ ├── dwmapi.h.api │ ├── setup.h.api │ ├── version.h.api │ ├── powrprof.h.api │ ├── imm32.h.api │ ├── cryptxml.h.api │ ├── cabinet.h.api │ ├── bcrypt.h.api │ ├── oledlg.h.api │ └── wecapi.h.api ├── icmui.api ├── mfcaptureengine.api ├── cmutil.api ├── sfcfiles.api ├── msctfmonitor.api ├── shsvcs.api ├── windows.ui.api ├── slcext.api ├── winshfhc.api ├── ntshrui.api ├── fxsutility.api ├── cryptbase.api ├── legitlib.api ├── loadperf.api ├── mfplay.api ├── rpcdiag.api ├── sensapi.api ├── nss3.api ├── plc4.api ├── wlanui.api ├── msidle.api ├── scarddlg.api ├── mstask.api ├── vhdmount.api ├── sxs.api ├── faultrep.api ├── slwga.api ├── dsuiext.api ├── wsclient.api ├── avicap32.api ├── aclui.api ├── jsproxy.api ├── wab32.api ├── qosname.api ├── txfw32.api ├── idndl.api ├── sqlsrv32.api ├── cryptdlg.api ├── cscapi.api ├── nlsdl.api ├── schannel.api ├── rasdlg.api ├── shdocvw.api ├── srclient.api ├── davclnt.api ├── url.api ├── cryptnet.api ├── gpedit.api ├── msimg32.api ├── wintypes.api ├── storprop.api ├── wcmapi.api ├── icmp.api ├── mfreadwrite.api ├── normaliz.api ├── comdlg32.api ├── dsprop.api ├── dhcpcsvc6.api ├── wdsmc.api ├── lz32.api ├── plds4.api ├── sfc.api ├── wdsbp.api ├── firewallapi.api ├── msrating.api ├── sisbkup.api ├── dssec.api ├── fwpuclnt.api ├── version.api ├── connect.api ├── ndfapi.api ├── msctf.api ├── wer.api ├── newdev.api ├── oledlg.api ├── common.api ├── mgmtapi.api ├── input.api ├── avrt.api ├── prntvpt.api ├── wdstptc.api ├── rstrtmgr.api ├── api-ms-win-net-isolation-l1.api ├── activeds.api ├── cryptui.api ├── dhcpcsvc.api └── opengl32.api ├── images ├── header.png ├── after_analysis.png ├── before_analysis.png ├── function_analysis.gif └── selection_analysis.gif ├── xAnalyzer ├── resource.h ├── xAnalyzer.rc ├── res │ ├── analexe.png │ ├── mainicon.png │ ├── exe_remove.png │ ├── analfunction.png │ ├── analselection.png │ ├── mainicon_big.ico │ ├── function_remove.png │ └── selection_remove.png ├── pluginsdk │ ├── x32dbg.lib │ ├── x64dbg.lib │ ├── lz4 │ │ ├── lz4_x64.a │ │ ├── lz4_x86.a │ │ ├── lz4_x64.lib │ │ ├── lz4_x86.lib │ │ └── lz4file.h │ ├── x32bridge.lib │ ├── x64bridge.lib │ ├── yara │ │ ├── yara_x64.lib │ │ ├── yara_x86.lib │ │ ├── yara │ │ │ ├── globals.h │ │ │ ├── proc.h │ │ │ ├── exefiles.h │ │ │ ├── scan.h │ │ │ └── sizedstr.h │ │ └── yara.h │ ├── dbghelp │ │ ├── dbghelp_x64.a │ │ ├── dbghelp_x86.a │ │ ├── dbghelp_x64.lib │ │ └── dbghelp_x86.lib │ ├── jansson │ │ ├── jansson_x64.a │ │ ├── jansson_x86.a │ │ ├── jansson_x64.lib │ │ ├── jansson_x86.lib │ │ ├── jansson_x64dbg.h │ │ └── jansson_config.h │ ├── XEDParse │ │ ├── XEDParse_x64.a │ │ ├── XEDParse_x86.a │ │ ├── XEDParse_x64.lib │ │ ├── XEDParse_x86.lib │ │ └── XEDParse.h │ ├── capstone │ │ ├── capstone_x64.lib │ │ └── capstone_x86.lib │ ├── TitanEngine │ │ ├── TitanEngine_x64.a │ │ ├── TitanEngine_x64.lib │ │ ├── TitanEngine_x86.a │ │ └── TitanEngine_x86.lib │ ├── DeviceNameResolver │ │ ├── DeviceNameResolver_x64.a │ │ ├── DeviceNameResolver_x86.a │ │ ├── DeviceNameResolver_x64.lib │ │ ├── DeviceNameResolver_x86.lib │ │ └── DeviceNameResolver.h │ ├── _scriptapi.h │ ├── _plugin_types.h │ ├── _scriptapi_stack.h │ ├── _scriptapi_misc.h │ ├── _scriptapi_assembler.h │ ├── _scriptapi_symbol.h │ ├── _scriptapi_pattern.h │ ├── _scriptapi_bookmark.h │ ├── _scriptapi_comment.h │ ├── _scriptapi_debug.h │ ├── _scriptapi_label.h │ ├── _scriptapi_argument.h │ ├── _scriptapi_function.h │ ├── _scriptapi_flag.h │ └── _scriptapi_memory.h ├── Utf8Ini │ ├── README.md │ └── LICENSE ├── plugin.h ├── ini.h └── ini.cpp ├── .gitignore ├── .editorconfig ├── .gitattributes ├── LICENSE ├── appveyor.yml └── xAnalyzer.sln /apis_def/mydocs.api: -------------------------------------------------------------------------------- 1 | [PerUserInit] 2 | ParamCount=0 3 | @=PerUserInit 4 | -------------------------------------------------------------------------------- /images/header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/images/header.png -------------------------------------------------------------------------------- /apis_def/headers/storprop.h.api: -------------------------------------------------------------------------------- 1 | [ERROR_CODE|LONG] 2 | TypeDisplay=LONG 3 | Base=[ERROR_CODE] 4 | -------------------------------------------------------------------------------- /xAnalyzer/resource.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/resource.h -------------------------------------------------------------------------------- /xAnalyzer/xAnalyzer.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/xAnalyzer.rc -------------------------------------------------------------------------------- /images/after_analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/images/after_analysis.png -------------------------------------------------------------------------------- /images/before_analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/images/before_analysis.png -------------------------------------------------------------------------------- /xAnalyzer/res/analexe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/analexe.png -------------------------------------------------------------------------------- /xAnalyzer/res/mainicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/mainicon.png -------------------------------------------------------------------------------- /images/function_analysis.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/images/function_analysis.gif -------------------------------------------------------------------------------- /xAnalyzer/res/exe_remove.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/exe_remove.png -------------------------------------------------------------------------------- /images/selection_analysis.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/images/selection_analysis.gif -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/x32dbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/x32dbg.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/x64dbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/x64dbg.lib -------------------------------------------------------------------------------- /xAnalyzer/res/analfunction.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/analfunction.png -------------------------------------------------------------------------------- /xAnalyzer/res/analselection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/analselection.png -------------------------------------------------------------------------------- /xAnalyzer/res/mainicon_big.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/mainicon_big.ico -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/lz4/lz4_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/lz4/lz4_x64.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/lz4/lz4_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/lz4/lz4_x86.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/x32bridge.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/x32bridge.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/x64bridge.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/x64bridge.lib -------------------------------------------------------------------------------- /xAnalyzer/res/function_remove.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/function_remove.png -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/lz4/lz4_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/lz4/lz4_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/lz4/lz4_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/lz4/lz4_x86.lib -------------------------------------------------------------------------------- /xAnalyzer/res/selection_remove.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/res/selection_remove.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | Release/ 3 | Debug/ 4 | x64/ 5 | .vs/ 6 | *.sdf 7 | *.opensdf 8 | *.suo 9 | *.vcxproj.user 10 | *.VC.*db -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/yara/yara_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/yara/yara_x86.lib -------------------------------------------------------------------------------- /apis_def/headers/fxsutility.h.api: -------------------------------------------------------------------------------- 1 | [SendToMode] 2 | Base=UINT 3 | Type=Enum 4 | Const1=SEND_TO_FAX_RECIPIENT_ATTACHMENT 5 | Value1=0 6 | -------------------------------------------------------------------------------- /apis_def/icmui.api: -------------------------------------------------------------------------------- 1 | [SetupColorMatching] 2 | 1=PCOLORMATCHSETUP pcms 3 | ParamCount=1 4 | Header=icmui.h.api; 5 | @=SetupColorMatching 6 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/dbghelp/dbghelp_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/dbghelp/dbghelp_x64.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/dbghelp/dbghelp_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/dbghelp/dbghelp_x86.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/jansson/jansson_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/jansson/jansson_x64.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/jansson/jansson_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/jansson/jansson_x86.a -------------------------------------------------------------------------------- /apis_def/mfcaptureengine.api: -------------------------------------------------------------------------------- 1 | [MFCreateCaptureEngine] 2 | 1=IMFCaptureEngine** ppCaptureEngine 3 | ParamCount=1 4 | @=MFCreateCaptureEngine 5 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/XEDParse/XEDParse_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/XEDParse/XEDParse_x64.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/XEDParse/XEDParse_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/XEDParse/XEDParse_x86.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/dbghelp/dbghelp_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/dbghelp/dbghelp_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/dbghelp/dbghelp_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/dbghelp/dbghelp_x86.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/jansson/jansson_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/jansson/jansson_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/jansson/jansson_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/jansson/jansson_x86.lib -------------------------------------------------------------------------------- /apis_def/cmutil.api: -------------------------------------------------------------------------------- 1 | [CmFree] 2 | 1=void* pvPtr 3 | ParamCount=1 4 | @=CmFree 5 | [CmMalloc] 6 | 1=size_t nBytes 7 | ParamCount=1 8 | @=CmMalloc 9 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/XEDParse/XEDParse_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/XEDParse/XEDParse_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/XEDParse/XEDParse_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/XEDParse/XEDParse_x86.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/capstone/capstone_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/capstone/capstone_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/capstone/capstone_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/capstone/capstone_x86.lib -------------------------------------------------------------------------------- /apis_def/sfcfiles.api: -------------------------------------------------------------------------------- 1 | [SfcGetFiles] 2 | 1=PPROTECT_FILE_ENTRY* ProtFileData 3 | 2=PULONG FileCount 4 | ParamCount=2 5 | Header= 6 | @=SfcGetFiles 7 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x64.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x86.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/TitanEngine/TitanEngine_x86.lib -------------------------------------------------------------------------------- /apis_def/headers/ip.h.api: -------------------------------------------------------------------------------- 1 | [IpOptionFlags] 2 | TypeDisplay=UCHAR 3 | Base=UCHAR 4 | Type=Flag 5 | Const1=IP_FLAG_REVERSE 6 | Value1=0x1 7 | Const2=IP_FLAG_DF 8 | Value2=0x2 9 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.a -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.a -------------------------------------------------------------------------------- /apis_def/headers/sechost.h.api: -------------------------------------------------------------------------------- 1 | [LSA_LOOKUP_DOMAIN_INFO_CLASS] 2 | Base=UINT 3 | Type=Enum 4 | Const1=AccountDomainInformation 5 | Value1=5 6 | Const2=DnsDomainInformation 7 | Value2=12 8 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThunderCls/xAnalyzer/HEAD/xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPT_API_H 2 | #define _SCRIPT_API_H 3 | 4 | #include "_plugins.h" 5 | 6 | #define SCRIPT_EXPORT PLUG_IMPEXP 7 | 8 | #endif //_SCRIPT_API_H -------------------------------------------------------------------------------- /apis_def/headers/normaliz.h.api: -------------------------------------------------------------------------------- 1 | [IdnFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=IDN_ALLOW_UNASSIGNED 6 | Value1=0x01 7 | Const2=IDN_USE_STD3_ASCII_RULES 8 | Value2=0x02 9 | -------------------------------------------------------------------------------- /apis_def/msctfmonitor.api: -------------------------------------------------------------------------------- 1 | [InitLocalMsCtfMonitor] 2 | 1=DWORD dwFlags 3 | ParamCount=1 4 | @=InitLocalMsCtfMonitor 5 | [UninitLocalMsCtfMonitor] 6 | ParamCount=0 7 | @=UninitLocalMsCtfMonitor 8 | -------------------------------------------------------------------------------- /apis_def/headers/sxs.h.api: -------------------------------------------------------------------------------- 1 | [CreateAsmNameObjFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=CANOF_PARSE_DISPLAY_NAME 6 | Value1=0x1 7 | Const2=CANOF_SET_DEFAULT_VALUES 8 | Value2=0x2 9 | -------------------------------------------------------------------------------- /apis_def/headers/wab32.h.api: -------------------------------------------------------------------------------- 1 | [WAB_PARAM_Flags] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Flag 5 | Const1=WAB_USE_OE_SENDMAIL 6 | Value1=0x00000001 7 | Const2=WAB_ENABLE_PROFILES 8 | Value2=0x00400000 9 | -------------------------------------------------------------------------------- /apis_def/headers/wlanui.h.api: -------------------------------------------------------------------------------- 1 | [WL_DISPLAY_PAGES] 2 | Base=UINT 3 | Type=Enum 4 | Const1=WLConnectionPage 5 | Value1=0 6 | Const2=WLSecurityPage 7 | Value2=1 8 | Const3=WLAdvPage 9 | Value3=2 10 | -------------------------------------------------------------------------------- /apis_def/shsvcs.api: -------------------------------------------------------------------------------- 1 | [CreateHardwareEventMoniker] 2 | 1=REFCLSID clsid 3 | 2=LPCTSTR pszEventHandler 4 | 3=IMoniker** ppmoniker 5 | ParamCount=3 6 | Header=windows.h.api; 7 | @=CreateHardwareEventMoniker 8 | -------------------------------------------------------------------------------- /apis_def/windows.ui.api: -------------------------------------------------------------------------------- 1 | [CreateXamlUIPresenter] 2 | 1=IViewObjectPresentNotifySite* pPresentSite 3 | 2=Windows::UI::Xaml::Hosting::IXamlUIPresenter** ppPresenter 4 | ParamCount=2 5 | @=CreateXamlUIPresenter 6 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | ; Top-most EditorConfig file 2 | root = true 3 | 4 | ; Windows-style newlines 5 | [*] 6 | end_of_line = CRLF 7 | 8 | ; Tab indentation 9 | [*.{cpp,h}] 10 | indent_style = tab 11 | tab_width = 4 -------------------------------------------------------------------------------- /apis_def/headers/bthprops.h.api: -------------------------------------------------------------------------------- 1 | [BLUETOOTH_SERVICE_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Enum 5 | Const1=BLUETOOTH_SERVICE_DISABLE 6 | Value1=0x00 7 | Const2=BLUETOOTH_SERVICE_ENABLE 8 | Value2=0x01 9 | -------------------------------------------------------------------------------- /apis_def/slcext.api: -------------------------------------------------------------------------------- 1 | [SLAcquireGenuineTicket] 2 | 1=void** ppTicketBlob 3 | 2=UINT* pcbTicketBlob 4 | 3=PCWSTR pwszTemplateId 5 | 4=PCWSTR pwszServerUrl 6 | 5=PCWSTR pwszClientToken 7 | ParamCount=5 8 | @=SLAcquireGenuineTicket 9 | -------------------------------------------------------------------------------- /apis_def/winshfhc.api: -------------------------------------------------------------------------------- 1 | [EstimateFileRiskLevel] 2 | 1=LPCWSTR pszFilePath 3 | 2=LPCWSTR pszExt 4 | 3=LPCWSTR pszHandler 5 | 4=FILE_RISK_LEVEL* pfrlEstimate 6 | ParamCount=4 7 | Header=winshfhc.h.api; 8 | @=EstimateFileRiskLevel 9 | -------------------------------------------------------------------------------- /apis_def/headers/scarddlg.h.api: -------------------------------------------------------------------------------- 1 | [SC_DLG_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=SC_DLG_MINIMAL_UI 6 | Value1=0x01 7 | Const2=SC_DLG_NO_UI 8 | Value2=0x02 9 | Const3=SC_DLG_FORCE_UI 10 | Value3=0x04 11 | -------------------------------------------------------------------------------- /apis_def/ntshrui.api: -------------------------------------------------------------------------------- 1 | [CanShareFolderW] 2 | 1=LPCWSTR pszPath 3 | ParamCount=1 4 | @=CanShareFolderW 5 | [ShowShareFolderUI] 6 | 1=HWND hwndParent 7 | 2=LPCWSTR pszPath 8 | ParamCount=2 9 | Header=windows.h.api; 10 | @=ShowShareFolderUI 11 | -------------------------------------------------------------------------------- /apis_def/fxsutility.api: -------------------------------------------------------------------------------- 1 | [CanSendToFaxRecipient] 2 | ParamCount=0 3 | @=CanSendToFaxRecipient 4 | [SendToFaxRecipient] 5 | 1=[SendToMode] sndMode 6 | 2=LPCWSTR lpFileName 7 | ParamCount=2 8 | Header=fxsutility.h.api; 9 | @=SendToFaxRecipient 10 | -------------------------------------------------------------------------------- /apis_def/headers/nspr4.h.api: -------------------------------------------------------------------------------- 1 | [PrAddressFamily] 2 | TypeDisplay=PRIntn 3 | Base=PRIntn 4 | Type=Enum 5 | Const1=PR_AF_UNSPEC 6 | Value1=0 7 | Const2=PR_AF_LOCAL 8 | Value2=1 9 | Const3=PR_AF_INET 10 | Value3=2 11 | Const4=PR_AF_INET6 12 | Value4=100 13 | -------------------------------------------------------------------------------- /apis_def/cryptbase.api: -------------------------------------------------------------------------------- 1 | [SystemFunction036] 2 | SourceModule=advapi32.api 3 | @=SystemFunction036 4 | [SystemFunction040] 5 | SourceModule=advapi32.api 6 | @=SystemFunction040 7 | [SystemFunction041] 8 | SourceModule=advapi32.api 9 | @=SystemFunction041 10 | -------------------------------------------------------------------------------- /apis_def/headers/avrt.h.api: -------------------------------------------------------------------------------- 1 | [AVRT_PRIORITY] 2 | Base=UINT 3 | Type=Enum 4 | Const1=AVRT_PRIORITY_LOW 5 | Value1=-1 6 | Const2=AVRT_PRIORITY_NORMAL 7 | Value2=0 8 | Const3=AVRT_PRIORITY_HIGH 9 | Value3=1 10 | Const4=AVRT_PRIORITY_CRITICAL 11 | Value4=2 12 | -------------------------------------------------------------------------------- /apis_def/headers/dhcpcsvc6.h.api: -------------------------------------------------------------------------------- 1 | [StatusCode] 2 | Base=UINT 3 | Type=Enum 4 | Const1=STATUS_NO_ERROR 5 | Value1=0 6 | Const2=STATUS_UNSPECIFIED_FAILURE 7 | Value2=1 8 | Const3=STATUS_NO_BINDING 9 | Value3=3 10 | Const4=STATUS_NOPREFIX_AVAIL 11 | Value4=6 12 | -------------------------------------------------------------------------------- /apis_def/headers/winshfhc.h.api: -------------------------------------------------------------------------------- 1 | [FILE_RISK_LEVEL] 2 | Base=UINT 3 | Type=Enum 4 | Const1=FRL_NO_OPINION 5 | Value1=0 6 | Const2=FRL_LOW 7 | Value2=1 8 | Const3=FRL_MODERATE 9 | Value3=2 10 | Const4=FRL_HIGH 11 | Value4=3 12 | Const5=FRL_BLOCK 13 | Value5=4 14 | -------------------------------------------------------------------------------- /apis_def/headers/ncrypt.h.api: -------------------------------------------------------------------------------- 1 | [SslContentType] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Enum 5 | Const1=CT_CHANGE_CIPHER_SPEC 6 | Value1=20 7 | Const2=CT_ALERT 8 | Value2=21 9 | Const3=CT_HANDSHAKE 10 | Value3=22 11 | Const4=CT_APPLICATIONDATA 12 | Value4=23 13 | -------------------------------------------------------------------------------- /apis_def/headers/msimg32.h.api: -------------------------------------------------------------------------------- 1 | [GradientFillMode] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Enum 5 | Const1=GRADIENT_FILL_RECT_H 6 | Value1=0x00000000 7 | Const2=GRADIENT_FILL_RECT_V 8 | Value2=0x00000001 9 | Const3=GRADIENT_FILL_TRIANGLE 10 | Value3=0x00000002 11 | -------------------------------------------------------------------------------- /apis_def/headers/slwga.h.api: -------------------------------------------------------------------------------- 1 | [SL_GENUINE_STATE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=SL_GEN_STATE_IS_GENUINE 5 | Value1=0 6 | Const2=SL_GEN_STATE_INVALID_LICENSE 7 | Value2=1 8 | Const3=SL_GEN_STATE_TAMPERED 9 | Value3=2 10 | Const4=SL_GEN_STATE_LAST 11 | Value4=3 12 | -------------------------------------------------------------------------------- /apis_def/headers/mqrt.h.api: -------------------------------------------------------------------------------- 1 | [MQPR_Rel] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Flag 5 | Const1=PRLT 6 | Value1=0 7 | Const2=PRLE 8 | Value2=1 9 | Const3=PRGT 10 | Value3=2 11 | Const4=PRGE 12 | Value4=3 13 | Const5=PREQ 14 | Value5=4 15 | Const6=PRNE 16 | Value6=5 17 | -------------------------------------------------------------------------------- /apis_def/headers/mspatcha.h.api: -------------------------------------------------------------------------------- 1 | [ApplyOptionFlags] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Flag 5 | Const1=APPLY_OPTION_FAIL_IF_EXACT 6 | Value1=0x00000001 7 | Const2=APPLY_OPTION_FAIL_IF_CLOSE 8 | Value2=0x00000002 9 | Const3=APPLY_OPTION_TEST_ONLY 10 | Value3=0x00000004 11 | -------------------------------------------------------------------------------- /apis_def/headers/dotnet.h.api: -------------------------------------------------------------------------------- 1 | [ASM_CACHE_FLAGS] 2 | Base=DWORD 3 | Type=Flag 4 | Const1=ASM_CACHE_ZAP 5 | Value1=0x1 6 | Const2=ASM_CACHE_GAC 7 | Value2=0x2 8 | Const3=ASM_CACHE_DOWNLOAD 9 | Value3=0x4 10 | Const4=ASM_CACHE_ROOT 11 | Value4=0x8 12 | Const5=ASM_CACHE_ROOT_EX 13 | Value5=0x80 14 | -------------------------------------------------------------------------------- /apis_def/legitlib.api: -------------------------------------------------------------------------------- 1 | [GetLastErrors] 2 | 1=WCHAR** ppwszTrace 3 | ParamCount=1 4 | @=GetLastErrors 5 | [IsAlreadyGenuine] 6 | ParamCount=0 7 | @=IsAlreadyGenuine 8 | [LegitCheck] 9 | ParamCount=0 10 | @=LegitCheck 11 | [SetPartnerID] 12 | 1=int nPartnerID 13 | ParamCount=1 14 | @=SetPartnerID 15 | -------------------------------------------------------------------------------- /apis_def/loadperf.api: -------------------------------------------------------------------------------- 1 | [LoadPerfCounterTextStrings] 2 | 1=LPCTSTR commandLine 3 | 2=BOOL bQuietModeArg 4 | ParamCount=2 5 | @=LoadPerfCounterTextStrings 6 | [UnloadPerfCounterTextStrings] 7 | 1=LPCTSTR commandLine 8 | 2=BOOL bQuietModeArg 9 | ParamCount=2 10 | @=UnloadPerfCounterTextStrings 11 | -------------------------------------------------------------------------------- /apis_def/mfplay.api: -------------------------------------------------------------------------------- 1 | [MFPCreateMediaPlayer] 2 | 1=LPCWSTR pwszURL 3 | 2=BOOL fStartPlayback 4 | 3=MFP_CREATION_OPTIONS creationOptions 5 | 4=IMFPMediaPlayerCallback* pCallback 6 | 5=HWND hWnd 7 | 6=IMFPMediaPlayer** ppMediaPlayer 8 | ParamCount=6 9 | Header=windows.h.api; 10 | @=MFPCreateMediaPlayer 11 | -------------------------------------------------------------------------------- /apis_def/rpcdiag.api: -------------------------------------------------------------------------------- 1 | [RpcDiagnoseError] 2 | 1=RPC_BINDING_HANDLE BindingHandle 3 | 2=RPC_IF_HANDLE IfSpec 4 | 3=[RPC_STATUS] RpcStatus 5 | 4=RPC_ERROR_ENUM_HANDLE* EnumHandle 6 | 5=ULONG Options 7 | 6=HWND ParentWindow 8 | ParamCount=6 9 | Header=rpc.h.api;windows.h.api; 10 | @=RpcDiagnoseError 11 | -------------------------------------------------------------------------------- /apis_def/sensapi.api: -------------------------------------------------------------------------------- 1 | [IsDestinationReachable] 2 | 1=LPCSTR lpszDestination 3 | 2=LPQOCINFO lpQOCInfo 4 | ParamCount=2 5 | Header=sensapi.h.api; 6 | @=IsDestinationReachable 7 | [IsNetworkAlive] 8 | 1=[NetworkAliveFlags*] lpdwFlags 9 | ParamCount=1 10 | Header=sensapi.h.api; 11 | @=IsNetworkAlive 12 | -------------------------------------------------------------------------------- /apis_def/nss3.api: -------------------------------------------------------------------------------- 1 | [NSS_Init] 2 | 1=char* configdir 3 | ParamCount=1 4 | @=NSS_Init 5 | [NSS_InitReadWrite] 6 | 1=char* configdir 7 | ParamCount=1 8 | @=NSS_InitReadWrite 9 | [NSS_NoDB_Init] 10 | 1=char* reserved 11 | ParamCount=1 12 | @=NSS_NoDB_Init 13 | [NSS_Shutdown] 14 | ParamCount=0 15 | @=NSS_Shutdown 16 | -------------------------------------------------------------------------------- /apis_def/plc4.api: -------------------------------------------------------------------------------- 1 | [PL_strlen] 2 | 1=const char* str 3 | ParamCount=1 4 | @=PL_strlen 5 | [PL_strcpy] 6 | 1=char* dest 7 | 2=const char* src 8 | ParamCount=2 9 | @=PL_strcpy 10 | [PL_strdup] 11 | 1=const char* s 12 | ParamCount=1 13 | @=PL_strdup 14 | [PL_strfree] 15 | 1=char* s 16 | ParamCount=1 17 | @=PL_strfree 18 | -------------------------------------------------------------------------------- /apis_def/headers/aclui.h.api: -------------------------------------------------------------------------------- 1 | [SI_PAGE_TYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=SI_PAGE_PERM 5 | Value1=0 6 | Const2=SI_PAGE_ADVPERM 7 | Value2=1 8 | Const3=SI_PAGE_AUDIT 9 | Value3=2 10 | Const4=SI_PAGE_OWNER 11 | Value4=3 12 | Const5=SI_PAGE_EFFECTIVE 13 | Value5=4 14 | Const6=SI_PAGE_TAKEOWNERSHIP 15 | Value6=5 16 | -------------------------------------------------------------------------------- /apis_def/headers/imagehlp.h.api: -------------------------------------------------------------------------------- 1 | [WIN_CERT_TYPE] 2 | TypeDisplay=WORD 3 | Base=WORD 4 | Type=Flag 5 | Const1=WIN_CERT_TYPE_X509 6 | Value1=0x0001 7 | Const2=WIN_CERT_TYPE_PKCS_SIGNED_DATA 8 | Value2=0x0002 9 | Const3=WIN_CERT_TYPE_RESERVED_1 10 | Value3=0x0003 11 | Const4=WIN_CERT_TYPE_TS_STACK_SIGNED 12 | Value4=0x0004 13 | -------------------------------------------------------------------------------- /apis_def/wlanui.api: -------------------------------------------------------------------------------- 1 | [WlanUIEditProfile] 2 | 1=DWORD dwClientVersion 3 | 2=LPCWSTR wstrProfileName 4 | 3=GUID* pInterfaceGuid 5 | 4=HWND hWnd 6 | 5=[WL_DISPLAY_PAGES] wlStartPage 7 | 6=PVOID pReserved 8 | 7=PWLAN_REASON_CODE pWlanReasonCode 9 | ParamCount=7 10 | Header=wlanui.h.api;windows.h.api; 11 | @=WlanUIEditProfile 12 | -------------------------------------------------------------------------------- /apis_def/headers/api-ms-win-net-isolation-l1.h.api: -------------------------------------------------------------------------------- 1 | [NETISO_ERROR_TYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=NETISO_ERROR_TYPE_NONE 5 | Value1=0x00 6 | Const2=NETISO_ERROR_TYPE_PRIVATE_NETWORK 7 | Value2=0x01 8 | Const3=NETISO_ERROR_TYPE_INTERNET_CLIENT 9 | Value3=0x02 10 | Const4=NETISO_ERROR_TYPE_INTERNET_CLIENT_SERVER 11 | Value4=0x03 12 | -------------------------------------------------------------------------------- /apis_def/headers/prntvpt.h.api: -------------------------------------------------------------------------------- 1 | [EDefaultDevmodeType] 2 | Base=UINT 3 | Type=Enum 4 | Const1=kUserDefaultDevmode 5 | Value1=0 6 | Const2=kPrinterDefaultDevmode 7 | Value2=1 8 | [EPrintTicketScope] 9 | Base=UINT 10 | Type=Enum 11 | Const1=kPTPageScope 12 | Value1=0 13 | Const2=kPTDocumentScope 14 | Value2=1 15 | Const3=kPTJobScope 16 | Value3=3 17 | -------------------------------------------------------------------------------- /apis_def/msidle.api: -------------------------------------------------------------------------------- 1 | [BeginIdleDetection] 2 | 1=_IDLECALLBACK pfnCallback 3 | 2=DWORD dwIdleMin 4 | 3=DWORD dwReserved 5 | ParamCount=3 6 | Header= 7 | @=BeginIdleDetection 8 | [EndIdleDetection] 9 | 1=DWORD dwReserved 10 | ParamCount=1 11 | @=EndIdleDetection 12 | [GetIdleMinutes] 13 | 1=DWORD dwReserved 14 | ParamCount=1 15 | @=GetIdleMinutes 16 | -------------------------------------------------------------------------------- /apis_def/scarddlg.api: -------------------------------------------------------------------------------- 1 | [GetOpenCardName] 2 | 1=LPOPENCARDNAME pDlgStruc 3 | ParamCount=1 4 | Header=scarddlg.h.api; 5 | @=GetOpenCardName 6 | [SCardDlgExtendedError] 7 | ParamCount=0 8 | @=SCardDlgExtendedError 9 | [SCardUIDlgSelectCard] 10 | 1=LPOPENCARDNAME_EX pDlgStruc 11 | ParamCount=1 12 | Header=scarddlg.h.api; 13 | @=SCardUIDlgSelectCard 14 | -------------------------------------------------------------------------------- /apis_def/headers/peerdist.h.api: -------------------------------------------------------------------------------- 1 | [PEERDIST_STATUS] 2 | Base=UINT 3 | Type=Enum 4 | Const1=PEERDIST_STATUS_DISABLED 5 | Value1=0 6 | Const2=PEERDIST_STATUS_UNAVAILABLE 7 | Value2=1 8 | Const3=PEERDIST_STATUS_AVAILABLE 9 | Value3=2 10 | [PEERDIST_CLIENT_INFO_BY_HANDLE_CLASS] 11 | Base=UINT 12 | Type=Enum 13 | Const1=PeerDistClientBasicInfo 14 | Value1=0 15 | -------------------------------------------------------------------------------- /apis_def/headers/sensapi.h.api: -------------------------------------------------------------------------------- 1 | [NetworkAliveFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=NETWORK_ALIVE_LAN 6 | Value1=0x00000001 7 | Const2=NETWORK_ALIVE_WAN 8 | Value2=0x00000002 9 | Const3=NETWORK_ALIVE_AOL 10 | Value3=0x00000004 11 | [NetworkAliveFlags*] 12 | TypeDisplay=LPDWORD 13 | Base=[NetworkAliveFlags] 14 | Header=sensapi.h.api; 15 | -------------------------------------------------------------------------------- /apis_def/headers/wdsbp.h.api: -------------------------------------------------------------------------------- 1 | [WDSBP_PK_TYPE] 2 | TypeDisplay=BYTE 3 | Base=BYTE 4 | Type=Flag 5 | Const1=WDSBP_PK_TYPE_DHCP 6 | Value1=1 7 | Const2=WDSBP_PK_TYPE_WDSNBP 8 | Value2=2 9 | Const3=WDSBP_PK_TYPE_BCD 10 | Value3=4 11 | Const4=WDSBP_PK_TYPE_DHCPV6 12 | Value4=8 13 | [WDSBP_PK_TYPE*] 14 | TypeDisplay=PBYTE 15 | Base=[WDSBP_PK_TYPE] 16 | Header=wdsbp.h.api; 17 | -------------------------------------------------------------------------------- /apis_def/mstask.api: -------------------------------------------------------------------------------- 1 | [GetNetScheduleAccountInformation] 2 | 1=LPCWSTR pwszServerName 3 | 2=DWORD ccAccount 4 | 3=WCHAR [] wszAccount 5 | ParamCount=3 6 | @=GetNetScheduleAccountInformation 7 | [SetNetScheduleAccountInformation] 8 | 1=LPCWSTR pwszServerName 9 | 2=LPCWSTR pwszAccount 10 | 3=LPCWSTR pwszPassword 11 | ParamCount=3 12 | @=SetNetScheduleAccountInformation 13 | -------------------------------------------------------------------------------- /apis_def/vhdmount.api: -------------------------------------------------------------------------------- 1 | [GetSCSIAddress] 2 | 1=PWCHAR VHDFileName 3 | 2=ULONG Flags 4 | 3=ULONG SCSIAddressLength 5 | 4=PWCHAR SCSIAddress 6 | ParamCount=4 7 | @=GetSCSIAddress 8 | [MountVHD] 9 | 1=PWCHAR VHDFileName 10 | 2=ULONG Flags 11 | ParamCount=2 12 | @=MountVHD 13 | [UnmountVHD] 14 | 1=PWCHAR VHDFileName 15 | 2=ULONG Flags 16 | ParamCount=2 17 | @=UnmountVHD 18 | -------------------------------------------------------------------------------- /apis_def/sxs.api: -------------------------------------------------------------------------------- 1 | [CreateAssemblyCache] 2 | 1=IAssemblyCache** ppAsmCache 3 | 2=DWORD dwReserved 4 | ParamCount=2 5 | @=CreateAssemblyCache 6 | [CreateAssemblyNameObject] 7 | 1=LPASSEMBLYNAME* ppAssemblyNameObj 8 | 2=LPCWSTR szAssemblyName 9 | 3=[CreateAsmNameObjFlags] dwFlags 10 | 4=LPVOID pvReserved 11 | ParamCount=4 12 | Header=sxs.h.api;dotnet.h.api; 13 | @=CreateAssemblyNameObject 14 | -------------------------------------------------------------------------------- /apis_def/faultrep.api: -------------------------------------------------------------------------------- 1 | [WerReportHang] 2 | 1=HWND hwndHungWinow 3 | 2=PCWSTR wszHungApplicationName 4 | ParamCount=2 5 | Header=windows.h.api; 6 | @=WerReportHang 7 | [AddERExcludedApplication] 8 | 1=LPCTSTR szApplication 9 | ParamCount=1 10 | @=AddERExcludedApplication 11 | [ReportFault] 12 | 1=LPEXCEPTION_POINTERS pep 13 | 2=DWORD dwMode 14 | ParamCount=2 15 | Header=windows.h.api; 16 | @=ReportFault 17 | -------------------------------------------------------------------------------- /apis_def/slwga.api: -------------------------------------------------------------------------------- 1 | [SLIsGenuineLocal] 2 | 1=SLID* pAppId 3 | 2=SL_GENUINE_STATE* pGenuineState 4 | 3=SL_NONGENUINE_UI_OPTIONS* pUIOptions 5 | ParamCount=3 6 | Header=slwga.h.api;windows.h.api; 7 | @=SLIsGenuineLocal 8 | [SLIsGenuineLocalEx] 9 | 1=SLID* pAppId 10 | 2=SLID* pSkuId 11 | 3=SL_GENUINE_STATE* pGenuineState 12 | ParamCount=3 13 | Header=slwga.h.api;windows.h.api; 14 | @=SLIsGenuineLocalEx 15 | -------------------------------------------------------------------------------- /apis_def/dsuiext.api: -------------------------------------------------------------------------------- 1 | [DsBrowseForContainer] 2 | 1=PDSBROWSEINFO pInfo 3 | ParamCount=1 4 | Header= 5 | @=DsBrowseForContainer 6 | [DsGetFriendlyClassName] 7 | 1=LPWSTR pszObjectClass 8 | 2=LPWSTR pszBuffer 9 | 3=INT cchBuffer 10 | ParamCount=3 11 | @=DsGetFriendlyClassName 12 | [DsGetIcon] 13 | 1=DWORD dwFlags 14 | 2=LPWSTR pszObjectClass 15 | 3=INT cxImage 16 | 4=INT cyImage 17 | ParamCount=4 18 | @=DsGetIcon 19 | -------------------------------------------------------------------------------- /apis_def/headers/network.h.api: -------------------------------------------------------------------------------- 1 | [LSA_FOREST_TRUST_RECORD_TYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=ForestTrustTopLevelName 5 | Value1=0 6 | Const2=ForestTrustTopLevelNameEx 7 | Value2=1 8 | Const3=ForestTrustDomainInfo 9 | Value3=2 10 | [LSA_FOREST_TRUST_COLLISION_RECORD_TYPE] 11 | Base=UINT 12 | Type=Enum 13 | Const1=CollisionTdo 14 | Value1=0 15 | Const2=CollisionXref 16 | Value2=1 17 | Const3=CollisionOther 18 | Value3=2 19 | -------------------------------------------------------------------------------- /apis_def/wsclient.api: -------------------------------------------------------------------------------- 1 | [CheckDeveloperLicense] 2 | 1=FILETIME* pExpiration 3 | ParamCount=1 4 | Header=windows.h.api; 5 | @=CheckDeveloperLicense 6 | [AcquireDeveloperLicense] 7 | 1=HWND hwndParent 8 | 2=FILETIME* pExpiration 9 | ParamCount=2 10 | Header=windows.h.api; 11 | @=AcquireDeveloperLicense 12 | [RemoveDeveloperLicense] 13 | 1=HWND hwndParent 14 | ParamCount=1 15 | Header=windows.h.api; 16 | @=RemoveDeveloperLicense 17 | -------------------------------------------------------------------------------- /apis_def/headers/faultrep.h.api: -------------------------------------------------------------------------------- 1 | [EFaultRepRetVal] 2 | Base=UINT 3 | Type=Enum 4 | Const1=frrvOk 5 | Value1=0 6 | Const2=frrvOkManifest 7 | Value2=1 8 | Const3=frrvOkQueued 9 | Value3=2 10 | Const4=frrvErr 11 | Value4=3 12 | Const5=frrvErrNoDW 13 | Value5=4 14 | Const6=frrvErrTimeout 15 | Value6=5 16 | Const7=frrvLaunchDebugger 17 | Value7=6 18 | Const8=frrvOkHeadless 19 | Value8=7 20 | Const9=frrvErrAnotherInstance 21 | Value9=8 22 | -------------------------------------------------------------------------------- /apis_def/avicap32.api: -------------------------------------------------------------------------------- 1 | [capCreateCaptureWindow] 2 | 1=LPCTSTR lpszWindowName 3 | 2=DWORD dwStyle 4 | 3=int x 5 | 4=int y 6 | 5=int nWidth 7 | 6=int nHeight 8 | 7=HWND hWnd 9 | 8=int nID 10 | ParamCount=8 11 | Header=windows.h.api; 12 | @=capCreateCaptureWindow 13 | [capGetDriverDescription] 14 | 1=WORD wDriverIndex 15 | 2=LPTSTR lpszName 16 | 3=INT cbName 17 | 4=LPTSTR lpszVer 18 | 5=INT cbVer 19 | ParamCount=5 20 | @=capGetDriverDescription 21 | -------------------------------------------------------------------------------- /apis_def/headers/shcore.h.api: -------------------------------------------------------------------------------- 1 | [BSOS_OPTIONS] 2 | Base=UINT 3 | Type=Enum 4 | Const1=BSOS_DEFAULT 5 | Value1=0 6 | Const2=BSOS_PREFERDESTINATIONSTREAM 7 | Value2=1 8 | [FileAccessMode] 9 | TypeDisplay=DWORD 10 | Base=DWORD 11 | Type=Enum 12 | Const1=Read 13 | Value1=0 14 | Const2=ReadWrite 15 | Value2=1 16 | [DISPLAY_DEVICE_TYPE] 17 | Base=UINT 18 | Type=Enum 19 | Const1=DEVICE_PRIMARY 20 | Value1=0 21 | Const2=DEVICE_IMMERSIVE 22 | Value2=1 23 | -------------------------------------------------------------------------------- /apis_def/headers/dssec.h.api: -------------------------------------------------------------------------------- 1 | [DSSI_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=DSSI_READ_ONLY 6 | Value1=0x00000001 7 | Const2=DSSI_NO_ACCESS_CHECK 8 | Value2=0x00000002 9 | Const3=DSSI_NO_EDIT_SACL 10 | Value3=0x00000004 11 | Const4=DSSI_NO_EDIT_OWNER 12 | Value4=0x00000008 13 | Const5=DSSI_IS_ROOT 14 | Value5=0x00000010 15 | Const6=DSSI_NO_FILTER 16 | Value6=0x00000020 17 | Const7=DSSI_NO_READONLY_MESSAGE 18 | Value7=0x00000040 19 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /xAnalyzer/Utf8Ini/README.md: -------------------------------------------------------------------------------- 1 | # Utf8Ini 2 | Small and simple INI Parser for UTF-8 data written in C++. Used in [x64dbg](http://x64dbg.com). 3 | 4 | Basically it supports this: 5 | 6 | ``` 7 | [Section 1] 8 | Key 1=Value 1 9 | Key 1 = "Value 2" 10 | Key 2=" this string starts and ends with a space " 11 | 12 | ; comment line 13 | 14 | [Section 2] 15 | Key 1="this string contains a\nnewline and escaped characters \\ \\n " 16 | Key 2 = I like Utf8Ini! 17 | ``` 18 | -------------------------------------------------------------------------------- /apis_def/headers/ntdsbcli.h.api: -------------------------------------------------------------------------------- 1 | [NtdsBackupType] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Flag 5 | Const1=BACKUP_TYPE_FULL 6 | Value1=0x01 7 | Const2=BACKUP_TYPE_LOGS_ONLY 8 | Value2=0x02 9 | Const3=BACKUP_TYPE_INCREMENTAL 10 | Value3=0x04 11 | [NtdsRestoreType] 12 | TypeDisplay=ULONG 13 | Base=ULONG 14 | Type=Flag 15 | Const1=RESTORE_TYPE_AUTHORATATIVE 16 | Value1=0x01 17 | Const2=RESTORE_TYPE_ONLINE 18 | Value2=0x02 19 | Const3=RESTORE_TYPE_CATCHUP 20 | Value3=0x04 21 | -------------------------------------------------------------------------------- /apis_def/aclui.api: -------------------------------------------------------------------------------- 1 | [CreateSecurityPage] 2 | 1=LPSECURITYINFO psi 3 | ParamCount=1 4 | Header=security.h.api; 5 | @=CreateSecurityPage 6 | [EditSecurity] 7 | 1=HWND hwndOwner 8 | 2=LPSECURITYINFO psi 9 | ParamCount=2 10 | Header=security.h.api;windows.h.api; 11 | @=EditSecurity 12 | [EditSecurityAdvanced] 13 | 1=HWND hwndOwner 14 | 2=LPSECURITYINFO psi 15 | 3=[SI_PAGE_TYPE] uSIPage 16 | ParamCount=3 17 | Header=aclui.h.api;security.h.api;windows.h.api; 18 | @=EditSecurityAdvanced 19 | -------------------------------------------------------------------------------- /apis_def/headers/rstrtmgr.h.api: -------------------------------------------------------------------------------- 1 | [RM_FILTER_ACTION] 2 | Base=UINT 3 | Type=Enum 4 | Const1=RmInvalidFilterAction 5 | Value1=0 6 | Const2=RmNoRestart 7 | Value2=1 8 | Const3=RmNoShutdown 9 | Value3=2 10 | [RM_APP_TYPE] 11 | Base=UINT 12 | Type=Enum 13 | Const1=RmUnknownApp 14 | Value1=0 15 | Const2=RmMainWindow 16 | Value2=1 17 | Const3=RmOtherWindow 18 | Value3=2 19 | Const4=RmService 20 | Value4=3 21 | Const5=RmExplorer 22 | Value5=4 23 | Const6=RmConsole 24 | Value6=5 25 | Const7=RmCritical 26 | Value7=1000 27 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_plugin_types.h: -------------------------------------------------------------------------------- 1 | #ifndef _PLUGIN_DATA_H 2 | #define _PLUGIN_DATA_H 3 | 4 | #ifdef BUILD_DBG 5 | 6 | #include "_global.h" 7 | 8 | #else 9 | 10 | #ifdef __GNUC__ 11 | #include "dbghelp/dbghelp.h" 12 | #else 13 | #include 14 | #endif // __GNUC__ 15 | 16 | #ifndef deflen 17 | #define deflen 1024 18 | #endif // deflen 19 | 20 | #include "bridgemain.h" 21 | #include "_dbgfunctions.h" 22 | #include "jansson/jansson.h" 23 | 24 | #endif // BUILD_DBG 25 | 26 | #endif // _PLUGIN_DATA_H 27 | -------------------------------------------------------------------------------- /apis_def/jsproxy.api: -------------------------------------------------------------------------------- 1 | [InternetDeInitializeAutoProxyDll] 2 | 1=LPSTR lpszMime 3 | 2=DWORD dwReserved 4 | ParamCount=2 5 | @=InternetDeInitializeAutoProxyDll 6 | [InternetGetProxyInfo] 7 | 1=LPCSTR lpszUrl 8 | 2=DWORD dwUrlLength 9 | 3=LPSTR lpszUrlHostName 10 | 4=DWORD dwUrlHostNameLength 11 | 5=LPSTR* lplpszProxyHostName 12 | 6=LPDWORD lpdwProxyHostNameLength 13 | ParamCount=6 14 | @=InternetGetProxyInfo 15 | [InternetInitializeAutoProxyDll] 16 | 1=DWORD dwReserved 17 | ParamCount=1 18 | @=InternetInitializeAutoProxyDll 19 | -------------------------------------------------------------------------------- /apis_def/headers/fax.h.api: -------------------------------------------------------------------------------- 1 | [FaxLogCategory] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Enum 5 | Const1=FAXLOG_CATEGORY_INIT 6 | Value1=0 7 | Const2=FAXLOG_CATEGORY_OUTBOUND 8 | Value2=1 9 | Const3=FAXLOG_CATEGORY_INBOUND 10 | Value3=2 11 | Const4=FAXLOG_CATEGORY_UNKNOWN 12 | Value4=3 13 | [FaxLogLevel] 14 | TypeDisplay=DWORD 15 | Base=DWORD 16 | Type=Enum 17 | Const1=FAXLOG_LEVEL_NONE 18 | Value1=0 19 | Const2=FAXLOG_LEVEL_MIN 20 | Value2=1 21 | Const3=FAXLOG_LEVEL_MED 22 | Value3=2 23 | Const4=FAXLOG_LEVEL_MAX 24 | Value4=3 25 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_stack.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_STACK_H 2 | #define _SCRIPTAPI_STACK_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Stack 9 | { 10 | SCRIPT_EXPORT duint Pop(); 11 | SCRIPT_EXPORT duint Push(duint value); //returns the previous top, equal to Peek(1) 12 | SCRIPT_EXPORT duint Peek(int offset = 0); //offset is in multiples of Register::Size(), for easy x32/x64 portability 13 | }; //Stack 14 | }; //Script 15 | 16 | #endif //_SCRIPTAPI_STACK_H -------------------------------------------------------------------------------- /apis_def/wab32.api: -------------------------------------------------------------------------------- 1 | [WABOpen] 2 | 1=LPADRBOOK* lppAdrBook 3 | 2=LPWABOBJECT* lppWABObject 4 | 3=LPWAB_PARAM lpWABParam 5 | 4=DWORD Reserved2 6 | ParamCount=4 7 | Header=wab32.h.api;windows.h.api; 8 | @=WABOpen 9 | [WABOpenEx] 10 | 1=LPADRBOOK* lppAdrBook 11 | 2=LPWABOBJECT* lppWABObject 12 | 3=LPWAB_PARAM lpWABParam 13 | 4=DWORD Reserved2 14 | 5=ALLOCATEBUFFER* lpfnAllocateBuffer 15 | 6=ALLOCATEMORE* lpfnAllocateMore 16 | 7=FREEBUFFER* lpfnFreeBuffer 17 | ParamCount=7 18 | Header=wab32.h.api;ole.h.api;windows.h.api; 19 | @=WABOpenEx 20 | -------------------------------------------------------------------------------- /apis_def/headers/gpedit.h.api: -------------------------------------------------------------------------------- 1 | [GROUP_POLICY_OBJECT_TYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=GPOTypeLocal 5 | Value1=0 6 | Const2=GPOTypeRemote 7 | Value2=1 8 | Const3=GPOTypeDS 9 | Value3=2 10 | Const4=GPOTypeLocalUser 11 | Value4=3 12 | Const5=GPOTypeLocalGroup 13 | Value5=4 14 | [GROUP_POLICY_HINT_TYPE] 15 | Base=UINT 16 | Type=Enum 17 | Const1=GPHintUnknown 18 | Value1=0 19 | Const2=GPHintMachine 20 | Value2=1 21 | Const3=GPHintSite 22 | Value3=2 23 | Const4=GPHintDomain 24 | Value4=3 25 | Const5=GPHintOrganizationalUnit 26 | Value5=4 27 | -------------------------------------------------------------------------------- /apis_def/qosname.api: -------------------------------------------------------------------------------- 1 | [WPUGetQOSTemplate] 2 | 1=LPGUID lpProviderId 3 | 2=LPWSABUF lpQOSName 4 | 3=LPQOS lpQOS 5 | ParamCount=3 6 | Header=sockets.h.api;windows.h.api; 7 | @=WPUGetQOSTemplate 8 | [WSCInstallQOSTemplate] 9 | 1=LPGUID lpProviderId 10 | 2=LPWSABUF lpQOSName 11 | 3=LPQOS lpQOS 12 | ParamCount=3 13 | Header=sockets.h.api;windows.h.api; 14 | @=WSCInstallQOSTemplate 15 | [WSCRemoveQOSTemplate] 16 | 1=LPGUID lpProviderId 17 | 2=LPWSABUF lpQOSName 18 | ParamCount=2 19 | Header=sockets.h.api;windows.h.api; 20 | @=WSCRemoveQOSTemplate 21 | -------------------------------------------------------------------------------- /apis_def/txfw32.api: -------------------------------------------------------------------------------- 1 | [TxfLogCreateFileReadContext] 2 | 1=LPCWSTR LogPath 3 | 2=CLFS_LSN BeginningLsn 4 | 3=CLFS_LSN EndingLSN 5 | 4=PTXF_ID TxfFileId 6 | 5=PVOID* TxfLogContext 7 | ParamCount=5 8 | Header=clfsw32.h.api; 9 | @=TxfLogCreateFileReadContext 10 | [TxfLogDestroyReadContext] 11 | 1=PVOID TxfLogContext 12 | ParamCount=1 13 | @=TxfLogDestroyReadContext 14 | [TxfLogReadRecords] 15 | 1=PVOID TxfLogContext 16 | 2=ULONG BufferLength 17 | 3=PVOID Buffer 18 | 4=PULONG BytesUsed 19 | 5=PULONG RecordCount 20 | ParamCount=5 21 | @=TxfLogReadRecords 22 | -------------------------------------------------------------------------------- /apis_def/headers/traffic.h.api: -------------------------------------------------------------------------------- 1 | [QOS_OBJECT_HDR_TYPE] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Enum 5 | Const1=QOS_OBJECT_END_OF_LIST 6 | Value1=2001 7 | Const2=QOS_OBJECT_SD_MODE 8 | Value2=2002 9 | Const3=QOS_OBJECT_SHAPING_RATE 10 | Value3=2003 11 | Const4=QOS_OBJECT_DESTADDR 12 | Value4=2004 13 | Const5=RSVP_OBJECT_STATUS_INFO 14 | Value5=1000 15 | Const6=RSVP_OBJECT_RESERVE_INFO 16 | Value6=1001 17 | Const7=RSVP_OBJECT_ADSPEC 18 | Value7=1002 19 | Const8=RSVP_OBJECT_POLICY_INFO 20 | Value8=1003 21 | Const9=RSVP_OBJECT_FILTERSPEC_LIST 22 | Value9=1004 23 | -------------------------------------------------------------------------------- /apis_def/idndl.api: -------------------------------------------------------------------------------- 1 | [DownlevelGetLocaleScripts] 2 | 1=LPCWSTR lpLocaleName 3 | 2=LPWSTR lpScripts 4 | 3=int cchScripts 5 | ParamCount=3 6 | @=DownlevelGetLocaleScripts 7 | [DownlevelGetStringScripts] 8 | 1=DWORD dwFlags 9 | 2=LPCWSTR lpString 10 | 3=int cchString 11 | 4=LPWSTR lpScripts 12 | 5=int cchScripts 13 | ParamCount=5 14 | @=DownlevelGetStringScripts 15 | [DownlevelVerifyScripts] 16 | 1=DWORD dwFlags 17 | 2=LPCWSTR lpLocaleScripts 18 | 3=int cchLocaleScripts 19 | 4=LPCWSTR lpTestScripts 20 | 5=int cchTestScripts 21 | ParamCount=5 22 | @=DownlevelVerifyScripts 23 | -------------------------------------------------------------------------------- /apis_def/headers/wdstptc.h.api: -------------------------------------------------------------------------------- 1 | [WdsAuthLevel] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Enum 5 | Const1=WDS_TRANSPORTCLIENT_AUTH 6 | Value1=0x1 7 | Const2=WDS_TRANSPORTCLIENT_NO_AUTH 8 | Value2=0x2 9 | [TRANSPORTCLIENT_CALLBACK_ID] 10 | Base=UINT 11 | Type=Enum 12 | Const1=WDS_TRANSPORTCLIENT_SESSION_START 13 | Value1=0 14 | Const2=WDS_TRANSPORTCLIENT_RECEIVE_CONTENTS 15 | Value2=1 16 | Const3=WDS_TRANSPORTCLIENT_SESSION_COMPLETE 17 | Value3=2 18 | Const4=WDS_TRANSPORTCLIENT_RECEIVE_METADATA 19 | Value4=3 20 | Const5=WDS_TRANSPORTCLIENT_SESSION_STARTEX 21 | Value5=4 22 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/jansson/jansson_x64dbg.h: -------------------------------------------------------------------------------- 1 | typedef json_t* JSON; 2 | 3 | static JSON_INLINE 4 | json_t* json_hex(unsigned json_int_t value) 5 | { 6 | char hexvalue[20]; 7 | sprintf(hexvalue, "0x%llX", value); 8 | return json_string(hexvalue); 9 | } 10 | 11 | static JSON_INLINE 12 | unsigned json_int_t json_hex_value(const json_t* hex) 13 | { 14 | unsigned json_int_t ret = 0; 15 | const char* hexvalue; 16 | hexvalue = json_string_value(hex); 17 | if(!hexvalue) 18 | return 0; 19 | sscanf(hexvalue, "0x%llX", &ret); 20 | return ret; 21 | } -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_misc.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MISC_H 2 | #define _SCRIPTAPI_MISC_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Misc 9 | { 10 | SCRIPT_EXPORT bool ParseExpression(const char* expression, duint* value); 11 | SCRIPT_EXPORT duint RemoteGetProcAddress(const char* module, const char* api); 12 | SCRIPT_EXPORT duint ResolveLabel(const char* label); 13 | SCRIPT_EXPORT void* Alloc(duint size); 14 | SCRIPT_EXPORT void Free(void* ptr); 15 | }; //Misc 16 | }; //Script 17 | 18 | #endif //_SCRIPTAPI_MISC_H -------------------------------------------------------------------------------- /apis_def/sqlsrv32.api: -------------------------------------------------------------------------------- 1 | [ConfigDriver] 2 | 1=HWND hwndParent 3 | 2=[ODBC_DRIVER_REQUEST] fRequest 4 | 3=LPCTSTR lpszDriver 5 | 4=LPCTSTR lpszArgs 6 | 5=LPTSTR lpszMsg 7 | 6=WORD cbMsgMax 8 | 7=WORD* pcbMsgOut 9 | ParamCount=7 10 | Header=odbc.h.api;windows.h.api; 11 | @=ConfigDriver 12 | [ConfigDSN] 13 | 1=HWND hwndParent 14 | 2=[ODBC_DSN_REQUEST] fRequest 15 | 3=LPCTSTR lpszDriver 16 | 4=LPCTSTR lpszAttributes 17 | ParamCount=4 18 | Header=odbc.h.api;windows.h.api; 19 | @=ConfigDSN 20 | [ConfigTranslator] 21 | 1=HWND hwndParent 22 | 2=DWORD* pvOption 23 | ParamCount=2 24 | Header=windows.h.api; 25 | @=ConfigTranslator 26 | -------------------------------------------------------------------------------- /apis_def/cryptdlg.api: -------------------------------------------------------------------------------- 1 | [CertSelectCertificate] 2 | 1=PCERT_SELECT_STRUCT pCertSelectInfo 3 | ParamCount=1 4 | Header= 5 | @=CertSelectCertificate 6 | [GetFriendlyNameOfCert] 7 | 1=PCCERT_CONTEXT pccert 8 | 2=LPTSTR pchBuffer 9 | 3=DWORD cchBuffer 10 | ParamCount=3 11 | Header=cryptography.h.api; 12 | @=GetFriendlyNameOfCert 13 | [CertModifyCertificatesToTrust] 14 | 1=int cCerts 15 | 2=PCTL_MODIFY_REQUEST rgCerts 16 | 3=LPCSTR szPurpose 17 | 4=HWND hwnd 18 | 5=HCERTSTORE hcertstoreTrust 19 | 6=PCCERT_CONTEXT pccertSigner 20 | ParamCount=6 21 | Header=cryptography.h.api;windows.h.api; 22 | @=CertModifyCertificatesToTrust 23 | -------------------------------------------------------------------------------- /apis_def/headers/ndfapi.h.api: -------------------------------------------------------------------------------- 1 | [ATTRIBUTE_TYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=AT_INVALID 5 | Value1=0 6 | Const2=AT_BOOLEAN 7 | Value2=1 8 | Const3=AT_INT8 9 | Value3=2 10 | Const4=AT_UINT8 11 | Value4=3 12 | Const5=AT_INT16 13 | Value5=4 14 | Const6=AT_UINT16 15 | Value6=5 16 | Const7=AT_INT32 17 | Value7=6 18 | Const8=AT_UINT32 19 | Value8=7 20 | Const9=AT_INT64 21 | Value9=8 22 | Const10=AT_UINT64 23 | Value10=9 24 | Const11=AT_STRING 25 | Value11=10 26 | Const12=AT_GUID 27 | Value12=11 28 | Const13=AT_LIFE_TIME 29 | Value13=12 30 | Const14=AT_SOCKADDR 31 | Value14=13 32 | Const15=AT_OCTET_STRING 33 | Value15=14 34 | -------------------------------------------------------------------------------- /apis_def/cscapi.api: -------------------------------------------------------------------------------- 1 | [CscSearchApiGetInterface] 2 | 1=ULONG Version 3 | 2=ULONG Cookie 4 | 3=CCscSearchApiInterface** Interface 5 | ParamCount=3 6 | @=CscSearchApiGetInterface 7 | [OfflineFilesEnable] 8 | 1=BOOL bEnable 9 | 2=BOOL* pbRebootRequired 10 | ParamCount=2 11 | @=OfflineFilesEnable 12 | [OfflineFilesQueryStatus] 13 | 1=BOOL* pbActive 14 | 2=BOOL* pbEnabled 15 | ParamCount=2 16 | @=OfflineFilesQueryStatus 17 | [OfflineFilesQueryStatusEx] 18 | 1=BOOL* pbActive 19 | 2=BOOL* pbEnabled 20 | 3=BOOL* pbAvailable 21 | ParamCount=3 22 | @=OfflineFilesQueryStatusEx 23 | [OfflineFilesStart] 24 | ParamCount=0 25 | @=OfflineFilesStart 26 | -------------------------------------------------------------------------------- /apis_def/nlsdl.api: -------------------------------------------------------------------------------- 1 | [DownlevelGetParentLocaleLCID] 2 | 1=[LCID] Locale 3 | ParamCount=1 4 | Header=windows.h.api; 5 | @=DownlevelGetParentLocaleLCID 6 | [DownlevelGetParentLocaleName] 7 | 1=[LCID] Locale 8 | 2=LPWSTR lpName 9 | 3=int cchName 10 | ParamCount=3 11 | Header=windows.h.api; 12 | @=DownlevelGetParentLocaleName 13 | [DownlevelLCIDToLocaleName] 14 | 1=[LCID] Locale 15 | 2=LPWSTR lpName 16 | 3=int cchName 17 | 4=DWORD dwFlags 18 | ParamCount=4 19 | Header=windows.h.api; 20 | @=DownlevelLCIDToLocaleName 21 | [DownlevelLocaleNameToLCID] 22 | 1=LPWSTR lpName 23 | 2=DWORD dwFlags 24 | ParamCount=2 25 | @=DownlevelLocaleNameToLCID 26 | -------------------------------------------------------------------------------- /apis_def/headers/rasdlg.h.api: -------------------------------------------------------------------------------- 1 | [RASDDFLAG] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=RASDDFLAG_PositionDlg 6 | Value1=0x00000001 7 | Const2=RASDDFLAG_NoPrompt 8 | Value2=0x00000002 9 | Const3=RASDDFLAG_LinkFailure 10 | Value3=0x80000000 11 | [RASMDFLAG] 12 | TypeDisplay=DWORD 13 | Base=DWORD 14 | Type=Flag 15 | Const1=RASMDFLAG_PositionDlg 16 | Value1=0x00000001 17 | Const2=RASMDFLAG_UpdateDefaults 18 | Value2=0x80000000 19 | [RASMDPAGE] 20 | TypeDisplay=DWORD 21 | Base=DWORD 22 | Type=Enum 23 | Const1=RASMDPAGE_Status 24 | Value1=0 25 | Const2=RASMDPAGE_Summary 26 | Value2=1 27 | Const3=RASMDPAGE_Preferences 28 | Value3=2 29 | -------------------------------------------------------------------------------- /apis_def/schannel.api: -------------------------------------------------------------------------------- 1 | [SslCrackCertificate] 2 | 1=PUCHAR pbCertificate 3 | 2=DWORD dwCertificate 4 | 3=DWORD dwFlags 5 | 4=PX509Certificate* ppCertificate 6 | ParamCount=4 7 | Header= 8 | @=SslCrackCertificate 9 | [SslEmptyCache] 10 | 1=LPSTR pszTargetName 11 | 2=DWORD dwFlags 12 | ParamCount=2 13 | @=SslEmptyCache 14 | [SslFreeCertificate] 15 | 1=PX509Certificate pCertificate 16 | ParamCount=1 17 | Header= 18 | @=SslFreeCertificate 19 | [SslGetServerIdentity] 20 | 1=PBYTE ClientHello 21 | 2=DWORD ClientHelloSize 22 | 3=PBYTE* ServerIdentity 23 | 4=PDWORD ServerIdentitySize 24 | 5=DWORD Flags 25 | ParamCount=5 26 | @=SslGetServerIdentity 27 | -------------------------------------------------------------------------------- /apis_def/rasdlg.api: -------------------------------------------------------------------------------- 1 | [RasDialDlg] 2 | 1=LPTSTR lpszPhonebook 3 | 2=LPTSTR lpszEntry 4 | 3=LPTSTR lpszPhoneNumber 5 | 4=LPRASDIALDLG lpInfo 6 | ParamCount=4 7 | Header=rasdlg.h.api; 8 | @=RasDialDlg 9 | [RasEntryDlg] 10 | 1=LPTSTR lpszPhonebook 11 | 2=LPTSTR lpszEntry 12 | 3=LPRASENTRYDLG lpInfo 13 | ParamCount=3 14 | Header=rasdlg.h.api; 15 | @=RasEntryDlg 16 | [RasMonitorDlg] 17 | 1=LPTSTR lpszDeviceName 18 | 2=LPRASMONITORDLG lpInfo 19 | ParamCount=2 20 | Header=rasdlg.h.api; 21 | @=RasMonitorDlg 22 | [RasPhonebookDlg] 23 | 1=LPTSTR lpszPhonebook 24 | 2=LPTSTR lpszEntry 25 | 3=LPRASPBDLG lpInfo 26 | ParamCount=3 27 | Header=rasdlg.h.api; 28 | @=RasPhonebookDlg 29 | -------------------------------------------------------------------------------- /apis_def/shdocvw.api: -------------------------------------------------------------------------------- 1 | [ShellDDEInit] 2 | 1=BOOL init 3 | ParamCount=1 4 | @=ShellDDEInit 5 | [SoftwareUpdateMessageBox] 6 | 1=HWND hWnd 7 | 2=LPCWSTR pszDistUnit 8 | 3=DWORD dwFlags 9 | 4=LPSOFTDISTINFO psdi 10 | ParamCount=4 11 | Header=url.h.api;windows.h.api; 12 | @=SoftwareUpdateMessageBox 13 | [DoPrivacyDlg] 14 | 1=HWND hwndParent 15 | 2=LPCWSTR pszUrl 16 | 3=IEnumPrivacyRecords* pPrivacyEnum 17 | 4=BOOL fReportAllSites 18 | ParamCount=4 19 | Header=windows.h.api; 20 | @=DoPrivacyDlg 21 | [ImportPrivacySettings] 22 | 1=LPCWSTR szFilename 23 | 2=BOOL* pfParsePrivacyPreferences 24 | 3=BOOL* pfParsePerSiteRules 25 | ParamCount=3 26 | @=ImportPrivacySettings 27 | -------------------------------------------------------------------------------- /apis_def/srclient.api: -------------------------------------------------------------------------------- 1 | [SRRemoveRestorePoint] 2 | 1=DWORD dwRPNum 3 | ParamCount=1 4 | @=SRRemoveRestorePoint 5 | [SRSetRestorePointA] 6 | 1=PRESTOREPOINTINFOA pRestorePtSpec 7 | 2=PSTATEMGRSTATUS pSMgrStatus 8 | ParamCount=2 9 | Header=srclient.h.api; 10 | @=SRSetRestorePointA 11 | [SRSetRestorePointW] 12 | 1=PRESTOREPOINTINFOW pRestorePtSpec 13 | 2=PSTATEMGRSTATUS pSMgrStatus 14 | ParamCount=2 15 | Header=srclient.h.api; 16 | @=SRSetRestorePointW 17 | [SRSetRestorePointInternal] 18 | 1=PRESTOREPOINTINFOW pRestorePtSpec 19 | 2=PSTATEMGRSTATUS pSMgrStatus 20 | 3=BOOL fForceSurrogate 21 | ParamCount=3 22 | Header=srclient.h.api; 23 | @=SRSetRestorePointInternal 24 | -------------------------------------------------------------------------------- /apis_def/davclnt.api: -------------------------------------------------------------------------------- 1 | [DavCancelConnectionsToServer] 2 | 1=LPWSTR lpName 3 | 2=BOOL fForce 4 | ParamCount=2 5 | @=DavCancelConnectionsToServer 6 | [DavGetTheLockOwnerOfTheFile] 7 | 1=LPCWSTR FileName 8 | 2=PWSTR LockOwnerName 9 | 3=PULONG LockOwnerNameLengthInBytes 10 | ParamCount=3 11 | @=DavGetTheLockOwnerOfTheFile 12 | [DavInvalidateCache] 13 | 1=LPWSTR URLName 14 | ParamCount=1 15 | @=DavInvalidateCache 16 | [DavRegisterAuthCallback] 17 | 1=PFNDAVAUTHCALLBACK CallBack 18 | 2=ULONG Version 19 | ParamCount=2 20 | Header= 21 | @=DavRegisterAuthCallback 22 | [DavUnregisterAuthCallback] 23 | 1=OPAQUE_HANDLE hCallback 24 | ParamCount=1 25 | Header= 26 | @=DavUnregisterAuthCallback 27 | -------------------------------------------------------------------------------- /apis_def/headers/icm32.h.api: -------------------------------------------------------------------------------- 1 | [COLORTYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=COLOR_GRAY 5 | Value1=1 6 | Const2=COLOR_RGB 7 | Value2=2 8 | Const3=COLOR_XYZ 9 | Value3=3 10 | Const4=COLOR_Yxy 11 | Value4=4 12 | Const5=COLOR_Lab 13 | Value5=5 14 | Const6=COLOR_3_CHANNEL 15 | Value6=6 16 | Const7=COLOR_CMYK 17 | Value7=7 18 | Const8=COLOR_5_CHANNEL 19 | Value8=8 20 | Const9=COLOR_6_CHANNEL 21 | Value9=9 22 | Const10=COLOR_7_CHANNEL 23 | Value10=10 24 | Const11=COLOR_8_CHANNEL 25 | Value11=11 26 | Const12=COLOR_NAMED 27 | Value12=12 28 | [CMS_DIRECTION] 29 | TypeDisplay=DWORD 30 | Base=DWORD 31 | Type=Enum 32 | Const1=CMS_FORWARD 33 | Value1=0 34 | Const2=CMS_BACKWARD 35 | Value2=1 36 | -------------------------------------------------------------------------------- /apis_def/headers/combase.h.api: -------------------------------------------------------------------------------- 1 | [RO_ERROR_REPORTING_FLAGS] 2 | TypeDisplay=UINT32 3 | Base=UINT32 4 | Type=Flag 5 | Const1=RO_ERROR_REPORTING_NONE 6 | Value1=0x00000000 7 | Const2=RO_ERROR_REPORTING_SUPPRESSEXCEPTIONS 8 | Value2=0x00000001 9 | Const3=RO_ERROR_REPORTING_FORCEEXCEPTIONS 10 | Value3=0x00000002 11 | Const4=RO_ERROR_REPORTING_USESETERRORINFO 12 | Value4=0x00000004 13 | Const5=RO_ERROR_REPORTING_SUPPRESSSETERRORINFO 14 | Value5=0x00000008 15 | [RO_ERROR_REPORTING_FLAGS*] 16 | TypeDisplay=UINT32* 17 | Base=RO_ERROR_REPORTING_FLAGS 18 | [RO_INIT_TYPE] 19 | Base=UINT 20 | Type=Enum 21 | Const1=RO_INIT_SINGLETHREADED 22 | Value1=0 23 | Const2=RO_INIT_MULTITHREADED 24 | Value2=1 25 | -------------------------------------------------------------------------------- /apis_def/url.api: -------------------------------------------------------------------------------- 1 | [InetIsOffline] 2 | 1=DWORD dwFlags 3 | ParamCount=1 4 | @=InetIsOffline 5 | [MIMEAssociationDialog] 6 | 1=HWND hwndParent 7 | 2=DWORD dwInFlags 8 | 3=LPCTSTR pcszFile 9 | 4=LPCTSTR pcszMIMEContentType 10 | 5=LPTSTR pszAppBuf 11 | 6=UINT ucAppBufLen 12 | ParamCount=6 13 | Header=windows.h.api; 14 | @=MIMEAssociationDialog 15 | [TranslateURL] 16 | 1=LPCSTR pcszURL 17 | 2=DWORD dwInFlags 18 | 3=LPSTR* ppszTranslatedURL 19 | ParamCount=3 20 | @=TranslateURL 21 | [URLAssociationDialog] 22 | 1=HWND hwndParent 23 | 2=DWORD dwInFlags 24 | 3=LPCTSTR pcszFile 25 | 4=LPCTSTR pcszURL 26 | 5=LPTSTR pszAppBuf 27 | 6=UINT ucAppBufLen 28 | ParamCount=6 29 | Header=windows.h.api; 30 | @=URLAssociationDialog 31 | -------------------------------------------------------------------------------- /apis_def/cryptnet.api: -------------------------------------------------------------------------------- 1 | [CryptGetObjectUrl] 2 | 1=LPCSTR pszUrlOid 3 | 2=LPVOID pvPara 4 | 3=[CryptGetObjectUrlFlags] dwFlags 5 | 4=PCRYPT_URL_ARRAY pUrlArray 6 | 5=DWORD* pcbUrlArray 7 | 6=PCRYPT_URL_INFO pUrlInfo 8 | 7=DWORD* pcbUrlInfo 9 | 8=LPVOID pvReserved 10 | ParamCount=8 11 | Header=cryptnet.h.api; 12 | @=CryptGetObjectUrl 13 | [CryptRetrieveObjectByUrl] 14 | 1=LPCTSTR pszUrl 15 | 2=LPCSTR pszObjectOid 16 | 3=[CryptRetrievalFlags] dwRetrievalFlags 17 | 4=DWORD dwTimeout 18 | 5=LPVOID* ppvObject 19 | 6=HCRYPTASYNC hAsyncRetrieve 20 | 7=PCRYPT_CREDENTIALS pCredentials 21 | 8=LPVOID pvVerify 22 | 9=PCRYPT_RETRIEVE_AUX_INFO pAuxInfo 23 | ParamCount=9 24 | Header=cryptnet.h.api; 25 | @=CryptRetrieveObjectByUrl 26 | -------------------------------------------------------------------------------- /apis_def/headers/mswsock.h.api: -------------------------------------------------------------------------------- 1 | [SERVICE_ADDRESS_FLAG] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=SERVICE_ADDRESS_FLAG_RPC_CN 6 | Value1=0x00000001 7 | Const2=SERVICE_ADDRESS_FLAG_RPC_DG 8 | Value2=0x00000002 9 | Const3=SERVICE_ADDRESS_FLAG_RPC_NB 10 | Value3=0x00000004 11 | [RIO_CQ] 12 | Base=LPVOID 13 | Type=Enum 14 | Const1=RIO_INVALID_CQ 15 | Value1=0 16 | [RIO_RQ] 17 | Base=LPVOID 18 | Type=Enum 19 | Const1=RIO_INVALID_RQ 20 | Value1=0 21 | [RIO_BUFFERID] 22 | Base=LPVOID 23 | Type=Enum 24 | Const1=RIO_INVALID_BUFFERID 25 | Value1=0 26 | [RIO_NOTIFICATION_COMPLETION_TYPE] 27 | Base=UINT 28 | Type=Enum 29 | Const1=RIO_EVENT_COMPLETION 30 | Value1=1 31 | Const2=RIO_IOCP_COMPLETION 32 | Value2=2 33 | -------------------------------------------------------------------------------- /apis_def/headers/wcmapi.h.api: -------------------------------------------------------------------------------- 1 | [WCM_PROPERTY] 2 | Base=UINT 3 | Type=Enum 4 | Const1=wcm_global_property_domain_policy 5 | Value1=0 6 | Const2=wcm_global_property_minimize_policy 7 | Value2=1 8 | Const3=wcm_global_property_roaming_policy 9 | Value3=2 10 | Const4=wcm_global_property_powermanagement_policy 11 | Value4=3 12 | Const5=wcm_intf_property_connection_cost 13 | Value5=4 14 | Const6=wcm_intf_property_dataplan_status 15 | Value6=5 16 | Const7=wcm_intf_property_hotspot_profile 17 | Value7=6 18 | [WCM_MEDIA_TYPE] 19 | Base=UINT 20 | Type=Enum 21 | Const1=wcm_media_unknown 22 | Value1=0 23 | Const2=wcm_media_ethernet 24 | Value2=1 25 | Const3=wcm_media_wlan 26 | Value3=2 27 | Const4=wcm_media_mbn 28 | Value4=3 29 | Const5=wcm_media_invalid 30 | Value5=4 31 | -------------------------------------------------------------------------------- /xAnalyzer/plugin.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "pluginmain.h" 4 | 5 | //plugin data 6 | #define PLUGIN_NAME "xAnalyzer" 7 | #define PLUGIN_VERSION 2 8 | #define PLUGIN_VERSION_STR "2.5.6" 9 | 10 | enum 11 | { 12 | MENU_ANALYZE_UNDEF = 1, 13 | MENU_ANALYZE_AUTO, 14 | MENU_ANALYZE_DISASM, 15 | MENU_ANALYZE_EXT, 16 | MENU_ANALYZE_CLEAR_CMTS, 17 | MENU_ANALYZE_CLEAR_ACMTS, 18 | MENU_ANALYZE_CLEAR_LBLS, 19 | MENU_ANALYZE_CLEAR_ALBLS, 20 | MENU_ANALYZE_TRACK_UNDEF, 21 | MENU_ANALYZE_DISASM_FUNCT, 22 | MENU_ANALYZE_DISASM_SELEC, 23 | MENU_REM_ANALYSIS_DISASM_SELEC, 24 | MENU_REM_ANALYSIS_DISASM_FUNCT, 25 | MENU_REM_ANALYSIS_DISASM, 26 | MENU_ABOUT 27 | }; 28 | 29 | //functions 30 | bool pluginInit(PLUG_INITSTRUCT* initStruct); 31 | bool pluginStop(); 32 | void pluginSetup(); 33 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_ASSEMBLER_H 2 | #define _SCRIPTAPI_ASSEMBLER_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Assembler 9 | { 10 | SCRIPT_EXPORT bool Assemble(duint addr, unsigned char* dest, int* size, const char* instruction); //dest[16] 11 | SCRIPT_EXPORT bool AssembleEx(duint addr, unsigned char* dest, int* size, const char* instruction, char* error); //dest[16], error[MAX_ERROR_SIZE] 12 | SCRIPT_EXPORT bool AssembleMem(duint addr, const char* instruction); 13 | SCRIPT_EXPORT bool AssembleMemEx(duint addr, const char* instruction, int* size, char* error, bool fillnop); //error[MAX_ERROR_SIZE] 14 | }; //Assembler 15 | }; //Script 16 | 17 | #endif //_SCRIPTAPI_ASSEMBLER_H -------------------------------------------------------------------------------- /apis_def/gpedit.api: -------------------------------------------------------------------------------- 1 | [BrowseForGPO] 2 | 1=LPGPOBROWSEINFO lpBrowseInfo 3 | ParamCount=1 4 | Header=gpedit.h.api; 5 | @=BrowseForGPO 6 | [CreateGPOLink] 7 | 1=LPOLESTR lpGPO 8 | 2=LPOLESTR lpContainer 9 | 3=BOOL fHighPriority 10 | ParamCount=3 11 | Header=ole.h.api; 12 | @=CreateGPOLink 13 | [DeleteAllGPOLinks] 14 | 1=LPOLESTR lpContainer 15 | ParamCount=1 16 | Header=ole.h.api; 17 | @=DeleteAllGPOLinks 18 | [DeleteGPOLink] 19 | 1=LPOLESTR lpGPO 20 | 2=LPOLESTR lpContainer 21 | ParamCount=2 22 | Header=ole.h.api; 23 | @=DeleteGPOLink 24 | [ExportRSoPData] 25 | 1=LPOLESTR lpNameSpace 26 | 2=LPOLESTR lpFileName 27 | ParamCount=2 28 | Header=ole.h.api; 29 | @=ExportRSoPData 30 | [ImportRSoPData] 31 | 1=LPOLESTR lpNameSpace 32 | 2=LPOLESTR lpFileName 33 | ParamCount=2 34 | Header=ole.h.api; 35 | @=ImportRSoPData 36 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_symbol.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_SYMBOL_H 2 | #define _SCRIPTAPI_SYMBOL_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Symbol 9 | { 10 | enum SymbolType 11 | { 12 | Function, //user-defined function 13 | Import, //IAT entry 14 | Export //export 15 | }; 16 | 17 | struct SymbolInfo 18 | { 19 | char mod[MAX_MODULE_SIZE]; 20 | duint rva; 21 | char name[MAX_LABEL_SIZE]; 22 | bool manual; 23 | SymbolType type; 24 | }; 25 | 26 | SCRIPT_EXPORT bool GetList(ListOf(SymbolInfo) list); //caller has the responsibility to free the list 27 | }; //Symbol 28 | }; //Script 29 | 30 | #endif //_SCRIPTAPI_SYMBOL_H -------------------------------------------------------------------------------- /apis_def/headers/wintrust.h.api: -------------------------------------------------------------------------------- 1 | [WintrustPolicyFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=WTPF_TRUSTTEST 6 | Value1=0x00000020 7 | Const2=WTPF_TESTCANBEVALID 8 | Value2=0x00000080 9 | Const3=WTPF_IGNOREEXPIRATION 10 | Value3=0x00000100 11 | Const4=WTPF_IGNOREREVOKATION 12 | Value4=0x00000200 13 | Const5=WTPF_OFFLINEOK_IND 14 | Value5=0x00000400 15 | Const6=WTPF_OFFLINEOK_COM 16 | Value6=0x00000800 17 | Const7=WTPF_OFFLINEOKNBU_IND 18 | Value7=0x00001000 19 | Const8=WTPF_OFFLINEOKNBU_COM 20 | Value8=0x00002000 21 | Const9=WTPF_VERIFY_V1_OFF 22 | Value9=0x00010000 23 | Const10=WTPF_IGNOREREVOCATIONONTS 24 | Value10=0x00020000 25 | Const11=WTPF_ALLOWONLYPERTRUST 26 | Value11=0x00040000 27 | [WintrustPolicyFlags*] 28 | TypeDisplay=DWORD* 29 | Base=[WintrustPolicyFlags] 30 | Header=wintrust.h.api; 31 | -------------------------------------------------------------------------------- /apis_def/headers/icmui.h.api: -------------------------------------------------------------------------------- 1 | [CMS_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=CMS_DISABLEICM 6 | Value1=1 7 | Const2=CMS_ENABLEPROOFING 8 | Value2=2 9 | Const3=CMS_SETRENDERINTENT 10 | Value3=4 11 | Const4=CMS_SETPROOFINTENT 12 | Value4=8 13 | Const5=CMS_SETMONITORPROFILE 14 | Value5=0x10 15 | Const6=CMS_SETPRINTERPROFILE 16 | Value6=0x20 17 | Const7=CMS_SETTARGETPROFILE 18 | Value7=0x40 19 | Const8=CMS_USEHOOK 20 | Value8=0x80 21 | Const9=CMS_USEAPPLYCALLBACK 22 | Value9=0x100 23 | Const10=CMS_USEDESCRIPTION 24 | Value10=0x200 25 | Const11=CMS_DISABLEINTENT 26 | Value11=0x400 27 | Const12=CMS_DISABLERENDERINTENT 28 | Value12=0x800 29 | Const13=CMS_MONITOROVERFLOW 30 | Value13=0x80000000 31 | Const14=CMS_PRINTEROVERFLOW 32 | Value14=0x40000000 33 | Const15=CMS_TARGETOVERFLOW 34 | Value15=0x20000000 35 | -------------------------------------------------------------------------------- /apis_def/headers/msmapi32.h.api: -------------------------------------------------------------------------------- 1 | [BOOL|ULONG] 2 | TypeDisplay=ULONG 3 | Base=BOOL 4 | [MAPILogonEx_FLAGS] 5 | TypeDisplay=FLAGS 6 | Base=FLAGS 7 | Type=Flag 8 | Const1=MAPI_ALLOW_OTHERS 9 | Value1=0x00000008 10 | Const2=MAPI_BG_SESSION 11 | Value2=0x00200000 12 | Const3=MAPI_EXPLICIT_PROFILE 13 | Value3=0x00000010 14 | Const4=MAPI_EXTENDED 15 | Value4=0x00000020 16 | Const5=MAPI_FORCE_DOWNLOAD 17 | Value5=0x00001000 18 | Const6=MAPI_LOGON_UI 19 | Value6=0x00000001 20 | Const7=MAPI_NEW_SESSION 21 | Value7=0x00000002 22 | Const8=MAPI_NO_MAIL 23 | Value8=0x00008000 24 | Const9=MAPI_NT_SERVICE 25 | Value9=0x00010000 26 | Const10=MAPI_SERVICE_UI_ALWAYS 27 | Value10=0x00002000 28 | Const11=MAPI_TIMEOUT_SHORT 29 | Value11=0x00100000 30 | Const12=MAPI_UNICODE 31 | Value12=0x80000000 32 | Const13=MAPI_USE_DEFAULT 33 | Value13=0x00000040 34 | -------------------------------------------------------------------------------- /apis_def/msimg32.api: -------------------------------------------------------------------------------- 1 | [AlphaBlend] 2 | 1=HDC hdcDest 3 | 2=int xoriginDest 4 | 3=int yoriginDest 5 | 4=int wDest 6 | 5=int hDest 7 | 6=HDC hdcSrc 8 | 7=int xoriginSrc 9 | 8=int yoriginSrc 10 | 9=int wSrc 11 | 10=int hSrc 12 | 11=BLENDFUNCTION ftn 13 | ParamCount=11 14 | Header=gdi.h.api; 15 | @=AlphaBlend 16 | [GradientFill] 17 | 1=HDC hdc 18 | 2=PTRIVERTEX pVertex 19 | 3=ULONG nVertex 20 | 4=PVOID pMesh 21 | 5=ULONG nMesh 22 | 6=[GradientFillMode] ulMode 23 | ParamCount=6 24 | Header=msimg32.h.api;gdi.h.api; 25 | @=GradientFill 26 | [TransparentBlt] 27 | 1=HDC hdcDest 28 | 2=int xoriginDest 29 | 3=int yoriginDest 30 | 4=int wDest 31 | 5=int hDest 32 | 6=HDC hdcSrc 33 | 7=int xoriginSrc 34 | 8=int yoriginSrc 35 | 9=int wSrc 36 | 10=int hSrc 37 | 11=UINT crTransparent 38 | ParamCount=11 39 | Header=gdi.h.api; 40 | @=TransparentBlt 41 | -------------------------------------------------------------------------------- /apis_def/headers/wsdapi.h.api: -------------------------------------------------------------------------------- 1 | [WSDXML_NODE_TYPE] 2 | TypeDisplay=enum 3 | Base=UINT 4 | Type=Enum 5 | Const1=ElementType 6 | Value1=0 7 | Const2=TextType 8 | Value2=1 9 | [WSD_CONFIG_PARAM_TYPE] 10 | Base=UINT 11 | Type=Enum 12 | Const1=WSD_CONFIG_MAX_INBOUND_MESSAGE_SIZE 13 | Value1=1 14 | Const2=WSD_CONFIG_MAX_OUTBOUND_MESSAGE_SIZE 15 | Value2=2 16 | Const3=WSD_SECURITY_SSL_CERT_FOR_CLIENT_AUTH 17 | Value3=3 18 | Const4=WSD_SECURITY_SSL_SERVER_CERT_VALIDATION 19 | Value4=4 20 | Const5=WSD_SECURITY_SSL_CLIENT_CERT_VALIDATION 21 | Value5=5 22 | Const6=WSD_SECURITY_SSL_NEGOTIATE_CLIENT_CERT 23 | Value6=6 24 | Const7=WSD_SECURITY_COMPACTSIG_SIGNING_CERT 25 | Value7=7 26 | Const8=WSD_SECURITY_COMPACTSIG_VALIDATION 27 | Value8=8 28 | Const9=WSD_CONFIG_HOSTING_ADDRESSES 29 | Value9=9 30 | Const10=WSD_CONFIG_DEVICE_ADDRESSES 31 | Value10=10 32 | -------------------------------------------------------------------------------- /apis_def/headers/lz32.h.api: -------------------------------------------------------------------------------- 1 | [OpenFlags] 2 | TypeDisplay=WORD 3 | Base=WORD 4 | Type=Flag 5 | Const1=OF_READ 6 | Value1=0x00000000 7 | Const2=OF_WRITE 8 | Value2=0x00000001 9 | Const3=OF_READWRITE 10 | Value3=0x00000002 11 | Const4=OF_SHARE_COMPAT 12 | Value4=0x00000000 13 | Const5=OF_SHARE_EXCLUSIVE 14 | Value5=0x00000010 15 | Const6=OF_SHARE_DENY_WRITE 16 | Value6=0x00000020 17 | Const7=OF_SHARE_DENY_READ 18 | Value7=0x00000030 19 | Const8=OF_SHARE_DENY_NONE 20 | Value8=0x00000040 21 | Const9=OF_PARSE 22 | Value9=0x00000100 23 | Const10=OF_DELETE 24 | Value10=0x00000200 25 | Const11=OF_VERIFY 26 | Value11=0x00000400 27 | Const12=OF_CANCEL 28 | Value12=0x00000800 29 | Const13=OF_CREATE 30 | Value13=0x00001000 31 | Const14=OF_PROMPT 32 | Value14=0x00002000 33 | Const15=OF_EXIST 34 | Value15=0x00004000 35 | Const16=OF_REOPEN 36 | Value16=0x00008000 37 | -------------------------------------------------------------------------------- /apis_def/wintypes.api: -------------------------------------------------------------------------------- 1 | [RoGetBufferMarshaler] 2 | 1=IMarshal** bufferMarshaler 3 | ParamCount=1 4 | @=RoGetBufferMarshaler 5 | [RoGetMetaDataFile] 6 | 1=HSTRING name 7 | 2=IMetaDataDispenserEx* metaDataDispenser 8 | 3=HSTRING* metaDataFilePath 9 | 4=IMetaDataImport2** metaDataImport 10 | 5=mdTypeDef* typeDefToken 11 | ParamCount=5 12 | Header= 13 | @=RoGetMetaDataFile 14 | [RoParseTypeName] 15 | 1=HSTRING typename 16 | 2=DWORD* partsCount 17 | 3=HSTRING** typeNameParts 18 | ParamCount=3 19 | Header= 20 | @=RoParseTypeName 21 | [RoResolveNamespace] 22 | 1=HSTRING name 23 | 2=HSTRING windowsMetaDataDir 24 | 3=const DWORD packageGraphDirsCount 25 | 4=HSTRING* packageGraphDirs 26 | 5=DWORD* metaDataFilePathsCount 27 | 6=HSTRING** metaDataFilePaths 28 | 7=DWORD* subNamespacesCount 29 | 8=HSTRING** subNamespaces 30 | ParamCount=8 31 | Header= 32 | @=RoResolveNamespace 33 | -------------------------------------------------------------------------------- /xAnalyzer/ini.h: -------------------------------------------------------------------------------- 1 | #ifndef INI_H 2 | #define INI_H 3 | 4 | #include 5 | #include 6 | using namespace std; 7 | 8 | class IniManager 9 | { 10 | public: 11 | IniManager(string szFileName); 12 | 13 | int ReadInteger(char* szSection, char* szKey, int iDefaultValue); 14 | double ReadDouble(char* szSection, char* szKey, float fltDefaultValue); 15 | bool ReadBoolean(char* szSection, char* szKey, bool bolDefaultValue); 16 | string ReadString(char* szSection, char* szKey, const char* szDefaultValue); 17 | 18 | void WriteInteger(char* szSection, char* szKey, int iValue); 19 | void WriteDouble(char* szSection, char* szKey, double fltValue); 20 | void WriteBoolean(char* szSection, char* szKey, bool bolValue); 21 | void WriteString(char* szSection, char* szKey, char* szValue); 22 | private: 23 | string m_szFileName; 24 | }; 25 | 26 | #endif//INI_H -------------------------------------------------------------------------------- /apis_def/storprop.api: -------------------------------------------------------------------------------- 1 | [CdromDisableDigitalPlayback] 2 | 1=HDEVINFO DevInfo 3 | 2=PSP_DEVINFO_DATA DevInfoData 4 | ParamCount=2 5 | Header=windows.h.api; 6 | @=CdromDisableDigitalPlayback 7 | [CdromEnableDigitalPlayback] 8 | 1=HDEVINFO DevInfo 9 | 2=PSP_DEVINFO_DATA DevInfoData 10 | 3=BOOLEAN ForceUnknown 11 | ParamCount=3 12 | Header=windows.h.api; 13 | @=CdromEnableDigitalPlayback 14 | [CdromIsDigitalPlaybackEnabled] 15 | 1=HDEVINFO DevInfo 16 | 2=PSP_DEVINFO_DATA DevInfoData 17 | 3=PBOOLEAN Enabled 18 | ParamCount=3 19 | Header=windows.h.api; 20 | @=CdromIsDigitalPlaybackEnabled 21 | [CdromKnownGoodDigitalPlayback] 22 | 1=HDEVINFO DevInfo 23 | 2=PSP_DEVINFO_DATA DevInfoData 24 | ParamCount=2 25 | Header=windows.h.api; 26 | @=CdromKnownGoodDigitalPlayback 27 | [DvdLauncher] 28 | 1=HWND HWnd 29 | 2=CHAR DriveLetter 30 | ParamCount=2 31 | Header=windows.h.api; 32 | @=DvdLauncher 33 | -------------------------------------------------------------------------------- /apis_def/headers/avifil32.h.api: -------------------------------------------------------------------------------- 1 | [AVISTREAMINFO_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=AVISTREAMINFO_DISABLED 6 | Value1=0x00000001 7 | Const2=AVISTREAMINFO_FORMATCHANGES 8 | Value2=0x00010000 9 | [AVIFILEINFO_FLAGS] 10 | TypeDisplay=DWORD 11 | Base=DWORD 12 | Type=Flag 13 | Const1=AVIFILEINFO_HASINDEX 14 | Value1=0x00000010 15 | Const2=AVIFILEINFO_MUSTUSEINDEX 16 | Value2=0x00000020 17 | Const3=AVIFILEINFO_ISINTERLEAVED 18 | Value3=0x00000100 19 | Const4=AVIFILEINFO_WASCAPTUREFILE 20 | Value4=0x00010000 21 | Const5=AVIFILEINFO_COPYRIGHTED 22 | Value5=0x00020000 23 | [AVIFILECAPS] 24 | TypeDisplay=DWORD 25 | Base=DWORD 26 | Type=Flag 27 | Const1=AVIFILECAPS_CANREAD 28 | Value1=0x00000001 29 | Const2=AVIFILECAPS_CANWRITE 30 | Value2=0x00000002 31 | Const3=AVIFILECAPS_ALLKEYFRAMES 32 | Value3=0x00000010 33 | Const4=AVIFILECAPS_NOCOMPRESSION 34 | Value4=0x00000020 35 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_pattern.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_PATTERN_H 2 | #define _SCRIPTAPI_PATTERN_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Pattern 9 | { 10 | SCRIPT_EXPORT duint Find(unsigned char* data, duint datasize, const char* pattern); 11 | SCRIPT_EXPORT duint FindMem(duint start, duint size, const char* pattern); 12 | SCRIPT_EXPORT void Write(unsigned char* data, duint datasize, const char* pattern); 13 | SCRIPT_EXPORT void WriteMem(duint start, duint size, const char* pattern); 14 | SCRIPT_EXPORT bool SearchAndReplace(unsigned char* data, duint datasize, const char* searchpattern, const char* replacepattern); 15 | SCRIPT_EXPORT bool SearchAndReplaceMem(duint start, duint size, const char* searchpattern, const char* replacepattern); 16 | }; 17 | }; 18 | 19 | #endif //_SCRIPTAPI_FIND_H -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/lz4/lz4file.h: -------------------------------------------------------------------------------- 1 | #ifndef _LZ4FILE_H 2 | #define _LZ4FILE_H 3 | 4 | typedef enum _LZ4_STATUS 5 | { 6 | LZ4_SUCCESS, 7 | LZ4_FAILED_OPEN_INPUT, 8 | LZ4_FAILED_OPEN_OUTPUT, 9 | LZ4_NOT_ENOUGH_MEMORY, 10 | LZ4_INVALID_ARCHIVE, 11 | LZ4_CORRUPTED_ARCHIVE 12 | } LZ4_STATUS; 13 | 14 | #if defined (__cplusplus) 15 | extern "C" 16 | { 17 | #endif 18 | 19 | __declspec(dllimport) LZ4_STATUS LZ4_compress_file(const char* input_filename, const char* output_filename); 20 | __declspec(dllimport) LZ4_STATUS LZ4_compress_fileW(const wchar_t* input_filename, const wchar_t* output_filename); 21 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_file(const char* input_filename, const char* output_filename); 22 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_fileW(const wchar_t* input_filename, const wchar_t* output_filename); 23 | 24 | #if defined (__cplusplus) 25 | } 26 | #endif 27 | 28 | #endif //_LZ4FILE_H -------------------------------------------------------------------------------- /apis_def/headers/snmp.h.api: -------------------------------------------------------------------------------- 1 | [SNMPAPI] 2 | Base=INT 3 | Type=Enum 4 | Const1=SNMPAPI_NOERROR 5 | Value1=1 6 | Const2=SNMPAPI_ERROR 7 | Value2=0 8 | [ASN_TYPE] 9 | TypeDisplay=BYTE 10 | Base=BYTE 11 | Type=Enum 12 | Const1=ASN_INTEGER 13 | Value1=0x02 14 | Const2=ASN_BITS 15 | Value2=0x03 16 | Const3=ASN_OCTETSTRING 17 | Value3=0x04 18 | Const4=ASN_NULL 19 | Value4=0x05 20 | Const5=ASN_OBJECTIDENTIFIER 21 | Value5=0x06 22 | Const6=ASN_SEQUENCE 23 | Value6=0x30 24 | Const7=ASN_IPADDRESS 25 | Value7=0x40 26 | Const8=ASN_COUNTER32 27 | Value8=0x41 28 | Const9=ASN_GAUGE32 29 | Value9=0x42 30 | Const10=ASN_TIMETICKS 31 | Value10=0x43 32 | Const11=ASN_OPAQUE 33 | Value11=0x44 34 | Const12=ASN_COUNTER64 35 | Value12=0x46 36 | Const13=ASN_UINTEGER32 37 | Value13=0x47 38 | Const14=SNMP_EXCEPTION_NOSUCHOBJECT 39 | Value14=0x80 40 | Const15=SNMP_EXCEPTION_NOSUCHINSTANCE 41 | Value15=0x81 42 | Const16=SNMP_EXCEPTION_ENDOFMIBVIEW 43 | Value16=0x82 44 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/DeviceNameResolver/DeviceNameResolver.h: -------------------------------------------------------------------------------- 1 | #ifndef _DEVICENAMERESOLVER_H 2 | #define _DEVICENAMERESOLVER_H 3 | 4 | #include 5 | 6 | #ifdef __cplusplus 7 | extern "C" 8 | { 9 | #endif 10 | 11 | __declspec(dllexport) bool DevicePathToPathW(const wchar_t* szDevicePath, wchar_t* szPath, size_t nSizeInChars); 12 | __declspec(dllexport) bool DevicePathToPathA(const char* szDevicePath, char* szPath, size_t nSizeInChars); 13 | __declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDevicePath, size_t nSizeInChars); 14 | __declspec(dllexport) bool DevicePathFromFileHandleA(HANDLE hFile, char* szDevicePath, size_t nSizeInChars); 15 | __declspec(dllexport) bool PathFromFileHandleW(HANDLE hFile, wchar_t* szPath, size_t nSizeInChars); 16 | __declspec(dllexport) bool PathFromFileHandleA(HANDLE hFile, char* szPath, size_t nSizeInChars); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif // _DEVICENAMERESOLVER_H 23 | -------------------------------------------------------------------------------- /apis_def/headers/userenv.h.api: -------------------------------------------------------------------------------- 1 | [GPO_LINK] 2 | Base=UINT 3 | Type=Enum 4 | Const1=GPLinkUnknown 5 | Value1=0 6 | Const2=GPLinkMachine 7 | Value2=1 8 | Const3=GPLinkSite 9 | Value3=2 10 | Const4=GPLinkDomain 11 | Value4=3 12 | Const5=GPLinkOrganizationalUnit 13 | Value5=4 14 | [GPO_FLAG] 15 | TypeDisplay=DWORD 16 | Base=DWORD 17 | Type=Flag 18 | Const1=GPO_FLAG_DISABLE 19 | Value1=0x00000001 20 | Const2=GPO_FLAG_FORCE 21 | Value2=0x00000002 22 | [SETTINGSTATUS] 23 | Base=UINT 24 | Type=Enum 25 | Const1=RSOPUnspecified 26 | Value1=0 27 | Const2=RSOPApplied 28 | Value2=1 29 | Const3=RSOPIgnored 30 | Value3=2 31 | Const4=RSOPFailed 32 | Value4=3 33 | Const5=RSOPSubsettingFailed 34 | Value5=4 35 | [ProfileType] 36 | Base=DWORD 37 | Type=Flag 38 | Const1=PT_TEMPORARY 39 | Value1=0x00000001 40 | Const2=PT_ROAMING 41 | Value2=0x00000002 42 | Const3=PT_MANDATORY 43 | Value3=0x00000004 44 | [ProfileType*] 45 | TypeDisplay=DWORD* 46 | Base=[ProfileType] 47 | Header=userenv.h.api; 48 | -------------------------------------------------------------------------------- /apis_def/wcmapi.api: -------------------------------------------------------------------------------- 1 | [WcmFreeMemory] 2 | 1=PVOID pMemory 3 | ParamCount=1 4 | @=WcmFreeMemory 5 | [WcmGetProfileList] 6 | 1=PVOID pReserved 7 | 2=PWCM_PROFILE_INFO_LIST* ppProfileList 8 | ParamCount=2 9 | Header=wcmapi.h.api; 10 | @=WcmGetProfileList 11 | [WcmQueryProperty] 12 | 1=GUID* pInterface 13 | 2=LPCWSTR strProfileName 14 | 3=[WCM_PROPERTY] Property 15 | 4=PVOID pReserved 16 | 5=PDWORD pdwDataSize 17 | 6=PBYTE* ppData 18 | ParamCount=6 19 | Header=wcmapi.h.api;windows.h.api; 20 | @=WcmQueryProperty 21 | [WcmSetProfileList] 22 | 1=WCM_PROFILE_INFO_LIST* pProfileList 23 | 2=DWORD dwPosition 24 | 3=BOOL fIgnoreUnknownProfiles 25 | 4=PVOID pReserved 26 | ParamCount=4 27 | Header=wcmapi.h.api; 28 | @=WcmSetProfileList 29 | [WcmSetProperty] 30 | 1=GUID* pInterface 31 | 2=LPCWSTR strProfileName 32 | 3=[WCM_PROPERTY] Property 33 | 4=PVOID pReserved 34 | 5=DWORD dwDataSize 35 | 6=const BYTE* pbData 36 | ParamCount=6 37 | Header=wcmapi.h.api;windows.h.api; 38 | @=WcmSetProperty 39 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_bookmark.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_BOOKMARK_H 2 | #define _SCRIPTAPI_BOOKMARK_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Bookmark 9 | { 10 | struct BookmarkInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | bool manual; 15 | }; 16 | 17 | SCRIPT_EXPORT bool Set(duint addr, bool manual = false); 18 | SCRIPT_EXPORT bool Set(const BookmarkInfo* info); 19 | SCRIPT_EXPORT bool Get(duint addr); 20 | SCRIPT_EXPORT bool GetInfo(duint addr, BookmarkInfo* info); 21 | SCRIPT_EXPORT bool Delete(duint addr); 22 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 23 | SCRIPT_EXPORT void Clear(); 24 | SCRIPT_EXPORT bool GetList(ListOf(BookmarkInfo) list); //caller has the responsibility to free the list 25 | }; //Bookmark 26 | }; //Script 27 | 28 | #endif //_SCRIPTAPI_BOOKMARK_H -------------------------------------------------------------------------------- /apis_def/icmp.api: -------------------------------------------------------------------------------- 1 | [IcmpCloseHandle] 2 | 1=HANDLE IcmpHandle 3 | ParamCount=1 4 | Header=windows.h.api; 5 | @=IcmpCloseHandle 6 | [IcmpCreateFile] 7 | ParamCount=0 8 | @=IcmpCreateFile 9 | [IcmpParseReplies] 10 | 1=LPVOID ReplyBuffer 11 | 2=DWORD ReplySize 12 | ParamCount=2 13 | @=IcmpParseReplies 14 | [IcmpSendEcho] 15 | 1=HANDLE IcmpHandle 16 | 2=IPAddr DestinationAddress 17 | 3=LPVOID RequestData 18 | 4=WORD RequestSize 19 | 5=PIP_OPTION_INFORMATION RequestOptions 20 | 6=LPVOID ReplyBuffer 21 | 7=DWORD ReplySize 22 | 8=DWORD Timeout 23 | ParamCount=8 24 | Header=ip.h.api;windows.h.api; 25 | @=IcmpSendEcho 26 | [IcmpSendEcho2] 27 | 1=HANDLE IcmpHandle 28 | 2=HANDLE Event 29 | 3=PIO_APC_ROUTINE ApcRoutine 30 | 4=PVOID ApcContext 31 | 5=IPAddr DestinationAddress 32 | 6=LPVOID RequestData 33 | 7=WORD RequestSize 34 | 8=PIP_OPTION_INFORMATION RequestOptions 35 | 9=LPVOID ReplyBuffer 36 | 10=DWORD ReplySize 37 | 11=DWORD Timeout 38 | ParamCount=11 39 | Header=ip.h.api;windows.h.api; 40 | @=IcmpSendEcho2 41 | -------------------------------------------------------------------------------- /apis_def/mfreadwrite.api: -------------------------------------------------------------------------------- 1 | [MFCreateSinkWriterFromMediaSink] 2 | 1=IMFMediaSink* pMediaSink 3 | 2=IMFAttributes* pAttributes 4 | 3=IMFSinkWriter** ppSinkWriter 5 | ParamCount=3 6 | @=MFCreateSinkWriterFromMediaSink 7 | [MFCreateSinkWriterFromURL] 8 | 1=LPCWSTR pwszOutputURL 9 | 2=IMFByteStream* pByteStream 10 | 3=IMFAttributes* pAttributes 11 | 4=IMFSinkWriter** ppSinkWriter 12 | ParamCount=4 13 | @=MFCreateSinkWriterFromURL 14 | [MFCreateSourceReaderFromByteStream] 15 | 1=IMFByteStream* pByteStream 16 | 2=IMFAttributes* pAttributes 17 | 3=IMFSourceReader** ppSourceReader 18 | ParamCount=3 19 | @=MFCreateSourceReaderFromByteStream 20 | [MFCreateSourceReaderFromMediaSource] 21 | 1=IMFMediaSource* pMediaSource 22 | 2=IMFAttributes* pAttributes 23 | 3=IMFSourceReader** ppSourceReader 24 | ParamCount=3 25 | @=MFCreateSourceReaderFromMediaSource 26 | [MFCreateSourceReaderFromURL] 27 | 1=LPCWSTR pwszURL 28 | 2=IMFAttributes* pAttributes 29 | 3=IMFSourceReader** ppSourceReader 30 | ParamCount=3 31 | @=MFCreateSourceReaderFromURL 32 | -------------------------------------------------------------------------------- /apis_def/headers/input.h.api: -------------------------------------------------------------------------------- 1 | [LOTP_TYPE] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=LOTP_INPUTPROCESSOR 6 | Value1=1 7 | Const2=LOTP_KEYBOARDLAYOUT 8 | Value2=2 9 | [LAYOUTORTIP_Flags] 10 | TypeDisplay=DWORD 11 | Base=DWORD 12 | Type=Flag 13 | Const1=LOT_DEFAULT 14 | Value1=0x0001 15 | Const2=LOT_DISABLED 16 | Value2=0x0002 17 | [IlotFlags] 18 | TypeDisplay=DWORD 19 | Base=DWORD 20 | Type=Flag 21 | Const1=ILOT_UNINSTALL 22 | Value1=0x00000001 23 | Const2=ILOT_DEFPROFILE 24 | Value2=0x00000002 25 | Const3=ILOT_DEFUSER4 26 | Value3=0x00000004 27 | Const4=ILOT_SYSLOCALE 28 | Value4=0x00000008 29 | Const5=ILOT_NOLOCALETOENUMERATE 30 | Value5=0x00000010 31 | Const6=ILOT_NOAPPLYTOCURRENTSESSION 32 | Value6=0x00000020 33 | Const7=ILOT_CLEANINSTALL 34 | Value7=0x00000040 35 | Const8=ILOT_DISABLED 36 | Value8=0x00000080 37 | [SdlotFlags] 38 | TypeDisplay=DWORD 39 | Base=DWORD 40 | Type=Flag 41 | Const1=SDLOT_NOAPPLYTOCURRENTSESSION 42 | Value1=0x00000001 43 | Const2=SDLOT_APPLYTOCURRENTTHREAD 44 | Value2=0x00000002 45 | -------------------------------------------------------------------------------- /apis_def/headers/mscms.h.api: -------------------------------------------------------------------------------- 1 | [COLORPROFILETYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=CPT_ICC 5 | Value1=0 6 | Const2=CPT_DMP 7 | Value2=1 8 | Const3=CPT_CAMP 9 | Value3=2 10 | Const4=CPT_GMMP 11 | Value4=3 12 | [COLORPROFILESUBTYPE] 13 | Base=UINT 14 | Type=Enum 15 | Const1=CPST_PERCEPTUAL 16 | Value1=0 17 | Const2=CPST_RELATIVE_COLORIMETRIC 18 | Value2=1 19 | Const3=CPST_SATURATION 20 | Value3=2 21 | Const4=CPST_ABSOLUTE_COLORIMETRIC 22 | Value4=3 23 | Const5=CPST_NONE 24 | Value5=4 25 | Const6=CPST_RGB_WORKING_SPACE 26 | Value6=5 27 | Const7=CPST_CUSTOM_WORKING_SPACE 28 | Value7=6 29 | [PROFILE_TYPE] 30 | TypeDisplay=DWORD 31 | Base=DWORD 32 | Type=Enum 33 | Const1=PROFILE_FILENAME 34 | Value1=1 35 | Const2=PROFILE_MEMBUFFER 36 | Value2=2 37 | [PROFILE_ACCESS] 38 | TypeDisplay=DWORD 39 | Base=DWORD 40 | Type=Enum 41 | Const1=PROFILE_READ 42 | Value1=1 43 | Const2=PROFILE_READWRITE 44 | Value2=2 45 | [WCS_OPEN_PROFILE_FLAG] 46 | TypeDisplay=DWORD 47 | Base=DWORD 48 | Type=Flag 49 | Const1=DONT_USE_EMBEDDED_WCS_PROFILES 50 | Value1=0x00000001 51 | -------------------------------------------------------------------------------- /apis_def/headers/srclient.h.api: -------------------------------------------------------------------------------- 1 | [RESTOREPOINT_EVENT] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Enum 5 | Const1=BEGIN_SYSTEM_CHANGE 6 | Value1=100 7 | Const2=END_SYSTEM_CHANGE 8 | Value2=101 9 | Const3=BEGIN_NESTED_SYSTEM_CHANGE 10 | Value3=102 11 | Const4=END_NESTED_SYSTEM_CHANGE 12 | Value4=103 13 | Const5=BEGIN_NESTED_SYSTEM_CHANGE_NORP 14 | Value5=104 15 | [RESTOREPOINT_TYPE] 16 | TypeDisplay=DWORD 17 | Base=DWORD 18 | Type=Enum 19 | Const1=APPLICATION_INSTALL 20 | Value1=0 21 | Const2=APPLICATION_UNINSTALL 22 | Value2=1 23 | Const3=RESTORE 24 | Value3=6 25 | Const4=CHECKPOINT 26 | Value4=7 27 | Const5=DEVICE_DRIVER_INSTALL 28 | Value5=10 29 | Const6=FIRSTRUN 30 | Value6=11 31 | Const7=MODIFY_SETTINGS 32 | Value7=12 33 | Const8=CANCELLED_OPERATION 34 | Value8=13 35 | Const9=BACKUP_RECOVERY 36 | Value9=14 37 | Const10=BACKUP 38 | Value10=15 39 | Const11=MANUAL_CHECKPOINT 40 | Value11=16 41 | Const12=WINDOWS_UPDATE 42 | Value12=17 43 | Const13=CRITICAL_UPDATE 44 | Value13=18 45 | [StateMgrStatus] 46 | TypeDisplay=DWORD 47 | Base=[ERROR_CODE] 48 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_comment.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_COMMENT_H 2 | #define _SCRIPTAPI_COMMENT_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Comment 9 | { 10 | struct CommentInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | char text[MAX_LABEL_SIZE]; 15 | bool manual; 16 | }; 17 | 18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false); 19 | SCRIPT_EXPORT bool Set(const CommentInfo* info); 20 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_COMMENT_SIZE] 21 | SCRIPT_EXPORT bool GetInfo(duint addr, CommentInfo* info); 22 | SCRIPT_EXPORT bool Delete(duint addr); 23 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 24 | SCRIPT_EXPORT void Clear(); 25 | SCRIPT_EXPORT bool GetList(ListOf(CommentInfo) list); //caller has the responsibility to free the list 26 | }; //Comment 27 | }; //Script 28 | 29 | #endif //_SCRIPTAPI_COMMENT_H -------------------------------------------------------------------------------- /apis_def/normaliz.api: -------------------------------------------------------------------------------- 1 | [IdnToAscii] 2 | 1=[IdnFlags] dwFlags 3 | 2=LPCWSTR lpUnicodeCharStr 4 | 3=int cchUnicodeChar 5 | 4=LPWSTR lpASCIICharStr 6 | 5=int cchASCIIChar 7 | ParamCount=5 8 | Header=normaliz.h.api; 9 | @=IdnToAscii 10 | [IdnToNameprepUnicode] 11 | 1=[IdnFlags] dwFlags 12 | 2=LPCWSTR lpUnicodeCharStr 13 | 3=int cchUnicodeChar 14 | 4=LPWSTR lpNameprepCharStr 15 | 5=int cchNameprepChar 16 | ParamCount=5 17 | Header=normaliz.h.api; 18 | @=IdnToNameprepUnicode 19 | [IdnToUnicode] 20 | 1=[IdnFlags] dwFlags 21 | 2=LPCWSTR lpASCIICharStr 22 | 3=int cchASCIIChar 23 | 4=LPWSTR lpUnicodeCharStr 24 | 5=int cchUnicodeChar 25 | ParamCount=5 26 | Header=normaliz.h.api; 27 | @=IdnToUnicode 28 | [IsNormalizedString] 29 | 1=NORM_FORM NormForm 30 | 2=LPCWSTR lpString 31 | 3=int cwLength 32 | ParamCount=3 33 | Header=normaliz.h.api; 34 | @=IsNormalizedString 35 | [NormalizeString] 36 | 1=NORM_FORM NormForm 37 | 2=LPCWSTR lpSrcString 38 | 3=int cwSrcLength 39 | 4=LPWSTR lpDstString 40 | 5=int cwDstLength 41 | ParamCount=5 42 | Header=normaliz.h.api; 43 | @=NormalizeString 44 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_debug.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_DEBUG_H 2 | #define _SCRIPTAPI_DEBUG_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Debug 9 | { 10 | enum HardwareType 11 | { 12 | HardwareAccess, 13 | HardwareWrite, 14 | HardwareExecute 15 | }; 16 | 17 | SCRIPT_EXPORT void Wait(); 18 | SCRIPT_EXPORT void Run(); 19 | SCRIPT_EXPORT void Pause(); 20 | SCRIPT_EXPORT void Stop(); 21 | SCRIPT_EXPORT void StepIn(); 22 | SCRIPT_EXPORT void StepOver(); 23 | SCRIPT_EXPORT void StepOut(); 24 | SCRIPT_EXPORT bool SetBreakpoint(duint address); 25 | SCRIPT_EXPORT bool DeleteBreakpoint(duint address); 26 | SCRIPT_EXPORT bool DisableBreakpoint(duint address); 27 | SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute); 28 | SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address); 29 | }; //Debug 30 | }; //Script 31 | 32 | #endif //_SCRIPTAPI_DEBUG_H -------------------------------------------------------------------------------- /apis_def/headers/common.h.api: -------------------------------------------------------------------------------- 1 | [HMODULE-PVOID] 2 | TypeDisplay=PVOID 3 | Base=HMODULE 4 | [HMODULE-PVOID*] 5 | TypeDisplay=PVOID* 6 | Base=[HMODULE-PVOID] 7 | [LPVOID|char*] 8 | TypeDisplay=char* 9 | Base=LPVOID 10 | [DLLMAIN_REASON] 11 | TypeDisplay=DWORD 12 | Base=DWORD 13 | Type=Enum 14 | Const1=DLL_PROCESS_ATTACH 15 | Value1=1 16 | Const2=DLL_THREAD_ATTACH 17 | Value2=2 18 | Const3=DLL_THREAD_DETACH 19 | Value3=3 20 | Const4=DLL_PROCESS_DETACH 21 | Value4=0 22 | [DLLVER_PLATFORM] 23 | TypeDisplay=DWORD 24 | Base=DWORD 25 | Type=Enum 26 | Const1=DLLVER_PLATFORM_WINDOWS 27 | Value1=0x00000001 28 | Const2=DLLVER_PLATFORM_NT 29 | Value2=0x00000002 30 | [CPL_MSG] 31 | Base=UINT 32 | Type=Enum 33 | Const1=CPL_INIT 34 | Value1=1 35 | Const2=CPL_GETCOUNT 36 | Value2=2 37 | Const3=CPL_INQUIRE 38 | Value3=3 39 | Const4=CPL_SELECT 40 | Value4=4 41 | Const5=CPL_DBLCLK 42 | Value5=5 43 | Const6=CPL_STOP 44 | Value6=6 45 | Const7=CPL_EXIT 46 | Value7=7 47 | Const8=CPL_NEWINQUIRE 48 | Value8=8 49 | Const9=CPL_STARTWPARMSA 50 | Value9=9 51 | Const10=CPL_STARTWPARMSW 52 | Value10=10 53 | Const11=CPL_SETUP 54 | Value11=200 55 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_label.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_LABEL_H 2 | #define _SCRIPTAPI_LABEL_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Label 9 | { 10 | struct LabelInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | char text[MAX_LABEL_SIZE]; 15 | bool manual; 16 | }; 17 | 18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false); 19 | SCRIPT_EXPORT bool Set(const LabelInfo* info); 20 | SCRIPT_EXPORT bool FromString(const char* label, duint* addr); 21 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_LABEL_SIZE] 22 | SCRIPT_EXPORT bool GetInfo(duint addr, LabelInfo* info); 23 | SCRIPT_EXPORT bool Delete(duint addr); 24 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 25 | SCRIPT_EXPORT void Clear(); 26 | SCRIPT_EXPORT bool GetList(ListOf(LabelInfo) list); //caller has the responsibility to free the list 27 | }; //Label 28 | }; //Script 29 | 30 | #endif //_SCRIPTAPI_LABEL_H -------------------------------------------------------------------------------- /apis_def/headers/winscard.h.api: -------------------------------------------------------------------------------- 1 | [SCARD_STATE] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=SCARD_STATE_UNAWARE 6 | Value1=0x00000000 7 | Const2=SCARD_STATE_IGNORE 8 | Value2=0x00000001 9 | Const3=SCARD_STATE_CHANGED 10 | Value3=0x00000002 11 | Const4=SCARD_STATE_UNKNOWN 12 | Value4=0x00000004 13 | Const5=SCARD_STATE_UNAVAILABLE 14 | Value5=0x00000008 15 | Const6=SCARD_STATE_EMPTY 16 | Value6=0x00000010 17 | Const7=SCARD_STATE_PRESENT 18 | Value7=0x00000020 19 | Const8=SCARD_STATE_ATRMATCH 20 | Value8=0x00000040 21 | Const9=SCARD_STATE_EXCLUSIVE 22 | Value9=0x00000080 23 | Const10=SCARD_STATE_INUSE 24 | Value10=0x00000100 25 | Const11=SCARD_STATE_MUTE 26 | Value11=0x00000200 27 | Const12=SCARD_STATE_UNPOWERED 28 | Value12=0x00000400 29 | [SCardScope] 30 | TypeDisplay=DWORD 31 | Base=DWORD 32 | Type=Enum 33 | Const1=SCARD_SCOPE_USER 34 | Value1=0 35 | Const2=SCARD_SCOPE_TERMINAL 36 | Value2=1 37 | Const3=SCARD_SCOPE_SYSTEM 38 | Value3=2 39 | [SCARD_AUDIT_CHV] 40 | TypeDisplay=DWORD 41 | Base=DWORD 42 | Type=Enum 43 | Const1=SCARD_AUDIT_CHV_FAILURE 44 | Value1=0x0 45 | Const2=SCARD_AUDIT_CHV_SUCCESS 46 | Value2=0x1 47 | -------------------------------------------------------------------------------- /apis_def/comdlg32.api: -------------------------------------------------------------------------------- 1 | [ChooseColor] 2 | 1=LPCHOOSECOLOR lpcc 3 | ParamCount=1 4 | Header=gdi.h.api; 5 | @=ChooseColor 6 | [ChooseFont] 7 | 1=LPCHOOSEFONT lpcf 8 | ParamCount=1 9 | Header=gdi.h.api; 10 | @=ChooseFont 11 | [CommDlgExtendedError] 12 | ParamCount=0 13 | @=CommDlgExtendedError 14 | [FindText] 15 | 1=LPFINDREPLACE lpfr 16 | ParamCount=1 17 | Header=gdi.h.api; 18 | @=FindText 19 | [GetFileTitle] 20 | 1=LPCTSTR lpszFile 21 | 2=LPTSTR lpszTitle 22 | 3=WORD cbBuf 23 | ParamCount=3 24 | @=GetFileTitle 25 | [GetOpenFileName] 26 | 1=LPOPENFILENAME lpofn 27 | ParamCount=1 28 | Header=gdi.h.api; 29 | @=GetOpenFileName 30 | [GetSaveFileName] 31 | 1=LPOPENFILENAME lpofn 32 | ParamCount=1 33 | Header=gdi.h.api; 34 | @=GetSaveFileName 35 | [PageSetupDlg] 36 | 1=LPPAGESETUPDLG lppsd 37 | ParamCount=1 38 | Header=gdi.h.api; 39 | @=PageSetupDlg 40 | [PrintDlg] 41 | 1=LPPRINTDLG lppd 42 | ParamCount=1 43 | Header=gdi.h.api; 44 | @=PrintDlg 45 | [PrintDlgEx] 46 | 1=LPPRINTDLGEX lppd 47 | ParamCount=1 48 | Header=gdi.h.api; 49 | @=PrintDlgEx 50 | [ReplaceText] 51 | 1=LPFINDREPLACE lpfr 52 | ParamCount=1 53 | Header=gdi.h.api; 54 | @=ReplaceText 55 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 ThunderCls 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /apis_def/dsprop.api: -------------------------------------------------------------------------------- 1 | [ADsPropCheckIfWritable] 2 | 1=const PWSTR pwzAttr 3 | 2=PADS_ATTR_INFO pWritableAttrs 4 | ParamCount=2 5 | Header=dsprop.h.api; 6 | @=ADsPropCheckIfWritable 7 | [ADsPropCreateNotifyObj] 8 | 1=LPDATAOBJECT pAppThdDataObj 9 | 2=PWSTR pwzADsObjName 10 | 3=HWND* phNotifyObj 11 | ParamCount=3 12 | Header=ole.h.api;windows.h.api; 13 | @=ADsPropCreateNotifyObj 14 | [ADsPropGetInitInfo] 15 | 1=HWND hNotifyObject 16 | 2=PADSPROPINITPARAMS pInitParams 17 | ParamCount=2 18 | Header=dsprop.h.api;windows.h.api; 19 | @=ADsPropGetInitInfo 20 | [ADsPropSendErrorMessage] 21 | 1=HWND hNotifyObject 22 | 2=PADSPROPERROR pError 23 | ParamCount=2 24 | Header=dsprop.h.api;windows.h.api; 25 | @=ADsPropSendErrorMessage 26 | [ADsPropSetHwnd] 27 | 1=HWND hNotifyObject 28 | 2=HWND hPage 29 | ParamCount=2 30 | Header=windows.h.api; 31 | @=ADsPropSetHwnd 32 | [ADsPropSetHwndWithTitle] 33 | 1=HWND hNotifyObject 34 | 2=HWND hPage 35 | 3=PTSTR ptzTitle 36 | ParamCount=3 37 | Header=windows.h.api; 38 | @=ADsPropSetHwndWithTitle 39 | [ADsPropShowErrorDialog] 40 | 1=HWND hNotifyObject 41 | 2=HWND hPage 42 | ParamCount=2 43 | Header=windows.h.api; 44 | @=ADsPropShowErrorDialog 45 | -------------------------------------------------------------------------------- /apis_def/headers/credui.h.api: -------------------------------------------------------------------------------- 1 | [CredUIFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=CREDUI_FLAGS_INCORRECT_PASSWORD 6 | Value1=0x00001 7 | Const2=CREDUI_FLAGS_DO_NOT_PERSIST 8 | Value2=0x00002 9 | Const3=CREDUI_FLAGS_REQUEST_ADMINISTRATOR 10 | Value3=0x00004 11 | Const4=CREDUI_FLAGS_EXCLUDE_CERTIFICATES 12 | Value4=0x00008 13 | Const5=CREDUI_FLAGS_REQUIRE_CERTIFICATE 14 | Value5=0x00010 15 | Const6=CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX 16 | Value6=0x00040 17 | Const7=CREDUI_FLAGS_ALWAYS_SHOW_UI 18 | Value7=0x00080 19 | Const8=CREDUI_FLAGS_REQUIRE_SMARTCARD 20 | Value8=0x00100 21 | Const9=CREDUI_FLAGS_PASSWORD_ONLY_OK 22 | Value9=0x00200 23 | Const10=CREDUI_FLAGS_VALIDATE_USERNAME 24 | Value10=0x00400 25 | Const11=CREDUI_FLAGS_COMPLETE_USERNAME 26 | Value11=0x00800 27 | Const12=CREDUI_FLAGS_PERSIST 28 | Value12=0x01000 29 | Const13=CREDUI_FLAGS_SERVER_CREDENTIAL 30 | Value13=0x04000 31 | Const14=CREDUI_FLAGS_EXPECT_CONFIRMATION 32 | Value14=0x20000 33 | Const15=CREDUI_FLAGS_GENERIC_CREDENTIALS 34 | Value15=0x40000 35 | Const16=CREDUI_FLAGS_USERNAME_TARGET_CREDENTIALS 36 | Value16=0x80000 37 | Const17=CREDUI_FLAGS_KEEP_USERNAME 38 | Value17=0x100000 39 | -------------------------------------------------------------------------------- /apis_def/dhcpcsvc6.api: -------------------------------------------------------------------------------- 1 | [Dhcpv6CApiCleanup] 2 | ParamCount=0 3 | @=Dhcpv6CApiCleanup 4 | [Dhcpv6CApiInitialize] 5 | 1=LPDWORD Version 6 | ParamCount=1 7 | @=Dhcpv6CApiInitialize 8 | [Dhcpv6RequestParams] 9 | 1=BOOL forceNewInform 10 | 2=LPVOID reserved 11 | 3=LPWSTR adapterName 12 | 4=LPDHCPV6CAPI_CLASSID classId 13 | 5=DHCPV6CAPI_PARAMS_ARRAY recdParams 14 | 6=LPBYTE buffer 15 | 7=LPDWORD pSize 16 | ParamCount=7 17 | Header=dhcpcsvc6.h.api; 18 | @=Dhcpv6RequestParams 19 | [Dhcpv6ReleasePrefix] 20 | 1=LPWSTR adapterName 21 | 2=LPDHCPV6CAPI_CLASSID classId 22 | 3=LPDHCPV6PrefixLeaseInformation prefixleaseInfo 23 | ParamCount=3 24 | Header=dhcpcsvc6.h.api; 25 | @=Dhcpv6ReleasePrefix 26 | [Dhcpv6RenewPrefix] 27 | 1=LPWSTR adapterName 28 | 2=LPDHCPV6CAPI_CLASSID classId 29 | 3=LPDHCPV6PrefixLeaseInformation prefixleaseInfo 30 | 4=DWORD pdwTimeToWait 31 | 5=DWORD bValidatePrefix 32 | ParamCount=5 33 | Header=dhcpcsvc6.h.api; 34 | @=Dhcpv6RenewPrefix 35 | [Dhcpv6RequestPrefix] 36 | 1=LPWSTR adapterName 37 | 2=LPDHCPV6CAPI_CLASSID classId 38 | 3=LPDHCPV6PrefixLeaseInformation prefixleaseInfo 39 | 4=DWORD pdwTimeToWait 40 | ParamCount=4 41 | Header=dhcpcsvc6.h.api; 42 | @=Dhcpv6RequestPrefix 43 | -------------------------------------------------------------------------------- /xAnalyzer/Utf8Ini/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Duncan Ogilvie 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /apis_def/wdsmc.api: -------------------------------------------------------------------------------- 1 | [WdsTransportServerAllocateBuffer] 2 | 1=HANDLE hProvider 3 | 2=ULONG ulBufferSize 4 | ParamCount=2 5 | Header=windows.h.api; 6 | @=WdsTransportServerAllocateBuffer 7 | [WdsTransportServerCompleteRead] 8 | 1=HANDLE hProvider 9 | 2=ULONG ulBytesRead 10 | 3=PVOID pvUserData 11 | 4=HRESULT hReadResult 12 | ParamCount=4 13 | Header=windows.h.api; 14 | @=WdsTransportServerCompleteRead 15 | [WdsTransportServerFreeBuffer] 16 | 1=HANDLE hProvider 17 | 2=PVOID pvBuffer 18 | ParamCount=2 19 | Header=windows.h.api; 20 | @=WdsTransportServerFreeBuffer 21 | [WdsTransportServerRegisterCallback] 22 | 1=HANDLE hProvider 23 | 2=[TRANSPORTPROVIDER_CALLBACK_ID] CallbackId 24 | 3=PVOID pfnCallback 25 | ParamCount=3 26 | Header=wdsmc.h.api;windows.h.api; 27 | @=WdsTransportServerRegisterCallback 28 | [WdsTransportServerTrace] 29 | 1=HANDLE hProvider 30 | 2=[WDS_MC_SEVERITY] Severity 31 | 3=LPCWSTR pwszFormat 32 | ParamCount=3 33 | Header=wdsmc.h.api;windows.h.api; 34 | @=WdsTransportServerTrace 35 | [WdsTransportServerTraceV] 36 | 1=HANDLE hProvider 37 | 2=[WDS_MC_SEVERITY] Severity 38 | 3=LPCWSTR pwszFormat 39 | 4=va_list Params 40 | ParamCount=4 41 | Header=wdsmc.h.api;windows.h.api; 42 | @=WdsTransportServerTraceV 43 | -------------------------------------------------------------------------------- /apis_def/headers/wdsmc.h.api: -------------------------------------------------------------------------------- 1 | [TRANSPORTPROVIDER_CALLBACK_ID] 2 | Base=UINT 3 | Type=Enum 4 | Const1=WDS_TRANSPORTPROVIDER_CREATE_INSTANCE 5 | Value1=0 6 | Const2=WDS_TRANSPORTPROVIDER_COMPARE_CONTENT 7 | Value2=1 8 | Const3=WDS_TRANSPORTPROVIDER_OPEN_CONTENT 9 | Value3=2 10 | Const4=WDS_TRANSPORTPROVIDER_USER_ACCESS_CHECK 11 | Value4=3 12 | Const5=WDS_TRANSPORTPROVIDER_GET_CONTENT_SIZE 13 | Value5=4 14 | Const6=WDS_TRANSPORTPROVIDER_READ_CONTENT 15 | Value6=5 16 | Const7=WDS_TRANSPORTPROVIDER_CLOSE_CONTENT 17 | Value7=6 18 | Const8=WDS_TRANSPORTPROVIDER_CLOSE_INSTANCE 19 | Value8=7 20 | Const9=WDS_TRANSPORTPROVIDER_SHUTDOWN 21 | Value9=8 22 | Const10=WDS_TRANSPORTPROVIDER_DUMP_STATE 23 | Value10=9 24 | Const11=WDS_TRANSPORTPROVIDER_REFRESH_SETTINGS 25 | Value11=10 26 | Const12=WDS_TRANSPORTPROVIDER_GET_CONTENT_METADATA 27 | Value12=11 28 | Const13=WDS_TRANSPORTPROVIDER_MAX_CALLBACKS 29 | Value13=12 30 | [WDS_MC_SEVERITY] 31 | Base=UINT 32 | Type=Enum 33 | Const1=WDS_MC_TRACE_VERBOSE 34 | Value1=0x00010000 35 | Const2=WDS_MC_TRACE_INFO 36 | Value2=0x00020000 37 | Const3=WDS_MC_TRACE_WARNING 38 | Value3=0x00040000 39 | Const4=WDS_MC_TRACE_ERROR 40 | Value4=0x00080000 41 | Const5=WDS_MC_TRACE_FATAL 42 | Value5=0x00100000 43 | -------------------------------------------------------------------------------- /apis_def/lz32.api: -------------------------------------------------------------------------------- 1 | [GetExpandedName] 2 | 1=LPTSTR lpszSource 3 | 2=LPTSTR lpszBuffer 4 | ParamCount=2 5 | @=GetExpandedName 6 | [LZClose] 7 | 1=INT hFile 8 | ParamCount=1 9 | @=LZClose 10 | [LZCopy] 11 | 1=INT hfSource 12 | 2=INT hfDest 13 | ParamCount=2 14 | @=LZCopy 15 | [LZInit] 16 | 1=INT hfSource 17 | ParamCount=1 18 | @=LZInit 19 | [LZOpenFile] 20 | 1=LPTSTR lpFileName 21 | 2=LPOFSTRUCT lpReOpenBuf 22 | 3=[OpenFlags] wStyle 23 | ParamCount=3 24 | Header=lz32.h.api;windows.h.api; 25 | @=LZOpenFile 26 | [LZRead] 27 | 1=INT hFile 28 | 2=LPBYTE lpBuffer 29 | 3=INT cbRead 30 | ParamCount=3 31 | @=LZRead 32 | [LZSeek] 33 | 1=INT hFile 34 | 2=LONG lOffset 35 | 3=INT iOrigin 36 | ParamCount=3 37 | @=LZSeek 38 | [CopyLZFile] 39 | 1=INT hfSource 40 | 2=INT hfDest 41 | ParamCount=2 42 | @=CopyLZFile 43 | [LZDone] 44 | ParamCount=0 45 | @=LZDone 46 | [LZStart] 47 | ParamCount=0 48 | @=LZStart 49 | [LZCloseFile] 50 | 1=INT hFile 51 | ParamCount=1 52 | @=LZCloseFile 53 | [LZCreateFileW] 54 | 1=[FILE_ACCESS_MASK] dwDesiredAccess 55 | 2=[FILE_SHARE_MODE] dwShareMode 56 | 3=[CreationDisposition] dwCreationDisposition 57 | 4=LPWSTR lpString1 58 | ParamCount=4 59 | Header=kernel32.h.api;native.h.api;windows.h.api; 60 | @=LZCreateFileW 61 | -------------------------------------------------------------------------------- /apis_def/plds4.api: -------------------------------------------------------------------------------- 1 | [PL_NewHashTable] 2 | 1=PRUint32 numBuckets 3 | 2=PLHashFunction keyHash 4 | 3=PLHashComparator keyCompare 5 | 4=PLHashComparator valueCompare 6 | 5=PLHashAllocOps* allocOps 7 | 6=void* allocPriv 8 | ParamCount=6 9 | Header= 10 | @=PL_NewHashTable 11 | [PL_HashTableDestroy] 12 | 1=PLHashTable* ht 13 | ParamCount=1 14 | Header= 15 | @=PL_HashTableDestroy 16 | [PL_HashTableAdd] 17 | 1=PLHashTable* ht 18 | 2=const void* key 19 | 3=void* value 20 | ParamCount=3 21 | Header= 22 | @=PL_HashTableAdd 23 | [PL_HashTableRemove] 24 | 1=PLHashTable* ht 25 | 2=const void* key 26 | ParamCount=2 27 | Header= 28 | @=PL_HashTableRemove 29 | [PL_HashTableLookup] 30 | 1=PLHashTable* ht 31 | 2=const void* key 32 | ParamCount=2 33 | Header= 34 | @=PL_HashTableLookup 35 | [PL_HashTableEnumerateEntries] 36 | 1=PLHashTable* ht 37 | 2=PLHashEnumerator f 38 | 3=void* arg 39 | ParamCount=3 40 | Header= 41 | @=PL_HashTableEnumerateEntries 42 | [PL_HashString] 43 | 1=const void* key 44 | ParamCount=1 45 | @=PL_HashString 46 | [PL_CompareStrings] 47 | 1=const char* v1 48 | 2=const char* v2 49 | ParamCount=2 50 | @=PL_CompareStrings 51 | [PL_CompareValues] 52 | 1=void* v1 53 | 2=const void* v2 54 | ParamCount=2 55 | @=PL_CompareValues 56 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_argument.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_ARGUMENT_H 2 | #define _SCRIPTAPI_ARGUMENT_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Argument 9 | { 10 | struct ArgumentInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rvaStart; 14 | duint rvaEnd; 15 | bool manual; 16 | duint instructioncount; 17 | }; 18 | 19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0); 20 | SCRIPT_EXPORT bool Add(const ArgumentInfo* info); 21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr); 22 | SCRIPT_EXPORT bool GetInfo(duint addr, ArgumentInfo* info); 23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end); 24 | SCRIPT_EXPORT bool Delete(duint address); 25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual = false); 26 | SCRIPT_EXPORT void Clear(); 27 | SCRIPT_EXPORT bool GetList(ListOf(ArgumentInfo) list); //caller has the responsibility to free the list 28 | }; //Argument 29 | }; //Script 30 | 31 | #endif //_SCRIPTAPI_ARGUMENT_H -------------------------------------------------------------------------------- /apis_def/sfc.api: -------------------------------------------------------------------------------- 1 | [SfcIsFileProtected] 2 | 1=HANDLE RpcHandle 3 | 2=LPCWSTR ProtFileName 4 | ParamCount=2 5 | Header=windows.h.api; 6 | @=SfcIsFileProtected 7 | [SfcIsKeyProtected] 8 | 1=[HKEY] hKey 9 | 2=LPCWSTR lpSubKey 10 | 3=[REGSAM] samDesired 11 | ParamCount=3 12 | Header=registry.h.api; 13 | @=SfcIsKeyProtected 14 | [SfcGetNextProtectedFile] 15 | 1=HANDLE RpcHandle 16 | 2=PPROTECTED_FILE_DATA ProtFileData 17 | ParamCount=2 18 | Header=windows.h.api; 19 | @=SfcGetNextProtectedFile 20 | [SfcTerminateWatcherThread] 21 | ParamCount=0 22 | @=SfcTerminateWatcherThread 23 | [SfcFileException] 24 | 1=DWORD dwUnknown0 25 | 2=LPCSTR lpwszFile 26 | 3=DWORD dwUnknown1 27 | ParamCount=3 28 | @=SfcFileException 29 | [SfpVerifyFile] 30 | 1=LPCSTR lpszFileName 31 | 2=LPSTR lpszError 32 | 3=DWORD dwErrSize 33 | ParamCount=3 34 | @=SfpVerifyFile 35 | [SRRemoveRestorePoint] 36 | 1=DWORD dwRPNum 37 | ParamCount=1 38 | @=SRRemoveRestorePoint 39 | [SRSetRestorePointA] 40 | 1=PRESTOREPOINTINFOA pRestorePtSpec 41 | 2=PSTATEMGRSTATUS pSMgrStatus 42 | ParamCount=2 43 | Header=srclient.h.api; 44 | @=SRSetRestorePointA 45 | [SRSetRestorePointW] 46 | 1=PRESTOREPOINTINFOW pRestorePtSpec 47 | 2=PSTATEMGRSTATUS pSMgrStatus 48 | ParamCount=2 49 | Header=srclient.h.api; 50 | @=SRSetRestorePointW 51 | -------------------------------------------------------------------------------- /apis_def/wdsbp.api: -------------------------------------------------------------------------------- 1 | [WdsBpAddOption] 2 | 1=HANDLE hHandle 3 | 2=ULONG uOption 4 | 3=ULONG uValueLen 5 | 4=PVOID pValue 6 | ParamCount=4 7 | Header=windows.h.api; 8 | @=WdsBpAddOption 9 | [WdsBpCloseHandle] 10 | 1=HANDLE hHandle 11 | ParamCount=1 12 | Header=windows.h.api; 13 | @=WdsBpCloseHandle 14 | [WdsBpGetOptionBuffer] 15 | 1=HANDLE hHandle 16 | 2=ULONG uBufferLen 17 | 3=PVOID pBuffer 18 | 4=PULONG puBytes 19 | ParamCount=4 20 | Header=windows.h.api; 21 | @=WdsBpGetOptionBuffer 22 | [WdsBpInitialize] 23 | 1=[WDSBP_PK_TYPE] bPacketType 24 | 2=HANDLE* phHandle 25 | ParamCount=2 26 | Header=wdsbp.h.api;windows.h.api; 27 | @=WdsBpInitialize 28 | [WdsBpParseInitialize] 29 | 1=PVOID pPacket 30 | 2=ULONG uPacketLen 31 | 3=[WDSBP_PK_TYPE] pbPacketType 32 | 4=HANDLE* phHandle 33 | ParamCount=4 34 | Header=wdsbp.h.api;windows.h.api; 35 | @=WdsBpParseInitialize 36 | [WdsBpQueryOption] 37 | 1=HANDLE hHandle 38 | 2=ULONG uOption 39 | 3=ULONG uValueLen 40 | 4=PVOID pValue 41 | 5=PULONG puBytes 42 | ParamCount=5 43 | Header=windows.h.api; 44 | @=WdsBpQueryOption 45 | [WdsBpParseInitializev6] 46 | 1=PVOID pPacket 47 | 2=ULONG uPacketLen 48 | 3=[WDSBP_PK_TYPE] pbPacketType 49 | 4=HANDLE* phHandle 50 | ParamCount=4 51 | Header=wdsbp.h.api;windows.h.api; 52 | @=WdsBpParseInitializev6 53 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | version: 2.5.{build} 2 | skip_tags: true 3 | skip_branch_with_pr: true 4 | image: Visual Studio 2022 5 | configuration: Release 6 | platform: 7 | - x86 8 | - x64 9 | only_commits: 10 | files: 11 | - apis_def/* 12 | - '**/*.h' 13 | - '**/*.cpp' 14 | - '**/*.rc' 15 | - '**/*.vcxproj' 16 | build_script: 17 | - cmd: >- 18 | msbuild.exe xAnalyzer.sln /verbosity:minimal /t:Build /p:Configuration=Release;Platform=Win32 19 | 20 | msbuild.exe xAnalyzer.sln /verbosity:minimal /t:Build /p:Configuration=Release;Platform=x64 21 | artifacts: 22 | - path: bin\x32\xAnalyzer.dp32 23 | name: xAnalyzer.dp32 24 | - path: bin\x64\xAnalyzer.dp64 25 | name: xAnalyzer.dp64 26 | - path: apis_def 27 | name: apis_def 28 | deploy: 29 | - provider: GitHub 30 | tag: $(appveyor_build_version) 31 | release: xAnalyzer x86x64 32 | auth_token: 33 | secure: ej6yAWoBcT7Nqu0HWnOgyUmXssO03/sYwjW5HIYuRi13rll5mVgJO3VzSUEG4wS4 34 | artifact: xAnalyzer.dp32,xAnalyzer.dp64,apis_def 35 | notifications: 36 | - provider: Email 37 | to: 38 | - yunietps@yahoo.com 39 | subject: AppVeyor New Build Notice 40 | message: A new build has been placed in GitHub for xAnalyzer 41 | on_build_success: true 42 | on_build_failure: true 43 | on_build_status_changed: false 44 | -------------------------------------------------------------------------------- /apis_def/headers/odbc32.h.api: -------------------------------------------------------------------------------- 1 | [SQL_DRIVER_COMPLETION] 2 | TypeDisplay=SQLUSMALLINT 3 | Base=SQLUSMALLINT 4 | Type=Enum 5 | Const1=SQL_DRIVER_NOPROMPT 6 | Value1=0 7 | Const2=SQL_DRIVER_COMPLETE 8 | Value2=1 9 | Const3=SQL_DRIVER_PROMPT 10 | Value3=2 11 | Const4=SQL_DRIVER_COMPLETE_REQUIRED 12 | Value4=3 13 | [SQL_ENDTRAN_OPTION] 14 | TypeDisplay=SQLSMALLINT 15 | Base=SQLSMALLINT 16 | Type=Enum 17 | Const1=SQL_COMMIT 18 | Value1=0 19 | Const2=SQL_ROLLBACK 20 | Value2=1 21 | [SQL_FETCH_TYPE] 22 | TypeDisplay=SQLSMALLINT 23 | Base=SQLSMALLINT 24 | Type=Enum 25 | Const1=SQL_FETCH_NEXT 26 | Value1=1 27 | Const2=SQL_FETCH_FIRST 28 | Value2=2 29 | Const3=SQL_FETCH_LAST 30 | Value3=3 31 | Const4=SQL_FETCH_PRIOR 32 | Value4=4 33 | Const5=SQL_FETCH_ABSOLUTE 34 | Value5=5 35 | Const6=SQL_FETCH_RELATIVE 36 | Value6=6 37 | [SQL_HANDLE_TYPE] 38 | TypeDisplay=SQLSMALLINT 39 | Base=SQLSMALLINT 40 | Type=Enum 41 | Const1=SQL_HANDLE_ENV 42 | Value1=1 43 | Const2=SQL_HANDLE_DBC 44 | Value2=2 45 | Const3=SQL_HANDLE_STMT 46 | Value3=3 47 | Const4=SQL_HANDLE_DESC 48 | Value4=4 49 | [SQL_FREESTMT_OPTION] 50 | TypeDisplay=SQLUSMALLINT 51 | Base=SQLUSMALLINT 52 | Type=Enum 53 | Const1=SQL_CLOSE 54 | Value1=0 55 | Const2=SQL_DROP 56 | Value2=1 57 | Const3=SQL_UNBIND 58 | Value3=2 59 | Const4=SQL_RESET_PARAMS 60 | Value4=3 61 | -------------------------------------------------------------------------------- /apis_def/firewallapi.api: -------------------------------------------------------------------------------- 1 | [NetworkIsolationDiagnoseConnectFailureAndGetInfo] 2 | SourceModule=api-ms-win-net-isolation-l1.api 3 | @=NetworkIsolationDiagnoseConnectFailureAndGetInfo 4 | [NetworkIsolationEnumAppContainers] 5 | SourceModule=api-ms-win-net-isolation-l1.api 6 | @=NetworkIsolationEnumAppContainers 7 | [NetworkIsolationEnumerateAppContainerRules] 8 | SourceModule=api-ms-win-net-isolation-l1.api 9 | @=NetworkIsolationEnumerateAppContainerRules 10 | [NetworkIsolationFreeAppContainers] 11 | SourceModule=api-ms-win-net-isolation-l1.api 12 | @=NetworkIsolationFreeAppContainers 13 | [NetworkIsolationGetAppContainerConfig] 14 | SourceModule=api-ms-win-net-isolation-l1.api 15 | @=NetworkIsolationGetAppContainerConfig 16 | [NetworkIsolationRegisterForAppContainerChanges] 17 | SourceModule=api-ms-win-net-isolation-l1.api 18 | @=NetworkIsolationRegisterForAppContainerChanges 19 | [NetworkIsolationSetAppContainerConfig] 20 | SourceModule=api-ms-win-net-isolation-l1.api 21 | @=NetworkIsolationSetAppContainerConfig 22 | [NetworkIsolationSetupAppContainerBinaries] 23 | SourceModule=api-ms-win-net-isolation-l1.api 24 | @=NetworkIsolationSetupAppContainerBinaries 25 | [NetworkIsolationUnregisterForAppContainerChanges] 26 | SourceModule=api-ms-win-net-isolation-l1.api 27 | @=NetworkIsolationUnregisterForAppContainerChanges 28 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_function.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_FUNCTION_H 2 | #define _SCRIPTAPI_FUNCTION_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Function 9 | { 10 | struct FunctionInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rvaStart; 14 | duint rvaEnd; 15 | bool manual; 16 | duint instructioncount; 17 | }; 18 | 19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0); 20 | SCRIPT_EXPORT bool Add(const FunctionInfo* info); 21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr); 22 | SCRIPT_EXPORT bool GetInfo(duint addr, FunctionInfo* info); 23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end); 24 | SCRIPT_EXPORT bool Delete(duint address); 25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual); 26 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 27 | SCRIPT_EXPORT void Clear(); 28 | SCRIPT_EXPORT bool GetList(ListOf(FunctionInfo) list); //caller has the responsibility to free the list 29 | }; //Function 30 | }; //Script 31 | 32 | #endif //_SCRIPTAPI_FUNCTION_H 33 | -------------------------------------------------------------------------------- /apis_def/headers/wdspxe.h.api: -------------------------------------------------------------------------------- 1 | [PXE_ADDR_FLAGS] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Flag 5 | Const1=PXE_ADDR_BROADCAST 6 | Value1=0x0001 7 | Const2=PXE_ADDR_USE_PORT 8 | Value2=0x0002 9 | Const3=PXE_ADDR_USE_ADDR 10 | Value3=0x0004 11 | Const4=PXE_ADDR_USE_DHCP_RULES 12 | Value4=0x0008 13 | [PXE_BOOT_ACTION] 14 | Base=ULONG 15 | Type=Enum 16 | Const1=PXE_BA_NBP 17 | Value1=1 18 | Const2=PXE_BA_CUSTOM 19 | Value2=2 20 | Const3=PXE_BA_IGNORE 21 | Value3=3 22 | Const4=PXE_BA_REJECTED 23 | Value4=4 24 | [PXE_SEVERITY] 25 | Base=ULONG 26 | Type=Enum 27 | Const1=PXE_TRACE_VERBOSE 28 | Value1=0x00010000 29 | Const2=PXE_TRACE_INFO 30 | Value2=0x00020000 31 | Const3=PXE_TRACE_WARNING 32 | Value3=0x00040000 33 | Const4=PXE_TRACE_ERROR 34 | Value4=0x00080000 35 | Const5=PXE_TRACE_FATAL 36 | Value5=0x00100000 37 | [PXE_GSI_TYPE] 38 | Base=ULONG 39 | Type=Enum 40 | Const1=PXE_GSI_TRACE_ENABLED 41 | Value1=1 42 | [PXE_REG_INDEX] 43 | Base=ULONG 44 | Type=Enum 45 | Const1=PXE_REG_INDEX_TOP 46 | Value1=0 47 | Const2=PXE_REG_INDEX_BOTTOM 48 | Value2=0xFFFFFFFF 49 | [PXE_PROVIDER_ATTRIBUTE] 50 | Base=ULONG 51 | Type=Enum 52 | Const1=PXE_PROV_ATTR_FILTER 53 | Value1=0 54 | [PXE_CALLBACK_TYPE] 55 | Base=ULONG 56 | Type=Enum 57 | Const1=PXE_CALLBACK_RECV_REQUEST 58 | Value1=0 59 | Const2=PXE_CALLBACK_SHUTDOWN 60 | Value2=1 61 | Const3=PXE_CALLBACK_SERVICE_CONTROL 62 | Value3=2 63 | -------------------------------------------------------------------------------- /apis_def/headers/usp10.h.api: -------------------------------------------------------------------------------- 1 | [SGCM_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=SGCM_RTL 6 | Value1=0x00000001 7 | [SIC_FLAGS] 8 | TypeDisplay=DWORD 9 | Base=DWORD 10 | Type=Flag 11 | Const1=SIC_COMPLEX 12 | Value1=1 13 | Const2=SIC_ASCIIDIGIT 14 | Value2=2 15 | Const3=SIC_NEUTRAL 16 | Value3=4 17 | [SSA_FLAGS] 18 | TypeDisplay=DWORD 19 | Base=DWORD 20 | Type=Flag 21 | Const1=SSA_PASSWORD 22 | Value1=0x00000001 23 | Const2=SSA_TAB 24 | Value2=0x00000002 25 | Const3=SSA_CLIP 26 | Value3=0x00000004 27 | Const4=SSA_FIT 28 | Value4=0x00000008 29 | Const5=SSA_DZWG 30 | Value5=0x00000010 31 | Const6=SSA_FALLBACK 32 | Value6=0x00000020 33 | Const7=SSA_BREAK 34 | Value7=0x00000040 35 | Const8=SSA_GLYPHS 36 | Value8=0x00000080 37 | Const9=SSA_RTL 38 | Value9=0x00000100 39 | Const10=SSA_GCP 40 | Value10=0x00000200 41 | Const11=SSA_HOTKEY 42 | Value11=0x00000400 43 | Const12=SSA_METAFILE 44 | Value12=0x00000800 45 | Const13=SSA_LINK 46 | Value13=0x00001000 47 | Const14=SSA_HIDEHOTKEY 48 | Value14=0x00002000 49 | Const15=SSA_HOTKEYONLY 50 | Value15=0x00002400 51 | Const16=SSA_FULLMEASURE 52 | Value16=0x04000000 53 | Const17=SSA_LPKANSIFALLBACK 54 | Value17=0x08000000 55 | Const18=SSA_PIDX 56 | Value18=0x10000000 57 | Const19=SSA_LAYOUTRTL 58 | Value19=0x20000000 59 | Const20=SSA_DONTGLYPH 60 | Value20=0x40000000 61 | Const21=SSA_NOKASHIDA 62 | Value21=0x80000000 63 | -------------------------------------------------------------------------------- /apis_def/headers/processes.h.api: -------------------------------------------------------------------------------- 1 | [CreateProcessFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=CREATE_BREAKAWAY_FROM_JOB 6 | Value1=0x01000000 7 | Const2=CREATE_DEFAULT_ERROR_MODE 8 | Value2=0x04000000 9 | Const3=CREATE_NEW_CONSOLE 10 | Value3=0x00000010 11 | Const4=CREATE_NEW_PROCESS_GROUP 12 | Value4=0x00000200 13 | Const5=CREATE_NO_WINDOW 14 | Value5=0x08000000 15 | Const6=CREATE_PROTECTED_PROCESS 16 | Value6=0x00040000 17 | Const7=CREATE_PRESERVE_CODE_AUTHZ_LEVEL 18 | Value7=0x02000000 19 | Const8=CREATE_SEPARATE_WOW_VDM 20 | Value8=0x00000800 21 | Const9=CREATE_SHARED_WOW_VDM 22 | Value9=0x00001000 23 | Const10=CREATE_SUSPENDED 24 | Value10=0x00000004 25 | Const11=CREATE_UNICODE_ENVIRONMENT 26 | Value11=0x00000400 27 | Const12=DEBUG_ONLY_THIS_PROCESS 28 | Value12=0x00000002 29 | Const13=DEBUG_PROCESS 30 | Value13=0x00000001 31 | Const14=DETACHED_PROCESS 32 | Value14=0x00000008 33 | Const15=EXTENDED_STARTUPINFO_PRESENT 34 | Value15=0x00080000 35 | Const16=INHERIT_PARENT_AFFINITY 36 | Value16=0x00010000 37 | Const17=ABOVE_NORMAL_PRIORITY_CLASS 38 | Value17=0x00008000 39 | Const18=BELOW_NORMAL_PRIORITY_CLASS 40 | Value18=0x00004000 41 | Const19=HIGH_PRIORITY_CLASS 42 | Value19=0x00000080 43 | Const20=IDLE_PRIORITY_CLASS 44 | Value20=0x00000040 45 | Const21=NORMAL_PRIORITY_CLASS 46 | Value21=0x00000020 47 | Const22=REALTIME_PRIORITY_CLASS 48 | Value22=0x00000100 49 | -------------------------------------------------------------------------------- /apis_def/headers/slc.h.api: -------------------------------------------------------------------------------- 1 | [SLDATATYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=SL_DATA_NONE 5 | Value1=0 6 | Const2=SL_DATA_SZ 7 | Value2=1 8 | Const3=SL_DATA_DWORD 9 | Value3=4 10 | Const4=SL_DATA_BINARY 11 | Value4=3 12 | Const5=SL_DATA_MULTI_SZ 13 | Value5=7 14 | Const6=SL_DATA_SUM 15 | Value6=100 16 | [SLIDTYPE] 17 | Base=UINT 18 | Type=Enum 19 | Const1=SL_ID_APPLICATION 20 | Value1=0 21 | Const2=SL_ID_PRODUCT_SKU 22 | Value2=1 23 | Const3=SL_ID_LICENSE_FILE 24 | Value3=2 25 | Const4=SL_ID_LICENSE 26 | Value4=3 27 | Const5=SL_ID_PKEY 28 | Value5=4 29 | Const6=SL_ID_ALL_LICENSES 30 | Value6=5 31 | Const7=SL_ID_ALL_LICENSE_FILES 32 | Value7=6 33 | [SLREFERRALTYPE] 34 | Base=UINT 35 | Type=Enum 36 | Const1=SL_REFERRALTYPE_SKUID 37 | Value1=0 38 | Const2=SL_REFERRALTYPE_APPID 39 | Value2=1 40 | Const3=SL_REFERRALTYPE_OVERRIDE_SKUID 41 | Value3=2 42 | Const4=SL_REFERRALTYPE_OVERRIDE_APPID 43 | Value4=3 44 | Const5=SL_REFERRALTYPE_BEST_MATCH 45 | Value5=4 46 | [SLLICENSINGSTATUS] 47 | Base=UINT 48 | Type=Enum 49 | Const1=SL_LICENSING_STATUS_UNLICENSED 50 | Value1=0 51 | Const2=SL_LICENSING_STATUS_LICENSED 52 | Value2=1 53 | Const3=SL_LICENSING_STATUS_IN_GRACE_PERIOD 54 | Value3=2 55 | Const4=SL_LICENSING_STATUS_NOTIFICATION 56 | Value4=3 57 | [SL_ACTIVATION_TYPE] 58 | Base=UINT 59 | Type=Enum 60 | Const1=SL_ACTIVATION_TYPE_DEFAULT 61 | Value1=0 62 | Const2=SL_ACTIVATION_TYPE_ACTIVE_DIRECTORY 63 | Value2=1 64 | -------------------------------------------------------------------------------- /xAnalyzer.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.31101.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "xAnalyzer", "xAnalyzer\xAnalyzer.vcxproj", "{176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|Win32.Build.0 = Debug|Win32 18 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|x64.ActiveCfg = Debug|x64 19 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|x64.Build.0 = Debug|x64 20 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|Win32.ActiveCfg = Release|Win32 21 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|Win32.Build.0 = Release|Win32 22 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|x64.ActiveCfg = Release|x64 23 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_flag.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_FLAG_H 2 | #define _SCRIPTAPI_FLAG_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Flag 9 | { 10 | enum FlagEnum 11 | { 12 | ZF, 13 | OF, 14 | CF, 15 | PF, 16 | SF, 17 | TF, 18 | AF, 19 | DF, 20 | IF 21 | }; 22 | 23 | SCRIPT_EXPORT bool Get(FlagEnum flag); 24 | SCRIPT_EXPORT bool Set(FlagEnum flag, bool value); 25 | 26 | SCRIPT_EXPORT bool GetZF(); 27 | SCRIPT_EXPORT bool SetZF(bool value); 28 | SCRIPT_EXPORT bool GetOF(); 29 | SCRIPT_EXPORT bool SetOF(bool value); 30 | SCRIPT_EXPORT bool GetCF(); 31 | SCRIPT_EXPORT bool SetCF(bool value); 32 | SCRIPT_EXPORT bool GetPF(); 33 | SCRIPT_EXPORT bool SetPF(bool value); 34 | SCRIPT_EXPORT bool GetSF(); 35 | SCRIPT_EXPORT bool SetSF(bool value); 36 | SCRIPT_EXPORT bool GetTF(); 37 | SCRIPT_EXPORT bool SetTF(bool value); 38 | SCRIPT_EXPORT bool GetAF(); 39 | SCRIPT_EXPORT bool SetAF(bool value); 40 | SCRIPT_EXPORT bool GetDF(); 41 | SCRIPT_EXPORT bool SetDF(bool value); 42 | SCRIPT_EXPORT bool GetIF(); 43 | SCRIPT_EXPORT bool SetIF(bool value); 44 | }; 45 | }; 46 | 47 | #endif //_SCRIPTAPI_FLAG_H -------------------------------------------------------------------------------- /apis_def/headers/dsprop.h.api: -------------------------------------------------------------------------------- 1 | [ADSTYPE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=ADSTYPE_INVALID 5 | Value1=0 6 | Const2=ADSTYPE_DN_STRING 7 | Value2=1 8 | Const3=ADSTYPE_CASE_EXACT_STRING 9 | Value3=2 10 | Const4=ADSTYPE_CASE_IGNORE_STRING 11 | Value4=3 12 | Const5=ADSTYPE_PRINTABLE_STRING 13 | Value5=4 14 | Const6=ADSTYPE_NUMERIC_STRING 15 | Value6=5 16 | Const7=ADSTYPE_BOOLEAN 17 | Value7=6 18 | Const8=ADSTYPE_INTEGER 19 | Value8=7 20 | Const9=ADSTYPE_OCTET_STRING 21 | Value9=8 22 | Const10=ADSTYPE_UTC_TIME 23 | Value10=9 24 | Const11=ADSTYPE_LARGE_INTEGER 25 | Value11=10 26 | Const12=ADSTYPE_PROV_SPECIFIC 27 | Value12=11 28 | Const13=ADSTYPE_OBJECT_CLASS 29 | Value13=12 30 | Const14=ADSTYPE_CASEIGNORE_LIST 31 | Value14=13 32 | Const15=ADSTYPE_OCTET_LIST 33 | Value15=14 34 | Const16=ADSTYPE_PATH 35 | Value16=15 36 | Const17=ADSTYPE_POSTALADDRESS 37 | Value17=16 38 | Const18=ADSTYPE_TIMESTAMP 39 | Value18=17 40 | Const19=ADSTYPE_BACKLINK 41 | Value19=18 42 | Const20=ADSTYPE_TYPEDNAME 43 | Value20=19 44 | Const21=ADSTYPE_HOLD 45 | Value21=20 46 | Const22=ADSTYPE_NETADDRESS 47 | Value22=21 48 | Const23=ADSTYPE_REPLICAPOINTER 49 | Value23=22 50 | Const24=ADSTYPE_FAXNUMBER 51 | Value24=23 52 | Const25=ADSTYPE_EMAIL 53 | Value25=24 54 | Const26=ADSTYPE_NT_SECURITY_DESCRIPTOR 55 | Value26=25 56 | Const27=ADSTYPE_UNKNOWN 57 | Value27=26 58 | Const28=ADSTYPE_DN_WITH_BINARY 59 | Value28=27 60 | Const29=ADSTYPE_DN_WITH_STRING 61 | Value29=28 62 | -------------------------------------------------------------------------------- /apis_def/msrating.api: -------------------------------------------------------------------------------- 1 | [RatingAccessDeniedDialog] 2 | 1=HWND hDlg 3 | 2=LPCTSTR pszUsername 4 | 3=LPCTSTR pszContentDescription 5 | 4=VOID* pRatingDetails 6 | ParamCount=4 7 | Header=windows.h.api; 8 | @=RatingAccessDeniedDialog 9 | [RatingAccessDeniedDialog2] 10 | 1=HWND hDlg 11 | 2=LPCSTR pszUsername 12 | 3=VOID* pRatingDetails 13 | ParamCount=3 14 | Header=windows.h.api; 15 | @=RatingAccessDeniedDialog2 16 | [RatingCheckUserAccess] 17 | 1=LPCTSTR pszUsername 18 | 2=LPCTSTR pszURL 19 | 3=LPCTSTR pszRatingInfo 20 | 4=LPBYTE pData 21 | 5=DWORD cbData 22 | 6=VOID** ppRatingDetails 23 | ParamCount=6 24 | @=RatingCheckUserAccess 25 | [RatingEnable] 26 | 1=HWND hwndParent 27 | 2=LPCSTR pszUsername 28 | 3=BOOL fEnable 29 | ParamCount=3 30 | Header=windows.h.api; 31 | @=RatingEnable 32 | [RatingEnabledQuery] 33 | ParamCount=0 34 | @=RatingEnabledQuery 35 | [RatingFreeDetails] 36 | 1=VOID* pRatingDetails 37 | ParamCount=1 38 | @=RatingFreeDetails 39 | [RatingObtainCancel] 40 | 1=HANDLE hRatingObtainQuery 41 | ParamCount=1 42 | Header=windows.h.api; 43 | @=RatingObtainCancel 44 | [RatingObtainQuery] 45 | 1=LPCTSTR pszTargetUrl 46 | 2=DWORD dwUserData 47 | 3=DWORD dwUserData 48 | 4=HRESULT hr 49 | 5=LPCTSTR pszRating 50 | 6=HANDLE* phRatingObtainQuery 51 | ParamCount=6 52 | Header=windows.h.api; 53 | @=RatingObtainQuery 54 | [RatingSetupUI] 55 | 1=HWND hDlg 56 | 2=LPCSTR pszUsername 57 | ParamCount=2 58 | Header=windows.h.api; 59 | @=RatingSetupUI 60 | -------------------------------------------------------------------------------- /apis_def/sisbkup.api: -------------------------------------------------------------------------------- 1 | [SisCreateBackupStructure] 2 | 1=PWCHAR volumeRoot 3 | 2=PVOID* sisBackupStructure 4 | 3=PWCHAR* commonStoreRootPathname 5 | 4=PULONG countOfCommonStoreFilesToBackUp 6 | 5=PWCHAR** commonStoreFilesToBackUp 7 | ParamCount=5 8 | @=SisCreateBackupStructure 9 | [SisCreateRestoreStructure] 10 | 1=PWCHAR volumeRoot 11 | 2=PVOID* sisRestoreStructure 12 | 3=PWCHAR* commonStoreRootPathname 13 | 4=PULONG countOfCommonStoreFilesToRestore 14 | 5=PWCHAR** commonStoreFilesToRestore 15 | ParamCount=5 16 | @=SisCreateRestoreStructure 17 | [SisCSFilesToBackupForLink] 18 | 1=PVOID sisBackupStructure 19 | 2=PVOID reparseData 20 | 3=ULONG reparseDataSize 21 | 4=PVOID thisFileContext 22 | 5=PVOID* matchingFileContext 23 | 6=PULONG countOfCommonStoreFilesToBackUp 24 | 7=PWCHAR** commonStoreFilesToBackUp 25 | ParamCount=7 26 | @=SisCSFilesToBackupForLink 27 | [SisFreeAllocatedMemory] 28 | 1=PVOID allocatedSpace 29 | ParamCount=1 30 | @=SisFreeAllocatedMemory 31 | [SisFreeBackupStructure] 32 | 1=PVOID sisBackupStructure 33 | ParamCount=1 34 | @=SisFreeBackupStructure 35 | [SisFreeRestoreStructure] 36 | 1=PVOID sisRestoreStructure 37 | ParamCount=1 38 | @=SisFreeRestoreStructure 39 | [SisRestoredLink] 40 | 1=PVOID sisRestoreStructure 41 | 2=PWCHAR restoredFileName 42 | 3=PVOID reparseData 43 | 4=ULONG reparseDataSize 44 | 5=PULONG countOfCommonStoreFilesToRestore 45 | 6=PWCHAR** commonStoreFilesToRestore 46 | ParamCount=6 47 | @=SisRestoredLink 48 | -------------------------------------------------------------------------------- /apis_def/dssec.api: -------------------------------------------------------------------------------- 1 | [DSCreateSecurityPage] 2 | 1=LPCWSTR pwszObjectPath 3 | 2=LPCWSTR pwszObjectClass 4 | 3=[DSSI_FLAGS] dwFlags 5 | 4=HPROPSHEETPAGE* phPage 6 | 5=PFNREADOBJECTSECURITY pfnReadSD 7 | 6=PFNWRITEOBJECTSECURITY pfnWriteSD 8 | 7=LPARAM lpContext 9 | ParamCount=7 10 | Header=dssec.h.api;ole.h.api;windows.h.api; 11 | @=DSCreateSecurityPage 12 | [DSCreateISecurityInfoObject] 13 | 1=LPCWSTR pwszObjectClass 14 | 2=[DSSI_FLAGS] dwFlags 15 | 3=LPSECURITYINFO* ppSI 16 | 4=PFNREADOBJECTSECURITY pfnReadSD 17 | 5=PFNWRITEOBJECTSECURITY pfnWriteSD 18 | 6=LPARAM lpContext 19 | ParamCount=6 20 | Header=dssec.h.api;security.h.api;windows.h.api; 21 | @=DSCreateISecurityInfoObject 22 | [DSCreateISecurityInfoObjectEx] 23 | 1=LPCWSTR pwszObjectPath 24 | 2=LPCWSTR pwszObjectClass 25 | 3=LPCWSTR pwszServer 26 | 4=LPCWSTR pwszUserName 27 | 5=LPCWSTR pwszPassword 28 | 6=[DSSI_FLAGS] dwFlags 29 | 7=LPSECURITYINFO* ppSI 30 | 8=PFNREADOBJECTSECURITY pfnReadSD 31 | 9=PFNWRITEOBJECTSECURITY pfnWriteSD 32 | 10=LPARAM lpContext 33 | ParamCount=10 34 | Header=dssec.h.api;security.h.api;windows.h.api; 35 | @=DSCreateISecurityInfoObjectEx 36 | [DSEditSecurity] 37 | 1=HWND hwndOwner 38 | 2=LPCWSTR pwszObjectPath 39 | 3=LPCWSTR pwszObjectClass 40 | 4=[DSSI_FLAGS] dwFlags 41 | 5=LPCWSTR pwszCaption 42 | 6=PFNREADOBJECTSECURITY pfnReadSD 43 | 7=PFNWRITEOBJECTSECURITY pfnWriteSD 44 | 8=LPARAM lpContext 45 | ParamCount=8 46 | Header=dssec.h.api;windows.h.api; 47 | @=DSEditSecurity 48 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/XEDParse/XEDParse.h: -------------------------------------------------------------------------------- 1 | #ifndef _XEDPARSE_H 2 | #define _XEDPARSE_H 3 | 4 | #include 5 | 6 | //XEDParse defines 7 | #ifdef XEDPARSE_BUILD 8 | #define XEDPARSE_EXPORT __declspec(dllexport) 9 | #else 10 | #define XEDPARSE_EXPORT __declspec(dllimport) 11 | #endif //XEDPARSE_BUILD 12 | 13 | #define XEDPARSE_CALL //calling convention 14 | 15 | #define XEDPARSE_MAXBUFSIZE 256 16 | #define XEDPARSE_MAXASMSIZE 16 17 | 18 | //typedefs 19 | typedef bool (XEDPARSE_CALL* CBXEDPARSE_UNKNOWN)(const char* text, ULONGLONG* value); 20 | 21 | //XEDParse enums 22 | enum XEDPARSE_STATUS 23 | { 24 | XEDPARSE_ERROR = 0, 25 | XEDPARSE_OK = 1 26 | }; 27 | 28 | //XEDParse structs 29 | #pragma pack(push,8) 30 | struct XEDPARSE 31 | { 32 | bool x64; // use 64-bit instructions 33 | ULONGLONG cip; //instruction pointer (for relative addressing) 34 | unsigned int dest_size; //destination size (returned by XEDParse) 35 | CBXEDPARSE_UNKNOWN cbUnknown; //unknown operand callback 36 | unsigned char dest[XEDPARSE_MAXASMSIZE]; //destination buffer 37 | char instr[XEDPARSE_MAXBUFSIZE]; //instruction text 38 | char error[XEDPARSE_MAXBUFSIZE]; //error text (in case of an error) 39 | }; 40 | #pragma pack(pop) 41 | 42 | #ifdef __cplusplus 43 | extern "C" 44 | { 45 | #endif 46 | 47 | XEDPARSE_EXPORT XEDPARSE_STATUS XEDPARSE_CALL XEDParseAssemble(XEDPARSE* XEDParse); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif // _XEDPARSE_H 54 | -------------------------------------------------------------------------------- /apis_def/fwpuclnt.api: -------------------------------------------------------------------------------- 1 | [WSADeleteSocketPeerTargetName] 2 | 1=[SOCKET] Socket 3 | 2=struct sockaddr* PeerAddr 4 | 3=ULONG PeerAddrLen 5 | 4=LPWSAOVERLAPPED Overlapped 6 | 5=LPWSAOVERLAPPED_COMPLETION_ROUTINE CompletionRoutine 7 | ParamCount=5 8 | Header=sockets.h.api; 9 | @=WSADeleteSocketPeerTargetName 10 | [WSAImpersonateSocketPeer] 11 | 1=[SOCKET] Socket 12 | 2=sockaddr* PeerAddress 13 | 3=ULONG peerAddressLen 14 | ParamCount=3 15 | Header=sockets.h.api; 16 | @=WSAImpersonateSocketPeer 17 | [WSAQuerySocketSecurity] 18 | 1=[SOCKET] Socket 19 | 2=SOCKET_SECURITY_QUERY_TEMPLATE* SecurityQueryTemplate 20 | 3=ULONG SecurityQueryTemplateLen 21 | 4=SOCKET_SECURITY_QUERY_INFO* SecurityQueryInfo 22 | 5=ULONG* SecurityQueryInfoLen 23 | 6=LPWSAOVERLAPPED Overlapped 24 | 7=LPWSAOVERLAPPED_COMPLETION_ROUTINE CompletionRoutine 25 | ParamCount=7 26 | Header=sockets.h.api; 27 | @=WSAQuerySocketSecurity 28 | [WSARevertImpersonation] 29 | ParamCount=0 30 | @=WSARevertImpersonation 31 | [WSASetSocketPeerTargetName] 32 | 1=[SOCKET] Socket 33 | 2=SOCKET_PEER_TARGET_NAME* PeerTargetName 34 | 3=ULONG PeerTargetNameLen 35 | 4=LPWSAOVERLAPPED Overlapped 36 | 5=LPWSAOVERLAPPED_COMPLETION_ROUTINE CompletionRoutine 37 | ParamCount=5 38 | Header=sockets.h.api; 39 | @=WSASetSocketPeerTargetName 40 | [WSASetSocketSecurity] 41 | 1=[SOCKET] Socket 42 | 2=SOCKET_SECURITY_SETTINGS* SecuritySettings 43 | 3=ULONG SecuritySettingsLen 44 | 4=LPWSAOVERLAPPED Overlapped 45 | 5=LPWSAOVERLAPPED_COMPLETION_ROUTINE CompletionRoutine 46 | ParamCount=5 47 | Header=sockets.h.api; 48 | @=WSASetSocketSecurity 49 | -------------------------------------------------------------------------------- /apis_def/headers/cryptnet.h.api: -------------------------------------------------------------------------------- 1 | [CryptRetrievalFlags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=CRYPT_RETRIEVE_MULTIPLE_OBJECTS 6 | Value1=0x00000001 7 | Const2=CRYPT_CACHE_ONLY_RETRIEVAL 8 | Value2=0x00000002 9 | Const3=CRYPT_WIRE_ONLY_RETRIEVAL 10 | Value3=0x00000004 11 | Const4=CRYPT_DONT_CACHE_RESULT 12 | Value4=0x00000008 13 | Const5=CRYPT_ASYNC_RETRIEVAL 14 | Value5=0x00000010 15 | Const6=CRYPT_STICKY_CACHE_RETRIEVAL 16 | Value6=0x00001000 17 | Const7=CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL 18 | Value7=0x00002000 19 | Const8=CRYPT_OFFLINE_CHECK_RETRIEVAL 20 | Value8=0x00004000 21 | Const9=CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE 22 | Value9=0x00008000 23 | Const10=CRYPT_LDAP_SIGN_RETRIEVAL 24 | Value10=0x00010000 25 | Const11=CRYPT_NO_AUTH_RETRIEVAL 26 | Value11=0x00020000 27 | Const12=CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL 28 | Value12=0x00040000 29 | Const13=CRYPT_AIA_RETRIEVAL 30 | Value13=0x00080000 31 | Const14=CRYPT_HTTP_POST_RETRIEVAL 32 | Value14=0x00100000 33 | Const15=CRYPT_PROXY_CACHE_RETRIEVAL 34 | Value15=0x00200000 35 | Const16=CRYPT_NOT_MODIFIED_RETRIEVAL 36 | Value16=0x00400000 37 | Const17=CRYPT_VERIFY_CONTEXT_SIGNATURE 38 | Value17=0x00000020 39 | Const18=CRYPT_VERIFY_DATA_HASH 40 | Value18=0x00000040 41 | [CryptGetObjectUrlFlags] 42 | TypeDisplay=DWORD 43 | Base=DWORD 44 | Type=Flag 45 | Const1=CRYPT_GET_URL_FROM_PROPERTY 46 | Value1=0x00000001 47 | Const2=CRYPT_GET_URL_FROM_EXTENSION 48 | Value2=0x00000002 49 | Const3=CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE 50 | Value3=0x00000004 51 | Const4=CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE 52 | Value4=0x00000008 53 | -------------------------------------------------------------------------------- /apis_def/headers/patch.h.api: -------------------------------------------------------------------------------- 1 | [PatchSymbolOptions] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Flag 5 | Const1=PATCH_SYMBOL_NO_IMAGEHLP 6 | Value1=0x00000001 7 | Const2=PATCH_SYMBOL_NO_FAILURES 8 | Value2=0x00000002 9 | Const3=PATCH_SYMBOL_UNDECORATED_TOO 10 | Value3=0x00000004 11 | Const4=PATCH_SYMBOL_RESERVED1 12 | Value4=0x80000000 13 | [PatchExtendedOptions] 14 | TypeDisplay=ULONG 15 | Base=ULONG 16 | Type=Flag 17 | Const1=PATCH_TRANSFORM_PE_RESOURCE_2 18 | Value1=0x00000100 19 | Const2=PATCH_TRANSFORM_PE_IRELOC_2 20 | Value2=0x00000200 21 | [PatchOptionFlags] 22 | TypeDisplay=ULONG 23 | Base=ULONG 24 | Type=Flag 25 | Const1=PATCH_OPTION_USE_BEST 26 | Value1=0x00000000 27 | Const2=PATCH_OPTION_USE_LZX_BEST 28 | Value2=0x00000003 29 | Const3=PATCH_OPTION_USE_LZX_A 30 | Value3=0x00000001 31 | Const4=PATCH_OPTION_USE_LZX_B 32 | Value4=0x00000002 33 | Const5=PATCH_OPTION_USE_LZX_LARGE 34 | Value5=0x00000004 35 | Const6=PATCH_OPTION_NO_BINDFIX 36 | Value6=0x00010000 37 | Const7=PATCH_OPTION_NO_LOCKFIX 38 | Value7=0x00020000 39 | Const8=PATCH_OPTION_NO_REBASE 40 | Value8=0x00040000 41 | Const9=PATCH_OPTION_FAIL_IF_SAME_FILE 42 | Value9=0x00080000 43 | Const10=PATCH_OPTION_FAIL_IF_BIGGER 44 | Value10=0x00100000 45 | Const11=PATCH_OPTION_NO_CHECKSUM 46 | Value11=0x00200000 47 | Const12=PATCH_OPTION_NO_RESTIMEFIX 48 | Value12=0x00400000 49 | Const13=PATCH_OPTION_NO_TIMESTAMP 50 | Value13=0x00800000 51 | Const14=PATCH_OPTION_SIGNATURE_MD5 52 | Value14=0x01000000 53 | Const15=PATCH_OPTION_INTERLEAVE_FILES 54 | Value15=0x40000000 55 | Const16=PATCH_OPTION_RESERVED1 56 | Value16=0x80000000 57 | -------------------------------------------------------------------------------- /apis_def/headers/oleaut32.h.api: -------------------------------------------------------------------------------- 1 | [PICTYPE] 2 | TypeDisplay=UINT 3 | Base=UINT 4 | Type=Flag 5 | Const1=PICTYPE_UNINITIALIZED 6 | Value1=-1 7 | Const2=PICTYPE_NONE 8 | Value2=0 9 | Const3=PICTYPE_BITMAP 10 | Value3=1 11 | Const4=PICTYPE_METAFILE 12 | Value4=2 13 | Const5=PICTYPE_ICON 14 | Value5=3 15 | Const6=PICTYPE_ENHMETAFILE 16 | Value6=4 17 | [OleLoadPictureExFlags] 18 | TypeDisplay=DWORD 19 | Base=DWORD 20 | Type=Enum 21 | Const1=LP_DEFAULT 22 | Value1=0x00 23 | Const2=LP_MONOCHROME 24 | Value2=0x01 25 | Const3=LP_VGACOLOR 26 | Value3=0x02 27 | Const4=LP_COLOR 28 | Value4=0x04 29 | [REGKIND] 30 | Base=UINT 31 | Type=Enum 32 | Const1=REGKIND_DEFAULT 33 | Value1=0 34 | Const2=REGKIND_REGISTER 35 | Value2=1 36 | Const3=REGKIND_NONE 37 | Value3=2 38 | [NUMPRS_FLAG] 39 | TypeDisplay=ULONG 40 | Base=ULONG 41 | Type=Flag 42 | Const1=NUMPRS_LEADING_WHITE 43 | Value1=0x0001 44 | Const2=NUMPRS_TRAILING_WHITE 45 | Value2=0x0002 46 | Const3=NUMPRS_LEADING_PLUS 47 | Value3=0x0004 48 | Const4=NUMPRS_TRAILING_PLUS 49 | Value4=0x0008 50 | Const5=NUMPRS_LEADING_MINUS 51 | Value5=0x0010 52 | Const6=NUMPRS_TRAILING_MINUS 53 | Value6=0x0020 54 | Const7=NUMPRS_HEX_OCT 55 | Value7=0x0040 56 | Const8=NUMPRS_PARENS 57 | Value8=0x0080 58 | Const9=NUMPRS_DECIMAL 59 | Value9=0x0100 60 | Const10=NUMPRS_THOUSANDS 61 | Value10=0x0200 62 | Const11=NUMPRS_CURRENCY 63 | Value11=0x0400 64 | Const12=NUMPRS_EXPONENT 65 | Value12=0x0800 66 | Const13=NUMPRS_USE_ALL 67 | Value13=0x1000 68 | Const14=NUMPRS_STD 69 | Value14=0x1FFF 70 | Const15=NUMPRS_NEG 71 | Value15=0x10000 72 | Const16=NUMPRS_INEXACT 73 | Value16=0x20000 74 | -------------------------------------------------------------------------------- /apis_def/version.api: -------------------------------------------------------------------------------- 1 | [GetFileVersionInfo] 2 | 1=LPCTSTR lptstrFilename 3 | 2=DWORD dwHandle 4 | 3=DWORD dwLen 5 | 4=LPVOID lpData 6 | ParamCount=4 7 | @=GetFileVersionInfo 8 | [GetFileVersionInfoExW] 9 | 1=[FILE_VER_GET_FLAGS] dwFlags 10 | 2=LPCWSTR lptstrFilename 11 | 3=DWORD dwHandle 12 | 4=DWORD dwLen 13 | 5=LPVOID lpData 14 | ParamCount=5 15 | Header=version.h.api; 16 | @=GetFileVersionInfoExW 17 | [GetFileVersionInfoSize] 18 | 1=LPCTSTR lptstrFilename 19 | 2=LPDWORD lpdwHandle 20 | ParamCount=2 21 | @=GetFileVersionInfoSize 22 | [GetFileVersionInfoSizeExW] 23 | 1=[FILE_VER_GET_FLAGS] dwFlags 24 | 2=LPCTSTR lptstrFilename 25 | 3=LPDWORD lpdwHandle 26 | ParamCount=3 27 | Header=version.h.api; 28 | @=GetFileVersionInfoSizeExW 29 | [VerFindFile] 30 | 1=[VFF_FLAGS] dwFlags 31 | 2=LPCTSTR szFileName 32 | 3=LPCTSTR szWinDir 33 | 4=LPCTSTR szAppDir 34 | 5=LPCSTR szCurDir 35 | 6=PUINT lpuCurDirLen 36 | 7=LPTSTR szDestDir 37 | 8=PUINT lpuDestDirLen 38 | ParamCount=8 39 | Header=version.h.api; 40 | @=VerFindFile 41 | [VerInstallFile] 42 | 1=[VIF_FLAGS] uFlags 43 | 2=LPCTSTR szSrcFileName 44 | 3=LPCTSTR szDestFileName 45 | 4=LPCTSTR szSrcDir 46 | 5=LPCTSTR szDestDir 47 | 6=LPCTSTR szCurDir 48 | 7=LPTSTR szTmpFile 49 | 8=PUINT lpuTmpFileLen 50 | ParamCount=8 51 | Header=version.h.api; 52 | @=VerInstallFile 53 | [VerQueryValue] 54 | 1=LPCVOID pBlock 55 | 2=LPCTSTR lpSubBlock 56 | 3=LPVOID* lplpBuffer 57 | 4=PUINT puLen 58 | ParamCount=4 59 | @=VerQueryValue 60 | [VerLanguageNameA] 61 | SourceModule=kernel32.api 62 | @=VerLanguageNameA 63 | [VerLanguageNameW] 64 | SourceModule=kernel32.api 65 | @=VerLanguageNameW 66 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/_scriptapi_memory.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MEMORY_H 2 | #define _SCRIPTAPI_MEMORY_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Memory 9 | { 10 | SCRIPT_EXPORT bool Read(duint addr, void* data, duint size, duint* sizeRead); 11 | SCRIPT_EXPORT bool Write(duint addr, const void* data, duint size, duint* sizeWritten); 12 | SCRIPT_EXPORT bool IsValidPtr(duint addr); 13 | SCRIPT_EXPORT duint RemoteAlloc(duint addr, duint size); 14 | SCRIPT_EXPORT bool RemoteFree(duint addr); 15 | SCRIPT_EXPORT unsigned int GetProtect(duint addr, bool reserved = false, bool cache = true); 16 | SCRIPT_EXPORT duint GetBase(duint addr, bool reserved = false, bool cache = true); 17 | SCRIPT_EXPORT duint GetSize(duint addr, bool reserved = false, bool cache = true); 18 | 19 | SCRIPT_EXPORT unsigned char ReadByte(duint addr); 20 | SCRIPT_EXPORT bool WriteByte(duint addr, unsigned char data); 21 | SCRIPT_EXPORT unsigned short ReadWord(duint addr); 22 | SCRIPT_EXPORT bool WriteWord(duint addr, unsigned short data); 23 | SCRIPT_EXPORT unsigned int ReadDword(duint addr); 24 | SCRIPT_EXPORT bool WriteDword(duint addr, unsigned int data); 25 | SCRIPT_EXPORT unsigned long long ReadQword(duint addr); 26 | SCRIPT_EXPORT bool WriteQword(duint addr, unsigned long long data); 27 | SCRIPT_EXPORT duint ReadPtr(duint addr); 28 | SCRIPT_EXPORT bool WritePtr(duint addr, duint data); 29 | }; //Memory 30 | }; //Script 31 | 32 | #endif //_SCRIPTAPI_MEMORY_H -------------------------------------------------------------------------------- /apis_def/headers/hid.h.api: -------------------------------------------------------------------------------- 1 | [HIDP_STATUS] 2 | TypeDisplay=NTSTATUS 3 | Base=UINT 4 | Type=Enum 5 | Const1=HIDP_STATUS_SUCCESS 6 | Value1=0x00110000 7 | Const2=HIDP_STATUS_NULL 8 | Value2=0x80110001 9 | Const3=HIDP_STATUS_INVALID_PREPARSED_DATA 10 | Value3=0xc0110001 11 | Const4=HIDP_STATUS_INVALID_REPORT_TYPE 12 | Value4=0xc0110002 13 | Const5=HIDP_STATUS_INVALID_REPORT_LENGTH 14 | Value5=0xc0110003 15 | Const6=HIDP_STATUS_USAGE_NOT_FOUND 16 | Value6=0xc0110004 17 | Const7=HIDP_STATUS_VALUE_OUT_OF_RANGE 18 | Value7=0xc0110005 19 | Const8=HIDP_STATUS_BAD_LOG_PHY_VALUES 20 | Value8=0xc0110006 21 | Const9=HIDP_STATUS_BUFFER_TOO_SMALL 22 | Value9=0xc0110007 23 | Const10=HIDP_STATUS_INTERNAL_ERROR 24 | Value10=0xc0110008 25 | Const11=HIDP_STATUS_I8042_TRANS_UNKNOWN 26 | Value11=0xc0110009 27 | Const12=HIDP_STATUS_INCOMPATIBLE_REPORT_ID 28 | Value12=0xc011000a 29 | Const13=HIDP_STATUS_NOT_VALUE_ARRAY 30 | Value13=0xc011000b 31 | Const14=HIDP_STATUS_IS_VALUE_ARRAY 32 | Value14=0xc011000c 33 | Const15=HIDP_STATUS_DATA_INDEX_NOT_FOUND 34 | Value15=0xc011000d 35 | Const16=HIDP_STATUS_DATA_INDEX_OUT_OF_RANGE 36 | Value16=0xc011000e 37 | Const17=HIDP_STATUS_BUTTON_NOT_PRESSED 38 | Value17=0xc011000f 39 | Const18=HIDP_STATUS_REPORT_DOES_NOT_EXIST 40 | Value18=0xc0110010 41 | Const19=HIDP_STATUS_NOT_IMPLEMENTED 42 | Value19=0xc0110020 43 | [HIDP_REPORT_TYPE] 44 | Base=UINT 45 | Type=Enum 46 | Const1=HidP_Input 47 | Value1=0 48 | Const2=HidP_Output 49 | Value2=1 50 | Const3=HidP_Feature 51 | Value3=2 52 | [HIDP_KEYBOARD_DIRECTION] 53 | Base=UINT 54 | Type=Enum 55 | Const1=HidP_Keyboard_Break 56 | Value1=0 57 | Const2=HidP_Keyboard_Make 58 | Value2=1 59 | -------------------------------------------------------------------------------- /apis_def/connect.api: -------------------------------------------------------------------------------- 1 | [CreateVPNConnection] 2 | 1=HWND hwndParent 3 | 2=DWORD dwWizardType 4 | 3=DWORD dwContextFlags 5 | 4=DWORD dwUserFlags 6 | 5=HANDLE hUserContext 7 | 6=LPWSTR pszCommandLine 8 | ParamCount=6 9 | Header=windows.h.api; 10 | @=CreateVPNConnection 11 | [GetInternetConnected] 12 | 1=HWND hwndParent 13 | 2=DWORD dwWizardType 14 | 3=DWORD dwContextFlags 15 | 4=DWORD dwUserFlags 16 | 5=HANDLE hUserContext 17 | 6=LPWSTR pszCommandLine 18 | ParamCount=6 19 | Header=windows.h.api; 20 | @=GetInternetConnected 21 | [GetNetworkConnected] 22 | 1=HWND hwndParent 23 | 2=DWORD dwWizardType 24 | 3=DWORD dwContextFlags 25 | 4=DWORD dwUserFlags 26 | 5=HANDLE hUserContext 27 | 6=LPWSTR pszCommandLine 28 | ParamCount=6 29 | Header=windows.h.api; 30 | @=GetNetworkConnected 31 | [GetVPNConnected] 32 | 1=HWND hwndParent 33 | 2=DWORD dwWizardType 34 | 3=DWORD dwContextFlags 35 | 4=DWORD dwUserFlags 36 | 5=HANDLE hUserContext 37 | 6=LPWSTR pszCommandLine 38 | ParamCount=6 39 | Header=windows.h.api; 40 | @=GetVPNConnected 41 | [IsInternetConnected] 42 | ParamCount=0 43 | @=IsInternetConnected 44 | [RegisterPageWithPage] 45 | 1=GUID* pguidParentPage 46 | 2=GUID* pguidChildPage 47 | 3=LPWSTR pszChildModuleFileName 48 | 4=LPWSTR pszFriendlyName 49 | 5=DWORD dwBehaviorFlags 50 | 6=DWORD dwUserFlags 51 | 7=LPWSTR pszCommandLine 52 | ParamCount=7 53 | Header=windows.h.api; 54 | @=RegisterPageWithPage 55 | [UnregisterPage] 56 | 1=GUID* pguidPage 57 | 2=BOOL fUnregisterFromCOM 58 | ParamCount=2 59 | Header=windows.h.api; 60 | @=UnregisterPage 61 | [UnregisterPagesLink] 62 | 1=GUID* pguidParentPage 63 | 2=GUID* pguidChildPage 64 | ParamCount=2 65 | Header=windows.h.api; 66 | @=UnregisterPagesLink 67 | -------------------------------------------------------------------------------- /apis_def/ndfapi.api: -------------------------------------------------------------------------------- 1 | [NdfCloseIncident] 2 | 1=NDFHANDLE handle 3 | ParamCount=1 4 | Header=ndfapi.h.api; 5 | @=NdfCloseIncident 6 | [NdfCreateConnectivityIncident] 7 | 1=NDFHANDLE* handle 8 | ParamCount=1 9 | Header=ndfapi.h.api; 10 | @=NdfCreateConnectivityIncident 11 | [NdfCreateDNSIncident] 12 | 1=LPCWSTR hostname 13 | 2=WORD querytype 14 | 3=NDFHANDLE* handle 15 | ParamCount=3 16 | Header=ndfapi.h.api; 17 | @=NdfCreateDNSIncident 18 | [NdfCreateIncident] 19 | 1=LPCWSTR helperClassName 20 | 2=ULONG celt 21 | 3=HELPER_ATTRIBUTE* attributes 22 | 4=NDFHANDLE* handle 23 | ParamCount=4 24 | Header=ndfapi.h.api; 25 | @=NdfCreateIncident 26 | [NdfCreateSharingIncident] 27 | 1=LPCWSTR sharename 28 | 2=NDFHANDLE* handle 29 | ParamCount=2 30 | Header=ndfapi.h.api; 31 | @=NdfCreateSharingIncident 32 | [NdfCreateWebIncident] 33 | 1=LPCWSTR url 34 | 2=NDFHANDLE* handle 35 | ParamCount=2 36 | Header=ndfapi.h.api; 37 | @=NdfCreateWebIncident 38 | [NdfCreateWebIncidentEx] 39 | 1=LPCWSTR url 40 | 2=BOOL useWinHTTP 41 | 3=LPWSTR moduleName 42 | 4=NDFHANDLE* handle 43 | ParamCount=4 44 | Header=ndfapi.h.api; 45 | @=NdfCreateWebIncidentEx 46 | [NdfCreateWinSockIncident] 47 | 1=[SOCKET] sock 48 | 2=LPCWSTR host 49 | 3=USHORT port 50 | 4=LPCWSTR appID 51 | 5=SID* userId 52 | 6=NDFHANDLE* handle 53 | ParamCount=6 54 | Header=ndfapi.h.api;sockets.h.api;windows.h.api; 55 | @=NdfCreateWinSockIncident 56 | [NdfExecuteDiagnosis] 57 | 1=NDFHANDLE handle 58 | 2=HWND hwnd 59 | ParamCount=2 60 | Header=ndfapi.h.api;windows.h.api; 61 | @=NdfExecuteDiagnosis 62 | [NdfCreateNetConnectionIncident] 63 | 1=NDFHANDLE* handle 64 | 2=GUID id 65 | ParamCount=2 66 | Header=ndfapi.h.api; 67 | @=NdfCreateNetConnectionIncident 68 | -------------------------------------------------------------------------------- /apis_def/msctf.api: -------------------------------------------------------------------------------- 1 | [SetInputScope] 2 | 1=HWND hwnd 3 | 2=[InputScope] inputscope 4 | ParamCount=2 5 | Header=msctf.h.api;windows.h.api; 6 | @=SetInputScope 7 | [SetInputScopes] 8 | 1=HWND hwnd 9 | 2=InputScope* pInputScopes 10 | 3=UINT cInputScopes 11 | 4=WCHAR** ppszPhraseList 12 | 5=UINT cPhrases 13 | 6=WCHAR* pszRegExp 14 | 7=WCHAR* pszSRGS 15 | ParamCount=7 16 | Header=msctf.h.api;windows.h.api; 17 | @=SetInputScopes 18 | [SetInputScopes2] 19 | 1=HWND hwnd 20 | 2=InputScope* pInputScopes 21 | 3=UINT cInputScopes 22 | 4=IEnumString* pEnumString 23 | 5=WCHAR* pszRegExp 24 | 6=WCHAR* pszSRGS 25 | ParamCount=6 26 | Header=msctf.h.api;windows.h.api; 27 | @=SetInputScopes2 28 | [SetInputScopeXML] 29 | ParamCount=0 30 | @=SetInputScopeXML 31 | [TF_CreateCategoryMgr] 32 | 1=ITfCategoryMgr** ppcat 33 | ParamCount=1 34 | @=TF_CreateCategoryMgr 35 | [TF_CreateDisplayAttributeMgr] 36 | 1=ITfDisplayAttributeMgr** ppdam 37 | ParamCount=1 38 | @=TF_CreateDisplayAttributeMgr 39 | [TF_CreateInputProcessorProfiles] 40 | 1=ITfInputProcessorProfiles** ppipr 41 | ParamCount=1 42 | @=TF_CreateInputProcessorProfiles 43 | [TF_CreateLangBarItemMgr] 44 | 1=ITfLangBarItemMgr** pplbim 45 | ParamCount=1 46 | @=TF_CreateLangBarItemMgr 47 | [TF_CreateLangBarMgr] 48 | 1=ITfLangBarMgr** pppbm 49 | ParamCount=1 50 | @=TF_CreateLangBarMgr 51 | [TF_CreateThreadMgr] 52 | 1=ITfThreadMgr** pptim 53 | ParamCount=1 54 | @=TF_CreateThreadMgr 55 | [TF_GetThreadMgr] 56 | 1=ITfThreadMgr** pptim 57 | ParamCount=1 58 | @=TF_GetThreadMgr 59 | [TF_InvalidAssemblyListCacheIfExist] 60 | ParamCount=0 61 | @=TF_InvalidAssemblyListCacheIfExist 62 | [MsimtfIsWindowFiltered] 63 | 1=HWND hwnd 64 | ParamCount=1 65 | Header=windows.h.api; 66 | @=MsimtfIsWindowFiltered 67 | -------------------------------------------------------------------------------- /apis_def/wer.api: -------------------------------------------------------------------------------- 1 | [WerAddExcludedApplication] 2 | 1=PCWSTR pwzExeName 3 | 2=BOOL bAllUsers 4 | ParamCount=2 5 | @=WerAddExcludedApplication 6 | [WerRemoveExcludedApplication] 7 | 1=PCWSTR pwzExeName 8 | 2=BOOL bAllUsers 9 | ParamCount=2 10 | @=WerRemoveExcludedApplication 11 | [WerReportAddDump] 12 | 1=HREPORT hReportHandle 13 | 2=[ProcessHandle] hProcess 14 | 3=[ThreadHandle] hThread 15 | 4=[WER_DUMP_TYPE] dumpType 16 | 5=PWER_EXCEPTION_INFORMATION pExceptionParam 17 | 6=PWER_DUMP_CUSTOM_OPTIONS pDumpCustomOptions 18 | 7=DWORD dwFlags 19 | ParamCount=7 20 | Header=wer.h.api;windows.h.api; 21 | @=WerReportAddDump 22 | [WerReportAddFile] 23 | 1=HREPORT hReportHandle 24 | 2=PCWSTR pwzPath 25 | 3=[WER_FILE_TYPE] repFileType 26 | 4=DWORD dwFileFlags 27 | ParamCount=4 28 | Header=wer.h.api; 29 | @=WerReportAddFile 30 | [WerReportCloseHandle] 31 | 1=HREPORT hReportHandle 32 | ParamCount=1 33 | Header=wer.h.api; 34 | @=WerReportCloseHandle 35 | [WerReportCreate] 36 | 1=PCWSTR pwzEventType 37 | 2=[WER_REPORT_TYPE] repType 38 | 3=PWER_REPORT_INFORMATION pReportInformation 39 | 4=HREPORT* phReportHandle 40 | ParamCount=4 41 | Header=wer.h.api; 42 | @=WerReportCreate 43 | [WerReportSetParameter] 44 | 1=HREPORT hReportHandle 45 | 2=DWORD dwparamID 46 | 3=PCWSTR pwzName 47 | 4=PCWSTR pwzValue 48 | ParamCount=4 49 | Header=wer.h.api; 50 | @=WerReportSetParameter 51 | [WerReportSetUIOption] 52 | 1=HREPORT hReportHandle 53 | 2=[WER_REPORT_UI] repUITypeID 54 | 3=PCWSTR pwzValue 55 | ParamCount=3 56 | Header=wer.h.api; 57 | @=WerReportSetUIOption 58 | [WerReportSubmit] 59 | 1=HREPORT hReportHandle 60 | 2=[WER_CONSENT] consent 61 | 3=DWORD dwFlags 62 | 4=PWER_SUBMIT_RESULT pSubmitResult 63 | ParamCount=4 64 | Header=wer.h.api; 65 | @=WerReportSubmit 66 | -------------------------------------------------------------------------------- /apis_def/headers/ole32.h.api: -------------------------------------------------------------------------------- 1 | [EOLE_AUTHENTICATION_CAPABILITIES] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=EOAC_NONE 6 | Value1=0 7 | Const2=EOAC_MUTUAL_AUTH 8 | Value2=0x1 9 | Const3=EOAC_STATIC_CLOAKING 10 | Value3=0x20 11 | Const4=EOAC_DYNAMIC_CLOAKING 12 | Value4=0x40 13 | Const5=EOAC_ANY_AUTHORITY 14 | Value5=0x80 15 | Const6=EOAC_MAKE_FULLSIC 16 | Value6=0x100 17 | Const7=EOAC_DEFAULT 18 | Value7=0x800 19 | Const8=EOAC_SECURE_REFS 20 | Value8=0x2 21 | Const9=EOAC_ACCESS_CONTROL 22 | Value9=0x4 23 | Const10=EOAC_APPID 24 | Value10=0x8 25 | Const11=EOAC_DYNAMIC 26 | Value11=0x10 27 | Const12=EOAC_REQUIRE_FULLSIC 28 | Value12=0x200 29 | Const13=EOAC_AUTO_IMPERSONATE 30 | Value13=0x400 31 | Const14=EOAC_NO_CUSTOM_MARSHAL 32 | Value14=0x2000 33 | Const15=EOAC_DISABLE_AAA 34 | Value15=0x1000 35 | [REGCLS] 36 | TypeDisplay=DWORD 37 | Base=DWORD 38 | Type=Flag 39 | Const1=REGCLS_SINGLEUSE 40 | Value1=0 41 | Const2=REGCLS_MULTIPLEUSE 42 | Value2=1 43 | Const3=REGCLS_MULTI_SEPARATE 44 | Value3=2 45 | Const4=REGCLS_SUSPENDED 46 | Value4=4 47 | Const5=REGCLS_SURROGATE 48 | Value5=8 49 | [STGFMT] 50 | Base=DWORD 51 | Type=Enum 52 | Const1=STGFMT_STORAGE 53 | Value1=0 54 | Const2=STGFMT_NATIVE 55 | Value2=1 56 | Const3=STGFMT_FILE 57 | Value3=3 58 | Const4=STGFMT_ANY 59 | Value4=4 60 | Const5=STGFMT_DOCFILE 61 | Value5=5 62 | [OLERENDER] 63 | TypeDisplay=DWORD 64 | Base=DWORD 65 | Type=Enum 66 | Const1=OLERENDER_NONE 67 | Value1=0 68 | Const2=OLERENDER_DRAW 69 | Value2=1 70 | Const3=OLERENDER_FORMAT 71 | Value3=2 72 | Const4=OLERENDER_ASIS 73 | Value4=3 74 | [ASYNC_MODE_FLAGS] 75 | TypeDisplay=DWORD 76 | Base=DWORD 77 | Type=Flag 78 | Const1=ASYNC_MODE_DEFAULT 79 | Value1=0x00000000 80 | Const2=ASYNC_MODE_COMPATIBILITY 81 | Value2=0x00000001 82 | -------------------------------------------------------------------------------- /apis_def/newdev.api: -------------------------------------------------------------------------------- 1 | [InstallNewDevice] 2 | 1=HWND hwndParent 3 | 2=LPGUID ClassGuid 4 | 3=PDWORD pReboot 5 | ParamCount=3 6 | Header=windows.h.api; 7 | @=InstallNewDevice 8 | [DiInstallDevice] 9 | 1=HWND hwndParent 10 | 2=HDEVINFO DeviceInfoSet 11 | 3=PSP_DEVINFO_DATA DeviceInfoData 12 | 4=PSP_DRVINFO_DATA DriverInfoData 13 | 5=DWORD Flags 14 | 6=PBOOL NeedReboot 15 | ParamCount=6 16 | Header=setup.h.api;windows.h.api; 17 | @=DiInstallDevice 18 | [DiInstallDriver] 19 | 1=HWND hwndParent 20 | 2=LPCTSTR FullInfPath 21 | 3=DWORD Flags 22 | 4=PBOOL NeedReboot 23 | ParamCount=4 24 | Header=windows.h.api; 25 | @=DiInstallDriver 26 | [DiRollbackDriver] 27 | 1=HDEVINFO DeviceInfoSet 28 | 2=PSP_DEVINFO_DATA DeviceInfoData 29 | 3=HWND hwndParent 30 | 4=DWORD Flags 31 | 5=PBOOL NeedReboot 32 | ParamCount=5 33 | Header=windows.h.api; 34 | @=DiRollbackDriver 35 | [DiShowUpdateDevice] 36 | 1=HWND hwndParent 37 | 2=HDEVINFO DeviceInfoSet 38 | 3=PSP_DEVINFO_DATA DeviceInfoData 39 | 4=DWORD Flags 40 | 5=PBOOL NeedReboot 41 | ParamCount=5 42 | Header=windows.h.api; 43 | @=DiShowUpdateDevice 44 | [DiUninstallDevice] 45 | 1=HWND hwndParent 46 | 2=HDEVINFO DeviceInfoSet 47 | 3=PSP_DEVINFO_DATA DeviceInfoData 48 | 4=DWORD Flags 49 | 5=PBOOL NeedReboot 50 | ParamCount=5 51 | Header=windows.h.api; 52 | @=DiUninstallDevice 53 | [UpdateDriverForPlugAndPlayDevices] 54 | 1=HWND hwndParent 55 | 2=LPCTSTR HardwareId 56 | 3=LPCTSTR FullInfPath 57 | 4=DWORD InstallFlags 58 | 5=PBOOL bRebootRequired 59 | ParamCount=5 60 | Header=windows.h.api; 61 | @=UpdateDriverForPlugAndPlayDevices 62 | [InstallSelectedDriver] 63 | 1=HWND hwndParent 64 | 2=HDEVINFO DeviceInfoSet 65 | 3=LPCTSTR Reserved 66 | 4=BOOL Backup 67 | 5=PDWORD bReboot 68 | ParamCount=5 69 | Header=windows.h.api; 70 | @=InstallSelectedDriver 71 | -------------------------------------------------------------------------------- /apis_def/oledlg.api: -------------------------------------------------------------------------------- 1 | [OleUIAddVerbMenu] 2 | 1=LPOLEOBJECT lpOleObj 3 | 2=LPCTSTR lpszShortType 4 | 3=HMENU hMenu 5 | 4=UINT uPos 6 | 5=UINT uIDVerbMin 7 | 6=UINT uIDVerbMax 8 | 7=BOOL bAddConvert 9 | 8=UINT idConvert 10 | 9=HMENU* lphMenu 11 | ParamCount=9 12 | Header=gdi.h.api;ole.h.api; 13 | @=OleUIAddVerbMenu 14 | [OleUIBusy] 15 | 1=LPOLEUIBUSY lpBZ 16 | ParamCount=1 17 | Header=oledlg.h.api; 18 | @=OleUIBusy 19 | [OleUICanConvertOrActivateAs] 20 | 1=REFCLSID rClsid 21 | 2=BOOL fIsLinkedObject 22 | 3=WORD wFormat 23 | ParamCount=3 24 | Header=windows.h.api; 25 | @=OleUICanConvertOrActivateAs 26 | [OleUIChangeIcon] 27 | 1=LPOLEUICHANGEICON lpCI 28 | ParamCount=1 29 | Header=oledlg.h.api; 30 | @=OleUIChangeIcon 31 | [OleUIChangeSource] 32 | 1=LPOLEUICHANGESOURCE lpCS 33 | ParamCount=1 34 | Header=oledlg.h.api; 35 | @=OleUIChangeSource 36 | [OleUIConvert] 37 | 1=LPOLEUICONVERT lpCV 38 | ParamCount=1 39 | Header=oledlg.h.api; 40 | @=OleUIConvert 41 | [OleUIEditLinks] 42 | 1=LPOLEUIEDITLINKS lpEL 43 | ParamCount=1 44 | Header=oledlg.h.api; 45 | @=OleUIEditLinks 46 | [OleUIInsertObject] 47 | 1=LPOLEUIINSERTOBJECT lpIO 48 | ParamCount=1 49 | Header=oledlg.h.api; 50 | @=OleUIInsertObject 51 | [OleUIObjectProperties] 52 | 1=LPOLEUIOBJECTPROPS lpOF 53 | ParamCount=1 54 | Header=oledlg.h.api; 55 | @=OleUIObjectProperties 56 | [OleUIPasteSpecial] 57 | 1=LPOLEUIPASTESPECIAL lpPS 58 | ParamCount=1 59 | Header=oledlg.h.api; 60 | @=OleUIPasteSpecial 61 | [OleUIPromptUser] 62 | 1=int nTemplate 63 | 2=HWND hwndParent 64 | ParamCount=2 65 | Header=windows.h.api; 66 | @=OleUIPromptUser 67 | [OleUIUpdateLinks] 68 | 1=LPOLEUILINKCONTAINER lpOleUILinkCntr 69 | 2=HWND hwndParent 70 | 3=LPTSTR lpszTitle 71 | 4=int cLinks 72 | ParamCount=4 73 | Header=oledlg.h.api;windows.h.api; 74 | @=OleUIUpdateLinks 75 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara/globals.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_GLOBALS_H 31 | #define YR_GLOBALS_H 32 | 33 | extern char lowercase[256]; 34 | extern char altercase[256]; 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /apis_def/headers/dxva2.h.api: -------------------------------------------------------------------------------- 1 | [MC_COLOR_TEMPERATURE] 2 | Base=UINT 3 | Type=Enum 4 | Const1=MC_COLOR_TEMPERATURE_UNKNOWN 5 | Value1=0 6 | Const2=MC_COLOR_TEMPERATURE_4000K 7 | Value2=1 8 | Const3=MC_COLOR_TEMPERATURE_5000K 9 | Value3=2 10 | Const4=MC_COLOR_TEMPERATURE_6500K 11 | Value4=3 12 | Const5=MC_COLOR_TEMPERATURE_7500K 13 | Value5=4 14 | Const6=MC_COLOR_TEMPERATURE_8200K 15 | Value6=5 16 | Const7=MC_COLOR_TEMPERATURE_9300K 17 | Value7=6 18 | Const8=MC_COLOR_TEMPERATURE_10000K 19 | Value8=7 20 | Const9=MC_COLOR_TEMPERATURE_11500K 21 | Value9=8 22 | [MC_POSITION_TYPE] 23 | Base=UINT 24 | Type=Enum 25 | Const1=MC_HORIZONTAL_POSITION 26 | Value1=0 27 | Const2=MC_VERTICAL_POSITION 28 | Value2=1 29 | [MC_SIZE_TYPE] 30 | Base=UINT 31 | Type=Enum 32 | Const1=MC_WIDTH 33 | Value1=0 34 | Const2=MC_HEIGHT 35 | Value2=1 36 | [MC_DRIVE_TYPE] 37 | Base=UINT 38 | Type=Enum 39 | Const1=MC_RED_DRIVE 40 | Value1=0 41 | Const2=MC_GREEN_DRIVE 42 | Value2=1 43 | Const3=MC_BLUE_DRIVE 44 | Value3=2 45 | [MC_GAIN_TYPE] 46 | Base=UINT 47 | Type=Enum 48 | Const1=MC_RED_GAIN 49 | Value1=0 50 | Const2=MC_GREEN_GAIN 51 | Value2=1 52 | Const3=MC_BLUE_GAIN 53 | Value3=2 54 | [MC_DISPLAY_TECHNOLOGY_TYPE] 55 | Base=UINT 56 | Type=Enum 57 | Const1=MC_SHADOW_MASK_CATHODE_RAY_TUBE 58 | Value1=0 59 | Const2=MC_APERTURE_GRILL_CATHODE_RAY_TUBE 60 | Value2=1 61 | Const3=MC_THIN_FILM_TRANSISTOR 62 | Value3=2 63 | Const4=MC_LIQUID_CRYSTAL_ON_SILICON 64 | Value4=3 65 | Const5=MC_PLASMA 66 | Value5=4 67 | Const6=MC_ORGANIC_LIGHT_EMITTING_DIODE 68 | Value6=5 69 | Const7=MC_ELECTROLUMINESCENT 70 | Value7=6 71 | Const8=MC_MICROELECTROMECHANICAL 72 | Value8=7 73 | Const9=MC_FIELD_EMISSION_DEVICE 74 | Value9=8 75 | [MC_VCP_CODE_TYPE] 76 | Base=UINT 77 | Type=Enum 78 | Const1=MC_MOMENTARY 79 | Value1=0 80 | Const2=MC_SET_PARAMETER 81 | Value2=1 82 | -------------------------------------------------------------------------------- /apis_def/common.api: -------------------------------------------------------------------------------- 1 | [DllMain] 2 | 1=HINSTANCE hinstDLL 3 | 2=[DLLMAIN_REASON] fdwReason 4 | 3=LPVOID lpvReserved 5 | ParamCount=3 6 | Header=common.h.api;windows.h.api; 7 | @=DllMain 8 | [DllGetClassObject] 9 | 1=REFCLSID rclsid 10 | 2=REFIID riid 11 | 3=LPVOID* ppv 12 | ParamCount=3 13 | Header=windows.h.api; 14 | @=DllGetClassObject 15 | [DllCanUnloadNow] 16 | ParamCount=0 17 | @=DllCanUnloadNow 18 | [DllRegisterServer] 19 | ParamCount=0 20 | @=DllRegisterServer 21 | [DllUnregisterServer] 22 | ParamCount=0 23 | @=DllUnregisterServer 24 | [DllDebugObjectRPCHook] 25 | 1=BOOL fTrace 26 | 2=LPORPC_INIT_ARGS lpOrpcInitArgs 27 | ParamCount=2 28 | Header=common.h.api; 29 | @=DllDebugObjectRPCHook 30 | [CPlApplet] 31 | 1=HWND hwndCPl 32 | 2=[CPL_MSG] uMsg 33 | 3=LPARAM lParam1 34 | 4=LPARAM lParam2 35 | ParamCount=4 36 | Header=common.h.api;windows.h.api; 37 | @=CPlApplet 38 | [DllGetVersion] 39 | 1=DLLVERSIONINFO* pdvi 40 | ParamCount=1 41 | Header=common.h.api; 42 | @=DllGetVersion 43 | [DllInstall] 44 | 1=BOOL bInstall 45 | 2=PCWSTR pszCmdLine 46 | ParamCount=2 47 | @=DllInstall 48 | [DllGetActivationFactory] 49 | 1=HSTRING activatableClassId 50 | 2=IActivationFactory** factory 51 | ParamCount=2 52 | Header= 53 | @=DllGetActivationFactory 54 | [CorDllMain] 55 | 1=HINSTANCE hInst 56 | 2=DWORD dwReason 57 | 3=LPVOID lpReserved 58 | ParamCount=3 59 | Header=windows.h.api; 60 | @=CorDllMain 61 | [CorExeMain] 62 | ParamCount=0 63 | @=CorExeMain 64 | [CorExeMain2] 65 | 1=PBYTE pUnmappedPE 66 | 2=DWORD cUnmappedPE 67 | 3=LPWSTR pImageNameIn 68 | 4=LPWSTR pLoadersFileName 69 | 5=LPWSTR pCmdLine 70 | ParamCount=5 71 | @=CorExeMain2 72 | [CorImageUnloading] 73 | 1=PVOID* ImageBase 74 | ParamCount=1 75 | @=CorImageUnloading 76 | [CorValidateImage] 77 | 1=PVOID* ImageBase 78 | 2=LPCWSTR FileName 79 | ParamCount=2 80 | @=CorValidateImage 81 | -------------------------------------------------------------------------------- /apis_def/mgmtapi.api: -------------------------------------------------------------------------------- 1 | [SnmpMgrClose] 2 | 1=LPSNMP_MGR_SESSION session 3 | ParamCount=1 4 | Header=snmp.h.api; 5 | @=SnmpMgrClose 6 | [SnmpMgrCtl] 7 | 1=LPSNMP_MGR_SESSION session 8 | 2=DWORD dwCtlCode 9 | 3=LPVOID lpvInBuffer 10 | 4=DWORD cbInBuffer 11 | 5=LPVOID lpvOutBuffer 12 | 6=DWORD cbOutBuffer 13 | 7=LPDWORD lpcbBytesReturned 14 | ParamCount=7 15 | Header=snmp.h.api; 16 | @=SnmpMgrCtl 17 | [SnmpMgrGetTrap] 18 | 1=AsnObjectIdentifier* enterprise 19 | 2=AsnNetworkAddress* IPAddress 20 | 3=AsnInteger* genericTrap 21 | 4=AsnInteger* specificTrap 22 | 5=AsnTimeticks* timeStamp 23 | 6=SnmpVarBindList* variableBindings 24 | ParamCount=6 25 | Header=snmp.h.api; 26 | @=SnmpMgrGetTrap 27 | [SnmpMgrGetTrapEx] 28 | 1=AsnObjectIdentifier* enterprise 29 | 2=AsnNetworkAddress* agentAddress 30 | 3=AsnNetworkAddress* sourceAddress 31 | 4=AsnInteger* genericTrap 32 | 5=AsnInteger* specificTrap 33 | 6=AsnOctetString* community 34 | 7=AsnTimeticks* timeStamp 35 | 8=SnmpVarBindList* variableBindings 36 | ParamCount=8 37 | Header=snmp.h.api; 38 | @=SnmpMgrGetTrapEx 39 | [SnmpMgrOidToStr] 40 | 1=AsnObjectIdentifier* oid 41 | 2=LPSTR* string 42 | ParamCount=2 43 | Header=snmp.h.api; 44 | @=SnmpMgrOidToStr 45 | [SnmpMgrOpen] 46 | 1=LPSTR lpAgentAddress 47 | 2=LPSTR lpAgentCommunity 48 | 3=INT nTimeOut 49 | 4=INT nRetries 50 | ParamCount=4 51 | @=SnmpMgrOpen 52 | [SnmpMgrRequest] 53 | 1=LPSNMP_MGR_SESSION session 54 | 2=BYTE requestType 55 | 3=SnmpVarBindList* variableBindings 56 | 4=AsnInteger* errorStatus 57 | 5=AsnInteger* errorIndex 58 | ParamCount=5 59 | Header=snmp.h.api; 60 | @=SnmpMgrRequest 61 | [SnmpMgrStrToOid] 62 | 1=LPSTR string 63 | 2=AsnObjectIdentifier* oid 64 | ParamCount=2 65 | Header=snmp.h.api; 66 | @=SnmpMgrStrToOid 67 | [SnmpMgrTrapListen] 68 | 1=HANDLE* phTrapAvailable 69 | ParamCount=1 70 | Header=windows.h.api; 71 | @=SnmpMgrTrapListen 72 | -------------------------------------------------------------------------------- /apis_def/input.api: -------------------------------------------------------------------------------- 1 | [EnumEnabledLayoutOrTip] 2 | 1=LPCWSTR pszUserSidString 3 | 2=LAYOUTORTIPPROFILE* pLayoutOrTipProfile 4 | 3=UINT uBufLength 5 | ParamCount=3 6 | Header=input.h.api; 7 | @=EnumEnabledLayoutOrTip 8 | [EnumLayoutOrTipForSetup] 9 | 1=UINT uBufLength 10 | 2=LAYOUTORTIP* pLayoutOrTip 11 | 3=UINT uBufLength 12 | 4=DWORD dwFlags 13 | ParamCount=4 14 | Header=input.h.api; 15 | @=EnumLayoutOrTipForSetup 16 | [InstallLayoutOrTip] 17 | 1=LPCWSTR psz 18 | 2=[IlotFlags] dwFlags 19 | ParamCount=2 20 | Header=input.h.api; 21 | @=InstallLayoutOrTip 22 | [InstallLayoutOrTipUserReg] 23 | 1=LPCWSTR pszUserReg 24 | 2=LPCWSTR pszSystemReg 25 | 3=LPCWSTR pszSoftwareReg 26 | 4=LPCWSTR psz 27 | 5=[IlotFlags] dwFlags 28 | ParamCount=5 29 | Header=input.h.api; 30 | @=InstallLayoutOrTipUserReg 31 | [QueryLayoutOrTipString] 32 | 1=LPCWSTR psz 33 | 2=DWORD dwFlags 34 | ParamCount=2 35 | @=QueryLayoutOrTipString 36 | [QueryLayoutOrTipStringUserReg] 37 | 1=LPCWSTR pszUserReg 38 | 2=LPCWSTR pszSystemReg 39 | 3=LPCWSTR pszSoftwareReg 40 | 4=LPCWSTR psz 41 | 5=DWORD dwFlags 42 | ParamCount=5 43 | @=QueryLayoutOrTipStringUserReg 44 | [SaveDefaultUserInputSettings] 45 | 1=HWND hwndParent 46 | 2=[HKEY] hSourceRegKey 47 | ParamCount=2 48 | Header=registry.h.api;windows.h.api; 49 | @=SaveDefaultUserInputSettings 50 | [SaveSystemAcctInputSettings] 51 | 1=HWND hwndParent 52 | 2=[HKEY] hSourceRegKey 53 | ParamCount=2 54 | Header=registry.h.api;windows.h.api; 55 | @=SaveSystemAcctInputSettings 56 | [SetDefaultLayoutOrTip] 57 | 1=LPCWSTR psz 58 | 2=[SdlotFlags] dwFlags 59 | ParamCount=2 60 | Header=input.h.api; 61 | @=SetDefaultLayoutOrTip 62 | [SetDefaultLayoutOrTipUserReg] 63 | 1=LPCWSTR pszUserReg 64 | 2=LPCWSTR pszSystemReg 65 | 3=LPCWSTR pszSoftwareReg 66 | 4=LPCWSTR psz 67 | 5=[SdlotFlags] dwFlags 68 | ParamCount=5 69 | Header=input.h.api; 70 | @=SetDefaultLayoutOrTipUserReg 71 | -------------------------------------------------------------------------------- /apis_def/headers/dwmapi.h.api: -------------------------------------------------------------------------------- 1 | [DWM_BLURBEHIND_Flags] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=DWM_BB_ENABLE 6 | Value1=0x00000001 7 | Const2=DWM_BB_BLURREGION 8 | Value2=0x00000002 9 | Const3=DWM_BB_TRANSITIONONMAXIMIZED 10 | Value3=0x00000004 11 | [DWM_SOURCE_FRAME_SAMPLING] 12 | Base=UINT 13 | Type=Enum 14 | Const1=DWM_SOURCE_FRAME_SAMPLING_POINT 15 | Value1=0 16 | Const2=DWM_SOURCE_FRAME_SAMPLING_COVERAGE 17 | Value2=1 18 | [DWM_TNP] 19 | TypeDisplay=DWORD 20 | Base=DWORD 21 | Type=Flag 22 | Const1=DWM_TNP_RECTDESTINATION 23 | Value1=0x00000001 24 | Const2=DWM_TNP_RECTSOURCE 25 | Value2=0x00000002 26 | Const3=DWM_TNP_OPACITY 27 | Value3=0x00000004 28 | Const4=DWM_TNP_VISIBLE 29 | Value4=0x00000008 30 | Const5=DWM_TNP_SOURCECLIENTAREAONLY 31 | Value5=0x00000010 32 | [GESTURE_TYPE] 33 | Base=UINT 34 | Type=Enum 35 | Const1=GT_PEN_TAP 36 | Value1=0 37 | Const2=GT_PEN_DOUBLETAP 38 | Value2=1 39 | Const3=GT_PEN_RIGHTTAP 40 | Value3=2 41 | Const4=GT_PEN_PRESSANDHOLD 42 | Value4=3 43 | Const5=GT_PEN_PRESSANDHOLDABORT 44 | Value5=4 45 | Const6=GT_TOUCH_TAP 46 | Value6=5 47 | Const7=GT_TOUCH_DOUBLETAP 48 | Value7=6 49 | Const8=GT_TOUCH_RIGHTTAP 50 | Value8=7 51 | Const9=GT_TOUCH_PRESSANDHOLD 52 | Value9=8 53 | Const10=GT_TOUCH_PRESSANDHOLDABORT 54 | Value10=9 55 | Const11=GT_TOUCH_PRESSANDTAP 56 | Value11=10 57 | [DWM_SHOWCONTACT] 58 | Base=UINT 59 | Type=Flag 60 | Const1=DWMSC_DOWN 61 | Value1=0x00000001 62 | Const2=DWMSC_UP 63 | Value2=0x00000002 64 | Const3=DWMSC_DRAG 65 | Value3=0x00000004 66 | Const4=DWMSC_HOLD 67 | Value4=0x00000008 68 | Const5=DWMSC_PENBARREL 69 | Value5=0x00000010 70 | Const6=DWMSC_NONE 71 | Value6=0x00000000 72 | Const7=DWMSC_ALL 73 | Value7=0xFFFFFFFF 74 | [DWMTRANSITION_OWNEDWINDOW_TARGET] 75 | Base=UINT 76 | Type=Enum 77 | Const1=DWMTRANSITION_OWNEDWINDOW_NULL 78 | Value1=-1 79 | Const2=DWMTRANSITION_OWNEDWINDOW_REPOSITION 80 | Value2=0 81 | -------------------------------------------------------------------------------- /apis_def/avrt.api: -------------------------------------------------------------------------------- 1 | [AvQuerySystemResponsiveness] 2 | 1=HANDLE AvrtHandle 3 | 2=PULONG SystemResponsivenessValue 4 | ParamCount=2 5 | Header=windows.h.api; 6 | @=AvQuerySystemResponsiveness 7 | [AvRtCreateThreadOrderingGroup] 8 | 1=PHANDLE Context 9 | 2=PLARGE_INTEGER Period 10 | 3=GUID* ThreadOrderingGuid 11 | 4=PLARGE_INTEGER Timeout 12 | ParamCount=4 13 | Header=windows.h.api; 14 | @=AvRtCreateThreadOrderingGroup 15 | [AvRtCreateThreadOrderingGroupEx] 16 | 1=PHANDLE Context 17 | 2=PLARGE_INTEGER Period 18 | 3=GUID* ThreadOrderingGuid 19 | 4=PLARGE_INTEGER Timeout 20 | 5=LPCTSTR TaskName 21 | ParamCount=5 22 | Header=windows.h.api; 23 | @=AvRtCreateThreadOrderingGroupEx 24 | [AvRtDeleteThreadOrderingGroup] 25 | 1=HANDLE Context 26 | ParamCount=1 27 | Header=windows.h.api; 28 | @=AvRtDeleteThreadOrderingGroup 29 | [AvRtJoinThreadOrderingGroup] 30 | 1=PHANDLE Context 31 | 2=GUID* ThreadOrderingGuid 32 | 3=BOOL Before 33 | ParamCount=3 34 | Header=windows.h.api; 35 | @=AvRtJoinThreadOrderingGroup 36 | [AvRtLeaveThreadOrderingGroup] 37 | 1=HANDLE Context 38 | ParamCount=1 39 | Header=windows.h.api; 40 | @=AvRtLeaveThreadOrderingGroup 41 | [AvRtWaitOnThreadOrderingGroup] 42 | 1=HANDLE Context 43 | ParamCount=1 44 | Header=windows.h.api; 45 | @=AvRtWaitOnThreadOrderingGroup 46 | [AvRevertMmThreadCharacteristics] 47 | 1=HANDLE AvrtHandle 48 | ParamCount=1 49 | Header=windows.h.api; 50 | @=AvRevertMmThreadCharacteristics 51 | [AvSetMmMaxThreadCharacteristics] 52 | 1=LPCTSTR FirstTask 53 | 2=LPCTSTR SecondTask 54 | 3=LPDWORD TaskIndex 55 | ParamCount=3 56 | @=AvSetMmMaxThreadCharacteristics 57 | [AvSetMmThreadCharacteristics] 58 | 1=LPCTSTR TaskName 59 | 2=LPDWORD TaskIndex 60 | ParamCount=2 61 | @=AvSetMmThreadCharacteristics 62 | [AvSetMmThreadPriority] 63 | 1=HANDLE AvrtHandle 64 | 2=[AVRT_PRIORITY] Priority 65 | ParamCount=2 66 | Header=avrt.h.api;windows.h.api; 67 | @=AvSetMmThreadPriority 68 | -------------------------------------------------------------------------------- /apis_def/headers/setup.h.api: -------------------------------------------------------------------------------- 1 | [DiDriverType] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=SPDIT_NODRIVER 6 | Value1=0x00000000 7 | Const2=SPDIT_CLASSDRIVER 8 | Value2=0x00000001 9 | Const3=SPDIT_COMPATDRIVER 10 | Value3=0x00000002 11 | [DEVPROPTYPE] 12 | Base=ULONG 13 | Type=Enum 14 | Const1=DEVPROP_TYPE_EMPTY 15 | Value1=0x00000000 16 | Const2=DEVPROP_TYPE_NULL 17 | Value2=0x00000001 18 | Const3=DEVPROP_TYPE_SBYTE 19 | Value3=0x00000002 20 | Const4=DEVPROP_TYPE_BYTE 21 | Value4=0x00000003 22 | Const5=DEVPROP_TYPE_INT16 23 | Value5=0x00000004 24 | Const6=DEVPROP_TYPE_UINT16 25 | Value6=0x00000005 26 | Const7=DEVPROP_TYPE_INT32 27 | Value7=0x00000006 28 | Const8=DEVPROP_TYPE_UINT32 29 | Value8=0x00000007 30 | Const9=DEVPROP_TYPE_INT64 31 | Value9=0x00000008 32 | Const10=DEVPROP_TYPE_UINT64 33 | Value10=0x00000009 34 | Const11=DEVPROP_TYPE_FLOAT 35 | Value11=0x0000000A 36 | Const12=DEVPROP_TYPE_DOUBLE 37 | Value12=0x0000000B 38 | Const13=DEVPROP_TYPE_DECIMAL 39 | Value13=0x0000000C 40 | Const14=DEVPROP_TYPE_GUID 41 | Value14=0x0000000D 42 | Const15=DEVPROP_TYPE_CURRENCY 43 | Value15=0x0000000E 44 | Const16=DEVPROP_TYPE_DATE 45 | Value16=0x0000000F 46 | Const17=DEVPROP_TYPE_FILETIME 47 | Value17=0x00000010 48 | Const18=DEVPROP_TYPE_BOOLEAN 49 | Value18=0x00000011 50 | Const19=DEVPROP_TYPE_STRING 51 | Value19=0x00000012 52 | Const20=DEVPROP_TYPE_STRING_LIST 53 | Value20=0x00002012 54 | Const21=DEVPROP_TYPE_SECURITY_DESCRIPTOR 55 | Value21=0x00000013 56 | Const22=DEVPROP_TYPE_SECURITY_DESCRIPTOR_STRING 57 | Value22=0x00000014 58 | Const23=DEVPROP_TYPE_DEVPROPKEY 59 | Value23=0x00000015 60 | Const24=DEVPROP_TYPE_DEVPROPTYPE 61 | Value24=0x00000016 62 | Const25=DEVPROP_TYPE_BINARY 63 | Value25=0x00001003 64 | Const26=DEVPROP_TYPE_ERROR 65 | Value26=0x00000017 66 | Const27=DEVPROP_TYPE_NTSTATUS 67 | Value27=0x00000018 68 | Const28=DEVPROP_TYPE_STRING_INDIRECT 69 | Value28=0x00000019 70 | -------------------------------------------------------------------------------- /apis_def/headers/version.h.api: -------------------------------------------------------------------------------- 1 | [VFF_FLAGS] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=VFFF_ISSHAREDFILE 6 | Value1=0x0001 7 | [VFF_RESULT] 8 | TypeDisplay=DWORD 9 | Base=DWORD 10 | Type=Flag 11 | Const1=VFF_CURNEDEST 12 | Value1=0x0001 13 | Const2=VFF_FILEINUSE 14 | Value2=0x0002 15 | Const3=VFF_BUFFTOOSMALL 16 | Value3=0x0004 17 | [VIF_FLAGS] 18 | TypeDisplay=DWORD 19 | Base=DWORD 20 | Type=Flag 21 | Const1=VIFF_FORCEINSTALL 22 | Value1=0x0001 23 | Const2=VIFF_DONTDELETEOLD 24 | Value2=0x0002 25 | [VIF_RESULT] 26 | TypeDisplay=DWORD 27 | Base=DWORD 28 | Type=Flag 29 | Const1=VIF_TEMPFILE 30 | Value1=0x00000001 31 | Const2=VIF_MISMATCH 32 | Value2=0x00000002 33 | Const3=VIF_SRCOLD 34 | Value3=0x00000004 35 | Const4=VIF_DIFFLANG 36 | Value4=0x00000008 37 | Const5=VIF_DIFFCODEPG 38 | Value5=0x00000010 39 | Const6=VIF_DIFFTYPE 40 | Value6=0x00000020 41 | Const7=VIF_WRITEPROT 42 | Value7=0x00000040 43 | Const8=VIF_FILEINUSE 44 | Value8=0x00000080 45 | Const9=VIF_OUTOFSPACE 46 | Value9=0x00000100 47 | Const10=VIF_ACCESSVIOLATION 48 | Value10=0x00000200 49 | Const11=VIF_SHARINGVIOLATION 50 | Value11=0x00000400 51 | Const12=VIF_CANNOTCREATE 52 | Value12=0x00000800 53 | Const13=VIF_CANNOTDELETE 54 | Value13=0x00001000 55 | Const14=VIF_CANNOTRENAME 56 | Value14=0x00002000 57 | Const15=VIF_CANNOTDELETECUR 58 | Value15=0x00004000 59 | Const16=VIF_OUTOFMEMORY 60 | Value16=0x00008000 61 | Const17=VIF_CANNOTREADSRC 62 | Value17=0x00010000 63 | Const18=VIF_CANNOTREADDST 64 | Value18=0x00020000 65 | Const19=VIF_BUFFTOOSMALL 66 | Value19=0x00040000 67 | Const20=VIF_CANNOTLOADLZ32 68 | Value20=0x00080000 69 | Const21=VIF_CANNOTLOADCABINET 70 | Value21=0x00100000 71 | [FILE_VER_GET_FLAGS] 72 | TypeDisplay=DWORD 73 | Base=DWORD 74 | Type=Flag 75 | Const1=FILE_VER_GET_LOCALISED 76 | Value1=0x01 77 | Const2=FILE_VER_GET_NEUTRAL 78 | Value2=0x02 79 | Const3=FILE_VER_GET_PREFETCHED 80 | Value3=0x04 81 | -------------------------------------------------------------------------------- /apis_def/prntvpt.api: -------------------------------------------------------------------------------- 1 | [PTConvertPrintTicketToDevMode] 2 | 1=HPTPROVIDER hProvider 3 | 2=IStream* pPrintTicket 4 | 3=[EDefaultDevmodeType] baseDevmodeType 5 | 4=[EPrintTicketScope] scope 6 | 5=ULONG* pcbDevmode 7 | 6=PDEVMODE* ppDevmode 8 | 7=BSTR* pbstrErrorMessage 9 | ParamCount=7 10 | Header=prntvpt.h.api;windows.h.api; 11 | @=PTConvertPrintTicketToDevMode 12 | [PTConvertDevModeToPrintTicket] 13 | 1=HPTPROVIDER hProvider 14 | 2=ULONG cbDevmode 15 | 3=PDEVMODE pDevmode 16 | 4=[EPrintTicketScope] scope 17 | 5=IStream* pPrintTicket 18 | ParamCount=5 19 | Header=prntvpt.h.api;windows.h.api; 20 | @=PTConvertDevModeToPrintTicket 21 | [PTReleaseMemory] 22 | 1=PVOID pBuffer 23 | ParamCount=1 24 | @=PTReleaseMemory 25 | [PTMergeAndValidatePrintTicket] 26 | 1=HPTPROVIDER hProvider 27 | 2=IStream* pBaseTicket 28 | 3=IStream* pDeltaTicket 29 | 4=[EPrintTicketScope] scope 30 | 5=IStream* pResultTicket 31 | 6=BSTR* pbstrErrorMessage 32 | ParamCount=6 33 | Header=prntvpt.h.api;windows.h.api; 34 | @=PTMergeAndValidatePrintTicket 35 | [PTGetPrintCapabilities] 36 | 1=HPTPROVIDER hProvider 37 | 2=IStream* pPrintTicket 38 | 3=IStream* pCapabilities 39 | 4=BSTR* pbstrErrorMessage 40 | ParamCount=4 41 | Header=prntvpt.h.api;windows.h.api; 42 | @=PTGetPrintCapabilities 43 | [PTOpenProvider] 44 | 1=PCWSTR pszPrinterName 45 | 2=DWORD version 46 | 3=HPTPROVIDER* phProvider 47 | ParamCount=3 48 | Header=prntvpt.h.api; 49 | @=PTOpenProvider 50 | [PTOpenProviderEx] 51 | 1=PCWSTR pszPrinterName 52 | 2=DWORD maxVersion 53 | 3=DWORD prefVersion 54 | 4=HPTPROVIDER* phProvider 55 | 5=DWORD* usedVersion 56 | ParamCount=5 57 | Header=prntvpt.h.api; 58 | @=PTOpenProviderEx 59 | [PTCloseProvider] 60 | 1=HPTPROVIDER hProvider 61 | ParamCount=1 62 | Header=prntvpt.h.api; 63 | @=PTCloseProvider 64 | [PTQuerySchemaVersionSupport] 65 | 1=PCWSTR pszPrinterName 66 | 2=DWORD* pMaxVersion 67 | ParamCount=2 68 | @=PTQuerySchemaVersionSupport 69 | -------------------------------------------------------------------------------- /apis_def/wdstptc.api: -------------------------------------------------------------------------------- 1 | [WdsTransportClientAddRefBuffer] 2 | 1=PVOID pvBuffer 3 | ParamCount=1 4 | @=WdsTransportClientAddRefBuffer 5 | [WdsTransportClientCancelSession] 6 | 1=HANDLE hSessionKey 7 | ParamCount=1 8 | Header=windows.h.api; 9 | @=WdsTransportClientCancelSession 10 | [WdsTransportClientCloseSession] 11 | 1=HANDLE hSessionKey 12 | ParamCount=1 13 | Header=windows.h.api; 14 | @=WdsTransportClientCloseSession 15 | [WdsTransportClientCompleteReceive] 16 | 1=HANDLE hSessionKey 17 | 2=HANDLE ulSize 18 | 3=PULARGE_INTEGER pullOffset 19 | ParamCount=3 20 | Header=windows.h.api; 21 | @=WdsTransportClientCompleteReceive 22 | [WdsTransportClientInitialize] 23 | ParamCount=0 24 | @=WdsTransportClientInitialize 25 | [WdsTransportClientInitializeSession] 26 | 1=PWDS_TRANSPORTCLIENT_REQUEST pSessionRequest 27 | 2=PVOID pCallerData 28 | 3=PHANDLE hSessionKey 29 | ParamCount=3 30 | Header=wdstptc.h.api;windows.h.api; 31 | @=WdsTransportClientInitializeSession 32 | [WdsTransportClientQueryStatus] 33 | 1=HANDLE hSessionKey 34 | 2=PULONG puStatus 35 | 3=PULONG puErrorCode 36 | ParamCount=3 37 | Header=windows.h.api; 38 | @=WdsTransportClientQueryStatus 39 | [WdsTransportClientRegisterCallback] 40 | 1=HANDLE hSessionKey 41 | 2=[TRANSPORTCLIENT_CALLBACK_ID] CallbackId 42 | 3=PVOID pfnCallback 43 | ParamCount=3 44 | Header=wdstptc.h.api;windows.h.api; 45 | @=WdsTransportClientRegisterCallback 46 | [WdsTransportClientReleaseBuffer] 47 | 1=PVOID pvBuffer 48 | ParamCount=1 49 | @=WdsTransportClientReleaseBuffer 50 | [WdsTransportClientShutdown] 51 | ParamCount=0 52 | @=WdsTransportClientShutdown 53 | [WdsTransportClientStartSession] 54 | 1=HANDLE hSessionKey 55 | ParamCount=1 56 | Header=windows.h.api; 57 | @=WdsTransportClientStartSession 58 | [WdsTransportClientWaitForCompletion] 59 | 1=HANDLE hSessionKey 60 | 2=ULONG uTimeout 61 | ParamCount=2 62 | Header=windows.h.api; 63 | @=WdsTransportClientWaitForCompletion 64 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara/proc.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_PROC_H 31 | #define YR_PROC_H 32 | 33 | #include "types.h" 34 | 35 | int yr_process_open_iterator( 36 | int pid, 37 | YR_MEMORY_BLOCK_ITERATOR* iterator); 38 | 39 | int yr_process_close_iterator( 40 | YR_MEMORY_BLOCK_ITERATOR* iterator); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara/exefiles.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_EXEFILES_H 31 | #define YR_EXEFILES_H 32 | 33 | uint64_t yr_get_entry_point_offset( 34 | uint8_t* buffer, 35 | size_t buffer_length); 36 | 37 | 38 | uint64_t yr_get_entry_point_address( 39 | uint8_t* buffer, 40 | size_t buffer_length, 41 | size_t base_address); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_YARA_H 31 | #define YR_YARA_H 32 | 33 | #include "yara/utils.h" 34 | #include "yara/filemap.h" 35 | #include "yara/compiler.h" 36 | #include "yara/modules.h" 37 | #include "yara/object.h" 38 | #include "yara/libyara.h" 39 | #include "yara/error.h" 40 | #include "yara/stream.h" 41 | #include "yara/hash.h" 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /apis_def/headers/powrprof.h.api: -------------------------------------------------------------------------------- 1 | [POWER_ACTION] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=POWER_ACTION_QUERY_ALLOWED 6 | Value1=0x00000001 7 | Const2=POWER_ACTION_UI_ALLOWED 8 | Value2=0x00000002 9 | Const3=POWER_ACTION_OVERRIDE_APPS 10 | Value3=0x00000004 11 | Const4=POWER_ACTION_PSEUDO_TRANSITION 12 | Value4=0x08000000 13 | Const5=POWER_ACTION_LIGHTEST_FIRST 14 | Value5=0x10000000 15 | Const6=POWER_ACTION_LOCK_CONSOLE 16 | Value6=0x20000000 17 | Const7=POWER_ACTION_DISABLE_WAKES 18 | Value7=0x40000000 19 | Const8=POWER_ACTION_CRITICAL 20 | Value8=0x80000000 21 | [POWER_LEVEL] 22 | TypeDisplay=DWORD 23 | Base=DWORD 24 | Type=Flag 25 | Const1=POWER_LEVEL_USER_NOTIFY_TEXT 26 | Value1=0x00000001 27 | Const2=POWER_LEVEL_USER_NOTIFY_SOUND 28 | Value2=0x00000002 29 | Const3=POWER_LEVEL_USER_NOTIFY_EXEC 30 | Value3=0x00000004 31 | Const4=POWER_USER_NOTIFY_BUTTON 32 | Value4=0x00000008 33 | Const5=POWER_USER_NOTIFY_SHUTDOWN 34 | Value5=0x00000010 35 | Const6=POWER_USER_NOTIFY_FORCED_SHUTDOWN 36 | Value6=0x00000020 37 | Const7=POWER_FORCE_TRIGGER_RESET 38 | Value7=0x80000000 39 | [POWER_PLATFORM_ROLE] 40 | Base=UINT 41 | Type=Enum 42 | Const1=PlatformRoleUnspecified 43 | Value1=0 44 | Const2=PlatformRoleDesktop 45 | Value2=1 46 | Const3=PlatformRoleMobile 47 | Value3=2 48 | Const4=PlatformRoleWorkstation 49 | Value4=3 50 | Const5=PlatformRoleEnterpriseServer 51 | Value5=4 52 | Const6=PlatformRoleSOHOServer 53 | Value6=5 54 | Const7=PlatformRoleAppliancePC 55 | Value7=6 56 | Const8=PlatformRolePerformanceServer 57 | Value8=7 58 | Const9=PlatformRoleSlate 59 | Value9=8 60 | [POWER_PLATFORM_ROLE_VERSION] 61 | TypeDisplay=ULONG 62 | Base=ULONG 63 | Type=Enum 64 | Const1=POWER_PLATFORM_ROLE_V1 65 | Value1=0x00000001 66 | Const2=POWER_PLATFORM_ROLE_V2 67 | Value2=0x00000002 68 | [DEVICEPOWER_FLAGS] 69 | TypeDisplay=ULONG 70 | Base=ULONG 71 | Type=Flag 72 | Const1=DEVICEPOWER_SET_WAKEENABLED 73 | Value1=0x00000001 74 | Const2=DEVICEPOWER_CLEAR_WAKEENABLED 75 | Value2=0x00000002 76 | -------------------------------------------------------------------------------- /apis_def/headers/imm32.h.api: -------------------------------------------------------------------------------- 1 | [IMFT] 2 | TypeDisplay=UINT 3 | Base=UINT 4 | Type=Flag 5 | Const1=IMFT_RADIOCHECK 6 | Value1=0x00001 7 | Const2=IMFT_SEPARATOR 8 | Value2=0x00002 9 | Const3=IMFT_SUBMENU 10 | Value3=0x00004 11 | [IMFS] 12 | TypeDisplay=UINT 13 | Base=UINT 14 | Type=Flag 15 | Const1=IMFS_DISABLED 16 | Value1=0x00000003 17 | Const2=IMFS_CHECKED 18 | Value2=0x00000008 19 | Const3=IMFS_HILITE 20 | Value3=0x00000080 21 | Const4=IMFS_DEFAULT 22 | Value4=0x00001000 23 | [IME_CAND] 24 | TypeDisplay=DWORD 25 | Base=DWORD 26 | Type=Enum 27 | Const1=IME_CAND_UNKNOWN 28 | Value1=0x0000 29 | Const2=IME_CAND_READ 30 | Value2=0x0001 31 | Const3=IME_CAND_CODE 32 | Value3=0x0002 33 | Const4=IME_CAND_MEANING 34 | Value4=0x0003 35 | Const5=IME_CAND_RADICAL 36 | Value5=0x0004 37 | Const6=IME_CAND_STROKE 38 | Value6=0x0005 39 | [ImmNotifyAction] 40 | TypeDisplay=DWORD 41 | Base=DWORD 42 | Type=Enum 43 | Const1=NI_OPENCANDIDATE 44 | Value1=0x0010 45 | Const2=NI_CLOSECANDIDATE 46 | Value2=0x0011 47 | Const3=NI_SELECTCANDIDATESTR 48 | Value3=0x0012 49 | Const4=NI_CHANGECANDIDATELIST 50 | Value4=0x0013 51 | Const5=NI_FINALIZECONVERSIONRESULT 52 | Value5=0x0014 53 | Const6=NI_COMPOSITIONSTR 54 | Value6=0x0015 55 | Const7=NI_SETCANDIDATE_PAGESTART 56 | Value7=0x0016 57 | Const8=NI_SETCANDIDATE_PAGESIZE 58 | Value8=0x0017 59 | Const9=NI_IMEMENUSELECTED 60 | Value9=0x0018 61 | [CompositionString] 62 | TypeDisplay=DWORD 63 | Base=DWORD 64 | Type=Enum 65 | Const1=CPS_COMPLETE 66 | Value1=0x0001 67 | Const2=CPS_CONVERT 68 | Value2=0x0002 69 | Const3=CPS_REVERT 70 | Value3=0x0003 71 | Const4=CPS_CANCEL 72 | Value4=0x0004 73 | [ImmGetPropertyIndex] 74 | TypeDisplay=DWORD 75 | Base=DWORD 76 | Type=Enum 77 | Const1=IGP_GETIMEVERSION 78 | Value1=-4 79 | Const2=IGP_PROPERTY 80 | Value2=0x00000004 81 | Const3=IGP_CONVERSION 82 | Value3=0x00000008 83 | Const4=IGP_SENTENCE 84 | Value4=0x0000000c 85 | Const5=IGP_UI 86 | Value5=0x00000010 87 | Const6=IGP_SETCOMPSTR 88 | Value6=0x00000014 89 | Const7=IGP_SELECT 90 | Value7=0x00000018 91 | -------------------------------------------------------------------------------- /apis_def/rstrtmgr.api: -------------------------------------------------------------------------------- 1 | [RmAddFilter] 2 | 1=DWORD dwSessionHandle 3 | 2=LPCWSTR strFilename 4 | 3=RM_UNIQUE_PROCESS* Application 5 | 4=LPCWSTR strShortServiceName 6 | 5=[RM_FILTER_ACTION] ActionType 7 | ParamCount=5 8 | Header=rstrtmgr.h.api; 9 | @=RmAddFilter 10 | [RmStartSession] 11 | 1=DWORD* pSessionHandle 12 | 2=DWORD dwSessionFlags 13 | 3=WCHAR [] strSessionKey 14 | ParamCount=3 15 | @=RmStartSession 16 | [RmJoinSession] 17 | 1=DWORD* pSessionHandle 18 | 2=const WCHAR [] strSessionKey 19 | ParamCount=2 20 | Header=rstrtmgr.h.api; 21 | @=RmJoinSession 22 | [RmEndSession] 23 | 1=DWORD dwSessionHandle 24 | ParamCount=1 25 | @=RmEndSession 26 | [RmRegisterResources] 27 | 1=DWORD dwSessionHandle 28 | 2=UINT nFiles 29 | 3=LPCWSTR [] rgsFileNames 30 | 4=UINT nApplications 31 | 5=RM_UNIQUE_PROCESS [] rgApplications 32 | 6=UINT nServices 33 | 7=LPCWSTR [] rgsServiceNames 34 | ParamCount=7 35 | Header=rstrtmgr.h.api; 36 | @=RmRegisterResources 37 | [RmGetList] 38 | 1=DWORD dwSessionHandle 39 | 2=UINT* pnProcInfoNeeded 40 | 3=UINT* pnProcInfo 41 | 4=RM_PROCESS_INFO [] rgAffectedApps 42 | 5=LPDWORD lpdwRebootReasons 43 | ParamCount=5 44 | Header=rstrtmgr.h.api; 45 | @=RmGetList 46 | [RmGetFilterList] 47 | 1=DWORD dwSessionHandle 48 | 2=PBYTE pbFilterBuf 49 | 3=DWORD cbFilterBuf 50 | 4=LPDWORD cbFilterBufNeeded 51 | ParamCount=4 52 | @=RmGetFilterList 53 | [RmShutdown] 54 | 1=DWORD dwSessionHandle 55 | 2=ULONG lActionFlags 56 | 3=RM_WRITE_STATUS_CALLBACK fnStatus 57 | ParamCount=3 58 | Header=rstrtmgr.h.api; 59 | @=RmShutdown 60 | [RmRemoveFilter] 61 | 1=DWORD dwSessionHandle 62 | 2=LPCWSTR strFilename 63 | 3=RM_UNIQUE_PROCESS* Application 64 | 4=LPCWSTR strShortServiceName 65 | ParamCount=4 66 | Header=rstrtmgr.h.api; 67 | @=RmRemoveFilter 68 | [RmRestart] 69 | 1=DWORD dwSessionHandle 70 | 2=DWORD dwRestartFlags 71 | 3=RM_WRITE_STATUS_CALLBACK fnStatus 72 | ParamCount=3 73 | Header=rstrtmgr.h.api; 74 | @=RmRestart 75 | [RmCancelCurrentTask] 76 | 1=DWORD dwSessionHandle 77 | ParamCount=1 78 | @=RmCancelCurrentTask 79 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara/scan.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_SCAN_H 31 | #define YR_SCAN_H 32 | 33 | #include "types.h" 34 | 35 | // Bitmasks for flags. 36 | #define SCAN_FLAGS_FAST_MODE 1 37 | #define SCAN_FLAGS_PROCESS_MEMORY 2 38 | 39 | 40 | int yr_scan_verify_match( 41 | YR_SCAN_CONTEXT* context, 42 | YR_AC_MATCH* ac_match, 43 | uint8_t* data, 44 | size_t data_size, 45 | size_t data_base, 46 | size_t offset); 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /apis_def/headers/cryptxml.h.api: -------------------------------------------------------------------------------- 1 | [CRYPT_XML_CHARSET] 2 | Base=UINT 3 | Type=Enum 4 | Const1=CRYPT_XML_CHARSET_AUTO 5 | Value1=0 6 | Const2=CRYPT_XML_CHARSET_UTF8 7 | Value2=1 8 | Const3=CRYPT_XML_CHARSET_UTF16LE 9 | Value3=2 10 | Const4=CRYPT_XML_CHARSET_UTF16BE 11 | Value4=3 12 | [CRYPT_XML_KEY_VALUE_TYPE] 13 | TypeDisplay=DWORD 14 | Base=DWORD 15 | Type=Enum 16 | Const1=CRYPT_XML_KEY_VALUE_TYPE_DSA 17 | Value1=0x00000001 18 | Const2=CRYPT_XML_KEY_VALUE_TYPE_RSA 19 | Value2=0x00000002 20 | Const3=CRYPT_XML_KEY_VALUE_TYPE_ECDSA 21 | Value3=0x00000003 22 | Const4=CRYPT_XML_KEY_VALUE_TYPE_CUSTOM 23 | Value4=0x00000004 24 | [CRYPT_XML_X509DATA_TYPE] 25 | TypeDisplay=DWORD 26 | Base=DWORD 27 | Type=Enum 28 | Const1=CRYPT_XML_X509DATA_TYPE_ISSUER_SERIAL 29 | Value1=0x00000001 30 | Const2=CRYPT_XML_X509DATA_TYPE_SKI 31 | Value2=0x00000002 32 | Const3=CRYPT_XML_X509DATA_TYPE_SUBJECT_NAME 33 | Value3=0x00000003 34 | Const4=CRYPT_XML_X509DATA_TYPE_CERTIFICATE 35 | Value4=0x00000004 36 | Const5=CRYPT_XML_X509DATA_TYPE_CRL 37 | Value5=0x00000005 38 | Const6=CRYPT_XML_X509DATA_TYPE_CUSTOM 39 | Value6=0x00000006 40 | [CRYPT_XML_KEYINFO_TYPE] 41 | TypeDisplay=DWORD 42 | Base=DWORD 43 | Type=Enum 44 | Const1=CRYPT_XML_KEYINFO_TYPE_KEYNAME 45 | Value1=0x00000001 46 | Const2=CRYPT_XML_KEYINFO_TYPE_KEYVALUE 47 | Value2=0x00000002 48 | Const3=CRYPT_XML_KEYINFO_TYPE_RETRIEVAL 49 | Value3=0x00000003 50 | Const4=CRYPT_XML_KEYINFO_TYPE_X509DATA 51 | Value4=0x00000004 52 | Const5=CRYPT_XML_KEYINFO_TYPE_CUSTOM 53 | Value5=0x00000005 54 | [CRYPT_XML_PROPERTY_ID] 55 | Base=UINT 56 | Type=Enum 57 | Const1=CRYPT_XML_PROPERTY_MAX_HEAP_SIZE 58 | Value1=1 59 | Const2=CRYPT_XML_PROPERTY_SIGNATURE_LOCATION 60 | Value2=2 61 | Const3=CRYPT_XML_PROPERTY_MAX_SIGNATURES 62 | Value3=3 63 | Const4=CRYPT_XML_PROPERTY_DOC_DECLARATION 64 | Value4=4 65 | Const5=CRYPT_XML_PROPERTY_XML_OUTPUT_CHARSET 66 | Value5=5 67 | [CRYPT_XML_KEYINFO_SPEC] 68 | Base=UINT 69 | Type=Enum 70 | Const1=CRYPT_XML_KEYINFO_SPEC_NONE 71 | Value1=0 72 | Const2=CRYPT_XML_KEYINFO_SPEC_ENCODED 73 | Value2=1 74 | Const3=CRYPT_XML_KEYINFO_SPEC_PARAM 75 | Value3=2 76 | -------------------------------------------------------------------------------- /apis_def/api-ms-win-net-isolation-l1.api: -------------------------------------------------------------------------------- 1 | [NetworkIsolationDiagnoseConnectFailureAndGetInfo] 2 | 1=LPCWSTR wszServerName 3 | 2=NETISO_ERROR_TYPE* netIsoError 4 | ParamCount=2 5 | Header=api-ms-win-net-isolation-l1.h.api; 6 | @=NetworkIsolationDiagnoseConnectFailureAndGetInfo 7 | [NetworkIsolationEnumAppContainers] 8 | 1=DWORD Flags 9 | 2=DWORD* pdwNumPublicAppCs 10 | 3=PINET_FIREWALL_APP_CONTAINER* ppPublicAppCs 11 | ParamCount=3 12 | Header=api-ms-win-net-isolation-l1.h.api; 13 | @=NetworkIsolationEnumAppContainers 14 | [NetworkIsolationEnumerateAppContainerRules] 15 | 1=IEnumVARIANT** newEnum 16 | ParamCount=1 17 | @=NetworkIsolationEnumerateAppContainerRules 18 | [NetworkIsolationFreeAppContainers] 19 | 1=PINET_FIREWALL_APP_CONTAINER pPublicAppCs 20 | ParamCount=1 21 | Header=api-ms-win-net-isolation-l1.h.api; 22 | @=NetworkIsolationFreeAppContainers 23 | [NetworkIsolationGetAppContainerConfig] 24 | 1=DWORD* pdwNumPublicAppCs 25 | 2=PSID_AND_ATTRIBUTES* appContainerSids 26 | ParamCount=2 27 | Header=security.h.api; 28 | @=NetworkIsolationGetAppContainerConfig 29 | [NetworkIsolationRegisterForAppContainerChanges] 30 | 1=DWORD flags 31 | 2=PAC_CHANGES_CALLBACK_FN callback 32 | 3=PVOID context 33 | 4=HANDLE* registrationObject 34 | ParamCount=4 35 | Header=api-ms-win-net-isolation-l1.h.api;windows.h.api; 36 | @=NetworkIsolationRegisterForAppContainerChanges 37 | [NetworkIsolationSetAppContainerConfig] 38 | 1=DWORD dwNumPublicAppCs 39 | 2=PSID_AND_ATTRIBUTES appContainerSids 40 | ParamCount=2 41 | Header=security.h.api; 42 | @=NetworkIsolationSetAppContainerConfig 43 | [NetworkIsolationSetupAppContainerBinaries] 44 | 1=PSID applicationContainerSid 45 | 2=LPCWSTR packageFullName 46 | 3=LPCWSTR packageFolder 47 | 4=LPCWSTR displayName 48 | 5=BOOL bBinariesFullyComputed 49 | 6=LPCWSTR* binaries 50 | 7=DWORD binariesCount 51 | ParamCount=7 52 | Header=windows.h.api; 53 | @=NetworkIsolationSetupAppContainerBinaries 54 | [NetworkIsolationUnregisterForAppContainerChanges] 55 | 1=HANDLE registrationObject 56 | ParamCount=1 57 | Header=windows.h.api; 58 | @=NetworkIsolationUnregisterForAppContainerChanges 59 | -------------------------------------------------------------------------------- /apis_def/activeds.api: -------------------------------------------------------------------------------- 1 | [ADsBuildEnumerator] 2 | 1=IADsContainer* pADsContainer 3 | 2=IEnumVARIANT** ppEnumVariant 4 | ParamCount=2 5 | @=ADsBuildEnumerator 6 | [ADsBuildVarArrayInt] 7 | 1=LPDWORD lpdwObjectTypes 8 | 2=DWORD dwObjectTypes 9 | 3=VARIANT* pVar 10 | ParamCount=3 11 | Header=ole.h.api; 12 | @=ADsBuildVarArrayInt 13 | [ADsBuildVarArrayStr] 14 | 1=LPWSTR* lppPathNames 15 | 2=DWORD dwPathNames 16 | 3=VARIANT* pVar 17 | ParamCount=3 18 | Header=ole.h.api; 19 | @=ADsBuildVarArrayStr 20 | [ADsEncodeBinaryData] 21 | 1=PBYTE pbSrcData 22 | 2=DWORD dwSrcLen 23 | 3=LPWSTR* ppszDestData 24 | ParamCount=3 25 | @=ADsEncodeBinaryData 26 | [ADsEnumerateNext] 27 | 1=IEnumVARIANT* pEnumVariant 28 | 2=ULONG cElements 29 | 3=VARIANT* pvar 30 | 4=ULONG* pcElementsFetched 31 | ParamCount=4 32 | Header=ole.h.api; 33 | @=ADsEnumerateNext 34 | [ADsFreeEnumerator] 35 | 1=IEnumVARIANT* pEnumVariant 36 | ParamCount=1 37 | @=ADsFreeEnumerator 38 | [ADsGetLastError] 39 | 1=LPDWORD lpError 40 | 2=LPWSTR lpErrorBuf 41 | 3=DWORD dwErrorBufLen 42 | 4=LPWSTR lpNameBuf 43 | 5=DWORD dwNameBufLen 44 | ParamCount=5 45 | @=ADsGetLastError 46 | [ADsGetObject] 47 | 1=LPWSTR lpszPathName 48 | 2=REFIID riid 49 | 3=VOID** ppObject 50 | ParamCount=3 51 | Header=windows.h.api; 52 | @=ADsGetObject 53 | [ADsOpenObject] 54 | 1=LPWSTR lpszPathName 55 | 2=LPWSTR lpszUserName 56 | 3=LPWSTR lpszPassword 57 | 4=DWORD dwReserved 58 | 5=REFIID riid 59 | 6=VOID** ppObject 60 | ParamCount=6 61 | Header=windows.h.api; 62 | @=ADsOpenObject 63 | [ADsSetLastError] 64 | 1=DWORD dwErr 65 | 2=LPWSTR pszError 66 | 3=LPWSTR pszProvider 67 | ParamCount=3 68 | @=ADsSetLastError 69 | [AllocADsMem] 70 | 1=DWORD cb 71 | ParamCount=1 72 | @=AllocADsMem 73 | [AllocADsStr] 74 | 1=LPWSTR pStr 75 | ParamCount=1 76 | @=AllocADsStr 77 | [FreeADsMem] 78 | 1=LPVOID pMem 79 | ParamCount=1 80 | @=FreeADsMem 81 | [FreeADsStr] 82 | 1=LPWSTR pStr 83 | ParamCount=1 84 | @=FreeADsStr 85 | [ReallocADsMem] 86 | 1=LPVOID pOldMem 87 | 2=DWORD cbOld 88 | 3=DWORD cbNew 89 | ParamCount=3 90 | @=ReallocADsMem 91 | [ReallocADsStr] 92 | 1=LPWSTR* ppStr 93 | 2=LPWSTR pStr 94 | ParamCount=2 95 | @=ReallocADsStr 96 | -------------------------------------------------------------------------------- /apis_def/headers/cabinet.h.api: -------------------------------------------------------------------------------- 1 | [TCOMP] 2 | Base=USHORT 3 | Type=Flag 4 | Const1=tcompTYPE_MSZIP 5 | Value1=0x0001 6 | Const2=tcompTYPE_QUANTUM 7 | Value2=0x0002 8 | Const3=tcompTYPE_LZX 9 | Value3=0x0003 10 | [FCIERROR] 11 | TypeDisplay=int 12 | Base=int 13 | Type=Enum 14 | Const1=FCIERR_NONE 15 | Value1=0 16 | Const2=FCIERR_OPEN_SRC 17 | Value2=1 18 | Const3=FCIERR_READ_SRC 19 | Value3=2 20 | Const4=FCIERR_ALLOC_FAIL 21 | Value4=3 22 | Const5=FCIERR_TEMP_FILE 23 | Value5=4 24 | Const6=FCIERR_BAD_COMPR_TYPE 25 | Value6=5 26 | Const7=FCIERR_CAB_FILE 27 | Value7=6 28 | Const8=FCIERR_USER_ABORT 29 | Value8=7 30 | Const9=FCIERR_MCI_FAIL 31 | Value9=8 32 | Const10=FCIERR_CAB_FORMAT_LIMIT 33 | Value10=9 34 | [FDIERROR] 35 | TypeDisplay=int 36 | Base=int 37 | Type=Enum 38 | Const1=FDIERROR_NONE 39 | Value1=0 40 | Const2=FDIERROR_CABINET_NOT_FOUND 41 | Value2=1 42 | Const3=FDIERROR_NOT_A_CABINET 43 | Value3=2 44 | Const4=FDIERROR_UNKNOWN_CABINET_VERSION 45 | Value4=3 46 | Const5=FDIERROR_CORRUPT_CABINET 47 | Value5=4 48 | Const6=FDIERROR_ALLOC_FAIL 49 | Value6=5 50 | Const7=FDIERROR_BAD_COMPR_TYPE 51 | Value7=6 52 | Const8=FDIERROR_MDI_FAIL 53 | Value8=7 54 | Const9=FDIERROR_TARGET_FILE 55 | Value9=8 56 | Const10=FDIERROR_RESERVE_MISMATCH 57 | Value10=9 58 | Const11=FDIERROR_WRONG_CABINET 59 | Value11=10 60 | Const12=FDIERROR_USER_ABORT 61 | Value12=11 62 | [PERF_FCI] 63 | TypeDisplay=PERF 64 | Base=[ERF_FCI] 65 | [PERF_FDI] 66 | TypeDisplay=PERF 67 | Base=[ERF_FDI] 68 | [COMPRESS_ALGORITHM] 69 | TypeDisplay=DWORD 70 | Base=DWORD 71 | Type=Flag 72 | Const1=COMPRESS_ALGORITHM_INVALID 73 | Value1=0 74 | Const2=COMPRESS_ALGORITHM_NULL 75 | Value2=1 76 | Const3=COMPRESS_ALGORITHM_MSZIP 77 | Value3=2 78 | Const4=COMPRESS_ALGORITHM_XPRESS 79 | Value4=3 80 | Const5=COMPRESS_ALGORITHM_XPRESS_HUFF 81 | Value5=4 82 | Const6=COMPRESS_ALGORITHM_LZMS 83 | Value6=5 84 | Const7=COMPRESS_RAW 85 | Value7=0x20000000 86 | [COMPRESS_INFORMATION_CLASS] 87 | Base=UINT 88 | Type=Enum 89 | Const1=COMPRESS_INFORMATION_CLASS_INVALID 90 | Value1=0 91 | Const2=COMPRESS_INFORMATION_CLASS_BLOCK_SIZE 92 | Value2=1 93 | Const3=COMPRESS_INFORMATION_CLASS_LEVEL 94 | Value3=2 95 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/jansson/jansson_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2016 Petri Lehtinen 3 | * 4 | * Jansson is free software; you can redistribute it and/or modify 5 | * it under the terms of the MIT license. See LICENSE for details. 6 | * 7 | * 8 | * This file specifies a part of the site-specific configuration for 9 | * Jansson, namely those things that affect the public API in 10 | * jansson.h. 11 | * 12 | * The CMake system will generate the jansson_config.h file and 13 | * copy it to the build and install directories. 14 | */ 15 | 16 | #ifndef JANSSON_CONFIG_H 17 | #define JANSSON_CONFIG_H 18 | 19 | /* Define this so that we can disable scattered automake configuration in source files */ 20 | #ifndef JANSSON_USING_CMAKE 21 | #define JANSSON_USING_CMAKE 22 | #endif 23 | 24 | /* Note: when using cmake, JSON_INTEGER_IS_LONG_LONG is not defined nor used, 25 | * as we will also check for __int64 etc types. 26 | * (the definition was used in the automake system) */ 27 | 28 | /* Bring in the cmake-detected defines */ 29 | #define HAVE_STDINT_H 1 30 | /* #undef HAVE_INTTYPES_H */ 31 | /* #undef HAVE_SYS_TYPES_H */ 32 | 33 | /* Include our standard type header for the integer typedef */ 34 | 35 | #if defined(HAVE_STDINT_H) 36 | # include 37 | #elif defined(HAVE_INTTYPES_H) 38 | # include 39 | #elif defined(HAVE_SYS_TYPES_H) 40 | # include 41 | #endif 42 | 43 | 44 | /* If your compiler supports the inline keyword in C, JSON_INLINE is 45 | defined to `inline', otherwise empty. In C++, the inline is always 46 | supported. */ 47 | #ifdef __cplusplus 48 | #define JSON_INLINE inline 49 | #else 50 | #define JSON_INLINE __inline 51 | #endif 52 | 53 | 54 | #define json_int_t long long 55 | #define json_strtoint strtoll 56 | #define JSON_INTEGER_FORMAT "I64d" 57 | 58 | 59 | /* If locale.h and localeconv() are available, define to 1, otherwise to 0. */ 60 | #define JSON_HAVE_LOCALECONV 1 61 | 62 | 63 | /* Maximum recursion depth for parsing JSON input. 64 | This limits the depth of e.g. array-within-array constructions. */ 65 | #define JSON_PARSER_MAX_DEPTH 2048 66 | 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /apis_def/headers/bcrypt.h.api: -------------------------------------------------------------------------------- 1 | [CryptConfigTable] 2 | TypeDisplay=ULONG 3 | Base=ULONG 4 | Type=Enum 5 | Const1=CRYPT_LOCAL 6 | Value1=0x00000001 7 | Const2=CRYPT_DOMAIN 8 | Value2=0x00000002 9 | [CryptInterface] 10 | TypeDisplay=ULONG 11 | Base=ULONG 12 | Type=Enum 13 | Const1=BCRYPT_CIPHER_INTERFACE 14 | Value1=0x00000001 15 | Const2=BCRYPT_HASH_INTERFACE 16 | Value2=0x00000002 17 | Const3=BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE 18 | Value3=0x00000003 19 | Const4=BCRYPT_SECRET_AGREEMENT_INTERFACE 20 | Value4=0x00000004 21 | Const5=BCRYPT_SIGNATURE_INTERFACE 22 | Value5=0x00000005 23 | Const6=BCRYPT_RNG_INTERFACE 24 | Value6=0x00000006 25 | Const7=NCRYPT_KEY_STORAGE_INTERFACE 26 | Value7=0x00010001 27 | Const8=NCRYPT_SCHANNEL_INTERFACE 28 | Value8=0x00010002 29 | Const9=NCRYPT_SCHANNEL_SIGNATURE_INTERFACE 30 | Value9=0x00010003 31 | [CryptPriority] 32 | TypeDisplay=ULONG 33 | Base=ULONG 34 | Type=Enum 35 | Const1=CRYPT_PRIORITY_TOP 36 | Value1=0x00000000 37 | Const2=CRYPT_PRIORITY_BOTTOM 38 | Value2=0xFFFFFFFF 39 | [CryptOperation] 40 | TypeDisplay=ULONG 41 | Base=ULONG 42 | Type=Flag 43 | Const1=BCRYPT_CIPHER_OPERATION 44 | Value1=0x00000001 45 | Const2=BCRYPT_HASH_OPERATION 46 | Value2=0x00000002 47 | Const3=BCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION 48 | Value3=0x00000004 49 | Const4=BCRYPT_SECRET_AGREEMENT_OPERATION 50 | Value4=0x00000008 51 | Const5=BCRYPT_SIGNATURE_OPERATION 52 | Value5=0x00000010 53 | Const6=BCRYPT_RNG_OPERATION 54 | Value6=0x00000020 55 | [CryptMode] 56 | TypeDisplay=ULONG 57 | Base=ULONG 58 | Type=Enum 59 | Const1=CRYPT_UM 60 | Value1=0x00000001 61 | Const2=CRYPT_KM 62 | Value2=0x00000002 63 | Const3=CRYPT_MM 64 | Value3=0x00000003 65 | Const4=CRYPT_ANY 66 | Value4=0x00000004 67 | [CryptEnumFlags] 68 | TypeDisplay=ULONG 69 | Base=ULONG 70 | Type=Flag 71 | Const1=CRYPT_ALL_FUNCTIONS 72 | Value1=0x00000001 73 | Const2=CRYPT_ALL_PROVIDERS 74 | Value2=0x00000002 75 | [CryptDeriveKeyFlags] 76 | TypeDisplay=ULONG 77 | Base=ULONG 78 | Type=Flag 79 | Const1=KDF_USE_SECRET_AS_HMAC_KEY_FLAG 80 | Value1=0x1 81 | [BCryptOpenAlgorithmProviderFlags] 82 | TypeDisplay=DWORD 83 | Base=ULONG 84 | Type=Flag 85 | Const1=BCRYPT_PROV_DISPATCH 86 | Value1=0x00000001 87 | Const2=BCRYPT_ALG_HANDLE_HMAC_FLAG 88 | Value2=0x00000008 89 | -------------------------------------------------------------------------------- /apis_def/cryptui.api: -------------------------------------------------------------------------------- 1 | [CryptUIWizDigitalSign] 2 | 1=DWORD dwFlags 3 | 2=HWND hwndParent 4 | 3=LPCWSTR pwszWizardTitle 5 | 4=PCCRYPTUI_WIZ_DIGITAL_SIGN_INFO pDigitalSignInfo 6 | 5=PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT* ppSignContext 7 | ParamCount=5 8 | Header=cryptui.h.api;windows.h.api; 9 | @=CryptUIWizDigitalSign 10 | [CryptUIWizFreeDigitalSignContext] 11 | 1=PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT pSignContext 12 | ParamCount=1 13 | Header=cryptui.h.api; 14 | @=CryptUIWizFreeDigitalSignContext 15 | [CryptUIWizExport] 16 | 1=[CryptUiWizFlags] dwFlags 17 | 2=HWND hwndParent 18 | 3=LPCWSTR pwszWizardTitle 19 | 4=PCCRYPTUI_WIZ_EXPORT_INFO pExportInfo 20 | 5=void* pvoid 21 | ParamCount=5 22 | Header=cryptui.h.api;windows.h.api; 23 | @=CryptUIWizExport 24 | [CryptUIWizImport] 25 | 1=[CryptUiWizFlags] dwFlags 26 | 2=HWND hwndParent 27 | 3=LPCWSTR pwszWizardTitle 28 | 4=PCCRYPTUI_WIZ_IMPORT_SRC_INFO pImportSrc 29 | 5=HCERTSTORE hDestCertStore 30 | ParamCount=5 31 | Header=cryptui.h.api;cryptography.h.api;windows.h.api; 32 | @=CryptUIWizImport 33 | [CryptUIDlgCertMgr] 34 | 1=PCCRYPTUI_CERT_MGR_STRUCT pCryptUICertMgr 35 | ParamCount=1 36 | Header=cryptui.h.api; 37 | @=CryptUIDlgCertMgr 38 | [CryptUIDlgSelectCertificate] 39 | 1=PCCRYPTUI_SELECTCERTIFICATE_STRUCT pcsc 40 | ParamCount=1 41 | Header=cryptui.h.api; 42 | @=CryptUIDlgSelectCertificate 43 | [CryptUIDlgSelectCertificateFromStore] 44 | 1=HCERTSTORE hCertStore 45 | 2=HWND hwnd 46 | 3=LPCWSTR pwszTitle 47 | 4=LPCWSTR pwszDisplayString 48 | 5=DWORD dwDontUseColumn 49 | 6=DWORD dwFlags 50 | 7=void* pvReserved 51 | ParamCount=7 52 | Header=cryptography.h.api;windows.h.api; 53 | @=CryptUIDlgSelectCertificateFromStore 54 | [CryptUIDlgViewCertificate] 55 | 1=PCCRYPTUI_VIEWCERTIFICATE_STRUCT pCertViewInfo 56 | 2=BOOL* pfPropertiesChanged 57 | ParamCount=2 58 | Header=cryptui.h.api; 59 | @=CryptUIDlgViewCertificate 60 | [CryptUIDlgViewContext] 61 | 1=DWORD dwContextType 62 | 2=const void* pvContext 63 | 3=HWND hwnd 64 | 4=LPCWSTR pwszTitle 65 | 5=DWORD dwFlags 66 | 6=void* pvReserved 67 | ParamCount=6 68 | Header=windows.h.api; 69 | @=CryptUIDlgViewContext 70 | [CryptUIDlgViewSignerInfo] 71 | 1=CRYPTUI_VIEWSIGNERINFO_STRUCT* pcvsi 72 | ParamCount=1 73 | Header=cryptui.h.api; 74 | @=CryptUIDlgViewSignerInfo 75 | -------------------------------------------------------------------------------- /apis_def/headers/oledlg.h.api: -------------------------------------------------------------------------------- 1 | [ChangeIconFlag] 2 | TypeDisplay=DWORD 3 | Base=DWORD 4 | Type=Flag 5 | Const1=CIF_SHOWHELP 6 | Value1=0x00000001 7 | Const2=CIF_SELECTCURRENT 8 | Value2=0x00000002 9 | Const3=CIF_SELECTDEFAULT 10 | Value3=0x00000004 11 | Const4=CIF_SELECTFROMFILE 12 | Value4=0x00000008 13 | Const5=CIF_USEICONEXE 14 | Value5=0x00000010 15 | [PasteSpecialFlag] 16 | TypeDisplay=DWORD 17 | Base=DWORD 18 | Type=Flag 19 | Const1=PSF_SHOWHELP 20 | Value1=0x00000001 21 | Const2=PSF_SELECTPASTE 22 | Value2=0x00000002 23 | Const3=PSF_SELECTPASTELINK 24 | Value3=0x00000004 25 | Const4=PSF_CHECKDISPLAYASICON 26 | Value4=0x00000008 27 | Const5=PSF_DISABLEDISPLAYASICON 28 | Value5=0x00000010 29 | Const6=PSF_HIDECHANGEICON 30 | Value6=0x00000020 31 | Const7=PSF_STAYONCLIPBOARDCHANGE 32 | Value7=0x00000040 33 | Const8=PSF_NOREFRESHDATAOBJECT 34 | Value8=0x00000080 35 | [OLEUIPASTEFLAG] 36 | TypeDisplay=DWORD 37 | Base=DWORD 38 | Type=Flag 39 | Const1=OLEUIPASTE_ENABLEICON 40 | Value1=2048 41 | Const2=OLEUIPASTE_PASTEONLY 42 | Value2=0 43 | Const3=OLEUIPASTE_PASTE 44 | Value3=512 45 | Const4=OLEUIPASTE_LINKANYTYPE 46 | Value4=1024 47 | Const5=OLEUIPASTE_LINKTYPE1 48 | Value5=1 49 | Const6=OLEUIPASTE_LINKTYPE2 50 | Value6=2 51 | Const7=OLEUIPASTE_LINKTYPE3 52 | Value7=4 53 | Const8=OLEUIPASTE_LINKTYPE4 54 | Value8=8 55 | Const9=OLEUIPASTE_LINKTYPE5 56 | Value9=16 57 | Const10=OLEUIPASTE_LINKTYPE6 58 | Value10=32 59 | Const11=OLEUIPASTE_LINKTYPE7 60 | Value11=64 61 | Const12=OLEUIPASTE_LINKTYPE8 62 | Value12=128 63 | [ObjectPropFlags] 64 | TypeDisplay=DWORD 65 | Base=DWORD 66 | Type=Flag 67 | Const1=OPF_OBJECTISLINK 68 | Value1=0x00000001 69 | Const2=OPF_NOFILLDEFAULT 70 | Value2=0x00000002 71 | Const3=OPF_SHOWHELP 72 | Value3=0x00000004 73 | Const4=OPF_DISABLECONVERT 74 | Value4=0x00000008 75 | [ViewPropsFlags] 76 | TypeDisplay=DWORD 77 | Base=DWORD 78 | Type=Flag 79 | Const1=VPF_SELECTRELATIVE 80 | Value1=0x00000001 81 | Const2=VPF_DISABLERELATIVE 82 | Value2=0x00000002 83 | Const3=VPF_DISABLESCALE 84 | Value3=0x00000004 85 | [ChangeSourceFlags] 86 | TypeDisplay=DWORD 87 | Base=DWORD 88 | Type=Flag 89 | Const1=CSF_SHOWHELP 90 | Value1=0x00000001 91 | Const2=CSF_VALIDSOURCE 92 | Value2=0x00000002 93 | Const3=CSF_ONLYGETSOURCE 94 | Value3=0x00000004 95 | Const4=CSF_EXPLORER 96 | Value4=0x00000008 97 | -------------------------------------------------------------------------------- /apis_def/dhcpcsvc.api: -------------------------------------------------------------------------------- 1 | [DhcpCApiCleanup] 2 | ParamCount=0 3 | @=DhcpCApiCleanup 4 | [DhcpDeRegisterParamChange] 5 | 1=DWORD Flags 6 | 2=LPVOID Reserved 7 | 3=LPVOID Event 8 | ParamCount=3 9 | @=DhcpDeRegisterParamChange 10 | [DhcpRegisterParamChange] 11 | 1=DWORD Flags 12 | 2=LPVOID Reserved 13 | 3=LPWSTR AdapterName 14 | 4=LPDHCPCAPI_CLASSID pClassId 15 | 5=DHCPCAPI_PARAMS_ARRAY Params 16 | 6=LPVOID Handle 17 | ParamCount=6 18 | Header= 19 | @=DhcpRegisterParamChange 20 | [DhcpRequestParams] 21 | 1=DWORD Flags 22 | 2=LPVOID Reserved 23 | 3=LPWSTR AdapterName 24 | 4=LPDHCPCAPI_CLASSID ClassId 25 | 5=DHCPCAPI_PARAMS_ARRAY SendParams 26 | 6=DHCPCAPI_PARAMS_ARRAY RecdParams 27 | 7=LPBYTE Buffer 28 | 8=LPDWORD pSize 29 | 9=LPWSTR RequestIdStr 30 | ParamCount=9 31 | Header= 32 | @=DhcpRequestParams 33 | [DhcpRemoveDNSRegistrations] 34 | ParamCount=0 35 | @=DhcpRemoveDNSRegistrations 36 | [DhcpUndoRequestParams] 37 | 1=DWORD Flags 38 | 2=LPVOID Reserved 39 | 3=LPWSTR AdapterName 40 | 4=LPWSTR RequestIdStr 41 | ParamCount=4 42 | @=DhcpUndoRequestParams 43 | [DhcpCApiInitialize] 44 | 1=LPDWORD Version 45 | ParamCount=1 46 | @=DhcpCApiInitialize 47 | [McastApiCleanup] 48 | ParamCount=0 49 | @=McastApiCleanup 50 | [McastApiStartup] 51 | 1=PDWORD pVersion 52 | ParamCount=1 53 | @=McastApiStartup 54 | [McastEnumerateScopes] 55 | 1=IP_ADDR_FAMILY AddrFamily 56 | 2=BOOL ReQuery 57 | 3=PMCAST_SCOPE_ENTRY pScopeList 58 | 4=PDWORD pScopeLen 59 | 5=PDWORD pScopeCount 60 | ParamCount=5 61 | Header= 62 | @=McastEnumerateScopes 63 | [McastGenUID] 64 | 1=LPMCAST_CLIENT_UID pRequestID 65 | ParamCount=1 66 | Header= 67 | @=McastGenUID 68 | [McastReleaseAddress] 69 | 1=IP_ADDR_FAMILY AddrFamily 70 | 2=LPMCAST_CLIENT_UID pRequestID 71 | 3=PMCAST_LEASE_REQUEST pReleaseRequest 72 | ParamCount=3 73 | Header= 74 | @=McastReleaseAddress 75 | [McastRenewAddress] 76 | 1=IP_ADDR_FAMILY AddrFamily 77 | 2=LPMCAST_CLIENT_UID pRequestID 78 | 3=PMCAST_LEASE_REQUEST pRenewRequest 79 | 4=PMCAST_LEASE_RESPONSE pRenewResponse 80 | ParamCount=4 81 | Header= 82 | @=McastRenewAddress 83 | [McastRequestAddress] 84 | 1=IP_ADDR_FAMILY AddrFamily 85 | 2=LPMCAST_CLIENT_UID pRequestID 86 | 3=PMCAST_SCOPE_CTX pScopeCtx 87 | 4=PMCAST_LEASE_REQUEST pAddrRequest 88 | 5=PMCAST_LEASE_RESPONSE pAddrResponse 89 | ParamCount=5 90 | Header= 91 | @=McastRequestAddress 92 | -------------------------------------------------------------------------------- /apis_def/opengl32.api: -------------------------------------------------------------------------------- 1 | [wglCreateContext] 2 | 1=HDC hdc 3 | ParamCount=1 4 | Header=gdi.h.api; 5 | @=wglCreateContext 6 | [wglCreateLayerContext] 7 | 1=HDC hdc 8 | 2=int iLayerPlane 9 | ParamCount=2 10 | Header=gdi.h.api; 11 | @=wglCreateLayerContext 12 | [wglCopyContext] 13 | 1=HGLRC hglrcSrc 14 | 2=HGLRC hglrcDst 15 | 3=UINT mask 16 | ParamCount=3 17 | Header= 18 | @=wglCopyContext 19 | [wglDeleteContext] 20 | 1=HGLRC hglrc 21 | ParamCount=1 22 | Header= 23 | @=wglDeleteContext 24 | [wglDescribeLayerPlane] 25 | 1=HDC hdc 26 | 2=int iPixelFormat 27 | 3=int iLayerPlane 28 | 4=UINT nBytes 29 | 5=LPLAYERPLANEDESCRIPTOR plpd 30 | ParamCount=5 31 | Header=gdi.h.api; 32 | @=wglDescribeLayerPlane 33 | [wglGetCurrentContext] 34 | ParamCount=0 35 | @=wglGetCurrentContext 36 | [wglGetCurrentDC] 37 | ParamCount=0 38 | @=wglGetCurrentDC 39 | [wglGetLayerPaletteEntries] 40 | 1=HDC hdc 41 | 2=int iLayerPlane 42 | 3=int iStart 43 | 4=int cEntries 44 | 5=COLORREF* pcr 45 | ParamCount=5 46 | Header=gdi.h.api; 47 | @=wglGetLayerPaletteEntries 48 | [wglGetProcAddress] 49 | 1=LPCSTR lpszProc 50 | ParamCount=1 51 | @=wglGetProcAddress 52 | [wglMakeCurrent] 53 | 1=HDC hdc 54 | 2=HGLRC hglrc 55 | ParamCount=2 56 | Header=gdi.h.api; 57 | @=wglMakeCurrent 58 | [wglRealizeLayerPalette] 59 | 1=HDC hdc 60 | 2=int iLayerPlane 61 | 3=BOOL bRealize 62 | ParamCount=3 63 | Header=gdi.h.api; 64 | @=wglRealizeLayerPalette 65 | [wglSetLayerPaletteEntries] 66 | 1=HDC hdc 67 | 2=int iLayerPlane 68 | 3=int iStart 69 | 4=int cEntries 70 | 5=COLORREF* pcr 71 | ParamCount=5 72 | Header=gdi.h.api; 73 | @=wglSetLayerPaletteEntries 74 | [wglShareLists] 75 | 1=HGLRC hglrc1 76 | 2=HGLRC hglrc2 77 | ParamCount=2 78 | Header= 79 | @=wglShareLists 80 | [wglSwapLayerBuffers] 81 | 1=HDC hdc 82 | 2=UINT fuPlanes 83 | ParamCount=2 84 | Header=gdi.h.api; 85 | @=wglSwapLayerBuffers 86 | [wglUseFontBitmaps] 87 | 1=HDC hdc 88 | 2=DWORD first 89 | 3=DWORD count 90 | 4=DWORD listBase 91 | ParamCount=4 92 | Header=gdi.h.api; 93 | @=wglUseFontBitmaps 94 | [wglUseFontOutlines] 95 | 1=HDC hdc 96 | 2=DWORD first 97 | 3=DWORD count 98 | 4=DWORD listBase 99 | 5=FLOAT deviation 100 | 6=FLOAT extrusion 101 | 7=int format 102 | 8=LPGLYPHMETRICSFLOAT lpgmf 103 | ParamCount=8 104 | Header=gdi.h.api; 105 | @=wglUseFontOutlines 106 | -------------------------------------------------------------------------------- /xAnalyzer/ini.cpp: -------------------------------------------------------------------------------- 1 | #include "ini.h" 2 | #include 3 | #include 4 | 5 | IniManager::IniManager(string szFileName) 6 | { 7 | m_szFileName = szFileName; 8 | } 9 | 10 | int IniManager::ReadInteger(char* szSection, char* szKey, int iDefaultValue) 11 | { 12 | int iResult = GetPrivateProfileInt(szSection, szKey, iDefaultValue, m_szFileName.c_str()); 13 | return iResult; 14 | } 15 | 16 | double IniManager::ReadDouble(char* szSection, char* szKey, float fltDefaultValue) 17 | { 18 | char szResult[MAX_PATH] = ""; 19 | char szDefault[MAX_PATH] = ""; 20 | 21 | sprintf_s(szDefault, "%f", fltDefaultValue); 22 | GetPrivateProfileString(szSection, szKey, szDefault, szResult, MAX_PATH, m_szFileName.c_str()); 23 | return atof(szResult); 24 | 25 | } 26 | 27 | bool IniManager::ReadBoolean(char* szSection, char* szKey, bool bolDefaultValue) 28 | { 29 | char szResult[10]; 30 | char szDefault[10]; 31 | 32 | sprintf_s(szDefault, "%s", bolDefaultValue ? "true" : "false"); 33 | GetPrivateProfileString(szSection, szKey, szDefault, szResult, 10, m_szFileName.c_str()); 34 | 35 | return (strcmp(szResult, "true") == 0); 36 | } 37 | 38 | std::string IniManager::ReadString(char* szSection, char* szKey, const char* szDefaultValue) 39 | { 40 | std::string szResult; 41 | GetPrivateProfileString((LPCSTR)szSection, (LPCSTR)szKey, (LPCSTR)szDefaultValue, (LPSTR)szResult.c_str(), 255, (LPCSTR)m_szFileName.c_str()); 42 | return szResult; 43 | } 44 | 45 | void IniManager::WriteInteger(char* szSection, char* szKey, int iValue) 46 | { 47 | char szValue[MAX_PATH] = ""; 48 | sprintf_s(szValue, "%d", iValue); 49 | WritePrivateProfileString(szSection, szKey, szValue, m_szFileName.c_str()); 50 | } 51 | 52 | void IniManager::WriteDouble(char* szSection, char* szKey, double fltValue) 53 | { 54 | char szValue[MAX_PATH] = ""; 55 | sprintf_s(szValue, "%lf", fltValue); 56 | WritePrivateProfileString(szSection, szKey, szValue, m_szFileName.c_str()); 57 | } 58 | 59 | void IniManager::WriteBoolean(char* szSection, char* szKey, bool bolValue) 60 | { 61 | char szValue[MAX_PATH] = ""; 62 | sprintf_s(szValue, "%s", bolValue ? "true" : "false"); 63 | WritePrivateProfileString(szSection, szKey, szValue, m_szFileName.c_str()); 64 | } 65 | 66 | void IniManager::WriteString(char* szSection, char* szKey, char* szValue) 67 | { 68 | WritePrivateProfileString(szSection, szKey, szValue, m_szFileName.c_str()); 69 | } -------------------------------------------------------------------------------- /apis_def/headers/wecapi.h.api: -------------------------------------------------------------------------------- 1 | [EC_SUBSCRIPTION_PROPERTY_ID] 2 | Base=UINT 3 | Type=Enum 4 | Const1=EcSubscriptionEnabled 5 | Value1=0 6 | Const2=EcSubscriptionEventSources 7 | Value2=1 8 | Const3=EcSubscriptionEventSourceAddress 9 | Value3=2 10 | Const4=EcSubscriptionEventSourceEnabled 11 | Value4=3 12 | Const5=EcSubscriptionEventSourceUserName 13 | Value5=4 14 | Const6=EcSubscriptionEventSourcePassword 15 | Value6=5 16 | Const7=EcSubscriptionDescription 17 | Value7=6 18 | Const8=EcSubscriptionURI 19 | Value8=7 20 | Const9=EcSubscriptionConfigurationMode 21 | Value9=8 22 | Const10=EcSubscriptionExpires 23 | Value10=9 24 | Const11=EcSubscriptionQuery 25 | Value11=10 26 | Const12=EcSubscriptionTransportName 27 | Value12=11 28 | Const13=EcSubscriptionTransportPort 29 | Value13=12 30 | Const14=EcSubscriptionDeliveryMode 31 | Value14=13 32 | Const15=EcSubscriptionDeliveryMaxItems 33 | Value15=14 34 | Const16=EcSubscriptionDeliveryMaxLatencyTime 35 | Value16=15 36 | Const17=EcSubscriptionHeartbeatInterval 37 | Value17=16 38 | Const18=EcSubscriptionLocale 39 | Value18=17 40 | Const19=EcSubscriptionContentFormat 41 | Value19=18 42 | Const20=EcSubscriptionLogFile 43 | Value20=19 44 | Const21=EcSubscriptionPublisherName 45 | Value21=20 46 | Const22=EcSubscriptionCredentialsType 47 | Value22=21 48 | Const23=EcSubscriptionCommonUserName 49 | Value23=22 50 | Const24=EcSubscriptionCommonPassword 51 | Value24=23 52 | Const25=EcSubscriptionHostName 53 | Value25=24 54 | Const26=EcSubscriptionReadExistingEvents 55 | Value26=25 56 | Const27=EcSubscriptionDialect 57 | Value27=26 58 | [EC_SUBSCRIPTION_RUNTIME_STATUS_INFO_ID] 59 | Base=UINT 60 | Type=Enum 61 | Const1=EcSubscriptionRunTimeStatusActive 62 | Value1=0 63 | Const2=EcSubscriptionRunTimeStatusLastError 64 | Value2=1 65 | Const3=EcSubscriptionRunTimeStatusLastErrorMessage 66 | Value3=2 67 | Const4=EcSubscriptionRunTimeStatusLastErrorTime 68 | Value4=3 69 | Const5=EcSubscriptionRunTimeStatusNextRetryTime 70 | Value5=4 71 | Const6=EcSubscriptionRunTimeStatusInfoIdEND 72 | Value6=5 73 | [EC_VARIANT_TYPE] 74 | TypeDisplay=DWORD 75 | Base=DWORD 76 | Type=Flag 77 | Const1=EcVarTypeNull 78 | Value1=0 79 | Const2=EcVarTypeBoolean 80 | Value2=1 81 | Const3=EcVarTypeUInt32 82 | Value3=2 83 | Const4=EcVarTypeDateTime 84 | Value4=3 85 | Const5=EcVarTypeString 86 | Value5=4 87 | Const6=EcVarObjectArrayPropertyHandle 88 | Value6=5 89 | Const7=EC_VARIANT_TYPE_ARRAY 90 | Value7=128 91 | -------------------------------------------------------------------------------- /xAnalyzer/pluginsdk/yara/yara/sizedstr.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _SIZEDSTR_H 31 | #define _SIZEDSTR_H 32 | 33 | #include 34 | 35 | #include "integers.h" 36 | 37 | // 38 | // This struct is used to support strings containing null chars. The length of 39 | // the string is stored along the string data. However the string data is also 40 | // terminated with a null char. 41 | // 42 | 43 | #define SIZED_STRING_FLAGS_NO_CASE 1 44 | #define SIZED_STRING_FLAGS_DOT_ALL 2 45 | 46 | #pragma pack(push) 47 | #pragma pack(8) 48 | 49 | 50 | typedef struct _SIZED_STRING 51 | { 52 | uint32_t length; 53 | uint32_t flags; 54 | 55 | char c_string[1]; 56 | 57 | } SIZED_STRING; 58 | 59 | #pragma pack(pop) 60 | 61 | 62 | int sized_string_cmp( 63 | SIZED_STRING* s1, 64 | SIZED_STRING* s2); 65 | 66 | #endif 67 | --------------------------------------------------------------------------------