├── stacks ├── __init__.py ├── linux_x86.py ├── windows_x86.py ├── windows_x64.py └── linux_x64.py ├── __init__.py ├── tools └── generate_libc_from_man.py ├── LICENSE ├── .gitignore ├── plugin.json ├── README.md ├── annotate.py └── data └── windows ├── OLE32.json ├── NTDLL.json ├── USER32.json └── ADVAPI32.json /stacks/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /__init__.py: -------------------------------------------------------------------------------- 1 | import os 2 | import json 3 | from binaryninja import PluginCommand 4 | from .annotate import * 5 | 6 | PluginCommand.register_for_function( 7 | "Annotate", 8 | "Annotate functions with arguments", 9 | annotate.run_plugin) 10 | -------------------------------------------------------------------------------- /tools/generate_libc_from_man.py: -------------------------------------------------------------------------------- 1 | from urllib.request import urlopen 2 | import html2text 3 | 4 | resp= urlopen("https://www.gnu.org/software/libc/manual/html_mono/libc.html") 5 | with open("libc.json","w") as wf: 6 | result="{" 7 | for line in resp: 8 | content = line.decode("utf8") 9 | if "Function: " in content: 10 | data=html2text.html2text(content).replace("\r\n"," ").replace("\n"," ").replace("\r"," ") 11 | function=data[data.find("_ **")+4:data.find("** _(")] 12 | args=data[data.find(" _(")+3:data.find(")_")].split(", ") 13 | arguments="" 14 | for arg in args: 15 | if len(arg)==1: 16 | continue 17 | if arg=="void": 18 | continue 19 | arguments+="\""+arg+"\", " 20 | arguments=arguments[:-2] 21 | 22 | if (len(arguments)!=0): 23 | result+=(f"\"{function}\" : [{arguments}],") 24 | result=result[:-1]+"}" 25 | wf.write(result) 26 | print("Done !") 27 | resp.close() 28 | 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Bjoern Kerler 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .pytest_cache/ 49 | 50 | # Translations 51 | *.mo 52 | *.pot 53 | 54 | # Django stuff: 55 | *.log 56 | local_settings.py 57 | db.sqlite3 58 | 59 | # Flask stuff: 60 | instance/ 61 | .webassets-cache 62 | 63 | # Scrapy stuff: 64 | .scrapy 65 | 66 | # Sphinx documentation 67 | docs/_build/ 68 | 69 | # PyBuilder 70 | target/ 71 | 72 | # Jupyter Notebook 73 | .ipynb_checkpoints 74 | 75 | # pyenv 76 | .python-version 77 | 78 | # celery beat schedule file 79 | celerybeat-schedule 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | -------------------------------------------------------------------------------- /plugin.json: -------------------------------------------------------------------------------- 1 | { 2 | "plugin": { 3 | "pluginmetadataversion" : 2, 4 | "name": "Annotate Functions", 5 | "type": ["binaryview"], 6 | "api": ["python2", "python3"], 7 | "description": "A plugin that annotates function arguments.", 8 | "longdescription": "Upon encountering a function call this plugins uses virtual stack to annotate previous instructions with comments annotating the parameters.", 9 | "license": { 10 | "name": "MIT", 11 | "text": "Copyright (c) 2018-2019 B. Kerler\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." 12 | }, 13 | "dependencies": { 14 | "pip": [], 15 | "apt": [], 16 | "installers": [], 17 | "other": [] 18 | }, 19 | "platforms" : ["Darwin", "Linux", "Windows"], 20 | "version": "1.1", 21 | "author": "B.Kerler with code from John Levy and @carstein", 22 | "minimumBinaryNinjaVersion": 1200 23 | } 24 | } 25 | 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## BinaryNinja universal annotate plugin 2 | 3 | ### Why 4 | I know there are already Annotator and WinAPI-Annotator .. BUT: 5 | 6 | * This one combines both plugins for windows and linux, sorts out some issues 7 | * And adds reg based approach using llil and mlil to support other platforms, such as ARM 8 | * Also has a database for libc and has a tool to convert libc man to database :) 9 | * Has both python2 and python3 support 10 | 11 | Big thanks to @carstein and @levyjm for setting the foundation. 12 | 13 | ### Supported modules 14 | * kernel32.dll 15 | * user32.dll 16 | * ole32.dll 17 | * advapi32.dll 18 | * libc 19 | * Some openssl libs 20 | * Any json in generic folder 21 | 22 | #### Any new supported module and/or bug fix and/or feature improvement is welcome ! 23 | 24 | ## ToDo 25 | * MIPS support 26 | * Other arch support such as MACH 27 | 28 | ### Disclaimer 29 | * This plugin has been tested for Windows-32/64, Linux-32/64, and Android ARM Libraries 30 | 31 | 32 | ``` 33 | MIT License 34 | 35 | Copyright (c) 2018 B. Kerler 36 | 37 | Permission is hereby granted, free of charge, to any person obtaining a copy 38 | of this software and associated documentation files (the "Software"), to deal 39 | in the Software without restriction, including without limitation the rights 40 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 41 | copies of the Software, and to permit persons to whom the Software is 42 | furnished to do so, subject to the following conditions: 43 | 44 | The above copyright notice and this permission notice shall be included in all 45 | copies or substantial portions of the Software. 46 | 47 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 48 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 49 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 50 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 51 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 52 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 53 | SOFTWARE. 54 | ``` 55 | -------------------------------------------------------------------------------- /stacks/linux_x86.py: -------------------------------------------------------------------------------- 1 | # Virtual Call stack implementation for Linux x86 2 | 3 | # Virtual stack is represented as a dictionary 4 | # It does not store values but last instruction that modified given element 5 | # We are assuming addressing in form of ESP + X 6 | # ex: 7 | # { 8 | # 0: 9 | # 4: 10 | # 8: 11 | # } 12 | 13 | from binaryninja import LowLevelILOperation, log_info 14 | 15 | WORD_SIZE = 4 16 | 17 | class Stack: 18 | def __init__(self): 19 | self.stack = {} 20 | self.stack_changing_llil = [LowLevelILOperation.LLIL_STORE, 21 | LowLevelILOperation.LLIL_PUSH, 22 | LowLevelILOperation.LLIL_POP] 23 | 24 | def get_relevant_llil(self): 25 | return self.stack_changing_llil 26 | 27 | def clear(self): 28 | self.stack = {} 29 | 30 | def update(self, instr): 31 | if instr.operation == LowLevelILOperation.LLIL_PUSH: 32 | self.__process_push(instr) 33 | 34 | if instr.operation == LowLevelILOperation.LLIL_STORE: 35 | self.__process_store(instr) 36 | 37 | if instr.operation == LowLevelILOperation.LLIL_POP: 38 | self.__process_pop() 39 | 40 | self.__display_stack() 41 | 42 | def __shift_stack_right(self): 43 | for index in sorted(self.stack, reverse=True): 44 | self.stack[index+WORD_SIZE] = self.stack[index] 45 | 46 | def __shift_stack_left(self): 47 | for index in sorted(self.stack)[1:]: 48 | self.stack[index-WORD_SIZE] = self.stack[index] 49 | 50 | def __process_push(self, push_i): 51 | self.__shift_stack_right() 52 | self.stack[0] = push_i 53 | 54 | def __process_pop(self): 55 | self.__shift_stack_left() 56 | 57 | def __process_store(self, store_i): 58 | # Extracting destination of LLIL_STORE 59 | if store_i.dest.operation == LowLevelILOperation.LLIL_REG: 60 | dst = store_i.dest.src 61 | shift = 0 62 | else: # assuming LLIL_ADD for now 63 | dst = store_i.dest.left.src 64 | if store_i.dest.right.operation == LowLevelILOperation.LLIL_CONST: 65 | shift = store_i.dest.right.constant 66 | else: 67 | shift = store_i.dest.right.value 68 | 69 | if dst.name == 'esp': 70 | # Place it on the stack 71 | self.stack[shift] = store_i 72 | 73 | def __iter__(self): 74 | for index in sorted(self.stack): 75 | yield self.stack[index] 76 | 77 | def __display_stack(self): 78 | s = '\n' 79 | for index in sorted(self.stack): 80 | s += '{}: {}\n'.format(index, self.stack[index]) 81 | 82 | log_info(s) 83 | -------------------------------------------------------------------------------- /stacks/windows_x86.py: -------------------------------------------------------------------------------- 1 | # Virtual Call stack implementation for Windows x86 2 | 3 | # Virtual stack is represented as a dictionary 4 | # It does not store values but last instruction that modified given element 5 | # We are assuming addressing in form of ESP + X 6 | # ex: 7 | # { 8 | # 0: 9 | # 4: 10 | # 8: 11 | # } 12 | 13 | from binaryninja import LowLevelILOperation, log_info 14 | 15 | WORD_SIZE = 4 16 | 17 | class Stack: 18 | def __init__(self): 19 | self.stack = {} 20 | self.stack_changing_llil = [LowLevelILOperation.LLIL_STORE, 21 | LowLevelILOperation.LLIL_PUSH, 22 | LowLevelILOperation.LLIL_POP] 23 | self.esp = 0x00400000 24 | self.ebp = 0x00400000 25 | 26 | def get_function_path(self): 27 | return self.functions_path 28 | 29 | def get_relevant_llil(self): 30 | return self.stack_changing_llil 31 | 32 | def clear(self): 33 | self.stack = {} 34 | 35 | def update(self, instr): 36 | if instr.operation == LowLevelILOperation.LLIL_PUSH: 37 | self.__process_push(instr) 38 | 39 | if instr.operation == LowLevelILOperation.LLIL_STORE: 40 | self.__process_store(instr) 41 | 42 | if instr.operation == LowLevelILOperation.LLIL_POP: 43 | self.__process_pop() 44 | 45 | self.__display_stack() 46 | 47 | def __shift_stack_right(self): 48 | for index in sorted(self.stack, reverse=True): 49 | self.stack[index+WORD_SIZE] = self.stack[index] 50 | 51 | def __shift_stack_left(self): 52 | for index in sorted(self.stack)[1:]: 53 | self.stack[index-WORD_SIZE] = self.stack[index] 54 | 55 | def __process_push(self, push_i): 56 | self.__shift_stack_right() 57 | self.stack[0] = push_i 58 | 59 | def __process_pop(self): 60 | self.__shift_stack_left() 61 | 62 | def __process_store(self, store_i): 63 | # Extracting destination of LLIL_STORE 64 | #if store_i.dest.operation == LowLevelILOperation.LLIL_REG: 65 | #dst = store_i.dest.src 66 | shift = 0 67 | 68 | ''' 69 | elif store_i.dest.operation != LowLevelILOperation.LLIL_CONST_PTR: 70 | dst = store_i.dest.left.src 71 | if store_i.dest.right.operation == LowLevelILOperation.LLIL_CONST: 72 | shift = store_i.dest.right.constant 73 | else: 74 | shift = store_i.dest.right.value 75 | ''' 76 | 77 | def __iter__(self): 78 | for index in sorted(self.stack): 79 | yield self.stack[index] 80 | 81 | def __display_stack(self): 82 | s = '\n' 83 | for index in sorted(self.stack): 84 | s += '{}: {}\n'.format(index, self.stack[index]) 85 | 86 | -------------------------------------------------------------------------------- /stacks/windows_x64.py: -------------------------------------------------------------------------------- 1 | # Virtual Call stack implementation for Windows x64 2 | 3 | # Virtual stack is represented as a dictionary 4 | # It does not store values but last instruction that modified given element 5 | # We are assuming addressing in form of ESP + X 6 | # ex: 7 | # { 8 | # 0: 9 | # 8: 10 | # 16: 11 | # } 12 | from .windows_x86 import * 13 | from binaryninja import LowLevelILOperation 14 | 15 | WORD_SIZE = 8 16 | 17 | mapping = { 18 | 'rdi':'rdi', 'edi': 'rdi', 'di':'rdi', 'dil':'rdi', 19 | 'rsi':'rsi', 'esi': 'rsi', 'si':'rsi', 'sil':'rsi', 20 | 'rdx':'rdx', 'edx': 'rdx', 'dx':'rdx', 'dl':'rdx', 21 | 'rcx':'rcx', 'ecx': 'rcx', 'cx':'rcx', 'cl':'rcx', 22 | 'r8':'r8', 'r8d': 'r8', 'r8w':'r8', 'r8b':'r8', 23 | 'r9':'r9', 'r9d': 'r9', 'r9w':'r9', 'r9b':'r9' 24 | } 25 | 26 | class Stack(Stack): 27 | def __init__(self): 28 | self.stack = {} 29 | 30 | self.registers = { 31 | 'rcx': None, 32 | 'rdx': None, 33 | 'r8': None, 34 | 'r9': None 35 | } 36 | 37 | self.stack_changing_llil = [ 38 | LowLevelILOperation.LLIL_STORE, 39 | LowLevelILOperation.LLIL_PUSH, 40 | LowLevelILOperation.LLIL_POP, 41 | LowLevelILOperation.LLIL_SET_REG] 42 | self.functions_path = 'all_functions_no_fp.json' 43 | 44 | def clear(self): 45 | self.stack = {} 46 | 47 | for reg in self.registers.keys(): 48 | self.registers[reg] = None 49 | 50 | def update(self, instr): 51 | if instr.operation == LowLevelILOperation.LLIL_PUSH: 52 | self.__process_push(instr) 53 | 54 | if instr.operation == LowLevelILOperation.LLIL_STORE: 55 | self.__process_store(instr) 56 | 57 | if instr.operation == LowLevelILOperation.LLIL_POP: 58 | self.__process_pop() 59 | 60 | if instr.operation == LowLevelILOperation.LLIL_SET_REG: 61 | self.__process_set_reg(instr) 62 | 63 | def __process_set_reg(self, set_i): 64 | if set_i.dest.name in mapping.keys(): 65 | self.registers[mapping[set_i.dest.name]] = set_i 66 | 67 | def __process_store(self, store_i): 68 | # Extracting destination of LLIL_STORE 69 | if store_i.dest.operation == LowLevelILOperation.LLIL_REG: 70 | dst = store_i.dest.src 71 | shift = 0 72 | 73 | 74 | ''' 75 | elif store_i.dest.operation != LowLevelILOperation.LLIL_CONST_PTR: 76 | dst = store_i.dest.left.src 77 | shift = store_i.dest.right.value 78 | 79 | if dst.name == 'esp' or dst.name == 'rsp': 80 | # Place it on the stack 81 | self.stack[shift] = store_i 82 | ''' 83 | 84 | def __iter__(self): 85 | yield self.registers['rcx'] 86 | yield self.registers['rdx'] 87 | yield self.registers['r8'] 88 | yield self.registers['r9'] 89 | 90 | for index in sorted(self.stack): 91 | yield self.stack[index] 92 | -------------------------------------------------------------------------------- /stacks/linux_x64.py: -------------------------------------------------------------------------------- 1 | # Virtual Call stack implementation for Linux x86 2 | 3 | # Virtual stack is represented as a dictionary 4 | # It does not store values but last instruction that modified given element 5 | # We are assuming addressing in form of ESP + X 6 | # ex: 7 | # { 8 | # 0: 9 | # 8: 10 | # 16: 11 | # } 12 | from .linux_x86 import Stack 13 | from binaryninja import LowLevelILOperation 14 | 15 | WORD_SIZE = 8 16 | 17 | mapping = { 18 | 'rdi':'rdi', 'edi': 'rdi', 'di':'rdi', 'dil':'rdi', 19 | 'rsi':'rsi', 'esi': 'rsi', 'si':'rsi', 'sil':'rsi', 20 | 'rdx':'rdx', 'edx': 'rdx', 'dx':'rdx', 'dl':'rdx', 21 | 'rcx':'rcx', 'ecx': 'rcx', 'cx':'rcx', 'cl':'rcx', 22 | 'r8':'r8', 'r8d': 'r8', 'r8w':'r8', 'r8b':'r8', 23 | 'r9':'r9', 'r9d': 'r9', 'r9w':'r9', 'r9b':'r9' 24 | } 25 | 26 | class Stack(Stack): 27 | def __init__(self): 28 | self.stack = {} 29 | 30 | self.registers = { 31 | 'rdi': None, 32 | 'rsi': None, 33 | 'rdx': None, 34 | 'rcx': None, 35 | 'r8': None, 36 | 'r9': None 37 | } 38 | 39 | self.stack_changing_llil = [ 40 | LowLevelILOperation.LLIL_STORE, 41 | LowLevelILOperation.LLIL_PUSH, 42 | LowLevelILOperation.LLIL_POP, 43 | LowLevelILOperation.LLIL_SET_REG] 44 | self.functions_path = 'all_functions_no_fp.json' 45 | 46 | def clear(self): 47 | self.stack = {} 48 | 49 | for reg in self.registers.keys(): 50 | self.registers[reg] = None 51 | 52 | def update(self, instr): 53 | if instr.operation == LowLevelILOperation.LLIL_PUSH: 54 | self.__process_push(instr) 55 | 56 | if instr.operation == LowLevelILOperation.LLIL_STORE: 57 | self.__process_store(instr) 58 | 59 | if instr.operation == LowLevelILOperation.LLIL_POP: 60 | self.__process_pop() 61 | 62 | if instr.operation == LowLevelILOperation.LLIL_SET_REG: 63 | self.__process_set_reg(instr) 64 | 65 | def __process_set_reg(self, set_i): 66 | if set_i.dest.name in mapping.keys(): 67 | self.registers[mapping[set_i.dest.name]] = set_i 68 | 69 | def __process_store(self, store_i): 70 | # Extracting destination of LLIL_STORE 71 | if store_i.dest.operation == LowLevelILOperation.LLIL_REG: 72 | dst = store_i.dest.src 73 | shift = 0 74 | else: # assuming LLIL_ADD for now 75 | dst = store_i.dest.left.src 76 | shift = store_i.dest.right.value 77 | 78 | if dst.name == 'esp': 79 | # Place it on the stack 80 | self.stack[shift] = store_i 81 | 82 | def __iter__(self): 83 | yield self.registers['rdi'] 84 | yield self.registers['rsi'] 85 | yield self.registers['rdx'] 86 | yield self.registers['rcx'] 87 | yield self.registers['r8'] 88 | yield self.registers['r9'] 89 | 90 | for index in sorted(self.stack): 91 | yield self.stack[index] 92 | -------------------------------------------------------------------------------- /annotate.py: -------------------------------------------------------------------------------- 1 | import json 2 | import re 3 | import os 4 | from binaryninja import * 5 | import sys 6 | from .stacks import linux_x86, linux_x64, windows_x86, windows_x64 7 | 8 | python2=False 9 | if sys.version_info[0] < 3: 10 | python2=True 11 | 12 | PLUGINDIR_PATH = os.path.abspath(os.path.dirname(__file__)) 13 | 14 | call_llil = [ 15 | LowLevelILOperation.LLIL_CALL, 16 | LowLevelILOperation.LLIL_CALL_STACK_ADJUST, 17 | ] 18 | 19 | reg_arch=["armv7","armv7e","aarch64"] 20 | stack_arch=["x86","x86_64"] 21 | 22 | os_sys="" 23 | modules={} 24 | generic={} 25 | 26 | def search_files(directory='.', extension=''): 27 | filenames=[] 28 | extension = extension.lower() 29 | for dirpath, dirnames, files in os.walk(directory): 30 | for name in files: 31 | if extension and name.lower().endswith(extension): 32 | filenames.append(name[:-len(extension)-1]) 33 | elif not extension: 34 | filenames.append(name) 35 | return filenames 36 | 37 | def load_functions(platform): 38 | global modules 39 | global generic 40 | jsonpath=os.path.join(PLUGINDIR_PATH,"data",platform) 41 | filenames=search_files(jsonpath,"json") 42 | for module_name in filenames: 43 | function_file = open(os.path.join(jsonpath,module_name+".json"), 'r') 44 | function_list = json.load(function_file) 45 | function_file.close() 46 | if (platform=="generic"): 47 | generic[module_name]=function_list #module_name=Function and function_list=arguments for Generic 48 | else: 49 | modules[module_name]=function_list 50 | 51 | def get_function_name(callee): 52 | global os_sys 53 | if os_sys=="windows": 54 | module_name = re.match(r'(\S+)\!', callee.name) 55 | function_name = re.match(r'\S+\!(\w+)(@IAT)*?', callee.name) 56 | elif os_sys=="linux": 57 | if "__imp_" in callee.name: 58 | function_name=re.match(r'__imp_(\S+)', callee.name) 59 | else: 60 | function_name=re.match(r'(\S+)', callee.name) 61 | module_name=re.match(r'(\S+)', callee.name) 62 | return (module_name, function_name) 63 | 64 | def do_comment(function_arg,stack_args,function): 65 | global python2 66 | comment = "\n".format(function_arg) 67 | try: 68 | if python2==True: 69 | stack_instruction = stack_args.next() 70 | else: 71 | stack_instruction = next(stack_args) 72 | 73 | if stack_instruction is None: 74 | return False 75 | 76 | function.set_comment(stack_instruction.address, function_arg) 77 | return True 78 | except StopIteration: 79 | log_error('[x] Virtual Stack Empty. Unable to find function arguments for <{}>'.format(function_name)) 80 | return False 81 | 82 | def func_annotate_stack(module_name, function_name, stack, function): 83 | global modules 84 | global generic 85 | modname=module_name.group(1) 86 | funcname=function_name.group(1) 87 | if modname in modules: 88 | if funcname in modules[modname]: 89 | stack_args = iter(stack) 90 | for function_arg in modules[modname][funcname]: 91 | if (do_comment(function_arg,stack_args,function)==False): 92 | break 93 | else: 94 | for item in generic: 95 | if funcname in generic[item]: 96 | stack_args = iter(stack) 97 | for function_arg in generic[item][funcname]: 98 | if (do_comment(function_arg,stack_args,function)==False): 99 | break 100 | 101 | def func_annotate_reg(module_name, function_name, instruction, function): 102 | global modules 103 | global generic 104 | modname=module_name.group(1) 105 | funcname=function_name.group(1) 106 | mlil=function.medium_level_il 107 | if modname in modules: 108 | if funcname in modules[modname]: 109 | offsets=[] 110 | params=instruction.medium_level_il.ssa_form.params 111 | for i in range(0,len(params)): 112 | if hasattr(params[i], 'constant'): #we do have a constant 113 | address=params[i].address 114 | offsets.append(address) 115 | else: 116 | reg=params[i].src 117 | try: 118 | address=mlil.get_ssa_var_definition(reg).address 119 | offsets.append(address) 120 | except: 121 | pass 122 | pos=0 123 | for function_arg in modules[modname][funcname]: 124 | comment = "\n".format(function_arg) 125 | if pos'.format(name=function.symbol.name)) 185 | for block in function.low_level_il: 186 | for instruction in block: 187 | if (arch=="x86" or arch=="x86_64"): 188 | if (instruction.operation in stack_changing_llil): 189 | stack.update(instruction) 190 | if (instruction.operation in call_llil and instruction.dest.operation == LowLevelILOperation.LLIL_CONST_PTR): 191 | callee = bv.get_function_at(instruction.dest.constant) # Fetching function in question 192 | if callee!=None: 193 | if (callee.symbol.type == SymbolType.ImportedFunctionSymbol): 194 | module_and_function = get_function_name(callee) 195 | if arch in reg_arch: 196 | func_annotate_reg(module_and_function[0], module_and_function[1], instruction, function) 197 | elif arch in stack_arch: 198 | func_annotate_stack(module_and_function[0], module_and_function[1], stack, function) 199 | elif (instruction.operation == LowLevelILOperation.LLIL_CALL): 200 | if (instruction.dest.operation == LowLevelILOperation.LLIL_REG and instruction.dest.value.type == RegisterValueType.ImportedAddressValue): 201 | iat_address = instruction.dest.value.value 202 | try: 203 | callee = bv.get_symbol_at(iat_address) 204 | if (callee.type == SymbolType.ImportedFunctionSymbol or callee.type == SymbolType.ImportAddressSymbol): 205 | module_and_function = get_function_name(callee) 206 | if arch in reg_arch: 207 | func_annotate_reg(module_and_function[0], module_and_function[1], instruction, function) 208 | elif arch in stack_arch: 209 | func_annotate_stack(module_and_function[0], module_and_function[1], stack, function) 210 | except AttributeError: 211 | continue 212 | else: 213 | try: 214 | iat_address = instruction.dest.src.constant 215 | callee = bv.get_symbol_at(iat_address) 216 | if (callee.type == SymbolType.ImportedFunctionSymbol or callee.type == SymbolType.ImportAddressSymbol): 217 | module_and_function = get_function_name(callee) 218 | if arch in reg_arch: 219 | func_annotate_reg(module_and_function[0], module_and_function[1], instruction, function) 220 | elif arch in stack_arch: 221 | func_annotate_stack(module_and_function[0], module_and_function[1], stack, function) 222 | except AttributeError: 223 | continue 224 | -------------------------------------------------------------------------------- /data/windows/OLE32.json: -------------------------------------------------------------------------------- 1 | {"CoFileTimeNow": [], "CoRegisterPSClsid": ["REFIID riid", "REFCLSID rclsid"], "OleCreateLinkFromData": ["LPDATAOBJECT pSrcDataObj", "REFIID riid", "DWORD renderopt", "LPFORMATETC pFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoUnmarshalHresult": ["LPSTREAM pstm"], "OleCreateLinkEx": ["LPMONIKER pmkLinkSrc", "REFIID riid", "DWORD dwFlags", "DWORD renderopt", "ULONG cFormats", "LPFORMATETC rgFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoMarshalInterThreadInterfaceInStream": ["REFIID riid", "LPUNKNOWN pUnk"], "StgOpenStorageEx": ["const WCHAR *pwcsName", "DWORD grfMode", "STGFMT stgfmt", "DWORD grfAttrs", "REFIID riid"], "OleNoteObjectVisible": ["LPUNKNOWN pUnknown", "BOOL fVisible"], "PropStgNameToFmtId": ["const LPOLESTR *pfmtid"], "CoGetStdMarshalEx": ["LPUNKNOWN pUnkOuter", "DWORD smexflags"], "CoGetCallerTID": ["LPDWORD lpdwTID"], "IIDFromString": ["LPCOLESTR lpsz", "LPIID lpiid"], "CoSetCancelObject": [], "CoDisconnectContext": ["DWORD dwTimeout"], "CreateStreamOnHGlobal": ["HGLOBAL hGlobal", "BOOL fDeleteOnRelease"], "CreateItemMoniker": ["LPCOLESTR lpszDelim", "LPCOLESTR lpszItem"], "OleIsRunning": ["LPOLEOBJECT pObject"], "CoCreateGuid": [], "RevokeDragDrop": ["HWND hwnd"], "CoLoadLibrary": ["LPOLESTR lpszLibName", "BOOL bAutoFree"], "CoRegisterMessageFilter": ["opt_LPMESSAGEFILTER lpMessageFilter"], "SetErrorInfo": ["ULONG dwReserved"], "OleDuplicateData": ["HANDLE hSrc", "CLIPFORMAT cfFormat", "UINT uiFlags"], "HWND_UserMarshal": [], "CoDeactivateObject": [], "StgCreatePropSetStg": [], "CoSuspendClassObjects": [], "ReadFmtUserTypeStg": [], "PropSysAllocString": [], "StgOpenStorage": ["const WCHAR *pwcsName", "DWORD grfMode", "SNB snbExclude", "DWORD reserved"], "CoInstall": ["DWORD dwFlags", "LPWSTR pszCodeBase"], "CoGetInterceptor": ["REFIID iidIntercepted", "REFIID iid"], "CoTestCancel": [], "UpdateDCOMSettings": [], "OleRegEnumFormatEtc": ["REFCLSID clsid", "DWORD dwDirection"], "CoRevokeClassObject": ["DWORD dwRegister"], "OleCreateMenuDescriptor": ["HMENU hmenuCombined", "LPOLEMENUGROUPWIDTHS lpMenuWidths"], "CoGetCurrentLogicalThreadId": [], "CoGetCurrentProcess": [], "CreateObjrefMoniker": ["opt_LPUNKNOWN punk"], "CoDisconnectObject": ["LPUNKNOWN pUnk", "DWORD dwReserved"], "OleSaveToStream": ["LPPERSISTSTREAM pPStm", "LPSTREAM pStm"], "WriteClassStm": ["REFCLSID rclsid"], "CoGetInstanceFromIStorage": ["DWORD dwClsCtx", "struct IStorage", "DWORD dwCount"], "CoRevertToSelf": [], "OleSave": ["LPPERSISTSTORAGE pPS", "LPSTORAGE pStg", "BOOL fSameAsLoad"], "OleBuildVersion": [], "OleCreate": ["REFCLSID rclsid", "REFIID riid", "DWORD renderopt", "LPFORMATETC pFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "ReadStringStream": [], "MonikerCommonPrefixWith": ["LPMONIKER pmkThis", "LPMONIKER pmkOther"], "ProgIDFromCLSID": ["REFCLSID clsid"], "CLSIDFromProgIDEx": ["LPCOLESTR lpszProgID", "LPCLSID lpclsid"], "CreateFileMoniker": ["LPCOLESTR lpszPathName"], "CoInitializeSecurity": ["opt_PSECURITY_DESCRIPTOR pSecDesc", "LONG cAuthSvc", "DWORD dwAuthnLevel", "DWORD dwImpLevel", "DWORD dwCapabilities"], "OleRegGetUserType": ["REFCLSID clsid", "DWORD dwFormOfType"], "StringFromGUID2": ["REFGUID rguid", "LPOLESTR lpsz", "int cchMax"], "CoSetProxyBlanket": ["DWORD dwAuthnSvc", "DWORD dwAuthzSvc", "DWORD dwAuthnLevel", "DWORD dwImpLevel", "opt_RPC_AUTH_IDENTITY_HANDLE pAuthInfo", "DWORD dwCapabilities"], "ReadClassStg": [], "CreateErrorInfo": [], "CoRegisterSurrogate": ["LPSURROGATE pSurrogate"], "GetHGlobalFromStream": [], "OleCreateLinkToFile": ["LPCOLESTR lpszFileName", "REFIID riid", "DWORD renderopt", "LPFORMATETC lpFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "ReadClassStm": [], "CoGetInterfaceAndReleaseStream": ["LPSTREAM pStm", "REFIID iid"], "CoRegisterInitializeSpy": ["LPINITIALIZESPY pSpy"], "StgOpenStorageOnILockBytes": ["DWORD grfMode", "SNB snbExclude", "DWORD reserved"], "StringFromCLSID": ["REFCLSID rclsid"], "OleCreateFromDataEx": ["LPDATAOBJECT pSrcDataObj", "REFIID riid", "DWORD dwFlags", "DWORD renderopt", "ULONG cFormats", "LPFORMATETC rgFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "StgOpenPropStg": ["REFFMTID fmtid", "DWORD grfFlags", "DWORD dwReserved"], "CoIsOle1Class": ["REFCLSID rclsid"], "SetConvertStg": [], "CoAllowSetForegroundWindow": ["LPVOID lpvReserved"], "CoRevokeMallocSpy": [], "CoRevokeInitializeSpy": ["ULARGE_INTEGER uliCookie"], "CoRegisterClassObject": ["REFCLSID rclsid", "LPUNKNOWN pUnk", "DWORD dwClsContext", "DWORD flags", "LPDWORD lpdwRegister"], "CoLockObjectExternal": ["LPUNKNOWN pUnk", "BOOL fLock", "BOOL fLastUnlockReleases"], "StringFromIID": ["REFIID rclsid"], "OleLoadFromStream": ["LPSTREAM pStm", "REFIID iidInterface"], "OleRegEnumVerbs": ["REFCLSID clsid"], "CoGetCancelObject": ["DWORD dwThreadId", "REFIID iid"], "OleConvertIStorageToOLESTREAMEx": ["CLIPFORMAT cfFormat", "LONG lWidth", "LONG lHeight", "DWORD dwSize", "STGMEDIUM pmedium", "LPOLESTREAM lpolestm"], "CoGetCallState": ["PCOGETCALLSTATE CallStateCallback", "PCOGETACTIVATIONSTATE ActivationStateCallback"], "CoCreateInstanceEx": ["REFCLSID rclsid", "DWORD dwClsCtx", "DWORD dwCount"], "CoQueryAuthenticationServices": [], "GetClassFile": ["LPCOLESTR szFilename"], "CreateDataCache": ["LPUNKNOWN pUnkOuter", "REFCLSID rclsid", "REFIID iid"], "CoInitializeEx": ["opt_LPVOID pvReserved", "DWORD dwCoInit"], "OleQueryLinkFromData": ["LPDATAOBJECT pSrcDataObject"], "BindMoniker": ["LPMONIKER pmk", "DWORD grfOpt", "REFIID iidResult"], "CreateDataAdviseHolder": [], "CoGetContextToken": [], "StgCreatePropStg": ["REFFMTID fmtid", "const CLSID *pclsid", "DWORD grfFlags", "DWORD dwReserved"], "CoFreeAllLibraries": [], "ReleaseStgMedium": ["LPSTGMEDIUM pMedium"], "CoGetObject": ["LPCWSTR pszName", "REFIID riid"], "OleRegGetMiscStatus": ["REFCLSID clsid", "DWORD dwAspect"], "OleIsCurrentClipboard": ["LPDATAOBJECT pDataObj"], "RegisterDragDrop": ["HWND hwnd", "LPDROPTARGET pDropTarget"], "CoDisableCallCancellation": ["opt_LPVOID pReserved"], "CoMarshalInterface": ["LPSTREAM pStm", "REFIID riid", "LPUNKNOWN pUnk", "DWORD dwDestContext", "opt_LPVOID pvDestContext", "DWORD mshlflags"], "OleUninitialize": [], "CoUninitialize": [], "CoQueryClientBlanket": [], "OleCreateFromData": ["LPDATAOBJECT pSrcDataObj", "REFIID riid", "DWORD renderopt", "LPFORMATETC pFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoGetInstanceFromFile": ["DWORD dwClsCtx", "DWORD grfMode", "DWORD dwCount"], "OleTranslateAccelerator": ["LPOLEINPLACEFRAME lpFrame", "LPOLEINPLACEFRAMEINFO lpFrameInfo", "LPMSG lpmsg"], "FreePropVariantArray": ["ULONG cVariants"], "StgConvertPropertyToVariant": ["const SERIALIZEDPROPERTYVALUE *prop", "USHORT CodePage"], "OleDestroyMenuDescriptor": ["HOLEMENU holemenu"], "OleDraw": ["LPUNKNOWN pUnknown", "DWORD dwAspect", "HDC hdcDraw", "LPCRECT lprcBounds"], "FmtIdToPropStgName": ["const FMTID *pfmtid", "LPOLESTR oszName"], "CoEnableCallCancellation": ["opt_LPVOID pReserved"], "OleSetClipboard": ["LPDATAOBJECT pDataObj"], "StgGetIFillLockBytesOnILockBytes": [], "MonikerRelativePathTo": ["LPMONIKER pmkSrc", "LPMONIKER pmkDest", "BOOL dwReserved"], "DllDebugObjectRPCHook": ["ARGS lpOrpcInitArgs"], "OleCreateEx": ["REFCLSID rclsid", "REFIID riid", "DWORD dwFlags", "DWORD renderopt", "ULONG cFormats", "LPFORMATETC rgFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoTreatAsClass": ["REFCLSID clsidOld", "REFCLSID clsidNew"], "CreateClassMoniker": ["REFCLSID rclsid"], "CoAddRefServerProcess": [], "IsAccelerator": ["HACCEL hAccel", "int cAccelEntries", "LPMSG lpMsg"], "CoResumeClassObjects": [], "CoRegisterMallocSpy": ["LPMALLOCSPY pMallocSpy"], "OleCreateStaticFromData": ["LPDATAOBJECT pSrcDataObj", "REFIID iid", "DWORD renderopt", "LPFORMATETC pFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "OleConvertOLESTREAMToIStorageEx": ["LPOLESTREAM lpolestm", "STGMEDIUM pmedium"], "OleCreateFromFile": ["REFCLSID rclsid", "LPCOLESTR lpszFileName", "REFIID riid", "DWORD renderopt", "LPFORMATETC lpFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "GetConvertStg": [], "OleDoAutoConvert": ["LPSTORAGE pStg", "LPCLSID pClsidNew"], "CoFreeUnusedLibrariesEx": ["DWORD dwUnloadDelay", "DWORD dwReserved"], "StgConvertVariantToProperty": ["const PROPVARIANT *pvar", "USHORT CodePage", "PROPID pid", "BOOLEAN fReserved"], "CoCopyProxy": [], "CLSIDFromString": ["LPCOLESTR lpsz", "LPCLSID pclsid"], "CreateILockBytesOnHGlobal": ["HGLOBAL hGlobal", "BOOL fDeleteOnRelease"], "StgIsStorageFile": ["const WCHAR *pwcsName"], "OleSetAutoConvert": ["REFCLSID clsidOld", "REFCLSID clsidNew"], "OleRun": ["LPUNKNOWN pUnknown"], "CoWaitForMultipleHandles": ["DWORD dwFlags", "DWORD dwTimeout", "ULONG cHandles", "LPHANDLE pHandles", "LPDWORD lpdwindex"], "IsEqualGUID": ["REFGUID rguid1", "REFGUID rguid2"], "StgPropertyLengthAsVariant": ["const SERIALIZEDPROPERTYVALUE *prop"], "CoQueryProxyBlanket": [], "WriteStringStream": ["t string", "t bstrt"], "CoTaskMemRealloc": ["opt_LPVOID pv", "SIZE_T cb"], "CoCreateInstance": ["REFCLSID rclsid", "LPUNKNOWN pUnkOuter", "DWORD dwClsContext", "REFIID riid"], "CoGetActivationState": ["PCOGETCALLSTATE CallStateCallback", "PCOGETACTIVATIONSTATE ActivationStateCallback"], "OleGetIconOfClass": ["REFCLSID rclsid", "opt_LPOLESTR lpszLabel", "BOOL fUseTypeAsLabel"], "OleMetafilePictFromIconAndLabel": ["HICON hIcon", "LPOLESTR lpszLabel", "LPOLESTR lpszSourceFile", "UINT iIconIndex"], "CreateStdProgressIndicator": [], "OleQueryCreateFromData": ["LPDATAOBJECT pSrcDataObject"], "CoGetObjectContext": ["REFIID riid"], "DllRegisterServer": [], "CoUnmarshalInterface": ["LPSTREAM pStm", "REFIID riid"], "StgCreateDocfile": ["const WCHAR *pwcsName", "DWORD grfMode", "DWORD reserved"], "CoGetSystemSecurityPermissions": ["COMSD comSDType"], "CoGetCallContext": ["REFIID riid"], "StgOpenAsyncDocfileOnIFillLockBytes": ["DWORD grfmode", "DWORD asyncFlags"], "GetRunningObjectTable": ["DWORD reserved"], "OleConvertIStorageToOLESTREAM": ["LPOLESTREAM lpolestream"], "CoFreeUnusedLibraries": [], "CoSwitchCallContext": [], "CreateBindCtx": ["DWORD reserved"], "CoDosDateTimeToFileTime": ["WORD nDosDate", "WORD nDosTime"], "HWND_UserSize": [], "OleSetMenuDescriptor": ["HOLEMENU holemenu", "HWND hwndFrame", "HWND hwndActiveObject", "LPOLEINPLACEFRAME lpFrame", "LPOLEINPLACEACTIVEOBJECT lpActiveObj"], "CoGetMalloc": ["DWORD dwMemContext"], "WdtpInterfacePointer_UserFree": ["opt_LPMESSAGEFILTER lpMessageFilter"], "OleCreateFromFileEx": ["REFCLSID rclsid", "LPCOLESTR lpszFileName", "REFIID riid", "DWORD dwFlags", "DWORD renderopt", "ULONG cFormats", "LPFORMATETC rgFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoReleaseServerProcess": [], "GetErrorInfo": ["ULONG dwReserved"], "CoTaskMemFree": ["opt_LPVOID pv"], "CoCancelCall": ["DWORD dwThreadId", "ULONG ulTimeout"], "WriteFmtUserTypeStg": ["CLIPFORMAT cf"], "OleLockRunning": ["LPUNKNOWN pUnknown", "BOOL fLock", "BOOL fLastUnlockCloses"], "CLIPFORMAT_UserSize": [], "CoImpersonateClient": [], "CoGetMarshalSizeMax": ["REFIID riid", "LPUNKNOWN pUnk", "DWORD dwDestContext", "opt_LPVOID pvDestContext", "DWORD mshlflags"], "OleGetAutoConvert": ["REFCLSID clsidOld", "LPCLSID pClsidNew"], "CoMarshalHresult": ["LPSTREAM pstm", "HRESULT hresult"], "DoDragDrop": ["LPDATAOBJECT pDataObj", "LPDROPSOURCE pDropSource", "DWORD dwOKEffects", "LPDWORD pdwEffect"], "CoIsHandlerConnected": ["LPUNKNOWN pUnk"], "OleCreateLinkToFileEx": ["LPCOLESTR lpszFileName", "REFIID riid", "DWORD dwFlags", "DWORD renderopt", "ULONG cFormats", "LPFORMATETC rgFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoGetTreatAsClass": ["REFCLSID clsidOld", "LPCLSID pClsidNew"], "CreatePointerMoniker": ["opt_LPUNKNOWN punk"], "CoFreeLibrary": ["HINSTANCE hInst"], "StgGetIFillLockBytesOnFile": [], "OleCreateLink": ["LPMONIKER pmkLinkSrc", "REFIID riid", "DWORD renderopt", "LPFORMATETC lpFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "OleConvertOLESTREAMToIStorage": ["LPOLESTREAM lpolestream", "const DVTARGETDEVICE *ptd"], "GetHGlobalFromILockBytes": [], "OleGetIconOfFile": ["LPOLESTR lpszPath", "BOOL fUseFileAsLabel"], "CoGetPSClsid": ["REFIID riid"], "CreateAntiMoniker": [], "OleGetClipboard": [], "OleLoad": ["LPSTORAGE pStg", "REFIID riid", "LPOLECLIENTSITE pClientSite"], "CoRegisterChannelHook": ["REFGUID ExtensionUuid"], "PropVariantClear": [], "CreateOleAdviseHolder": [], "CoGetClassObject": ["REFCLSID rclsid", "DWORD dwClsContext", "REFIID riid"], "StgIsStorageILockBytes": [], "StgCreateStorageEx": ["const WCHAR *pwcsName", "DWORD grfMode", "STGFMT stgfmt", "DWORD grfAttrs", "REFIID riid"], "CoInitialize": ["opt_LPVOID pvReserved"], "OleInitialize": ["LPVOID pvReserved"], "StgSetTimes": ["WCHAR const *lpszName", "FILETIME const *pctime", "FILETIME const *patime", "FILETIME const *pmtime"], "CoGetApartmentType": [], "CoInvalidateRemoteMachineBindings": ["LPOLESTR pszMachineName"], "OleCreateLinkFromDataEx": ["LPDATAOBJECT pSrcDataObj", "REFIID riid", "DWORD dwFlags", "DWORD renderopt", "ULONG cFormats", "LPFORMATETC rgFormatEtc", "LPOLECLIENTSITE pClientSite", "LPSTORAGE pStg"], "CoGetStandardMarshal": ["REFIID riid", "LPUNKNOWN pUnk", "DWORD dwDestContext", "opt_LPVOID pvDestContext", "DWORD mshlflags"], "PropVariantChangeType": ["REFPROPVARIANT propvarSrc", "PROPVAR_CHANGE_FLAGS flags", "VARTYPE vt"], "PropVariantCopy": ["const PROPVARIANT *pvar"], "OleCreateEmbeddingHelper": ["REFCLSID clsid", "LPUNKNOWN pUnkOuter", "DWORD flags", "LPCLASSFACTORY pCF", "REFIID riid"], "CoCreateFreeThreadedMarshaler": ["LPUNKNOWN punkOuter"], "DllGetClassObject": ["REFCLSID rclsid", "REFIID riid"], "CoTaskMemAlloc": ["SIZE_T cb"], "StgCreateDocfileOnILockBytes": ["DWORD grfMode", "DWORD reserved"], "NdrProxyForwardingFunction7": ["PRPC_MESSAGE pRpcMsg", "PMIDL_STUB_MESSAGE pStubMsg", "PMIDL_STUB_DESC pStubDescriptor", "unsigned int"], "OleCreateDefaultHandler": ["REFCLSID clsid", "LPUNKNOWN pUnkOuter", "REFIID riid"], "CoFileTimeToDosDateTime": ["LPWORD lpDosDate", "LPWORD lpDosTime"], "CLSIDFromProgID": ["LPCOLESTR lpszProgID", "LPCLSID lpclsid"], "WriteClassStg": ["REFCLSID rclsid"], "CoGetDefaultContext": ["APITYPE aptType", "REFIID riid"], "OleSetContainedObject": ["LPUNKNOWN pUnknown", "BOOL fContained"], "OleFlushClipboard": [], "CoReleaseMarshalData": ["LPSTREAM pStm"], "MkParseDisplayName": ["LPBC pbc", "LPCOLESTR szUserName"], "CreateGenericComposite": ["opt_LPMONIKER pmkFirst", "opt_LPMONIKER pmkRest"]} 2 | -------------------------------------------------------------------------------- /data/windows/NTDLL.json: -------------------------------------------------------------------------------- 1 | {"RtlIpv6StringToAddressExW": ["PCTSTR AddressString", "PULONG ScopeId", "PUSHORT Port"], "_ui64toa": [], "RtlIsNameLegalDOS8Dot3": ["PUNICODE_STRING Name", "opt_POEM_STRING OemName", "opt_PBOOLEAN NameContainsSpaces"], "RtlIpv6StringToAddressExA": ["PCTSTR AddressString", "PULONG ScopeId", "PUSHORT Port"], "_ui64tow": [], "RtlRestoreLastWin32Error": ["DWORD dwErrCode"], "ZwRequestWaitReplyPort": [], "EtwEventWriteTransfer": [], "NtOpenSymbolicLinkObject": ["PHANDLE LinkHandle", "ACCESS_MASK DesiredAccess", "POBJECT_ATTRIBUTES ObjectAttributes"], "NtWaitForWorkViaWorkerFactory": ["HANDLE Handle", "BOOLEAN Alertable", "PLARGE_INTEGER Timeout"], "isspace": ["t locale", "t locale"], "RtlRemoveVectoredExceptionHandler": ["ULONG FirstHandler", "PVECTORED_EXCEPTION_HANDLER VectoredHandler"], "memmove_s": [], "NtSetInformationProcess": [], "vswprintf_s": [], "strnlen": ["t locale", "t locale"], "RtlRestoreContext": ["PCONTEXT ContextRecord", "PEXCEPTION_RECORD ExceptionRecord"], "RtlIpv4AddressToStringW": ["const IN_ADDR", "PTSTR S"], "ZwResumeThread": ["HANDLE hThread"], "RtlIpv4AddressToStringA": ["const IN_ADDR", "PTSTR S"], "iswspace": ["t locale", "t locale"], "_ultoa": [], "RtlUserThreadStart": [], "wcschr": ["t locale", "t locale", "t locale"], "MD5Update": ["UNSIGNED CHAR"], "_stricmp": ["t locale", "t locale", "t locale"], "_vsnprintf_s": [], "_ultow": [], "NtQueryValueKey": ["DWORD dwExceptionCode", "DWORD dwExceptionFlags", "DWORD nNumberOfArguments", "const ULONG_PTR"], "RtlFirstEntrySList": ["PSLIST_HEADER ListHead"], "RtlTryEnterCriticalSection": ["LPCRITICAL_SECTION lpCriticalSection"], "NtReadFile": ["HANDLE FileHandle", "opt_HANDLE Event", "opt_PIO_APC_ROUTINE ApcRoutine", "opt_PVOID ApcContext", "PIO_STATUS_BLOCK IoStatusBlock", "PVOID Buffer", "ULONG Length", "opt_PLARGE_INTEGER ByteOffset", "opt_PULONG Key"], "NtQuerySystemInformation": ["SYSTEM_INFORMATION_CLASS SystemInformationClass", "PVOID SystemInformation", "ULONG SystemInformationLength", "opt_PULONG ReturnLength"], "NtQueryInformationJobObject": ["opt_HANDLE hJob", "JOBOBJECTINFOCLASS JobObjectInfoClass", "LPVOID lpJobObjectInfo", "DWORD cbJobObjectInfoLength", "opt_LPDWORD lpReturnLength"], "RtlCaptureStackBackTrace": ["ULONG FramesToSkip", "ULONG FramesToCapture", "opt_PULONG BackTraceHash"], "_setjmpex": [], "ZwWaitForWorkViaWorkerFactory": [], "RtlUnicodeStringToAnsiSize": [], "NtProtectVirtualMemory": ["LPVOID lpAddress", "SIZE_T dwSize", "DWORD flNewProtect", "PDWORD lpflOldProtect"], "RtlDeleteCriticalSection": ["LPCRITICAL_SECTION lpCriticalSection"], "A_SHAUpdate": ["UNSIGNED CHAR"], "RtlLocalTimeToSystemTime": ["PLARGE_INTEGER LocalTime", "PLARGE_INTEGER SystemTime"], "A_SHAInit": [], "RtlCompareUnicodeStrings": ["PCUNICODE_STRING String1", "PCUNICODE_STRING String2", "BOOLEAN CaseInSensitive"], "RtlUnicodeToMultiByteSize": ["PULONG BytesInMultiByteString", "PWCH UnicodeString", "ULONG BytesInUnicodeString"], "NtSetTimerResolution": ["HMODULE hModule", "LPCSTR lpProcName"], "RtlInitUnicodeString": ["PUNICODE_STRING DestinationString", "opt_PCWSTR SourceString"], "NtTerminateThread": ["HANDLE hThread", "DWORD dwExitCode"], "wcstol": ["t locale", "t locale"], "RtlAcquireResourceShared": ["HANDLE ThreadHandle", "THREADINFOCLASS ThreadInformationClass", "PVOID ThreadInformation", "ULONG ThreadInformationLength", "opt_PULONG ReturnLength"], "NtSetInformationKey": ["HANDLE KeyHandle", "KEY_SET_INFORMATION_CLASS KeySetInformationClass", "PVOID KeySetInformation", "ULONG KeySetInformationLength"], "RtlIpv4StringToAddressExA": ["PCTSTR AddressString", "BOOLEAN Strict", "PUSHORT Port"], "RtlQueryEnvironmentVariable": ["opt_LPCTSTR lpName", "opt_LPTSTR lpBuffer", "DWORD nSize"], "NtWaitForMultipleObjects": ["DWORD nCount", "const HANDLE", "BOOL bWaitAll", "DWORD dwMilliseconds"], "RtlImageDirectoryEntryToData": ["PVOID Base", "BOOLEAN MappedAsImage", "USHORT DirectoryEntry", "PULONG Size"], "RtlUnhandledExceptionFilter": ["struct _EXCEPTION_POINTERS"], "RtlIpv4StringToAddressExW": ["PCTSTR AddressString", "BOOLEAN Strict", "PUSHORT Port"], "wcscat_s": [], "RtlIpv6AddressToStringExW": ["const IN6_ADDR", "ULONG ScopeId", "USHORT Port", "LPTSTR AddressString", "PULONG AddressStringLength"], "_wcsnset_s": ["t locale", "t locale"], "LdrFindResource_U": ["opt_HMODULE hModule", "LPCTSTR lpName", "LPCTSTR lpType"], "RtlIpv6AddressToStringExA": ["const IN6_ADDR", "ULONG ScopeId", "USHORT Port", "LPTSTR AddressString", "PULONG AddressStringLength"], "NtQueryTimerResolution": ["SYSTEM_INFORMATION_CLASS SystemInformationClass", "PVOID SystemInformation", "ULONG SystemInformationLength", "opt_PULONG ReturnLength"], "RtlGetFrame": ["HCAPTURE hCapture", "DWORD FrameNumber"], "RtlCopyMemory": ["PVOID Destination", "const VOID", "SIZE_T Length"], "CsrSetPriorityClass": ["HANDLE hProcess", "DWORD dwPriorityClass"], "_vsnwprintf_s": [], "iswlower": ["t locale", "t locale"], "swprintf": [], "_wsplitpath_s": [], "_snprintf_s": [], "_snwprintf_s": [], "RtlFindActivationContextSectionString": ["DWORD dwFlags", "const GUID", "ULONG ulSectionId", "LPCTSTR lpStringToFind", "PACTCTX_SECTION_KEYED_DATA ReturnedData"], "towupper": ["t locale", "t locale"], "strlen": [], "NtOpenDirectoryObject": ["PHANDLE DirectoryHandle", "ACCESS_MASK DesiredAccess", "POBJECT_ATTRIBUTES ObjectAttributes"], "strncat": ["PTSTR psz1"], "NtCreatePrivateNamespace": ["opt_LPSECURITY_ATTRIBUTES lpPrivateNamespaceAttributes", "LPVOID lpBoundaryDescriptor", "LPCTSTR lpAliasPrefix"], "NtQueryObject": ["opt_HANDLE Handle", "OBJECT_INFORMATION_CLASS ObjectInformationClass", "opt_PVOID ObjectInformation", "ULONG ObjectInformationLength", "opt_PULONG ReturnLength"], "sin": [], "_wcsicmp": ["t locale", "t locale", "t locale"], "RtlDecodeSystemPointer": ["PVOID Ptr"], "atan": [], "CsrGetProcessId": ["HANDLE Process"], "NtUnmapViewOfSection": ["opt_LPVOID lpAddress", "SIZE_T dwSize", "DWORD flAllocationType", "DWORD flProtect"], "RtlUTF8ToUnicodeN": ["PWSTR UnicodeStringDestination", "ULONG UnicodeStringMaxWCharCount", "opt_PULONG UnicodeStringActualWCharCount", "PCCH UTF8StringSource", "ULONG UTF8StringByteCount"], "NtSetSystemPowerState": ["BOOL fSuspend", "BOOL fForce"], "RtlEncodePointer": ["PVOID Ptr"], "ZwGetContextThread": ["HANDLE hThread", "LPCONTEXT lpContext"], "RtlCompareUnicodeString": ["PCUNICODE_STRING String1", "PCUNICODE_STRING String2", "BOOLEAN CaseInSensitive"], "iswxdigit": ["t locale", "t locale"], "NtOpenKey": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "PHKEY phkResult"], "iscntrl": ["t locale", "t locale"], "NtAdjustPrivilegesToken": ["HANDLE TokenHandle", "BOOL DisableAllPrivileges", "opt_PTOKEN_PRIVILEGES NewState", "DWORD BufferLength", "opt_PTOKEN_PRIVILEGES PreviousState", "opt_PDWORD ReturnLength"], "NtQueryInformationProcess": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "strncpy_s": ["t locale", "t locale", "t locale", "t locale"], "ZwCreateThread": ["HANDLE Handle", "BOOLEAN Alertable", "PLARGE_INTEGER Timeout"], "wcsncpy_s": ["t locale", "t locale", "t locale", "t locale"], "NtRenameKey": ["HANDLE KeyHandle", "PUNICODE_STRING NewName"], "ZwAdjustPrivilegesToken": ["HANDLE TokenHandle", "BOOL DisableAllPrivileges", "opt_PTOKEN_PRIVILEGES NewState", "DWORD BufferLength", "opt_PTOKEN_PRIVILEGES PreviousState", "opt_PDWORD ReturnLength"], "RtlIpv6StringToAddressW": ["PCTSTR S"], "NtClearEvent": ["HANDLE hEvent"], "RtlRaiseException": ["PEXCEPTION_RECORD ExceptionRecord"], "NtCompareTokens": ["HANDLE FirstTokenHandle", "HANDLE SecondTokenHandle", "PBOOLEAN Equal"], "_vswprintf": [], "sscanf_s": [], "RtlIpv6StringToAddressA": ["PCTSTR S"], "RtlDelete": ["PRUNTIME_FUNCTION FunctionTable", "DWORD EntryCount", "DWORD64 BaseAddress", "ULONGLONG TargetGp"], "RtlAddVectoredExceptionHandler": ["ULONG FirstHandler", "PVECTORED_EXCEPTION_HANDLER VectoredHandler"], "NtNotifyChangeMultipleKeys": ["HANDLE MasterKeyHandle", "opt_ULONG Count", "opt_POBJECT_ATTRIBUTES SubordinateObjects", "opt_HANDLE Event", "opt_PIO_APC_ROUTINE ApcRoutine", "opt_PVOID ApcContext", "PIO_STATUS_BLOCK IoStatusBlock", "ULONG CompletionFilter", "BOOLEAN WatchTree", "opt_PVOID Buffer", "ULONG BufferSize", "BOOLEAN Asynchronous"], "_strupr": ["t locale", "t locale", "t locale", "t locale", "t locale", "t locale"], "ZwCreateMutant": ["opt_LPSECURITY_ATTRIBUTES lpMutexAttributes", "BOOL bInitialOwner", "opt_LPCTSTR lpName"], "ZwSetInformationKey": [], "NtCreateProcess": ["opt_LPCTSTR lpApplicationName", "opt_LPTSTR lpCommandLine", "opt_LPSECURITY_ATTRIBUTES lpProcessAttributes", "opt_LPSECURITY_ATTRIBUTES lpThreadAttributes", "BOOL bInheritHandles", "DWORD dwCreationFlags", "opt_LPVOID lpEnvironment", "opt_LPCTSTR lpCurrentDirectory", "LPSTARTUPINFO lpStartupInfo", "LPPROCESS_INFORMATION lpProcessInformation"], "vDbgPrintExWithPrefix": [], "RtlCloneUserProcess": [], "wcsrchr": ["t locale", "t locale", "t locale"], "NtSetTimer": ["HMODULE hModule", "LPCSTR lpProcName"], "ZwSetInformationProcess": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "RtlInterlockedPopEntrySList": ["PSLIST_HEADER ListHead"], "memchr": [], "ZwImpersonateThread": ["HANDLE ThreadHandle"], "NtQueryPerformanceCounter": ["PLARGE_INTEGER PerformanceCounter", "opt_PLARGE_INTEGER PerformanceFrequency"], "ZwImpersonateAnonymousToken": ["HANDLE ThreadHandle"], "memcpy_s": [], "_vscwprintf": [], "AlpcGetHeaderSize": ["HANDLE hProcess", "HMODULE hModule", "LPMODULEINFO lpmodinfo", "DWORD cb"], "RtlVirtualUnwind": ["opt_ ContextPointers"], "sprintf": [], "strrchr": ["t locale", "t locale", "t locale"], "LdrGetDllHandle": ["opt_LPCTSTR lpModuleName"], "RtlGetVersion": ["PRTL_OSVERSIONINFOW lpVersionInformation"], "RtlDecodePointer": [], "strcspn": ["PCTSTR pszStr", "PCTSTR pszSet"], "EtwEventUnregister": ["LPEXCEPTION_POINTERS pep", "DWORD dwMode"], "ZwQueryAttributesFile": ["LPCTSTR lpFileName"], "labs": [], "_wcsset_s": ["t locale"], "RtlInitializeConditionVariable": ["PCONDITION_VARIABLE ConditionVariable"], "RtlEnterCriticalSection": ["LPCRITICAL_SECTION lpCriticalSection"], "NtGetContextThread": ["HANDLE hThread", "LPCONTEXT lpContext"], "wcsspn": ["t locale"], "DbgBreakPoint": [], "RtlSetDaclSecurityDescriptor": [], "_ultow_s": [], "strncmp": ["t locale"], "NtRaiseHardError": ["PEXCEPTION_RECORD ExceptionRecord"], "ZwQuerySystemInformation": ["SYSTEM_INFORMATION_CLASS SystemInformationClass", "PVOID SystemInformation", "ULONG SystemInformationLength", "opt_PULONG ReturnLength"], "NtTerminateProcess": ["HANDLE hProcess", "UINT uExitCode"], "LdrUnregisterDllNotification": ["PVOID Cookie"], "wcscpy_s": [], "RtlUnwind": ["opt_PVOID TargetFrame", "opt_PVOID TargetIp", "opt_PEXCEPTION_RECORD ExceptionRecord", "PVOID ReturnValue"], "_vsnwprintf": [], "strncpy": ["t locale", "t locale"], "wcsnlen": ["t locale", "t locale"], "isalnum": ["t locale", "t locale"], "RtlCreateTimer": ["PHANDLE phNewTimer", "opt_HANDLE TimerQueue", "WAITORTIMERCALLBACK Callback", "opt_PVOID Parameter", "DWORD DueTime", "DWORD Period", "ULONG Flags"], "qsort": [], "_itoa_s": [], "isalpha": ["t locale", "t locale"], "_snprintf": [], "NtQueryMultipleValueKey": ["HANDLE KeyHandle", "PKEY_VALUE_ENTRY ValueEntries", "ULONG EntryCount", "PVOID ValueBuffer", "PULONG BufferLength", "opt_PULONG RequiredBufferLength"], "_ultoa_s": [], "RtlUniform": ["PULONG Seed"], "NtResumeThread": ["HANDLE hThread"], "NtQuerySection": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "RtlIdnToAscii": ["DWORD dwFlags", "LPCWSTR lpUnicodeCharStr", "int cchUnicodeChar", "opt_LPWSTR lpASCIICharStr", "int cchASCIIChar"], "RtlUnwindEx": ["opt_PVOID TargetFrame", "opt_PVOID TargetIp", "opt_PEXCEPTION_RECORD ExceptionRecord", "PVOID ReturnValue", "PCONTEXT OriginalContext", "opt_PUNWIND_HISTORY_TABLE HistoryTable"], "RtlCreateUserThread": ["HMODULE hModule"], "ZwReleaseKeyedEvent": [], "wcscpy": [], "RtlInterlockedFlushSList": ["PSLIST_HEADER ListHead"], "LdrUnloadDll": ["HMODULE hModule"], "_i64tow": [], "RtlExpandEnvironmentStrings": ["LPCTSTR lpSrc", "opt_LPTSTR lpDst", "DWORD nSize"], "ZwCreateFile": ["PHANDLE FileHandle", "ACCESS_MASK DesiredAccess", "POBJECT_ATTRIBUTES ObjectAttributes", "PIO_STATUS_BLOCK IoStatusBlock", "ULONG ShareAccess", "ULONG OpenOptions"], "strtok_s": [], "_i64toa": [], "__iscsym": ["t locale", "t locale", "t locale", "t locale"], "RtlQueryPerformanceFrequency": ["PLARGE_INTEGER PerformanceCounter", "opt_PLARGE_INTEGER PerformanceFrequency"], "DbgPrint": ["opt_LPCTSTR lpOutputString"], "NtRaiseException": ["DWORD dwExceptionCode", "DWORD dwExceptionFlags", "DWORD nNumberOfArguments", "const ULONG_PTR"], "_splitpath_s": [], "RtlPrefixUnicodeString": ["PCUNICODE_STRING String1", "PCUNICODE_STRING String2", "BOOLEAN CaseInSensitive"], "iswalpha": ["t locale", "t locale"], "ZwTerminateThread": ["HANDLE hThread", "DWORD dwExitCode"], "_atoi64": ["t locale", "t locale"], "RtlExitUserThread": [], "TpIsTimerSet": ["ULONG Flags", "PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction", "opt_PVOID Context"], "RtlGetLastWin32Error": [], "_splitpath": [], "strpbrk": ["PTSTR psz", "PCTSTR pszSet"], "RtlCaptureContext": ["PCONTEXT ContextRecord"], "_strnset_s": ["t locale", "t locale"], "ZwYieldExecution": [], "wcsstr": ["t locale", "t locale", "t locale"], "_wtol": ["t locale", "t locale"], "_wtoi": ["t locale", "t locale"], "NtQuerySymbolicLinkObject": ["HANDLE LinkHandle", "PUNICODE_STRING LinkTarget", "opt_PULONG ReturnedLength"], "RtlFormatMessage": ["DWORD dwFlags", "opt_LPCVOID lpSource", "DWORD dwMessageId", "DWORD dwLanguageId", "LPTSTR lpBuffer", "DWORD nSize"], "ZwQueryInformationThread": ["HANDLE ThreadHandle", "THREADINFOCLASS ThreadInformationClass", "PVOID ThreadInformation", "ULONG ThreadInformationLength", "opt_PULONG ReturnLength"], "_snwprintf": [], "ZwProtectVirtualMemory": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "KiUserExceptionDispatcher": [], "RtlSetUnhandledExceptionFilter": ["EXCEPTION_FILTER WINAPI", "LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter"], "wcscmp": [], "_memccpy": [], "iswctype": ["t desc", "t desc", "t locale", "t locale"], "ceil": [], "NtQueryTimer": ["SYSTEM_INFORMATION_CLASS SystemInformationClass", "PVOID SystemInformation", "ULONG SystemInformationLength", "opt_PULONG ReturnLength"], "wcsncmp": ["t locale"], "NtWaitForSingleObject": ["HANDLE Handle", "BOOLEAN Alertable", "PLARGE_INTEGER Timeout"], "ZwQueryInformationProcess": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "RtlCharToInteger": ["PCSZ String", "opt_ULONG Base", "PULONG Value"], "strcpy_s": [], "_ltoa": [], "LdrEnumerateLoadedModules": [], "ZwRaiseException": ["DWORD dwExceptionCode", "DWORD dwExceptionFlags", "DWORD nNumberOfArguments", "const ULONG_PTR"], "NtSuspendThread": ["HANDLE hThread"], "_ltow": [], "RtlpNtEnumerateSubKey": [], "strcat": ["PTSTR psz1", "PCTSTR psz2"], "NtQueryDirectoryObject": ["HANDLE DirectoryHandle", "opt_PVOID Buffer", "ULONG Length", "BOOLEAN ReturnSingleEntry", "BOOLEAN RestartScan", "PULONG Context", "opt_PULONG ReturnLength"], "swprintf_s": [], "VerSetConditionMask": ["ULONGLONG dwlConditionMask", "DWORD dwTypeBitMask", "BYTE dwConditionMask"], "strchr": ["PTSTR pszStart"], "RtlFormatCurrentUserKeyPath": ["UNICODE_STRING CurrentUserKeyPath"], "RtlFreeAnsiString": ["PANSI_STRING AnsiString"], "NtAddAtom": ["LPCTSTR lpString"], "RtlGetFunctionTableListHead": [], "NtDeviceIoControlFile": ["HANDLE FileHandle", "HANDLE Event", "PIO_APC_ROUTINE ApcRoutine", "PVOID ApcContext", "PIO_STATUS_BLOCK IoStatusBlock", "ULONG IoControlCode", "PVOID InputBuffer", "ULONG InputBufferLength", "PVOID OutputBuffer", "ULONG OutputBufferLength"], "RtlRegisterThreadWithCsrss": [], "RtlFormatMessageEx": ["DWORD dwFlags", "opt_LPCVOID lpSource", "DWORD dwMessageId", "DWORD dwLanguageId", "LPTSTR lpBuffer", "DWORD nSize"], "_strcmpi": ["t locale", "t locale", "t locale"], "NtQuerySystemTime": ["PLARGE_INTEGER SystemTime"], "LdrRegisterDllNotification": ["ULONG Flags", "PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction", "opt_PVOID Context"], "cos": [], "_vsnprintf": [], "NtQueryMutant": ["HANDLE DirectoryHandle", "opt_PVOID Buffer", "ULONG Length", "BOOLEAN ReturnSingleEntry", "BOOLEAN RestartScan", "PULONG Context", "opt_PULONG ReturnLength"], "LdrGetProcedureAddress": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "CsrClientCallServer": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "LdrLoadDll": ["ULONG Flags", "PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction", "opt_PVOID Context"], "LdrAccessResource": ["opt_HMODULE hModule", "LPCTSTR lpName", "LPCTSTR lpType"], "A_SHAFinal": ["UNSIGNED CHAR"], "RtlAnsiCharToUnicodeChar": [], "pow": [], "RtlDeactivateActivationContextUnsafeFast": ["DWORD dwExceptionCode", "DWORD dwExceptionFlags", "DWORD nNumberOfArguments", "const ULONG_PTR"], "wcscat": [], "_snscanf_s": [], "swscanf_s": [], "RtlSetHeapInformation": ["opt_HANDLE HeapHandle", "HEAP_INFORMATION_CLASS HeapInformationClass", "PVOID HeapInformation", "SIZE_T HeapInformationLength", "opt_PSIZE_T ReturnLength"], "_memicmp": ["t locale"], "_itoa": [], "NtQueueApcThread": ["PAPCFUNC pfnAPC", "HANDLE hThread", "ULONG_PTR dwData"], "__C_specific_handler": ["struct _EXCEPTION_RECORD", "struct _CONTEXT", "struct _DISPATCHER_CONTEXT"], "RtlPcToFileHeader": ["PVOID PcValue"], "_ui64toa_s": [], "_itow": [], "RtlInitUnicodeStringEx": ["PUNICODE_STRING DestinationString", "opt_PCWSTR SourceString"], "wcstoul": ["t locale", "t locale"], "NtCreateThread": ["opt_LPSECURITY_ATTRIBUTES lpThreadAttributes", "SIZE_T dwStackSize", "LPTHREAD_START_ROUTINE lpStartAddress", "opt_LPVOID lpParameter", "DWORD dwCreationFlags", "opt_LPDWORD lpThreadId"], "RtlIpv4AddressToStringExA": ["const IN_ADDR", "USHORT Port", "LPTSTR AddressString", "PULONG AddressStringLength"], "strncat_s": ["t locale", "t locale", "t locale", "t locale", "t locale", "t locale"], "RtlExpandEnvironmentStrings_U": [], "RtlIpv4AddressToStringExW": ["const IN_ADDR", "USHORT Port", "LPTSTR AddressString", "PULONG AddressStringLength"], "RtlUnhandledExceptionFilter2": ["struct _EXCEPTION_POINTERS"], "NtWaitForMultipleObjects32": ["HANDLE hThread", "PWOW64_CONTEXT lpContext"], "ZwTestAlert": ["HMODULE hModule", "LPCSTR lpProcName"], "NtOpenMutant": ["WORD wVersionRequested", "LPWSADATA lpWSAData"], "_itow_s": [], "RtlQueryDepthSList": ["PSLIST_HEADER ListHead"], "_strnicmp": ["t locale", "t locale", "t locale"], "vsprintf": [], "NtClose": ["HANDLE Handle"], "NtAccessCheck": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "HANDLE ClientToken", "DWORD DesiredAccess", "PGENERIC_MAPPING GenericMapping", "opt_PPRIVILEGE_SET PrivilegeSet", "LPDWORD PrivilegeSetLength", "LPDWORD GrantedAccess", "LPBOOL AccessStatus"], "RtlDeleteFunctionTable": ["PRUNTIME_FUNCTION FunctionTable"], "RtlpWaitForCriticalSection": [], "wcspbrk": ["t locale", "t locale", "t locale"], "RtlAddVectoredContinueHandler": ["ULONG FirstHandler", "PVECTORED_EXCEPTION_HANDLER VectoredHandler"], "RtlDeleteBoundaryDescriptor": ["HANDLE BoundaryDescriptor"], "fabs": [], "NtAccessCheckAndAuditAlarm": ["LPCTSTR SubsystemName", "opt_LPVOID HandleId", "LPTSTR ObjectTypeName", "opt_LPTSTR ObjectName", "PSECURITY_DESCRIPTOR SecurityDescriptor", "DWORD DesiredAccess", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPBOOL AccessStatus", "LPBOOL pfGenerateOnClose"], "sqrt": [], "vsprintf_s": [], "towlower": ["t locale", "t locale"], "ZwWaitForMultipleObjects": ["DWORD nCount", "const HANDLE", "BOOL bWaitAll", "DWORD dwMilliseconds"], "RtlIsNameInExpression": ["PUNICODE_STRING Expression", "PUNICODE_STRING Name", "BOOLEAN IgnoreCase", "opt_PWCH UpcaseTable"], "RtlImageNtHeaderEx": ["LPCRITICAL_SECTION lpCriticalSection"], "longjmp": [], "RtlLookupFunctionTable": ["ULONGLONG ControlPc", "PULONGLONG ImageBase", "PULONGLONG TargetGp"], "NtCreateMutant": ["WORD wVersionRequested", "LPWSADATA lpWSAData"], "EtwEventWrite": ["REGHANDLE RegHandle", "PCEVENT_DESCRIPTOR EventDescriptor", "ULONG UserDataCount", "opt_PEVENT_DATA_DESCRIPTOR UserData"], "wcsncat_s": ["t locale", "t locale", "t locale", "t locale", "t locale", "t locale"], "wcstombs": ["t locale", "t locale"], "log": [], "RtlUnicodeToUTF8N": ["PCHAR UTF8StringDestination", "ULONG UTF8StringMaxByteCount", "opt_PULONG UTF8StringActualByteCount", "PCWSTR UnicodeStringSource", "ULONG UnicodeStringWCharCount"], "_i64toa_s": [], "_ltoa_s": [], "ZwQueryDirectoryObject": ["HANDLE DirectoryHandle", "opt_PVOID Buffer", "ULONG Length", "BOOLEAN ReturnSingleEntry", "BOOLEAN RestartScan", "PULONG Context", "opt_PULONG ReturnLength"], "ZwQuerySystemTime": ["const FILETIME", "LPSYSTEMTIME lpSystemTime"], "NtCallbackReturn": [], "RtlGetUnloadEventTrace": ["EVENT_TRACE RtlGetUnloadEventTrace"], "RtlInitializeCriticalSection": ["LPCRITICAL_SECTION lpCriticalSection"], "RtlFreeOemString": ["POEM_STRING OemString"], "NtReadVirtualMemory": [], "RtlZeroMemory": [], "NtDelayExecution": ["DWORD dwMilliseconds", "BOOL bAlertable"], "__iscsymf": ["t locale", "t locale", "t locale", "t locale"], "RtlLeaveCriticalSection": ["LPCRITICAL_SECTION lpCriticalSection"], "_setjmp": [], "NtGetCurrentProcessorNumber": [], "strcat_s": [], "_i64tow_s": [], "_makepath_s": [], "RtlNtStatusToDosError": ["NTSTATUS Status"], "RtlQueryPerformanceCounter": ["PLARGE_INTEGER PerformanceCounter", "opt_PLARGE_INTEGER PerformanceFrequency"], "NtCreateFile": ["PHANDLE FileHandle", "ACCESS_MASK DesiredAccess", "POBJECT_ATTRIBUTES ObjectAttributes", "PIO_STATUS_BLOCK IoStatusBlock", "opt_PLARGE_INTEGER AllocationSize", "ULONG FileAttributes", "ULONG ShareAccess", "ULONG CreateDisposition", "ULONG CreateOptions", "PVOID EaBuffer", "ULONG EaLength"], "RtlUnicodeStringToOemString": ["POEM_STRING DestinationString", "PUNICODE_STRING SourceString", "BOOLEAN AllocateDestinationString"], "RtlFreeUnicodeString": ["PUNICODE_STRING UnicodeString"], "ZwSetContextThread": ["UINT uExitCode"], "strstr": ["PTSTR pszFirst", "PCTSTR pszSrch"], "NtFlushInstructionCache": ["HANDLE hProcess", "LPCVOID lpBaseAddress", "SIZE_T dwSize"], "RtlInitializeSListHead": ["PSLIST_HEADER ListHead"], "RtlInterlockedPushEntrySList": ["PSLIST_HEADER ListHead", "PSLIST_ENTRY ListEntry"], "NtGetTickCount": [], "RtlGetUnloadEventTraceEx": [], "RtlConvertSidToUnicodeString": ["PUNICODE_STRING UnicodeString", "PSID Sid", "BOOLEAN AllocateDestinationString"], "strcmp": ["PCTSTR psz1", "PCTSTR psz2"], "LdrShutdownProcess": ["HANDLE hProcess", "UINT uExitCode"], "_lfind": [], "ZwQueryPerformanceCounter": ["PLARGE_INTEGER PerformanceCounter", "opt_PLARGE_INTEGER PerformanceFrequency"], "RtlLoadString": ["opt_HINSTANCE hInstance", "UINT uID", "LPTSTR lpBuffer", "int nBufferMax"], "_wcstoui64": ["t locale", "t locale"], "RtlAddFunctionTable": ["PRUNTIME_FUNCTION FunctionTable", "DWORD EntryCount", "DWORD64 BaseAddress", "ULONGLONG TargetGp"], "RtlGetProcessHeaps": ["HANDLE hHeap", "DWORD dwFlags", "LPVOID lpMem"], "_ltow_s": [], "RtlUnicodeStringToAnsiString": ["PANSI_STRING DestinationString", "PUNICODE_STRING SourceString", "BOOLEAN AllocateDestinationString"], "isxdigit": ["t locale", "t locale"], "RtlImageRvaToVa": ["PIMAGE_NT_HEADERS NtHeaders", "PVOID Base", "ULONG Rva"], "RtlIsValidLocaleName": ["LPCWSTR LocaleName", "ULONG Flags"], "mbstowcs": ["t locale", "t locale"], "EtwGetTraceEnableFlags": ["TRACEHANDLE TraceHandle", "LPCGUID ProviderId", "ULONG ControlCode", "UCHAR Level", "ULONGLONG MatchAnyKeyword", "ULONGLONG MatchAllKeyword", "ULONG Timeout", "opt_PENABLE_TRACE_PARAMETERS EnableParameters"], "ZwSuspendProcess": ["HANDLE ProcessHandle", "PROCESSINFOCLASS ProcessInformationClass", "PVOID ProcessInformation", "ULONG ProcessInformationLength", "opt_PULONG ReturnLength"], "RtlTimeToSecondsSince1970": ["PLARGE_INTEGER Time", "PULONG ElapsedSeconds"], "RtlCreateBoundaryDescriptor": ["LPCTSTR Name", "ULONG Flags"], "sprintf_s": [], "RtlLogStackBackTrace": ["ULONG FramesToSkip", "ULONG FramesToCapture", "opt_PULONG BackTraceHash"], "_wmakepath_s": [], "NtOpenThread": ["PHANDLE ThreadHandle", "ACCESS_MASK DesiredAccess", "POBJECT_ATTRIBUTES ObjectAttributes", "PCLIENT_ID ClientId"], "iswdigit": ["t locale", "t locale"], "strcpy": [], "bsearch": [], "RtlAdjustPrivilege": ["HANDLE TokenHandle", "BOOL DisableAllPrivileges", "opt_PTOKEN_PRIVILEGES NewState", "DWORD BufferLength", "opt_PTOKEN_PRIVILEGES PreviousState", "opt_PDWORD ReturnLength"], "toupper": ["t locale", "t locale"], "_wcsupr": ["t locale", "t locale", "t locale", "t locale", "t locale", "t locale"], "RtlIpv4StringToAddressW": ["PCTSTR S", "BOOLEAN Strict"], "RtlIpv4StringToAddressA": ["PCTSTR S", "BOOLEAN Strict"], "isprint": ["t locale", "t locale"], "wcscspn": ["t locale"], "RtlEthernetStringToAddressA": ["PCTSTR S"], "NtCreateThreadEx": [], "wcslen": ["t locale", "t locale"], "KiUserCallbackDispatcher": ["WNDPROC lpPrevWndFunc", "HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "wcsncat": ["t locale", "t locale"], "RtlEthernetStringToAddressW": ["PCTSTR S"], "_snwscanf_s": [], "_strset_s": ["t locale"], "RtlNtStatusToDosErrorNoTeb": ["NTSTATUS Status"], "NtQuerySystemInformationEx": ["LPOSVERSIONINFO lpVersionInfo"], "NtQueryInformationThread": ["HANDLE ThreadHandle", "THREADINFOCLASS ThreadInformationClass", "PVOID ThreadInformation", "ULONG ThreadInformationLength", "opt_PULONG ReturnLength"], "__isascii": [], "atoi": ["t locale", "t locale"], "atol": ["t locale", "t locale"], "RtlInstallFunctionTableCallback": ["DWORD64 TableIdentifier", "DWORD64 BaseAddress", "DWORD Length", "PGET_RUNTIME_FUNCTION_CALLBACK Callback", "PVOID Context", "PCWSTR OutOfProcessCallbackDll"], "_swprintf": [], "RtlIpv6AddressToStringW": ["const IN6_ADDR", "LPTSTR S"], "NtOpenProcessToken": [], "RtlIpv6AddressToStringA": ["const IN6_ADDR", "LPTSTR S"], "strspn": ["PCTSTR psz", "PCTSTR pszSet"], "strtol": ["t locale", "t locale"], "RtlEthernetAddressToStringA": ["const DL_EUI48", "LPTSTR S"], "isdigit": [], "ispunct": ["t locale", "t locale"], "NtMapViewOfSection": ["HANDLE hFile", "opt_LPSECURITY_ATTRIBUTES lpFileMappingAttributes", "DWORD flProtect", "DWORD dwMaximumSizeHigh", "DWORD dwMaximumSizeLow", "opt_LPCTSTR lpName", "DWORD nndPreferred"], "NtGetDevicePowerState": [], "floor": [], "RtlValidateHeap": ["HANDLE hHeap", "DWORD dwFlags", "opt_LPCVOID lpMem"], "wcsncpy": ["t locale", "t locale"], "TpReleaseWait": ["PTP_CLEANUP_GROUP ptpcg", "BOOL fCancelPendingCallbacks", "opt_PVOID pvCleanupContext"], "NtOpenFile": ["PHANDLE FileHandle", "ACCESS_MASK DesiredAccess", "POBJECT_ATTRIBUTES ObjectAttributes", "PIO_STATUS_BLOCK IoStatusBlock", "ULONG ShareAccess", "ULONG OpenOptions"], "NtOpenKeyEx": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD ulOptions", "REGSAM samDesired", "PHKEY phkResult"], "RtlFreeHeap": ["PVOID HeapHandle", "opt_ULONG Flags", "PVOID HeapBase"], "NtQueryAttributesFile": ["POBJECT_ATTRIBUTES ObjectAttributes", "PFILE_BASIC_INFORMATION FileInformation"], "RtlWerpReportException": [], "RtlEthernetAddressToStringW": ["const DL_EUI48", "LPTSTR S"], "RtlQueryEnvironmentVariable_U": ["opt_LPCTSTR lpName", "opt_LPTSTR lpBuffer", "DWORD nSize"], "RtlLookupFunctionEntry": ["ULONGLONG ControlPc", "PULONGLONG ImageBase", "PULONGLONG TargetGp"], "__toascii": [], "RtlMoveMemory": ["VOID UNALIGNED", "const VOID", "SIZE_T Length"], "_ui64tow_s": [], "RtlInitString": ["PSTRING DestinationString", "PCSZ SourceString"], "NtdllDefWindowProc_W": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"]} -------------------------------------------------------------------------------- /data/windows/USER32.json: -------------------------------------------------------------------------------- 1 | {"GetMenuInfo": ["HMENU hmenu", "LPMENUINFO lpcmi"], "DdeAccessData": ["HDDEDATA hData", "opt_LPDWORD pcbDataSize"], "SetUserObjectSecurity": ["HANDLE hObj", "PSECURITY_INFORMATION pSIRequested", "PSECURITY_DESCRIPTOR pSID"], "IsTouchWindow": ["HWND hWnd", "opt_PULONG pulFlags"], "PhysicalToLogicalPoint": ["HWND hWnd", "LPPOINT lpPoint"], "GetGuiResources": ["HANDLE hProcess", "DWORD uiFlags"], "VkKeyScanExA": ["TCHAR ch", "HKL dwhkl"], "DdeDisconnect": ["HCONV hConv"], "DisplayConfigSetDeviceInfo": [], "SetTimer": ["opt_HWND hWnd", "UINT_PTR nIDEvent", "UINT uElapse", "opt_TIMERPROC lpTimerFunc"], "SetMenuItemInfoA": ["HMENU hMenu", "UINT uItem", "BOOL fByPosition", "LPMENUITEMINFO lpmii"], "CharUpperBuffA": ["LPTSTR lpsz", "DWORD cchLength"], "RegisterShellHookWindow": ["HWND hWnd"], "CharUpperBuffW": ["LPTSTR lpsz", "DWORD cchLength"], "SetMenuItemInfoW": ["HMENU hMenu", "UINT uItem", "BOOL fByPosition", "LPMENUITEMINFO lpmii"], "SetMenuItemBitmaps": ["HMENU hMenu", "UINT uPosition", "UINT uFlags", "opt_HBITMAP hBitmapUnchecked", "opt_HBITMAP hBitmapChecked"], "DdeUnaccessData": ["HDDEDATA hData"], "GetMenu": ["HWND hWnd"], "DlgDirSelectExA": ["HWND hDlg", "LPTSTR lpString", "int nng", "int nIDListBox"], "EndMenu": [], "ShowSystemCursor": ["BOOL fShowCursor"], "SendMessageA": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "DlgDirSelectExW": ["HWND hDlg", "LPTSTR lpString", "int nCount", "int nIDListBox"], "GetClientRect": ["HWND hWnd", "LPRECT lpRect"], "DrawTextW": ["HDC hDC", "LPCTSTR lpchText", "int nCount", "LPRECT lpRect", "UINT uFormat"], "GetNextDlgTabItem": ["HWND hDlg", "opt_HWND hCtl", "BOOL bPrevious"], "CallNextHookEx": ["opt_HHOOK hhk", "int nCode", "WPARAM wParam", "LPARAM lParam"], "DdeFreeDataHandle": ["HDDEDATA hData"], "TrackPopupMenu": ["HMENU hMenu", "UINT uFlags", "int x", "int y", "int nReserved", "HWND hWnd", "const RECT *prcRect"], "DrawFrame": ["HDC hdc", "LPRECT lprc", "UINT uType", "UINT uState"], "UnhookWindowsHook": ["HHOOK hhk"], "UserHandleGrantAccess": ["HANDLE hUserHandle", "HANDLE hJob", "BOOL bGrant"], "MsgWaitForMultipleObjects": ["DWORD nCount", "const HANDLE *pHandles", "BOOL bWaitAll", "DWORD dwMilliseconds", "DWORD dwWakeMask"], "DdeFreeStringHandle": ["DWORD idInst", "HSZ hsz"], "SoftModalMessageBox": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType", "WORD wLanguageId"], "DestroyMenu": ["HMENU hMenu"], "DdeSetQualityOfService": ["HWND hwndClient", "const SECURITY_QUALITY_OF_SERVICE *pqosNew", "PSECURITY_QUALITY_OF_SERVICE pqosPrev"], "DrawEdge": ["HDC hdc", "LPRECT qrc", "UINT edge", "UINT grfFlags"], "DdeDisconnectList": ["HCONVLIST hConvList"], "SendIMEMessageExA": ["HWND hwnd", "LPARAM lParam"], "GetUserObjectInformationW": ["HANDLE hObj", "int nIndex", "opt_PVOID pvInfo", "DWORD nLength", "opt_LPDWORD lpnLengthNeeded"], "IsWow64Message": [], "UpdateWindow": ["HWND hWnd"], "DlgDirListComboBoxW": ["HWND hDlg", "LPTSTR lpPathSpec", "int nIDComboBox", "int nIDStaticPath", "UINT uFiletype"], "IsThreadDesktopComposited": ["DWORD dwThreadId"], "GetUserObjectInformationA": ["HANDLE hObj", "int nIndex", "opt_PVOID pvInfo", "DWORD nLength", "opt_LPDWORD lpnLengthNeeded"], "SendIMEMessageExW": ["HWND hwnd", "LPARAM lParam"], "ChangeWindowMessageFilter": ["UINT message", "DWORD dwFlag"], "GetWindowContextHelpId": [], "GetTopLevelWindow": ["opt_HWND hWnd"], "DlgDirListComboBoxA": ["HWND hDlg", "LPTSTR lpPathSpec", "int nIDComboBox", "int nIDStaticPath", "UINT uFiletype"], "GetWindowMinimizeRect": ["int nIndex"], "GetDesktopWindow": [], "PeekMessageW": ["LPMSG lpMsg", "opt_HWND hWnd", "UINT wMsgFilterMin", "UINT wMsgFilterMax", "UINT wRemoveMsg"], "SetWindowsHookExW": ["int idHook", "HOOKPROC lpfn", "HINSTANCE hMod", "DWORD dwThreadId"], "InsertMenuItemW": ["HMENU hMenu", "UINT uItem", "BOOL fByPosition", "LPCMENUITEMINFO lpmii"], "GetDlgItemTextA": ["HWND hDlg", "int nIDDlgItem", "LPTSTR lpString", "int nMaxCount"], "GetWindowDisplayAffinity": ["HWND hWnd"], "PeekMessageA": ["LPMSG lpMsg", "opt_HWND hWnd", "UINT wMsgFilterMin", "UINT wMsgFilterMax", "UINT wRemoveMsg"], "ScrollDC": ["HDC hDC", "int dx", "int dy", "const RECT *lprcScroll", "const RECT *lprcClip", "HRGN hrgnUpdate", "LPRECT lprcUpdate"], "DdeEnableCallback": ["DWORD idInst", "HCONV hConv", "UINT wCmd"], "GetDlgItemTextW": ["HWND hDlg", "int nIDDlgItem", "LPTSTR lpString", "int nMaxCount"], "GetDlgItemInt": ["HWND hDlg", "int nIDDlgItem", "BOOL bSigned"], "BroadcastSystemMessageExW": ["DWORD dwFlags", "opt_LPDWORD lpdwRecipients", "UINT uiMessage", "WPARAM wParam", "LPARAM lParam", "opt_PBSMINFO pBSMInfo"], "RegisterTouchWindow": ["HWND hWnd", "ULONG ulFlags"], "InsertMenuItemA": ["HMENU hMenu", "UINT uItem", "BOOL fByPosition", "LPCMENUITEMINFO lpmii"], "InternalGetWindowText": ["HWND hWnd", "LPWSTR lpString", "int nMaxCount"], "GetQueueStatus": ["UINT flags"], "OpenDesktopW": ["LPTSTR lpszDesktop", "DWORD dwFlags", "BOOL fInherit", "ACCESS_MASK dwDesiredAccess"], "CloseWindow": ["HWND hWnd"], "OpenDesktopA": ["LPTSTR lpszDesktop", "DWORD dwFlags", "BOOL fInherit", "ACCESS_MASK dwDesiredAccess"], "TrackPopupMenuEx": ["HMENU hmenu", "UINT fuFlags", "int x", "int y", "HWND hwnd", "opt_LPTPMPARAMS lptpm"], "GetPriorityClipboardFormat": ["int cFormats"], "UnhookWinEvent": ["HWINEVENTHOOK hWinEventHook"], "OemToCharA": ["LPCSTR lpszSrc", "LPTSTR lpszDst"], "DlgDirListA": ["HWND hDlg", "LPTSTR lpPathSpec", "int nIDListBox", "int nIDStaticPath", "UINT uFileType"], "FillRect": ["HDC hDC", "const RECT *lprc", "HBRUSH hbr"], "MonitorFromPoint": ["POINT pt", "DWORD dwFlags"], "CreateAcceleratorTableW": ["LPACCEL lpaccl", "int cEntries"], "WaitForInputIdle": ["HANDLE hProcess", "DWORD dwMilliseconds"], "DlgDirListW": ["HWND hDlg", "LPTSTR lpPathSpec", "int nIDListBox", "int nIDStaticPath", "UINT uFileType"], "EnumDesktopWindows": ["opt_HDESK hDesktop", "WNDENUMPROC lpfn", "LPARAM lParam"], "OemToCharW": ["LPCSTR lpszSrc", "LPTSTR lpszDst"], "RealChildWindowFromPoint": ["HWND hwndParent", "POINT ptParentClientCoords"], "GetPhysicalCursorPos": ["LPPOINT lpPoint"], "GetWindowLongW": ["HWND hWnd", "int nIndex"], "CharNextW": ["LPCTSTR lpsz"], "RegisterRawInputDevices": ["PCRAWINPUTDEVICE pRawInputDevices", "UINT uiNumDevices", "UINT cbSize"], "CreateDesktopExA": ["LPCTSTR lpszDesktop", "LPCTSTR lpszDevice", "DWORD dwFlags", "ACCESS_MASK dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpsa", "ULONG ulHeapSize", "PVOID pvoid"], "DrawAnimatedRects": ["HWND hwnd", "int idAni"], "GetOpenClipboardWindow": [], "EmptyClipboard": [], "IsTopLevelWindow": ["HWND hWnd", "UINT uCmd"], "DefWindowProcW": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "KillTimer": ["opt_HWND hWnd", "UINT_PTR uIDEvent"], "TrackMouseEvent": ["LPTRACKMOUSEEVENT lpEventTrack"], "CreateDesktopExW": ["LPCTSTR lpszDesktop", "LPCTSTR lpszDevice", "DWORD dwFlags", "ACCESS_MASK dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpsa", "ULONG ulHeapSize", "PVOID pvoid"], "DefWindowProcA": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "CheckMenuRadioItem": ["HMENU hmenu", "UINT idFirst", "UINT idLast", "UINT idCheck", "UINT uFlags"], "WaitMessage": [], "GetClipboardData": ["UINT uFormat"], "ToUnicodeEx": ["UINT wVirtKey", "UINT wScanCode", "const BYTE *lpKeyState", "LPWSTR pwszBuff", "int cchBuff", "UINT wFlags", "opt_HKL dwhkl"], "IsIconic": ["HWND hWnd"], "BroadcastSystemMessage": ["DWORD dwFlags", "opt_LPDWORD lpdwRecipients", "UINT uiMessage", "WPARAM wParam", "LPARAM lParam"], "SendMessageCallbackA": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam", "SENDASYNCPROC lpCallBack", "ULONG_PTR dwData"], "InSendMessageEx": ["LPVOID lpReserved"], "EnumDisplayDevicesW": ["LPCTSTR lpDevice", "DWORD iDevNum", "PDISPLAY_DEVICE lpDisplayDevice", "DWORD dwFlags"], "IsDialogMessage": ["HWND hDlg", "LPMSG lpMsg"], "PostMessageA": ["opt_HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "EnumChildWindows": ["opt_HWND hWndParent", "WNDENUMPROC lpEnumFunc", "LPARAM lParam"], "IsWindowRedirectedForPrint": [], "GetMessageExtraInfo": [], "SetLayeredWindowAttributes": ["HWND hwnd", "COLORREF crKey", "BYTE bAlpha", "DWORD dwFlags"], "UserRealizePalette": ["HDC hdc"], "PaintMonitor": ["HMONITOR hMonitor", "HDC hdcMonitor", "LPRECT lprcMonitor", "LPARAM dwData"], "SetProcessDefaultLayout": ["DWORD dwDefaultLayout"], "SwapMouseButton": ["BOOL fSwap"], "DrawCaption": ["HWND hwnd", "HDC hdc", "LPCRECT lprc", "UINT uFlags"], "CreateWindowStationA": ["opt_LPCTSTR lpwinsta", "ACCESS_MASK dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpsa"], "GetRawInputDeviceInfoW": ["opt_HANDLE hDevice", "UINT uiCommand", "opt_LPVOID pData", "PUINT pcbSize"], "UnregisterTouchWindow": ["HWND hWnd"], "GetLastActivePopup": ["HWND hWnd"], "GetRawInputDeviceInfoA": ["opt_HANDLE hDevice", "UINT uiCommand", "opt_LPVOID pData", "PUINT pcbSize"], "CreateWindowStationW": ["opt_LPCTSTR lpwinsta", "ACCESS_MASK dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpsa"], "CreateIconIndirect": ["PICONINFO piconinfo"], "ScreenToClient": ["HWND hWnd"], "FindWindowExA": ["opt_HWND hwndParent", "opt_HWND hwndChildAfter", "opt_LPCTSTR lpszClass", "opt_LPCTSTR lpszWindow"], "EnumDisplaySettingsA": ["LPCTSTR lpszDeviceName", "DWORD iModeNum"], "GetMenuItemCount": ["opt_HMENU hMenu"], "SetActiveWindow": ["HWND hWnd"], "SetDlgItemInt": ["HWND hDlg", "int nIDDlgItem", "UINT uValue", "BOOL bSigned"], "GetRawInputBuffer": ["opt_PRAWINPUT pData", "PUINT pcbSize", "UINT cbSizeHeader"], "EnumDisplaySettingsW": ["LPCTSTR lpszDeviceName", "DWORD iModeNum"], "FindWindowExW": ["opt_LPCTSTR lpClassName", "opt_LPCTSTR lpWindowName"], "SetSystemMenu": ["int nIndex"], "CreateDialogIndirectParamW": ["opt_HINSTANCE hInstance", "LPCDLGTEMPLATE lpTemplate", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM lParamInit"], "DrawTextA": ["HDC hDC", "LPCTSTR lpchText", "int nCount", "LPRECT lpRect", "UINT uFormat"], "DrawTextExW": ["HDC hdc", "LPTSTR lpchText", "int cchText", "LPRECT lprc", "UINT dwDTFormat", "LPDRAWTEXTPARAMS lpDTParams"], "SetCursorContents": ["opt_const RECT"], "CallMsgFilter": ["LPMSG lpMsg", "int nCode"], "CreateDialogIndirectParamA": ["opt_HINSTANCE hInstance", "LPCDLGTEMPLATE lpTemplate", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM lParamInit"], "SetWinEventHook": ["UINT eventMin", "UINT eventMax", "HMODULE hmodWinEventProc", "WINEVENTPROC lpfnWinEventProc", "DWORD idProcess", "DWORD idThread", "UINT dwflags"], "MessageBeep": ["UINT uType"], "DrawTextExA": ["HDC hdc", "LPTSTR lpchText", "int cchText", "LPRECT lprc", "UINT dwDTFormat", "LPDRAWTEXTPARAMS lpDTParams"], "RemoveMenu": ["HMENU hMenu", "UINT uPosition", "UINT uFlags"], "GetWindowThreadProcessId": ["HWND hWnd", "opt_LPDWORD lpdwProcessId"], "MessageBoxExA": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType", "WORD wLanguageId"], "ShowScrollBar": ["HWND hWnd", "int wBar", "BOOL bShow"], "DefRawInputProc": ["INT nInput", "UINT cbSizeHeader"], "SendMessageW": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "GetKBCodePage": [], "MessageBoxIndirectA": ["const LPMSGBOXPARAMS lpMsgBoxParams"], "IsWindowUnicode": ["HWND hWnd"], "LoadCursorFromFileA": ["LPCTSTR lpFileName"], "WindowFromPhysicalPoint": ["POINT Point"], "CascadeChildWindows": ["opt_HWND hwndParent", "UINT wHow", "opt_const RECT *lpRect", "UINT cKids", "opt_const HWND *lpKids"], "AdjustWindowRectEx": ["LPRECT lpRect", "DWORD dwStyle", "BOOL bMenu", "DWORD dwExStyle"], "LookupIconIdFromDirectoryEx": ["PBYTE presbits", "BOOL fIcon", "int cxDesired", "int cyDesired", "UINT Flags"], "LoadCursorFromFileW": ["LPCTSTR lpFileName"], "MessageBoxIndirectW": ["const LPMSGBOXPARAMS lpMsgBoxParams"], "GetSysColor": ["int nIndex"], "DisableProcessWindowsGhosting": [], "CopyImage": ["HANDLE hImage", "UINT uType", "int cxDesired", "int cyDesired", "UINT fuFlags"], "OpenWindowStationW": ["LPTSTR lpszWinSta", "BOOL fInherit", "ACCESS_MASK dwDesiredAccess"], "GetWindowModuleFileNameA": ["HWND hwnd", "LPTSTR lpszFileName", "UINT cchFileNameMax"], "PrintWindow": [], "CreateMDIWindowW": ["LPCTSTR lpClassName", "LPCTSTR lpWindowName", "DWORD dwStyle", "int X", "int Y", "int nWidth", "int nHeight", "opt_HWND hWndParent", "opt_HINSTANCE hInstance", "LPARAM lParam"], "DdeQueryNextServer": ["HCONVLIST hConvList", "HCONV hConvPrev"], "SetDoubleClickTime": ["UINT uInterval"], "CreateMDIWindowA": ["LPCTSTR lpClassName", "LPCTSTR lpWindowName", "DWORD dwStyle", "int X", "int Y", "int nWidth", "int nHeight", "opt_HWND hWndParent", "opt_HINSTANCE hInstance", "LPARAM lParam"], "GetWindowModuleFileNameW": ["HWND hwnd", "LPTSTR lpszFileName", "UINT cchFileNameMax"], "GetMenuDefaultItem": ["HMENU hMenu", "UINT fByPos", "UINT gmdiFlags"], "ScrollChildren": [], "FrameRect": ["HDC hDC", "const RECT *lprc", "HBRUSH hbr"], "wsprintfA": ["LPTSTR lpOut", "LPCTSTR lpFmt"], "NotifyOverlayWindow": [], "CallWindowProcW": ["WNDPROC lpPrevWndFunc", "HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "UnregisterClassW": ["LPCTSTR lpClassName", "opt_HINSTANCE hInstance"], "RegisterClassA": ["const WNDCLASS *lpWndClass"], "IsChild": ["HWND hWndParent", "HWND hWnd"], "UnregisterDeviceNotification": ["HDEVNOTIFY Handle"], "CallWindowProcA": ["WNDPROC lpPrevWndFunc", "HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "MB_GetString": [], "wsprintfW": ["LPTSTR lpOut", "LPCTSTR lpFmt"], "RedrawWindow": ["HWND hWnd", "const RECT *lprcUpdate", "HRGN hrgnUpdate", "UINT flags"], "RegisterClipboardFormatA": ["LPCTSTR lpszFormat"], "GetForegroundWindow": [], "RegisterWindowMessageW": ["LPCTSTR lpString"], "DdeReconnect": ["HCONV hConv"], "LoadBitmapW": ["HINSTANCE hInstance", "LPCTSTR lpBitmapName"], "MoveWindow": ["HWND hWnd", "int X", "int Y", "int nWidth", "int nHeight", "BOOL bRepaint"], "OpenThreadDesktop": ["DWORD dwDesiredAccess", "BOOL bInheritHandle", "DWORD dwThreadId"], "OemToCharBuffW": ["LPCSTR lpszSrc", "LPTSTR lpszDst", "DWORD cchDstLength"], "SetSystemCursor": ["HCURSOR hcur", "DWORD id"], "LoadBitmapA": ["HINSTANCE hInstance", "LPCTSTR lpBitmapName"], "SetWindowPos": ["HWND hWnd", "opt_HWND hWndInsertAfter", "int X", "int Y", "int cx", "int cy", "UINT uFlags"], "CalculatePopupWindowPosition": ["const POINT *anchorPoint", "const SIZE *windowSize", "UINT flags"], "IsWindow": ["opt_HWND hWnd"], "GetRegisteredRawInputDevices": ["opt_PRAWINPUTDEVICE pRawInputDevices", "PUINT puiNumDevices", "UINT cbSize"], "DispatchMessageA": ["const MSG *lpmsg"], "SetClassLongPtrW": ["HWND hWnd", "int nIndex", "LONG_PTR dwNewLong"], "WindowFromPoint": ["POINT Point"], "DdeCreateStringHandleW": ["DWORD idInst", "LPTSTR psz", "int iCodePage"], "GetMessageTime": [], "GetGestureExtraArgs": ["HGESTUREINFO hGestureInfo", "UINT cbExtraArgs", "PBYTE pExtraArgs"], "GetClipboardSequenceNumber": [], "GetWindowWord": ["opt_LPCTSTR lpClassName", "opt_LPCTSTR lpWindowName"], "DispatchMessageW": ["const MSG *lpmsg"], "ReleaseDC": ["HWND hWnd", "HDC hDC"], "GetClassInfoA": ["opt_HINSTANCE hInstance", "LPCTSTR lpClassName", "LPWNDCLASS lpWndClass"], "LockWindowStation": [], "DefFrameProcW": ["HWND hWnd", "HWND hWndMDIClient", "UINT uMsg", "WPARAM wParam", "LPARAM lParam"], "MessageBoxExW": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType"], "GetDisplayConfigBufferSizes": ["UINT32 Flags"], "DefFrameProcA": ["HWND hWnd", "HWND hWndMDIClient", "UINT uMsg", "WPARAM wParam", "LPARAM lParam"], "SetMagnificationDesktopMagnification": [], "GetClassInfoW": ["opt_HINSTANCE hInstance", "LPCTSTR lpClassName", "LPWNDCLASS lpWndClass"], "SetWindowContextHelpId": [], "SetMenuDefaultItem": ["HMENU hMenu", "UINT uItem", "UINT fByPos"], "LoadImageW": ["opt_HINSTANCE hinst", "LPCTSTR lpszName", "UINT uType", "int cxDesired", "int cyDesired", "UINT fuLoad"], "SetLastErrorEx": ["DWORD dwErrCode", "DWORD dwType"], "CopyIcon": ["HICON hIcon"], "BlockInput": ["BOOL fBlockIt"], "GetActiveWindow": [], "ShowCursor": ["BOOL bShow"], "GetUpdateRgn": ["HWND hWnd", "HRGN hRgn", "BOOL bErase"], "MapVirtualKeyExW": ["UINT uCode", "UINT uMapType", "opt_HKL dwhkl"], "EnumPropsExW": ["HWND hWnd", "PROPENUMPROCEX lpEnumFunc", "LPARAM lParam"], "MapVirtualKeyExA": ["UINT uCode", "UINT uMapType", "opt_HKL dwhkl"], "EnumPropsExA": ["HWND hWnd", "PROPENUMPROCEX lpEnumFunc", "LPARAM lParam"], "SetWindowCompositionAttribute": ["LPCVOID pvAttribute"], "DeregisterShellHookWindow": ["HWND hWnd"], "GetMessageA": ["LPMSG lpMsg", "opt_HWND hWnd", "UINT wMsgFilterMin", "UINT wMsgFilterMax"], "GetClassInfoExW": ["opt_HINSTANCE hinst", "LPCTSTR lpszClass", "LPWNDCLASSEX lpwcx"], "SetMenuInfo": ["HMENU hmenu", "LPCMENUINFO lpcmi"], "GetCursorInfo": ["PCURSORINFO pci"], "EnumWindows": ["WNDENUMPROC lpEnumFunc", "LPARAM lParam"], "GetClassInfoExA": ["opt_HINSTANCE hinst", "LPCTSTR lpszClass", "LPWNDCLASSEX lpwcx"], "GetMessageW": ["LPMSG lpMsg", "opt_HWND hWnd", "UINT wMsgFilterMin", "UINT wMsgFilterMax"], "ShowWindow": ["HWND hWnd", "int nCmdShow"], "DrawFrameControl": ["HDC hdc", "LPRECT lprc", "UINT uType", "UINT uState"], "EnumDisplayMonitors": ["HDC hdc", "LPCRECT lprcClip", "MONITORENUMPROC lpfnEnum", "LPARAM dwData"], "GetClipboardFormatNameA": ["UINT format", "LPTSTR lpszFormatName", "int cchMaxCount"], "EnumClipboardFormats": ["UINT format"], "EnableWindow": ["HWND hWnd", "BOOL bEnable"], "SetWindowPlacement": ["HWND hWnd", "const WINDOWPLACEMENT *lpwndpl"], "LoadImageA": ["opt_HINSTANCE hinst", "LPCTSTR lpszName", "UINT uType", "int cxDesired", "int cyDesired", "UINT fuLoad"], "ShowWindowAsync": ["HWND hWnd", "int nCmdShow"], "DdeKeepStringHandle": ["DWORD idInst", "HSZ hsz"], "GetClipboardFormatNameW": ["UINT format", "LPTSTR lpszFormatName", "int cchMaxCount"], "TranslateMessage": ["const MSG *lpMsg"], "GetWindow": ["HWND hWnd", "UINT uCmd"], "CreateCursor": ["opt_HINSTANCE hInst", "int xHotSpot", "int yHotSpot", "int nWidth", "int nHeight", "const VOID *pvANDPlane", "const VOID *pvXORPlane"], "GetIconInfo": ["HICON hIcon", "PICONINFO piconinfo"], "SfmDxGetSwapChainStats": [], "SetParent": ["HWND hWndChild", "opt_HWND hWndNewParent"], "SetClipboardData": ["UINT uFormat", "opt_HANDLE hMem"], "IsCharLowerA": ["TCHAR ch"], "GetSystemMetrics": ["int nIndex"], "IsZoomed": ["HWND hWnd"], "GetWindowPlacement": ["HWND hWnd"], "DrawMenuBar": ["HWND hWnd"], "InvalidateRgn": ["HWND hWnd", "HRGN hRgn", "BOOL bErase"], "SendMessageCallbackW": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam", "SENDASYNCPROC lpCallBack", "ULONG_PTR dwData"], "IsCharLowerW": ["TCHAR ch"], "EnableMenuItem": ["HMENU hMenu", "UINT uIDEnableItem", "UINT uEnable"], "GetGestureInfo": ["HGESTUREINFO hGestureInfo", "PGESTUREINFO pGestureInfo"], "GetSubMenu": ["HMENU hMenu", "int nPos"], "EnumPropsA": ["HWND hWnd", "PROPENUMPROC lpEnumFunc"], "CreateMenu": [], "GetKeyboardLayout": ["DWORD idThread"], "SwitchToThisWindow": ["HWND hWnd", "BOOL fAltTab"], "DeferWindowPos": ["HDWP hWinPosInfo", "HWND hWnd", "opt_HWND hWndInsertAfter", "int x", "int y", "int cx", "int cy", "UINT uFlags"], "EnumPropsW": ["HWND hWnd", "PROPENUMPROC lpEnumFunc"], "GetUpdateRect": ["HWND hWnd", "LPRECT lpRect", "BOOL bErase"], "PtInRect": ["const RECT *lprc", "POINT pt"], "DragDetect": ["HWND hwnd", "POINT pt"], "MapWindowPoints": ["HWND hWndFrom", "HWND hWndTo", "LPPOINT lpPoints", "UINT cPoints"], "SendNotifyMessageA": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "GetMonitorInfoW": ["HMONITOR hMonitor", "LPMONITORINFO lpmi"], "OffsetRect": ["LPRECT lprc", "int dx", "int dy"], "GetScrollPos": ["HWND hWnd", "int nBar"], "UpdatePerUserSystemParameters": ["UINT uiAction", "UINT uiParam", "PVOID pvParam", "UINT fWinIni"], "GetMonitorInfoA": ["HMONITOR hMonitor", "LPMONITORINFO lpmi"], "ClipCursor": ["opt_const RECT *lpRect"], "SendNotifyMessageW": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "UnregisterPowerSettingNotification": ["HPOWERNOTIFY Handle"], "ChangeWindowMessageFilterEx": ["HWND hWnd", "UINT message", "DWORD action", "opt_PCHANGEFILTERSTRUCT pChangeFilterStruct"], "SendDlgItemMessageA": ["HWND hDlg", "int nIDDlgItem", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "EnumDisplaySettingsExA": ["LPCTSTR lpszDeviceName", "DWORD iModeNum", "DWORD dwFlags"], "PaintMenuBar": ["HWND hWnd"], "EnumDisplaySettingsExW": ["LPCTSTR lpszDeviceName", "DWORD iModeNum", "DWORD dwFlags"], "SendDlgItemMessageW": ["HWND hDlg", "int nIDDlgItem", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "RegisterDeviceNotificationW": ["HANDLE hRecipient", "LPVOID NotificationFilter", "DWORD Flags"], "CheckWindowThreadDesktop": ["HWND hWnd", "opt_LPDWORD lpdwProcessId"], "CheckDlgButton": ["HWND hDlg", "int nIDButton", "UINT uCheck"], "CreateDialogParamW": ["opt_HINSTANCE hInstance", "LPCTSTR lpTemplateName", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM dwInitParam"], "CreatePopupMenu": [], "CheckMenuItem": ["HMENU hmenu", "UINT uIDCheckItem", "UINT uCheck"], "GetClassLongW": ["HWND hWnd", "int nIndex"], "DdeGetLastError": ["DWORD idInst"], "CreateDialogParamA": ["opt_HINSTANCE hInstance", "LPCTSTR lpTemplateName", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM dwInitParam"], "UnloadKeyboardLayout": ["HKL hkl"], "ClientToScreen": ["HWND hWnd", "LPPOINT lpPoint"], "CloseWindowStation": ["HWINSTA hWinSta"], "GetLayeredWindowAttributes": ["HWND hwnd"], "GetKeyboardState": ["PBYTE lpKeyState"], "GetMenuStringA": ["HMENU hMenu", "UINT uIDItem", "opt_LPTSTR lpString", "int nMaxCount", "UINT uFlag"], "GetClassLongPtrW": ["HWND hWnd", "int nIndex"], "IsDlgButtonChecked": ["HWND hDlg", "int nIDButton"], "TileChildWindows": ["opt_HWND hwndParent", "UINT wHow", "opt_const RECT *lpRect", "UINT cKids", "opt_const HWND *lpKids"], "DestroyAcceleratorTable": ["HACCEL hAccel"], "CreateIconFromResourceEx": ["PBYTE pbIconBits", "DWORD cbIconBits", "BOOL fIcon", "DWORD dwVersion", "int cxDesired", "int cyDesired", "UINT uFlags"], "GetSystemMenu": ["HWND hWnd", "BOOL bRevert"], "GetClassLongPtrA": ["HWND hWnd", "int nIndex"], "GetMenuStringW": ["HMENU hMenu", "UINT uIDItem", "opt_LPTSTR lpString", "int nMaxCount", "UINT uFlag"], "EndDialog": ["HWND hDlg", "INT_PTR nResult"], "LoadMenuA": ["opt_HINSTANCE hInstance", "LPCTSTR lpMenuName"], "PrivateExtractIconsW": ["LPCTSTR lpszFile", "int nIconIndex", "int cxIcon", "int cyIcon", "UINT nIcons", "UINT flags"], "GetIconInfoExA": ["HICON hIcon", "PICONINFOEX piconinfoex"], "GetCapture": [], "EndTask": ["HWND hWnd", "BOOL fShutDown", "BOOL fForce"], "SetDeskWallpaper": ["UINT uiAction", "UINT uiParam", "PVOID pvParam", "UINT fWinIni"], "GetPropW": ["HWND hWnd", "LPCTSTR lpString"], "GetShellWindow": [], "GetIconInfoExW": ["HICON hIcon", "PICONINFOEX piconinfoex"], "PrivateExtractIconsA": ["LPCTSTR lpszFile", "int nIconIndex", "int cxIcon", "int cyIcon", "UINT nIcons", "UINT flags"], "LoadMenuW": ["opt_HINSTANCE hInstance", "LPCTSTR lpMenuName"], "ShowCaret": ["opt_HWND hWnd"], "FlashWindowEx": ["PFLASHWINFO pfwi"], "SetMenu": ["HWND hWnd", "opt_HMENU hMenu"], "DdeSetUserHandle": ["HCONV hConv", "DWORD id", "DWORD_PTR hUser"], "SetRectEmpty": ["LPRECT lprc"], "DialogBoxParamW": ["opt_HINSTANCE hInstance", "LPCTSTR lpTemplateName", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM dwInitParam"], "GetNextDlgGroupItem": ["HWND hDlg", "opt_HWND hCtl", "BOOL bPrevious"], "CascadeWindows": ["opt_HWND hwndParent", "UINT wHow", "opt_const RECT *lpRect", "UINT cKids", "opt_const HWND *lpKids"], "DialogBoxParamA": ["opt_HINSTANCE hInstance", "LPCTSTR lpTemplateName", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM dwInitParam"], "MsgWaitForMultipleObjectsEx": ["DWORD nCount", "const HANDLE *pHandles", "DWORD dwMilliseconds", "DWORD dwWakeMask", "DWORD dwFlags"], "SetClassLongPtrA": ["HWND hWnd", "int nIndex", "LONG_PTR dwNewLong"], "GetKeyState": ["int nVirtKey"], "SystemParametersInfoA": ["UINT uiAction", "UINT uiParam", "PVOID pvParam", "UINT fWinIni"], "UpdateLayeredWindow": ["HWND hwnd", "opt_HDC hdcDst", "opt_HDC hdcSrc", "COLORREF crKey", "DWORD dwFlags"], "SoundSentry": [], "SetWindowWord": ["HWND hWnd", "int nIndex", "LONG dwNewLong"], "RealGetWindowClassW": ["HWND hwnd", "LPTSTR pszType", "UINT cchType"], "GetAltTabInfoA": ["opt_HWND hwnd", "int iItem", "PALTTABINFO pati", "opt_LPTSTR pszItemText", "UINT cchItemText"], "OemKeyScan": ["WORD wOemChar"], "GetWindowLongPtrW": ["HWND hWnd", "int nIndex"], "AddClipboardFormatListener": ["HWND hwnd"], "SystemParametersInfoW": ["UINT uiAction", "UINT uiParam", "PVOID pvParam", "UINT fWinIni"], "GetWindowLongPtrA": ["HWND hWnd", "int nIndex"], "GetAltTabInfoW": ["opt_HWND hwnd", "int iItem", "PALTTABINFO pati", "opt_LPTSTR pszItemText", "UINT cchItemText"], "SendMessageTimeoutA": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "GetClassNameW": ["HWND hWnd", "LPTSTR lpClassName", "int nMaxCount"], "DefDlgProcW": ["HWND hDlg", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "TranslateMDISysAccel": ["HWND hWndClient", "LPMSG lpMsg"], "CloseDesktop": ["HDESK hDesktop"], "OpenIcon": ["HWND hWnd"], "IsRectEmpty": ["const RECT *lprc"], "GetClassNameA": ["HWND hWnd", "LPTSTR lpClassName", "int nMaxCount"], "RegisterDeviceNotificationA": ["HANDLE hRecipient", "LPVOID NotificationFilter", "DWORD Flags"], "CloseClipboard": [], "GetDlgItem": ["opt_HWND hDlg", "int nIDDlgItem"], "TranslateAcceleratorW": ["HWND hWnd", "HACCEL hAccTable", "LPMSG lpMsg"], "ReplyMessage": ["LRESULT lResult"], "RemovePropW": ["HWND hWnd", "LPCTSTR lpString"], "ChangeDisplaySettingsW": ["DWORD dwflags"], "SetWindowRgn": ["HWND hWnd", "HRGN hRgn", "BOOL bRedraw"], "GetInputState": [], "ChangeDisplaySettingsA": ["DWORD dwflags"], "PostQuitMessage": ["int nExitCode"], "GetMessagePos": [], "LockSetForegroundWindow": ["UINT uLockCode"], "GetUpdatedClipboardFormats": ["PUINT lpuiFormats", "UINT cFormats", "PUINT pcFormatsOut"], "GetGestureConfig": ["HWND hwnd", "DWORD dwReserved", "DWORD dwFlags", "PUINT pcIDs", "PGESTURECONFIG pGestureConfig", "UINT cbSize"], "CreateDesktopA": ["LPCTSTR lpszDesktop", "LPCTSTR lpszDevice", "DWORD dwFlags", "ACCESS_MASK dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpsa"], "VkKeyScanA": ["TCHAR ch"], "DdeGetData": ["HDDEDATA hData", "opt_LPBYTE pDst", "DWORD cbMax", "DWORD cbOff"], "GetClassLongA": ["HWND hWnd", "int nIndex"], "GetInputDesktop": ["DWORD dwFlags", "BOOL fInherit", "ACCESS_MASK dwDesiredAccess"], "CharToOemBuffW": ["LPCTSTR lpszSrc", "LPSTR lpszDst", "DWORD cchDstLength"], "VkKeyScanW": ["TCHAR ch"], "CreateDesktopW": ["LPCTSTR lpszDesktop", "LPCTSTR lpszDevice", "DWORD dwFlags", "ACCESS_MASK dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpsa"], "ChildWindowFromPointEx": ["HWND hwndParent", "POINT pt", "UINT uFlags"], "DdeInitializeA": ["LPDWORD pidInst", "PFNCALLBACK pfnCallback", "DWORD afCmd", "DWORD ulRes"], "GetDlgCtrlID": ["HWND hwndCtl"], "UnregisterClassA": ["LPCTSTR lpClassName", "opt_HINSTANCE hInstance"], "AnyPopup": [], "GhostWindowFromHungWindow": ["HWND hWnd"], "IsWindowEnabled": ["HWND hWnd"], "ToAscii": ["UINT uVirtKey", "UINT uScanCode", "opt_const BYTE *lpKeyState", "LPWORD lpChar", "UINT uFlags"], "DdeInitializeW": ["LPDWORD pidInst", "PFNCALLBACK pfnCallback", "DWORD afCmd", "DWORD ulRes"], "AllowSetForegroundWindow": ["DWORD dwProcessId"], "GetThreadDesktop": ["DWORD dwThreadId"], "InSendMessage": [], "LoadMenuIndirectA": ["const MENUTEMPLATE *lpMenuTemplate"], "IsClipboardFormatAvailable": ["UINT format"], "CharUpperA": ["LPTSTR lpsz"], "CopyAcceleratorTableA": ["HACCEL hAccelSrc", "opt_LPACCEL lpAccelDst", "int cAccelEntries"], "ChangeDisplaySettingsExA": ["LPCTSTR lpszDeviceName", "DWORD dwflags", "LPVOID lParam"], "DdeQueryStringW": ["DWORD idInst", "HSZ hsz", "opt_LPTSTR psz", "DWORD cchMax", "int iCodePage"], "EnumDesktopsW": ["opt_HWINSTA hwinsta", "DESKTOPENUMPROC lpEnumFunc", "LPARAM lParam"], "ChangeDisplaySettingsExW": ["LPCTSTR lpszDeviceName", "DWORD dwflags", "LPVOID lParam"], "CopyAcceleratorTableW": ["HACCEL hAccelSrc", "opt_LPACCEL lpAccelDst", "int cAccelEntries"], "LoadMenuIndirectW": ["const MENUTEMPLATE *lpMenuTemplate"], "DdeQueryStringA": ["DWORD idInst", "HSZ hsz", "opt_LPTSTR psz", "DWORD cchMax", "int iCodePage"], "DestroyWindow": ["HWND hWnd"], "DdeCmpStringHandles": ["HSZ hsz1", "HSZ hsz2"], "EqualRect": ["const RECT *lprc1", "const RECT *lprc2"], "SetClassLongW": ["HWND hWnd", "int nIndex", "LONG dwNewLong"], "SetProcessDPIAware": [], "CreateCaret": ["HWND hWnd", "opt_HBITMAP hBitmap", "int nWidth", "int nHeight"], "SetClassLongA": ["HWND hWnd", "int nIndex", "LONG dwNewLong"], "GetPropA": ["HWND hWnd", "LPCTSTR lpString"], "CharToOemBuffA": ["LPCTSTR lpszSrc", "LPSTR lpszDst", "DWORD cchDstLength"], "IsCharAlphaW": ["TCHAR ch"], "SetMessageQueue": ["opt_HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "CreateDialogIndirectParamAorW": ["BYTE bVk", "BYTE bScan", "DWORD dwFlags", "ULONG_PTR dwExtraInfo"], "CharUpperW": ["LPTSTR lpsz"], "ChildWindowFromPoint": ["HWND hWndParent", "POINT Point"], "IsCharAlphaA": ["TCHAR ch"], "SetDisplayConfig": ["UINT32 numPathArrayElements", "UINT32 numModeInfoArrayElements", "UINT32 Flags"], "DestroyCaret": [], "ActivateKeyboardLayout": ["HKL hkl", "UINT Flags"], "GetMenuBarInfo": ["HWND hwnd", "LONG idObject", "LONG idItem", "PMENUBARINFO pmbi"], "EditWndProc": ["HWND hwnd", "UINT uMsg", "WPARAM wParam", "LPARAM lParam"], "LoadStringA": ["opt_HINSTANCE hInstance", "UINT uID", "LPTSTR lpBuffer", "int nBufferMax"], "GetMenuItemRect": ["opt_HWND hWnd", "HMENU hMenu", "UINT uItem", "LPRECT lprcItem"], "AllowForegroundActivation": ["HWND hWnd"], "LoadStringW": ["opt_HINSTANCE hInstance", "UINT uID", "LPTSTR lpBuffer", "int nBufferMax"], "DdeCreateStringHandleA": ["DWORD idInst", "LPTSTR psz", "int iCodePage"], "GetKeyboardLayoutList": ["int nBuff"], "OemToCharBuffA": ["LPCSTR lpszSrc", "LPTSTR lpszDst", "DWORD cchDstLength"], "InvertRect": ["HDC hDC", "const RECT *lprc"], "CreateWindowExA": ["DWORD dwExStyle", "opt_LPCTSTR lpClassName", "opt_LPCTSTR lpWindowName", "DWORD dwStyle", "int x", "int y", "int nWidth", "int nHeight", "opt_HWND hWndParent", "opt_HMENU hMenu", "opt_HINSTANCE hInstance", "opt_LPVOID lpParam"], "MapDialogRect": ["HWND hDlg", "LPRECT lpRect"], "EnumThreadWindows": ["DWORD dwThreadId", "WNDENUMPROC lpfn", "LPARAM lParam"], "GetMagnificationDesktopMagnification": [], "CopyRect": ["LPRECT lprcDst", "const RECT *lprc"], "DdeConnect": ["DWORD idInst", "HSZ hszService", "HSZ hszTopic", "opt_PCONVCONTEXT pCC"], "CreateWindowExW": ["DWORD dwExStyle", "opt_LPCTSTR lpClassName", "opt_LPCTSTR lpWindowName", "DWORD dwStyle", "int x", "int y", "int nWidth", "int nHeight", "opt_HWND hWndParent", "opt_HMENU hMenu", "opt_HINSTANCE hInstance", "opt_LPVOID lpParam"], "GetGUIThreadInfo": ["DWORD idThread", "LPGUITHREADINFO lpgui"], "GetInternalWindowPos": ["HWND hWnd", "LPRECT lpRect"], "CharPrevA": ["LPCTSTR lpszStart", "LPCTSTR lpszCurrent"], "BeginPaint": ["HWND hwnd", "LPPAINTSTRUCT lpPaint"], "SetThreadDesktop": ["HDESK hDesktop"], "GetAltTabInfo": ["opt_HWND hwnd", "int iItem", "PALTTABINFO pati", "opt_LPTSTR pszItemText", "UINT cchItemText"], "CharNextA": ["LPCTSTR lpsz"], "CharPrevW": ["LPCTSTR lpszStart", "LPCTSTR lpszCurrent"], "SetMenuContextHelpId": [], "ToAsciiEx": ["UINT uVirtKey", "UINT uScanCode", "opt_const BYTE *lpKeyState", "LPWORD lpChar", "UINT uFlags", "opt_HKL dwhkl"], "ArrangeIconicWindows": ["HWND hWnd"], "CharLowerA": ["LPTSTR lpsz"], "SetScrollRange": ["HWND hWnd", "int nBar", "int nMinPos", "int nMaxPos", "BOOL bRedraw"], "GetWindowRect": ["HWND hWnd", "LPRECT lpRect"], "DdeAddData": ["HDDEDATA hData", "LPBYTE pSrc", "DWORD cb", "DWORD cbOff"], "DrawIcon": ["HDC hDC", "int X", "int Y", "HICON hIcon"], "CharLowerW": ["LPTSTR lpsz"], "GetProcessWindowStation": [], "SetDlgItemTextA": ["HWND hDlg", "int nIDDlgItem", "LPCTSTR lpString"], "CharToOemW": ["LPCTSTR lpszSrc", "LPSTR lpszDst"], "WINNLSEnableIME": ["HWND hwnd", "BOOL bFlag"], "SetWindowTextA": ["HWND hWnd", "opt_LPCTSTR lpString"], "GetWindowLongA": ["HWND hWnd", "int nIndex"], "GetTitleBarInfo": ["HWND hwnd", "PTITLEBARINFO pti"], "DisplayConfigGetDeviceInfo": [], "SetWindowTextW": ["HWND hWnd", "opt_LPCTSTR lpString"], "SetPhysicalCursorPos": ["int X", "int Y"], "BringWindowToTop": ["HWND hWnd"], "LoadCursorA": ["opt_HINSTANCE hInstance", "LPCTSTR lpCursorName"], "LoadIconA": ["opt_HINSTANCE hInstance", "LPCTSTR lpIconName"], "CountClipboardFormats": [], "SetWindowsHookExA": ["int idHook", "HOOKPROC lpfn", "HINSTANCE hMod", "DWORD dwThreadId"], "PostThreadMessageW": ["DWORD idThread", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "GetMenuItemInfoA": ["HMENU hMenu", "UINT uItem", "BOOL fByPosition", "LPMENUITEMINFO lpmii"], "AttachThreadInput": ["DWORD idAttach", "DWORD idAttachTo", "BOOL fAttach"], "GetSysColorBrush": ["int nIndex"], "GetMenuState": ["HMENU hMenu", "UINT uId", "UINT uFlags"], "CreateIconFromResource": ["PBYTE presbits", "DWORD dwResSize", "BOOL fIcon", "DWORD dwVer"], "LoadCursorW": ["opt_HINSTANCE hInstance", "LPCTSTR lpCursorName"], "LoadIconW": ["opt_HINSTANCE hInstance", "LPCTSTR lpIconName"], "GetDC": ["HWND hWnd"], "FlashWindow": ["HWND hWnd", "BOOL bInvert"], "SetForegroundWindow": ["HWND hWnd"], "NotifyWinEvent": ["DWORD event", "HWND hwnd", "LONG idObject", "LONG idChild"], "ExitWindowsEx": ["UINT uFlags", "DWORD dwReason"], "PostThreadMessageA": ["DWORD idThread", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "GetMenuItemInfoW": ["HMENU hMenu", "UINT uItem", "BOOL fByPosition", "LPMENUITEMINFO lpmii"], "GetCursorPos": ["LPPOINT lpPoint"], "GetCaretBlinkTime": [], "IsWinEventHookInstalled": ["DWORD event"], "RealGetWindowClass": ["HWND hwnd", "LPTSTR pszType", "UINT cchType"], "GetScrollBarInfo": ["HWND hwnd", "LONG idObject", "PSCROLLBARINFO psbi"], "GetScrollRange": ["HWND hWnd", "int nBar", "LPINT lpMinPos", "LPINT lpMaxPos"], "GetScrollInfo": ["HWND hwnd", "int fnBar", "LPSCROLLINFO lpsi"], "ShutdownBlockReasonQuery": ["HWND hWnd", "opt_LPWSTR pwszBuff"], "HideCaret": ["opt_HWND hWnd"], "FindWindowW": ["opt_LPCTSTR lpClassName", "opt_LPCTSTR lpWindowName"], "ShowOwnedPopups": ["HWND hWnd", "BOOL fShow"], "FindWindowA": ["opt_LPCTSTR lpClassName", "opt_LPCTSTR lpWindowName"], "SwitchDesktop": ["HDESK hDesktop"], "LockWorkStation": [], "DdeCreateDataHandle": ["DWORD idInst", "opt_LPBYTE pSrc", "DWORD cb", "DWORD cbOff", "opt_HSZ hszItem", "UINT wFmt", "UINT afCmd"], "BeginDeferWindowPos": ["int nNumWindows"], "RemoveClipboardFormatListener": ["HWND hwnd"], "RegisterClassExW": ["const WNDCLASSEX *lpwcx"], "LookupIconIdFromDirectory": ["PBYTE presbits", "BOOL fIcon"], "GetWindowDC": ["HWND hWnd"], "GetTouchInputInfo": ["HTOUCHINPUT hTouchInput", "UINT cInputs", "PTOUCHINPUT pInputs", "int cbSize"], "LoadKeyboardLayoutW": ["LPCTSTR pwszKLID", "UINT Flags"], "ChangeClipboardChain": ["HWND hWndRemove", "HWND hWndNewNext"], "mouse_event": ["DWORD dwFlags", "DWORD dx", "DWORD dy", "DWORD dwData", "ULONG_PTR dwExtraInfo"], "GetClassWord": ["HWND hWnd", "int nIndex"], "LoadKeyboardLayoutA": ["LPCTSTR pwszKLID", "UINT Flags"], "keybd_event": ["BYTE bVk", "BYTE bScan", "DWORD dwFlags", "ULONG_PTR dwExtraInfo"], "RegisterClipboardFormatW": ["LPCTSTR lpszFormat"], "RegisterClassExA": ["const WNDCLASSEX *lpwcx"], "GetWindowRgn": ["HWND hWnd", "HRGN hRgn"], "MenuItemFromPoint": ["opt_HWND hWnd", "HMENU hMenu", "POINT ptScreen"], "SetClassWord": ["HWND hWnd", "int nIndex", "WORD wNewWord"], "DestroyIcon": ["HICON hIcon"], "GetKeyNameTextA": ["LONG lParam", "LPTSTR lpString", "int cchSize"], "IsWindowVisible": ["HWND hWnd"], "TileWindows": ["opt_HWND hwndParent", "UINT wHow", "opt_const RECT *lpRect", "UINT cKids", "opt_const HWND *lpKids"], "SubtractRect": ["LPRECT lprcDst", "const RECT *lprcSrc1", "const RECT *lprcSrc2"], "GetWindowInfo": ["HWND hwnd", "PWINDOWINFO pwi"], "MessageBoxW": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType"], "UnionRect": ["LPRECT lprcDst", "const RECT *lprcSrc1", "const RECT *lprcSrc2"], "ShutdownBlockReasonDestroy": ["HWND hWnd"], "GetKeyNameTextW": ["LONG lParam", "LPTSTR lpString", "int cchSize"], "CreateAcceleratorTableA": ["LPACCEL lpaccl", "int cEntries"], "IsCharUpperA": ["TCHAR ch"], "TranslateAcceleratorA": ["HWND hWnd", "HACCEL hAccTable", "LPMSG lpMsg"], "DefDlgProcA": ["HWND hDlg", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "AdjustWindowRect": ["LPRECT lpRect", "DWORD dwStyle", "BOOL bMenu"], "CreateIcon": ["opt_HINSTANCE hInstance", "int nWidth", "int nHeight", "BYTE cPlanes", "BYTE cBitsPixel", "const BYTE *lpbANDbits", "const BYTE *lpbXORbits"], "IsCharUpperW": ["TCHAR ch"], "GetFocus": [], "CloseTouchInputHandle": ["HTOUCHINPUT hTouchInput"], "GetAncestor": ["HWND hwnd", "UINT gaFlags"], "UnhookWindowsHookEx": ["HHOOK hhk"], "SetCursor": ["opt_HCURSOR hCursor"], "SetFocus": ["opt_HWND hWnd"], "EnumWindowStationsA": ["WINSTAENUMPROC lpEnumFunc", "LPARAM lParam"], "EnumDesktopsA": ["opt_HWINSTA hwinsta", "DESKTOPENUMPROC lpEnumFunc", "LPARAM lParam"], "VkKeyScanExW": ["TCHAR ch", "HKL dwhkl"], "UnregisterHotKey": ["opt_HWND hWnd", "int id"], "DrawStateA": ["HDC hdc", "HBRUSH hbr", "DRAWSTATEPROC lpOutputFunc", "LPARAM lData", "WPARAM wData", "int x", "int y", "int cx", "int cy", "UINT fuFlags"], "MessageBoxTimeoutW": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType"], "BroadcastSystemMessageA": ["DWORD dwFlags", "opt_LPDWORD lpdwRecipients", "UINT uiMessage", "WPARAM wParam", "LPARAM lParam"], "EnableScrollBar": ["HWND hWnd", "UINT wSBflags", "UINT wArrows"], "EnumWindowStationsW": ["WINSTAENUMPROC lpEnumFunc", "LPARAM lParam"], "SetUserObjectInformationA": ["HANDLE hObj", "int nIndex", "PVOID pvInfo", "DWORD nLength"], "MessageBoxTimeoutA": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType"], "BroadcastSystemMessageW": ["DWORD dwFlags", "opt_LPDWORD lpdwRecipients", "UINT uiMessage", "WPARAM wParam", "LPARAM lParam"], "DrawStateW": ["HDC hdc", "HBRUSH hbr", "DRAWSTATEPROC lpOutputFunc", "LPARAM lData", "WPARAM wData", "int x", "int y", "int cx", "int cy", "UINT fuFlags"], "DdeImpersonateClient": ["HCONV hConv"], "GetClipboardViewer": [], "SetScrollPos": ["HWND hWnd", "int nBar", "int nPos", "BOOL bRedraw"], "DlgDirSelectComboBoxExA": ["HWND hDlg", "LPTSTR lpString", "int nCount", "int nIDComboBox"], "GrayStringW": ["HDC hDC", "HBRUSH hBrush", "GRAYSTRINGPROC lpOutputFunc", "LPARAM lpData", "int nCount", "int X", "int Y", "int nWidth", "int nHeight"], "EndPaint": ["HWND hWnd", "const PAINTSTRUCT *lpPaint"], "ScrollWindowEx": ["HWND hWnd", "int dx", "int dy", "const RECT *prcScroll", "const RECT *prcClip", "HRGN hrgnUpdate", "LPRECT prcUpdate", "UINT flags"], "MessageBoxA": ["opt_HWND hWnd", "opt_LPCTSTR lpText", "opt_LPCTSTR lpCaption", "UINT uType"], "GrayStringA": ["HDC hDC", "HBRUSH hBrush", "GRAYSTRINGPROC lpOutputFunc", "LPARAM lpData", "int nCount", "int X", "int Y", "int nWidth", "int nHeight"], "DlgDirSelectComboBoxExW": ["HWND hDlg", "LPTSTR lpString", "int nCount", "int nIDComboBox"], "SetCaretBlinkTime": ["UINT uMSeconds"], "OpenWindowStationA": ["LPTSTR lpszWinSta", "BOOL fInherit", "ACCESS_MASK dwDesiredAccess"], "GetMenuItemID": ["HMENU hMenu", "int nPos"], "GetAsyncKeyState": ["int vKey"], "CharLowerBuffW": ["LPTSTR lpsz", "DWORD cchLength"], "GetClipCursor": ["LPRECT lpRect"], "SetUserObjectInformationW": ["HANDLE hObj", "int nIndex", "PVOID pvInfo", "DWORD nLength"], "SetCaretPos": ["int X", "int Y"], "PackDDElParam": ["UINT msg", "UINT_PTR uiLo", "UINT_PTR uiHi"], "CharLowerBuffA": ["LPTSTR lpsz", "DWORD cchLength"], "CharPrevExA": ["WORD CodePage", "LPCSTR lpStart", "LPCSTR lpCurrentChar", "DWORD dwFlags"], "LoadAcceleratorsA": ["opt_HINSTANCE hInstance", "LPCTSTR lpTableName"], "GetWindowTextLengthA": ["HWND hWnd"], "RegisterClassW": ["const WNDCLASS *lpWndClass"], "GetTopWindow": ["opt_HWND hWnd"], "RegisterHotKey": ["opt_HWND hWnd", "int id", "UINT fsModifiers", "UINT vk"], "GetWindowTextW": ["HWND hWnd", "LPTSTR lpString", "int nMaxCount"], "DdeConnectList": ["DWORD idInst", "HSZ hszService", "HSZ hszTopic", "HCONVLIST hConvList", "opt_PCONVCONTEXT pCC"], "ExcludeUpdateRgn": ["HDC hDC", "HWND hWnd"], "GetWindowTextLengthW": ["HWND hWnd"], "LoadAcceleratorsW": ["opt_HINSTANCE hInstance", "LPCTSTR lpTableName"], "ScrollWindow": ["HWND hWnd", "int XAmount", "int YAmount", "const RECT *lprcSrc1", "const RECT *lprcSrc2"], "GetWindowTextA": ["HWND hWnd", "LPTSTR lpString", "int nMaxCount"], "CloseGestureInfoHandle": [], "UnpackDDElParam": ["UINT msg", "LPARAM lParam", "PUINT_PTR puiLo", "PUINT_PTR puiHi"], "LoadKeyboardLayoutEx": [], "GetParent": ["HWND hWnd"], "GetWindowModuleFileName": ["HWND hwnd", "LPTSTR lpszFileName", "UINT cchFileNameMax"], "IsProcessDPIAware": [], "CallMsgFilterA": ["LPMSG lpMsg", "int nCode"], "UpdateLayeredWindowIndirect": ["HWND hwnd", "const UPDATELAYEREDWINDOWINFO *pULWInfo"], "CheckRadioButton": ["HWND hDlg", "int nIDFirstButton", "int nIDLastButton", "int nIDCheckButton"], "SetSysColors": ["int cElements", "const INT *lpaElements", "const COLORREF *lpaRgbValues"], "GetRawInputDeviceList": ["opt_PRAWINPUTDEVICELIST pRawInputDeviceList", "PUINT puiNumDevices", "UINT cbSize"], "CallMsgFilterW": ["LPMSG lpMsg", "int nCode"], "SetPropW": ["HWND hWnd", "LPCTSTR lpString", "opt_HANDLE hData"], "GetClipboardOwner": [], "GetTabbedTextExtentA": ["HDC hDC", "LPCTSTR lpString", "int nCount", "int nTabPositions", "const LPINT lpnTabStopPositions"], "RegisterPowerSettingNotification": ["HANDLE hRecipient", "LPCGUID PowerSettingGuid", "DWORD Flags"], "WinHelpA": [], "SetClipboardViewer": ["HWND hWndNewViewer"], "GetTabbedTextExtentW": ["HDC hDC", "LPCTSTR lpString", "int nCount", "int nTabPositions", "const LPINT lpnTabStopPositions"], "CharNextExA": ["WORD CodePage", "LPCSTR lpCurrentChar", "DWORD dwFlags"], "PaintDesktop": ["HDC hdc"], "DdeQueryConvInfo": ["HCONV hConv", "DWORD idTransaction", "PCONVINFO pConvInfo"], "EnumDisplayDevicesA": ["LPCTSTR lpDevice", "DWORD iDevNum", "PDISPLAY_DEVICE lpDisplayDevice", "DWORD dwFlags"], "QueryDisplayConfig": ["UINT32 Flags"], "WinHelpW": [], "IsHungAppWindow": ["HWND hWnd"], "BroadcastSystemMessageExA": ["DWORD dwFlags", "opt_LPDWORD lpdwRecipients", "UINT uiMessage", "WPARAM wParam", "LPARAM lParam", "opt_PBSMINFO pBSMInfo"], "TabbedTextOutA": ["HDC hDC", "int X", "int Y", "LPCTSTR lpString", "int nCount", "int nTabPositions", "const LPINT lpnTabStopPositions", "int nTabOrigin"], "DrawFocusRect": ["HDC hDC", "const RECT *lprc"], "GetDCEx": ["HWND hWnd", "HRGN hrgnClip", "DWORD flags"], "DdeClientTransaction": ["opt_LPBYTE pData", "DWORD cbData", "HCONV hConv", "opt_HSZ hszItem", "UINT wFmt", "UINT wType", "DWORD dwTimeout", "opt_LPDWORD pdwResult"], "IsDialogMessageW": ["HWND hDlg", "LPMSG lpMsg"], "GetMenuContextHelpId": [], "GetDialogBaseUnits": [], "DdeNameService": ["DWORD idInst", "opt_HSZ hsz1", "opt_HSZ hsz2", "UINT afCmd"], "ToUnicode": ["UINT wVirtKey", "UINT wScanCode", "opt_const BYTE *lpKeyState", "LPWSTR pwszBuff", "int cchBuff", "UINT wFlags"], "TabbedTextOutW": ["HDC hDC", "int X", "int Y", "LPCTSTR lpString", "int nCount", "int nTabPositions", "const LPINT lpnTabStopPositions", "int nTabOrigin"], "GetWindowRgnBox": ["HWND hWnd", "LPRECT lprc"], "GetUserObjectSecurity": ["HANDLE hObj", "PSECURITY_INFORMATION pSIRequested", "opt_PSECURITY_DESCRIPTOR pSD", "DWORD nLength", "LPDWORD lpnLengthNeeded"], "IsDialogMessageA": ["HWND hDlg", "LPMSG lpMsg"], "DdeAbandonTransaction": ["DWORD idInst", "HCONV hConv", "DWORD idTransaction"], "SetWindowLongPtrW": ["HWND hWnd", "int nIndex", "LONG_PTR dwNewLong"], "MapVirtualKeyA": ["UINT uCode", "UINT uMapType"], "OpenInputDesktop": ["DWORD dwFlags", "BOOL fInherit", "ACCESS_MASK dwDesiredAccess"], "LockWindowUpdate": ["HWND hWndLock"], "GetKeyboardLayoutNameA": ["LPTSTR pwszKLID"], "DefMDIChildProcW": ["HWND hWnd", "UINT uMsg", "WPARAM wParam", "LPARAM lParam"], "GetMouseMovePointsEx": ["UINT cbSize", "LPMOUSEMOVEPOINT lppt", "LPMOUSEMOVEPOINT lpptBuf", "int nBufPoints", "DWORD resolution"], "GetKeyboardLayoutNameW": ["LPTSTR pwszKLID"], "SetWindowLongPtrA": ["HWND hWnd", "int nIndex", "LONG_PTR dwNewLong"], "MapVirtualKeyW": ["UINT uCode", "UINT uMapType"], "GetComboBoxInfo": ["HWND hwndCombo", "PCOMBOBOXINFO pcbi"], "RegisterWindowMessageA": ["LPCTSTR lpString"], "DefMDIChildProcA": ["HWND hWnd", "UINT uMsg", "WPARAM wParam", "LPARAM lParam"], "ReuseDDElParam": ["LPARAM lParam", "UINT msgIn", "UINT msgOut", "UINT_PTR uiLo", "UINT_PTR uiHi"], "SetWindowLongW": ["HWND hWnd", "int nIndex", "LONG dwNewLong"], "InflateRect": ["LPRECT lprc", "int dx", "int dy"], "SetCapture": ["HWND hWnd"], "ReleaseCapture": [], "IsMenu": ["HMENU hMenu"], "SetPropA": ["HWND hWnd", "LPCTSTR lpString", "opt_HANDLE hData"], "IsGUIThread": ["BOOL bConvert"], "SetWindowLongA": ["HWND hWnd", "int nIndex", "LONG dwNewLong"], "SetProcessWindowStation": ["HWINSTA hWinSta"], "SetKeyboardState": ["LPBYTE lpKeyState"], "MonitorFromRect": ["LPCRECT lprc", "DWORD dwFlags"], "RemovePropA": ["HWND hWnd", "LPCTSTR lpString"], "DrawIconEx": ["HDC hdc", "int xLeft", "int yTop", "HICON hIcon", "int cxWidth", "int cyWidth", "UINT istepIfAniCur", "opt_HBRUSH hbrFlickerFreeDraw", "UINT diFlags"], "GetRawInputData": ["HRAWINPUT hRawInput", "UINT uiCommand", "opt_LPVOID pData", "PUINT pcbSize", "UINT cbSizeHeader"], "GetMenuCheckMarkDimensions": [], "SetDlgItemTextW": ["HWND hDlg", "int nIDDlgItem", "LPCTSTR lpString"], "PostMessageW": ["opt_HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam"], "InsertMenuA": ["HMENU hMenu", "UINT uPosition", "UINT uFlags", "UINT_PTR uIDNewItem", "opt_LPCTSTR lpNewItem"], "SetGestureConfig": ["HWND hwnd", "DWORD dwReserved", "UINT cIDs", "PGESTURECONFIG pGestureConfig", "UINT cbSize"], "DialogBoxIndirectParamW": ["opt_HINSTANCE hInstance", "LPCDLGTEMPLATE hDialogTemplate", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM dwInitParam"], "DdeUninitialize": ["DWORD idInst"], "InsertMenuW": ["HMENU hMenu", "UINT uPosition", "UINT uFlags", "UINT_PTR uIDNewItem", "opt_LPCTSTR lpNewItem"], "SetWindowDisplayAffinity": ["HWND hWnd", "DWORD dwAffinity"], "DialogBoxIndirectParamA": ["opt_HINSTANCE hInstance", "LPCDLGTEMPLATE hDialogTemplate", "opt_HWND hWndParent", "opt_DLGPROC lpDialogFunc", "LPARAM dwInitParam"], "OpenClipboard": ["opt_HWND hWndNewOwner"], "IntersectRect": ["LPRECT lprcDst", "const RECT *lprcSrc1", "const RECT *lprcSrc2"], "SendInput": ["UINT nInputs", "LPINPUT pInputs", "int cbSize"], "GetCaretPos": ["LPPOINT lpPoint"], "wvsprintfW": ["LPTSTR lpOutput", "LPCTSTR lpFmt", "va_list arglist"], "HiliteMenuItem": ["HWND hwnd", "HMENU hmenu", "UINT uItemHilite", "UINT uHilite"], "GetLastInputInfo": ["PLASTINPUTINFO plii"], "AppendMenuA": ["HMENU hMenu", "UINT uFlags", "UINT_PTR uIDNewItem", "opt_LPCTSTR lpNewItem"], "SetWindowsHookA": ["int idHook", "HOOKPROC lpfn", "HINSTANCE hMod", "DWORD dwThreadId"], "DdePostAdvise": ["DWORD idInst", "HSZ hszTopic", "HSZ hszItem"], "AppendMenuW": ["HMENU hMenu", "UINT uFlags", "UINT_PTR uIDNewItem", "opt_LPCTSTR lpNewItem"], "WindowFromDC": ["HDC hDC"], "DestroyCursor": ["HCURSOR hCursor"], "wvsprintfA": ["LPTSTR lpOutput", "LPCTSTR lpFmt", "va_list arglist"], "SendMessageTimeoutW": ["HWND hWnd", "UINT Msg", "WPARAM wParam", "LPARAM lParam", "UINT fuFlags", "UINT uTimeout", "opt_PDWORD_PTR lpdwResult"], "SetScrollInfo": ["HWND hwnd", "int fnBar", "LPCSCROLLINFO lpsi", "BOOL fRedraw"], "EndDeferWindowPos": ["HDWP hWinPosInfo"], "IsCharAlphaNumericA": ["TCHAR ch"], "GetProcessDefaultLayout": [], "GetDoubleClickTime": [], "GetListBoxInfo": ["HWND hwnd"], "CancelShutdown": ["opt_LPTSTR lpMachineName"], "ShutdownBlockReasonCreate": ["HWND hWnd", "LPCWSTR pwszReason"], "CharToOemA": ["LPCTSTR lpszSrc", "LPSTR lpszDst"], "SetCursorPos": ["int X", "int Y"], "IsCharAlphaNumericW": ["TCHAR ch"], "ValidateRgn": ["HWND hWnd", "HRGN hRgn"], "MonitorFromWindow": ["HWND hwnd", "DWORD dwFlags"], "SetRect": ["LPRECT lprc", "int xLeft", "int yTop", "int xRight", "int yBottom"], "DeleteMenu": ["HMENU hMenu", "UINT uPosition", "UINT uFlags"], "InvalidateRect": ["HWND hWnd", "const RECT *lpRect", "BOOL bErase"], "AnimateWindow": ["HWND hwnd", "DWORD dwTime", "DWORD dwFlags"], "ImpersonateDdeClientWindow": ["HWND hWndClient", "HWND hWndServer"], "TranslateAccelerator": ["HWND hWnd", "HACCEL hAccTable", "LPMSG lpMsg"], "ModifyMenuW": ["HMENU hMnu", "UINT uPosition", "UINT uFlags", "UINT_PTR uIDNewItem", "opt_LPCTSTR lpNewItem"], "ValidateRect": ["HWND hWnd", "const RECT *lpRect"], "GetCursor": [], "LogicalToPhysicalPoint": ["HWND hWnd", "LPPOINT lpPoint"], "ModifyMenuA": ["HMENU hMnu", "UINT uPosition", "UINT uFlags", "UINT_PTR uIDNewItem", "opt_LPCTSTR lpNewItem"], "GetKeyboardType": ["int nTypeFlag"]} 2 | -------------------------------------------------------------------------------- /data/windows/ADVAPI32.json: -------------------------------------------------------------------------------- 1 | {"RegLoadMUIStringW": ["HKEY hKey", "opt_LPCTSTR pszValue", "opt_LPTSTR pszOutBuf", "DWORD cbOutBuf", "opt_LPDWORD pcbData", "DWORD Flags", "opt_LPCTSTR pszDirectory"], "RegRestoreKeyA": ["HKEY hKey", "LPCTSTR lpFile", "DWORD dwFlags"], "AccessCheckByTypeResultListAndAuditAlarmA": ["LPCTSTR SubsystemName", "LPVOID HandleId", "LPCTSTR ObjectTypeName", "opt_LPCTSTR ObjectName", "PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID PrincipalSelfSid", "DWORD DesiredAccess", "AUDIT_EVENT_TYPE AuditType", "DWORD Flags", "opt_POBJECT_TYPE_LIST ObjectTypeList", "DWORD ObjectTypeListLength", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPDWORD AccessStatusList", "LPBOOL pfGenerateOnClose"], "CreatePrivateObjectSecurity": ["opt_PSECURITY_DESCRIPTOR ParentDescriptor", "opt_PSECURITY_DESCRIPTOR CreatorDescriptor", "BOOL IsDirectoryObject", "opt_HANDLE Token", "PGENERIC_MAPPING GenericMapping"], "ConvertSidToStringSidW": ["PSID Sid"], "AccessCheckByType": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID PrincipalSelfSid", "HANDLE ClientToken", "DWORD DesiredAccess", "opt_POBJECT_TYPE_LIST ObjectTypeList", "DWORD ObjectTypeListLength", "PGENERIC_MAPPING GenericMapping", "opt_PPRIVILEGE_SET PrivilegeSet", "LPDWORD PrivilegeSetLength", "LPDWORD GrantedAccess", "LPBOOL AccessStatus"], "CryptEncrypt": ["HCRYPTKEY hKey", "HCRYPTHASH hHash", "BOOL Final", "DWORD dwFlags", "DWORD dwBufLen"], "RegSetKeySecurity": ["HKEY hKey", "SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR pSecurityDescriptor"], "AccessCheckByTypeResultListAndAuditAlarmW": ["LPCTSTR SubsystemName", "LPVOID HandleId", "LPCTSTR ObjectTypeName", "opt_LPCTSTR ObjectName", "PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID PrincipalSelfSid", "DWORD DesiredAccess", "AUDIT_EVENT_TYPE AuditType", "DWORD Flags", "opt_POBJECT_TYPE_LIST ObjectTypeList", "DWORD ObjectTypeListLength", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPDWORD AccessStatusList", "LPBOOL pfGenerateOnClose"], "RegLoadMUIStringA": ["HKEY hKey", "opt_LPCTSTR pszValue", "opt_LPTSTR pszOutBuf", "DWORD cbOutBuf", "opt_LPDWORD pcbData", "DWORD Flags", "opt_LPCTSTR pszDirectory"], "SaferRecordEventLogEntry": ["SAFER_LEVEL_HANDLE hLevel", "LPCWSTR szTargetPath", "LPVOID lpReserved"], "ConvertSidToStringSidA": ["PSID Sid"], "RegEnableReflectionKey": ["HKEY hBase"], "AuditQuerySystemPolicy": ["const GUID *pSubCategoryGuids", "ULONG PolicyCount"], "LsaQueryForestTrustInformation": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING TrustedDomainName"], "CryptHashSessionKey": ["HCRYPTHASH hHash", "HCRYPTKEY hKey", "DWORD dwFlags"], "GetSecurityDescriptorGroup": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "LPBOOL lpbGroupDefaulted"], "AuditEnumerateSubCategories": ["const GUID *pSubCategoryGuids", "BOOLEAN bRetrieveAllSubCategories", "PULONG pCountReturned"], "LsaRemoveAccountRights": ["LSA_HANDLE PolicyHandle", "PSID AccountSid", "BOOLEAN AllRights", "PLSA_UNICODE_STRING UserRights", "ULONG CountOfRights"], "SetSecurityAccessMask": ["SECURITY_INFORMATION SecurityInformation", "LPDWORD DesiredAccess"], "GetTrusteeFormA": ["PTRUSTEE pTrustee"], "GetFileSecurityA": ["LPCTSTR lpFileName", "SECURITY_INFORMATION RequestedInformation", "opt_PSECURITY_DESCRIPTOR pSecurityDescriptor", "DWORD nLength", "LPDWORD lpnLengthNeeded"], "BuildSecurityDescriptorA": ["opt_PTRUSTEE pOwner", "opt_PTRUSTEE pGroup", "ULONG cCountOfAccessEntries", "opt_PEXPLICIT_ACCESS pListOfAccessEntries", "ULONG cCountOfAuditEntries", "opt_PEXPLICIT_ACCESS pListOfAuditEntries", "opt_PSECURITY_DESCRIPTOR pOldSD", "PULONG pSizeNewSD"], "GetUserNameW": ["LPTSTR lpBuffer", "LPDWORD lpnSize"], "AuditQuerySecurity": ["SECURITY_INFORMATION SecurityInformation"], "RegEnumValueW": ["HKEY hKey", "DWORD dwIndex", "LPTSTR lpValueName", "LPDWORD lpcchValueName", "LPDWORD lpReserved", "opt_LPDWORD lpType", "opt_LPBYTE lpData", "opt_LPDWORD lpcbData"], "EqualDomainSid": ["PSID pSid1", "PSID pSid2"], "GetUserNameA": ["LPTSTR lpBuffer", "LPDWORD lpnSize"], "BuildSecurityDescriptorW": ["opt_PTRUSTEE pOwner", "opt_PTRUSTEE pGroup", "ULONG cCountOfAccessEntries", "opt_PEXPLICIT_ACCESS pListOfAccessEntries", "ULONG cCountOfAuditEntries", "opt_PEXPLICIT_ACCESS pListOfAuditEntries", "opt_PSECURITY_DESCRIPTOR pOldSD", "PULONG pSizeNewSD"], "AuditComputeEffectivePolicyByToken": ["HANDLE hTokenHandle", "const GUID *pSubCategoryGuids", "ULONG PolicyCount"], "RegRestoreKeyW": ["HKEY hKey", "LPCTSTR lpFile", "DWORD dwFlags"], "StartServiceW": ["SC_HANDLE hService", "DWORD dwNumServiceArgs"], "RegCopyTreeW": ["HKEY hKeySrc", "opt_LPCTSTR lpSubKey", "HKEY hKeyDest"], "LsaQueryInformationPolicy": ["LSA_HANDLE PolicyHandle", "POLICY_INFORMATION_CLASS InformationClass"], "LsaLookupNames2": ["LSA_HANDLE PolicyHandle", "ULONG Flags", "ULONG Count", "PLSA_UNICODE_STRING Names"], "AuditSetPerUserPolicy": ["const PSID pSid", "PCAUDIT_POLICY_INFORMATION pAuditPolicy", "ULONG PolicyCount"], "PerfQueryCounterData": ["HANDLE hQuery", "opt_PPERF_DATA_HEADER pCounterBlock", "LPDWORD pcbCounterBlockActual"], "AuditLookupCategoryGuidFromCategoryId": ["POLICY_AUDIT_EVENT_TYPE AuditCategoryId"], "PerfStartProviderEx": ["LPGUID ProviderGuid", "opt_PPERF_PROVIDER_CONTEXT ProviderContext"], "LsaSetTrustedDomainInfoByName": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING TrustedDomainName", "TRUSTED_INFORMATION_CLASS InformationClass", "PVOID Buffer"], "RegCopyTreeA": ["HKEY hKeySrc", "opt_LPCTSTR lpSubKey", "HKEY hKeyDest"], "OpenTraceA": ["PEVENT_TRACE_LOGFILE Logfile"], "SaferiSearchMatchingHashRules": ["opt_ALG_ID HashAlgorithm", "PBYTE pHashBytes", "DWORD dwHashSize", "opt_DWORD dwOriginalImageSize", "PDWORD pdwFoundLevel"], "RegCreateKeyExW": ["HKEY hKey", "LPCTSTR lpSubKey", "DWORD Reserved", "opt_LPTSTR lpClass", "DWORD dwOptions", "REGSAM samDesired", "opt_LPSECURITY_ATTRIBUTES lpSecurityAttributes", "PHKEY phkResult", "opt_LPDWORD lpdwDisposition"], "AdjustTokenGroups": ["HANDLE TokenHandle", "BOOL ResetToDefault", "opt_PTOKEN_GROUPS NewState", "DWORD BufferLength", "opt_PTOKEN_GROUPS PreviousState", "opt_PDWORD ReturnLength"], "OpenServiceA": ["SC_HANDLE hSCManager", "LPCTSTR lpServiceName", "DWORD dwDesiredAccess"], "UnregisterTraceGuids": ["TRACEHANDLE RegistrationHandle"], "RegQueryValueExA": ["HKEY hKey", "opt_LPCTSTR lpValueName", "LPDWORD lpReserved", "opt_LPDWORD lpType", "opt_LPBYTE lpData", "opt_LPDWORD lpcbData"], "MD5Update": ["UNSIGNED CHAR"], "OpenServiceW": ["SC_HANDLE hSCManager", "LPCTSTR lpServiceName", "DWORD dwDesiredAccess"], "AllocateAndInitializeSid": ["PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority", "BYTE nSubAuthorityCount", "DWORD dwSubAuthority0", "DWORD dwSubAuthority1", "DWORD dwSubAuthority2", "DWORD dwSubAuthority3", "DWORD dwSubAuthority4", "DWORD dwSubAuthority5", "DWORD dwSubAuthority6", "DWORD dwSubAuthority7"], "RegCreateKeyExA": ["HKEY hKey", "LPCTSTR lpSubKey", "DWORD Reserved", "opt_LPTSTR lpClass", "DWORD dwOptions", "REGSAM samDesired", "opt_LPSECURITY_ATTRIBUTES lpSecurityAttributes", "PHKEY phkResult", "opt_LPDWORD lpdwDisposition"], "LogonUserExExW": ["LPTSTR lpszUsername", "opt_LPTSTR lpszDomain", "opt_LPTSTR lpszPassword", "DWORD dwLogonType", "DWORD dwLogonProvider", "opt_PTOKEN_GROUPS pTokenGroups", "opt_PHANDLE phToken", "opt_LPDWORD pdwProfileLength", "opt_PQUOTA_LIMITS pQuotaLimits"], "RegSetValueW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD dwType", "LPCTSTR lpData", "DWORD cbData"], "GetSecurityInfo": ["HANDLE handle", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo"], "RegQueryValueExW": ["HKEY hKey", "opt_LPCTSTR lpValueName", "LPDWORD lpReserved", "opt_LPDWORD lpType", "opt_LPBYTE lpData", "opt_LPDWORD lpcbData"], "SetSecurityDescriptorDacl": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "BOOL bDaclPresent", "opt_PACL pDacl", "BOOL bDaclDefaulted"], "StartTraceW": ["PTRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "GetSidSubAuthority": ["PSID pSid", "DWORD nSubAuthority"], "ConvertStringSecurityDescriptorToSecurityDescriptorW": ["LPCTSTR StringSecurityDescriptor", "DWORD StringSDRevision", "PULONG SecurityDescriptorSize"], "RegisterEventSourceW": ["LPCTSTR lpUNCServerName", "LPCTSTR lpSourceName"], "RegLoadAppKeyA": ["LPCTSTR lpFile", "PHKEY phkResult", "REGSAM samDesired", "DWORD dwOptions", "DWORD Reserved"], "CryptEnumProviderTypesW": ["DWORD dwIndex", "DWORD dwFlags", "LPTSTR pszTypeName"], "StartServiceA": ["SC_HANDLE hService", "DWORD dwNumServiceArgs"], "ClearEventLogW": ["HANDLE hEventLog", "LPCTSTR lpBackupFileName"], "RegLoadAppKeyW": ["LPCTSTR lpFile", "PHKEY phkResult", "REGSAM samDesired", "DWORD dwOptions", "DWORD Reserved"], "ConvertStringSecurityDescriptorToSecurityDescriptorA": ["LPCTSTR StringSecurityDescriptor", "DWORD StringSDRevision", "PULONG SecurityDescriptorSize"], "CryptEnumProvidersA": ["DWORD dwIndex", "DWORD dwFlags", "LPTSTR pszProvName"], "CredReadDomainCredentialsA": ["PCREDENTIAL_TARGET_INFORMATION TargetInfo", "DWORD Flags"], "StartTraceA": ["PTRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "ClearEventLogA": ["HANDLE hEventLog", "LPCTSTR lpBackupFileName"], "EnableTraceEx": ["LPCGUID ProviderId", "opt_LPCGUID SourceId", "TRACEHANDLE TraceHandle", "ULONG IsEnabled", "UCHAR Level", "ULONGLONG MatchAnyKeyword", "ULONGLONG MatchAllKeyword", "ULONG EnableProperty", "opt_PEVENT_FILTER_DESCRIPTOR EnableFilterDesc"], "CryptEnumProviderTypesA": ["DWORD dwIndex", "DWORD dwFlags", "LPTSTR pszTypeName"], "TreeSetNamedSecurityInfoW": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID pOwner", "opt_PSID pGroup", "opt_PACL pDacl", "opt_PACL pSacl", "DWORD dwAction", "FN_PROGRESS fnProgress", "PROG_INVOKE_SETTING ProgressInvokeSetting", "opt_PVOID Args"], "CreateProcessAsUserA": ["opt_HANDLE hToken", "opt_LPCTSTR lpApplicationName", "opt_LPTSTR lpCommandLine", "opt_LPSECURITY_ATTRIBUTES lpProcessAttributes", "opt_LPSECURITY_ATTRIBUTES lpThreadAttributes", "BOOL bInheritHandles", "DWORD dwCreationFlags", "opt_LPVOID lpEnvironment", "opt_LPCTSTR lpCurrentDirectory", "LPSTARTUPINFO lpStartupInfo", "LPPROCESS_INFORMATION lpProcessInformation"], "IsTextUnicode": ["const VOID *lpv", "int iSize", "opt_LPINT lpiResult"], "CreateProcessAsUserW": ["opt_HANDLE hToken", "opt_LPCTSTR lpApplicationName", "opt_LPTSTR lpCommandLine", "opt_LPSECURITY_ATTRIBUTES lpProcessAttributes", "opt_LPSECURITY_ATTRIBUTES lpThreadAttributes", "BOOL bInheritHandles", "DWORD dwCreationFlags", "opt_LPVOID lpEnvironment", "opt_LPCTSTR lpCurrentDirectory", "LPSTARTUPINFO lpStartupInfo", "LPPROCESS_INFORMATION lpProcessInformation"], "LsaOpenAccount": ["LSA_HANDLE PolicyHandle", "ULONG Count", "PLSA_UNICODE_STRING Names"], "GetManagedApplications": ["DWORD dwQueryFlags", "DWORD dwInfoLevel", "LPDWORD pdwApps"], "A_SHAUpdate": ["UNSIGNED CHAR"], "LogonUserW": ["LPTSTR lpszUsername", "opt_LPTSTR lpszDomain", "opt_LPTSTR lpszPassword", "DWORD dwLogonType", "DWORD dwLogonProvider", "PHANDLE phToken"], "SetAclInformation": ["PACL pAcl", "LPVOID pAclInformation", "DWORD nAclInformationLength", "ACL_INFORMATION_CLASS dwAclInformationClass"], "SaferIdentifyLevel": ["DWORD dwNumProperties", "opt_PSAFER_CODE_PROPERTIES pCodeProperties", "LPVOID lpReserved"], "A_SHAInit": [], "LogonUserA": ["LPTSTR lpszUsername", "opt_LPTSTR lpszDomain", "opt_LPTSTR lpszPassword", "DWORD dwLogonType", "DWORD dwLogonProvider", "PHANDLE phToken"], "EqualSid": ["PSID pSid1", "PSID pSid2"], "CreatePrivateObjectSecurityEx": ["opt_PSECURITY_DESCRIPTOR ParentDescriptor", "opt_PSECURITY_DESCRIPTOR CreatorDescriptor", "BOOL IsContainerObject", "ULONG AutoInheritFlags", "opt_HANDLE Token", "PGENERIC_MAPPING GenericMapping"], "SetThreadToken": ["opt_PHANDLE Thread", "opt_HANDLE Token"], "LsaDeleteTrustedDomain": ["LSA_HANDLE PolicyHandle", "PSID TrustedDomainSid"], "GetTrusteeFormW": ["PTRUSTEE pTrustee"], "GetSecurityDescriptorRMControl": ["PSECURITY_DESCRIPTOR SecurityDescriptor", "PUCHAR RMControl"], "GetServiceKeyNameW": ["SC_HANDLE hSCManager", "LPCTSTR lpDisplayName", "opt_LPTSTR lpServiceName", "LPDWORD lpcchBuffer"], "OpenThreadWaitChainSession": ["DWORD Flags", "opt_PWAITCHAINCALLBACK callback"], "PerfQueryCounterInfo": ["HANDLE hQuery", "opt_ PPERF_COUNTER_IDENTIFIER", "LPDWORD pcbCountersActual"], "CreateProcessWithLogonW": ["LPCWSTR lpUsername", "opt_LPCWSTR lpDomain", "LPCWSTR lpPassword", "DWORD dwLogonFlags", "opt_LPCWSTR lpApplicationName", "opt_LPWSTR lpCommandLine", "DWORD dwCreationFlags", "opt_LPVOID lpEnvironment", "opt_LPCWSTR lpCurrentDirectory", "LPSTARTUPINFOW lpStartupInfo", "LPPROCESS_INFORMATION lpProcessInfo"], "RegOpenKeyExW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD ulOptions", "REGSAM samDesired", "PHKEY phkResult"], "GetServiceKeyNameA": ["SC_HANDLE hSCManager", "LPCTSTR lpDisplayName", "opt_LPTSTR lpServiceName", "LPDWORD lpcchBuffer"], "DeleteService": ["SC_HANDLE hService"], "GetSecurityDescriptorLength": ["PSECURITY_DESCRIPTOR pSecurityDescriptor"], "DeleteAce": ["PACL pAcl", "DWORD dwAceIndex"], "OpenProcessToken": ["HANDLE ProcessHandle", "DWORD DesiredAccess", "PHANDLE TokenHandle"], "AuditLookupSubCategoryNameW": ["const GUID *pAuditSubCategoryGuid"], "QueryServiceConfigA": ["SC_HANDLE hService", "opt_LPQUERY_SERVICE_CONFIG lpServiceConfig", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "LsaEnumerateTrustedDomainsEx": ["LSA_HANDLE PolicyHandle", "PLSA_ENUMERATION_HANDLE EnumerationContext", "ULONG PreferredMaximumLength", "PULONG CountReturned"], "SetFileSecurityW": ["LPCTSTR lpFileName", "SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR pSecurityDescriptor"], "BuildTrusteeWithObjectsAndSidA": ["PTRUSTEE pTrustee", "opt_POBJECTS_AND_SID pObjSid", "opt_PSID pSid"], "SystemFunction036": ["PVOID RandomBuffer", "ULONG RandomBufferLength"], "FreeEncryptionCertificateHashList": ["PENCRYPTION_CERTIFICATE_HASH_LIST pHashes"], "RegDisableReflectionKey": ["HKEY hBase"], "PerfIncrementULongCounterValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "ULONG lValue"], "AuditLookupSubCategoryNameA": ["const GUID *pAuditSubCategoryGuid"], "AddUsersToEncryptedFile": ["LPCWSTR lpFileName", "PENCRYPTION_CERTIFICATE_LIST pUsers"], "EventUnregister": ["REGHANDLE RegHandle"], "CryptReleaseContext": ["HCRYPTPROV hProv", "DWORD dwFlags"], "CredReadA": ["LPCTSTR TargetName", "DWORD Type", "DWORD Flags"], "RegCreateKeyTransactedW": ["HKEY hKey", "LPCTSTR lpSubKey", "DWORD Reserved", "opt_LPTSTR lpClass", "DWORD dwOptions", "REGSAM samDesired", "opt_const LPSECURITY_ATTRIBUTES lpSecurityAttributes", "PHKEY phkResult", "opt_LPDWORD lpdwDisposition", "HANDLE hTransaction", "PVOID pExtendedParemeter"], "RegEnumKeyExW": ["HKEY hKey", "DWORD dwIndex", "LPTSTR lpName", "LPDWORD lpcName", "LPDWORD lpReserved", "LPTSTR lpClass", "opt_LPDWORD lpcClass", "opt_PFILETIME lpftLastWriteTime"], "GetPrivateObjectSecurity": ["PSECURITY_DESCRIPTOR ObjectDescriptor", "SECURITY_INFORMATION SecurityInformation", "opt_PSECURITY_DESCRIPTOR ResultantDescriptor", "DWORD DescriptorLength", "PDWORD ReturnLength"], "RegCreateKeyTransactedA": ["HKEY hKey", "LPCTSTR lpSubKey", "DWORD Reserved", "opt_LPTSTR lpClass", "DWORD dwOptions", "REGSAM samDesired", "opt_const LPSECURITY_ATTRIBUTES lpSecurityAttributes", "PHKEY phkResult", "opt_LPDWORD lpdwDisposition", "HANDLE hTransaction", "PVOID pExtendedParemeter"], "RegOpenKeyExA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD ulOptions", "REGSAM samDesired", "PHKEY phkResult"], "CredReadW": ["LPCTSTR TargetName", "DWORD Type", "DWORD Flags"], "ProcessIdleTasks": [], "RegEnumKeyExA": ["HKEY hKey", "DWORD dwIndex", "LPTSTR lpName", "LPDWORD lpcName", "LPDWORD lpReserved", "LPTSTR lpClass", "opt_LPDWORD lpcClass", "opt_PFILETIME lpftLastWriteTime"], "CryptDestroyHash": ["HCRYPTHASH hHash"], "MapGenericMask": ["PDWORD AccessMask", "PGENERIC_MAPPING GenericMapping"], "GetManagedApplicationCategories": ["DWORD dwReserved"], "PerfDecrementULongCounterValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "ULONG lValue"], "SetEntriesInAclW": ["ULONG cCountOfExplicitEntries", "opt_PEXPLICIT_ACCESS pListOfExplicitEntries", "opt_PACL OldAcl"], "RevertToSelf": [], "EnumServicesStatusA": ["SC_HANDLE hSCManager", "DWORD dwServiceType", "DWORD dwServiceState", "opt_LPENUM_SERVICE_STATUS lpServices", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded", "LPDWORD lpServicesReturned", "opt_LPDWORD lpResumeHandle"], "SetSecurityDescriptorControl": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest", "SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet"], "CryptGetHashParam": ["HCRYPTHASH hHash", "DWORD dwParam", "DWORD dwFlags"], "ObjectOpenAuditAlarmA": ["LPCTSTR SubsystemName", "LPVOID HandleId", "LPTSTR ObjectTypeName", "opt_LPTSTR ObjectName", "PSECURITY_DESCRIPTOR pSecurityDescriptor", "HANDLE ClientToken", "DWORD DesiredAccess", "DWORD GrantedAccess", "opt_PPRIVILEGE_SET Privileges", "BOOL ObjectCreation", "BOOL AccessGranted", "LPBOOL GenerateOnClose"], "SetSecurityDescriptorSacl": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "BOOL bSaclPresent", "opt_PACL pSacl", "BOOL bSaclDefaulted"], "PrivilegedServiceAuditAlarmA": ["LPCTSTR SubsystemName", "LPCTSTR ServiceName", "HANDLE ClientToken", "PPRIVILEGE_SET Privileges", "BOOL AccessGranted"], "EnumServicesStatusW": ["SC_HANDLE hSCManager", "DWORD dwServiceType", "DWORD dwServiceState", "opt_LPENUM_SERVICE_STATUS lpServices", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded", "LPDWORD lpServicesReturned", "opt_LPDWORD lpResumeHandle"], "SetEntriesInAclA": ["ULONG cCountOfExplicitEntries", "opt_PEXPLICIT_ACCESS pListOfExplicitEntries", "opt_PACL OldAcl"], "OpenTraceW": ["PEVENT_TRACE_LOGFILE Logfile"], "ObjectOpenAuditAlarmW": ["LPCTSTR SubsystemName", "LPVOID HandleId", "LPTSTR ObjectTypeName", "opt_LPTSTR ObjectName", "PSECURITY_DESCRIPTOR pSecurityDescriptor", "HANDLE ClientToken", "DWORD DesiredAccess", "DWORD GrantedAccess", "opt_PPRIVILEGE_SET Privileges", "BOOL ObjectCreation", "BOOL AccessGranted", "LPBOOL GenerateOnClose"], "MSChapSrvChangePassword": ["PWSTR ServerName", "PWSTR UserName", "BOOLEAN LmOldPresent", "PLM_OWF_PASSWORD LmOldOwfPassword", "PLM_OWF_PASSWORD LmNewOwfPassword", "PNT_OWF_PASSWORD NtOldOwfPassword", "PNT_OWF_PASSWORD NtNewOwfPassword"], "EventAccessControl": ["LPGUID Guid", "ULONG Operation", "PSID Sid", "ULONG Rights", "BOOLEAN AllowOrDeny"], "IsTokenRestricted": ["HANDLE TokenHandle"], "GetAce": ["PACL pAcl", "DWORD dwAceIndex"], "QueryServiceConfigW": ["SC_HANDLE hService", "opt_LPQUERY_SERVICE_CONFIG lpServiceConfig", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "InitializeSecurityDescriptor": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "DWORD dwRevision"], "AbortSystemShutdownW": ["opt_LPTSTR lpMachineName"], "RegSaveKeyExW": ["HKEY hKey", "LPCTSTR lpFile", "opt_LPSECURITY_ATTRIBUTES lpSecurityAttributes", "DWORD Flags"], "MakeAbsoluteSD": ["PSECURITY_DESCRIPTOR pSelfRelativeSD", "opt_PSECURITY_DESCRIPTOR pAbsoluteSD", "LPDWORD lpdwAbsoluteSDSize", "opt_PACL pDacl", "LPDWORD lpdwDaclSize", "opt_PACL pSacl", "LPDWORD lpdwSaclSize", "opt_PSID pOwner", "LPDWORD lpdwOwnerSize", "opt_PSID pPrimaryGroup", "LPDWORD lpdwPrimaryGroupSize"], "GetKernelObjectSecurity": ["HANDLE Handle", "SECURITY_INFORMATION RequestedInformation", "opt_PSECURITY_DESCRIPTOR pSecurityDescriptor", "DWORD nLength", "LPDWORD lpnLengthNeeded"], "GetSecurityDescriptorOwner": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "LPBOOL lpbOwnerDefaulted"], "EqualPrefixSid": ["PSID pSid1", "PSID pSid2"], "LsaEnumerateAccountRights": ["LSA_HANDLE PolicyHandle", "PSID AccountSid", "PULONG CountOfRights"], "PerfEnumerateCounterSet": ["opt_LPCWSTR szMachine", "opt_LPGUID pCounterSetIds", "LPDWORD pcCounterSetIdsActual"], "DuplicateTokenEx": ["HANDLE hExistingToken", "DWORD dwDesiredAccess", "opt_LPSECURITY_ATTRIBUTES lpTokenAttributes", "SECURITY_IMPERSONATION_LEVEL ImpersonationLevel", "TOKEN_TYPE TokenType", "PHANDLE phNewToken"], "AreAllAccessesGranted": ["DWORD GrantedAccess", "DWORD DesiredAccess"], "ObjectCloseAuditAlarmW": ["LPCTSTR SubsystemName", "LPVOID HandleId", "BOOL GenerateOnClose"], "CryptGetDefaultProviderA": ["DWORD dwProvType", "DWORD dwFlags", "LPTSTR pszProvName"], "CredGetSessionTypes": ["DWORD MaximumPersistCount", "LPDWORD MaximumPersist"], "ObjectCloseAuditAlarmA": ["LPCTSTR SubsystemName", "LPVOID HandleId", "BOOL GenerateOnClose"], "CryptGetDefaultProviderW": ["DWORD dwProvType", "DWORD dwFlags", "LPTSTR pszProvName"], "EncryptionDisable": ["LPCWSTR DirPath", "BOOL Disable"], "RegUnLoadKeyA": ["HKEY hKey", "opt_LPCTSTR lpSubKey"], "StartServiceCtrlDispatcherA": ["const SERVICE_TABLE_ENTRY *lpServiceTable"], "CredWriteDomainCredentialsA": ["PCREDENTIAL_TARGET_INFORMATION TargetInfo", "PCREDENTIAL Credential", "DWORD Flags"], "GetCurrentHwProfileA": ["LPHW_PROFILE_INFO lpHwProfileInfo"], "BackupEventLogA": ["HANDLE hEventLog", "LPCTSTR lpBackupFileName"], "StartServiceCtrlDispatcherW": ["const SERVICE_TABLE_ENTRY *lpServiceTable"], "ImpersonateLoggedOnUser": ["HANDLE hToken"], "RegUnLoadKeyW": ["HKEY hKey", "opt_LPCTSTR lpSubKey"], "BackupEventLogW": ["HANDLE hEventLog", "LPCTSTR lpBackupFileName"], "GetCurrentHwProfileW": ["LPHW_PROFILE_INFO lpHwProfileInfo"], "CredWriteDomainCredentialsW": ["PCREDENTIAL_TARGET_INFORMATION TargetInfo", "PCREDENTIAL Credential", "DWORD Flags"], "RegConnectRegistryW": ["opt_LPCTSTR lpMachineName", "HKEY hKey", "PHKEY phkResult"], "LookupSecurityDescriptorPartsA": ["opt_PULONG cCountOfAccessEntries", "opt_PULONG cCountOfAuditEntries", "PSECURITY_DESCRIPTOR pSD"], "CopySid": ["DWORD nDestinationSidLength", "PSID pDestinationSid", "PSID pSourceSid"], "RegCreateKeyW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "PHKEY phkResult"], "LookupSecurityDescriptorPartsW": ["opt_PULONG cCountOfAccessEntries", "opt_PULONG cCountOfAuditEntries", "PSECURITY_DESCRIPTOR pSD"], "RegCreateKeyA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "PHKEY phkResult"], "LsaRemovePrivilegesFromAccount": ["STRING lucPrivilege", "STRING for"], "PerfEnumerateCounterSetInstances": ["opt_LPCWSTR szMachine", "LPCGUID pCounterSetId", "opt_PPERF_INSTANCE_HEADER pInstances", "LPDWORD pcbInstancesActual"], "CryptDuplicateKey": ["HCRYPTKEY hKey", "DWORD dwFlags"], "AbortSystemShutdownA": ["opt_LPTSTR lpMachineName"], "CredGetTargetInfoW": ["LPCTSTR TargetName", "DWORD Flags"], "OpenBackupEventLogW": ["LPCTSTR lpUNCServerName", "LPCTSTR lpFileName"], "CreateRestrictedToken": ["HANDLE ExistingTokenHandle", "DWORD Flags", "DWORD DisableSidCount", "opt_PSID_AND_ATTRIBUTES SidsToDisable", "DWORD DeletePrivilegeCount", "opt_PLUID_AND_ATTRIBUTES PrivilegesToDelete", "DWORD RestrictedSidCount", "opt_PSID_AND_ATTRIBUTES SidsToRestrict", "PHANDLE NewTokenHandle"], "PerfAddCounters": ["HANDLE hQuery", "PPERF_COUNTER_IDENTIFIER pCounters"], "CredGetTargetInfoA": ["LPCTSTR TargetName", "DWORD Flags"], "LsaRetrievePrivateData": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING KeyName"], "RegisterServiceCtrlHandlerExA": ["HANDLE WINAPI", "LPCTSTR lpServiceName", "LPHANDLER_FUNCTION_EX lpHandlerProc", "opt_LPVOID lpContext"], "LsaStorePrivateData": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING KeyName", "PLSA_UNICODE_STRING PrivateData"], "RegConnectRegistryA": ["opt_LPCTSTR lpMachineName", "HKEY hKey", "PHKEY phkResult"], "RegisterServiceCtrlHandlerExW": ["HANDLE WINAPI", "LPCTSTR lpServiceName", "LPHANDLER_FUNCTION_EX lpHandlerProc", "opt_LPVOID lpContext"], "GetThreadWaitChain": ["HWCT WctHandle", "opt_DWORD_PTR Context", "DWORD Flags", "DWORD ThreadId", "LPDWORD NodeCount", "PWAITCHAIN_NODE_INFO NodeInfoArray", "LPBOOL IsCycle"], "EventAccessRemove": ["LPGUID Guid"], "GetEventLogInformation": ["HANDLE hEventLog", "DWORD dwInfoLevel", "LPVOID lpBuffer", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "AddMandatoryAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD MandatoryPolicy", "PSID pLabelSid"], "CredMarshalCredentialA": ["CRED_MARSHAL_TYPE CredType", "PVOID Credential"], "AddAccessDeniedAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AccessMask", "PSID pSid"], "RegDeleteKeyTransactedW": ["HKEY hKey", "LPCTSTR lpSubKey", "REGSAM samDesired", "DWORD Reserved", "HANDLE hTransaction", "PVOID pExtendedParameter"], "CredMarshalCredentialW": ["CRED_MARSHAL_TYPE CredType", "PVOID Credential"], "LsaNtStatusToWinError": ["NTSTATUS Status"], "GetAclInformation": ["PACL pAcl", "LPVOID pAclInformation", "DWORD nAclInformationLength", "ACL_INFORMATION_CLASS dwAclInformationClass"], "OpenBackupEventLogA": ["LPCTSTR lpUNCServerName", "LPCTSTR lpFileName"], "CloseServiceHandle": ["SC_HANDLE hSCObject"], "SetSecurityDescriptorRMControl": ["PSECURITY_DESCRIPTOR SecurityDescriptor", "opt_PUCHAR RMControl"], "RegQueryMultipleValuesW": ["HKEY hKey", "PVALENT val_list", "DWORD num_vals", "opt_LPTSTR lpValueBuf", "opt_LPDWORD ldwTotsize"], "QuerySecurityAccessMask": ["SECURITY_INFORMATION SecurityInformation", "LPDWORD DesiredAccess"], "AreAnyAccessesGranted": ["DWORD GrantedAccess", "DWORD DesiredAccess"], "CryptGenKey": ["HCRYPTPROV hProv", "ALG_ID Algid", "DWORD dwFlags"], "RegQueryMultipleValuesA": ["HKEY hKey", "PVALENT val_list", "DWORD num_vals", "opt_LPTSTR lpValueBuf", "opt_LPDWORD ldwTotsize"], "CryptSetProvParam": ["HCRYPTPROV hProv", "DWORD dwParam", "const BYTE *pbData", "DWORD dwFlags"], "RegLoadKeyA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "LPCTSTR lpFile"], "StopTraceW": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "RegLoadKeyW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "LPCTSTR lpFile"], "CryptDecrypt": ["HCRYPTKEY hKey", "HCRYPTHASH hHash", "BOOL Final", "DWORD dwFlags"], "RegSaveKeyExA": ["HKEY hKey", "LPCTSTR lpFile", "opt_LPSECURITY_ATTRIBUTES lpSecurityAttributes", "DWORD Flags"], "ConvertSecurityDescriptorToStringSecurityDescriptorW": ["PSECURITY_DESCRIPTOR SecurityDescriptor", "DWORD RequestedStringSDRevision", "SECURITY_INFORMATION SecurityInformation", "PULONG StringSecurityDescriptorLen"], "GetTraceLoggerHandle": ["PVOID Buffer"], "QueryServiceStatusEx": ["SC_HANDLE hService", "SC_STATUS_TYPE InfoLevel", "opt_LPBYTE lpBuffer", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "AddAuditAccessAceEx": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD dwAccessMask", "PSID pSid", "BOOL bAuditSuccess", "BOOL bAuditFailure"], "SetPrivateObjectSecurityEx": ["SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR ModificationDescriptor", "ULONG AutoInheritFlags", "PGENERIC_MAPPING GenericMapping", "opt_HANDLE Token"], "QueryServiceObjectSecurity": ["SC_HANDLE hService", "SECURITY_INFORMATION dwSecurityInformation", "opt_PSECURITY_DESCRIPTOR lpSecurityDescriptor", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "ConvertSecurityDescriptorToStringSecurityDescriptorA": ["PSECURITY_DESCRIPTOR SecurityDescriptor", "DWORD RequestedStringSDRevision", "SECURITY_INFORMATION SecurityInformation", "PULONG StringSecurityDescriptorLen"], "CredUnmarshalCredentialW": ["LPCTSTR MarshaledCredential", "PCRED_MARSHAL_TYPE CredType"], "AuditQueryGlobalSaclA": ["PCWSTR ObjectTypeName"], "CredUnprotectW": ["BOOL fAsSelf", "LPTSTR pszProtectedCredentials", "DWORD cchCredentials", "LPTSTR pszCredentials"], "CredProtectW": ["BOOL fAsSelf", "LPTSTR pszCredentials", "DWORD cchCredentials", "LPTSTR pszProtectedCredentials"], "AddAccessDeniedAceEx": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD AccessMask", "PSID pSid"], "SaferGetPolicyInformation": ["DWORD dwScopeId", "SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass", "DWORD InfoBufferSize", "PVOID InfoBuffer", "PDWORD InfoBufferRetSize", "LPVOID lpReserved"], "CredUnmarshalCredentialA": ["LPCTSTR MarshaledCredential", "PCRED_MARSHAL_TYPE CredType"], "CredProtectA": ["BOOL fAsSelf", "LPTSTR pszCredentials", "DWORD cchCredentials", "LPTSTR pszProtectedCredentials"], "CredUnprotectA": ["BOOL fAsSelf", "LPTSTR pszProtectedCredentials", "DWORD cchCredentials", "LPTSTR pszCredentials"], "AuditQueryGlobalSaclW": ["PCWSTR ObjectTypeName"], "CryptContextAddRef": ["HCRYPTPROV hProv", "DWORD dwFlags"], "GetTrusteeTypeW": ["opt_PTRUSTEE pTrustee"], "DeregisterEventSource": ["HANDLE hEventLog"], "FileEncryptionStatusW": ["LPCTSTR lpFileName", "LPDWORD lpStatus"], "GetTrusteeTypeA": ["opt_PTRUSTEE pTrustee"], "AuditFree": ["PVOID Buffer"], "FileEncryptionStatusA": ["LPCTSTR lpFileName", "LPDWORD lpStatus"], "LsaSetInformationPolicy": ["LSA_HANDLE PolicyHandle", "POLICY_INFORMATION_CLASS InformationClass", "PVOID Buffer"], "LsaLookupNames": ["LSA_HANDLE PolicyHandle", "ULONG Count", "PLSA_UNICODE_STRING Names"], "GetSidIdentifierAuthority": ["AUTHORITY WINAPI", "PSID pSid"], "QueryTraceA": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "EventAccessQuery": ["LPGUID Guid", "PSECURITY_DESCRIPTOR Buffer", "PULONG BufferSize"], "CreatePrivateObjectSecurityWithMultipleInheritance": ["opt_PSECURITY_DESCRIPTOR ParentDescriptor", "opt_PSECURITY_DESCRIPTOR CreatorDescriptor", "ULONG GuidCount", "BOOL IsContainerObject", "ULONG AutoInheritFlags", "opt_HANDLE Token", "PGENERIC_MAPPING GenericMapping"], "RegSetValueA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD dwType", "LPCTSTR lpData", "DWORD cbData"], "LsaLookupPrivilegeValue": [], "EncryptedFileKeyInfo": [], "CryptGetProvParam": ["HCRYPTPROV hProv", "DWORD dwParam", "DWORD dwFlags"], "RegSaveKeyA": ["HKEY hKey", "LPCTSTR lpFile", "opt_LPSECURITY_ATTRIBUTES lpSecurityAttributes"], "NotifyServiceStatusChangeA": ["SC_HANDLE hService", "DWORD dwNotifyMask", "PSERVICE_NOTIFY pNotifyBuffer"], "AuditSetSystemPolicy": ["PCAUDIT_POLICY_INFORMATION pAuditPolicy", "ULONG PolicyCount"], "MakeSelfRelativeSD": ["PSECURITY_DESCRIPTOR pAbsoluteSD", "opt_PSECURITY_DESCRIPTOR pSelfRelativeSD", "LPDWORD lpdwBufferLength"], "RegSaveKeyW": ["HKEY hKey", "LPCTSTR lpFile", "opt_LPSECURITY_ATTRIBUTES lpSecurityAttributes"], "NotifyServiceStatusChangeW": ["SC_HANDLE hService", "DWORD dwNotifyMask", "PSERVICE_NOTIFY pNotifyBuffer"], "BuildTrusteeWithSidA": ["PTRUSTEE pTrustee", "opt_PSID pSid"], "SetNamedSecurityInfoW": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID psidOwner", "opt_PSID psidGroup", "opt_PACL pDacl", "opt_PACL pSacl"], "IsValidSecurityDescriptor": ["PSECURITY_DESCRIPTOR pSecurityDescriptor"], "FlushTraceA": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "ControlTraceA": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties", "ULONG ControlCode"], "RegNotifyChangeKeyValue": ["HKEY hKey", "BOOL bWatchSubtree", "DWORD dwNotifyFilter", "opt_HANDLE hEvent", "BOOL fAsynchronous"], "ChangeServiceConfigA": ["SC_HANDLE hService", "DWORD dwServiceType", "DWORD dwStartType", "DWORD dwErrorControl", "opt_LPCTSTR lpBinaryPathName", "opt_LPCTSTR lpLoadOrderGroup", "opt_LPDWORD lpdwTagId", "opt_LPCTSTR lpDependencies", "opt_LPCTSTR lpServiceStartName", "opt_LPCTSTR lpPassword", "opt_LPCTSTR lpDisplayName"], "CryptSetHashParam": ["HCRYPTHASH hHash", "DWORD dwParam", "const BYTE *pbData", "DWORD dwFlags"], "AdjustTokenPrivileges": ["HANDLE TokenHandle", "BOOL DisableAllPrivileges", "opt_PTOKEN_PRIVILEGES NewState", "DWORD BufferLength", "opt_PTOKEN_PRIVILEGES PreviousState", "opt_PDWORD ReturnLength"], "ControlTraceW": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties", "ULONG ControlCode"], "EventWriteString": ["REGHANDLE RegHandle", "UCHAR Level", "ULONGLONG Keyword", "PCWSTR String"], "FlushTraceW": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "TraceMessageVa": ["TRACEHANDLE SessionHandle", "ULONG MessageFlags", "LPGUID MessageGuid", "USHORT MessageNumber", "va_list MessageArgList"], "LsaOpenPolicy": ["PLSA_UNICODE_STRING SystemName", "PLSA_OBJECT_ATTRIBUTES ObjectAttributes", "ACCESS_MASK DesiredAccess", "PLSA_HANDLE PolicyHandle"], "ConvertStringSidToSidW": ["LPCTSTR StringSid"], "EventRegister": ["LPCGUID ProviderId", "opt_PENABLECALLBACK EnableCallback", "opt_PVOID CallbackContext", "PREGHANDLE RegHandle"], "RegQueryValueA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "opt_LPTSTR lpValue", "opt_PLONG lpcbValue"], "QueryServiceLockStatusW": ["SC_HANDLE hSCManager", "opt_LPQUERY_SERVICE_LOCK_STATUS lpLockStatus", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "EventProviderEnabled": ["REGHANDLE RegHandle", "UCHAR Level", "ULONGLONG Keyword"], "CloseEncryptedFileRaw": ["PVOID pvContext"], "ConvertStringSidToSidA": ["LPCTSTR StringSid"], "SetTokenInformation": ["HANDLE TokenHandle", "TOKEN_INFORMATION_CLASS TokenInformationClass", "LPVOID TokenInformation", "DWORD TokenInformationLength"], "FreeInheritedFromArray": ["PINHERITED_FROM pInheritArray", "USHORT AceCnt", "opt_PFN_OBJECT_MGR_FUNCTS pfnArray"], "SaferSetPolicyInformation": ["DWORD dwScopeId", "SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass", "DWORD InfoBufferSize", "PVOID InfoBuffer", "LPVOID lpReserved"], "RegQueryValueW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "opt_LPTSTR lpValue", "opt_PLONG lpcbValue"], "InitiateShutdownW": ["opt_LPTSTR lpMachineName", "opt_LPTSTR lpMessage", "DWORD dwGracePeriod", "DWORD dwShutdownFlags", "DWORD dwReason"], "GetAuditedPermissionsFromAclW": ["PACL pacl", "PTRUSTEE pTrustee", "PACCESS_MASK pSuccessfulAuditedRights", "PACCESS_MASK pFailedAuditRights"], "CredWriteA": ["PCREDENTIAL Credential", "DWORD Flags"], "RegQueryInfoKeyW": ["HKEY hKey", "opt_LPTSTR lpClass", "opt_LPDWORD lpcClass", "LPDWORD lpReserved", "opt_LPDWORD lpcSubKeys", "opt_LPDWORD lpcMaxSubKeyLen", "opt_LPDWORD lpcMaxClassLen", "opt_LPDWORD lpcValues", "opt_LPDWORD lpcMaxValueNameLen", "opt_LPDWORD lpcMaxValueLen", "opt_LPDWORD lpcbSecurityDescriptor", "opt_PFILETIME lpftLastWriteTime"], "AddAccessAllowedAceEx": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD AccessMask", "PSID pSid"], "InitiateShutdownA": ["opt_LPTSTR lpMachineName", "opt_LPTSTR lpMessage", "DWORD dwGracePeriod", "DWORD dwShutdownFlags", "DWORD dwReason"], "CredReadDomainCredentialsW": ["PCREDENTIAL_TARGET_INFORMATION TargetInfo", "DWORD Flags"], "GetLengthSid": ["PSID pSid"], "TraceEvent": ["TRACEHANDLE SessionHandle", "PEVENT_TRACE_HEADER EventTrace"], "RegQueryInfoKeyA": ["HKEY hKey", "opt_LPTSTR lpClass", "opt_LPDWORD lpcClass", "LPDWORD lpReserved", "opt_LPDWORD lpcSubKeys", "opt_LPDWORD lpcMaxSubKeyLen", "opt_LPDWORD lpcMaxClassLen", "opt_LPDWORD lpcValues", "opt_LPDWORD lpcMaxValueNameLen", "opt_LPDWORD lpcMaxValueLen", "opt_LPDWORD lpcbSecurityDescriptor", "opt_PFILETIME lpftLastWriteTime"], "ChangeServiceConfigW": ["SC_HANDLE hService", "DWORD dwServiceType", "DWORD dwStartType", "DWORD dwErrorControl", "opt_LPCTSTR lpBinaryPathName", "opt_LPCTSTR lpLoadOrderGroup", "opt_LPDWORD lpdwTagId", "opt_LPCTSTR lpDependencies", "opt_LPCTSTR lpServiceStartName", "opt_LPCTSTR lpPassword", "opt_LPCTSTR lpDisplayName"], "GetAuditedPermissionsFromAclA": ["PACL pacl", "PTRUSTEE pTrustee", "PACCESS_MASK pSuccessfulAuditedRights", "PACCESS_MASK pFailedAuditRights"], "RegSetKeyValueA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "opt_LPCTSTR lpValueName", "DWORD dwType", "opt_LPCVOID lpData", "DWORD cbData"], "CryptAcquireContextW": ["LPCTSTR pszContainer", "LPCTSTR pszProvider", "DWORD dwProvType", "DWORD dwFlags"], "NotifyChangeEventLog": ["HANDLE hEventLog", "HANDLE hEvent"], "PrivilegeCheck": ["HANDLE ClientToken", "PPRIVILEGE_SET RequiredPrivileges", "LPBOOL pfResult"], "RegDisablePredefinedCacheEx": [], "TraceEventInstance": ["TRACEHANDLE SessionHandle", "PEVENT_INSTANCE_HEADER EventTrace", "PEVENT_INSTANCE_INFO pInstInfo", "PEVENT_INSTANCE_INFO pParentInstInfo"], "CredIsProtectedA": ["LPTSTR pszProtectedCredentials"], "RegSetKeyValueW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "opt_LPCTSTR lpValueName", "DWORD dwType", "opt_LPCVOID lpData", "DWORD cbData"], "GetTrusteeNameW": ["PTRUSTEE pTrustee"], "CredIsProtectedW": ["LPTSTR pszProtectedCredentials"], "BuildTrusteeWithSidW": ["PTRUSTEE pTrustee", "opt_PSID pSid"], "OpenSCManagerW": ["opt_LPCTSTR lpMachineName", "opt_LPCTSTR lpDatabaseName", "DWORD dwDesiredAccess"], "RegOpenUserClassesRoot": ["HANDLE hToken", "DWORD dwOptions", "REGSAM samDesired", "PHKEY phkResult"], "GetTrusteeNameA": ["PTRUSTEE pTrustee"], "UninstallApplication": ["DWORD dwStatus"], "EventWriteTransfer": ["REGHANDLE RegHandle", "PCEVENT_DESCRIPTOR EventDescriptor", "opt_LPCGUID ActivityId", "opt_LPCGUID RelatedActivityId", "ULONG UserDataCount", "opt_PEVENT_DATA_DESCRIPTOR UserData"], "AccessCheckByTypeAndAuditAlarmW": ["LPCTSTR SubsystemName", "LPVOID HandleId", "LPCTSTR ObjectTypeName", "opt_LPCTSTR ObjectName", "PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID PrincipalSelfSid", "DWORD DesiredAccess", "AUDIT_EVENT_TYPE AuditType", "DWORD Flags", "opt_POBJECT_TYPE_LIST ObjectTypeList", "DWORD ObjectTypeListLength", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPBOOL AccessStatus", "LPBOOL pfGenerateOnClose"], "CredDeleteA": ["LPCTSTR TargetName", "DWORD Type", "DWORD Flags"], "CryptSetProviderW": ["LPCTSTR pszProvName", "DWORD dwProvType"], "QueryTraceW": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "CryptSetProviderA": ["LPCTSTR pszProvName", "DWORD dwProvType"], "AccessCheckByTypeAndAuditAlarmA": ["LPCTSTR SubsystemName", "LPVOID HandleId", "LPCTSTR ObjectTypeName", "opt_LPCTSTR ObjectName", "PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID PrincipalSelfSid", "DWORD DesiredAccess", "AUDIT_EVENT_TYPE AuditType", "DWORD Flags", "opt_POBJECT_TYPE_LIST ObjectTypeList", "DWORD ObjectTypeListLength", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPBOOL AccessStatus", "LPBOOL pfGenerateOnClose"], "CredDeleteW": ["LPCTSTR TargetName", "DWORD Type", "DWORD Flags"], "LookupAccountNameA": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpAccountName", "opt_PSID Sid", "LPDWORD cbSid", "opt_LPTSTR ReferencedDomainName", "LPDWORD cchReferencedDomainName", "PSID_NAME_USE peUse"], "CreateWellKnownSid": ["WELL_KNOWN_SID_TYPE WellKnownSidType", "opt_PSID DomainSid", "opt_PSID pSid"], "ObjectDeleteAuditAlarmA": ["LPCTSTR SubsystemName", "LPVOID HandleId", "BOOL GenerateOnClose"], "ConvertToAutoInheritPrivateObjectSecurity": ["opt_PSECURITY_DESCRIPTOR ParentDescriptor", "PSECURITY_DESCRIPTOR CurrentSecurityDescriptor", "BOOLEAN IsDirectoryObject", "PGENERIC_MAPPING GenericMapping"], "SetServiceObjectSecurity": ["SC_HANDLE hService", "SECURITY_INFORMATION dwSecurityInformation", "PSECURITY_DESCRIPTOR lpSecurityDescriptor"], "OpenEventLogA": ["LPCTSTR lpUNCServerName", "LPCTSTR lpSourceName"], "ObjectDeleteAuditAlarmW": ["LPCTSTR SubsystemName", "LPVOID HandleId", "BOOL GenerateOnClose"], "RegisterEventSourceA": ["LPCTSTR lpUNCServerName", "LPCTSTR lpSourceName"], "AuditEnumerateCategories": ["PULONG pCountReturned"], "LookupAccountNameW": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpAccountName", "opt_PSID Sid", "LPDWORD cbSid", "opt_LPTSTR ReferencedDomainName", "LPDWORD cchReferencedDomainName", "PSID_NAME_USE peUse"], "OpenEventLogW": ["LPCTSTR lpUNCServerName", "LPCTSTR lpSourceName"], "LsaOpenTrustedDomainByName": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING TrustedDomainName", "ACCESS_MASK DesiredAccess", "PLSA_HANDLE TrustedDomainHandle"], "LsaEnumerateAccountsWithUserRight": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING UserRights", "PULONG CountReturned"], "ReadEncryptedFileRaw": ["PFE_EXPORT_FUNC pfExportCallback", "opt_PVOID pvCallbackContext", "PVOID pvContext"], "RemoveTraceCallback": ["LPCGUID pGuid"], "RemoveUsersFromEncryptedFile": ["LPCWSTR lpFileName", "PENCRYPTION_CERTIFICATE_HASH_LIST pHashes"], "CloseEventLog": ["HANDLE hEventLog"], "LsaQueryTrustedDomainInfo": ["LSA_HANDLE PolicyHandle", "PSID TrustedDomainSid", "TRUSTED_INFORMATION_CLASS InformationClass"], "ImpersonateSelf": ["SECURITY_IMPERSONATION_LEVEL ImpersonationLevel"], "GetSecurityDescriptorDacl": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "LPBOOL lpbDaclPresent", "LPBOOL lpbDaclDefaulted"], "PerfQueryCounterSetRegistrationInfo": ["opt_LPCWSTR szMachine", "LPCGUID pCounterSetId", "opt_LPBYTE pbRegInfo", "LPDWORD pcbRegInfoActual"], "SetSecurityInfo": ["HANDLE handle", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID psidOwner", "opt_PSID psidGroup", "opt_PACL pDacl", "opt_PACL pSacl"], "CryptGetUserKey": ["HCRYPTPROV hProv", "DWORD dwKeySpec"], "GetServiceDisplayNameW": ["SC_HANDLE hSCManager", "LPCTSTR lpServiceName", "opt_LPTSTR lpDisplayName", "LPDWORD lpcchBuffer"], "BuildTrusteeWithObjectsAndNameW": ["PTRUSTEE pTrustee", "opt_POBJECTS_AND_NAME pObjName", "opt_SE_OBJECT_TYPE ObjectType", "opt_LPTSTR ObjectTypeName", "opt_LPTSTR InheritedObjectTypeName", "opt_LPTSTR Name"], "RegisterWaitChainCOMCallback": ["PCOGETCALLSTATE CallStateCallback", "PCOGETACTIVATIONSTATE ActivationStateCallback"], "BuildTrusteeWithObjectsAndNameA": ["PTRUSTEE pTrustee", "opt_POBJECTS_AND_NAME pObjName", "opt_SE_OBJECT_TYPE ObjectType", "opt_LPTSTR ObjectTypeName", "opt_LPTSTR InheritedObjectTypeName", "opt_LPTSTR Name"], "RegDeleteKeyA": ["HKEY hKey", "LPCTSTR lpSubKey"], "GetServiceDisplayNameA": ["SC_HANDLE hSCManager", "LPCTSTR lpServiceName", "opt_LPTSTR lpDisplayName", "LPDWORD lpcchBuffer"], "CloseThreadWaitChainSession": ["HWCT WctHandle"], "EventEnabled": ["REGHANDLE RegHandle", "PCEVENT_DESCRIPTOR EventDescriptor"], "CryptDestroyKey": ["HCRYPTKEY hKey"], "LookupPrivilegeValueA": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpName", "PLUID lpLuid"], "SetNamedSecurityInfoA": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID psidOwner", "opt_PSID psidGroup", "opt_PACL pDacl", "opt_PACL pSacl"], "LookupPrivilegeValueW": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpName", "PLUID lpLuid"], "QueryUsersOnEncryptedFile": ["LPCWSTR lpFileName"], "UnlockServiceDatabase": ["SC_LOCK ScLock"], "CloseTrace": ["TRACEHANDLE TraceHandle"], "CryptImportKey": ["HCRYPTPROV hProv", "DWORD dwDataLen", "HCRYPTKEY hPubKey", "DWORD dwFlags"], "EventActivityIdControl": ["ULONG ControlCode", "LPGUID ActivityId"], "SaferiIsExecutableFileType": ["LPCWSTR szFullPath", "BOOLEAN bFromShellExecute"], "AddAccessAllowedAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AccessMask", "PSID pSid"], "PerfSetCounterSetInfo": ["HANDLE hProvider", "PPERF_COUNTERSET_INFO pTemplate", "ULONG dwTemplateSize"], "PrivilegedServiceAuditAlarmW": ["LPCTSTR SubsystemName", "LPCTSTR ServiceName", "HANDLE ClientToken", "PPRIVILEGE_SET Privileges", "BOOL AccessGranted"], "AddAccessAllowedObjectAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD AccessMask", "PSID pSid"], "QueryAllTracesW": ["ULONG PropertyArrayCount", "PULONG SessionCount"], "PerfSetCounterRefValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "PVOID lpAddr"], "CryptGenRandom": ["HCRYPTPROV hProv", "DWORD dwLen"], "EnumerateTraceGuids": ["ULONG PropertyArrayCount", "PULONG GuidCount"], "QueryAllTracesA": ["ULONG PropertyArrayCount", "PULONG SessionCount"], "SaferGetLevelInformation": ["SAFER_LEVEL_HANDLE LevelHandle", "SAFER_OBJECT_INFO_CLASS dwInfoType", "opt_LPVOID lpQueryBuffer", "DWORD dwInBufferSize", "LPDWORD lpdwOutBufferSize"], "TraceMessage": ["TRACEHANDLE SessionHandle", "ULONG MessageFlags", "LPGUID MessageGuid", "USHORT MessageNumber"], "RegDeleteValueW": ["HKEY hKey", "opt_LPCTSTR lpValueName"], "LsaQueryDomainInformationPolicy": ["LSA_HANDLE PolicyHandle", "POLICY_DOMAIN_INFORMATION_CLASS InformationClass"], "EnableTraceEx2": ["TRACEHANDLE TraceHandle", "LPCGUID ProviderId", "ULONG ControlCode", "UCHAR Level", "ULONGLONG MatchAnyKeyword", "ULONGLONG MatchAllKeyword", "ULONG Timeout", "opt_PENABLE_TRACE_PARAMETERS EnableParameters"], "RegDeleteKeyExA": ["HKEY hKey", "LPCTSTR lpSubKey", "REGSAM samDesired", "DWORD Reserved"], "AccessCheckByTypeResultList": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID PrincipalSelfSid", "HANDLE ClientToken", "DWORD DesiredAccess", "opt_POBJECT_TYPE_LIST ObjectTypeList", "DWORD ObjectTypeListLength", "PGENERIC_MAPPING GenericMapping", "opt_PPRIVILEGE_SET PrivilegeSet", "LPDWORD PrivilegeSetLength", "LPDWORD GrantedAccessList", "LPDWORD AccessStatusList"], "CryptExportKey": ["HCRYPTKEY hKey", "HCRYPTKEY hExpKey", "DWORD dwBlobType", "DWORD dwFlags"], "RegDeleteKeyExW": ["HKEY hKey", "LPCTSTR lpSubKey", "REGSAM samDesired", "DWORD Reserved"], "RegDeleteValueA": ["HKEY hKey", "opt_LPCTSTR lpValueName"], "QueryServiceStatus": ["SC_HANDLE hService", "LPSERVICE_STATUS lpServiceStatus"], "A_SHAFinal": ["UNSIGNED CHAR"], "AuditLookupCategoryIdFromCategoryGuid": ["const GUID *pAuditCategoryGuid", "PPOLICY_AUDIT_EVENT_TYPE pAuditCategoryId"], "RegCloseKey": ["HKEY hKey"], "SetPrivateObjectSecurity": ["SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR ModificationDescriptor", "PGENERIC_MAPPING GenericMapping", "opt_HANDLE Token"], "MSChapSrvChangePassword2": ["PWSTR ServerName", "PWSTR UserName", "PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt", "PENCRYPTED_NT_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt", "BOOLEAN LmPresent", "PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm", "PENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLmOrNt"], "QueryServiceConfig2A": ["SC_HANDLE hService", "DWORD dwInfoLevel", "opt_LPBYTE lpBuffer", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "ChangeServiceConfig2W": ["SC_HANDLE hService", "DWORD dwInfoLevel", "opt_LPVOID lpInfo"], "LsaClose": ["LSA_HANDLE ObjectHandle"], "DuplicateToken": ["HANDLE ExistingTokenHandle", "SECURITY_IMPERSONATION_LEVEL ImpersonationLevel", "PHANDLE DuplicateTokenHandle"], "ChangeServiceConfig2A": ["SC_HANDLE hService", "DWORD dwInfoLevel", "opt_LPVOID lpInfo"], "QueryServiceConfig2W": ["SC_HANDLE hService", "DWORD dwInfoLevel", "opt_LPBYTE lpBuffer", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "PerfDecrementULongLongCounterValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "ULONGLONG llValue"], "LsaCreateTrustedDomainEx": ["LSA_HANDLE PolicyHandle", "PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation", "PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation", "ACCESS_MASK DesiredAccess", "PLSA_HANDLE TrustedDomainHandle"], "LockServiceDatabase": ["SC_HANDLE hSCManager"], "AuditSetGlobalSaclA": ["PCWSTR ObjectTypeName", "opt_PACL Acl"], "AuditSetGlobalSaclW": ["PCWSTR ObjectTypeName", "opt_PACL Acl"], "LsaFreeMemory": ["PVOID Buffer"], "CryptEnumProvidersW": ["DWORD dwIndex", "DWORD dwFlags", "LPTSTR pszProvName"], "RegSetValueExW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD dwType", "LPCTSTR lpData", "DWORD cbData"], "LsaSetDomainInformationPolicy": ["LSA_HANDLE PolicyHandle", "POLICY_DOMAIN_INFORMATION_CLASS InformationClass", "PVOID Buffer"], "LsaGetUserName": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpAccountName", "opt_PSID Sid", "LPDWORD cbSid", "opt_LPTSTR ReferencedDomainName", "LPDWORD cchReferencedDomainName", "PSID_NAME_USE peUse"], "InstallApplication": [], "RegEnumValueA": ["HKEY hKey", "DWORD dwIndex", "LPTSTR lpValueName", "LPDWORD lpcchValueName", "LPDWORD lpReserved", "opt_LPDWORD lpType", "opt_LPBYTE lpData", "opt_LPDWORD lpcbData"], "DuplicateEncryptionInfoFile": ["LPCTSTR SrcFileName", "LPCTSTR DstFileName", "DWORD dwCreationDistribution", "DWORD dwAttributes", "opt_const LPSECURITY_ATTRIBUTES lpSecurityAttributes"], "CreateTraceInstanceId": ["HANDLE RegHandle", "PEVENT_INSTANCE_INFO pInstInfo"], "RegOpenCurrentUser": ["REGSAM samDesired", "PHKEY phkResult"], "DestroyPrivateObjectSecurity": [], "ImpersonateAnonymousToken": ["HANDLE ThreadHandle"], "GetExplicitEntriesFromAclW": ["PACL pacl", "PULONG pcCountOfExplicitEntries"], "LsaEnumerateAccounts": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING UserRights", "PULONG CountReturned"], "LsaSetTrustedDomainInformation": ["LSA_HANDLE PolicyHandle", "PSID TrustedDomainSid", "TRUSTED_INFORMATION_CLASS InformationClass", "PVOID Buffer"], "ControlService": ["SC_HANDLE hService", "DWORD dwControl", "LPSERVICE_STATUS lpServiceStatus"], "RegDeleteKeyW": ["HKEY hKey", "LPCTSTR lpSubKey"], "CryptHashData": ["HCRYPTHASH hHash", "DWORD dwDataLen", "DWORD dwFlags"], "BuildTrusteeWithObjectsAndSidW": ["PTRUSTEE pTrustee", "opt_POBJECTS_AND_SID pObjSid", "opt_PSID pSid"], "TreeSetNamedSecurityInfoA": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID pOwner", "opt_PSID pGroup", "opt_PACL pDacl", "opt_PACL pSacl", "DWORD dwAction", "FN_PROGRESS fnProgress", "PROG_INVOKE_SETTING ProgressInvokeSetting", "opt_PVOID Args"], "OpenSCManagerA": ["opt_LPCTSTR lpMachineName", "opt_LPCTSTR lpDatabaseName", "DWORD dwDesiredAccess"], "RegOpenKeyA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "PHKEY phkResult"], "CryptGetKeyParam": ["HCRYPTKEY hKey", "DWORD dwParam", "DWORD dwFlags"], "LookupPrivilegeDisplayNameW": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpName", "opt_LPTSTR lpDisplayName", "LPDWORD cchDisplayName", "LPDWORD lpLanguageId"], "RegSetValueExA": ["HKEY hKey", "opt_LPCTSTR lpValueName", "DWORD Reserved", "DWORD dwType", "const BYTE *lpData", "DWORD cbData"], "AuditLookupCategoryNameA": ["const GUID *pAuditCategoryGuid"], "LookupPrivilegeDisplayNameA": ["opt_LPCTSTR lpSystemName", "LPCTSTR lpName", "opt_LPTSTR lpDisplayName", "LPDWORD cchDisplayName", "LPDWORD lpLanguageId"], "RegOpenKeyW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "PHKEY phkResult"], "AuditLookupCategoryNameW": ["const GUID *pAuditCategoryGuid"], "EncryptFileA": ["LPCTSTR lpFileName"], "EnumServicesStatusExW": ["SC_HANDLE hSCManager", "SC_ENUM_TYPE InfoLevel", "DWORD dwServiceType", "DWORD dwServiceState", "opt_LPBYTE lpServices", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded", "LPDWORD lpServicesReturned", "opt_LPDWORD lpResumeHandle", "opt_LPCTSTR pszGroupName"], "EncryptFileW": ["LPCTSTR lpFileName"], "InitializeSid": ["PSID Sid", "PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority", "BYTE nSubAuthorityCount"], "EnumServicesStatusExA": ["SC_HANDLE hSCManager", "SC_ENUM_TYPE InfoLevel", "DWORD dwServiceType", "DWORD dwServiceState", "opt_LPBYTE lpServices", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded", "LPDWORD lpServicesReturned", "opt_LPDWORD lpResumeHandle", "opt_LPCTSTR pszGroupName"], "TraceSetInformation": ["TRACEHANDLE SessionHandle", "TRACE_INFO_CLASS InformationClass", "PVOID TraceInformation", "ULONG InformationLength"], "QueryServiceLockStatusA": ["SC_HANDLE hSCManager", "opt_LPQUERY_SERVICE_LOCK_STATUS lpLockStatus", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded"], "CryptSetKeyParam": ["HCRYPTKEY hKey", "DWORD dwParam", "const BYTE *pbData", "DWORD dwFlags"], "CredFree": ["PVOID Buffer"], "ReportEventW": ["HANDLE hEventLog", "WORD wType", "WORD wCategory", "DWORD dwEventID", "PSID lpUserSid", "WORD wNumStrings", "DWORD dwDataSize", "LPVOID lpRawData"], "InitiateSystemShutdownExW": ["opt_LPTSTR lpMachineName", "opt_LPTSTR lpMessage", "DWORD dwTimeout", "BOOL bForceAppsClosed", "BOOL bRebootAfterShutdown", "DWORD dwReason"], "PerfOpenQueryHandle": ["opt_LPCWSTR szMachine", "HANDLE hQuery"], "IsWellKnownSid": ["PSID pSid", "WELL_KNOWN_SID_TYPE WellKnownSidType"], "InitiateSystemShutdownExA": ["opt_LPTSTR lpMachineName", "opt_LPTSTR lpMessage", "DWORD dwTimeout", "BOOL bForceAppsClosed", "BOOL bRebootAfterShutdown", "DWORD dwReason"], "ReportEventA": ["HANDLE hEventLog", "WORD wType", "WORD wCategory", "DWORD dwEventID", "PSID lpUserSid", "WORD wNumStrings", "DWORD dwDataSize", "LPVOID lpRawData"], "SetSecurityDescriptorGroup": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID pGroup", "BOOL bGroupDefaulted"], "RegOpenKeyTransactedA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD ulOptions", "REGSAM samDesired", "PHKEY phkResult", "HANDLE hTransaction", "PVOID pExtendedParameter"], "TreeResetNamedSecurityInfoW": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID pOwner", "opt_PSID pGroup", "opt_PACL pDacl", "opt_PACL pSacl", "BOOL KeepExplicit", "opt_FN_PROGRESS fnProgress", "PROG_INVOKE_SETTING ProgressInvokeSetting", "opt_PVOID Args"], "RegOpenKeyTransactedW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "DWORD ulOptions", "REGSAM samDesired", "PHKEY phkResult", "HANDLE hTransaction", "PVOID pExtendedParameter"], "EventWriteEx": ["REGHANDLE RegHandle", "PCEVENT_DESCRIPTOR EventDescriptor", "ULONG64 Filter", "ULONG Flags", "opt_LPCGUID ActivityId", "opt_LPCGUID RelatedActivityId", "ULONG UserDataCount", "opt_PEVENT_DATA_DESCRIPTOR UserData"], "InitializeAcl": ["PACL pAcl", "DWORD nAclLength", "DWORD dwAclRevision"], "RegQueryReflectionKey": ["HKEY hBase"], "UpdateTraceA": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "TreeResetNamedSecurityInfoA": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "opt_PSID pOwner", "opt_PSID pGroup", "opt_PACL pDacl", "opt_PACL pSacl", "BOOL KeepExplicit", "opt_FN_PROGRESS fnProgress", "PROG_INVOKE_SETTING ProgressInvokeSetting", "opt_PVOID Args"], "GetSidSubAuthorityCount": ["PSID pSid"], "RegFlushKey": ["HKEY hKey"], "AddAuditAccessObjectAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD AccessMask", "PSID pSid", "BOOL bAuditSuccess", "BOOL bAuditFailure"], "ControlServiceExW": ["SC_HANDLE hService", "DWORD dwControl", "DWORD dwInfoLevel", "PVOID pControlParams"], "PerfStartProvider": ["LPGUID ProviderGuid", "opt_PERFLIBREQUEST ControlCallback"], "ControlServiceExA": ["SC_HANDLE hService", "DWORD dwControl", "DWORD dwInfoLevel", "PVOID pControlParams"], "GetTokenInformation": ["HANDLE TokenHandle", "TOKEN_INFORMATION_CLASS TokenInformationClass", "opt_LPVOID TokenInformation", "DWORD TokenInformationLength", "PDWORD ReturnLength"], "SetServiceBits": ["SERVICE_STATUS_HANDLE hServiceStatus", "DWORD dwServiceBits", "BOOL bSetBitsOn", "BOOL bUpdateImmediately"], "SaferCloseLevel": ["SAFER_LEVEL_HANDLE hLevelHandle"], "PerfStopProvider": ["HANDLE hProvider"], "OpenThreadToken": ["HANDLE ThreadHandle", "DWORD DesiredAccess", "BOOL OpenAsSelf", "PHANDLE TokenHandle"], "GetSecurityDescriptorSacl": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "LPBOOL lpbSaclPresent", "LPBOOL lpbSaclDefaulted"], "IsValidAcl": ["PACL pAcl"], "SetKernelObjectSecurity": ["HANDLE Handle", "SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR SecurityDescriptor"], "SetSecurityDescriptorOwner": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "opt_PSID pOwner", "BOOL bOwnerDefaulted"], "GetNumberOfEventLogRecords": ["HANDLE hEventLog", "PDWORD NumberOfRecords"], "EventWrite": ["REGHANDLE RegHandle", "PCEVENT_DESCRIPTOR EventDescriptor", "ULONG UserDataCount", "opt_PEVENT_DATA_DESCRIPTOR UserData"], "AuditSetSecurity": ["SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR pSecurityDescriptor"], "RegisterTraceGuidsA": ["WMIDPREQUEST RequestAddress", "PVOID RequestContext", "LPCGUID ControlGuid", "ULONG GuidCount", "PTRACE_GUID_REGISTRATION TraceGuidReg", "LPCTSTR MofImagePath", "LPCTSTR MofResourceName", "PTRACEHANDLE RegistrationHandle"], "RegOverridePredefKey": ["HKEY hKey", "opt_HKEY hNewHKey"], "PerfSetULongCounterValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "ULONG lValue"], "RegisterTraceGuidsW": ["WMIDPREQUEST RequestAddress", "PVOID RequestContext", "LPCGUID ControlGuid", "ULONG GuidCount", "PTRACE_GUID_REGISTRATION TraceGuidReg", "LPCTSTR MofImagePath", "LPCTSTR MofResourceName", "PTRACEHANDLE RegistrationHandle"], "RegRenameKey": ["HANDLE KeyHandle", "PUNICODE_STRING NewName"], "StopTraceA": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "GetFileSecurityW": ["LPCTSTR lpFileName", "SECURITY_INFORMATION RequestedInformation", "opt_PSECURITY_DESCRIPTOR pSecurityDescriptor", "DWORD nLength", "LPDWORD lpnLengthNeeded"], "CredFindBestCredentialA": ["LPCTSTR TargetName", "DWORD Type", "DWORD Flags"], "AddConditionalAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "UCHAR AceType", "DWORD AccessMask", "PSID pSid", "PWCHAR ConditionStr"], "CredFindBestCredentialW": ["LPCTSTR TargetName", "DWORD Type", "DWORD Flags"], "RegGetKeySecurity": ["HKEY hKey", "SECURITY_INFORMATION SecurityInformation", "opt_PSECURITY_DESCRIPTOR pSecurityDescriptor", "LPDWORD lpcbSecurityDescriptor"], "NotifyBootConfigStatus": ["BOOL BootAcceptable"], "CryptVerifySignatureW": ["HCRYPTHASH hHash", "DWORD dwSigLen", "HCRYPTKEY hPubKey", "LPCTSTR sDescription", "DWORD dwFlags"], "BuildExplicitAccessWithNameA": ["PEXPLICIT_ACCESS pExplicitAccess", "opt_LPTSTR pTrusteeName", "DWORD AccessPermissions", "ACCESS_MODE AccessMode", "DWORD Inheritance"], "AccessCheckAndAuditAlarmW": ["LPCTSTR SubsystemName", "opt_LPVOID HandleId", "LPTSTR ObjectTypeName", "opt_LPTSTR ObjectName", "PSECURITY_DESCRIPTOR SecurityDescriptor", "DWORD DesiredAccess", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPBOOL AccessStatus", "LPBOOL pfGenerateOnClose"], "ObjectPrivilegeAuditAlarmW": ["LPCTSTR SubsystemName", "LPVOID HandleId", "HANDLE ClientToken", "DWORD DesiredAccess", "PPRIVILEGE_SET Privileges", "BOOL AccessGranted"], "BuildExplicitAccessWithNameW": ["PEXPLICIT_ACCESS pExplicitAccess", "opt_LPTSTR pTrusteeName", "DWORD AccessPermissions", "ACCESS_MODE AccessMode", "DWORD Inheritance"], "CryptVerifySignatureA": ["HCRYPTHASH hHash", "DWORD dwSigLen", "HCRYPTKEY hPubKey", "LPCTSTR sDescription", "DWORD dwFlags"], "CreateProcessWithTokenW": ["HANDLE hToken", "DWORD dwLogonFlags", "opt_LPCWSTR lpApplicationName", "opt_LPWSTR lpCommandLine", "DWORD dwCreationFlags", "opt_LPVOID lpEnvironment", "opt_LPCWSTR lpCurrentDirectory", "LPSTARTUPINFOW lpStartupInfo", "LPPROCESS_INFORMATION lpProcessInfo"], "ObjectPrivilegeAuditAlarmA": ["LPCTSTR SubsystemName", "LPVOID HandleId", "HANDLE ClientToken", "DWORD DesiredAccess", "PPRIVILEGE_SET Privileges", "BOOL AccessGranted"], "AccessCheckAndAuditAlarmA": ["LPCTSTR SubsystemName", "opt_LPVOID HandleId", "LPTSTR ObjectTypeName", "opt_LPTSTR ObjectName", "PSECURITY_DESCRIPTOR SecurityDescriptor", "DWORD DesiredAccess", "PGENERIC_MAPPING GenericMapping", "BOOL ObjectCreation", "LPDWORD GrantedAccess", "LPBOOL AccessStatus", "LPBOOL pfGenerateOnClose"], "LogonUserExA": ["LPTSTR lpszUsername", "opt_LPTSTR lpszDomain", "opt_LPTSTR lpszPassword", "DWORD dwLogonType", "DWORD dwLogonProvider", "PHANDLE phToken"], "ReadEventLogA": ["HANDLE hEventLog", "DWORD dwReadFlags", "DWORD dwRecordOffset", "LPVOID lpBuffer", "DWORD nNumberOfBytesToRead"], "GetEffectiveRightsFromAclA": ["PACL pacl", "PTRUSTEE pTrustee", "PACCESS_MASK pAccessRights"], "CheckTokenMembership": ["opt_HANDLE TokenHandle", "PSID SidToCheck", "PBOOL IsMember"], "SystemFunction040": ["PVOID Memory", "ULONG MemoryLength", "ULONG OptionFlags"], "SystemFunction041": ["PVOID Memory", "ULONG MemoryLength", "ULONG OptionFlags"], "NotifyServiceStatusChange": ["SC_HANDLE hService", "DWORD dwNotifyMask", "PSERVICE_NOTIFY pNotifyBuffer"], "ReadEventLogW": ["HANDLE hEventLog", "DWORD dwReadFlags", "DWORD dwRecordOffset", "LPVOID lpBuffer", "DWORD nNumberOfBytesToRead"], "LogonUserExW": ["LPTSTR lpszUsername", "opt_LPTSTR lpszDomain", "opt_LPTSTR lpszPassword", "DWORD dwLogonType", "DWORD dwLogonProvider", "opt_PHANDLE phToken", "opt_LPDWORD pdwProfileLength", "opt_PQUOTA_LIMITS pQuotaLimits"], "GetWindowsAccountDomainSid": ["PSID pSid", "opt_PSID ppDomainSid"], "GetEffectiveRightsFromAclW": ["PACL pacl", "PTRUSTEE pTrustee", "PACCESS_MASK pAccessRights"], "AddAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD dwStartingAceIndex", "LPVOID pAceList", "DWORD nAceListLength"], "LookupAccountSidW": ["opt_LPCTSTR lpSystemName", "PSID lpSid", "opt_LPTSTR lpName", "LPDWORD cchName", "opt_LPTSTR lpReferencedDomainName", "LPDWORD cchReferencedDomainName", "PSID_NAME_USE peUse"], "DecryptFileA": ["LPCTSTR lpFileName", "DWORD dwReserved"], "RegDeleteTreeW": ["HKEY hKey", "opt_LPCTSTR lpSubKey"], "AccessCheck": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "HANDLE ClientToken", "DWORD DesiredAccess", "PGENERIC_MAPPING GenericMapping", "opt_PPRIVILEGE_SET PrivilegeSet", "LPDWORD PrivilegeSetLength", "LPDWORD GrantedAccess", "LPBOOL AccessStatus"], "SaferSetLevelInformation": ["SAFER_LEVEL_HANDLE LevelHandle", "SAFER_OBJECT_INFO_CLASS dwInfoType", "LPVOID lpQueryBuffer", "DWORD dwInBufferSize"], "LsaLookupSids": ["LSA_HANDLE PolicyHandle", "ULONG Count"], "LsaEnumerateTrustedDomains": ["LSA_HANDLE PolicyHandle", "PLSA_ENUMERATION_HANDLE EnumerationContext", "ULONG PreferedMaximumLength", "PULONG CountReturned"], "LookupAccountSidA": ["opt_LPCTSTR lpSystemName", "PSID lpSid", "opt_LPTSTR lpName", "LPDWORD cchName", "opt_LPTSTR lpReferencedDomainName", "LPDWORD cchReferencedDomainName", "PSID_NAME_USE peUse"], "RegDeleteTreeA": ["HKEY hKey", "opt_LPCTSTR lpSubKey"], "DecryptFileW": ["LPCTSTR lpFileName", "DWORD dwReserved"], "SetFileSecurityA": ["LPCTSTR lpFileName", "SECURITY_INFORMATION SecurityInformation", "PSECURITY_DESCRIPTOR pSecurityDescriptor"], "CryptCreateHash": ["HCRYPTPROV hProv", "ALG_ID Algid", "HCRYPTKEY hKey", "DWORD dwFlags"], "CryptDeriveKey": ["HCRYPTPROV hProv", "ALG_ID Algid", "HCRYPTHASH hBaseData", "DWORD dwFlags"], "AuditQueryPerUserPolicy": ["const PSID pSid", "const GUID *pSubCategoryGuids", "ULONG PolicyCount"], "CreateServiceA": ["SC_HANDLE hSCManager", "LPCTSTR lpServiceName", "opt_LPCTSTR lpDisplayName", "DWORD dwDesiredAccess", "DWORD dwServiceType", "DWORD dwStartType", "DWORD dwErrorControl", "opt_LPCTSTR lpBinaryPathName", "opt_LPCTSTR lpLoadOrderGroup", "opt_LPDWORD lpdwTagId", "opt_LPCTSTR lpDependencies", "opt_LPCTSTR lpServiceStartName", "opt_LPCTSTR lpPassword"], "CryptDuplicateHash": ["HCRYPTHASH hHash", "DWORD dwFlags"], "PerfCreateInstance": ["INSTANCE PerfCreateInstance", "HANDLE hProvider", "LPCGUID CounterSetGuid", "LPCWSTR szInstanceName", "ULONG dwInstance"], "LsaEnumeratePrivileges": ["LSA_HANDLE PolicyHandle", "PSID AccountSid", "PULONG CountOfRights"], "CreateServiceW": ["SC_HANDLE hSCManager", "LPCTSTR lpServiceName", "opt_LPCTSTR lpDisplayName", "DWORD dwDesiredAccess", "DWORD dwServiceType", "DWORD dwStartType", "DWORD dwErrorControl", "opt_LPCTSTR lpBinaryPathName", "opt_LPCTSTR lpLoadOrderGroup", "opt_LPDWORD lpdwTagId", "opt_LPCTSTR lpDependencies", "opt_LPCTSTR lpServiceStartName", "opt_LPCTSTR lpPassword"], "EnableTrace": ["ULONG Enable", "ULONG EnableFlag", "ULONG EnableLevel", "LPCGUID ControlGuid", "TRACEHANDLE SessionHandle"], "BuildTrusteeWithNameW": ["PTRUSTEE pTrustee", "opt_LPTSTR pName"], "InitiateSystemShutdownA": ["opt_LPTSTR lpMachineName", "opt_LPTSTR lpMessage", "DWORD dwTimeout", "BOOL bForceAppsClosed", "BOOL bRebootAfterShutdown"], "CryptAcquireContextA": ["LPCTSTR pszContainer", "LPCTSTR pszProvider", "DWORD dwProvType", "DWORD dwFlags"], "LsaManageSidNameMapping": ["LSA_SID_NAME_MAPPING_OPERATION_TYPE OpType", "PLSA_SID_NAME_MAPPING_OPERATION_INPUT OpInput"], "IsValidSid": ["PSID pSid"], "RegisterServiceCtrlHandlerW": ["HANDLE WINAPI", "LPCTSTR lpServiceName", "LPHANDLER_FUNCTION lpHandlerProc"], "AddAccessDeniedObjectAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD AceFlags", "DWORD AccessMask", "PSID pSid"], "LsaAddAccountRights": ["LSA_HANDLE PolicyHandle", "PSID AccountSid", "PLSA_UNICODE_STRING UserRights", "ULONG CountOfRights"], "InitiateSystemShutdownW": ["opt_LPTSTR lpMachineName", "opt_LPTSTR lpMessage", "DWORD dwTimeout", "BOOL bForceAppsClosed", "BOOL bRebootAfterShutdown"], "BuildTrusteeWithNameA": ["PTRUSTEE pTrustee", "opt_LPTSTR pName"], "AddAuditAccessAce": ["PACL pAcl", "DWORD dwAceRevision", "DWORD dwAccessMask", "PSID pSid", "BOOL bAuditSuccess", "BOOL bAuditFailure"], "CredWriteW": ["PCREDENTIAL Credential", "DWORD Flags"], "SaferCreateLevel": ["DWORD dwScopeId", "DWORD dwLevelId", "DWORD OpenFlags", "LPVOID lpReserved"], "RegisterServiceCtrlHandlerA": ["HANDLE WINAPI", "LPCTSTR lpServiceName", "LPHANDLER_FUNCTION lpHandlerProc"], "SetTraceCallback": ["LPCGUID pGuid", "PEVENT_CALLBACK EventCallback"], "PerfCloseQueryHandle": ["HANDLE hQuery"], "SaferComputeTokenFromLevel": ["SAFER_LEVEL_HANDLE LevelHandle", "opt_HANDLE InAccessToken", "PHANDLE OutAccessToken", "DWORD dwFlags", "opt_LPVOID lpReserved"], "CryptSetProviderExA": ["LPCTSTR pszProvName", "DWORD dwProvType", "DWORD dwFlags"], "CryptSignHashW": ["HCRYPTHASH hHash", "DWORD dwKeySpec", "LPCTSTR sDescription", "DWORD dwFlags"], "FreeSid": ["PSID pSid"], "GetSidLengthRequired": ["UCHAR nSubAuthorityCount"], "GetOldestEventLogRecord": ["HANDLE hEventLog", "PDWORD OldestRecord"], "LsaQuerySecurityObject": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING TrustedDomainName", "ACCESS_MASK DesiredAccess", "PLSA_HANDLE TrustedDomainHandle"], "SetUserFileEncryptionKey": ["PENCRYPTION_CERTIFICATE pEncryptionCertificate"], "PerfQueryInstance": ["INSTANCE PerfQueryInstance", "HANDLE hProvider", "LPCGUID CounterSetGuid", "LPCWSTR szInstance", "ULONG dwInstance"], "QueryRecoveryAgentsOnEncryptedFile": ["LPCWSTR lpFileName"], "CryptSignHashA": ["HCRYPTHASH hHash", "DWORD dwKeySpec", "LPCTSTR sDescription", "DWORD dwFlags"], "PerfIncrementULongLongCounterValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "ULONGLONG llValue"], "CredEnumerateW": ["LPCTSTR Filter", "DWORD Flags"], "WriteEncryptedFileRaw": ["PFE_IMPORT_FUNC pfImportCallback", "opt_PVOID pvCallbackContext", "PVOID pvContext"], "GetInheritanceSourceW": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "BOOL Container", "DWORD GuidCount", "PACL pAcl", "opt_PFN_OBJECT_MGR_FUNCTS pfnArray", "PGENERIC_MAPPING pGenericMapping", "PINHERITED_FROM pInheritArray"], "GetSecurityDescriptorControl": ["PSECURITY_DESCRIPTOR pSecurityDescriptor", "PSECURITY_DESCRIPTOR_CONTROL pControl", "LPDWORD lpdwRevision"], "FindFirstFreeAce": ["PACL pAcl"], "GetInheritanceSourceA": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo", "BOOL Container", "DWORD GuidCount", "PACL pAcl", "opt_PFN_OBJECT_MGR_FUNCTS pfnArray", "PGENERIC_MAPPING pGenericMapping", "PINHERITED_FROM pInheritArray"], "PerfDeleteCounters": ["HANDLE hQuery", "PPERF_COUNTER_IDENTIFIER pCounters"], "PerfSetULongLongCounterValue": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE pInstance", "ULONG CounterId", "ULONGLONG llValue"], "GetNamedSecurityInfoW": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo"], "RegReplaceKeyA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "LPCTSTR lpNewFile", "LPCTSTR lpOldFile"], "RegDisablePredefinedCache": [], "AuditEnumeratePerUserPolicy": [], "RegDeleteKeyValueA": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "opt_LPCTSTR lpValueName"], "RegGetValueW": ["HKEY hkey", "opt_LPCTSTR lpSubKey", "opt_LPCTSTR lpValue", "opt_DWORD dwFlags", "opt_LPDWORD pdwType", "opt_PVOID pvData", "opt_LPDWORD pcbData"], "RegEnumKeyW": ["HKEY hKey", "DWORD dwIndex", "LPTSTR lpName", "DWORD cchName"], "RegDeleteKeyTransactedA": ["HKEY hKey", "LPCTSTR lpSubKey", "REGSAM samDesired", "DWORD Reserved", "HANDLE hTransaction", "PVOID pExtendedParameter"], "RegDeleteKeyValueW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "opt_LPCTSTR lpValueName"], "LsaSetForestTrustInformation": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING TrustedDomainName", "PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo", "BOOLEAN CheckOnly"], "RegReplaceKeyW": ["HKEY hKey", "opt_LPCTSTR lpSubKey", "LPCTSTR lpNewFile", "LPCTSTR lpOldFile"], "GetNamedSecurityInfoA": ["LPTSTR pObjectName", "SE_OBJECT_TYPE ObjectType", "SECURITY_INFORMATION SecurityInfo"], "RegEnumKeyA": ["HKEY hKey", "DWORD dwIndex", "LPTSTR lpName", "DWORD cchName"], "UpdateTraceW": ["TRACEHANDLE SessionHandle", "LPCTSTR SessionName", "PEVENT_TRACE_PROPERTIES Properties"], "RegGetValueA": ["HKEY hkey", "opt_LPCTSTR lpSubKey", "opt_LPCTSTR lpValue", "opt_DWORD dwFlags", "opt_LPDWORD pdwType", "opt_PVOID pvData", "opt_LPDWORD pcbData"], "AllocateLocallyUniqueId": ["PLUID Luid"], "EnumerateTraceGuidsEx": ["TRACE_QUERY_INFO_CLASS TraceQueryInfoClass", "PVOID InBuffer", "ULONG InBufferSize", "PVOID OutBuffer", "ULONG OutBufferSize", "PULONG ReturnLength"], "LsaQueryTrustedDomainInfoByName": ["LSA_HANDLE PolicyHandle", "PLSA_UNICODE_STRING TrustedDomainName", "TRUSTED_INFORMATION_CLASS InformationClass"], "LookupPrivilegeNameW": ["opt_LPCTSTR lpSystemName", "PLUID lpLuid", "opt_LPTSTR lpName", "LPDWORD cchName"], "SetServiceStatus": ["SERVICE_STATUS_HANDLE hServiceStatus", "LPSERVICE_STATUS lpServiceStatus"], "OpenEncryptedFileRawA": ["LPCTSTR lpFileName", "ULONG ulFlags"], "GetTraceEnableLevel": ["TRACEHANDLE SessionHandle"], "GetLocalManagedApplications": ["BOOL bUserApps", "LPDWORD pdwApps"], "LookupPrivilegeNameA": ["opt_LPCTSTR lpSystemName", "PLUID lpLuid", "opt_LPTSTR lpName", "LPDWORD cchName"], "GetTraceEnableFlags": ["TRACEHANDLE SessionHandle"], "ImpersonateNamedPipeClient": ["HANDLE hNamedPipe"], "OpenEncryptedFileRawW": ["LPCTSTR lpFileName", "ULONG ulFlags"], "PerfDeleteInstance": ["HANDLE hProvider", "PPERF_COUNTERSET_INSTANCE InstanceBlock"], "ProcessTrace": ["PTRACEHANDLE HandleArray", "ULONG HandleCount", "LPFILETIME StartTime", "LPFILETIME EndTime"], "AuditComputeEffectivePolicyBySid": ["const PSID pSid", "const GUID *pSubCategoryGuids", "ULONG PolicyCount"], "EnumDependentServicesW": ["SC_HANDLE hService", "DWORD dwServiceState", "opt_LPENUM_SERVICE_STATUS lpServices", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded", "LPDWORD lpServicesReturned"], "CredIsMarshaledCredentialW": ["LPCTSTR MarshaledCredential"], "CredEnumerateA": ["LPCTSTR Filter", "DWORD Flags"], "CredIsMarshaledCredentialA": ["LPCTSTR MarshaledCredential"], "EnumDependentServicesA": ["SC_HANDLE hService", "DWORD dwServiceState", "opt_LPENUM_SERVICE_STATUS lpServices", "DWORD cbBufSize", "LPDWORD pcbBytesNeeded", "LPDWORD lpServicesReturned"]} 2 | --------------------------------------------------------------------------------