├── .gitignore ├── Scavenger ├── Scavenger Package │ ├── uninstall.bat │ ├── install.bat │ ├── Scavenger Package.vcxproj.user │ ├── Scavenger Package.vcxproj.filters │ └── Scavenger Package.vcxproj ├── Scavenger │ ├── stdafx.cpp │ ├── Scavenger.vcxproj.user │ ├── Scavenger.vcxproj.filters │ ├── Scavenger.rc │ ├── stdafx.h │ ├── Scavenger.inf │ ├── log.h │ ├── Scavenger.vcxproj │ ├── Scavenger.cpp │ ├── log.cpp │ └── resource.h ├── make_release_folder.bat ├── clean.bat ├── .clang-format └── Scavenger.sln ├── README.md └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | *.opensdf 2 | *.log 3 | *.sdf 4 | *.suo 5 | ipch 6 | Debug 7 | Release 8 | -------------------------------------------------------------------------------- /Scavenger/Scavenger Package/uninstall.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 %~dp0Scavenger.inf 3 | pause 4 | -------------------------------------------------------------------------------- /Scavenger/Scavenger Package/install.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 %~dp0Scavenger.inf 3 | sc start Scavenger 4 | pause 5 | -------------------------------------------------------------------------------- /Scavenger/Scavenger Package/Scavenger Package.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, tandasat. All rights reserved. 2 | // Use of this source code is governed by a MIT-style license that can be 3 | // found in the LICENSE file. 4 | 5 | // stdafx.cpp : source file that includes just the standard includes 6 | // meow.pch will be the pre-compiled header 7 | // stdafx.obj will contain the pre-compiled type information 8 | 9 | #include "stdafx.h" 10 | -------------------------------------------------------------------------------- /Scavenger/make_release_folder.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: Arrange the x86 folder 3 | rmdir /s /q _x86 4 | mkdir _x86 5 | move "Win7Release\Scavenger Package" _x86\Win7Release 6 | move "Win8.1Release\Scavenger Package" _x86\Win8.1Release 7 | 8 | :: Arrange the x64 folder 9 | rmdir /s /q _x64 10 | mkdir _x64 11 | move "x64\Win7Release\Scavenger Package" _x64\Win7Release 12 | move "x64\Win8.1Release\Scavenger Package" _x64\Win8.1Release 13 | 14 | :: Arrange the bin_Scavenger folder 15 | rmdir /s /q bin_Scavenger 16 | mkdir bin_Scavenger 17 | move _x86 bin_Scavenger\x86 18 | move _x64 bin_Scavenger\x64 19 | pause 20 | -------------------------------------------------------------------------------- /Scavenger/Scavenger Package/Scavenger Package.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {8E41214B-6785-4CFE-B992-037D68949A14} 6 | inf;inv;inx;mof;mc; 7 | 8 | 9 | 10 | 11 | Driver Files 12 | 13 | 14 | Driver Files 15 | 16 | 17 | -------------------------------------------------------------------------------- /Scavenger/clean.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | del *.sdf *.sdf *.opensdf 3 | del /a:h *.suo 4 | rmdir /s /q .vs 5 | rmdir /s /q ipch 6 | rmdir /s /q Win7Debug 7 | rmdir /s /q Win7Release 8 | rmdir /s /q Win8.1Debug 9 | rmdir /s /q Win8.1Release 10 | rmdir /s /q x64 11 | rmdir /s /q Scavenger\Win7Debug 12 | rmdir /s /q Scavenger\Win7Release 13 | rmdir /s /q Scavenger\Win8.1Debug 14 | rmdir /s /q Scavenger\Win8.1Release 15 | rmdir /s /q Scavenger\x64 16 | rmdir /s /q "Scavenger Package\Win7Debug" 17 | rmdir /s /q "Scavenger Package\Win7Release" 18 | rmdir /s /q "Scavenger Package\Win8.1Debug" 19 | rmdir /s /q "Scavenger Package\Win8.1Release" 20 | rmdir /s /q "Scavenger Package\x64" 21 | rmdir /s /q bin_Scavenger 22 | del /s *.aps 23 | pause 24 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/Scavenger.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | TestSign 5 | 6 | 7 | TestSign 8 | 9 | 10 | TestSign 11 | 12 | 13 | TestSign 14 | 15 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/Scavenger.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {8E41214B-6785-4CFE-B992-037D68949A14} 18 | inf;inv;inx;mof;mc; 19 | 20 | 21 | 22 | 23 | Driver Files 24 | 25 | 26 | 27 | 28 | Resource Files 29 | 30 | 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | 43 | 44 | Header Files 45 | 46 | 47 | Header Files 48 | 49 | 50 | Header Files 51 | 52 | 53 | -------------------------------------------------------------------------------- /Scavenger/.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | # BasedOnStyle: Google 4 | AccessModifierOffset: -1 5 | AlignAfterOpenBracket: true 6 | AlignEscapedNewlinesLeft: true 7 | AlignOperands: true 8 | AlignTrailingComments: true 9 | AllowAllParametersOfDeclarationOnNextLine: true 10 | AllowShortBlocksOnASingleLine: false 11 | AllowShortCaseLabelsOnASingleLine: false 12 | AllowShortIfStatementsOnASingleLine: true 13 | AllowShortLoopsOnASingleLine: true 14 | AllowShortFunctionsOnASingleLine: All 15 | AlwaysBreakAfterDefinitionReturnType: false 16 | AlwaysBreakTemplateDeclarations: true 17 | AlwaysBreakBeforeMultilineStrings: true 18 | BreakBeforeBinaryOperators: None 19 | BreakBeforeTernaryOperators: true 20 | BreakConstructorInitializersBeforeComma: false 21 | BinPackParameters: true 22 | BinPackArguments: true 23 | ColumnLimit: 80 24 | ConstructorInitializerAllOnOneLineOrOnePerLine: true 25 | ConstructorInitializerIndentWidth: 4 26 | DerivePointerAlignment: true 27 | ExperimentalAutoDetectBinPacking: false 28 | IndentCaseLabels: true 29 | IndentWrappedFunctionNames: false 30 | IndentFunctionDeclarationAfterType: false 31 | MaxEmptyLinesToKeep: 1 32 | KeepEmptyLinesAtTheStartOfBlocks: false 33 | NamespaceIndentation: None 34 | ObjCBlockIndentWidth: 2 35 | ObjCSpaceAfterProperty: false 36 | ObjCSpaceBeforeProtocolList: false 37 | PenaltyBreakBeforeFirstCallParameter: 1 38 | PenaltyBreakComment: 300 39 | PenaltyBreakString: 1000 40 | PenaltyBreakFirstLessLess: 120 41 | PenaltyExcessCharacter: 1000000 42 | PenaltyReturnTypeOnItsOwnLine: 200 43 | PointerAlignment: Left 44 | SpacesBeforeTrailingComments: 2 45 | Cpp11BracedListStyle: true 46 | Standard: Auto 47 | IndentWidth: 2 48 | TabWidth: 8 49 | UseTab: Never 50 | BreakBeforeBraces: Attach 51 | SpacesInParentheses: false 52 | SpacesInSquareBrackets: false 53 | SpacesInAngles: false 54 | SpaceInEmptyParentheses: false 55 | SpacesInCStyleCastParentheses: false 56 | SpaceAfterCStyleCast: false 57 | SpacesInContainerLiterals: true 58 | SpaceBeforeAssignmentOperators: true 59 | ContinuationIndentWidth: 4 60 | CommentPragmas: '^ IWYU pragma:' 61 | ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ] 62 | SpaceBeforeParens: ControlStatements 63 | DisableFormat: false 64 | ... 65 | 66 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/Scavenger.rc: -------------------------------------------------------------------------------- 1 | // Microsoft Visual C++ generated resource script. 2 | // 3 | #include "resource.h" 4 | ///////////////////////////////////////////////////////////////////////////// 5 | // English (Canada) resources 6 | 7 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENC) 8 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_CAN 9 | #pragma code_page(1252) 10 | 11 | ///////////////////////////////////////////////////////////////////////////// 12 | // 13 | // Version 14 | // 15 | 16 | VS_VERSION_INFO VERSIONINFO 17 | FILEVERSION 1,3,0,0 18 | PRODUCTVERSION 1,3,0,0 19 | FILEFLAGSMASK 0x3fL 20 | #ifdef _DEBUG 21 | FILEFLAGS 0x1L 22 | #else 23 | FILEFLAGS 0x0L 24 | #endif 25 | FILEOS 0x40004L 26 | FILETYPE 0x3L 27 | FILESUBTYPE 0x7L 28 | BEGIN 29 | BLOCK "StringFileInfo" 30 | BEGIN 31 | BLOCK "040904b0" 32 | BEGIN 33 | VALUE "CompanyName", "Satoshi Tanda" 34 | VALUE "FileDescription", "Scavenger Filter Driver" 35 | VALUE "FileVersion", "1.3.0.0" 36 | VALUE "InternalName", "Scavenger.sys" 37 | VALUE "OriginalFilename", "Scavenger.sys" 38 | VALUE "ProductName", "Scavenger" 39 | VALUE "ProductVersion", "1.3.0.0" 40 | END 41 | END 42 | BLOCK "VarFileInfo" 43 | BEGIN 44 | VALUE "Translation", 0x409, 1200 45 | END 46 | END 47 | 48 | 49 | #ifdef APSTUDIO_INVOKED 50 | ///////////////////////////////////////////////////////////////////////////// 51 | // 52 | // TEXTINCLUDE 53 | // 54 | 55 | 1 TEXTINCLUDE 56 | BEGIN 57 | "resource.h\0" 58 | END 59 | 60 | 2 TEXTINCLUDE 61 | BEGIN 62 | "\0" 63 | END 64 | 65 | 3 TEXTINCLUDE 66 | BEGIN 67 | "\r\n" 68 | "\0" 69 | END 70 | 71 | #endif // APSTUDIO_INVOKED 72 | 73 | #endif // English (Canada) resources 74 | ///////////////////////////////////////////////////////////////////////////// 75 | 76 | 77 | 78 | #ifndef APSTUDIO_INVOKED 79 | ///////////////////////////////////////////////////////////////////////////// 80 | // 81 | // Generated from the TEXTINCLUDE 3 resource. 82 | // 83 | 84 | 85 | ///////////////////////////////////////////////////////////////////////////// 86 | #endif // not APSTUDIO_INVOKED 87 | 88 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Scavenger 2 | ========== 3 | 4 | It copies all files that were modified and some files that are being deleted to 5 | a C:\Windows\Scavenger\ directory. 6 | 7 | * IMPORTANT 8 | 9 | It was initially developed to familiarize myself with a mini-filter driver and 10 | unlikely to have any notable advantages over using other open source tools 11 | such as [Cockoo Sandbox](http://cuckoo.readthedocs.org/en/latest/) 12 | or [Capture-BAT](https://www.honeynet.org/node/315). 13 | 14 | It is also rather incomplete as it does not handle FILE_DELETE_ON_CLOSE 15 | events. For more comprehensive code, refer to the 16 | [Delete File System Minifilter Driver](https://code.msdn.microsoft.com/windowshardware/Delete-File-System-b904651d) sample. 17 | 18 | 19 | Installation and Uninstallation 20 | -------------------------------- 21 | 22 | Get an archive file for compiled files form this link: 23 | 24 | https://github.com/tandasat/Scavenger/releases/latest 25 | 26 | Then: 27 | 1. Extract the zip file and deploy appropriate version of files onto a target 28 | system. 29 | 2. On the target system, execute install.bat with the administrator privilege. 30 | 31 | On the x64 bit platform, you have to enable test signing to install the driver. 32 | To do that, open the command prompt with the administrator privilege and type 33 | the following command, and then reboot the system to activate the change. 34 | 35 | >bcdedit /set {current} testsigning on 36 | 37 | To uninstall the program, execute uninstall.bat with the administrator privilege. 38 | 39 | Alternatively, you can use a [DrvLoader](https://github.com/tandasat/DrvLoader) 40 | with a -F option on command prompt with the administrator privilege. 41 | 42 | 43 | Usage 44 | ------ 45 | 46 | Once you have installed it, you should see output logs on DebugView and saved 47 | files under the C:\Windows\Scavenger\ directory. 48 | 49 | 50 | Caveats 51 | -------- 52 | 53 | - It does not handle: 54 | - a file whose size is zero or larger than 4GB, or 55 | - any of operations done by a system thread. 56 | 57 | 58 | Supported Platforms 59 | -------------------- 60 | - Windows 7 SP1 and 8.1 (x86/x64) 61 | 62 | 63 | License 64 | -------- 65 | This software is released under the MIT License, see LICENSE. 66 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/stdafx.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, tandasat. All rights reserved. 2 | // Use of this source code is governed by a MIT-style license that can be 3 | // found in the LICENSE file. 4 | 5 | // 6 | // stdafx.h : include file for standard system include files, 7 | // or project specific include files that are used frequently, but 8 | // are changed infrequently 9 | // 10 | 11 | #pragma once 12 | 13 | extern "C" { 14 | #pragma warning(push, 0) 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #define NTSTRSAFE_NO_CB_FUNCTIONS 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #pragma warning(pop) 31 | } 32 | 33 | //////////////////////////////////////////////////////////////////////////////// 34 | // 35 | // macro utilities 36 | // 37 | 38 | // Specifies where the code should be located 39 | #ifdef ALLOC_PRAGMA 40 | #define ALLOC_TEXT(Section, Name) __pragma(alloc_text(Section, Name)) 41 | #else 42 | #define ALLOC_TEXT(Section, Name) 43 | #endif 44 | 45 | // Break point that works only when a debugger is enabled 46 | #ifndef DBG_BREAK 47 | #ifdef _ARM_ 48 | // Nullify it since an ARM device never allow us to attach a debugger. 49 | #define DBG_BREAK() 50 | #else // _ARM_ 51 | #define DBG_BREAK() \ 52 | if (KD_DEBUGGER_ENABLED) { \ 53 | __debugbreak(); \ 54 | } else { \ 55 | } \ 56 | reinterpret_cast(0) 57 | #endif // _ARM_ 58 | #endif // DBG_BREAK 59 | 60 | 61 | //////////////////////////////////////////////////////////////////////////////// 62 | // 63 | // constants and macros 64 | // 65 | 66 | static const ULONG SCVN_POOL_TAG_NAME = 'nvcs'; 67 | 68 | //////////////////////////////////////////////////////////////////////////////// 69 | // 70 | // types 71 | // 72 | 73 | //////////////////////////////////////////////////////////////////////////////// 74 | // 75 | // prototypes 76 | // 77 | 78 | //////////////////////////////////////////////////////////////////////////////// 79 | // 80 | // variables 81 | // 82 | 83 | //////////////////////////////////////////////////////////////////////////////// 84 | // 85 | // implementations 86 | // 87 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/Scavenger.inf: -------------------------------------------------------------------------------- 1 | ;;; 2 | ;;; Scavenger 3 | ;;; 4 | 5 | [Version] 6 | Signature = "$Windows NT$" 7 | Class = "ActivityMonitor" ;This is determined by the work this filter driver does 8 | ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Load Order Group value 9 | Provider = %ManufacturerName% 10 | DriverVer = 11 | CatalogFile = Scavenger.cat 12 | 13 | [DestinationDirs] 14 | DefaultDestDir = 12 15 | MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers 16 | 17 | ;; 18 | ;; Default install sections 19 | ;; 20 | 21 | [DefaultInstall] 22 | OptionDesc = %ServiceDescription% 23 | CopyFiles = MiniFilter.DriverFiles 24 | 25 | [DefaultInstall.Services] 26 | AddService = %ServiceName%,,MiniFilter.Service 27 | 28 | ;; 29 | ;; Default uninstall sections 30 | ;; 31 | 32 | [DefaultUninstall] 33 | DelFiles = MiniFilter.DriverFiles 34 | 35 | [DefaultUninstall.Services] 36 | DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting 37 | 38 | ; 39 | ; Services Section 40 | ; 41 | 42 | [MiniFilter.Service] 43 | DisplayName = %ServiceName% 44 | Description = %ServiceDescription% 45 | ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\ 46 | Dependencies = "FltMgr" 47 | ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER 48 | StartType = 3 ;SERVICE_DEMAND_START 49 | ErrorControl = 1 ;SERVICE_ERROR_NORMAL 50 | LoadOrderGroup = "FSFilter Activity Monitor" 51 | AddReg = MiniFilter.AddRegistry 52 | 53 | ; 54 | ; Registry Modifications 55 | ; 56 | 57 | [MiniFilter.AddRegistry] 58 | HKR,,"DebugFlags",0x00010001 ,0x0 59 | HKR,,"SupportedFeatures",0x00010001,0x3 60 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance% 61 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude% 62 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags% 63 | 64 | ; 65 | ; Copy Files 66 | ; 67 | 68 | [MiniFilter.DriverFiles] 69 | %DriverName%.sys 70 | 71 | [SourceDisksFiles] 72 | Scavenger.sys = 1,, 73 | 74 | [SourceDisksNames] 75 | 1 = %DiskId1%,,, 76 | 77 | ;; 78 | ;; String Section 79 | ;; 80 | 81 | [Strings] 82 | ManufacturerName = "Satoshi Tanda" 83 | ServiceDescription = "Scavenger Mini-Filter Driver" 84 | ServiceName = "Scavenger" 85 | DriverName = "Scavenger" 86 | DiskId1 = "Scavenger Device Installation Disk" 87 | 88 | ;Instances specific information. 89 | DefaultInstance = "Scavenger Instance" 90 | Instance1.Name = "Scavenger Instance" 91 | Instance1.Altitude = "370030" 92 | Instance1.Flags = 0x0 ; Allow all attachments 93 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/log.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, tandasat. All rights reserved. 2 | // Use of this source code is governed by a MIT-style license that can be 3 | // found in the LICENSE file. 4 | 5 | // 6 | // This module declares interfaces to logging functions. 7 | // 8 | #pragma once 9 | 10 | //////////////////////////////////////////////////////////////////////////////// 11 | // 12 | // macro utilities 13 | // 14 | 15 | // 16 | // Does log with respective severities. Here are some ideas to decide which 17 | // level is appropriate: 18 | // DEBUG: For developers. 19 | // INFO: For all. 20 | // WARN: For all. It may require some attention but does not prevent the 21 | // program working properly. 22 | // ERROR: For all. It stops the program working properly. 23 | // 24 | #define LOG_DEBUG(format, ...) \ 25 | LogpPrint(LOGP_LEVEL_DEBUG, __FUNCTION__, (format), __VA_ARGS__) 26 | #define LOG_INFO(format, ...) \ 27 | LogpPrint(LOGP_LEVEL_INFO, __FUNCTION__, (format), __VA_ARGS__) 28 | #define LOG_WARN(format, ...) \ 29 | LogpPrint(LOGP_LEVEL_WARN, __FUNCTION__, (format), __VA_ARGS__) 30 | #define LOG_ERROR(format, ...) \ 31 | LogpPrint(LOGP_LEVEL_ERROR, __FUNCTION__, (format), __VA_ARGS__) 32 | 33 | // Buffers the log to buffer. It is recommended to use it when a status of 34 | // callee is no predictable in order to avoid bug checks. 35 | #define LOG_DEBUG_SAFE(format, ...) \ 36 | LogpPrint(LOGP_LEVEL_DEBUG | LOGP_LEVEL_OPT_SAFE, __FUNCTION__, (format), \ 37 | __VA_ARGS__) 38 | #define LOG_INFO_SAFE(format, ...) \ 39 | LogpPrint(LOGP_LEVEL_INFO | LOGP_LEVEL_OPT_SAFE, __FUNCTION__, (format), \ 40 | __VA_ARGS__) 41 | #define LOG_WARN_SAFE(format, ...) \ 42 | LogpPrint(LOGP_LEVEL_WARN | LOGP_LEVEL_OPT_SAFE, __FUNCTION__, (format), \ 43 | __VA_ARGS__) 44 | #define LOG_ERROR_SAFE(format, ...) \ 45 | LogpPrint(LOGP_LEVEL_ERROR | LOGP_LEVEL_OPT_SAFE, __FUNCTION__, (format), \ 46 | __VA_ARGS__) 47 | 48 | //////////////////////////////////////////////////////////////////////////////// 49 | // 50 | // constants and macros 51 | // 52 | 53 | // (internal) Save this log to buffer and not try to write to a log file. 54 | static const auto LOGP_LEVEL_OPT_SAFE = 0x1ul; 55 | 56 | // (internal) Log levels. 57 | static const auto LOGP_LEVEL_DEBUG = 0x10ul; 58 | static const auto LOGP_LEVEL_INFO = 0x20ul; 59 | static const auto LOGP_LEVEL_WARN = 0x40ul; 60 | static const auto LOGP_LEVEL_ERROR = 0x80ul; 61 | 62 | // For LogInitialization(). Specifies what level of verbosity is needed. 63 | static const auto LOG_PUT_LEVEL_DEBUG = 64 | LOGP_LEVEL_ERROR | LOGP_LEVEL_WARN | LOGP_LEVEL_INFO | LOGP_LEVEL_DEBUG; 65 | static const auto LOG_PUT_LEVEL_INFO = 66 | LOGP_LEVEL_ERROR | LOGP_LEVEL_WARN | LOGP_LEVEL_INFO; 67 | static const auto LOG_PUT_LEVEL_WARN = LOGP_LEVEL_ERROR | LOGP_LEVEL_WARN; 68 | static const auto LOG_PUT_LEVEL_ERROR = LOGP_LEVEL_ERROR; 69 | static const auto LOG_PUT_LEVEL_DISABLE = 0x00ul; 70 | 71 | // For LogInitialization(). Does not log a current time. 72 | static const auto LOG_OPT_DISABLE_TIME = 0x100ul; 73 | 74 | // For LogInitialization(). Does not log a current function name. 75 | static const auto LOG_OPT_DISABLE_FUNCTION_NAME = 0x200ul; 76 | 77 | //////////////////////////////////////////////////////////////////////////////// 78 | // 79 | // types 80 | // 81 | 82 | //////////////////////////////////////////////////////////////////////////////// 83 | // 84 | // prototypes 85 | // 86 | 87 | EXTERN_C NTSTATUS LogInitialization(_In_ ULONG Flag, 88 | _In_opt_ const wchar_t *FilePath, 89 | _In_opt_ PDEVICE_OBJECT DeviceObject); 90 | 91 | EXTERN_C void LogIrpShutdownHandler(); 92 | 93 | EXTERN_C void LogTermination(_In_opt_ PDEVICE_OBJECT DeviceObject); 94 | 95 | EXTERN_C NTSTATUS LogpPrint(_In_ ULONG Level, _In_ const char *FunctionName, 96 | _In_ const char *Format, ...); 97 | 98 | //////////////////////////////////////////////////////////////////////////////// 99 | // 100 | // variables 101 | // 102 | 103 | //////////////////////////////////////////////////////////////////////////////// 104 | // 105 | // implementations 106 | // 107 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 tandasat 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | ================================================================================ 24 | Portions of this software are Copyright (C) 2009-2014 Tsuda Kageyu. 25 | ================================================================================ 26 | MinHook - The Minimalistic API Hooking Library for x64/x86 27 | Copyright (C) 2009-2014 Tsuda Kageyu. 28 | All rights reserved. 29 | 30 | Redistribution and use in source and binary forms, with or without 31 | modification, are permitted provided that the following conditions 32 | are met: 33 | 34 | 1. Redistributions of source code must retain the above copyright 35 | notice, this list of conditions and the following disclaimer. 36 | 2. Redistributions in binary form must reproduce the above copyright 37 | notice, this list of conditions and the following disclaimer in the 38 | documentation and/or other materials provided with the distribution. 39 | 40 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 41 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 42 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 43 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 44 | OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 45 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 46 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 47 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 48 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 49 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 50 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 51 | 52 | ================================================================================ 53 | Portions of this software are Copyright (c) 2008-2009, Vyacheslav Patkov. 54 | ================================================================================ 55 | Hacker Disassembler Engine 32 C 56 | Copyright (c) 2008-2009, Vyacheslav Patkov. 57 | All rights reserved. 58 | 59 | Redistribution and use in source and binary forms, with or without 60 | modification, are permitted provided that the following conditions 61 | are met: 62 | 63 | 1. Redistributions of source code must retain the above copyright 64 | notice, this list of conditions and the following disclaimer. 65 | 2. Redistributions in binary form must reproduce the above copyright 66 | notice, this list of conditions and the following disclaimer in the 67 | documentation and/or other materials provided with the distribution. 68 | 69 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 70 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 71 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 72 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR 73 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 74 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 75 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 76 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 77 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 78 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 79 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 80 | 81 | ------------------------------------------------------------------------------- 82 | Hacker Disassembler Engine 64 C 83 | Copyright (c) 2008-2009, Vyacheslav Patkov. 84 | All rights reserved. 85 | 86 | Redistribution and use in source and binary forms, with or without 87 | modification, are permitted provided that the following conditions 88 | are met: 89 | 90 | 1. Redistributions of source code must retain the above copyright 91 | notice, this list of conditions and the following disclaimer. 92 | 2. Redistributions in binary form must reproduce the above copyright 93 | notice, this list of conditions and the following disclaimer in the 94 | documentation and/or other materials provided with the distribution. 95 | 96 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 97 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 98 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 99 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR 100 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 101 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 102 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 103 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 104 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 105 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 106 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 107 | 108 | -------------------------------------------------------------------------------- /Scavenger/Scavenger.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.31101.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Scavenger", "Scavenger\Scavenger.vcxproj", "{F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Scavenger Package", "Scavenger Package\Scavenger Package.vcxproj", "{3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}" 9 | ProjectSection(ProjectDependencies) = postProject 10 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7} = {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7} 11 | EndProjectSection 12 | EndProject 13 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{F7820F3B-D6ED-4FE3-AE5F-2DA97AD5ED09}" 14 | ProjectSection(SolutionItems) = preProject 15 | ..\.gitignore = ..\.gitignore 16 | ..\LICENSE = ..\LICENSE 17 | ..\README.md = ..\README.md 18 | EndProjectSection 19 | EndProject 20 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Scavenger", "Scavenger", "{66530357-07D0-46E4-B242-CB03162F0148}" 21 | ProjectSection(SolutionItems) = preProject 22 | .clang-format = .clang-format 23 | clean.bat = clean.bat 24 | make_release_folder.bat = make_release_folder.bat 25 | EndProjectSection 26 | EndProject 27 | Global 28 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 29 | Win7 Debug|Win32 = Win7 Debug|Win32 30 | Win7 Debug|x64 = Win7 Debug|x64 31 | Win7 Release|Win32 = Win7 Release|Win32 32 | Win7 Release|x64 = Win7 Release|x64 33 | Win8.1 Debug|Win32 = Win8.1 Debug|Win32 34 | Win8.1 Debug|x64 = Win8.1 Debug|x64 35 | Win8.1 Release|Win32 = Win8.1 Release|Win32 36 | Win8.1 Release|x64 = Win8.1 Release|x64 37 | EndGlobalSection 38 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 39 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Debug|Win32.ActiveCfg = Win7 Debug|Win32 40 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Debug|Win32.Build.0 = Win7 Debug|Win32 41 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Debug|Win32.Deploy.0 = Win7 Debug|Win32 42 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Debug|x64.ActiveCfg = Win7 Debug|x64 43 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Debug|x64.Build.0 = Win7 Debug|x64 44 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Debug|x64.Deploy.0 = Win7 Debug|x64 45 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Release|Win32.ActiveCfg = Win7 Release|Win32 46 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Release|Win32.Build.0 = Win7 Release|Win32 47 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Release|Win32.Deploy.0 = Win7 Release|Win32 48 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Release|x64.ActiveCfg = Win7 Release|x64 49 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Release|x64.Build.0 = Win7 Release|x64 50 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win7 Release|x64.Deploy.0 = Win7 Release|x64 51 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Debug|Win32.ActiveCfg = Win8.1 Debug|Win32 52 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Debug|Win32.Build.0 = Win8.1 Debug|Win32 53 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Debug|Win32.Deploy.0 = Win8.1 Debug|Win32 54 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Debug|x64.ActiveCfg = Win8.1 Debug|x64 55 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Debug|x64.Build.0 = Win8.1 Debug|x64 56 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Debug|x64.Deploy.0 = Win8.1 Debug|x64 57 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Release|Win32.ActiveCfg = Win8.1 Release|Win32 58 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Release|Win32.Build.0 = Win8.1 Release|Win32 59 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Release|Win32.Deploy.0 = Win8.1 Release|Win32 60 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Release|x64.ActiveCfg = Win8.1 Release|x64 61 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Release|x64.Build.0 = Win8.1 Release|x64 62 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7}.Win8.1 Release|x64.Deploy.0 = Win8.1 Release|x64 63 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Debug|Win32.ActiveCfg = Win7 Debug|Win32 64 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Debug|Win32.Build.0 = Win7 Debug|Win32 65 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Debug|Win32.Deploy.0 = Win7 Debug|Win32 66 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Debug|x64.ActiveCfg = Win7 Debug|x64 67 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Debug|x64.Build.0 = Win7 Debug|x64 68 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Debug|x64.Deploy.0 = Win7 Debug|x64 69 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Release|Win32.ActiveCfg = Win7 Release|Win32 70 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Release|Win32.Build.0 = Win7 Release|Win32 71 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Release|Win32.Deploy.0 = Win7 Release|Win32 72 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Release|x64.ActiveCfg = Win7 Release|x64 73 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Release|x64.Build.0 = Win7 Release|x64 74 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win7 Release|x64.Deploy.0 = Win7 Release|x64 75 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Debug|Win32.ActiveCfg = Win8.1 Debug|Win32 76 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Debug|Win32.Build.0 = Win8.1 Debug|Win32 77 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Debug|Win32.Deploy.0 = Win8.1 Debug|Win32 78 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Debug|x64.ActiveCfg = Win8.1 Debug|x64 79 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Debug|x64.Build.0 = Win8.1 Debug|x64 80 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Debug|x64.Deploy.0 = Win8.1 Debug|x64 81 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Release|Win32.ActiveCfg = Win8.1 Release|Win32 82 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Release|Win32.Build.0 = Win8.1 Release|Win32 83 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Release|Win32.Deploy.0 = Win8.1 Release|Win32 84 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Release|x64.ActiveCfg = Win8.1 Release|x64 85 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Release|x64.Build.0 = Win8.1 Release|x64 86 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D}.Win8.1 Release|x64.Deploy.0 = Win8.1 Release|x64 87 | EndGlobalSection 88 | GlobalSection(SolutionProperties) = preSolution 89 | HideSolutionNode = FALSE 90 | EndGlobalSection 91 | GlobalSection(NestedProjects) = preSolution 92 | {66530357-07D0-46E4-B242-CB03162F0148} = {F7820F3B-D6ED-4FE3-AE5F-2DA97AD5ED09} 93 | EndGlobalSection 94 | EndGlobal 95 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/Scavenger.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Win8.1 Debug 6 | Win32 7 | 8 | 9 | Win8.1 Release 10 | Win32 11 | 12 | 13 | Win7 Debug 14 | Win32 15 | 16 | 17 | Win7 Release 18 | Win32 19 | 20 | 21 | Win8.1 Debug 22 | x64 23 | 24 | 25 | Win8.1 Release 26 | x64 27 | 28 | 29 | Win7 Debug 30 | x64 31 | 32 | 33 | Win7 Release 34 | x64 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | {F58ACE7D-4A14-490E-AC54-BD1CD4EB9EC7} 43 | {f2f62967-0815-4fd7-9b86-6eedcac766eb} 44 | v4.5 45 | 11.0 46 | Win8.1 Debug 47 | Win32 48 | Scavenger 49 | 50 | 51 | 52 | WindowsV6.3 53 | true 54 | WindowsKernelModeDriver8.1 55 | Driver 56 | WDM 57 | 58 | 59 | WindowsV6.3 60 | false 61 | WindowsKernelModeDriver8.1 62 | Driver 63 | WDM 64 | 65 | 66 | Windows7 67 | true 68 | WindowsKernelModeDriver8.1 69 | Driver 70 | WDM 71 | 72 | 73 | Windows7 74 | false 75 | WindowsKernelModeDriver8.1 76 | Driver 77 | WDM 78 | 79 | 80 | WindowsV6.3 81 | true 82 | WindowsKernelModeDriver8.1 83 | Driver 84 | WDM 85 | 86 | 87 | WindowsV6.3 88 | false 89 | WindowsKernelModeDriver8.1 90 | Driver 91 | WDM 92 | 93 | 94 | Windows7 95 | true 96 | WindowsKernelModeDriver8.1 97 | Driver 98 | WDM 99 | 100 | 101 | Windows7 102 | false 103 | WindowsKernelModeDriver8.1 104 | Driver 105 | WDM 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | DbgengKernelDebugger 117 | 118 | 119 | DbgengKernelDebugger 120 | 121 | 122 | DbgengKernelDebugger 123 | 124 | 125 | DbgengKernelDebugger 126 | 127 | 128 | DbgengKernelDebugger 129 | 130 | 131 | DbgengKernelDebugger 132 | 133 | 134 | DbgengKernelDebugger 135 | 136 | 137 | DbgengKernelDebugger 138 | 139 | 140 | 141 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 142 | 143 | 144 | 145 | 146 | 147 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 148 | 149 | 150 | 151 | 152 | 153 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 154 | 155 | 156 | 157 | 158 | 159 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 160 | 161 | 162 | 163 | 164 | 165 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 166 | 167 | 168 | 169 | 170 | 171 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 172 | 173 | 174 | 175 | 176 | 177 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 178 | 179 | 180 | 181 | 182 | 183 | $(DDK_LIB_PATH)\fltmgr.lib;$(DDK_LIB_PATH)\ksecdd.lib;%(AdditionalDependencies) 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | -------------------------------------------------------------------------------- /Scavenger/Scavenger Package/Scavenger Package.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Win8.1 Debug 6 | Win32 7 | 8 | 9 | Win8.1 Release 10 | Win32 11 | 12 | 13 | Win7 Debug 14 | Win32 15 | 16 | 17 | Win7 Release 18 | Win32 19 | 20 | 21 | Win8.1 Debug 22 | x64 23 | 24 | 25 | Win8.1 Release 26 | x64 27 | 28 | 29 | Win7 Debug 30 | x64 31 | 32 | 33 | Win7 Release 34 | x64 35 | 36 | 37 | 38 | {3BE5CBD7-2CFA-4770-955D-B0CF3FDD507D} 39 | {4605da2c-74a5-4865-98e1-152ef136825f} 40 | v4.5 41 | 11.0 42 | Win8.1 Debug 43 | Win32 44 | Scavenger_Package 45 | 46 | 47 | 48 | WindowsV6.3 49 | true 50 | WindowsKernelModeDriver8.1 51 | Utility 52 | Package 53 | true 54 | 55 | 56 | WindowsV6.3 57 | false 58 | WindowsKernelModeDriver8.1 59 | Utility 60 | Package 61 | true 62 | 63 | 64 | Windows7 65 | true 66 | WindowsKernelModeDriver8.1 67 | Utility 68 | Package 69 | true 70 | 71 | 72 | Windows7 73 | false 74 | WindowsKernelModeDriver8.1 75 | Utility 76 | Package 77 | true 78 | 79 | 80 | WindowsV6.3 81 | true 82 | WindowsKernelModeDriver8.1 83 | Utility 84 | Package 85 | true 86 | 87 | 88 | WindowsV6.3 89 | false 90 | WindowsKernelModeDriver8.1 91 | Utility 92 | Package 93 | true 94 | 95 | 96 | Windows7 97 | true 98 | WindowsKernelModeDriver8.1 99 | Utility 100 | Package 101 | true 102 | 103 | 104 | Windows7 105 | false 106 | WindowsKernelModeDriver8.1 107 | Utility 108 | Package 109 | true 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | DbgengKernelDebugger 121 | False 122 | True 123 | 124 | 125 | 126 | False 127 | False 128 | True 129 | 130 | 133563 131 | 132 | 133 | DbgengKernelDebugger 134 | False 135 | True 136 | 137 | 138 | 139 | False 140 | False 141 | True 142 | 143 | 133563 144 | 145 | 146 | DbgengKernelDebugger 147 | False 148 | True 149 | 150 | 151 | 152 | False 153 | False 154 | True 155 | 156 | 133563 157 | 158 | 159 | DbgengKernelDebugger 160 | False 161 | True 162 | 163 | 164 | 165 | False 166 | False 167 | True 168 | 169 | 133563 170 | 171 | 172 | DbgengKernelDebugger 173 | False 174 | True 175 | 176 | 177 | 178 | False 179 | False 180 | True 181 | 182 | 133563 183 | 184 | 185 | DbgengKernelDebugger 186 | False 187 | True 188 | 189 | 190 | 191 | False 192 | False 193 | True 194 | 195 | 133563 196 | 197 | 198 | DbgengKernelDebugger 199 | False 200 | True 201 | 202 | 203 | 204 | False 205 | False 206 | True 207 | 208 | 133563 209 | 210 | 211 | DbgengKernelDebugger 212 | False 213 | True 214 | 215 | 216 | 217 | False 218 | False 219 | True 220 | 221 | 133563 222 | 223 | 224 | 225 | mkdir "$(PackageDir)" 226 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 227 | 228 | 229 | 230 | 231 | mkdir "$(PackageDir)" 232 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 233 | 234 | 235 | 236 | 237 | mkdir "$(PackageDir)" 238 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 239 | 240 | 241 | 242 | 243 | mkdir "$(PackageDir)" 244 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 245 | 246 | 247 | 248 | 249 | mkdir "$(PackageDir)" 250 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 251 | 252 | 253 | 254 | 255 | mkdir "$(PackageDir)" 256 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 257 | 258 | 259 | 260 | 261 | mkdir "$(PackageDir)" 262 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 263 | 264 | 265 | 266 | 267 | mkdir "$(PackageDir)" 268 | copy /y "$(ProjectDir)*.bat" "$(PackageDir)" 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | {f58ace7d-4a14-490e-ac54-bd1cd4eb9ec7} 277 | 278 | 279 | 280 | 281 | 282 | 283 | 284 | 285 | 286 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/Scavenger.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, tandasat. All rights reserved. 2 | // Use of this source code is governed by a MIT-style license that can be 3 | // found in the LICENSE file. 4 | 5 | // 6 | // This module implements an entry point of the driver and initializes other 7 | // components in this module. 8 | // 9 | #include "stdafx.h" 10 | #include "log.h" 11 | 12 | //////////////////////////////////////////////////////////////////////////////// 13 | // 14 | // macro utilities 15 | // 16 | 17 | //////////////////////////////////////////////////////////////////////////////// 18 | // 19 | // constants and macros 20 | // 21 | 22 | static const wchar_t SCVNP_OUT_DIRECTORY_PATH[] = L"\\SystemRoot\\Scavenger"; 23 | static const wchar_t SCVNP_LOG_FILE_PATH[] = 24 | L"\\SystemRoot\\Scavenger\\Scavenger.log"; 25 | 26 | #if DBG 27 | static const auto SCVNP_LOG_LEVEL = LOG_PUT_LEVEL_DEBUG; 28 | #else 29 | static const auto SCVNP_LOG_LEVEL = LOG_PUT_LEVEL_INFO; 30 | #endif 31 | 32 | //////////////////////////////////////////////////////////////////////////////// 33 | // 34 | // types 35 | // 36 | 37 | //////////////////////////////////////////////////////////////////////////////// 38 | // 39 | // prototypes 40 | // 41 | 42 | EXTERN_C NTKERNELAPI UCHAR *NTAPI 43 | PsGetProcessImageFileName(_In_ PEPROCESS Process); 44 | 45 | EXTERN_C DRIVER_INITIALIZE DriverEntry; 46 | 47 | EXTERN_C static NTSTATUS ScvnpCreateDirectory(_In_ const wchar_t *PathW); 48 | 49 | EXTERN_C static NTSTATUS FLTAPI ScvnpUnload(_In_ FLT_FILTER_UNLOAD_FLAGS Flags); 50 | 51 | EXTERN_C static FLT_POSTOP_CALLBACK_STATUS FLTAPI 52 | ScvnpPostCleanupAndFlushBuffers(_Inout_ PFLT_CALLBACK_DATA Data, 53 | _In_ PCFLT_RELATED_OBJECTS FltObjects, 54 | _In_opt_ PVOID CompletionContext, 55 | _In_ FLT_POST_OPERATION_FLAGS Flags); 56 | 57 | EXTERN_C static FLT_PREOP_CALLBACK_STATUS FLTAPI ScvnpPreSetInformation( 58 | _Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, 59 | _Outptr_result_maybenull_ PVOID *CompletionContext); 60 | 61 | EXTERN_C static NTSTATUS ScvnpScavenge(_Inout_ PFLT_CALLBACK_DATA Data, 62 | _In_ PCFLT_RELATED_OBJECTS FltObjects); 63 | 64 | EXTERN_C static bool ScvnpIsWhiteListedFile( 65 | _In_ PUNICODE_STRING TargetFileName); 66 | 67 | EXTERN_C static NTSTATUS ScvnpReadFile(_In_ PFLT_CALLBACK_DATA Data, 68 | _In_ PCFLT_RELATED_OBJECTS FltObjects, 69 | _Out_ void *Buffer, 70 | _In_ ULONG BufferSize); 71 | 72 | EXTERN_C static NTSTATUS ScvnpWriteFile(_In_ PCFLT_RELATED_OBJECTS FltObjects, 73 | _In_ const wchar_t *OutPathW, 74 | _In_ void *Buffer, 75 | _In_ ULONG BufferSize, 76 | _In_ ULONG CreateDisposition); 77 | 78 | EXTERN_C static NTSTATUS ScvnpGetSha1(_Out_ UCHAR(&Sha1Hash)[20], 79 | _In_ void *Data, _In_ ULONG DataSize); 80 | 81 | //////////////////////////////////////////////////////////////////////////////// 82 | // 83 | // variables 84 | // 85 | 86 | static PFLT_FILTER g_ScvnpFilterHandle = nullptr; 87 | static BCRYPT_ALG_HANDLE g_ScvnpSha1AlgorithmHandle = nullptr; 88 | 89 | //////////////////////////////////////////////////////////////////////////////// 90 | // 91 | // implementations 92 | // 93 | 94 | // 95 | ALLOC_TEXT(INIT, DriverEntry) 96 | EXTERN_C NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, 97 | _In_ PUNICODE_STRING RegistryPath) { 98 | const FLT_OPERATION_REGISTRATION fltCallbacks[] = { 99 | { 100 | IRP_MJ_CLEANUP, FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO, nullptr, 101 | ScvnpPostCleanupAndFlushBuffers, 102 | }, 103 | { 104 | IRP_MJ_FLUSH_BUFFERS, FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO, 105 | nullptr, ScvnpPostCleanupAndFlushBuffers, 106 | }, 107 | {IRP_MJ_SET_INFORMATION, FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO, 108 | ScvnpPreSetInformation, nullptr}, 109 | {IRP_MJ_OPERATION_END}}; 110 | 111 | const FLT_REGISTRATION filterRegistration = { 112 | sizeof(filterRegistration), // Size 113 | FLT_REGISTRATION_VERSION, // Version 114 | 0, // Flags 115 | nullptr, // Context 116 | fltCallbacks, // Operation callbacks 117 | ScvnpUnload, // FilterUnload 118 | nullptr, // InstanceSetup 119 | nullptr, // InstanceQueryTeardown 120 | nullptr, // InstanceTeardownStart 121 | nullptr, // InstanceTeardownComplete 122 | nullptr, // GenerateFileName 123 | nullptr, // GenerateDestinationFileName 124 | nullptr, // NormalizeNameComponent 125 | }; 126 | 127 | PAGED_CODE(); 128 | UNREFERENCED_PARAMETER(RegistryPath); 129 | // DBG_BREAK(); 130 | 131 | auto status = ScvnpCreateDirectory(SCVNP_OUT_DIRECTORY_PATH); 132 | if (!NT_SUCCESS(status)) { 133 | return status; 134 | } 135 | 136 | // Initialize the Log system 137 | status = LogInitialization( 138 | SCVNP_LOG_LEVEL | LOG_OPT_DISABLE_TIME | LOG_OPT_DISABLE_FUNCTION_NAME, 139 | SCVNP_LOG_FILE_PATH, nullptr); 140 | if (!NT_SUCCESS(status)) { 141 | return status; 142 | } 143 | 144 | // Initialize the crypt APIs. 145 | status = BCryptOpenAlgorithmProvider(&g_ScvnpSha1AlgorithmHandle, 146 | BCRYPT_SHA1_ALGORITHM, nullptr, 0); 147 | if (!NT_SUCCESS(status)) { 148 | LOG_ERROR("BCryptOpenAlgorithmProvider failed (%08x)", status); 149 | LogTermination(nullptr); 150 | return status; 151 | } 152 | 153 | // Register and start a mini filter driver 154 | status = FltRegisterFilter(DriverObject, &filterRegistration, 155 | &g_ScvnpFilterHandle); 156 | if (!NT_SUCCESS(status)) { 157 | LOG_ERROR("FltRegisterFilter failed (%08x)", status); 158 | BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0); 159 | LogTermination(nullptr); 160 | return status; 161 | } 162 | 163 | status = FltStartFiltering(g_ScvnpFilterHandle); 164 | if (!NT_SUCCESS(status)) { 165 | LOG_ERROR("FltStartFiltering failed (%08x)", status); 166 | FltUnregisterFilter(g_ScvnpFilterHandle); 167 | BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0); 168 | LogTermination(nullptr); 169 | return status; 170 | } 171 | 172 | LOG_INFO("Scavenger installed"); 173 | return status; 174 | } 175 | 176 | // Create a directory 177 | ALLOC_TEXT(INIT, ScvnpCreateDirectory) 178 | EXTERN_C static NTSTATUS ScvnpCreateDirectory(_In_ const wchar_t *PathW) { 179 | PAGED_CODE(); 180 | 181 | UNICODE_STRING path = {}; 182 | RtlInitUnicodeString(&path, PathW); 183 | OBJECT_ATTRIBUTES objAttr = RTL_INIT_OBJECT_ATTRIBUTES( 184 | &path, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE); 185 | 186 | IO_STATUS_BLOCK ioStatus = {}; 187 | HANDLE directory = nullptr; 188 | NTSTATUS status = ZwCreateFile( 189 | &directory, GENERIC_WRITE, &objAttr, &ioStatus, nullptr, 190 | FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN_IF, 191 | FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE, nullptr, 0); 192 | if (NT_SUCCESS(status)) { 193 | ZwClose(directory); 194 | } 195 | 196 | return status; 197 | } 198 | 199 | // An unload handler 200 | ALLOC_TEXT(PAGED, ScvnpUnload) 201 | EXTERN_C static NTSTATUS FLTAPI 202 | ScvnpUnload(_In_ FLT_FILTER_UNLOAD_FLAGS Flags) { 203 | PAGED_CODE(); 204 | UNREFERENCED_PARAMETER(Flags); 205 | 206 | FltUnregisterFilter(g_ScvnpFilterHandle); 207 | BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0); 208 | LogTermination(nullptr); 209 | 210 | return STATUS_SUCCESS; 211 | } 212 | 213 | // A handler for file flushing and closing 214 | EXTERN_C static FLT_POSTOP_CALLBACK_STATUS FLTAPI 215 | ScvnpPostCleanupAndFlushBuffers(_Inout_ PFLT_CALLBACK_DATA Data, 216 | _In_ PCFLT_RELATED_OBJECTS FltObjects, 217 | _In_opt_ PVOID CompletionContext, 218 | _In_ FLT_POST_OPERATION_FLAGS Flags) { 219 | UNREFERENCED_PARAMETER(CompletionContext); 220 | UNREFERENCED_PARAMETER(Flags); 221 | 222 | if (KeGetCurrentIrql() != PASSIVE_LEVEL) { 223 | return FLT_POSTOP_FINISHED_PROCESSING; 224 | } 225 | 226 | if (!FltObjects->FileObject->WriteAccess) { 227 | return FLT_POSTOP_FINISHED_PROCESSING; 228 | } 229 | 230 | // Handle only write related operations 231 | ScvnpScavenge(Data, FltObjects); 232 | return FLT_POSTOP_FINISHED_PROCESSING; 233 | } 234 | 235 | // 236 | EXTERN_C static FLT_PREOP_CALLBACK_STATUS FLTAPI ScvnpPreSetInformation( 237 | _Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, 238 | _Outptr_result_maybenull_ PVOID *CompletionContext) { 239 | UNREFERENCED_PARAMETER(CompletionContext); 240 | 241 | if (KeGetCurrentIrql() != PASSIVE_LEVEL) { 242 | return FLT_PREOP_SUCCESS_NO_CALLBACK; 243 | } 244 | 245 | switch (Data->Iopb->Parameters.SetFileInformation.FileInformationClass) { 246 | case FileAllocationInformation: 247 | case FileEndOfFileInformation: 248 | // Handle setting a file size to zero. 249 | if (Data->Iopb->Parameters.SetFileInformation.Length == 250 | sizeof(LARGE_INTEGER)) { 251 | const auto position = reinterpret_cast( 252 | Data->Iopb->Parameters.SetFileInformation.InfoBuffer); 253 | if (position && position->QuadPart == 0) { 254 | ScvnpScavenge(Data, FltObjects); 255 | } 256 | } 257 | break; 258 | 259 | case FileDispositionInformation: 260 | // Handle deleting a file. 261 | ScvnpScavenge(Data, FltObjects); 262 | break; 263 | default: 264 | break; 265 | } 266 | 267 | return FLT_PREOP_SUCCESS_NO_CALLBACK; 268 | } 269 | 270 | // 271 | ALLOC_TEXT(PAGED, ScvnpScavenge) 272 | EXTERN_C static NTSTATUS ScvnpScavenge(_Inout_ PFLT_CALLBACK_DATA Data, 273 | _In_ PCFLT_RELATED_OBJECTS FltObjects) { 274 | PAGED_CODE(); 275 | 276 | // Ignore system threads. Thus, this program does not support activities of 277 | // kernel mode code. 278 | if (PsIsSystemThread(PsGetCurrentThread())) { 279 | return STATUS_SUCCESS; 280 | } 281 | 282 | const auto operationType = FltGetIrpName(Data->Iopb->MajorFunction); 283 | 284 | PFLT_FILE_NAME_INFORMATION fileNameInformation = nullptr; 285 | auto status = FltGetFileNameInformationUnsafe( 286 | FltObjects->FileObject, FltObjects->Instance, FLT_FILE_NAME_NORMALIZED, 287 | &fileNameInformation); 288 | if (!NT_SUCCESS(status)) { 289 | // This error is expected to happen and okay to ignore it. 290 | if (status != STATUS_FILE_DELETED) { 291 | LOG_ERROR_SAFE("%-25s : FltGetFileNameInformationUnsafe failed (%08x)", 292 | operationType, status); 293 | } 294 | return status; 295 | } 296 | 297 | status = FltParseFileNameInformation(fileNameInformation); 298 | if (!NT_SUCCESS(status)) { 299 | LOG_ERROR_SAFE("%-25s : FltParseFileNameInformation failed (%08x) for %wZ", 300 | operationType, status, &fileNameInformation->Name); 301 | FltParseFileNameInformation(fileNameInformation); 302 | return status; 303 | } 304 | 305 | // Ignore directories 306 | BOOLEAN isDirectory = FALSE; 307 | status = FltIsDirectory(FltObjects->FileObject, FltObjects->Instance, 308 | &isDirectory); 309 | if (!NT_SUCCESS(status)) { 310 | LOG_ERROR_SAFE("%-25s : FltIsDirectory failed (%08x) for %wZ", 311 | operationType, status, &fileNameInformation->Name); 312 | FltParseFileNameInformation(fileNameInformation); 313 | return status; 314 | } 315 | if (isDirectory) { 316 | FltParseFileNameInformation(fileNameInformation); 317 | return status; 318 | } 319 | 320 | // Go through a white list 321 | if (ScvnpIsWhiteListedFile(&fileNameInformation->Name)) { 322 | FltParseFileNameInformation(fileNameInformation); 323 | return status; 324 | } 325 | 326 | // Get a file size (etc). 327 | FILE_STANDARD_INFORMATION fileInfo = {}; 328 | status = FltQueryInformationFile(FltObjects->Instance, FltObjects->FileObject, 329 | &fileInfo, sizeof(fileInfo), 330 | FileStandardInformation, nullptr); 331 | if (!NT_SUCCESS(status)) { 332 | // This error is expected to happen and okay to ignore it. 333 | if (status != STATUS_FILE_DELETED) { 334 | LOG_ERROR_SAFE("%-25s : FltQueryInformationFile failed (%08x) for %wZ", 335 | operationType, status, &fileNameInformation->Name); 336 | } 337 | FltParseFileNameInformation(fileNameInformation); 338 | return status; 339 | } 340 | 341 | // Ignore if the file is empty 342 | if (fileInfo.EndOfFile.QuadPart == 0) { 343 | FltParseFileNameInformation(fileNameInformation); 344 | return status; 345 | } 346 | 347 | // Ignore if the file size is greater than 4GB 348 | if (fileInfo.EndOfFile.HighPart != 0) { 349 | FltParseFileNameInformation(fileNameInformation); 350 | return STATUS_FILE_TOO_LARGE; 351 | } 352 | 353 | const auto targetFileSize = fileInfo.EndOfFile.LowPart; 354 | 355 | // Read entire contents of the file onto non paged memory. Thus, it may fail 356 | // to handle a file larger than the amount of available memory. 357 | const auto buffer = FltAllocatePoolAlignedWithTag( 358 | FltObjects->Instance, NonPagedPoolNx, targetFileSize, SCVN_POOL_TAG_NAME); 359 | if (!buffer) { 360 | LOG_ERROR_SAFE( 361 | "%-25s : FltAllocatePoolAlignedWithTag failed (%lu bytes) for %wZ", 362 | operationType, targetFileSize, &fileNameInformation->Name); 363 | goto End; 364 | } 365 | status = ScvnpReadFile(Data, FltObjects, buffer, targetFileSize); 366 | if (!NT_SUCCESS(status)) { 367 | LOG_ERROR_SAFE("%-25s : ScvnpReadFile failed (%08x) for %wZ", operationType, 368 | status, &fileNameInformation->Name); 369 | goto End; 370 | } 371 | 372 | // Calculate SHA1 of the written data. 373 | UCHAR sha1Hash[20] = {}; 374 | status = ScvnpGetSha1(sha1Hash, buffer, targetFileSize); 375 | if (!NT_SUCCESS(status)) { 376 | LOG_ERROR_SAFE("%-25s : ScvnpGetSha1 failed (%08x) for %wZ", operationType, 377 | status, &fileNameInformation->Name); 378 | goto End; 379 | } 380 | wchar_t sha1HashW[41] = {}; 381 | for (auto i = 0; i < RTL_NUMBER_OF(sha1Hash); ++i) { 382 | const auto outW = sha1HashW + i * 2; 383 | RtlStringCchPrintfW(outW, 3, L"%02x", sha1Hash[i]); 384 | } 385 | 386 | // Copy the read file contents to the out put folder as .bin. 387 | wchar_t outPathW[260]; 388 | status = RtlStringCchPrintfW(outPathW, RTL_NUMBER_OF(outPathW), L"%s\\%s.bin", 389 | SCVNP_OUT_DIRECTORY_PATH, sha1HashW); 390 | if (!NT_SUCCESS(status)) { 391 | LOG_ERROR_SAFE("%-25s : RtlStringCchPrintfW failed (%08x) for %wZ", 392 | operationType, status, &fileNameInformation->Name); 393 | goto End; 394 | } 395 | status = 396 | ScvnpWriteFile(FltObjects, outPathW, buffer, targetFileSize, FILE_CREATE); 397 | if (status == STATUS_DELETE_PENDING) { 398 | status = STATUS_SUCCESS; 399 | goto End; 400 | } 401 | 402 | if (status == STATUS_OBJECT_NAME_COLLISION) { 403 | // The same SHA1 is already there 404 | LOG_INFO_SAFE("%-25s for %wZ (dup with %S, %lu bytes, %wZ)", operationType, 405 | &fileNameInformation->FinalComponent, sha1HashW, 406 | targetFileSize, &fileNameInformation->Name); 407 | status = STATUS_SUCCESS; 408 | goto End; 409 | } 410 | 411 | if (!NT_SUCCESS(status)) { 412 | LOG_ERROR_SAFE("%-25s : ScvnpWriteFile failed (%08x) for %wZ", 413 | operationType, status, &fileNameInformation->Name); 414 | goto End; 415 | } 416 | 417 | // Done 418 | LOG_INFO_SAFE("%-25s for %wZ (saved as %S, %lu bytes, %wZ)", operationType, 419 | &fileNameInformation->FinalComponent, sha1HashW, targetFileSize, 420 | &fileNameInformation->Name); 421 | 422 | End: 423 | if (buffer) { 424 | FltFreePoolAlignedWithTag(FltObjects->Instance, buffer, SCVN_POOL_TAG_NAME); 425 | } 426 | if (fileNameInformation) { 427 | FltParseFileNameInformation(fileNameInformation); 428 | } 429 | return status; 430 | } 431 | 432 | // Return true when a file path is white listed. 433 | ALLOC_TEXT(PAGED, ScvnpIsWhiteListedFile) 434 | EXTERN_C static bool ScvnpIsWhiteListedFile( 435 | _In_ PUNICODE_STRING TargetFileName) { 436 | PAGED_CODE(); 437 | 438 | UNICODE_STRING WHITE_LIST[] = { 439 | RTL_CONSTANT_STRING( 440 | L"\\DEVICE\\HARDDISKVOLUME?\\*" 441 | L"\\APPDATA\\LOCAL\\MICROSOFT\\WINDOWS\\EXPLORER\\THUMBCACHE_*.DB"), 442 | }; 443 | 444 | for (auto i = 0; i < RTL_NUMBER_OF(WHITE_LIST); ++i) { 445 | if (FsRtlIsNameInExpression(&WHITE_LIST[i], TargetFileName, TRUE, 446 | nullptr)) { 447 | return true; 448 | } 449 | } 450 | return false; 451 | } 452 | 453 | // Read contents of a file 454 | ALLOC_TEXT(PAGED, ScvnpReadFile) 455 | EXTERN_C static NTSTATUS ScvnpReadFile(_In_ PFLT_CALLBACK_DATA Data, 456 | _In_ PCFLT_RELATED_OBJECTS FltObjects, 457 | _Out_ void *Buffer, 458 | _In_ ULONG BufferSize) { 459 | PAGED_CODE(); 460 | 461 | // Use an existing file object when it is NOT IRP_MJ_CLEANUP. 462 | if (Data->Iopb->MajorFunction != IRP_MJ_CLEANUP) { 463 | LARGE_INTEGER byteOffset = {}; 464 | auto status = FltReadFile(FltObjects->Instance, FltObjects->FileObject, 465 | &byteOffset, BufferSize, Buffer, 466 | FLTFL_IO_OPERATION_DO_NOT_UPDATE_BYTE_OFFSET, 467 | nullptr, nullptr, nullptr); 468 | if (!NT_SUCCESS(status)) { 469 | LOG_ERROR_SAFE("FltReadFile failed (%08x)", status); 470 | return status; 471 | } 472 | return status; 473 | } 474 | 475 | PFILE_OBJECT fileObject = nullptr; 476 | 477 | // Make a new file object since the file is already out of the current IO 478 | // path. 479 | PFLT_FILE_NAME_INFORMATION fileNameInformation = nullptr; 480 | auto status = FltGetFileNameInformationUnsafe( 481 | FltObjects->FileObject, FltObjects->Instance, FLT_FILE_NAME_NORMALIZED, 482 | &fileNameInformation); 483 | if (!NT_SUCCESS(status)) { 484 | return status; 485 | } 486 | 487 | OBJECT_ATTRIBUTES objAttr = RTL_INIT_OBJECT_ATTRIBUTES( 488 | &fileNameInformation->Name, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE); 489 | 490 | HANDLE fileHandle = nullptr; 491 | IO_STATUS_BLOCK ioStatus = {}; 492 | status = FltCreateFile( 493 | FltObjects->Filter, FltObjects->Instance, &fileHandle, GENERIC_READ, 494 | &objAttr, &ioStatus, nullptr, FILE_ATTRIBUTE_NORMAL, 495 | FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN_IF, 496 | FILE_SEQUENTIAL_ONLY | FILE_SYNCHRONOUS_IO_NONALERT | 497 | FILE_NON_DIRECTORY_FILE, 498 | nullptr, 0, 0); 499 | if (!NT_SUCCESS(status)) { 500 | LOG_ERROR_SAFE("FltCreateFile failed (%08x) for %wZ", status, 501 | &fileNameInformation->Name); 502 | goto End; 503 | } 504 | 505 | status = ObReferenceObjectByHandle(fileHandle, 0, nullptr, KernelMode, 506 | reinterpret_cast(&fileObject), 507 | nullptr); 508 | if (!NT_SUCCESS(status)) { 509 | LOG_ERROR_SAFE("ObReferenceObjectByHandle failed (%08x) for %wZ", status, 510 | &fileNameInformation->Name); 511 | goto End; 512 | } 513 | 514 | status = FltReadFile(FltObjects->Instance, fileObject, nullptr, BufferSize, 515 | Buffer, 0, nullptr, nullptr, nullptr); 516 | if (!NT_SUCCESS(status)) { 517 | LOG_ERROR_SAFE("FltReadFile failed (%08x) for %wZ", status, 518 | &fileNameInformation->Name); 519 | goto End; 520 | } 521 | 522 | End: 523 | if (fileObject) { 524 | ObDereferenceObject(fileObject); 525 | } 526 | if (fileHandle) { 527 | FltClose(fileHandle); 528 | } 529 | if (fileNameInformation) { 530 | FltReleaseFileNameInformation(fileNameInformation); 531 | } 532 | return status; 533 | } 534 | 535 | // Write data to a file 536 | ALLOC_TEXT(PAGED, ScvnpWriteFile) 537 | EXTERN_C static NTSTATUS ScvnpWriteFile(_In_ PCFLT_RELATED_OBJECTS FltObjects, 538 | _In_ const wchar_t *OutPathW, 539 | _In_ void *Buffer, 540 | _In_ ULONG BufferSize, 541 | _In_ ULONG CreateDisposition) { 542 | PAGED_CODE(); 543 | 544 | UNICODE_STRING outPath = {}; 545 | RtlInitUnicodeString(&outPath, OutPathW); 546 | OBJECT_ATTRIBUTES objAttr = RTL_INIT_OBJECT_ATTRIBUTES( 547 | &outPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE); 548 | 549 | HANDLE fileHandle = nullptr; 550 | IO_STATUS_BLOCK ioStatus = {}; 551 | auto status = FltCreateFile( 552 | FltObjects->Filter, FltObjects->Instance, &fileHandle, GENERIC_WRITE, 553 | &objAttr, &ioStatus, nullptr, FILE_ATTRIBUTE_NORMAL, 0, CreateDisposition, 554 | FILE_SEQUENTIAL_ONLY | FILE_SYNCHRONOUS_IO_NONALERT | 555 | FILE_NON_DIRECTORY_FILE, 556 | nullptr, 0, 0); 557 | if (status == STATUS_OBJECT_NAME_COLLISION || 558 | status == STATUS_DELETE_PENDING) { 559 | return status; 560 | } 561 | if (!NT_SUCCESS(status)) { 562 | LOG_ERROR_SAFE("FltCreateFile failed (%08x) for %S", status, OutPathW); 563 | return status; 564 | } 565 | 566 | PFILE_OBJECT fileObject = nullptr; 567 | status = ObReferenceObjectByHandle(fileHandle, 0, nullptr, KernelMode, 568 | reinterpret_cast(&fileObject), 569 | nullptr); 570 | if (!NT_SUCCESS(status)) { 571 | LOG_ERROR_SAFE("ObReferenceObjectByHandle failed (%08x) for %S", status, 572 | OutPathW); 573 | goto End; 574 | } 575 | 576 | status = FltWriteFile(FltObjects->Instance, fileObject, nullptr, BufferSize, 577 | Buffer, 0, nullptr, nullptr, nullptr); 578 | if (!NT_SUCCESS(status)) { 579 | LOG_ERROR_SAFE("FltWriteFile failed (%08x) for %S", status, OutPathW); 580 | goto End; 581 | } 582 | 583 | End: 584 | if (fileObject) { 585 | ObDereferenceObject(fileObject); 586 | } 587 | if (fileHandle) { 588 | FltClose(fileHandle); 589 | } 590 | return status; 591 | } 592 | 593 | // Calculate SHA1 594 | ALLOC_TEXT(PAGED, ScvnpGetSha1) 595 | EXTERN_C static NTSTATUS ScvnpGetSha1(_Out_ UCHAR(&Sha1Hash)[20], 596 | _In_ void *Data, _In_ ULONG DataSize) { 597 | PAGED_CODE(); 598 | 599 | BCRYPT_HASH_HANDLE hashHandle = nullptr; 600 | auto status = BCryptCreateHash(g_ScvnpSha1AlgorithmHandle, &hashHandle, 601 | nullptr, 0, nullptr, 0, 0); 602 | if (!NT_SUCCESS(status)) { 603 | LOG_ERROR_SAFE("BCryptCreateHash failed (%08x)", status); 604 | return status; 605 | } 606 | 607 | status = BCryptHashData(hashHandle, static_cast(Data), DataSize, 0); 608 | if (!NT_SUCCESS(status)) { 609 | LOG_ERROR_SAFE("BCryptHashData failed (%08x)", status); 610 | goto End; 611 | } 612 | 613 | static_assert(sizeof(Sha1Hash) == 20, "Size check"); 614 | status = BCryptFinishHash(hashHandle, Sha1Hash, sizeof(Sha1Hash), 0); 615 | if (!NT_SUCCESS(status)) { 616 | LOG_ERROR_SAFE("BCryptFinishHash failed (%08x)", status); 617 | goto End; 618 | } 619 | 620 | End: 621 | if (hashHandle) { 622 | BCryptDestroyHash(hashHandle); 623 | } 624 | return status; 625 | } 626 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/log.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, tandasat. All rights reserved. 2 | // Use of this source code is governed by a MIT-style license that can be 3 | // found in the LICENSE file. 4 | 5 | // 6 | // This module implements logging functions. 7 | // 8 | #include "stdafx.h" 9 | #include "log.h" 10 | 11 | //////////////////////////////////////////////////////////////////////////////// 12 | // 13 | // macro utilities 14 | // 15 | 16 | //////////////////////////////////////////////////////////////////////////////// 17 | // 18 | // constant and macro 19 | // 20 | 21 | // A size for log buffer in NonPagedPool. Two buffers are allocated with this 22 | // size. Exceeded logs are ignored silently. Make it bigger if a buffered log 23 | // size often reach this size. 24 | static const auto LOGP_BUFFER_SIZE_IN_PAGES = 5ul; 25 | 26 | // An actual log buffer size in bytes. 27 | static const auto LOGP_BUFFER_SIZE = PAGE_SIZE * LOGP_BUFFER_SIZE_IN_PAGES; 28 | 29 | // A size that is usable for logging. Minus one because the last byte is kept 30 | // for \0. 31 | static const auto LOGP_BUFFER_USABLE_SIZE = LOGP_BUFFER_SIZE - 1; 32 | 33 | // An interval to flush buffered log entries into a log file. 34 | static const auto LOGP_AUTO_FLUSH_INTERVAL_MSEC = 50; 35 | 36 | static const ULONG LOGP_POOL_TAG_NAME = ' gol'; 37 | 38 | //////////////////////////////////////////////////////////////////////////////// 39 | // 40 | // types 41 | // 42 | 43 | struct LogBufferInfo { 44 | volatile char *LogBufferHead; // A pointer to a buffer currently used. 45 | // It is either LogBuffer1 or LogBuffer2. 46 | volatile char *LogBufferTail; // A pointer to where the next log should 47 | // be written. 48 | char *LogBuffer1; 49 | char *LogBuffer2; 50 | SIZE_T LogMaximumUsage; // Holds the biggest buffer usage to 51 | // determine a necessary buffer size. 52 | HANDLE LogFileHandle; 53 | KSPIN_LOCK SpinLock; 54 | ERESOURCE Resource; 55 | volatile bool BufferFlushThreadShouldBeAlive; 56 | HANDLE BufferFlushThreadHandle; 57 | }; 58 | 59 | //////////////////////////////////////////////////////////////////////////////// 60 | // 61 | // prototypes 62 | // 63 | 64 | EXTERN_C NTKERNELAPI UCHAR *NTAPI 65 | PsGetProcessImageFileName(_In_ PEPROCESS Process); 66 | 67 | EXTERN_C static NTSTATUS LogpInitializeBufferInfo( 68 | _In_ const wchar_t *LogFilePath, _In_opt_ PDEVICE_OBJECT DeviceObject, 69 | _Inout_ LogBufferInfo *Info); 70 | 71 | EXTERN_C static void LogpFinalizeBufferInfo(_In_opt_ PDEVICE_OBJECT 72 | DeviceObject, 73 | _In_ LogBufferInfo *Info); 74 | 75 | #ifdef _X86_ 76 | _Requires_lock_not_held_(*SpinLock) _Acquires_lock_(*SpinLock) 77 | _IRQL_requires_max_(DISPATCH_LEVEL) _IRQL_saves_ 78 | _IRQL_raises_(DISPATCH_LEVEL) inline KIRQL 79 | KeAcquireSpinLockRaiseToDpc(_Inout_ PKSPIN_LOCK SpinLock); 80 | #endif 81 | 82 | EXTERN_C static NTSTATUS LogpMakePrefix(_In_ ULONG Level, 83 | _In_ const char *FunctionName, 84 | _In_ const char *LogMessage, 85 | _Out_ char *LogBuffer, 86 | _In_ size_t LogBufferLength); 87 | 88 | EXTERN_C static const char *LogpFindBaseFunctionName( 89 | _In_ const char *FunctionName); 90 | 91 | EXTERN_C static NTSTATUS LogpPut(_In_ const char *Message, 92 | _In_ ULONG Attribute); 93 | 94 | EXTERN_C static NTSTATUS LogpWriteLogBufferToFile(_In_opt_ LogBufferInfo *Info); 95 | 96 | EXTERN_C static NTSTATUS LogpWriteMessageToFile(_In_ const char *Message, 97 | _In_ const LogBufferInfo &Info); 98 | 99 | EXTERN_C static NTSTATUS LogpBufferMessage(_In_ const char *Message, 100 | _In_opt_ LogBufferInfo *Info); 101 | 102 | EXTERN_C static bool LogpIsLogFileEnabled(_In_ const LogBufferInfo &Info); 103 | 104 | EXTERN_C static bool LogpIsLogNeeded(_In_ ULONG Level); 105 | 106 | EXTERN_C static KSTART_ROUTINE LogpBufferFlushThreadRoutine; 107 | 108 | EXTERN_C static NTSTATUS LogpSleep(_In_ LONG Millisecond); 109 | 110 | //////////////////////////////////////////////////////////////////////////////// 111 | // 112 | // variables 113 | // 114 | 115 | static auto g_LogpDebugFlag = LOG_PUT_LEVEL_DISABLE; 116 | static LogBufferInfo g_LogpLogBufferInfo = {}; 117 | 118 | //////////////////////////////////////////////////////////////////////////////// 119 | // 120 | // implementations 121 | // 122 | 123 | ALLOC_TEXT(INIT, LogInitialization) 124 | EXTERN_C NTSTATUS LogInitialization(_In_ ULONG Flag, 125 | _In_opt_ const wchar_t *LogFilePath, 126 | _In_opt_ PDEVICE_OBJECT DeviceObject) { 127 | PAGED_CODE(); 128 | 129 | auto status = STATUS_SUCCESS; 130 | 131 | g_LogpDebugFlag = Flag; 132 | 133 | if (DeviceObject && !LogFilePath) { 134 | return STATUS_INVALID_PARAMETER; 135 | } 136 | 137 | // Initialize a log file if a log file path is specified. 138 | if (LogFilePath) { 139 | status = LogpInitializeBufferInfo(LogFilePath, DeviceObject, 140 | &g_LogpLogBufferInfo); 141 | if (!NT_SUCCESS(status)) { 142 | return status; 143 | } 144 | } 145 | 146 | // Test the log. 147 | status = LOG_INFO( 148 | "Log system was initialized (Flag= %08x, Buffer= %p %p, File= %S).", Flag, 149 | g_LogpLogBufferInfo.LogBuffer1, g_LogpLogBufferInfo.LogBuffer2, 150 | LogFilePath); 151 | if (!NT_SUCCESS(status)) { 152 | goto Fail; 153 | } 154 | return status; 155 | 156 | Fail: 157 | if (LogFilePath) { 158 | LogpFinalizeBufferInfo(DeviceObject, &g_LogpLogBufferInfo); 159 | } 160 | return status; 161 | } 162 | 163 | // Initialize a log file related code such as a flushing thread. 164 | ALLOC_TEXT(INIT, LogpInitializeBufferInfo) 165 | EXTERN_C static NTSTATUS LogpInitializeBufferInfo( 166 | _In_ const wchar_t *LogFilePath, _In_opt_ PDEVICE_OBJECT DeviceObject, 167 | _Inout_ LogBufferInfo *Info) { 168 | NT_ASSERT(LogFilePath); 169 | NT_ASSERT(Info); 170 | 171 | KeInitializeSpinLock(&Info->SpinLock); 172 | 173 | auto status = ExInitializeResourceLite(&Info->Resource); 174 | if (!NT_SUCCESS(status)) { 175 | return status; 176 | } 177 | 178 | if (DeviceObject) { 179 | // We can handle IRP_MJ_SHUTDOWN in order to flush buffered log entries. 180 | status = IoRegisterShutdownNotification(DeviceObject); 181 | if (!NT_SUCCESS(status)) { 182 | LogpFinalizeBufferInfo(DeviceObject, Info); 183 | return status; 184 | } 185 | } 186 | 187 | // Allocate two log buffers on NonPagedPool. 188 | Info->LogBuffer1 = reinterpret_cast(ExAllocatePoolWithTag( 189 | NonPagedPool, LOGP_BUFFER_SIZE, LOGP_POOL_TAG_NAME)); 190 | if (!Info->LogBuffer1) { 191 | LogpFinalizeBufferInfo(DeviceObject, Info); 192 | return STATUS_INSUFFICIENT_RESOURCES; 193 | } 194 | 195 | Info->LogBuffer2 = reinterpret_cast(ExAllocatePoolWithTag( 196 | NonPagedPool, LOGP_BUFFER_SIZE, LOGP_POOL_TAG_NAME)); 197 | if (!Info->LogBuffer2) { 198 | LogpFinalizeBufferInfo(DeviceObject, Info); 199 | return STATUS_INSUFFICIENT_RESOURCES; 200 | } 201 | 202 | // Initialize these buffers 203 | RtlFillMemory(Info->LogBuffer1, LOGP_BUFFER_SIZE, 0xff); // for debug 204 | Info->LogBuffer1[0] = '\0'; 205 | Info->LogBuffer1[LOGP_BUFFER_SIZE - 1] = '\0'; // at the end 206 | 207 | RtlFillMemory(Info->LogBuffer2, LOGP_BUFFER_SIZE, 0xff); // for debug 208 | Info->LogBuffer2[0] = '\0'; 209 | Info->LogBuffer2[LOGP_BUFFER_SIZE - 1] = '\0'; // at the end 210 | 211 | // Buffer should be used is LogBuffer1, and location should be written logs 212 | // is the head of the buffer. 213 | Info->LogBufferHead = Info->LogBuffer1; 214 | Info->LogBufferTail = Info->LogBuffer1; 215 | 216 | // Initialize a log file 217 | UNICODE_STRING logFilePathU = {}; 218 | RtlInitUnicodeString(&logFilePathU, LogFilePath); 219 | 220 | OBJECT_ATTRIBUTES oa = {}; 221 | InitializeObjectAttributes(&oa, &logFilePathU, 222 | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, nullptr, 223 | nullptr); 224 | 225 | IO_STATUS_BLOCK ioStatus = {}; 226 | status = ZwCreateFile( 227 | &Info->LogFileHandle, FILE_APPEND_DATA | SYNCHRONIZE, &oa, &ioStatus, 228 | nullptr, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN_IF, 229 | FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, nullptr, 0); 230 | if (!NT_SUCCESS(status)) { 231 | LogpFinalizeBufferInfo(DeviceObject, Info); 232 | return status; 233 | } 234 | 235 | // Initialize a log buffer flush thread. 236 | Info->BufferFlushThreadShouldBeAlive = true; 237 | status = PsCreateSystemThread(&Info->BufferFlushThreadHandle, GENERIC_ALL, 238 | nullptr, nullptr, nullptr, 239 | LogpBufferFlushThreadRoutine, Info); 240 | if (!NT_SUCCESS(status)) { 241 | LogpFinalizeBufferInfo(DeviceObject, Info); 242 | return status; 243 | } 244 | 245 | return status; 246 | } 247 | 248 | // Terminates the log functions without releasing resources. 249 | ALLOC_TEXT(PAGED, LogIrpShutdownHandler) 250 | EXTERN_C void LogIrpShutdownHandler() { 251 | PAGED_CODE(); 252 | 253 | LOG_DEBUG("Flushing... (Max log usage = %08x bytes)", 254 | g_LogpLogBufferInfo.LogMaximumUsage); 255 | LOG_INFO("Bye!"); 256 | g_LogpDebugFlag = LOG_PUT_LEVEL_DISABLE; 257 | 258 | // Wait until the log buffer is emptied. 259 | auto &info = g_LogpLogBufferInfo; 260 | while (info.LogBufferHead[0]) { 261 | LogpSleep(LOGP_AUTO_FLUSH_INTERVAL_MSEC); 262 | } 263 | } 264 | 265 | // Terminates the log functions. 266 | ALLOC_TEXT(PAGED, LogTermination) 267 | EXTERN_C void LogTermination(_In_opt_ PDEVICE_OBJECT DeviceObject) { 268 | PAGED_CODE(); 269 | 270 | LOG_DEBUG("Finalizing... (Max log usage = %08x bytes)", 271 | g_LogpLogBufferInfo.LogMaximumUsage); 272 | LOG_INFO("Bye!"); 273 | g_LogpDebugFlag = LOG_PUT_LEVEL_DISABLE; 274 | LogpFinalizeBufferInfo(DeviceObject, &g_LogpLogBufferInfo); 275 | } 276 | 277 | // Terminates a log file related code. 278 | ALLOC_TEXT(PAGED, LogpFinalizeBufferInfo) 279 | EXTERN_C static void LogpFinalizeBufferInfo(_In_opt_ PDEVICE_OBJECT 280 | DeviceObject, 281 | _In_ LogBufferInfo *Info) { 282 | PAGED_CODE(); 283 | NT_ASSERT(Info); 284 | 285 | // Closing the log buffer flush thread. 286 | if (Info->BufferFlushThreadHandle) { 287 | Info->BufferFlushThreadShouldBeAlive = false; 288 | auto status = 289 | ZwWaitForSingleObject(Info->BufferFlushThreadHandle, FALSE, nullptr); 290 | if (!NT_SUCCESS(status)) { 291 | DBG_BREAK(); 292 | } 293 | ZwClose(Info->BufferFlushThreadHandle); 294 | Info->BufferFlushThreadHandle = nullptr; 295 | } 296 | 297 | // Cleaning up other things. 298 | if (Info->LogFileHandle) { 299 | ZwClose(Info->LogFileHandle); 300 | Info->LogFileHandle = nullptr; 301 | } 302 | if (Info->LogBuffer2) { 303 | ExFreePoolWithTag(Info->LogBuffer2, LOGP_POOL_TAG_NAME); 304 | Info->LogBuffer2 = nullptr; 305 | } 306 | if (Info->LogBuffer1) { 307 | ExFreePoolWithTag(Info->LogBuffer1, LOGP_POOL_TAG_NAME); 308 | Info->LogBuffer1 = nullptr; 309 | } 310 | 311 | if (DeviceObject) { 312 | IoUnregisterShutdownNotification(DeviceObject); 313 | } 314 | ExDeleteResourceLite(&Info->Resource); 315 | } 316 | 317 | #ifdef _X86_ 318 | _Requires_lock_not_held_(*SpinLock) _Acquires_lock_(*SpinLock) 319 | _IRQL_requires_max_(DISPATCH_LEVEL) _IRQL_saves_ 320 | _IRQL_raises_(DISPATCH_LEVEL) inline KIRQL 321 | KeAcquireSpinLockRaiseToDpc(_Inout_ PKSPIN_LOCK SpinLock) { 322 | KIRQL irql = {}; 323 | KeAcquireSpinLock(SpinLock, &irql); 324 | return irql; 325 | } 326 | #endif 327 | 328 | // Actual implementation of logging API. 329 | EXTERN_C NTSTATUS LogpPrint(_In_ ULONG Level, _In_ const char *FunctionName, 330 | _In_ const char *Format, ...) { 331 | auto status = STATUS_SUCCESS; 332 | 333 | if (!LogpIsLogNeeded(Level)) { 334 | return status; 335 | } 336 | 337 | va_list args; 338 | va_start(args, Format); 339 | char logMessage[300]; 340 | status = 341 | RtlStringCchVPrintfA(logMessage, RTL_NUMBER_OF(logMessage), Format, args); 342 | va_end(args); 343 | if (!NT_SUCCESS(status)) { 344 | return status; 345 | } 346 | if (logMessage[0] == '\0') { 347 | return STATUS_INVALID_PARAMETER; 348 | } 349 | 350 | const auto pureLevel = Level & 0xf0; 351 | const auto attribute = Level & 0x0f; 352 | 353 | // A single entry of log should not exceed 512 bytes. See 354 | // Reading and Filtering Debugging Messages in MSDN for details. 355 | char message[100 + RTL_NUMBER_OF(logMessage)]; 356 | static_assert(RTL_NUMBER_OF(message) <= 512, 357 | "One log message should not exceed 512 bytes."); 358 | status = LogpMakePrefix(pureLevel, FunctionName, logMessage, message, 359 | RTL_NUMBER_OF(message)); 360 | if (!NT_SUCCESS(status)) { 361 | return status; 362 | } 363 | 364 | return LogpPut(message, attribute); 365 | } 366 | 367 | // Concatenates meta information such as the current time and a process ID to 368 | // user given log message. 369 | EXTERN_C static NTSTATUS LogpMakePrefix(_In_ ULONG Level, 370 | _In_ const char *FunctionName, 371 | _In_ const char *LogMessage, 372 | _Out_ char *LogBuffer, 373 | _In_ size_t LogBufferLength) { 374 | char const *levelString = nullptr; 375 | switch (Level) { 376 | case LOGP_LEVEL_DEBUG: 377 | levelString = "DBG"; 378 | break; 379 | case LOGP_LEVEL_INFO: 380 | levelString = "INF"; 381 | break; 382 | case LOGP_LEVEL_WARN: 383 | levelString = "WRN"; 384 | break; 385 | case LOGP_LEVEL_ERROR: 386 | levelString = "ERR"; 387 | break; 388 | default: 389 | return STATUS_INVALID_PARAMETER; 390 | } 391 | 392 | auto status = STATUS_SUCCESS; 393 | 394 | char timeBuffer[20] = {}; 395 | if ((g_LogpDebugFlag & LOG_OPT_DISABLE_TIME) == 0) { 396 | // Want the current time. 397 | TIME_FIELDS timeFields; 398 | LARGE_INTEGER systemTime, localTime; 399 | KeQuerySystemTime(&systemTime); 400 | ExSystemTimeToLocalTime(&systemTime, &localTime); 401 | RtlTimeToTimeFields(&localTime, &timeFields); 402 | 403 | status = RtlStringCchPrintfA(timeBuffer, RTL_NUMBER_OF(timeBuffer), 404 | "%02u:%02u:%02u.%03u\t", timeFields.Hour, 405 | timeFields.Minute, timeFields.Second, 406 | timeFields.Milliseconds); 407 | if (!NT_SUCCESS(status)) { 408 | return status; 409 | } 410 | } 411 | 412 | char functionNameBuffer[50] = {}; 413 | if ((g_LogpDebugFlag & LOG_OPT_DISABLE_FUNCTION_NAME) == 0) { 414 | // Want the function name 415 | const auto baseFunctionName = LogpFindBaseFunctionName(FunctionName); 416 | status = RtlStringCchPrintfA(functionNameBuffer, 417 | RTL_NUMBER_OF(functionNameBuffer), "%-40s\t", 418 | baseFunctionName); 419 | if (!NT_SUCCESS(status)) { 420 | return status; 421 | } 422 | } 423 | 424 | // 425 | // It uses PsGetProcessId(PsGetCurrentProcess()) instead of 426 | // PsGetCurrentThreadProcessId() because the later sometimes returns 427 | // unwanted value, for example: 428 | // PID == 4 but its image name != ntoskrnl.exe 429 | // The author is guessing that it is related to attaching processes but 430 | // not quite sure. The former way works as expected. 431 | // 432 | status = RtlStringCchPrintfA( 433 | LogBuffer, LogBufferLength, "%s%s\t%5lu\t%5lu\t%-15s\t%s%s\r\n", 434 | timeBuffer, levelString, 435 | reinterpret_cast(PsGetProcessId(PsGetCurrentProcess())), 436 | reinterpret_cast(PsGetCurrentThreadId()), 437 | PsGetProcessImageFileName(PsGetCurrentProcess()), functionNameBuffer, 438 | LogMessage); 439 | return status; 440 | } 441 | 442 | // Returns the function's base name, for example, 443 | // NamespaceName::ClassName::MethodName will be returned as MethodName. 444 | EXTERN_C static const char *LogpFindBaseFunctionName( 445 | _In_ const char *FunctionName) { 446 | if (!FunctionName) { 447 | return nullptr; 448 | } 449 | 450 | auto ptr = FunctionName; 451 | auto name = FunctionName; 452 | while (*(ptr++)) { 453 | if (*ptr == ':') { 454 | name = ptr + 1; 455 | } 456 | } 457 | return name; 458 | } 459 | 460 | // Logs the entry according to Attribute and the thread condition. 461 | EXTERN_C static NTSTATUS LogpPut(_In_ const char *Message, 462 | _In_ ULONG Attribute) { 463 | auto status = STATUS_SUCCESS; 464 | 465 | // Log the entry to a file or buffer. 466 | auto &info = g_LogpLogBufferInfo; 467 | if (LogpIsLogFileEnabled(info)) { 468 | // Can it log it to a file now? 469 | if (((Attribute & LOGP_LEVEL_OPT_SAFE) == 0) && 470 | KeGetCurrentIrql() == PASSIVE_LEVEL && !KeAreAllApcsDisabled()) { 471 | // Yes, it can. Do it. 472 | LogpWriteLogBufferToFile(&info); 473 | status = LogpWriteMessageToFile(Message, info); 474 | } else { 475 | // No, it cannot. Buffer it. 476 | status = LogpBufferMessage(Message, &info); 477 | } 478 | } 479 | 480 | // Can it safely be printed? 481 | if (KeGetCurrentIrql() >= CLOCK_LEVEL) { 482 | return STATUS_UNSUCCESSFUL; 483 | } 484 | 485 | DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "%s", Message); 486 | return status; 487 | } 488 | 489 | // Switch the current log buffer and save the contents of old buffer to the log 490 | // file. This function does not flush the log file, so code should call 491 | // LogpWriteMessageToFile() or ZwFlushBuffersFile() later. 492 | EXTERN_C static NTSTATUS LogpWriteLogBufferToFile( 493 | _In_opt_ LogBufferInfo *Info) { 494 | NT_ASSERT(Info); 495 | auto status = STATUS_SUCCESS; 496 | 497 | // Enter a critical section and acquire a reader lock for Info in order to 498 | // write a log file safely. 499 | ExEnterCriticalRegionAndAcquireResourceExclusive(&Info->Resource); 500 | 501 | // Acquire a spin lock for Info.LogBuffer(s) in order to switch its head 502 | // safely. 503 | const auto irql = KeAcquireSpinLockRaiseToDpc(&Info->SpinLock); 504 | auto oldLogBuffer = const_cast(Info->LogBufferHead); 505 | if (oldLogBuffer[0]) { 506 | Info->LogBufferHead = (oldLogBuffer == Info->LogBuffer1) ? Info->LogBuffer2 507 | : Info->LogBuffer1; 508 | Info->LogBufferHead[0] = '\0'; 509 | Info->LogBufferTail = Info->LogBufferHead; 510 | } 511 | KeReleaseSpinLock(&Info->SpinLock, irql); 512 | 513 | // Write all log entries in old log buffer. 514 | IO_STATUS_BLOCK ioStatus = {}; 515 | for (auto currentLogEntry = oldLogBuffer; currentLogEntry[0]; /**/) { 516 | const auto currentLogEntryLength = strlen(currentLogEntry); 517 | status = 518 | ZwWriteFile(Info->LogFileHandle, nullptr, nullptr, nullptr, &ioStatus, 519 | currentLogEntry, static_cast(currentLogEntryLength), 520 | nullptr, nullptr); 521 | if (!NT_SUCCESS(status)) { 522 | // It could happen when you did not register IRP_SHUTDOWN and call 523 | // LogIrpShutdownHandler() and the system tried to log to a file after 524 | // a filesystem was unmounted. 525 | DBG_BREAK(); 526 | } 527 | 528 | currentLogEntry += currentLogEntryLength + 1; 529 | } 530 | oldLogBuffer[0] = '\0'; 531 | 532 | ExReleaseResourceAndLeaveCriticalRegion(&Info->Resource); 533 | return status; 534 | } 535 | 536 | // Logs the current log entry to and flush the log file. 537 | EXTERN_C static NTSTATUS LogpWriteMessageToFile( 538 | _In_ const char *Message, _In_ const LogBufferInfo &Info) { 539 | IO_STATUS_BLOCK ioStatus = {}; 540 | auto status = 541 | ZwWriteFile(Info.LogFileHandle, nullptr, nullptr, nullptr, &ioStatus, 542 | const_cast(Message), 543 | static_cast(strlen(Message)), nullptr, nullptr); 544 | if (!NT_SUCCESS(status)) { 545 | // It could happen when you did not register IRP_SHUTDOWN and call 546 | // LogIrpShutdownHandler() and the system tried to log to a file after 547 | // a filesystem was unmounted. 548 | DBG_BREAK(); 549 | } 550 | status = ZwFlushBuffersFile(Info.LogFileHandle, &ioStatus); 551 | return status; 552 | } 553 | 554 | // Buffer the log entry to the log buffer. 555 | EXTERN_C static NTSTATUS LogpBufferMessage(_In_ const char *Message, 556 | _In_opt_ LogBufferInfo *Info) { 557 | NT_ASSERT(Info); 558 | 559 | // Acquire a spin lock to add the log safely. 560 | const auto irql = KeAcquireSpinLockRaiseToDpc(&Info->SpinLock); 561 | 562 | // Copy the current log to the buffer. 563 | size_t usedBufferSize = Info->LogBufferTail - Info->LogBufferHead; 564 | auto status = 565 | RtlStringCchCopyA(const_cast(Info->LogBufferTail), 566 | LOGP_BUFFER_USABLE_SIZE - usedBufferSize, Message); 567 | 568 | // Update Info.LogMaximumUsage if necessary. 569 | if (NT_SUCCESS(status)) { 570 | const auto messageLength = strlen(Message) + 1; 571 | Info->LogBufferTail += messageLength; 572 | usedBufferSize += messageLength; 573 | if (usedBufferSize > Info->LogMaximumUsage) { 574 | Info->LogMaximumUsage = usedBufferSize; // Update 575 | } 576 | } else { 577 | Info->LogMaximumUsage = LOGP_BUFFER_SIZE; // Indicates overflow 578 | } 579 | *Info->LogBufferTail = '\0'; 580 | 581 | KeReleaseSpinLock(&Info->SpinLock, irql); 582 | return status; 583 | } 584 | 585 | // Returns true when a log file is enabled. 586 | EXTERN_C static bool LogpIsLogFileEnabled(_In_ const LogBufferInfo &Info) { 587 | if (Info.LogFileHandle) { 588 | NT_ASSERT(Info.LogBuffer1); 589 | NT_ASSERT(Info.LogBuffer2); 590 | NT_ASSERT(Info.LogBufferHead); 591 | NT_ASSERT(Info.LogBufferTail); 592 | return true; 593 | } 594 | NT_ASSERT(!Info.LogBuffer1); 595 | NT_ASSERT(!Info.LogBuffer2); 596 | NT_ASSERT(!Info.LogBufferHead); 597 | NT_ASSERT(!Info.LogBufferTail); 598 | return false; 599 | } 600 | 601 | // Returns true when logging is necessary according to the log's severity and 602 | // a set log level. 603 | EXTERN_C static bool LogpIsLogNeeded(_In_ ULONG Level) { 604 | return !!(g_LogpDebugFlag & Level); 605 | } 606 | 607 | // A thread runs as long as info.BufferFlushThreadShouldBeAlive is true and 608 | // flushes a log buffer to a log file every LOGP_AUTO_FLUSH_INTERVAL_MSEC msec. 609 | ALLOC_TEXT(PAGED, LogpBufferFlushThreadRoutine) 610 | EXTERN_C static VOID LogpBufferFlushThreadRoutine(_In_ void *StartContext) { 611 | PAGED_CODE(); 612 | auto status = STATUS_SUCCESS; 613 | auto info = reinterpret_cast(StartContext); 614 | LOG_DEBUG("Log thread started."); 615 | NT_ASSERT(LogpIsLogFileEnabled(*info)); 616 | 617 | while (info->BufferFlushThreadShouldBeAlive) { 618 | if (info->LogBufferHead[0]) { 619 | NT_ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL); 620 | NT_ASSERT(!KeAreAllApcsDisabled()); 621 | status = LogpWriteLogBufferToFile(info); 622 | // Do not flush the file for overall performance. Even a case of 623 | // bug check, we should be able to recover logs by looking at both 624 | // log buffers. 625 | } 626 | LogpSleep(LOGP_AUTO_FLUSH_INTERVAL_MSEC); 627 | } 628 | LOG_DEBUG("Log thread is ending."); 629 | PsTerminateSystemThread(status); 630 | } 631 | 632 | // Sleep the current thread's execution for Millisecond milli-seconds. 633 | ALLOC_TEXT(PAGED, LogpSleep) 634 | EXTERN_C static NTSTATUS LogpSleep(_In_ LONG Millisecond) { 635 | PAGED_CODE(); 636 | 637 | LARGE_INTEGER interval = {}; 638 | interval.QuadPart = -(10000 * Millisecond); // msec 639 | return KeDelayExecutionThread(KernelMode, FALSE, &interval); 640 | } 641 | -------------------------------------------------------------------------------- /Scavenger/Scavenger/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by Scavenger.rc 4 | // 5 | #define SW_HIDE 0 6 | #define HIDE_WINDOW 0 7 | #define WM_NULL 0x0000 8 | #define WA_INACTIVE 0 9 | #define HTNOWHERE 0 10 | #define SMTO_NORMAL 0x0000 11 | #define ICON_SMALL 0 12 | #define SIZE_RESTORED 0 13 | #define BN_CLICKED 0 14 | #define BST_UNCHECKED 0x0000 15 | #define HDS_HORZ 0x0000 16 | #define TBSTYLE_BUTTON 0x0000 17 | #define TBS_HORZ 0x0000 18 | #define TBS_BOTTOM 0x0000 19 | #define TBS_RIGHT 0x0000 20 | #define LVS_ICON 0x0000 21 | #define LVS_ALIGNTOP 0x0000 22 | #define TCS_TABS 0x0000 23 | #define TCS_SINGLELINE 0x0000 24 | #define TCS_RIGHTJUSTIFY 0x0000 25 | #define DTS_SHORTDATEFORMAT 0x0000 26 | #define PGS_VERT 0x00000000 27 | #define LANG_NEUTRAL 0x00 28 | #define SUBLANG_NEUTRAL 0x00 29 | #define SORT_DEFAULT 0x0 30 | #define SORT_JAPANESE_XJIS 0x0 31 | #define SORT_CHINESE_BIG5 0x0 32 | #define SORT_CHINESE_PRCP 0x0 33 | #define SORT_KOREAN_KSC 0x0 34 | #define SORT_HUNGARIAN_DEFAULT 0x0 35 | #define SORT_GEORGIAN_TRADITIONAL 0x0 36 | #define _USE_DECLSPECS_FOR_SAL 0 37 | #define _USE_ATTRIBUTES_FOR_SAL 0 38 | #define __drv_typeConst 0 39 | #define VER_DEBUG 0 40 | #define VER_PRERELEASE 0 41 | #define WINAPI_PARTITION_APP 1 42 | #define CREATEPROCESS_MANIFEST_RESOURCE_ID 1 43 | #define MINIMUM_RESERVED_MANIFEST_RESOURCE_ID 1 44 | #define SW_SHOWNORMAL 1 45 | #define SW_NORMAL 1 46 | #define SHOW_OPENWINDOW 1 47 | #define SW_PARENTCLOSING 1 48 | #define VK_LBUTTON 0x01 49 | #define WM_CREATE 0x0001 50 | #define WA_ACTIVE 1 51 | #define PWR_OK 1 52 | #define PWR_SUSPENDREQUEST 1 53 | #define NFR_ANSI 1 54 | #define UIS_SET 1 55 | #define UISF_HIDEFOCUS 0x1 56 | #define XBUTTON1 0x0001 57 | #define WMSZ_LEFT 1 58 | #define HTCLIENT 1 59 | #define SMTO_BLOCK 0x0001 60 | #define MA_ACTIVATE 1 61 | #define ICON_BIG 1 62 | #define SIZE_MINIMIZED 1 63 | #define MK_LBUTTON 0x0001 64 | #define TME_HOVER 0x00000001 65 | #define CS_VREDRAW 0x0001 66 | #define CF_TEXT 1 67 | #define SCF_ISSECURE 0x00000001 68 | #define IDOK 1 69 | #define BN_PAINT 1 70 | #define BST_CHECKED 0x0001 71 | #define TBSTYLE_SEP 0x0001 72 | #define TTS_ALWAYSTIP 0x01 73 | #define TBS_AUTOTICKS 0x0001 74 | #define UDS_WRAP 0x0001 75 | #define PBS_SMOOTH 0x01 76 | #define LWS_TRANSPARENT 0x0001 77 | #define LVS_REPORT 0x0001 78 | #define TVS_HASBUTTONS 0x0001 79 | #define TVS_EX_NOSINGLECOLLAPSE 0x0001 80 | #define TCS_SCROLLOPPOSITE 0x0001 81 | #define ACS_CENTER 0x0001 82 | #define MCS_DAYSTATE 0x0001 83 | #define DTS_UPDOWN 0x0001 84 | #define PGS_HORZ 0x00000001 85 | #define NFS_EDIT 0x0001 86 | #define BCSIF_GLYPH 0x0001 87 | #define BCSS_NOSPLIT 0x0001 88 | #define LANG_ARABIC 0x01 89 | #define SUBLANG_DEFAULT 0x01 90 | #define SUBLANG_AFRIKAANS_SOUTH_AFRICA 0x01 91 | #define SUBLANG_ALBANIAN_ALBANIA 0x01 92 | #define SUBLANG_ALSATIAN_FRANCE 0x01 93 | #define SUBLANG_AMHARIC_ETHIOPIA 0x01 94 | #define SUBLANG_ARABIC_SAUDI_ARABIA 0x01 95 | #define SUBLANG_ARMENIAN_ARMENIA 0x01 96 | #define SUBLANG_ASSAMESE_INDIA 0x01 97 | #define SUBLANG_AZERI_LATIN 0x01 98 | #define SUBLANG_AZERBAIJANI_AZERBAIJAN_LATIN 0x01 99 | #define SUBLANG_BANGLA_INDIA 0x01 100 | #define SUBLANG_BASHKIR_RUSSIA 0x01 101 | #define SUBLANG_BASQUE_BASQUE 0x01 102 | #define SUBLANG_BELARUSIAN_BELARUS 0x01 103 | #define SUBLANG_BENGALI_INDIA 0x01 104 | #define SUBLANG_BRETON_FRANCE 0x01 105 | #define SUBLANG_BULGARIAN_BULGARIA 0x01 106 | #define SUBLANG_CATALAN_CATALAN 0x01 107 | #define SUBLANG_CENTRAL_KURDISH_IRAQ 0x01 108 | #define SUBLANG_CHEROKEE_CHEROKEE 0x01 109 | #define SUBLANG_CHINESE_TRADITIONAL 0x01 110 | #define SUBLANG_CORSICAN_FRANCE 0x01 111 | #define SUBLANG_CZECH_CZECH_REPUBLIC 0x01 112 | #define SUBLANG_CROATIAN_CROATIA 0x01 113 | #define SUBLANG_DANISH_DENMARK 0x01 114 | #define SUBLANG_DARI_AFGHANISTAN 0x01 115 | #define SUBLANG_DIVEHI_MALDIVES 0x01 116 | #define SUBLANG_DUTCH 0x01 117 | #define SUBLANG_ENGLISH_US 0x01 118 | #define SUBLANG_ESTONIAN_ESTONIA 0x01 119 | #define SUBLANG_FAEROESE_FAROE_ISLANDS 0x01 120 | #define SUBLANG_FILIPINO_PHILIPPINES 0x01 121 | #define SUBLANG_FINNISH_FINLAND 0x01 122 | #define SUBLANG_FRENCH 0x01 123 | #define SUBLANG_FRISIAN_NETHERLANDS 0x01 124 | #define SUBLANG_GALICIAN_GALICIAN 0x01 125 | #define SUBLANG_GEORGIAN_GEORGIA 0x01 126 | #define SUBLANG_GERMAN 0x01 127 | #define SUBLANG_GREEK_GREECE 0x01 128 | #define SUBLANG_GREENLANDIC_GREENLAND 0x01 129 | #define SUBLANG_GUJARATI_INDIA 0x01 130 | #define SUBLANG_HAUSA_NIGERIA_LATIN 0x01 131 | #define SUBLANG_HAWAIIAN_US 0x01 132 | #define SUBLANG_HEBREW_ISRAEL 0x01 133 | #define SUBLANG_HINDI_INDIA 0x01 134 | #define SUBLANG_HUNGARIAN_HUNGARY 0x01 135 | #define SUBLANG_ICELANDIC_ICELAND 0x01 136 | #define SUBLANG_IGBO_NIGERIA 0x01 137 | #define SUBLANG_INDONESIAN_INDONESIA 0x01 138 | #define SUBLANG_INUKTITUT_CANADA 0x01 139 | #define SUBLANG_ITALIAN 0x01 140 | #define SUBLANG_JAPANESE_JAPAN 0x01 141 | #define SUBLANG_KANNADA_INDIA 0x01 142 | #define SUBLANG_KAZAK_KAZAKHSTAN 0x01 143 | #define SUBLANG_KHMER_CAMBODIA 0x01 144 | #define SUBLANG_KICHE_GUATEMALA 0x01 145 | #define SUBLANG_KINYARWANDA_RWANDA 0x01 146 | #define SUBLANG_KONKANI_INDIA 0x01 147 | #define SUBLANG_KOREAN 0x01 148 | #define SUBLANG_KYRGYZ_KYRGYZSTAN 0x01 149 | #define SUBLANG_LAO_LAO 0x01 150 | #define SUBLANG_LATVIAN_LATVIA 0x01 151 | #define SUBLANG_LITHUANIAN 0x01 152 | #define SUBLANG_LUXEMBOURGISH_LUXEMBOURG 0x01 153 | #define SUBLANG_MACEDONIAN_MACEDONIA 0x01 154 | #define SUBLANG_MALAY_MALAYSIA 0x01 155 | #define SUBLANG_MALAYALAM_INDIA 0x01 156 | #define SUBLANG_MALTESE_MALTA 0x01 157 | #define SUBLANG_MAORI_NEW_ZEALAND 0x01 158 | #define SUBLANG_MAPUDUNGUN_CHILE 0x01 159 | #define SUBLANG_MARATHI_INDIA 0x01 160 | #define SUBLANG_MOHAWK_MOHAWK 0x01 161 | #define SUBLANG_MONGOLIAN_CYRILLIC_MONGOLIA 0x01 162 | #define SUBLANG_NEPALI_NEPAL 0x01 163 | #define SUBLANG_NORWEGIAN_BOKMAL 0x01 164 | #define SUBLANG_OCCITAN_FRANCE 0x01 165 | #define SUBLANG_ODIA_INDIA 0x01 166 | #define SUBLANG_ORIYA_INDIA 0x01 167 | #define SUBLANG_PASHTO_AFGHANISTAN 0x01 168 | #define SUBLANG_PERSIAN_IRAN 0x01 169 | #define SUBLANG_POLISH_POLAND 0x01 170 | #define SUBLANG_PORTUGUESE_BRAZILIAN 0x01 171 | #define SUBLANG_PUNJABI_INDIA 0x01 172 | #define SUBLANG_QUECHUA_BOLIVIA 0x01 173 | #define SUBLANG_ROMANIAN_ROMANIA 0x01 174 | #define SUBLANG_ROMANSH_SWITZERLAND 0x01 175 | #define SUBLANG_RUSSIAN_RUSSIA 0x01 176 | #define SUBLANG_SAKHA_RUSSIA 0x01 177 | #define SUBLANG_SAMI_NORTHERN_NORWAY 0x01 178 | #define SUBLANG_SANSKRIT_INDIA 0x01 179 | #define SUBLANG_SCOTTISH_GAELIC 0x01 180 | #define SUBLANG_SERBIAN_CROATIA 0x01 181 | #define SUBLANG_SINDHI_INDIA 0x01 182 | #define SUBLANG_SINHALESE_SRI_LANKA 0x01 183 | #define SUBLANG_SOTHO_NORTHERN_SOUTH_AFRICA 0x01 184 | #define SUBLANG_SLOVAK_SLOVAKIA 0x01 185 | #define SUBLANG_SLOVENIAN_SLOVENIA 0x01 186 | #define SUBLANG_SPANISH 0x01 187 | #define SUBLANG_SWAHILI_KENYA 0x01 188 | #define SUBLANG_SWEDISH 0x01 189 | #define SUBLANG_SYRIAC_SYRIA 0x01 190 | #define SUBLANG_TAJIK_TAJIKISTAN 0x01 191 | #define SUBLANG_TAMIL_INDIA 0x01 192 | #define SUBLANG_TATAR_RUSSIA 0x01 193 | #define SUBLANG_TELUGU_INDIA 0x01 194 | #define SUBLANG_THAI_THAILAND 0x01 195 | #define SUBLANG_TIBETAN_PRC 0x01 196 | #define SUBLANG_TIGRINYA_ETHIOPIA 0x01 197 | #define SUBLANG_TSWANA_SOUTH_AFRICA 0x01 198 | #define SUBLANG_TURKISH_TURKEY 0x01 199 | #define SUBLANG_TURKMEN_TURKMENISTAN 0x01 200 | #define SUBLANG_UIGHUR_PRC 0x01 201 | #define SUBLANG_UKRAINIAN_UKRAINE 0x01 202 | #define SUBLANG_UPPER_SORBIAN_GERMANY 0x01 203 | #define SUBLANG_URDU_PAKISTAN 0x01 204 | #define SUBLANG_UZBEK_LATIN 0x01 205 | #define SUBLANG_VIETNAMESE_VIETNAM 0x01 206 | #define SUBLANG_WELSH_UNITED_KINGDOM 0x01 207 | #define SUBLANG_WOLOF_SENEGAL 0x01 208 | #define SUBLANG_XHOSA_SOUTH_AFRICA 0x01 209 | #define SUBLANG_YAKUT_RUSSIA 0x01 210 | #define SUBLANG_YI_PRC 0x01 211 | #define SUBLANG_YORUBA_NIGERIA 0x01 212 | #define SUBLANG_ZULU_SOUTH_AFRICA 0x01 213 | #define SORT_INVARIANT_MATH 0x1 214 | #define SORT_JAPANESE_UNICODE 0x1 215 | #define SORT_CHINESE_UNICODE 0x1 216 | #define SORT_KOREAN_UNICODE 0x1 217 | #define SORT_GERMAN_PHONE_BOOK 0x1 218 | #define SORT_HUNGARIAN_TECHNICAL 0x1 219 | #define SORT_GEORGIAN_MODERN 0x1 220 | #define __drv_typeCond 1 221 | #define VS_VERSION_INFO 1 222 | #define VFFF_ISSHAREDFILE 0x0001 223 | #define VFF_CURNEDEST 0x0001 224 | #define VIFF_FORCEINSTALL 0x0001 225 | #define WINAPI_FAMILY_PC_APP 2 226 | #define ISOLATIONAWARE_MANIFEST_RESOURCE_ID 2 227 | #define SW_SHOWMINIMIZED 2 228 | #define SHOW_ICONWINDOW 2 229 | #define SW_OTHERZOOM 2 230 | #define VK_RBUTTON 0x02 231 | #define WM_DESTROY 0x0002 232 | #define WA_CLICKACTIVE 2 233 | #define PWR_SUSPENDRESUME 2 234 | #define NFR_UNICODE 2 235 | #define UIS_CLEAR 2 236 | #define UISF_HIDEACCEL 0x2 237 | #define XBUTTON2 0x0002 238 | #define WMSZ_RIGHT 2 239 | #define HTCAPTION 2 240 | #define SMTO_ABORTIFHUNG 0x0002 241 | #define MA_ACTIVATEANDEAT 2 242 | #define ICON_SMALL2 2 243 | #define SIZE_MAXIMIZED 2 244 | #define MK_RBUTTON 0x0002 245 | #define TME_LEAVE 0x00000002 246 | #define CS_HREDRAW 0x0002 247 | #define CF_BITMAP 2 248 | #define IDCANCEL 2 249 | #define BN_HILITE 2 250 | #define BST_INDETERMINATE 0x0002 251 | #define HDS_BUTTONS 0x0002 252 | #define TBSTYLE_CHECK 0x0002 253 | #define TTS_NOPREFIX 0x02 254 | #define TBS_VERT 0x0002 255 | #define UDS_SETBUDDYINT 0x0002 256 | #define LWS_IGNORERETURN 0x0002 257 | #define LVS_SMALLICON 0x0002 258 | #define TVS_HASLINES 0x0002 259 | #define TVS_EX_MULTISELECT 0x0002 260 | #define TCS_BOTTOM 0x0002 261 | #define TCS_RIGHT 0x0002 262 | #define ACS_TRANSPARENT 0x0002 263 | #define MCS_MULTISELECT 0x0002 264 | #define DTS_SHOWNONE 0x0002 265 | #define PGS_AUTOSCROLL 0x00000002 266 | #define NFS_STATIC 0x0002 267 | #define BCSIF_IMAGE 0x0002 268 | #define BCSS_STRETCH 0x0002 269 | #define LANG_BULGARIAN 0x02 270 | #define SUBLANG_SYS_DEFAULT 0x02 271 | #define SUBLANG_ARABIC_IRAQ 0x02 272 | #define SUBLANG_AZERI_CYRILLIC 0x02 273 | #define SUBLANG_AZERBAIJANI_AZERBAIJAN_CYRILLIC 0x02 274 | #define SUBLANG_BANGLA_BANGLADESH 0x02 275 | #define SUBLANG_BENGALI_BANGLADESH 0x02 276 | #define SUBLANG_CHINESE_SIMPLIFIED 0x02 277 | #define SUBLANG_DUTCH_BELGIAN 0x02 278 | #define SUBLANG_ENGLISH_UK 0x02 279 | #define SUBLANG_FRENCH_BELGIAN 0x02 280 | #define SUBLANG_FULAH_SENEGAL 0x02 281 | #define SUBLANG_GERMAN_SWISS 0x02 282 | #define SUBLANG_INUKTITUT_CANADA_LATIN 0x02 283 | #define SUBLANG_IRISH_IRELAND 0x02 284 | #define SUBLANG_ITALIAN_SWISS 0x02 285 | #define SUBLANG_KASHMIRI_SASIA 0x02 286 | #define SUBLANG_KASHMIRI_INDIA 0x02 287 | #define SUBLANG_LOWER_SORBIAN_GERMANY 0x02 288 | #define SUBLANG_MALAY_BRUNEI_DARUSSALAM 0x02 289 | #define SUBLANG_MONGOLIAN_PRC 0x02 290 | #define SUBLANG_NEPALI_INDIA 0x02 291 | #define SUBLANG_NORWEGIAN_NYNORSK 0x02 292 | #define SUBLANG_PORTUGUESE 0x02 293 | #define SUBLANG_PULAR_SENEGAL 0x02 294 | #define SUBLANG_PUNJABI_PAKISTAN 0x02 295 | #define SUBLANG_QUECHUA_ECUADOR 0x02 296 | #define SUBLANG_SAMI_NORTHERN_SWEDEN 0x02 297 | #define SUBLANG_SERBIAN_LATIN 0x02 298 | #define SUBLANG_SINDHI_PAKISTAN 0x02 299 | #define SUBLANG_SINDHI_AFGHANISTAN 0x02 300 | #define SUBLANG_SPANISH_MEXICAN 0x02 301 | #define SUBLANG_SWEDISH_FINLAND 0x02 302 | #define SUBLANG_TAMAZIGHT_ALGERIA_LATIN 0x02 303 | #define SUBLANG_TAMIL_SRI_LANKA 0x02 304 | #define SUBLANG_TIGRIGNA_ERITREA 0x02 305 | #define SUBLANG_TIGRINYA_ERITREA 0x02 306 | #define SUBLANG_TSWANA_BOTSWANA 0x02 307 | #define SUBLANG_URDU_INDIA 0x02 308 | #define SUBLANG_UZBEK_CYRILLIC 0x02 309 | #define SUBLANG_VALENCIAN_VALENCIA 0x02 310 | #define SORT_CHINESE_PRC 0x2 311 | #define __drv_typeBitset 2 312 | #define VFF_FILEINUSE 0x0002 313 | #define VIFF_DONTDELETEOLD 0x0002 314 | #define WINAPI_FAMILY_PHONE_APP 3 315 | #define ISOLATIONAWARE_NOSTATICIMPORT_MANIFEST_RESOURCE_ID 3 316 | #define SW_SHOWMAXIMIZED 3 317 | #define SW_MAXIMIZE 3 318 | #define SHOW_FULLSCREEN 3 319 | #define SW_PARENTOPENING 3 320 | #define VK_CANCEL 0x03 321 | #define WM_MOVE 0x0003 322 | #define PWR_CRITICALRESUME 3 323 | #define NF_QUERY 3 324 | #define UIS_INITIALIZE 3 325 | #define WMSZ_TOP 3 326 | #define HTSYSMENU 3 327 | #define MA_NOACTIVATE 3 328 | #define SIZE_MAXSHOW 3 329 | #define CF_METAFILEPICT 3 330 | #define IDABORT 3 331 | #define BN_UNHILITE 3 332 | #define LVS_LIST 0x0003 333 | #define LVS_TYPEMASK 0x0003 334 | #define LANG_CATALAN 0x03 335 | #define LANG_VALENCIAN 0x03 336 | #define SUBLANG_CUSTOM_DEFAULT 0x03 337 | #define SUBLANG_ARABIC_EGYPT 0x03 338 | #define SUBLANG_CHINESE_HONGKONG 0x03 339 | #define SUBLANG_ENGLISH_AUS 0x03 340 | #define SUBLANG_FRENCH_CANADIAN 0x03 341 | #define SUBLANG_GERMAN_AUSTRIAN 0x03 342 | #define SUBLANG_QUECHUA_PERU 0x03 343 | #define SUBLANG_SAMI_NORTHERN_FINLAND 0x03 344 | #define SUBLANG_SERBIAN_CYRILLIC 0x03 345 | #define SUBLANG_SPANISH_MODERN 0x03 346 | #define SORT_CHINESE_BOPOMOFO 0x3 347 | #define __drv_typeExpr 3 348 | #define VER_PRODUCTMINORVERSION 3 349 | #define SW_SHOWNOACTIVATE 4 350 | #define SHOW_OPENNOACTIVATE 4 351 | #define SW_OTHERUNZOOM 4 352 | #define VK_MBUTTON 0x04 353 | #define NF_REQUERY 4 354 | #define UISF_ACTIVE 0x4 355 | #define WMSZ_TOPLEFT 4 356 | #define HTGROWBOX 4 357 | #define MA_NOACTIVATEANDEAT 4 358 | #define SIZE_MAXHIDE 4 359 | #define MK_SHIFT 0x0004 360 | #define CF_SYLK 4 361 | #define IDRETRY 4 362 | #define BN_DISABLE 4 363 | #define BST_PUSHED 0x0004 364 | #define HDS_HOTTRACK 0x0004 365 | #define TBSTYLE_GROUP 0x0004 366 | #define TBS_TOP 0x0004 367 | #define TBS_LEFT 0x0004 368 | #define UDS_ALIGNRIGHT 0x0004 369 | #define PBS_VERTICAL 0x04 370 | #define LWS_NOPREFIX 0x0004 371 | #define LVS_SINGLESEL 0x0004 372 | #define TVS_LINESATROOT 0x0004 373 | #define TVS_EX_DOUBLEBUFFER 0x0004 374 | #define TCS_MULTISELECT 0x0004 375 | #define ACS_AUTOPLAY 0x0004 376 | #define MCS_WEEKNUMBERS 0x0004 377 | #define DTS_LONGDATEFORMAT 0x0004 378 | #define PGS_DRAGNDROP 0x00000004 379 | #define NFS_LISTCOMBO 0x0004 380 | #define BCSIF_STYLE 0x0004 381 | #define BCSS_ALIGNLEFT 0x0004 382 | #define LANG_CHINESE 0x04 383 | #define LANG_CHINESE_SIMPLIFIED 0x04 384 | #define SUBLANG_CUSTOM_UNSPECIFIED 0x04 385 | #define SUBLANG_ARABIC_LIBYA 0x04 386 | #define SUBLANG_CHINESE_SINGAPORE 0x04 387 | #define SUBLANG_CROATIAN_BOSNIA_HERZEGOVINA_LATIN 0x04 388 | #define SUBLANG_ENGLISH_CAN 0x04 389 | #define SUBLANG_FRENCH_SWISS 0x04 390 | #define SUBLANG_GERMAN_LUXEMBOURG 0x04 391 | #define SUBLANG_SAMI_LULE_NORWAY 0x04 392 | #define SUBLANG_SPANISH_GUATEMALA 0x04 393 | #define SUBLANG_TAMAZIGHT_MOROCCO_TIFINAGH 0x04 394 | #define SORT_JAPANESE_RADICALSTROKE 0x4 395 | #define SORT_CHINESE_RADICALSTROKE 0x4 396 | #define VFF_BUFFTOOSMALL 0x0004 397 | #define SW_SHOW 5 398 | #define VK_XBUTTON1 0x05 399 | #define WM_SIZE 0x0005 400 | #define WMSZ_TOPRIGHT 5 401 | #define HTMENU 5 402 | #define CF_DIF 5 403 | #define IDIGNORE 5 404 | #define BN_DOUBLECLICKED 5 405 | #define LANG_CZECH 0x05 406 | #define SUBLANG_UI_CUSTOM_DEFAULT 0x05 407 | #define SUBLANG_ARABIC_ALGERIA 0x05 408 | #define SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_LATIN 0x05 409 | #define SUBLANG_CHINESE_MACAU 0x05 410 | #define SUBLANG_ENGLISH_NZ 0x05 411 | #define SUBLANG_FRENCH_LUXEMBOURG 0x05 412 | #define SUBLANG_GERMAN_LIECHTENSTEIN 0x05 413 | #define SUBLANG_SAMI_LULE_SWEDEN 0x05 414 | #define SUBLANG_SPANISH_COSTA_RICA 0x05 415 | #define SW_MINIMIZE 6 416 | #define VK_XBUTTON2 0x06 417 | #define WM_ACTIVATE 0x0006 418 | #define WMSZ_BOTTOM 6 419 | #define HTHSCROLL 6 420 | #define CF_TIFF 6 421 | #define IDYES 6 422 | #define BN_SETFOCUS 6 423 | #define LANG_DANISH 0x06 424 | #define SUBLANG_ARABIC_MOROCCO 0x06 425 | #define SUBLANG_ENGLISH_EIRE 0x06 426 | #define SUBLANG_FRENCH_MONACO 0x06 427 | #define SUBLANG_SAMI_SOUTHERN_NORWAY 0x06 428 | #define SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_LATIN 0x06 429 | #define SUBLANG_SPANISH_PANAMA 0x06 430 | #define VER_PRODUCTMAJORVERSION 6 431 | #define SW_SHOWMINNOACTIVE 7 432 | #define WM_SETFOCUS 0x0007 433 | #define WMSZ_BOTTOMLEFT 7 434 | #define HTVSCROLL 7 435 | #define CF_OEMTEXT 7 436 | #define IDNO 7 437 | #define BN_KILLFOCUS 7 438 | #define LANG_GERMAN 0x07 439 | #define SUBLANG_ARABIC_TUNISIA 0x07 440 | #define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07 441 | #define SUBLANG_SAMI_SOUTHERN_SWEDEN 0x07 442 | #define SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_CYRILLIC 0x07 443 | #define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07 444 | #define SW_SHOWNA 8 445 | #define VK_BACK 0x08 446 | #define WM_KILLFOCUS 0x0008 447 | #define WMSZ_BOTTOMRIGHT 8 448 | #define HTMINBUTTON 8 449 | #define SMTO_NOTIMEOUTIFNOTHUNG 0x0008 450 | #define MK_CONTROL 0x0008 451 | #define CS_DBLCLKS 0x0008 452 | #define CF_DIB 8 453 | #define IDCLOSE 8 454 | #define BST_FOCUS 0x0008 455 | #define HDS_HIDDEN 0x0008 456 | #define TBSTYLE_DROPDOWN 0x0008 457 | #define TBS_BOTH 0x0008 458 | #define UDS_ALIGNLEFT 0x0008 459 | #define PBS_MARQUEE 0x08 460 | #define LWS_USEVISUALSTYLE 0x0008 461 | #define LVS_SHOWSELALWAYS 0x0008 462 | #define TVS_EDITLABELS 0x0008 463 | #define TVS_EX_NOINDENTSTATE 0x0008 464 | #define TCS_FLATBUTTONS 0x0008 465 | #define ACS_TIMER 0x0008 466 | #define MCS_NOTODAYCIRCLE 0x0008 467 | #define NFS_BUTTON 0x0008 468 | #define BCSIF_SIZE 0x0008 469 | #define BCSS_IMAGE 0x0008 470 | #define LANG_GREEK 0x08 471 | #define SUBLANG_ARABIC_OMAN 0x08 472 | #define SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_CYRILLIC 0x08 473 | #define SUBLANG_ENGLISH_JAMAICA 0x08 474 | #define SUBLANG_SAMI_SKOLT_FINLAND 0x08 475 | #define SUBLANG_SPANISH_VENEZUELA 0x08 476 | #define SW_RESTORE 9 477 | #define VK_TAB 0x09 478 | #define HTMAXBUTTON 9 479 | #define CF_PALETTE 9 480 | #define IDHELP 9 481 | #define DTS_TIMEFORMAT 0x0009 482 | #define LANG_ENGLISH 0x09 483 | #define SUBLANG_ARABIC_YEMEN 0x09 484 | #define SUBLANG_ENGLISH_CARIBBEAN 0x09 485 | #define SUBLANG_SAMI_INARI_FINLAND 0x09 486 | #define SUBLANG_SERBIAN_SERBIA_LATIN 0x09 487 | #define SUBLANG_SPANISH_COLOMBIA 0x09 488 | #define SW_SHOWDEFAULT 10 489 | #define WM_ENABLE 0x000A 490 | #define HTLEFT 10 491 | #define CF_PENDATA 10 492 | #define IDTRYAGAIN 10 493 | #define HELP_CONTEXTMENU 0x000a 494 | #define LANG_SPANISH 0x0a 495 | #define SUBLANG_ARABIC_SYRIA 0x0a 496 | #define SUBLANG_ENGLISH_BELIZE 0x0a 497 | #define SUBLANG_SERBIAN_SERBIA_CYRILLIC 0x0a 498 | #define SUBLANG_SPANISH_PERU 0x0a 499 | #define SW_FORCEMINIMIZE 11 500 | #define SW_MAX 11 501 | #define WM_SETREDRAW 0x000B 502 | #define HTRIGHT 11 503 | #define CF_RIFF 11 504 | #define IDCONTINUE 11 505 | #define HELP_FINDER 0x000b 506 | #define LANG_FINNISH 0x0b 507 | #define SUBLANG_ARABIC_JORDAN 0x0b 508 | #define SUBLANG_ENGLISH_TRINIDAD 0x0b 509 | #define SUBLANG_SERBIAN_MONTENEGRO_LATIN 0x0b 510 | #define SUBLANG_SPANISH_ARGENTINA 0x0b 511 | #define VK_CLEAR 0x0C 512 | #define WM_SETTEXT 0x000C 513 | #define HTTOP 12 514 | #define CF_WAVE 12 515 | #define HELP_WM_HELP 0x000c 516 | #define DTS_SHORTDATECENTURYFORMAT 0x000C 517 | #define LANG_FRENCH 0x0c 518 | #define SUBLANG_ARABIC_LEBANON 0x0c 519 | #define SUBLANG_ENGLISH_ZIMBABWE 0x0c 520 | #define SUBLANG_SERBIAN_MONTENEGRO_CYRILLIC 0x0c 521 | #define SUBLANG_SPANISH_ECUADOR 0x0c 522 | #define VK_RETURN 0x0D 523 | #define WM_GETTEXT 0x000D 524 | #define HTTOPLEFT 13 525 | #define CF_UNICODETEXT 13 526 | #define HELP_SETPOPUP_POS 0x000d 527 | #define LANG_HEBREW 0x0d 528 | #define SUBLANG_ARABIC_KUWAIT 0x0d 529 | #define SUBLANG_ENGLISH_PHILIPPINES 0x0d 530 | #define SUBLANG_SPANISH_CHILE 0x0d 531 | #define WM_GETTEXTLENGTH 0x000E 532 | #define HTTOPRIGHT 14 533 | #define CF_ENHMETAFILE 14 534 | #define LANG_HUNGARIAN 0x0e 535 | #define SUBLANG_ARABIC_UAE 0x0e 536 | #define SUBLANG_SPANISH_URUGUAY 0x0e 537 | #define WM_PAINT 0x000F 538 | #define HTBOTTOM 15 539 | #define CF_HDROP 15 540 | #define LANG_ICELANDIC 0x0f 541 | #define SUBLANG_ARABIC_BAHRAIN 0x0f 542 | #define SUBLANG_SPANISH_PARAGUAY 0x0f 543 | #define MAXIMUM_RESERVED_MANIFEST_RESOURCE_ID 16 544 | #define VK_SHIFT 0x10 545 | #define WM_CLOSE 0x0010 546 | #define HTBOTTOMLEFT 16 547 | #define WVR_ALIGNTOP 0x0010 548 | #define MK_MBUTTON 0x0010 549 | #define TME_NONCLIENT 0x00000010 550 | #define CF_LOCALE 16 551 | #define HELP_TCARD_DATA 0x0010 552 | #define TBSTYLE_AUTOSIZE 0x0010 553 | #define TTS_NOANIMATE 0x10 554 | #define TBS_NOTICKS 0x0010 555 | #define UDS_AUTOBUDDY 0x0010 556 | #define PBS_SMOOTHREVERSE 0x10 557 | #define LWS_USECUSTOMTEXT 0x0010 558 | #define LVS_SORTASCENDING 0x0010 559 | #define TVS_DISABLEDRAGDROP 0x0010 560 | #define TVS_EX_RICHTOOLTIP 0x0010 561 | #define TCS_FORCEICONLEFT 0x0010 562 | #define MCS_NOTODAY 0x0010 563 | #define DTS_APPCANPARSE 0x0010 564 | #define NFS_ALL 0x0010 565 | #define LANG_ITALIAN 0x10 566 | #define SUBLANG_ARABIC_QATAR 0x10 567 | #define SUBLANG_ENGLISH_INDIA 0x10 568 | #define SUBLANG_SPANISH_BOLIVIA 0x10 569 | #define VK_CONTROL 0x11 570 | #define WM_QUERYENDSESSION 0x0011 571 | #define HTBOTTOMRIGHT 17 572 | #define CF_DIBV5 17 573 | #define HELP_TCARD_OTHER_CALLER 0x0011 574 | #define LANG_JAPANESE 0x11 575 | #define SUBLANG_ENGLISH_MALAYSIA 0x11 576 | #define SUBLANG_SPANISH_EL_SALVADOR 0x11 577 | #define VK_MENU 0x12 578 | #define WM_QUIT 0x0012 579 | #define HTBORDER 18 580 | #define CF_MAX 18 581 | #define LANG_KOREAN 0x12 582 | #define SUBLANG_ENGLISH_SINGAPORE 0x12 583 | #define SUBLANG_SPANISH_HONDURAS 0x12 584 | #define VK_PAUSE 0x13 585 | #define WM_QUERYOPEN 0x0013 586 | #define HTOBJECT 19 587 | #define LANG_DUTCH 0x13 588 | #define SUBLANG_SPANISH_NICARAGUA 0x13 589 | #define VK_CAPITAL 0x14 590 | #define WM_ERASEBKGND 0x0014 591 | #define HTCLOSE 20 592 | #define LANG_NORWEGIAN 0x14 593 | #define SUBLANG_SPANISH_PUERTO_RICO 0x14 594 | #define _SAL_VERSION 20 595 | #define VK_KANA 0x15 596 | #define VK_HANGEUL 0x15 597 | #define VK_HANGUL 0x15 598 | #define WM_SYSCOLORCHANGE 0x0015 599 | #define HTHELP 21 600 | #define LANG_POLISH 0x15 601 | #define SUBLANG_SPANISH_US 0x15 602 | #define WM_ENDSESSION 0x0016 603 | #define LANG_PORTUGUESE 0x16 604 | #define VK_JUNJA 0x17 605 | #define LANG_ROMANSH 0x17 606 | #define RT_MANIFEST 24 607 | #define VK_FINAL 0x18 608 | #define WM_SHOWWINDOW 0x0018 609 | #define LANG_ROMANIAN 0x18 610 | #define VK_HANJA 0x19 611 | #define VK_KANJI 0x19 612 | #define LANG_RUSSIAN 0x19 613 | #define WM_WININICHANGE 0x001A 614 | #define LANG_BOSNIAN 0x1a 615 | #define LANG_CROATIAN 0x1a 616 | #define LANG_SERBIAN 0x1a 617 | #define VK_ESCAPE 0x1B 618 | #define WM_DEVMODECHANGE 0x001B 619 | #define LANG_SLOVAK 0x1b 620 | #define VK_CONVERT 0x1C 621 | #define WM_ACTIVATEAPP 0x001C 622 | #define LANG_ALBANIAN 0x1c 623 | #define VK_NONCONVERT 0x1D 624 | #define WM_FONTCHANGE 0x001D 625 | #define LANG_SWEDISH 0x1d 626 | #define VK_ACCEPT 0x1E 627 | #define WM_TIMECHANGE 0x001E 628 | #define LANG_THAI 0x1e 629 | #define VK_MODECHANGE 0x1F 630 | #define WM_CANCELMODE 0x001F 631 | #define LANG_TURKISH 0x1f 632 | #define VK_SPACE 0x20 633 | #define WM_SETCURSOR 0x0020 634 | #define SMTO_ERRORONEXIT 0x0020 635 | #define WVR_ALIGNLEFT 0x0020 636 | #define MK_XBUTTON1 0x0020 637 | #define CS_OWNDC 0x0020 638 | #define TBSTYLE_NOPREFIX 0x0020 639 | #define TTS_NOFADE 0x20 640 | #define TBS_ENABLESELRANGE 0x0020 641 | #define UDS_ARROWKEYS 0x0020 642 | #define LWS_RIGHT 0x0020 643 | #define LVS_SORTDESCENDING 0x0020 644 | #define TVS_SHOWSELALWAYS 0x0020 645 | #define TVS_EX_AUTOHSCROLL 0x0020 646 | #define TCS_FORCELABELLEFT 0x0020 647 | #define DTS_RIGHTALIGN 0x0020 648 | #define NFS_USEFONTASSOC 0x0020 649 | #define LANG_URDU 0x20 650 | #define VK_PRIOR 0x21 651 | #define WM_MOUSEACTIVATE 0x0021 652 | #define LANG_INDONESIAN 0x21 653 | #define VK_NEXT 0x22 654 | #define WM_CHILDACTIVATE 0x0022 655 | #define LANG_UKRAINIAN 0x22 656 | #define VK_END 0x23 657 | #define WM_QUEUESYNC 0x0023 658 | #define LANG_BELARUSIAN 0x23 659 | #define VK_HOME 0x24 660 | #define WM_GETMINMAXINFO 0x0024 661 | #define LANG_SLOVENIAN 0x24 662 | #define VK_LEFT 0x25 663 | #define LANG_ESTONIAN 0x25 664 | #define VK_UP 0x26 665 | #define WM_PAINTICON 0x0026 666 | #define LANG_LATVIAN 0x26 667 | #define VK_RIGHT 0x27 668 | #define WM_ICONERASEBKGND 0x0027 669 | #define LANG_LITHUANIAN 0x27 670 | #define VK_DOWN 0x28 671 | #define WM_NEXTDLGCTL 0x0028 672 | #define LANG_TAJIK 0x28 673 | #define VK_SELECT 0x29 674 | #define LANG_FARSI 0x29 675 | #define LANG_PERSIAN 0x29 676 | #define VK_PRINT 0x2A 677 | #define WM_SPOOLERSTATUS 0x002A 678 | #define LANG_VIETNAMESE 0x2a 679 | #define VK_EXECUTE 0x2B 680 | #define WM_DRAWITEM 0x002B 681 | #define LANG_ARMENIAN 0x2b 682 | #define VK_SNAPSHOT 0x2C 683 | #define WM_MEASUREITEM 0x002C 684 | #define LANG_AZERI 0x2c 685 | #define LANG_AZERBAIJANI 0x2c 686 | #define VK_INSERT 0x2D 687 | #define WM_DELETEITEM 0x002D 688 | #define LANG_BASQUE 0x2d 689 | #define VK_DELETE 0x2E 690 | #define WM_VKEYTOITEM 0x002E 691 | #define LANG_LOWER_SORBIAN 0x2e 692 | #define LANG_UPPER_SORBIAN 0x2e 693 | #define VK_HELP 0x2F 694 | #define WM_CHARTOITEM 0x002F 695 | #define LANG_MACEDONIAN 0x2f 696 | #define WM_SETFONT 0x0030 697 | #define WM_GETFONT 0x0031 698 | #define WM_SETHOTKEY 0x0032 699 | #define LANG_TSWANA 0x32 700 | #define WM_GETHOTKEY 0x0033 701 | #define LANG_XHOSA 0x34 702 | #define LANG_ZULU 0x35 703 | #define LANG_AFRIKAANS 0x36 704 | #define WM_QUERYDRAGICON 0x0037 705 | #define LANG_GEORGIAN 0x37 706 | #define LANG_FAEROESE 0x38 707 | #define WM_COMPAREITEM 0x0039 708 | #define LANG_HINDI 0x39 709 | #define LANG_MALTESE 0x3a 710 | #define LANG_SAMI 0x3b 711 | #define LANG_IRISH 0x3c 712 | #define WM_GETOBJECT 0x003D 713 | #define LANG_MALAY 0x3e 714 | #define LANG_KAZAK 0x3f 715 | #define WVR_ALIGNBOTTOM 0x0040 716 | #define MK_XBUTTON2 0x0040 717 | #define CS_CLASSDC 0x0040 718 | #define HDS_DRAGDROP 0x0040 719 | #define BTNS_SHOWTEXT 0x0040 720 | #define TTS_BALLOON 0x40 721 | #define TBS_FIXEDLENGTH 0x0040 722 | #define UDS_HORZ 0x0040 723 | #define LVS_SHAREIMAGELISTS 0x0040 724 | #define TVS_RTLREADING 0x0040 725 | #define TVS_EX_FADEINOUTEXPANDOS 0x0040 726 | #define TCS_HOTTRACK 0x0040 727 | #define MCS_NOTRAILINGDATES 0x0040 728 | #define LANG_KYRGYZ 0x40 729 | #define WM_COMPACTING 0x0041 730 | #define LANG_SWAHILI 0x41 731 | #define LANG_TURKMEN 0x42 732 | #define LANG_UZBEK 0x43 733 | #define WM_COMMNOTIFY 0x0044 734 | #define LANG_TATAR 0x44 735 | #define LANG_BANGLA 0x45 736 | #define LANG_BENGALI 0x45 737 | #define WM_WINDOWPOSCHANGING 0x0046 738 | #define LANG_PUNJABI 0x46 739 | #define WM_WINDOWPOSCHANGED 0x0047 740 | #define LANG_GUJARATI 0x47 741 | #define WM_POWER 0x0048 742 | #define LANG_ODIA 0x48 743 | #define LANG_ORIYA 0x48 744 | #define LANG_TAMIL 0x49 745 | #define WM_COPYDATA 0x004A 746 | #define LANG_TELUGU 0x4a 747 | #define WM_CANCELJOURNAL 0x004B 748 | #define LANG_KANNADA 0x4b 749 | #define LANG_MALAYALAM 0x4c 750 | #define LANG_ASSAMESE 0x4d 751 | #define WM_NOTIFY 0x004E 752 | #define LANG_MARATHI 0x4e 753 | #define LANG_SANSKRIT 0x4f 754 | #define WM_INPUTLANGCHANGEREQUEST 0x0050 755 | #define LANG_MONGOLIAN 0x50 756 | #define WM_INPUTLANGCHANGE 0x0051 757 | #define LANG_TIBETAN 0x51 758 | #define WM_TCARD 0x0052 759 | #define LANG_WELSH 0x52 760 | #define WM_HELP 0x0053 761 | #define LANG_KHMER 0x53 762 | #define WM_USERCHANGED 0x0054 763 | #define LANG_LAO 0x54 764 | #define WM_NOTIFYFORMAT 0x0055 765 | #define LANG_GALICIAN 0x56 766 | #define LANG_KONKANI 0x57 767 | #define LANG_MANIPURI 0x58 768 | #define LANG_SINDHI 0x59 769 | #define LANG_SYRIAC 0x5a 770 | #define VK_LWIN 0x5B 771 | #define LANG_SINHALESE 0x5b 772 | #define VK_RWIN 0x5C 773 | #define LANG_CHEROKEE 0x5c 774 | #define VK_APPS 0x5D 775 | #define LANG_INUKTITUT 0x5d 776 | #define LANG_AMHARIC 0x5e 777 | #define VK_SLEEP 0x5F 778 | #define LANG_TAMAZIGHT 0x5f 779 | #define VK_NUMPAD0 0x60 780 | #define LANG_KASHMIRI 0x60 781 | #define VK_NUMPAD1 0x61 782 | #define LANG_NEPALI 0x61 783 | #define VK_NUMPAD2 0x62 784 | #define LANG_FRISIAN 0x62 785 | #define VK_NUMPAD3 0x63 786 | #define LANG_PASHTO 0x63 787 | #define WINAPI_FAMILY_DESKTOP_APP 100 788 | #define VK_NUMPAD4 0x64 789 | #define LANG_FILIPINO 0x64 790 | #define VS_USER_DEFINED 100 791 | #define VK_NUMPAD5 0x65 792 | #define LANG_DIVEHI 0x65 793 | #define VK_NUMPAD6 0x66 794 | #define VK_NUMPAD7 0x67 795 | #define LANG_FULAH 0x67 796 | #define LANG_PULAR 0x67 797 | #define VK_NUMPAD8 0x68 798 | #define LANG_HAUSA 0x68 799 | #define VK_NUMPAD9 0x69 800 | #define VK_MULTIPLY 0x6A 801 | #define LANG_YORUBA 0x6a 802 | #define VK_ADD 0x6B 803 | #define LANG_QUECHUA 0x6b 804 | #define VK_SEPARATOR 0x6C 805 | #define LANG_SOTHO 0x6c 806 | #define VK_SUBTRACT 0x6D 807 | #define LANG_BASHKIR 0x6d 808 | #define VK_DECIMAL 0x6E 809 | #define LANG_LUXEMBOURGISH 0x6e 810 | #define VK_DIVIDE 0x6F 811 | #define LANG_GREENLANDIC 0x6f 812 | #define VK_F1 0x70 813 | #define LANG_IGBO 0x70 814 | #define VK_F2 0x71 815 | #define VK_F3 0x72 816 | #define VK_F4 0x73 817 | #define LANG_TIGRIGNA 0x73 818 | #define LANG_TIGRINYA 0x73 819 | #define VK_F5 0x74 820 | #define VK_F6 0x75 821 | #define LANG_HAWAIIAN 0x75 822 | #define VK_F7 0x76 823 | #define VK_F8 0x77 824 | #define VK_F9 0x78 825 | #define WHEEL_DELTA 120 826 | #define LANG_YI 0x78 827 | #define VK_F10 0x79 828 | #define VK_F11 0x7A 829 | #define LANG_MAPUDUNGUN 0x7a 830 | #define VK_F12 0x7B 831 | #define WM_CONTEXTMENU 0x007B 832 | #define VK_F13 0x7C 833 | #define WM_STYLECHANGING 0x007C 834 | #define LANG_MOHAWK 0x7c 835 | #define VK_F14 0x7D 836 | #define WM_STYLECHANGED 0x007D 837 | #define VK_F15 0x7E 838 | #define WM_DISPLAYCHANGE 0x007E 839 | #define LANG_BRETON 0x7e 840 | #define VK_F16 0x7F 841 | #define WM_GETICON 0x007F 842 | #define LANG_INVARIANT 0x7f 843 | #define VK_F17 0x80 844 | #define WM_SETICON 0x0080 845 | #define WVR_ALIGNRIGHT 0x0080 846 | #define CS_PARENTDC 0x0080 847 | #define CF_OWNERDISPLAY 0x0080 848 | #define HDS_FULLDRAG 0x0080 849 | #define BTNS_WHOLEDROPDOWN 0x0080 850 | #define TTS_CLOSE 0x80 851 | #define TBS_NOTHUMB 0x0080 852 | #define UDS_NOTHOUSANDS 0x0080 853 | #define LVS_NOLABELWRAP 0x0080 854 | #define TVS_NOTOOLTIPS 0x0080 855 | #define TVS_EX_PARTIALCHECKBOXES 0x0080 856 | #define TCS_VERTICAL 0x0080 857 | #define MCS_SHORTDAYSOFWEEK 0x0080 858 | #define LANG_UIGHUR 0x80 859 | #define VK_F18 0x81 860 | #define WM_NCCREATE 0x0081 861 | #define CF_DSPTEXT 0x0081 862 | #define LANG_MAORI 0x81 863 | #define VK_F19 0x82 864 | #define WM_NCDESTROY 0x0082 865 | #define CF_DSPBITMAP 0x0082 866 | #define LANG_OCCITAN 0x82 867 | #define VK_F20 0x83 868 | #define WM_NCCALCSIZE 0x0083 869 | #define CF_DSPMETAFILEPICT 0x0083 870 | #define LANG_CORSICAN 0x83 871 | #define VK_F21 0x84 872 | #define WM_NCHITTEST 0x0084 873 | #define LANG_ALSATIAN 0x84 874 | #define VK_F22 0x85 875 | #define WM_NCPAINT 0x0085 876 | #define LANG_SAKHA 0x85 877 | #define LANG_YAKUT 0x85 878 | #define VK_F23 0x86 879 | #define WM_NCACTIVATE 0x0086 880 | #define LANG_KICHE 0x86 881 | #define VK_F24 0x87 882 | #define WM_GETDLGCODE 0x0087 883 | #define LANG_KINYARWANDA 0x87 884 | #define WM_SYNCPAINT 0x0088 885 | #define LANG_WOLOF 0x88 886 | #define LANG_DARI 0x8c 887 | #define CF_DSPENHMETAFILE 0x008E 888 | #define VK_NUMLOCK 0x90 889 | #define VK_SCROLL 0x91 890 | #define LANG_SCOTTISH_GAELIC 0x91 891 | #define VK_OEM_NEC_EQUAL 0x92 892 | #define VK_OEM_FJ_JISHO 0x92 893 | #define LANG_CENTRAL_KURDISH 0x92 894 | #define VK_OEM_FJ_MASSHOU 0x93 895 | #define VK_OEM_FJ_TOUROKU 0x94 896 | #define VK_OEM_FJ_LOYA 0x95 897 | #define VK_OEM_FJ_ROYA 0x96 898 | #define VK_LSHIFT 0xA0 899 | #define WM_NCMOUSEMOVE 0x00A0 900 | #define VK_RSHIFT 0xA1 901 | #define WM_NCLBUTTONDOWN 0x00A1 902 | #define VK_LCONTROL 0xA2 903 | #define WM_NCLBUTTONUP 0x00A2 904 | #define VK_RCONTROL 0xA3 905 | #define WM_NCLBUTTONDBLCLK 0x00A3 906 | #define VK_LMENU 0xA4 907 | #define WM_NCRBUTTONDOWN 0x00A4 908 | #define VK_RMENU 0xA5 909 | #define WM_NCRBUTTONUP 0x00A5 910 | #define VK_BROWSER_BACK 0xA6 911 | #define WM_NCRBUTTONDBLCLK 0x00A6 912 | #define VK_BROWSER_FORWARD 0xA7 913 | #define WM_NCMBUTTONDOWN 0x00A7 914 | #define VK_BROWSER_REFRESH 0xA8 915 | #define WM_NCMBUTTONUP 0x00A8 916 | #define VK_BROWSER_STOP 0xA9 917 | #define WM_NCMBUTTONDBLCLK 0x00A9 918 | #define VK_BROWSER_SEARCH 0xAA 919 | #define VK_BROWSER_FAVORITES 0xAB 920 | #define WM_NCXBUTTONDOWN 0x00AB 921 | #define VK_BROWSER_HOME 0xAC 922 | #define WM_NCXBUTTONUP 0x00AC 923 | #define VK_VOLUME_MUTE 0xAD 924 | #define WM_NCXBUTTONDBLCLK 0x00AD 925 | #define VK_VOLUME_DOWN 0xAE 926 | #define VK_VOLUME_UP 0xAF 927 | #define VK_MEDIA_NEXT_TRACK 0xB0 928 | #define EM_GETSEL 0x00B0 929 | #define VK_MEDIA_PREV_TRACK 0xB1 930 | #define EM_SETSEL 0x00B1 931 | #define VK_MEDIA_STOP 0xB2 932 | #define EM_GETRECT 0x00B2 933 | #define VK_MEDIA_PLAY_PAUSE 0xB3 934 | #define EM_SETRECT 0x00B3 935 | #define VK_LAUNCH_MAIL 0xB4 936 | #define EM_SETRECTNP 0x00B4 937 | #define VK_LAUNCH_MEDIA_SELECT 0xB5 938 | #define EM_SCROLL 0x00B5 939 | #define VK_LAUNCH_APP1 0xB6 940 | #define EM_LINESCROLL 0x00B6 941 | #define VK_LAUNCH_APP2 0xB7 942 | #define EM_SCROLLCARET 0x00B7 943 | #define EM_GETMODIFY 0x00B8 944 | #define EM_SETMODIFY 0x00B9 945 | #define VK_OEM_1 0xBA 946 | #define EM_GETLINECOUNT 0x00BA 947 | #define VK_OEM_PLUS 0xBB 948 | #define EM_LINEINDEX 0x00BB 949 | #define VK_OEM_COMMA 0xBC 950 | #define EM_SETHANDLE 0x00BC 951 | #define VK_OEM_MINUS 0xBD 952 | #define EM_GETHANDLE 0x00BD 953 | #define VK_OEM_PERIOD 0xBE 954 | #define EM_GETTHUMB 0x00BE 955 | #define VK_OEM_2 0xBF 956 | #define VK_OEM_3 0xC0 957 | #define EM_LINELENGTH 0x00C1 958 | #define EM_REPLACESEL 0x00C2 959 | #define EM_GETLINE 0x00C4 960 | #define EM_LIMITTEXT 0x00C5 961 | #define EM_CANUNDO 0x00C6 962 | #define EM_UNDO 0x00C7 963 | #define EM_FMTLINES 0x00C8 964 | #define EM_LINEFROMCHAR 0x00C9 965 | #define EM_SETTABSTOPS 0x00CB 966 | #define EM_SETPASSWORDCHAR 0x00CC 967 | #define EM_EMPTYUNDOBUFFER 0x00CD 968 | #define EM_GETFIRSTVISIBLELINE 0x00CE 969 | #define EM_SETREADONLY 0x00CF 970 | #define EM_SETWORDBREAKPROC 0x00D0 971 | #define EM_GETWORDBREAKPROC 0x00D1 972 | #define EM_GETPASSWORDCHAR 0x00D2 973 | #define EM_SETMARGINS 0x00D3 974 | #define EM_GETMARGINS 0x00D4 975 | #define EM_GETLIMITTEXT 0x00D5 976 | #define EM_POSFROMCHAR 0x00D6 977 | #define EM_CHARFROMPOS 0x00D7 978 | #define EM_SETIMESTATUS 0x00D8 979 | #define EM_GETIMESTATUS 0x00D9 980 | #define VK_OEM_4 0xDB 981 | #define VK_OEM_5 0xDC 982 | #define VK_OEM_6 0xDD 983 | #define VK_OEM_7 0xDE 984 | #define VK_OEM_8 0xDF 985 | #define VK_OEM_AX 0xE1 986 | #define VK_OEM_102 0xE2 987 | #define VK_ICO_HELP 0xE3 988 | #define VK_ICO_00 0xE4 989 | #define VK_PROCESSKEY 0xE5 990 | #define VK_ICO_CLEAR 0xE6 991 | #define VK_PACKET 0xE7 992 | #define VK_OEM_RESET 0xE9 993 | #define VK_OEM_JUMP 0xEA 994 | #define VK_OEM_PA1 0xEB 995 | #define VK_OEM_PA2 0xEC 996 | #define VK_OEM_PA3 0xED 997 | #define VK_OEM_WSCTRL 0xEE 998 | #define VK_OEM_CUSEL 0xEF 999 | #define VK_OEM_ATTN 0xF0 1000 | #define BM_GETCHECK 0x00F0 1001 | #define VK_OEM_FINISH 0xF1 1002 | #define BM_SETCHECK 0x00F1 1003 | #define VK_OEM_COPY 0xF2 1004 | #define BM_GETSTATE 0x00F2 1005 | #define VK_OEM_AUTO 0xF3 1006 | #define BM_SETSTATE 0x00F3 1007 | #define VK_OEM_ENLW 0xF4 1008 | #define BM_SETSTYLE 0x00F4 1009 | #define VK_OEM_BACKTAB 0xF5 1010 | #define BM_CLICK 0x00F5 1011 | #define VK_ATTN 0xF6 1012 | #define BM_GETIMAGE 0x00F6 1013 | #define VK_CRSEL 0xF7 1014 | #define BM_SETIMAGE 0x00F7 1015 | #define VK_EXSEL 0xF8 1016 | #define BM_SETDONTCLICK 0x00F8 1017 | #define VK_EREOF 0xF9 1018 | #define VK_PLAY 0xFA 1019 | #define VK_ZOOM 0xFB 1020 | #define VK_NONAME 0xFC 1021 | #define VK_PA1 0xFD 1022 | #define VK_OEM_CLEAR 0xFE 1023 | #define WM_INPUT_DEVICE_CHANGE 0x00FE 1024 | #define SUBVERSION_MASK 0x000000FF 1025 | #define WM_INPUT 0x00FF 1026 | #define WM_KEYFIRST 0x0100 1027 | #define WM_KEYDOWN 0x0100 1028 | #define WVR_HREDRAW 0x0100 1029 | #define HDS_FILTERBAR 0x0100 1030 | #define TBSTYLE_TOOLTIPS 0x0100 1031 | #define RBS_TOOLTIPS 0x00000100 1032 | #define TTS_USEVISUALSTYLE 0x100 1033 | #define SBARS_SIZEGRIP 0x0100 1034 | #define TBS_TOOLTIPS 0x0100 1035 | #define UDS_HOTTRACK 0x0100 1036 | #define LVS_AUTOARRANGE 0x0100 1037 | #define TVS_CHECKBOXES 0x0100 1038 | #define TVS_EX_EXCLUSIONCHECKBOXES 0x0100 1039 | #define TCS_BUTTONS 0x0100 1040 | #define MCS_NOSELCHANGEONNAV 0x0100 1041 | #define WM_KEYUP 0x0101 1042 | #define WM_CHAR 0x0102 1043 | #define WM_DEADCHAR 0x0103 1044 | #define WM_SYSKEYDOWN 0x0104 1045 | #define WM_SYSKEYUP 0x0105 1046 | #define WM_SYSCHAR 0x0106 1047 | #define WM_SYSDEADCHAR 0x0107 1048 | #define WM_UNICHAR 0x0109 1049 | #define WM_KEYLAST 0x0109 1050 | #define WM_IME_STARTCOMPOSITION 0x010D 1051 | #define WM_IME_ENDCOMPOSITION 0x010E 1052 | #define WM_IME_COMPOSITION 0x010F 1053 | #define WM_IME_KEYLAST 0x010F 1054 | #define WM_INITDIALOG 0x0110 1055 | #define WM_COMMAND 0x0111 1056 | #define WM_SYSCOMMAND 0x0112 1057 | #define WM_TIMER 0x0113 1058 | #define WM_HSCROLL 0x0114 1059 | #define WM_VSCROLL 0x0115 1060 | #define WM_INITMENU 0x0116 1061 | #define WM_INITMENUPOPUP 0x0117 1062 | #define WM_GESTURE 0x0119 1063 | #define WM_GESTURENOTIFY 0x011A 1064 | #define WM_MENUSELECT 0x011F 1065 | #define WM_MENUCHAR 0x0120 1066 | #define WM_ENTERIDLE 0x0121 1067 | #define WM_MENURBUTTONUP 0x0122 1068 | #define WM_MENUDRAG 0x0123 1069 | #define WM_MENUGETOBJECT 0x0124 1070 | #define WM_UNINITMENUPOPUP 0x0125 1071 | #define WM_MENUCOMMAND 0x0126 1072 | #define WM_CHANGEUISTATE 0x0127 1073 | #define WM_UPDATEUISTATE 0x0128 1074 | #define WM_QUERYUISTATE 0x0129 1075 | #define WM_CTLCOLORMSGBOX 0x0132 1076 | #define WM_CTLCOLOREDIT 0x0133 1077 | #define WM_CTLCOLORLISTBOX 0x0134 1078 | #define WM_CTLCOLORBTN 0x0135 1079 | #define WM_CTLCOLORDLG 0x0136 1080 | #define WM_CTLCOLORSCROLLBAR 0x0137 1081 | #define WM_CTLCOLORSTATIC 0x0138 1082 | #define MN_GETHMENU 0x01E1 1083 | #define _WIN32_IE_IE20 0x0200 1084 | #define WM_MOUSEFIRST 0x0200 1085 | #define WM_MOUSEMOVE 0x0200 1086 | #define WVR_VREDRAW 0x0200 1087 | #define CS_NOCLOSE 0x0200 1088 | #define CF_PRIVATEFIRST 0x0200 1089 | #define HDS_FLAT 0x0200 1090 | #define TBSTYLE_WRAPABLE 0x0200 1091 | #define RBS_VARHEIGHT 0x00000200 1092 | #define TBS_REVERSED 0x0200 1093 | #define LVS_EDITLABELS 0x0200 1094 | #define TVS_TRACKSELECT 0x0200 1095 | #define TVS_EX_DIMMEDCHECKBOXES 0x0200 1096 | #define TCS_MULTILINE 0x0200 1097 | #define WM_LBUTTONDOWN 0x0201 1098 | #define WM_LBUTTONUP 0x0202 1099 | #define WM_LBUTTONDBLCLK 0x0203 1100 | #define WM_RBUTTONDOWN 0x0204 1101 | #define WM_RBUTTONUP 0x0205 1102 | #define WM_RBUTTONDBLCLK 0x0206 1103 | #define WM_MBUTTONDOWN 0x0207 1104 | #define WM_MBUTTONUP 0x0208 1105 | #define WM_MBUTTONDBLCLK 0x0209 1106 | #define WM_MOUSEWHEEL 0x020A 1107 | #define WM_XBUTTONDOWN 0x020B 1108 | #define WM_XBUTTONUP 0x020C 1109 | #define WM_XBUTTONDBLCLK 0x020D 1110 | #define WM_MOUSEHWHEEL 0x020E 1111 | #define WM_MOUSELAST 0x020E 1112 | #define WM_PARENTNOTIFY 0x0210 1113 | #define WM_ENTERMENULOOP 0x0211 1114 | #define WM_EXITMENULOOP 0x0212 1115 | #define WM_NEXTMENU 0x0213 1116 | #define WM_SIZING 0x0214 1117 | #define WM_CAPTURECHANGED 0x0215 1118 | #define WM_MOVING 0x0216 1119 | #define WM_POWERBROADCAST 0x0218 1120 | #define WM_DEVICECHANGE 0x0219 1121 | #define WM_MDICREATE 0x0220 1122 | #define WM_MDIDESTROY 0x0221 1123 | #define WM_MDIACTIVATE 0x0222 1124 | #define WM_MDIRESTORE 0x0223 1125 | #define WM_MDINEXT 0x0224 1126 | #define WM_MDIMAXIMIZE 0x0225 1127 | #define WM_MDITILE 0x0226 1128 | #define WM_MDICASCADE 0x0227 1129 | #define WM_MDIICONARRANGE 0x0228 1130 | #define WM_MDIGETACTIVE 0x0229 1131 | #define WM_MDISETMENU 0x0230 1132 | #define WM_ENTERSIZEMOVE 0x0231 1133 | #define WM_EXITSIZEMOVE 0x0232 1134 | #define WM_DROPFILES 0x0233 1135 | #define WM_MDIREFRESHMENU 0x0234 1136 | #define WM_POINTERDEVICECHANGE 0x238 1137 | #define WM_POINTERDEVICEINRANGE 0x239 1138 | #define WM_POINTERDEVICEOUTOFRANGE 0x23A 1139 | #define WM_TOUCH 0x0240 1140 | #define WM_NCPOINTERUPDATE 0x0241 1141 | #define WM_NCPOINTERDOWN 0x0242 1142 | #define WM_NCPOINTERUP 0x0243 1143 | #define WM_POINTERUPDATE 0x0245 1144 | #define WM_POINTERDOWN 0x0246 1145 | #define WM_POINTERUP 0x0247 1146 | #define WM_POINTERENTER 0x0249 1147 | #define WM_POINTERLEAVE 0x024A 1148 | #define WM_POINTERACTIVATE 0x024B 1149 | #define WM_POINTERCAPTURECHANGED 0x024C 1150 | #define WM_TOUCHHITTESTING 0x024D 1151 | #define WM_POINTERWHEEL 0x024E 1152 | #define WM_POINTERHWHEEL 0x024F 1153 | #define DM_POINTERHITTEST 0x0250 1154 | #define WM_IME_SETCONTEXT 0x0281 1155 | #define WM_IME_NOTIFY 0x0282 1156 | #define WM_IME_CONTROL 0x0283 1157 | #define WM_IME_COMPOSITIONFULL 0x0284 1158 | #define WM_IME_SELECT 0x0285 1159 | #define WM_IME_CHAR 0x0286 1160 | #define WM_IME_REQUEST 0x0288 1161 | #define WM_IME_KEYDOWN 0x0290 1162 | #define WM_IME_KEYUP 0x0291 1163 | #define WM_NCMOUSEHOVER 0x02A0 1164 | #define WM_MOUSEHOVER 0x02A1 1165 | #define WM_NCMOUSELEAVE 0x02A2 1166 | #define WM_MOUSELEAVE 0x02A3 1167 | #define WM_WTSSESSION_CHANGE 0x02B1 1168 | #define WM_TABLET_FIRST 0x02c0 1169 | #define WM_TABLET_LAST 0x02df 1170 | #define WM_DPICHANGED 0x02E0 1171 | #define CF_PRIVATELAST 0x02FF 1172 | #define _WIN32_IE_IE30 0x0300 1173 | #define WM_CUT 0x0300 1174 | #define CF_GDIOBJFIRST 0x0300 1175 | #define WM_COPY 0x0301 1176 | #define _WIN32_IE_IE302 0x0302 1177 | #define WM_PASTE 0x0302 1178 | #define WM_CLEAR 0x0303 1179 | #define WM_UNDO 0x0304 1180 | #define WM_RENDERFORMAT 0x0305 1181 | #define WM_RENDERALLFORMATS 0x0306 1182 | #define WM_DESTROYCLIPBOARD 0x0307 1183 | #define WM_DRAWCLIPBOARD 0x0308 1184 | #define WM_PAINTCLIPBOARD 0x0309 1185 | #define WM_VSCROLLCLIPBOARD 0x030A 1186 | #define WM_SIZECLIPBOARD 0x030B 1187 | #define WM_ASKCBFORMATNAME 0x030C 1188 | #define WM_CHANGECBCHAIN 0x030D 1189 | #define WM_HSCROLLCLIPBOARD 0x030E 1190 | #define WM_QUERYNEWPALETTE 0x030F 1191 | #define WM_PALETTEISCHANGING 0x0310 1192 | #define WM_PALETTECHANGED 0x0311 1193 | #define WM_HOTKEY 0x0312 1194 | #define WM_PRINT 0x0317 1195 | #define WM_PRINTCLIENT 0x0318 1196 | #define WM_APPCOMMAND 0x0319 1197 | #define WM_THEMECHANGED 0x031A 1198 | #define WM_CLIPBOARDUPDATE 0x031D 1199 | #define WM_DWMCOMPOSITIONCHANGED 0x031E 1200 | #define WM_DWMNCRENDERINGCHANGED 0x031F 1201 | #define WM_DWMCOLORIZATIONCOLORCHANGED 0x0320 1202 | #define WM_DWMWINDOWMAXIMIZEDCHANGE 0x0321 1203 | #define WM_DWMSENDICONICTHUMBNAIL 0x0323 1204 | #define WM_DWMSENDICONICLIVEPREVIEWBITMAP 0x0326 1205 | #define WM_GETTITLEBARINFOEX 0x033F 1206 | #define WM_HANDHELDFIRST 0x0358 1207 | #define WM_HANDHELDLAST 0x035F 1208 | #define WM_AFXFIRST 0x0360 1209 | #define WM_AFXLAST 0x037F 1210 | #define WM_PENWINFIRST 0x0380 1211 | #define WM_PENWINLAST 0x038F 1212 | #define WM_DDE_FIRST 0x03E0 1213 | #define CF_GDIOBJLAST 0x03FF 1214 | #define _WIN32_WINNT_NT4 0x0400 1215 | #define _WIN32_IE_IE40 0x0400 1216 | #define WM_USER 0x0400 1217 | #define WVR_VALIDRECTS 0x0400 1218 | #define HDS_CHECKBOXES 0x0400 1219 | #define TBSTYLE_ALTDRAG 0x0400 1220 | #define RBS_BANDBORDERS 0x00000400 1221 | #define TBS_DOWNISLEFT 0x0400 1222 | #define LVS_OWNERDRAWFIXED 0x0400 1223 | #define TVS_SINGLEEXPAND 0x0400 1224 | #define TVS_EX_DRAWIMAGEASYNC 0x0400 1225 | #define TCS_FIXEDWIDTH 0x0400 1226 | #define ctlFirst 0x0400 1227 | #define psh1 0x0400 1228 | #define _WIN32_IE_IE401 0x0401 1229 | #define psh2 0x0401 1230 | #define psh3 0x0402 1231 | #define psh4 0x0403 1232 | #define psh5 0x0404 1233 | #define psh6 0x0405 1234 | #define psh7 0x0406 1235 | #define psh8 0x0407 1236 | #define psh9 0x0408 1237 | #define psh10 0x0409 1238 | #define psh11 0x040a 1239 | #define psh12 0x040b 1240 | #define psh13 0x040c 1241 | #define psh14 0x040d 1242 | #define psh15 0x040e 1243 | #define psh16 0x040f 1244 | #define _WIN32_WINDOWS 0x0410 1245 | #define chx1 0x0410 1246 | #define chx2 0x0411 1247 | #define chx3 0x0412 1248 | #define chx4 0x0413 1249 | #define chx5 0x0414 1250 | #define chx6 0x0415 1251 | #define chx7 0x0416 1252 | #define chx8 0x0417 1253 | #define chx9 0x0418 1254 | #define chx10 0x0419 1255 | #define chx11 0x041a 1256 | #define chx12 0x041b 1257 | #define chx13 0x041c 1258 | #define chx14 0x041d 1259 | #define chx15 0x041e 1260 | #define chx16 0x041f 1261 | #define rad1 0x0420 1262 | #define rad2 0x0421 1263 | #define rad3 0x0422 1264 | #define rad4 0x0423 1265 | #define rad5 0x0424 1266 | #define rad6 0x0425 1267 | #define rad7 0x0426 1268 | #define rad8 0x0427 1269 | #define rad9 0x0428 1270 | #define rad10 0x0429 1271 | #define rad11 0x042a 1272 | #define rad12 0x042b 1273 | #define rad13 0x042c 1274 | #define rad14 0x042d 1275 | #define rad15 0x042e 1276 | #define rad16 0x042f 1277 | #define grp1 0x0430 1278 | #define grp2 0x0431 1279 | #define grp3 0x0432 1280 | #define grp4 0x0433 1281 | #define frm1 0x0434 1282 | #define frm2 0x0435 1283 | #define frm3 0x0436 1284 | #define frm4 0x0437 1285 | #define rct1 0x0438 1286 | #define rct2 0x0439 1287 | #define rct3 0x043a 1288 | #define rct4 0x043b 1289 | #define ico1 0x043c 1290 | #define ico2 0x043d 1291 | #define ico3 0x043e 1292 | #define ico4 0x043f 1293 | #define stc1 0x0440 1294 | #define stc2 0x0441 1295 | #define stc3 0x0442 1296 | #define stc4 0x0443 1297 | #define stc5 0x0444 1298 | #define stc6 0x0445 1299 | #define stc7 0x0446 1300 | #define stc8 0x0447 1301 | #define stc9 0x0448 1302 | #define stc10 0x0449 1303 | #define stc11 0x044a 1304 | #define stc12 0x044b 1305 | #define stc13 0x044c 1306 | #define stc14 0x044d 1307 | #define stc15 0x044e 1308 | #define stc16 0x044f 1309 | #define stc17 0x0450 1310 | #define stc18 0x0451 1311 | #define stc19 0x0452 1312 | #define stc20 0x0453 1313 | #define stc21 0x0454 1314 | #define stc22 0x0455 1315 | #define stc23 0x0456 1316 | #define stc24 0x0457 1317 | #define stc25 0x0458 1318 | #define stc26 0x0459 1319 | #define stc27 0x045a 1320 | #define stc28 0x045b 1321 | #define stc29 0x045c 1322 | #define stc30 0x045d 1323 | #define stc31 0x045e 1324 | #define stc32 0x045f 1325 | #define lst1 0x0460 1326 | #define lst2 0x0461 1327 | #define lst3 0x0462 1328 | #define lst4 0x0463 1329 | #define lst5 0x0464 1330 | #define lst6 0x0465 1331 | #define lst7 0x0466 1332 | #define lst8 0x0467 1333 | #define lst9 0x0468 1334 | #define lst10 0x0469 1335 | #define lst11 0x046a 1336 | #define lst12 0x046b 1337 | #define lst13 0x046c 1338 | #define lst14 0x046d 1339 | #define lst15 0x046e 1340 | #define lst16 0x046f 1341 | #define cmb1 0x0470 1342 | #define cmb2 0x0471 1343 | #define cmb3 0x0472 1344 | #define cmb4 0x0473 1345 | #define cmb5 0x0474 1346 | #define cmb6 0x0475 1347 | #define cmb7 0x0476 1348 | #define cmb8 0x0477 1349 | #define cmb9 0x0478 1350 | #define cmb10 0x0479 1351 | #define cmb11 0x047a 1352 | #define cmb12 0x047b 1353 | #define cmb13 0x047c 1354 | #define cmb14 0x047d 1355 | #define cmb15 0x047e 1356 | #define cmb16 0x047f 1357 | #define edt1 0x0480 1358 | #define edt2 0x0481 1359 | #define edt3 0x0482 1360 | #define edt4 0x0483 1361 | #define edt5 0x0484 1362 | #define edt6 0x0485 1363 | #define edt7 0x0486 1364 | #define edt8 0x0487 1365 | #define edt9 0x0488 1366 | #define edt10 0x0489 1367 | #define edt11 0x048a 1368 | #define edt12 0x048b 1369 | #define edt13 0x048c 1370 | #define edt14 0x048d 1371 | #define edt15 0x048e 1372 | #define edt16 0x048f 1373 | #define scr1 0x0490 1374 | #define scr2 0x0491 1375 | #define scr3 0x0492 1376 | #define scr4 0x0493 1377 | #define scr5 0x0494 1378 | #define scr6 0x0495 1379 | #define scr7 0x0496 1380 | #define scr8 0x0497 1381 | #define ctl1 0x04A0 1382 | #define ctlLast 0x04ff 1383 | #define _WIN32_WINNT_WIN2K 0x0500 1384 | #define _WIN32_IE_IE50 0x0500 1385 | #define _WIN32_WINNT_WINXP 0x0501 1386 | #define _WIN32_IE_IE501 0x0501 1387 | #define _WIN32_WINNT_WS03 0x0502 1388 | #define _WIN32_IE_IE55 0x0550 1389 | #define _WIN32_WINNT_WIN6 0x0600 1390 | #define _WIN32_WINNT_VISTA 0x0600 1391 | #define _WIN32_WINNT_WS08 0x0600 1392 | #define _WIN32_WINNT_LONGHORN 0x0600 1393 | #define _WIN32_IE_IE60 0x0600 1394 | #define FILEOPENORD 1536 1395 | #define _WIN32_WINNT_WIN7 0x0601 1396 | #define _WIN32_IE_IE60SP1 0x0601 1397 | #define MULTIFILEOPENORD 1537 1398 | #define _WIN32_WINNT_WIN8 0x0602 1399 | #define _WIN32_IE_WS03 0x0602 1400 | #define PRINTDLGORD 1538 1401 | #define _WIN32_WINNT_WINBLUE 0x0603 1402 | #define _WIN32_IE_IE60SP2 0x0603 1403 | #define PRNSETUPDLGORD 1539 1404 | #define VER_PRODUCTVERSION_W 0x0603 1405 | #define FINDDLGORD 1540 1406 | #define REPLACEDLGORD 1541 1407 | #define FONTDLGORD 1542 1408 | #define FORMATDLGORD31 1543 1409 | #define FORMATDLGORD30 1544 1410 | #define RUNDLGORD 1545 1411 | #define PAGESETUPDLGORD 1546 1412 | #define NEWFILEOPENORD 1547 1413 | #define PRINTDLGEXORD 1549 1414 | #define PAGESETUPDLGORDMOTIF 1550 1415 | #define COLORMGMTDLGORD 1551 1416 | #define NEWFILEOPENV2ORD 1552 1417 | #define NEWFILEOPENV3ORD 1553 1418 | #define NEWFORMATDLGWITHLINK 1591 1419 | #define IDC_MANAGE_LINK 1592 1420 | #define _WIN32_IE_IE70 0x0700 1421 | #define _WIN32_IE_IE80 0x0800 1422 | #define CS_SAVEBITS 0x0800 1423 | #define HDS_NOSIZING 0x0800 1424 | #define TBSTYLE_FLAT 0x0800 1425 | #define RBS_FIXEDORDER 0x00000800 1426 | #define SBARS_TOOLTIPS 0x0800 1427 | #define SBT_TOOLTIPS 0x0800 1428 | #define TBS_NOTIFYBEFOREMOVE 0x0800 1429 | #define LVS_ALIGNLEFT 0x0800 1430 | #define TVS_INFOTIP 0x0800 1431 | #define TCS_RAGGEDRIGHT 0x0800 1432 | #define _WIN32_IE_IE90 0x0900 1433 | #define _WIN32_IE_IE100 0x0A00 1434 | #define _WIN32_IE 0x0A00 1435 | #define LVS_ALIGNMASK 0x0c00 1436 | #define CS_BYTEALIGNCLIENT 0x1000 1437 | #define HDS_OVERFLOW 0x1000 1438 | #define TBSTYLE_LIST 0x1000 1439 | #define RBS_REGISTERDROP 0x00001000 1440 | #define TBS_TRANSPARENTBKGND 0x1000 1441 | #define LVS_OWNERDATA 0x1000 1442 | #define TVS_FULLROWSELECT 0x1000 1443 | #define TCS_FOCUSONBUTTONDOWN 0x1000 1444 | #define CS_BYTEALIGNWINDOW 0x2000 1445 | #define TBSTYLE_CUSTOMERASE 0x2000 1446 | #define RBS_AUTOSIZE 0x00002000 1447 | #define LVS_NOSCROLL 0x2000 1448 | #define TVS_NOSCROLL 0x2000 1449 | #define TCS_OWNERDRAWFIXED 0x2000 1450 | #define VER_PRODUCTBUILD 9600 1451 | #define CS_GLOBALCLASS 0x4000 1452 | #define TBSTYLE_REGISTERDROP 0x4000 1453 | #define RBS_VERTICALGRIPPER 0x00004000 1454 | #define LVS_NOCOLUMNHEADER 0x4000 1455 | #define TVS_NONEVENHEIGHT 0x4000 1456 | #define TCS_TOOLTIPS 0x4000 1457 | #define VER_PRODUCTBUILD_QFE 17246 1458 | #define VER_PACKAGEBUILD_QFE 17246 1459 | #define IDH_NO_HELP 28440 1460 | #define IDH_MISSING_CONTEXT 28441 1461 | #define IDH_GENERIC_HELP_BUTTON 28442 1462 | #define IDH_OK 28443 1463 | #define IDH_CANCEL 28444 1464 | #define IDH_HELP 28445 1465 | #define LANG_BOSNIAN_NEUTRAL 0x781a 1466 | #define LANG_CHINESE_TRADITIONAL 0x7c04 1467 | #define LANG_SERBIAN_NEUTRAL 0x7c1a 1468 | #define IDTIMEOUT 32000 1469 | #define OCR_NORMAL 32512 1470 | #define OIC_SAMPLE 32512 1471 | #define IDI_APPLICATION 32512 1472 | #define OCR_IBEAM 32513 1473 | #define OIC_HAND 32513 1474 | #define IDI_HAND 32513 1475 | #define OCR_WAIT 32514 1476 | #define OIC_QUES 32514 1477 | #define IDI_QUESTION 32514 1478 | #define OCR_CROSS 32515 1479 | #define OIC_BANG 32515 1480 | #define IDI_EXCLAMATION 32515 1481 | #define OCR_UP 32516 1482 | #define OIC_NOTE 32516 1483 | #define IDI_ASTERISK 32516 1484 | #define OIC_WINLOGO 32517 1485 | #define IDI_WINLOGO 32517 1486 | #define OIC_SHIELD 32518 1487 | #define IDI_SHIELD 32518 1488 | #define OCR_SIZE 32640 1489 | #define OCR_ICON 32641 1490 | #define OCR_SIZENWSE 32642 1491 | #define OCR_SIZENESW 32643 1492 | #define OCR_SIZEWE 32644 1493 | #define OCR_SIZENS 32645 1494 | #define OCR_SIZEALL 32646 1495 | #define OCR_ICOCUR 32647 1496 | #define OCR_NO 32648 1497 | #define OCR_HAND 32649 1498 | #define OCR_APPSTARTING 32650 1499 | #define OBM_LFARROWI 32734 1500 | #define OBM_RGARROWI 32735 1501 | #define OBM_DNARROWI 32736 1502 | #define OBM_UPARROWI 32737 1503 | #define OBM_COMBO 32738 1504 | #define OBM_MNARROW 32739 1505 | #define OBM_LFARROWD 32740 1506 | #define OBM_RGARROWD 32741 1507 | #define OBM_DNARROWD 32742 1508 | #define OBM_UPARROWD 32743 1509 | #define OBM_RESTORED 32744 1510 | #define OBM_ZOOMD 32745 1511 | #define OBM_REDUCED 32746 1512 | #define OBM_RESTORE 32747 1513 | #define OBM_ZOOM 32748 1514 | #define OBM_REDUCE 32749 1515 | #define OBM_LFARROW 32750 1516 | #define OBM_RGARROW 32751 1517 | #define OBM_DNARROW 32752 1518 | #define OBM_UPARROW 32753 1519 | #define OBM_CLOSE 32754 1520 | #define OBM_OLD_RESTORE 32755 1521 | #define OBM_OLD_ZOOM 32756 1522 | #define OBM_OLD_REDUCE 32757 1523 | #define OBM_BTNCORNERS 32758 1524 | #define OBM_CHECKBOXES 32759 1525 | #define OBM_CHECK 32760 1526 | #define OBM_BTSIZE 32761 1527 | #define OBM_OLD_LFARROW 32762 1528 | #define OBM_OLD_RGARROW 32763 1529 | #define OBM_OLD_DNARROW 32764 1530 | #define OBM_OLD_UPARROW 32765 1531 | #define OBM_SIZE 32766 1532 | #define OBM_OLD_CLOSE 32767 1533 | #define WM_APP 0x8000 1534 | #define HELP_TCARD 0x8000 1535 | #define TBSTYLE_TRANSPARENT 0x8000 1536 | #define RBS_DBLCLKTOGGLE 0x00008000 1537 | #define LVS_NOSORTHEADER 0x8000 1538 | #define TVS_NOHSCROLL 0x8000 1539 | #define TCS_FOCUSNEVER 0x8000 1540 | #define SC_SIZE 0xF000 1541 | #define SC_SEPARATOR 0xF00F 1542 | #define SC_MOVE 0xF010 1543 | #define SC_MINIMIZE 0xF020 1544 | #define SC_MAXIMIZE 0xF030 1545 | #define SC_NEXTWINDOW 0xF040 1546 | #define SC_PREVWINDOW 0xF050 1547 | #define SC_CLOSE 0xF060 1548 | #define SC_VSCROLL 0xF070 1549 | #define SC_HSCROLL 0xF080 1550 | #define SC_MOUSEMENU 0xF090 1551 | #define SC_KEYMENU 0xF100 1552 | #define SC_ARRANGE 0xF110 1553 | #define SC_RESTORE 0xF120 1554 | #define SC_TASKLIST 0xF130 1555 | #define SC_SCREENSAVE 0xF140 1556 | #define SC_HOTKEY 0xF150 1557 | #define SC_DEFAULT 0xF160 1558 | #define SC_MONITORPOWER 0xF170 1559 | #define SC_CONTEXTHELP 0xF180 1560 | #define LVS_TYPESTYLEMASK 0xfc00 1561 | #define SPVERSION_MASK 0x0000FF00 1562 | #define HTERROR -2 1563 | #define PWR_FAIL -1 1564 | #define UNICODE_NOCHAR 0xFFFF 1565 | #define HTTRANSPARENT -1 1566 | 1567 | // Next default values for new objects 1568 | // 1569 | #ifdef APSTUDIO_INVOKED 1570 | #ifndef APSTUDIO_READONLY_SYMBOLS 1571 | #define _APS_NEXT_RESOURCE_VALUE 101 1572 | #define _APS_NEXT_COMMAND_VALUE 40001 1573 | #define _APS_NEXT_CONTROL_VALUE 1000 1574 | #define _APS_NEXT_SYMED_VALUE 101 1575 | #endif 1576 | #endif 1577 | --------------------------------------------------------------------------------