Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Package win32
[hide private]
[frames] | no frames]

Package win32

source code

Debugging API wrappers in ctypes.

Submodules [hide private]

Classes [hide private]
  Rect
Python wrapper over the RECT class.
  LPWINDOWPLACEMENT
  PGUITHREADINFO
  WINDOWPLACEMENT
  Point
Python wrapper over the POINT class.
  WNDENUMPROC
  PWINDOWPLACEMENT
  WindowPlacement
Python wrapper over the WINDOWPLACEMENT class.
  GUITHREADINFO
  LPGUITHREADINFO
  ServiceStatusEntry
Service status entry returned by EnumServicesStatus.
  PWTS_PROCESS_INFOW
  ENUM_SERVICE_STATUSA
  WTS_INFO_CLASS
  PSECURITY_IMPERSONATION_LEVEL
  TOKEN_INFORMATION_CLASS
  LPENUM_SERVICE_STATUSA
  PWAITCHAINCALLBACK
  SID_AND_ATTRIBUTES
  TOKEN_ELEVATION_TYPE
  PTOKEN_ORIGIN
  TOKEN_APPCONTAINER_INFORMATION
  LPSERVICE_STATUS
  TOKEN_LINKED_TOKEN
  LPENUM_SERVICE_STATUSW
  PTOKEN_ELEVATION_TYPE
  ServiceStatus
Wrapper for the SERVICE_STATUS structure.
  SAFER_POLICY_INFO_CLASS
  HWCT
  PTOKEN_LINKED_TOKEN
  LPENUM_SERVICE_STATUS_PROCESSW
  LPENUM_SERVICE_STATUS_PROCESSA
  TOKEN_STATISTICS
  WTS_PROCESS_INFOA
  WTS_PROCESS_INFOW
  ThreadWaitChainSessionHandle
Thread wait chain session handle.
  LUID_AND_ATTRIBUTES
  SaferLevelHandle
Safer level handle.
  ServiceStatusProcessEntry
Service status entry returned by EnumServicesStatusEx.
  PWTS_CLIENT_DISPLAY
  PSID_AND_ATTRIBUTES
  ServiceControlManagerHandle
Service Control Manager (SCM) handle.
  WTS_CLIENT_DISPLAY
  SERVICE_STATUS
  SECURITY_IMPERSONATION_LEVEL
  TOKEN_MANDATORY_LABEL
  TOKEN_OWNER
  ENUM_SERVICE_STATUSW
  SC_ENUM_TYPE
  WCT_OBJECT_TYPE
  PWAITCHAIN_NODE_INFO
  TOKEN_ORIGIN
  SERVICE_STATUS_PROCESS
  PTOKEN_STATISTICS
  PTOKEN_PRIMARY_GROUP
  TokenHandle
Access token handle.
  TOKEN_PRIVILEGES
  LUID
  PTOKEN_USER
  PLUID
  PTOKEN_PRIVILEGES
  PTOKEN_APPCONTAINER_INFORMATION
  WAITCHAIN_NODE_INFO
  WCT_OBJECT_STATUS
  PTOKEN_TYPE
  PWTS_PROCESS_INFOA
  PTOKEN_OWNER
  SC_HANDLE
  RegistryKeyHandle
Registry key handle.
  PTOKEN_MANDATORY_LABEL
  SC_STATUS_TYPE
  WTS_CONNECTSTATE_CLASS
  ENUM_SERVICE_STATUS_PROCESSW
  ServiceStatusProcess
Wrapper for the SERVICE_STATUS_PROCESS structure.
  ENUM_SERVICE_STATUS_PROCESSA
  SAFER_LEVEL_HANDLE
  TOKEN_USER
  TOKEN_TYPE
  WaitChainNodeInfo
Represents a node in the wait chain.
  TOKEN_PRIMARY_GROUP
  LPSERVICE_STATUS_PROCESS
  ServiceHandle
Service handle.
  SHELLEXECUTEINFO
  LPSHELLEXECUTEINFO
  LPMODULEINFO
  MODULEINFO
  OSVERSIONINFOW
  LPSECURITY_ATTRIBUTES
  OSVERSIONINFOA
  RIP_INFO
  THREADNAME_INFO
  STARTUPINFOEXW
  PCHAR_INFO
  FILE_INFO_BY_HANDLE_CLASS
  LPHEAPLIST32
  STARTUPINFO
  THREADENTRY32
  PSYM_ENUMSYMBOLS_CALLBACKW64
  PSYM_ENUMMODULES_CALLBACK
  POSVERSIONINFOA
  POSVERSIONINFOW
  LPMODULEENTRY32
  PGET_MODULE_BASE_ROUTINE64
  MEMORY_BASIC_INFORMATION64
  IMAGEHLP_MODULEW
  ProcessHandle
Win32 process handle.
  OUTPUT_DEBUG_STRING_INFO
  PSYM_ENUMMODULES_CALLBACKW64
  PSYM_ENUMSYMBOLS_CALLBACK64
  MEMORY_BASIC_INFORMATION
  PFUNCTION_TABLE_ACCESS_ROUTINE64
  PPROC_THREAD_ATTRIBUTE_LIST
  IMAGEHLP_MODULE
  EXCEPTION_RECORD
  STACKFRAME64
  SnapshotHandle
Toolhelp32 snapshot handle.
  LPJIT_DEBUG_INFO64
  Handle
Encapsulates Win32 handles to avoid leaking them.
  PREAD_PROCESS_MEMORY_ROUTINE64
  EXIT_PROCESS_DEBUG_INFO
  LPLDT_ENTRY
  PSYM_ENUMSYMBOLS_CALLBACK
  LPJIT_DEBUG_INFO
  STARTUPINFOEX
  PIMAGEHLP_MODULEW64
  PTRANSLATE_ADDRESS_ROUTINE64
  HEAPENTRY32
  SECURITY_ATTRIBUTES
  JIT_DEBUG_INFO32
  LPFILETIME
  PIMAGEHLP_MODULEW
  LPTHREADENTRY32
  LPFLOATING_SAVE_AREA
  API_VERSION
  PROCESSENTRY32
  OVERLAPPED
  ThreadHandle
Win32 thread handle.
  PKDHELP64
  KDHELP64
  LPSYSTEM_INFO
  SMALL_RECT
  LPOVERLAPPED
  PIMAGEHLP_SYMBOLW64
  PAPI_VERSION
  JIT_DEBUG_INFO
  DEBUG_EVENT
  LPPROCESSENTRY32
  PEXCEPTION_RECORD
  LPVS_FIXEDFILEINFO
  UNLOAD_DLL_DEBUG_INFO
  PHANDLER_ROUTINE
  LPOSVERSIONINFOEXW
  LPOSVERSIONINFOEXA
  ProcThreadAttributeList
Extended process and thread attribute support.
  EXCEPTION_RECORD32
  PLDT_ENTRY
  IMAGEHLP_MODULE64
  ADDRESS64
  SYM_INFO
  LPPROC_THREAD_ATTRIBUTE_LIST
  FileHandle
Win32 file handle.
  JIT_DEBUG_INFO64
  IMAGEHLP_SYMBOL64
  MemoryBasicInformation
Memory information object returned by VirtualQueryEx.
  SYSTEM_INFO
  PSYM_ENUMSYMBOLS_CALLBACKW
  LPHEAPENTRY32
  PIMAGEHLP_MODULE
  ProcessInformation
Process information object returned by CreateProcess.
  PIMAGEHLP_SYMBOL64
  PCOORD
  LPSYSTEMTIME
  EXIT_THREAD_DEBUG_INFO
  PIMAGEHLP_MODULE64
  LPSTARTUPINFOEX
  LPJIT_DEBUG_INFO32
  SYM_INFOW
  FLOATING_SAVE_AREA
  CREATE_THREAD_DEBUG_INFO
  LOAD_DLL_DEBUG_INFO
  PFLOATING_SAVE_AREA
  EXCEPTION_RECORD64
  FileMappingHandle
File mapping handle.
  LPSTARTUPINFOW
  LPADDRESS64
  PEXCEPTION_RECORD64
  LPSTARTUPINFO
  UserModeHandle
Base class for non-kernel handles.
  HEAPLIST32
  ADDRESS_MODE
  PSYM_INFO
  COORD
  VS_FIXEDFILEINFO
  LPBY_HANDLE_FILE_INFORMATION
  LPCONTEXT
  SYSTEMTIME
  LPAPI_VERSION
  PSYM_ENUMMODULES_CALLBACKW
  PCONSOLE_SCREEN_BUFFER_INFO
  LDT_ENTRY
  POSVERSIONINFOEXA
  MEMORY_BASIC_INFORMATION32
  POSVERSIONINFOEXW
  LPDEBUG_EVENT
  PVS_FIXEDFILEINFO
  LPSTACKFRAME64
  IMAGEHLP_SYMBOLW64
  PMEMORY_BASIC_INFORMATION
  EXCEPTION_DEBUG_INFO
  LPSTARTUPINFOEXW
  IMAGEHLP_MODULEW64
  FILETIME
  CONTEXT
  CONSOLE_SCREEN_BUFFER_INFO
  PEXCEPTION_RECORD32
  BY_HANDLE_FILE_INFORMATION
  CHAR_INFO
  CREATE_PROCESS_DEBUG_INFO
  PROCESS_INFORMATION
  PSYM_ENUMMODULES_CALLBACK64
  OSVERSIONINFOEXW
  MODULEENTRY32
  PCONTEXT
  LPOSVERSIONINFOA
  LPOSVERSIONINFOW
  LPPROCESS_INFORMATION
  PSMALL_RECT
  STARTUPINFOW
  PSYM_INFOW
  OSVERSIONINFOEXA
  Context
Register context dictionary for the i386 architecture.
  DWORD_PTR
  CURDIR
  GuessStringType
Decorator that guesses the correct version (A or W) to call based on the types of the strings passed as parameters.
  PSTR
  HMODULE
  LONG64
  PTEB
  LONGLONG
  LPHANDLE
  PBOOL
  PROCESS_BASIC_INFORMATION
  SYSDBG_COMMAND
  HDESK
  RTL_ACTIVATION_CONTEXT_STACK_FRAME
  PTEB_ACTIVE_FRAME
  LPARAM
  PULONG64
  SQWORD
  INT64
  REGSAM
  GDI_TEB_BATCH
  FILE_NAME_INFORMATION
  CCHAR
  HENHMETAFILE
  PSIZE_T
  Wx86ThreadState
  PRTL_CRITICAL_SECTION
  HMETAFILE
  SYSDBG_MSR
  PPEBLOCKROUTINE
  FILE_INFORMATION_CLASS
  LPULONG
  HBITMAP
  SSIZE_T
  HKEY
  PPEB_FREE_BLOCK
  DWORD64
  ULONG_PTR
  PPVOID
  UINT16
  PNTTIB
  PFLOAT128
  PRTL_USER_PROCESS_PARAMETERS
  HRESULT
  RTL_CRITICAL_SECTION
  SWORD
  DWORDLONG
  LPVOID
  ULONG32
  LONG_PTR
  TCHAR
  HDC
  HPEN
  HMF
  HEMF
  THREAD_BASIC_INFORMATION
  SIZE_T
  WCHAR
  TEB_ACTIVE_FRAME_CONTEXT
  LPWORD
  CHAR
  IO_STATUS_BLOCK
  NTSTATUS
  WORD
  PTEB_ACTIVE_FRAME_CONTEXT
  LPSBYTE
  PROCESSINFOCLASS
  PDWORD32
  HANDLE
  RTL_CRITICAL_SECTION_DEBUG
  EXCEPTION_DISPOSITION
  BOOLEAN
  LPSTR
  PDWORD_PTR
  PEB_FREE_BLOCK
  HSTR
  LONG32
  CLIENT_ID
  LPLONG
  DWORD
  LPBOOL
  INT32
  INT8
  PACCESS_MASK
  PWSTR
  FLOAT
  PIO_STATUS_BLOCK
  FLOAT128
  PVOID
  PM128A
  PREGSAM
  HGLOBAL
  QWORD
  LPULONG32
  LPSWORD
  ACCESS_MASK
  PPEB
  SHORT
  PWCHAR
  RTL_DRIVE_LETTER_CURDIR
  TEB_ACTIVE_FRAME
  RVA64
  LPWSTR
  HRSRC
  NT_TIB
  HBRUSH
  UNICODE_STRING
  LPULONG64
  HGDIOBJ
  DefaultStringType
Decorator that uses the default version (A or W) to call based on the configuration of the GuessStringType decorator.
  LONG
  PPS_POST_PROCESS_INIT_ROUTINE
  HINSTANCE
  PEB
  SDWORD
  HPALETTE
  PRTL_CRITICAL_SECTION_DEBUG
  PEB_32
  DWORD32
  PULONG32
  UINT8
  BYTE
  UINT64
  LPDWORD
  INT
  EXCEPTION_REGISTRATION_RECORD
  LIST_ENTRY
  M128A
  LPDWORD64
  GUID
  ULONG64
  THREADINFOCLASS
  UINT
  PPEB_LDR_DATA
  SBYTE
  PDWORD
  PROCESSOR_NUMBER
  HDWP
  HFILE
  RVA
  HKL
  PEB_LDR_DATA
  PHKEY
  PNTSTATUS
  HWND
  HTASK
  PLONG
  ULONG
  UINT32
  PEXCEPTION_REGISTRATION_RECORD
  UCHAR
  LPDWORD32
  PSID
  HLOCAL
  KAFFINITY
  PULONG
  HRGN
  LPBYTE
  ACTIVATION_CONTEXT_STACK
  INT16
  PEXCEPTION_DISPOSITION
  LDR_MODULE
  TEB
  WPARAM
  USHORT
  BOOL
  LRESULT
  PDWORD64
  PHANDLE
  HWINSTA
  PCHAR
  ULONGLONG
  LPSDWORD
  ATOM
  RTL_USER_PROCESS_PARAMETERS
  HMETAFILEPICT
Functions [hide private]
 
ShowWindowAsync(hWnd, nCmdShow=5) source code
 
SendMessageW(hWnd, Msg, wParam=0, lParam=0) source code
 
GetClientRect(hWnd) source code
 
GetWindow(hWnd, uCmd) source code
 
IsWindowEnabled(hWnd) source code
 
WaitForInputIdle(hProcess, dwMilliseconds=-1) source code
 
GetWindowLongW(hWnd, nIndex=0) source code
 
PostMessageA(hWnd, Msg, wParam=0, lParam=0) source code
 
PostMessageW(hWnd, Msg, wParam=0, lParam=0) source code
 
ScreenToClient(hWnd, lpPoint) source code
 
FindWindowExA(hwndParent=None, hwndChildAfter=None, lpClassName=None, lpWindowName=None) source code
 
FindWindowExW(hwndParent=None, hwndChildAfter=None, lpClassName=None, lpWindowName=None) source code
 
GetWindowThreadProcessId(hWnd) source code
 
MoveWindow(hWnd, X, Y, nWidth, nHeight, bRepaint=True) source code
 
GetDesktopWindow() source code
 
SendMessageA(hWnd, Msg, wParam=0, lParam=0) source code
 
MapWindowPoints(hWndFrom, hWndTo, lpPoints) source code
 
RegisterClipboardFormatA(lpString) source code
 
GetForegroundWindow() source code
 
RegisterWindowMessageW(lpString) source code
 
SetWindowLongPtrW(hWnd, nIndex, dwNewLong) source code
 
IsWindow(hWnd) source code
 
WindowFromPoint(point) source code
 
ShowWindow(hWnd, nCmdShow=5) source code
 
EnableWindow(hWnd, bEnable=True) source code
 
SetWindowPlacement(hWnd, lpwndpl) source code
 
IsZoomed(hWnd) source code
 
GetWindowPlacement(hWnd) source code
 
SetWindowLongW(hWnd, nIndex, dwNewLong) source code
 
IsIconic(hWnd) source code
 
IsChild(hWnd) source code
 
SendNotifyMessageA(hWnd, Msg, wParam=0, lParam=0) source code
 
SetLastErrorEx(dwErrCode, dwType=0) source code
 
SendNotifyMessageW(hWnd, Msg, wParam=0, lParam=0) source code
 
SendDlgItemMessageA(hDlg, nIDDlgItem, Msg, wParam=0, lParam=0) source code
 
SendDlgItemMessageW(hDlg, nIDDlgItem, Msg, wParam=0, lParam=0) source code
 
ClientToScreen(hWnd, lpPoint) source code
 
GetClassNameW(hWnd) source code
 
GetPropA(hWnd, lpString) source code
 
SetWindowLongA(hWnd, nIndex, dwNewLong) source code
 
MAKE_LPARAM(lParam)
Convert arguments to the LPARAM type.		 source code
 
GetWindowLongPtrW(hWnd, nIndex=0) source code
 
SendMessageTimeoutA(hWnd, Msg, wParam=0, lParam=0, fuFlags=0, uTimeout=0) source code
 
GetAncestor(hWnd, gaFlags=1) source code
 
SendMessageTimeoutW(hWnd, Msg, wParam=0, lParam=0) source code
 
EnumChildWindows(hWndParent=None) source code
 
ChildWindowFromPoint(hWndParent, point) source code
 
GetPropW(hWnd, lpString) source code
 
EnumThreadWindows(dwThreadId) source code
 
GetWindowLongA(hWnd, nIndex=0) source code
 
SetWindowTextW(hWnd, lpString=None) source code
 
PostThreadMessageW(idThread, Msg, wParam=0, lParam=0) source code
 
SetForegroundWindow(hWnd) source code
 
PostThreadMessageA(idThread, Msg, wParam=0, lParam=0) source code
 
FindWindowW(lpClassName=None, lpWindowName=None) source code
 
GetShellWindow() source code
 
FindWindowA(lpClassName=None, lpWindowName=None) source code
 
RealChildWindowFromPoint(hWndParent, ptParentClientCoords) source code
 
RegisterClipboardFormatW(lpString) source code
 
IsWindowVisible(hWnd) source code
 
GetGUIThreadInfo(idThread) source code
 
GetWindowTextW(hWnd) source code
 
GetWindowTextA(hWnd) source code
 
SetPropA(hWnd, lpString, hData) source code
 
SetPropW(hWnd, lpString, hData) source code
 
MAKE_WPARAM(wParam)
Convert arguments to the WPARAM type.		 source code
 
GetWindowRect(hWnd) source code
 
GetWindowLongPtrA(hWnd, nIndex=0) source code
 
RegisterWindowMessageA(lpString) source code
 
GetParent(hWnd) source code
 
EnumWindows() source code
 
RemovePropA(hWnd, lpString) source code
 
RemovePropW(hWnd, lpString) source code
 
SetWindowLongPtrA(hWnd, nIndex, dwNewLong) source code
 
SetWindowTextA(hWnd, lpString=None) source code
 
GetClassNameA(hWnd) source code
 
ConvertSidToStringSidW(Sid) source code
 
ConvertSidToStringSidA(Sid) source code
 
OpenServiceW(hSCManager, lpServiceName, dwDesiredAccess=983551) source code
 
CreateProcessAsUserA(hToken=None, lpApplicationName=None, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None) source code
 
CreateProcessAsUserW(hToken=None, lpApplicationName=None, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None) source code
 
EqualSid(pSid1, pSid2) source code
 
GetServiceKeyNameW(hSCManager, lpDisplayName) source code
 
GetServiceKeyNameA(hSCManager, lpDisplayName) source code
 
SaferIsExecutableFileType(szFullPath, bFromShellExecute=False) source code
 
CloseServiceHandle(hSCObject) source code
 
OpenServiceA(hSCManager, lpServiceName, dwDesiredAccess=983551) source code
 
LookupPrivilegeValueA(lpSystemName, lpName) source code
 
LookupPrivilegeValueW(lpSystemName, lpName) source code
 
RegFlushKey(hKey) source code
 
RegDeleteKeyExA(hKeySrc, lpSubKey=None, samDesired=512) source code
 
RegDeleteKeyExW(hKeySrc, lpSubKey=None, samDesired=512) source code
 
StartServiceW(hService, ServiceArgVectors=None) source code
 
EnumServicesStatusExW(hSCManager, InfoLevel=0, dwServiceType=59, dwServiceState=3, pszGroupName=None) source code
 
EnumServicesStatusExA(hSCManager, InfoLevel=0, dwServiceType=59, dwServiceState=3, pszGroupName=None) source code
 
QueryServiceStatus(hService) source code
 
DeleteService(hService) source code
 
RegDeleteTreeW(hKey, lpSubKey=None) source code
 
RegDeleteTreeA(hKey, lpSubKey=None) source code
 
IsValidSid(pSid) source code
 
GetUserNameW() source code
 
RegConnectRegistryA(lpMachineName=None, hKey=2147483650) source code
 
OpenSCManagerW(lpMachineName=None, lpDatabaseName=None, dwDesiredAccess=983103) source code
 
OpenSCManagerA(lpMachineName=None, lpDatabaseName=None, dwDesiredAccess=983103) source code
 
RegCreateKeyW(hKey=2147483650, lpSubKey=None) source code
 
WTSEnumerateProcessesW(hServer=0) source code
 
WTSEnumerateProcessesA(hServer=0) source code
 
AdjustTokenPrivileges(TokenHandle, NewState=()) source code
 
GetLengthSid(pSid) source code
 
RegSetValueExW(hKey, lpValueName=None, lpData=None, dwType=None) source code
 
RegSetValueExA(hKey, lpValueName=None, lpData=None, dwType=None) source code
 
RegEnumValueW(hKey, dwIndex, bGetData=True) source code
 
RegEnumValueA(hKey, dwIndex, bGetData=True) source code
 
RegDeleteKeyA(hKeySrc, lpSubKey=None) source code
 
RegOpenCurrentUser(samDesired=983103) source code
 
RegDeleteKeyW(hKeySrc, lpSubKey=None) source code
 
RegOpenKeyA(hKey=2147483650, lpSubKey=None) source code
 
RegOpenKeyW(hKey=2147483650, lpSubKey=None) source code
 
SaferCloseLevel(hLevelHandle) source code
 
SaferComputeTokenFromLevel(LevelHandle, InAccessToken=None, dwFlags=0) source code
 
RegCloseKey(hKey) source code
 
RegDeleteKeyValueA(hKeySrc, lpSubKey=None, lpValueName=None) source code
 
RegDeleteKeyValueW(hKeySrc, lpSubKey=None, lpValueName=None) source code
 
RegCopyTreeW(hKeySrc, lpSubKey, hKeyDest) source code
 
RegCopyTreeA(hKeySrc, lpSubKey, hKeyDest) source code
 
WTSFreeMemory(pMemory) source code
 
CreateProcessWithLogonA(*argv, **argd) source code
 
CreateProcessWithLogonW(lpUsername=None, lpDomain=None, lpPassword=None, dwLogonFlags=0, lpApplicationName=None, lpCommandLine=None, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None) source code
 
OpenProcessToken(ProcessHandle, DesiredAccess=983551) source code
 
EnumServicesStatusA(hSCManager, dwServiceType=59, dwServiceState=3) source code
 
EnumServicesStatusW(hSCManager, dwServiceType=59, dwServiceState=3) source code
 
DuplicateTokenEx(hExistingToken, dwDesiredAccess=983551, lpTokenAttributes=None, ImpersonationLevel=2, TokenType=1) source code
 
GetUserNameA() source code
 
GetThreadWaitChain(WctHandle, Context=None, Flags=7, ThreadId=-1, NodeCount=16) source code
 
ConvertStringSidToSidW(StringSid) source code
 
RegQueryValueA(hKey, lpSubKey=None) source code
 
ConvertStringSidToSidA(StringSid) source code
 
RegQueryValueW(hKey, lpSubKey=None) source code
 
GetServiceDisplayNameW(hSCManager, lpServiceName) source code
 
GetServiceDisplayNameA(hSCManager, lpServiceName) source code
 
CloseThreadWaitChainSession(WctHandle) source code
 
OpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf=True) source code
 
CreateProcessWithTokenA(*argv, **argd) source code
 
CreateProcessWithTokenW(hToken=None, dwLogonFlags=0, lpApplicationName=None, lpCommandLine=None, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None) source code
 
CreateServiceA(hSCManager, lpServiceName, lpDisplayName=None, dwDesiredAccess=983551, dwServiceType=16, dwStartType=3, dwErrorControl=1, lpBinaryPathName=None, lpLoadOrderGroup=None, lpDependencies=None, lpServiceStartName=None, lpPassword=None) source code
 
CreateServiceW(hSCManager, lpServiceName, lpDisplayName=None, dwDesiredAccess=983551, dwServiceType=16, dwStartType=3, dwErrorControl=1, lpBinaryPathName=None, lpLoadOrderGroup=None, lpDependencies=None, lpServiceStartName=None, lpPassword=None) source code
 
FreeSid(pSid) source code
 
RegEnumKeyW(hKey, dwIndex) source code
 
RegEnumKeyA(hKey, dwIndex) source code
 
RegQueryValueExA(hKey, lpValueName=None, bGetData=True) source code
 
RegQueryValueExW(hKey, lpValueName=None, bGetData=True) source code
 
StartServiceA(hService, ServiceArgVectors=None) source code
 
WTSTerminateProcess(hServer, ProcessId, ExitCode) source code
 
IsTokenRestricted(hTokenHandle) source code
 
ProcessIdToSessionId(dwProcessId) source code
 
CopySid(pSourceSid) source code
 
ControlService(hService, dwControl) source code
 
QueryServiceStatusEx(hService, InfoLevel=0) source code
 
WTSGetActiveConsoleSessionId() source code
 
SaferiIsExecutableFileType(szFullPath, bFromShellExecute=False) source code
 
RegOpenUserClassesRoot(hToken, samDesired=983103) source code
 
RegOpenKeyExW(hKey=2147483650, lpSubKey=None, samDesired=983103) source code
 
RegOpenKeyExA(hKey=2147483650, lpSubKey=None, samDesired=983103) source code
 
RegCreateKeyA(hKey=2147483650, lpSubKey=None) source code
 
RegDeleteValueW(hKeySrc, lpValueName=None) source code
 
RegDeleteValueA(hKeySrc, lpValueName=None) source code
 
OpenThreadWaitChainSession(Flags=0, callback=None) source code
 
GetTokenInformation(hTokenHandle, TokenInformationClass) source code
 
RegConnectRegistryW(lpMachineName=None, hKey=2147483650) source code
 
SaferCreateLevel(dwScopeId=2, dwLevelId=131072, OpenFlags=0) source code
 
LookupAccountSidW(lpSystemName, lpSid) source code
 
DuplicateToken(ExistingTokenHandle, ImpersonationLevel=2) source code
 
LookupAccountSidA(lpSystemName, lpSid) source code
 
RegSetValueEx(hKey, lpValueName=None, lpData=None, dwType=None) source code
 
LookupPrivilegeNameW(lpSystemName, lpLuid) source code
 
LookupPrivilegeNameA(lpSystemName, lpLuid) source code
 
CommandLineToArgvA(lpCmdLine) source code
 
CommandLineToArgvW(lpCmdLine) source code
 
ShellExecuteExA(lpExecInfo) source code
 
ShellExecuteExW(lpExecInfo) source code
 
SHGetFolderPathW(nFolder, hToken=None, dwFlags=0) source code
 
SHGetFolderPathA(nFolder, hToken=None, dwFlags=0) source code
 
ShellExecuteEx(lpExecInfo) source code
 
FindExecutableW(lpFile, lpDirectory=None) source code
 
ShellExecuteW(hwnd=None, lpOperation=None, lpFile=None, lpParameters=None, lpDirectory=None, nShowCmd=None) source code
 
FindExecutableA(lpFile, lpDirectory=None) source code
 
IsUserAnAdmin() source code
 
ShellExecuteA(hwnd=None, lpOperation=None, lpFile=None, lpParameters=None, lpDirectory=None, nShowCmd=None) source code
 
PathMakePrettyW(pszPath) source code
 
PathMakePrettyA(pszPath) source code
 
PathFindFileNameW(pszPath) source code
 
PathFindFileNameA(pszPath) source code
 
PathIsContentTypeW(pszPath, pszContentType) source code
 
PathIsContentTypeA(pszPath, pszContentType) source code
 
PathIsUNCA(pszPath) source code
 
PathCombineA(lpszDir, lpszFile) source code
 
PathCombineW(lpszDir, lpszFile) source code
 
PathRenameExtensionW(pszPath, pszExt) source code
 
PathRenameExtensionA(pszPath, pszExt) source code
 
IsOS(dwOS) source code
 
PathCanonicalizeA(lpszSrc) source code
 
PathCanonicalizeW(lpszSrc) source code
 
PathFindNextComponentW(pszPath) source code
 
PathFindNextComponentA(pszPath) source code
 
PathIsDirectoryEmptyW(pszPath) source code
 
PathIsDirectoryEmptyA(pszPath) source code
 
PathFindOnPathW(pszFile, ppszOtherDirs=None) source code
 
PathFindOnPathA(pszFile, ppszOtherDirs=None) source code
 
PathRelativePathToA(pszFrom=None, dwAttrFrom=16, pszTo=None, dwAttrTo=16) source code
 
PathIsNetworkPathW(pszPath) source code
 
PathUnExpandEnvStringsA(pszPath) source code
 
PathIsDirectoryW(pszPath) source code
 
PathFindExtensionA(pszPath) source code
 
PathFindExtensionW(pszPath) source code
 
PathIsRootA(pszPath) source code
 
PathUnExpandEnvStringsW(pszPath) source code
 
PathIsDirectoryA(pszPath) source code
 
PathAppendA(lpszPath, pszMore=None) source code
 
PathAppendW(lpszPath, pszMore=None) source code
 
PathGetArgsA(pszPath) source code
 
PathGetArgsW(pszPath) source code
 
PathRemoveExtensionA(pszPath) source code
 
PathRemoveExtensionW(pszPath) source code
 
PathIsRelativeA(pszPath) source code
 
PathIsRelativeW(pszPath) source code
 
PathIsUNCW(pszPath) source code
 
PathIsNetworkPathA(pszPath) source code
 
PathRemoveArgsW(pszPath) source code
 
PathRemoveBackslashA(pszPath) source code
 
PathIsRootW(pszPath) source code
 
PathRemoveBackslashW(pszPath) source code
 
PathAddExtensionA(lpszPath, pszExtension=None) source code
 
PathAddExtensionW(lpszPath, pszExtension=None) source code
 
PathFileExistsA(pszPath) source code
 
PathFileExistsW(pszPath) source code
 
PathRemoveFileSpecW(pszPath) source code
 
PathIsSameRootW(pszPath1, pszPath2) source code
 
PathIsSameRootA(pszPath1, pszPath2) source code
 
PathAddBackslashA(lpszPath) source code
 
PathAddBackslashW(lpszPath) source code
 
PathRelativePathToW(pszFrom=None, dwAttrFrom=16, pszTo=None, dwAttrTo=16) source code
 
PathRemoveFileSpecA(pszPath) source code
 
PathRemoveArgsA(pszPath) source code
 
EnumProcesses() source code
 
GetProcessImageFileNameW(hProcess) source code
 
GetMappedFileNameA(hProcess, lpv) source code
 
GetDeviceDriverFileNameA(ImageBase) source code
 
GetModuleInformation(hProcess, hModule, lpmodinfo=None) source code
 
GetDeviceDriverFileNameW(ImageBase) source code
 
EnumProcessModules(hProcess) source code
 
GetProcessImageFileNameA(hProcess) source code
 
GetModuleFileNameExW(hProcess, hModule=None) source code
 
GetDeviceDriverBaseNameA(ImageBase) source code
 
EnumDeviceDrivers() source code
 
EnumProcessModulesEx(hProcess, dwFilterFlag=0) source code
 
GetDeviceDriverBaseNameW(ImageBase) source code
 
GetModuleFileNameExA(hProcess, hModule=None) source code
 
GetMappedFileNameW(hProcess, lpv) source code
 
WaitForSingleObject(hHandle, dwMilliseconds=-1) source code
 
GetGuiResources(hProcess, uiFlags=0) source code
 
ReleaseMutex(hMutex) source code
 
GetProcessAffinityMask(hProcess) source code
 
SymCleanup(hProcess) source code
 
VerQueryValueW(pBlock, lpSubBlock) source code
 
SetConsoleActiveScreenBuffer(hConsoleOutput=None) source code
 
VerQueryValueA(pBlock, lpSubBlock) source code
 
SetHandleInformation(hObject, dwMask, dwFlags) source code
 
OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId) source code
 
SetProcessPriorityBoost(hProcess, DisablePriorityBoost) source code
 
GetFileInformationByHandleEx(hFile, FileInformationClass, lpFileInformation, dwBufferSize) source code
 
StackWalk64(MachineType, hProcess, hThread, StackFrame, ContextRecord=None, ReadMemoryRoutine=None, FunctionTableAccessRoutine=None, GetModuleBaseRoutine=None, TranslateAddress=None) source code
 
VirtualAllocEx(hProcess, lpAddress=0, dwSize=4096, flAllocationType=12288, flProtect=64) source code
 
ContinueDebugEvent(dwProcessId, dwThreadId, dwContinueStatus=2147549185) source code
 
SymSetParentWindow(hwnd) source code
 
GetThreadContext(hThread, ContextFlags=None, raw=False) source code
 
GetLogicalDriveStringsA() source code
 
OpenMutexA(dwDesiredAccess=2031617, bInitialOwner=True, lpName=None) source code
 
CreateMutexA(lpMutexAttributes=None, bInitialOwner=True, lpName=None) source code
 
CreateMutexW(lpMutexAttributes=None, bInitialOwner=True, lpName=None) source code
 
SearchPathW(lpPath, lpFileName, lpExtension) source code
 
SearchPathA(lpPath, lpFileName, lpExtension) source code
 
VirtualQueryEx(hProcess, lpAddress) source code
 
GetSystemMetrics(nIndex) source code
 
VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect=64) source code
 
CreateFileW(lpFileName, dwDesiredAccess=268435456, dwShareMode=0, lpSecurityAttributes=None, dwCreationDisposition=4, dwFlagsAndAttributes=128, hTemplateFile=None) source code
 
CreateFileA(lpFileName, dwDesiredAccess=268435456, dwShareMode=0, lpSecurityAttributes=None, dwCreationDisposition=4, dwFlagsAndAttributes=128, hTemplateFile=None) source code
 
SetLastError(dwErrCode) source code
 
VerSetConditionMask(dwlConditionMask, dwTypeBitMask, dwConditionMask) source code
 
GetThreadErrorMode() source code
 
GetProcAddressW(*argv, **argd) source code
 
GetProcAddressA(hModule, lpProcName) source code
 
SetThreadContext(hThread, lpContext) source code
 
GetVersion() source code
 
SymUnloadModule(hProcess, BaseOfDll) source code
 
GetCurrentThreadId() source code
 
GetCurrentProcessorNumber() source code
 
MapViewOfFile(hFileMappingObject, dwDesiredAccess=983103, dwFileOffsetHigh=0, dwFileOffsetLow=0, dwNumberOfBytesToMap=0) source code
 
GetModuleHandleA(lpModuleName) source code
 
SetDllDirectoryA(lpPathName=None) source code
 
Wow64RevertWow64FsRedirection(OldValue) source code
 
SetDllDirectoryW(lpPathName) source code
 
GetModuleHandleW(lpModuleName) source code
 
GetFileVersionInfoA(lptstrFilename) source code
 
GetFileVersionInfoW(lptstrFilename) source code
 
QueryFullProcessImageNameA(hProcess, dwFlags=0) source code
 
SymSetSearchPathW(hProcess, SearchPath=None) source code
 
SymSetSearchPathA(hProcess, SearchPath=None) source code
 
QueryFullProcessImageNameW(hProcess, dwFlags=0) source code
 
SetErrorMode(uMode) source code
 
GetSystemTimeAsFileTime() source code
 
SymGetModuleInfo64W(hProcess, dwAddr) source code
 
SymGetModuleInfo64A(hProcess, dwAddr) source code
 
SymSetOptions(SymOptions) source code
 
TerminateProcess(hProcess, dwExitCode=0) source code
 
FreeLibrary(hModule) source code
 
WaitForMultipleObjects(handles, bWaitAll=False, dwMilliseconds=-1) source code
 
GetConsoleCP() source code
 
SymGetOptions() source code
 
Heap32ListNext(hSnapshot, hl=None) source code
 
GetHandleInformation(hObject) source code
 
OpenFileMappingW(dwDesiredAccess, bInheritHandle, lpName) source code
 
OpenFileMappingA(dwDesiredAccess, bInheritHandle, lpName) source code
 
CheckRemoteDebuggerPresent(hProcess) source code
 
SetConsoleCP(wCodePageID) source code
 
SetConsoleWindowInfo(hConsoleOutput, bAbsolute, lpConsoleWindow) source code
 
SymEnumerateModulesA(hProcess, EnumModulesCallback, UserContext=None) source code
 
SymUnloadModule64(hProcess, BaseOfDll) source code
 
GlobalGetAtomNameW(nAtom) source code
 
SymFromNameW(hProcess, Name) source code
 
GetSystemInfo() source code
 
GlobalGetAtomNameA(nAtom) source code
 
AllocConsole() source code
 
CreateProcessA(lpApplicationName, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None) source code
 
CreateProcessW(lpApplicationName, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None) source code
 
SymGetModuleInfoA(hProcess, dwAddr) source code
 
VerifyVersionInfoA(lpVersionInfo, dwTypeMask, dwlConditionMask) source code
 
FileTimeToSystemTime(lpFileTime) source code
 
SymGetModuleInfoW(hProcess, dwAddr) source code
 
VerifyVersionInfoW(lpVersionInfo, dwTypeMask, dwlConditionMask) source code
 
SymEnumerateModules64W(hProcess, EnumModulesCallback, UserContext=None) source code
 
SymEnumerateModules64A(hProcess, EnumModulesCallback, UserContext=None) source code
 
LocalFree(hMem) source code
 
OpenThread(dwDesiredAccess, bInheritHandle, dwThreadId) source code
 
SymLoadModuleA(hProcess, hFile=None, ImageName=None, ModuleName=None, BaseOfDll=None, SizeOfDll=None) source code
 
SymLoadModuleW(*argv, **argd) source code
 
SetConsoleOutputCP(wCodePageID) source code
 
SetConsoleTextAttribute(hConsoleOutput=None, wAttributes=0) source code
 
FlushFileBuffers(hFile) source code
 
ResetEvent(hEvent) source code
 
SymEnumerateSymbols64A(hProcess, BaseOfDll, EnumSymbolsCallback, UserContext=None) source code
 
SymEnumerateSymbols64W(hProcess, BaseOfDll, EnumSymbolsCallback, UserContext=None) source code
 
GetFileInformationByHandle(hFile) source code
 
GetErrorMode() source code
 
MakeSureDirectoryPathExistsA(DirPath) source code
 
Wow64DisableWow64FsRedirection() source code
 
SymInitializeW(*argv, **argd) source code
 
GetProcessVersion(ProcessId) source code
 
GetExitCodeProcess(hProcess) source code
 
GetProcessId(hProcess) source code
 
Thread32First(hSnapshot) source code
 
GlobalFindAtomW(lpString) source code
 
GlobalFindAtomA(lpString) source code
 
SymFromAddrW(hProcess, Address) source code
 
GetLogicalDriveStringsW() source code
 
Heap32First(th32ProcessID, th32HeapID) source code
 
LoadLibraryW(pszLibrary) source code
 
LoadLibraryA(pszLibrary) source code
 
ReadProcessMemory(hProcess, lpBaseAddress, nSize) source code
 
GetConsoleScreenBufferInfo(hConsoleOutput=None) source code
 
DuplicateHandle(hSourceHandle, hSourceProcessHandle=None, hTargetProcessHandle=None, dwDesiredAccess=2031616, bInheritHandle=False, dwOptions=2) source code
 
SymGetSearchPathW(hProcess) source code
 
SymGetSymFromAddr64(hProcess, Address) source code
 
GetStdHandle(nStdHandle) source code
 
ImagehlpApiVersion() source code
 
MakeSureDirectoryPathExistsW(*argv, **argd) source code
 
LoadLibraryExA(pszLibrary, dwFlags=0) source code
 
LoadLibraryExW(pszLibrary, dwFlags=0) source code
 
CreateToolhelp32Snapshot(dwFlags=15, th32ProcessID=0) source code
 
ImagehlpApiVersionEx(MajorVersion, MinorVersion, Revision) source code
 
UpdateProcThreadAttribute(lpAttributeList, Attribute, Value, cbSize=None) source code
 
GetCurrentThread() source code
 
DeleteProcThreadAttributeList(lpAttributeList) source code
 
VerifyVersionInfo(lpVersionInfo, dwTypeMask, dwlConditionMask) source code
 
GetCurrentProcess() source code
 
FlushProcessWriteBuffers() source code
 
UnDecorateSymbolNameA(DecoratedName, Flags=0) source code
 
UnDecorateSymbolNameW(DecoratedName, Flags=0) source code
 
FlushInstructionCache(hProcess, lpBaseAddress=None, dwSize=0) source code
 
SymEnumerateSymbolsA(hProcess, BaseOfDll, EnumSymbolsCallback, UserContext=None) source code
 
GetTempFileNameW(lpPathName=None, lpPrefixString=u'TMP', uUnique=0) source code
 
GetTempFileNameA(lpPathName=None, lpPrefixString='TMP', uUnique=0) source code
 
Thread32Next(hSnapshot, te=None) source code
 
GetProcessTimes(hProcess=None) source code
 
PulseEvent(hEvent) source code
 
SymFromAddr(hProcess, Address) source code
 
UnmapViewOfFile(lpBaseAddress) source code
 
GetConsoleOutputCP() source code
 
Wow64SuspendThread(hThread) source code
 
DeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lpOverlapped) source code
 
SymLoadModule64W(*argv, **argd) source code
 
SymLoadModule64A(hProcess, hFile=None, ImageName=None, ModuleName=None, BaseOfDll=None, SizeOfDll=None) source code
 
SetProcessAffinityMask(hProcess, dwProcessAffinityMask) source code
 
GlobalAddAtomA(lpString) source code
 
GetThreadSelectorEntry(hThread, dwSelector) source code
 
GetVersionExW() source code
 
GetVersionExA() source code
 
Process32First(hSnapshot) source code
 
CreateEventW(lpMutexAttributes=None, bManualReset=False, bInitialState=False, lpName=None) source code
 
CreateEventA(lpMutexAttributes=None, bManualReset=False, bInitialState=False, lpName=None) source code
 
OpenMutexW(dwDesiredAccess=2031617, bInitialOwner=True, lpName=None) source code
 
Toolhelp32ReadProcessMemory(th32ProcessID, lpBaseAddress, cbRead) source code
 
Heap32Next(he) source code
 
WaitForDebugEvent(dwMilliseconds=-1) source code
 
ResumeThread(hThread) source code
 
SymEnumerateModulesW(hProcess, EnumModulesCallback, UserContext=None) source code
 
GetProcessPriorityBoost(hProcess) source code
 
WaitForMultipleObjectsEx(handles, bWaitAll=False, dwMilliseconds=-1, bAlertable=True) source code
 
CreateFileMappingW(hFile, lpAttributes=None, flProtect=64, dwMaximumSizeHigh=0, dwMaximumSizeLow=0, lpName=None) source code
 
CreateFileMappingA(hFile, lpAttributes=None, flProtect=64, dwMaximumSizeHigh=0, dwMaximumSizeLow=0, lpName=None) source code
 
GetLastError() source code
 
SymInitializeA(hProcess, UserSearchPath=None, fInvadeProcess=False) source code
 
SuspendThread(hThread) source code
 
CloseHandle(hHandle) source code
 
GetProcessHandleCount(hProcess) source code
 
GetThreadId(hThread) source code
 
OpenEventW(dwDesiredAccess=2031619, bInheritHandle=False, lpName=None) source code
 
OpenEventA(dwDesiredAccess=2031619, bInheritHandle=False, lpName=None) source code
 
SymGetSearchPathA(hProcess) source code
 
GetTempPathA() source code
 
GetTempPathW() source code
 
OutputDebugStringW(lpOutputString) source code
 
OutputDebugStringA(lpOutputString) source code
 
WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer) source code
 
GetProcessDEPPolicy(hProcess) source code
 
FlushViewOfFile(lpBaseAddress, dwNumberOfBytesToFlush=0) source code
 
SetThreadErrorMode(dwNewMode) source code
 
InitializeProcThreadAttributeList(dwAttributeCount) source code
 
GlobalAddAtomW(lpString) source code
 
SetPriorityClass(hProcess, dwPriorityClass=32) source code
 
CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags) source code
 
GetDllDirectoryW() source code
 
GetCurrentDirectoryW() source code
 
VirtualFreeEx(hProcess, lpAddress, dwSize=0, dwFreeType=32768) source code
 
GetCurrentDirectoryA() source code
 
RaiseIfLastError(result, func=None, arguments=())
Error checking for Win32 API calls with no error-specific return value.		 source code
 
SymEnumerateSymbolsW(hProcess, BaseOfDll, EnumSymbolsCallback, UserContext=None) source code
 
SymGetHomeDirectoryW(type) source code
 
SymSetHomeDirectoryW(hProcess, dir=None) source code
 
SymGetHomeDirectoryA(type) source code
 
SymSetHomeDirectoryA(hProcess, dir=None) source code
 
GenerateConsoleCtrlEvent(dwCtrlEvent, dwProcessGroupId) source code
 
GetDllDirectoryA() source code
 
GetNativeSystemInfo() source code
 
Heap32ListFirst(hSnapshot) source code
 
SymFromName(hProcess, Name) source code
 
GetFinalPathNameByHandleW(hFile, dwFlags=0) source code
 
GetFinalPathNameByHandleA(hFile, dwFlags=0) source code
 
GetLargePageMinimum() source code
 
DebugActiveProcessStop(dwProcessId) source code
 
IsWow64Process(hProcess) source code
 
SetConsoleCtrlHandler(HandlerRoutine=None, Add=True) source code
 
Module32First(hSnapshot) source code
 
SymRefreshModuleList(hProcess) source code
 
GetExitCodeThread(hThread) source code
 
Module32Next(hSnapshot, me=None) source code
 
DebugActiveProcess(dwProcessId) source code
 
Process32Next(hSnapshot, pe=None) source code
 
RtlPcToFileHeader(PcValue) source code
 
DebugBreakProcess(hProcess) source code
 
AttachConsole(dwProcessId=4294967295) source code
 
GlobalDeleteAtom(nAtom) source code
 
WaitForSingleObjectEx(hHandle, dwMilliseconds=-1, bAlertable=True) source code
 
SetSearchPathMode(Flags) source code
 
GetCurrentProcessId() source code
 
GetFullPathNameA(lpFileName) source code
 
SetEvent(hEvent) source code
 
QueryDosDeviceA(lpDeviceName=None) source code
 
QueryDosDeviceW(lpDeviceName) source code
 
GetFullPathNameW(lpFileName) source code
 
GetPriorityClass(hProcess) source code
 
DebugSetProcessKillOnExit(KillOnExit) source code
 
TerminateThread(hThread, dwExitCode=0) source code
 
GetProductInfo(dwOSMajorVersion, dwOSMinorVersion, dwSpMajorVersion, dwSpMinorVersion) source code
 
FreeConsole() source code
 
GetProcessIdOfThread(hThread) source code
 
Wow64EnableWow64FsRedirection(Wow64FsEnableRedirection)
This function may not work reliably when there are nested calls.		 source code
 
MakeWideVersion(fn)
Decorator that generates a Unicode (wide) version of an ANSI only API call.		 source code
 
RaiseIfNotZero(result, func=None, arguments=())
Error checking for some odd Win32 API calls.		 source code
 
CsrGetProcessId() source code
 
RaiseIfNotErrorSuccess(result, func=None, arguments=())
Error checking for Win32 Registry API calls.		 source code
 
RaiseIfZero(result, func=None, arguments=())
Error checking for most Win32 API calls.		 source code
 
ZwQueryInformationFile(FileHandle, FileInformationClass, FileInformation, Length) source code
 
NtSystemDebugControl(Command, InputBuffer=None, InputBufferLength=None, OutputBuffer=None, OutputBufferLength=None) source code
 
NtQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformationLength=None) source code
 
ZwQueryInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformationLength=None) source code
 
ZwQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformationLength=None) source code
 
NtQueryInformationFile(FileHandle, FileInformationClass, FileInformation, Length) source code
 
ZwSystemDebugControl(Command, InputBuffer=None, InputBufferLength=None, OutputBuffer=None, OutputBufferLength=None) source code
 
RtlNtStatusToDosError(Status) source code
 
NtQueryInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformationLength=None) source code
 
MakeANSIVersion(fn)
Decorator that generates an ANSI version of a Unicode (wide) only API call.		 source code
Variables [hide private]
  __revision__ = '$Id: __init__.py 1299 2013-12-20 09:30:55Z qva...
  WM_PRINTCLIENT = 792
  WM_DEVMODECHANGE = 27
  WM_GETTEXTLENGTH = 14
  WM_INITMENUPOPUP = 279
  CN_TRANSMIT = 2
  WM_SYSCHAR = 262
  SMTO_ERRORONEXIT = 32
  WM_MENUCHAR = 288
  WM_NOTIFYFORMAT = 85
  SW_MAXIMIZE = 3
  GWL_HINSTANCE = -6
  WM_GETICON = 127
  SMTO_NOTIMEOUTIFNOTHUNG = 8
  WM_ENTERMENULOOP = 529
  WPF_RESTORETOMAXIMIZED = 2
  SW_SHOWNORMAL = 1
  WM_PALETTEISCHANGING = 784
  WM_PRINT = 791
  SW_SHOWNOACTIVATE = 4
  WM_SYSDEADCHAR = 263
  WM_NULL = 0
  WM_KEYFIRST = 256
  WM_DELETEITEM = 45
  WM_CLOSE = 16
  WM_SYSCOMMAND = 274
  WM_NCLBUTTONDOWN = 161
  WM_ERASEBKGND = 20
  WM_ASKCBFORMATNAME = 780
  WM_NCDESTROY = 130
  SW_SHOWMINIMIZED = 2
  GW_ENABLEDPOPUP = 6
  WM_NCMOUSEMOVE = 160
  WM_MDINEXT = 548
  WM_QUERYOPEN = 19
  RegisterClipboardFormat = GuessStringType(RegisterClipboardFor...
  WM_MDIDESTROY = 545
  WM_QUERYENDSESSION = 17
  POINT
  WM_SIZECLIPBOARD = 779
  WM_KEYDOWN = 256
  WM_CANCELMODE = 31
  WM_CONTEXTMENU = 123
  GW_CHILD = 5
  WM_QUERYDRAGICON = 55
  WM_FONTCHANGE = 29
  WM_CREATE = 1
  WM_STYLECHANGED = 125
  WM_MENUSELECT = 287
  WM_MDIMAXIMIZE = 549
  WM_COPY = 769
  WM_ACTIVATE = 6
  SetWindowText = GuessStringType(SetWindowTextA, SetWindowTextW)
  WM_CHILDACTIVATE = 34
  GWL_ID = -12
  HWND_DESKTOP = 0
  WM_MOUSEMOVE = 512
  WM_PAINTICON = 38
  WM_PAINTCLIPBOARD = 777
  SMTO_BLOCK = 1
  GW_HWNDFIRST = 0
  GA_PARENT = 1
  WM_INPUTLANGCHANGEREQUEST = 80
  WM_GETHOTKEY = 51
  WM_OTHERWINDOWCREATED = 66
  GetWindowLongPtr = DefaultStringType(GetWindowLongA, GetWindow...
  WM_MDICREATE = 544
  WM_DROPFILES = 563
  WM_DRAWCLIPBOARD = 776
  WM_NCMBUTTONDBLCLK = 169
  WM_NCRBUTTONDBLCLK = 166
  WM_TIMER = 275
  WM_CTLCOLORSTATIC = 312
  WM_SYSKEYDOWN = 260
  HWND_TOP = 1
  WM_MOUSEFIRST = 512
  FindWindowEx = GuessStringType(FindWindowExA, FindWindowExW)
  WM_NCMBUTTONDOWN = 167
  LPPOINT
  WM_MBUTTONUP = 520
  WM_COMMNOTIFY = 68
  WM_MOUSELAST = 521
  WM_NCACTIVATE = 134
  WM_SIZE = 5
  WM_GETOBJECT = 61
  WA_CLICKACTIVE = 2
  WM_ENABLE = 10
  HWND_MESSAGE = -3
  WM_CTLCOLORMSGBOX = 306
  SendMessageTimeout = GuessStringType(SendMessageTimeoutA, Send...
  WM_CTLCOLORBTN = 309
  WM_VKEYTOITEM = 46
  WM_CTLCOLORDLG = 310
  WM_CUT = 768
  GWLP_USERDATA = -21
  WM_NCLBUTTONDBLCLK = 163
  WM_RENDERFORMAT = 773
  WM_PARENTNOTIFY = 528
  WM_ICONERASEBKGND = 39
  WM_HELP = 83
  WM_SPOOLERSTATUS = 42
  WM_INITDIALOG = 272
  RemoveProp = GuessStringType(RemovePropA, RemovePropW)
  WM_APP = 2048
  WM_LBUTTONDBLCLK = 515
  GW_HWNDPREV = 3
  WM_SYSCOLORCHANGE = 21
  CN_RECEIVE = 1
  CN_EVENT = 4
  WM_MDIACTIVATE = 546
  GWL_EXSTYLE = -20
  WM_CHANGECBCHAIN = 781
  GWL_HWNDPARENT = -8
  PWR_OK = 1
  WM_GETDLGCODE = 135
  WM_CLEAR = 771
  PWR_FAIL = -1
  GWL_USERDATA = -21
  SW_RESTORE = 9
  WM_PENWINLAST = 911
  WM_CANCELJOURNAL = 75
  WM_WINDOWPOSCHANGING = 70
  SW_SHOW = 5
  GW_HWNDLAST = 1
  SW_SHOWMAXIMIZED = 3
  WM_MBUTTONDOWN = 519
  WM_MOVE = 3
  WM_HOTKEY = 786
  WM_SETICON = 128
  PostThreadMessage = GuessStringType(PostThreadMessageA, PostTh...
  WM_HSCROLLCLIPBOARD = 782
  WM_RBUTTONDOWN = 516
  LPRECT
  WM_SETHOTKEY = 50
  SW_NORMAL = 1
  WM_SETCURSOR = 32
  WM_COMPAREITEM = 57
  WM_SETREDRAW = 11
  WM_PAINT = 15
  WM_MDICASCADE = 551
  WM_MDIREFRESHMENU = 564
  WM_TCARD = 82
  WM_LBUTTONUP = 514
  WM_MDIGETACTIVE = 553
  WM_KEYLAST = 264
  WM_VSCROLL = 277
  GWLP_ID = -12
  SW_SHOWNA = 8
  WM_MDISETMENU = 560
  WA_ACTIVE = 1
  SetProp = GuessStringType(SetPropA, SetPropW)
  WM_DESTROY = 2
  GA_ROOTOWNER = 3
  GetWindowLong = DefaultStringType(GetWindowLongA, GetWindowLongW)
  WM_GETFONT = 49
  WM_CTLCOLORLISTBOX = 308
  WM_CHARTOITEM = 47
  WM_NCPAINT = 133
  GW_HWNDNEXT = 2
  PWR_SUSPENDRESUME = 2
  WM_MDIICONARRANGE = 552
  WM_ENTERIDLE = 289
  WM_COMPACTING = 65
  FindWindow = GuessStringType(FindWindowA, FindWindowW)
  WM_CHAR = 258
  GWLP_HWNDPARENT = -8
  WM_DISPLAYCHANGE = 126
  WM_INITMENU = 278
  SW_FORCEMINIMIZE = 11
  WM_ACTIVATEAPP = 28
  WPF_SETMINPOSITION = 1
  WM_QUIT = 18
  PostMessage = GuessStringType(PostMessageA, PostMessageW)
  WM_LBUTTONDOWN = 513
  GA_ROOT = 2
  WM_COMMAND = 273
  RECT
  WM_NEXTDLGCTL = 40
  WM_NOTIFY = 78
  WM_CTLCOLOREDIT = 307
  SW_MINIMIZE = 6
  HWND_NOTOPMOST = -2
  WM_ENDSESSION = 22
  WM_NCRBUTTONUP = 165
  WM_USERCHANGED = 84
  PWR_SUSPENDREQUEST = 1
  GWLP_EXSTYLE = -20
  WM_DESTROYCLIPBOARD = 775
  WM_MEASUREITEM = 44
  WM_SETTEXT = 12
  WM_NCRBUTTONDOWN = 164
  SendMessage = GuessStringType(SendMessageA, SendMessageW)
  WM_DRAWITEM = 43
  WM_MDIRESTORE = 547
  WM_PALETTECHANGED = 785
  WM_MDITILE = 550
  WM_PASTE = 770
  WPF_ASYNCWINDOWPLACEMENT = 4
  WM_INPUTLANGCHANGE = 81
  SMTO_ABORTIFHUNG = 2
  SetWindowLongPtr = DefaultStringType(SetWindowLongA, SetWindow...
  WM_NCMBUTTONUP = 168
  SetWindowLong = DefaultStringType(SetWindowLongA, SetWindowLongW)
  GW_OWNER = 4
  PPOINT
  WM_GETMINMAXINFO = 36
  WM_KILLFOCUS = 8
  WM_MOUSEACTIVATE = 33
  WM_QUEUESYNC = 35
  WM_RENDERALLFORMATS = 774
  WM_TIMECHANGE = 30
  SMTO_NORMAL = 0
  WM_SYSKEYUP = 261
  GWLP_HINSTANCE = -6
  GetClassName = GuessStringType(GetClassNameA, GetClassNameW)
  SW_SHOWDEFAULT = 10
  WA_INACTIVE = 0
  WM_PENWINFIRST = 896
  WM_NCCREATE = 129
  PRECT
  GetWindowText = GuessStringType(GetWindowTextA, GetWindowTextW)
  WM_GETTEXT = 13
  WM_SETFOCUS = 7
  RegisterWindowMessage = GuessStringType(RegisterWindowMessageA...
  GetProp = GuessStringType(GetPropA, GetPropW)
  WM_UNDO = 772
  SendDlgItemMessage = GuessStringType(SendDlgItemMessageA, Send...
  WM_HSCROLL = 276
  WM_SETTINGCHANGE = 26
  WM_SYNCPAINT = 136
  WM_VSCROLLCLIPBOARD = 778
  GWL_STYLE = -16
  WM_WINDOWPOSCHANGED = 71
  WM_WININICHANGE = 26
  WM_COPYDATA = 74
  HWND_BOTTOM = 1
  GWLP_STYLE = -16
  WM_NCHITTEST = 132
  SendNotifyMessage = GuessStringType(SendNotifyMessageA, SendNo...
  WM_USER = 1024
  HWND_TOPMOST = -1
  WM_MBUTTONDBLCLK = 521
  WM_KEYUP = 257
  WM_RBUTTONDBLCLK = 518
  WM_STYLECHANGING = 124
  WM_QUERYNEWPALETTE = 783
  WM_DEADCHAR = 259
  SW_HIDE = 0
  GWL_WNDPROC = -4
  WM_SHOWWINDOW = 24
  GWLP_WNDPROC = -4
  WM_EXITMENULOOP = 530
  WM_POWER = 72
  WM_CTLCOLORSCROLLBAR = 311
  WM_NCCALCSIZE = 131
  WM_OTHERWINDOWDESTROYED = 67
  PWR_CRITICALRESUME = 3
  WM_SETFONT = 48
  SW_SHOWMINNOACTIVE = 7
  WM_RBUTTONUP = 517
  WM_NCLBUTTONUP = 162
  WTSConnected = 1
  SERVICES_FAILED_DATABASEW = u'ServicesFailed'
  KEY_QUERY_VALUE = 1
  WTSValidationInfo = 27
  SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege'
  WTSOEMId = 3
  SC_MANAGER_ENUMERATE_SERVICE = 4
  SERVICE_STOP_PENDING = 3
  KEY_WOW64_32KEY = 512
  LOGON_WITH_PROFILE = 1
  SAFER_LEVELID_DISALLOWED = 0
  SC_STATUS_PROCESS_INFO = 0
  WTSUserName = 5
  SidTypeDomain = 3
  SERVICE_CONFIG_DESCRIPTION = 1
  TokenDefaultDacl = 6
  SE_LOCK_MEMORY_NAME = 'SeLockMemoryPrivilege'
  LookupPrivilegeValue = GuessStringType(LookupPrivilegeValueA, ...
  KEY_ENUMERATE_SUB_KEYS = 8
  SE_CREATE_PAGEFILE_NAME = 'SeCreatePagefilePrivilege'
  LOGON_NETCREDENTIALS_ONLY = 2
  TokenElevationTypeLimited = 3
  SC_ACTION_REBOOT = 2
  SE_MACHINE_ACCOUNT_NAME = 'SeMachineAccountPrivilege'
  WCTP_OPEN_ALL_FLAGS = 1
  TokenUserClaimAttributes = 33
  WTSIsRemoteSession = 29
  REG_RESOURCE_REQUIREMENTS_LIST = 10
  SERVICE_ACTIVE = 1
  SERVICE_RUNS_IN_SYSTEM_PROCESS = 1
  HKEY_USERS = 2147483651
  TokenPrimaryGroup = 5
  SERVICE_START_PENDING = 2
  SERVICE_START = 16
  SE_IMPERSONATE_NAME = 'SeImpersonatePrivilege'
  SAFER_LEVELID_UNTRUSTED = 4096
  WctStatusPidOnlyRpcss = 5
  SERVICE_PAUSED = 7
  SERVICE_ACCEPT_SESSIONCHANGE = 128
  REG_FULL_RESOURCE_DESCRIPTOR = 9
  KEY_ALL_ACCESS = 983103
  SERVICE_CONTROL_POWEREVENT = 13
  SERVICE_STATE_ALL = 3
  SaferPolicyDefaultLevel = 3
  SE_BACKUP_NAME = 'SeBackupPrivilege'
  SE_AUDIT_NAME = 'SeAuditPrivilege'
  SERVICES_FAILED_DATABASEA = 'ServicesFailed'
  SE_PRIVILEGE_REMOVED = 4
  WTSInit = 9
  SidTypeWellKnownGroup = 5
  SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 32
  SE_ENABLE_DELEGATION_NAME = 'SeEnableDelegationPrivilege'
  RegDeleteValue = GuessStringType(RegDeleteValueA, RegDeleteVal...
  WTSClientName = 10
  TokenPrimary = 1
  CreateProcessWithLogon = DefaultStringType(CreateProcessWithLo...
  TokenUser = 1
  SaferPolicyEvaluateUserScope = 4
  HKEY_CURRENT_USER = 2147483649
  SidTypeAlias = 4
  SE_INC_BASE_PRIORITY_NAME = 'SeIncreaseBasePriorityPrivilege'
  RegCopyTree = GuessStringType(RegCopyTreeA, RegCopyTreeW)
  SERVICES_ACTIVE_DATABASEW = u'ServicesActive'
  REG_QWORD = 11
  TokenLinkedToken = 19
  WTSReset = 7
  SERVICE_CONTROL_DEVICEEVENT = 11
  TokenElevationType = 18
  SidTypeInvalid = 7
  SE_INC_WORKING_SET_NAME = 'SeIncreaseWorkingSetPrivilege'
  KEY_EXECUTE = 131097
  RegQueryValue = GuessStringType(RegQueryValueA, RegQueryValueW)
  SERVICE_DEMAND_START = 3
  SE_RELABEL_NAME = 'SeRelabelPrivilege'
  MaxTokenInfoClass = 41
  EnumServicesStatus = DefaultStringType(EnumServicesStatusA, En...
  SERVICE_CONTROL_NETBINDENABLE = 9
  WTSClientProtocolType = 16
  TokenHasRestrictions = 21
  SERVICE_ACCEPT_STOP = 1
  SERVICE_RECOGNIZER_DRIVER = 8
  SidTypeComputer = 9
  SERVICE_RUNNING = 4
  WTSWorkingDirectory = 2
  SE_TCB_NAME = 'SeTcbPrivilege'
  SERVICE_CONTROL_NETBINDREMOVE = 8
  TOKEN_ALL_ACCESS = 983551
  TokenDeviceClaimAttributes = 34
  GetServiceKeyName = GuessStringType(GetServiceKeyNameA, GetSer...
  SERVICE_NO_CHANGE = 4294967295
  WTSActive = 0
  KEY_CREATE_SUB_KEY = 4
  SERVICE_AUTO_START = 2
  TOKEN_ADJUST_GROUPS = 64
  WTSIncomingFrames = 21
  HKEY_CLASSES_ROOT = 2147483648
  REG_SZ = 1
  WCTP_GETINFO_ALL_FLAGS = 7
  SERVICE_KERNEL_DRIVER = 1
  SERVICE_CONTROL_SESSIONCHANGE = 14
  SERVICE_CONFIG_FAILURE_ACTIONS = 2
  TokenRestrictedDeviceGroups = 38
  TokenUIAccess = 26
  SC_MANAGER_CREATE_SERVICE = 2
  TOKEN_READ = 131080
  SE_TRUSTED_CREDMAN_ACCESS_NAME = 'SeTrustedCredManAccessPrivil...
  TokenVirtualizationEnabled = 24
  WctMaxType = 11
  WctProcessWaitType = 7
  SE_CREATE_SYMBOLIC_LINK_NAME = 'SeCreateSymbolicLinkPrivilege'
  WTSIncomingBytes = 19
  TokenSessionId = 12
  SERVICE_ACCEPT_USERMODEREBOOT = 2048
  TokenSessionReference = 14
  WctThreadType = 8
  WTSOutgoingBytes = 20
  SE_SYNC_AGENT_NAME = 'SeSyncAgentPrivilege'
  SERVICE_INTERROGATE = 128
  TOKEN_QUERY = 8
  RegOpenKeyEx = GuessStringType(RegOpenKeyExA, RegOpenKeyExW)
  WctStatusAbandoned = 8
  SC_MANAGER_QUERY_LOCK_STATUS = 16
  SidTypeGroup = 2
  SERVICE_WIN32 = 48
  RegConnectRegistry = GuessStringType(RegConnectRegistryA, RegC...
  TOKEN_ADJUST_SESSIONID = 256
  WTSClientDisplay = 15
  SERVICE_ENUMERATE_DEPENDENTS = 8
  TokenStatistics = 10
  RegDeleteKeyValue = GuessStringType(RegDeleteKeyValueA, RegDel...
  TokenGroupsAndPrivileges = 13
  WTSConnectQuery = 2
  TokenGroups = 2
  SERVICE_ERROR_IGNORE = 0
  TokenDeviceGroups = 37
  WTSClientBuildNumber = 9
  CreateProcessAsUser = GuessStringType(CreateProcessAsUserA, Cr...
  SE_ASSIGNPRIMARYTOKEN_NAME = 'SeAssignPrimaryTokenPrivilege'
  SecurityDelegation = 3
  WTSClientInfo = 23
  TOKEN_ADJUST_PRIVILEGES = 32
  SidTypeUnknown = 8
  WctStatusPidOnly = 4
  SE_CREATE_PERMANENT_NAME = 'SeCreatePermanentPrivilege'
  TokenCapabilities = 30
  SE_MANAGE_VOLUME_NAME = 'SeManageVolumePrivilege'
  SERVICE_ACCEPT_NETBINDCHANGE = 16
  SERVICE_PAUSE_PENDING = 6
  WCT_OUT_OF_PROC_FLAG = 1
  WctStatusBlocked = 3
  SERVICE_CONTROL_PAUSE = 2
  WctStatusRunning = 2
  TokenIntegrityLevel = 25
  SERVICE_ACCEPT_PARAMCHANGE = 8
  SERVICE_ERROR_SEVERE = 2
  WCT_ASYNC_OPEN_FLAG = 1
  REG_EXPAND_SZ = 2
  SE_SHUTDOWN_NAME = 'SeShutdownPrivilege'
  OpenSCManager = GuessStringType(OpenSCManagerA, OpenSCManagerW)
  WTSSessionAddressV4 = 28
  SERVICE_DISABLED = 4
  SE_PRIVILEGE_ENABLED = 2
  SAFER_LEVELID_NORMALUSER = 131072
  WTS_CURRENT_SERVER_HANDLE = 0
  SC_GROUP_IDENTIFIERA = '+'
  SC_GROUP_IDENTIFIERW = u'+'
  SAFER_SCOPEID_USER = 2
  SE_REMOTE_SHUTDOWN_NAME = 'SeRemoteShutdownPrivilege'
  REG_MULTI_SZ = 7
  SE_CREATE_GLOBAL_NAME = 'SeCreateGlobalPrivilege'
  TokenRestrictedUserClaimAttributes = 35
  TokenMandatoryPolicy = 27
  REG_LINK = 6
  RegQueryValueEx = GuessStringType(RegQueryValueExA, RegQueryVa...
  SERVICE_WIN32_OWN_PROCESS = 16
  SERVICE_CONTROL_STOP = 1
  SE_DEBUG_NAME = 'SeDebugPrivilege'
  WTSConfigInfo = 26
  RegDeleteTree = GuessStringType(RegDeleteTreeA, RegDeleteTreeW)
  ConvertStringSidToSid = GuessStringType(ConvertStringSidToSidA...
  WCT_OBJNAME_LENGTH = 128
  WTSEnumerateProcesses = DefaultStringType(WTSEnumerateProcesse...
  TokenOwner = 4
  OpenService = GuessStringType(OpenServiceA, OpenServiceW)
  WctComType = 5
  WTSListen = 6
  SE_SYSTEM_PROFILE_NAME = 'SeSystemProfilePrivilege'
  GetServiceDisplayName = GuessStringType(GetServiceDisplayNameA...
  SERVICE_FILE_SYSTEM_DRIVER = 2
  TOKEN_DUPLICATE = 2
  SAFER_TOKEN_MASK = 15
  TokenVirtualizationAllowed = 23
  TokenSource = 7
  WTSSessionId = 4
  TokenAppContainerNumber = 32
  SE_UNDOCK_NAME = 'SeUndockPrivilege'
  RegCreateKey = GuessStringType(RegCreateKeyA, RegCreateKeyW)
  KEY_NOTIFY = 16
  SC_MANAGER_MODIFY_BOOT_CONFIG = 32
  WTS_CURRENT_SESSION = 1
  SERVICE_ERROR_CRITICAL = 3
  SERVICE_CONTINUE_PENDING = 5
  WTSConnectState = 8
  WctStatusUnknown = 9
  REG_DWORD_LITTLE_ENDIAN = 4
  SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege'
  SERVICE_USER_DEFINED_CONTROL = 256
  SidTypeLabel = 10
  WTSIdle = 5
  EnumServicesStatusEx = DefaultStringType(EnumServicesStatusExA...
  SE_SECURITY_NAME = 'SeSecurityPrivilege'
  SE_PROF_SINGLE_PROCESS_NAME = 'SeProfileSingleProcessPrivilege'
  SERVICE_ADAPTER = 4
  TokenRestrictedDeviceClaimAttributes = 36
  SERVICE_CHANGE_CONFIG = 2
  REG_QWORD_LITTLE_ENDIAN = 11
  SERVICE_DRIVER = 11
  WCT_MAX_NODE_COUNT = 16
  SaferPolicyLevelList = 1
  SC_ACTION_RESTART = 1
  WTSInitialProgram = 0
  WTSLogonTime = 18
  SAFER_TOKEN_NULL_IF_EQUAL = 1
  SE_PRIVILEGE_ENABLED_BY_DEFAULT = 1
  SecurityAnonymous = 0
  REG_RESOURCE_LIST = 8
  SE_RESTORE_NAME = 'SeRestorePrivilege'
  RegEnumKey = DefaultStringType(RegEnumKeyA, RegEnumKeyW)
  CreateProcessWithToken = DefaultStringType(CreateProcessWithTo...
  RegEnumValue = DefaultStringType(RegEnumValueA, RegEnumValueW)
  KEY_READ = 131097
  TokenRestrictedSids = 11
  SecurityIdentification = 1
  SE_CREATE_TOKEN_NAME = 'SeCreateTokenPrivilege'
  SE_PRIVILEGE_USED_FOR_ACCESS = 2147483648
  WTSSessionInfoEx = 25
  TokenImpersonationLevel = 9
  SE_SYSTEM_ENVIRONMENT_NAME = 'SeSystemEnvironmentPrivilege'
  SERVICE_ERROR_NORMAL = 1
  HKEY_LOCAL_MACHINE = 2147483650
  StartService = GuessStringType(StartServiceA, StartServiceW)
  SERVICE_CONTROL_CONTINUE = 3
  SERVICE_CONTROL_PARAMCHANGE = 6
  WTSClientAddress = 14
  KEY_WRITE = 131078
  SERVICE_ACCEPT_TRIGGEREVENT = 1024
  SERVICE_STOPPED = 1
  SERVICE_QUERY_STATUS = 4
  TokenAuditPolicy = 16
  SAFER_TOKEN_WANT_FLAGS = 8
  SAFER_LEVELID_CONSTRAINED = 65536
  WctStatusMax = 11
  SC_ACTION_RUN_COMMAND = 3
  SERVICE_CONTROL_SHUTDOWN = 5
  WTSApplicationName = 1
  SERVICE_CONTROL_NETBINDADD = 7
  WctStatusNoAccess = 1
  SC_ACTION_NONE = 0
  KEY_CREATE_LINK = 32
  TokenAccessInformation = 22
  SERVICE_PAUSE_CONTINUE = 64
  SERVICE_STOP = 32
  WTSClientHardwareId = 13
  WTSDisconnected = 4
  KEY_WOW64_64KEY = 256
  SAFER_LEVELID_FULLYTRUSTED = 262144
  KEY_SET_VALUE = 2
  WTSClientDirectory = 11
  SidTypeUser = 1
  SC_MANAGER_ALL_ACCESS = 983103
  SAFER_SCOPEID_MACHINE = 1
  TokenType = 8
  WctSendMessageType = 2
  TokenIsAppContainer = 29
  TokenIsRestricted = 40
  WctStatusOwned = 6
  WctStatusNotOwned = 7
  SC_MANAGER_CONNECT = 1
  WTSWinStationName = 6
  RegOpenKey = GuessStringType(RegOpenKeyA, RegOpenKeyW)
  TokenSandBoxInert = 15
  REG_NONE = 0
  SE_INCREASE_QUOTA_NAME = 'SeIncreaseQuotaPrivilege'
  SAFER_LEVEL_OPEN = 1
  SERVICE_ACCEPT_SHUTDOWN = 4
  WTSShadow = 3
  WTSDomainName = 7
  WTSDown = 8
  SERVICE_ALL_ACCESS = 983551
  SecurityImpersonation = 2
  SaferPolicyEnableTransparentEnforcement = 2
  TokenElevation = 20
  HKEY_CURRENT_CONFIG = 2147483653
  SAFER_TOKEN_MAKE_INERT = 4
  WctComActivationType = 9
  WctMutexType = 3
  REG_DWORD_BIG_ENDIAN = 5
  SERVICE_ACCEPT_POWEREVENT = 64
  TokenElevationTypeDefault = 1
  REG_DWORD = 4
  SE_UNSOLICITED_INPUT_NAME = 'SeUnsolicitedInputPrivilege'
  TokenOrigin = 17
  GetUserName = DefaultStringType(GetUserNameA, GetUserNameW)
  SE_TAKE_OWNERSHIP_NAME = 'SeTakeOwnershipPrivilege'
  WCT_OUT_OF_PROC_CS_FLAG = 4
  SERVICE_CONTROL_HARDWAREPROFILECHANGE = 12
  TOKEN_QUERY_SOURCE = 16
  SaferPolicyScopeFlags = 5
  WctAlpcType = 4
  RegDeleteKey = GuessStringType(RegDeleteKeyA, RegDeleteKeyW)
  SERVICE_ACCEPT_TIMECHANGE = 512
  TokenSecurityAttributes = 39
  REG_BINARY = 3
  SERVICE_ACCEPT_PAUSE_CONTINUE = 2
  RegDeleteKeyEx = GuessStringType(RegDeleteKeyExA, RegDeleteKey...
  WctStatusError = 10
  TOKEN_IMPERSONATE = 4
  TOKEN_ASSIGN_PRIMARY = 1
  TokenPrivileges = 3
  SE_TIME_ZONE_NAME = 'SeTimeZonePrivilege'
  TokenAppContainerSid = 31
  WctThreadWaitType = 6
  WctCriticalSectionType = 1
  SidTypeDeletedAccount = 6
  WTSIdleTime = 17
  SAFER_TOKEN_COMPARE_ONLY = 2
  SERVICE_BOOT_START = 0
  SERVICE_QUERY_CONFIG = 1
  SERVICE_ACCEPT_PRESHUTDOWN = 256
  SC_ENUM_PROCESS_INFO = 0
  CreateService = GuessStringType(CreateServiceA, CreateServiceW)
  TOKEN_ADJUST_DEFAULT = 128
  WCT_OUT_OF_PROC_COM_FLAG = 2
  SC_MANAGER_LOCK = 8
  SERVICE_INTERACTIVE_PROCESS = 256
  WctUnknownType = 10
  SERVICE_CONTROL_INTERROGATE = 4
  WTSSessionInfo = 24
  WTSClientProductId = 12
  SERVICE_INACTIVE = 2
  TokenElevationTypeFull = 2
  ConvertSidToStringSid = DefaultStringType(ConvertSidToStringSi...
  LookupAccountSid = GuessStringType(LookupAccountSidA, LookupAc...
  HKEY_PERFORMANCE_DATA = 2147483652
  SERVICE_CONTROL_NETBINDDISABLE = 10
  TokenImpersonation = 2
  LookupPrivilegeName = GuessStringType(LookupPrivilegeNameA, Lo...
  SERVICES_ACTIVE_DATABASEA = 'ServicesActive'
  TokenLogonSid = 28
  SE_LOAD_DRIVER_NAME = 'SeLoadDriverPrivilege'
  WTSOutgoingFrames = 22
  SERVICE_SYSTEM_START = 1
  SERVICE_WIN32_SHARE_PROCESS = 32
  CSIDL_RESOURCES = 56
  CSIDL_FONTS = 20
  CSIDL_PROGRAM_FILESX86 = 42
  CSIDL_COMMON_FAVORITES = 31
  SEE_MASK_HOTKEY = 32
  CSIDL_COMMON_PICTURES = 54
  SEE_MASK_INVOKEIDLIST = 12
  SEE_MASK_WAITFORINPUTIDLE = 33554432
  CSIDL_FLAG_DONT_VERIFY = 16384
  SEE_MASK_ICON = 16
  CSIDL_PROGRAM_FILES = 38
  SEE_MASK_FLAG_NO_UI = 1024
  SEE_MASK_FLAG_LOG_USAGE = 67108864
  SEE_MASK_DEFAULT = 0
  CSIDL_WINDOWS = 36
  CSIDL_COMMON_OEM_LINKS = 58
  CSIDL_PROFILES = 62
  CSIDL_LOCAL_APPDATA = 28
  CSIDL_FLAG_PER_USER_INIT = 2048
  CSIDL_FLAG_MASK = 65280
  CSIDL_PERSONAL = 5
  CSIDL_FOLDER_MASK = 255
  SEE_MASK_CLASSKEY = 3
  SE_ERR_OOM = 8
  CSIDL_CDBURN_AREA = 59
  CSIDL_MYPICTURES = 39
  CSIDL_SENDTO = 9
  SE_ERR_DDETIMEOUT = 28
  CSIDL_STARTUP = 7
  CSIDL_ADMINTOOLS = 48
  SEE_MASK_CLASSNAME = 1
  CSIDL_COMMON_APPDATA = 35
  CSIDL_FLAG_CREATE = 32768
  CSIDL_MYDOCUMENTS = 5
  CSIDL_RESOURCES_LOCALIZED = 57
  CSIDL_COMMON_TEMPLATES = 45
  SEE_MASK_UNICODE = 16384
  CSIDL_APPDATA = 26
  SE_ERR_PNF = 3
  CSIDL_HISTORY = 34
  CSIDL_INTERNET = 1
  SEE_MASK_DOENVSUBST = 512
  CSIDL_PROGRAMS = 2
  SE_ERR_ASSOCINCOMPLETE = 27
  CSIDL_DESKTOPDIRECTORY = 16
  CSIDL_STARTMENU = 11
  SEE_MASK_IDLIST = 4
  SE_ERR_DLLNOTFOUND = 32
  CSIDL_FLAG_NO_ALIAS = 4096
  CSIDL_RECENT = 8
  SEE_MASK_NO_CONSOLE = 32768
  SE_ERR_FNF = 2
  CSIDL_PRINTERS = 4
  CSIDL_FAVORITES = 6
  CSIDL_PROFILE = 40
  CSIDL_MYVIDEO = 14
  SE_ERR_SHARE = 26
  ShellExecute = GuessStringType(ShellExecuteA, ShellExecuteW)
  CSIDL_COMMON_ADMINTOOLS = 47
  SEE_MASK_NOZONECHECKS = 8388608
  CSIDL_DRIVES = 17
  SHGFP_TYPE_DEFAULT = 1
  SEE_MASK_HMONITOR = 2097152
  SE_ERR_DDEFAIL = 29
  CSIDL_SYSTEM = 37
  CSIDL_ALTSTARTUP = 29
  CSIDL_CONTROLS = 3
  CSIDL_DESKTOP = 0
  CSIDL_COMMON_DOCUMENTS = 46
  SE_ERR_ACCESSDENIED = 5
  SE_ERR_NOASSOC = 31
  CSIDL_COMMON_DESKTOPDIRECTORY = 25
  SHGFP_TYPE_CURRENT = 0
  CSIDL_PRINTHOOD = 27
  CSIDL_COMPUTERSNEARME = 61
  CSIDL_BITBUCKET = 10
  SEE_MASK_ASYNCOK = 1048576
  CSIDL_COMMON_STARTUP = 24
  SEE_MASK_NOASYNC = 256
  CSIDL_CONNECTIONS = 49
  CSIDL_PROGRAM_FILES_COMMONX86 = 44
  CSIDL_NETHOOD = 19
  SEE_MASK_NOCLOSEPROCESS = 64
  CSIDL_COMMON_VIDEO = 55
  SE_ERR_DDEBUSY = 30
  FindExecutable = GuessStringType(FindExecutableA, FindExecutab...
  CommandLineToArgv = GuessStringType(CommandLineToArgvA, Comman...
  CSIDL_COMMON_MUSIC = 53
  CSIDL_COOKIES = 33
  CSIDL_COMMON_PROGRAMS = 23
  CSIDL_COMMON_STARTMENU = 22
  CSIDL_NETWORK = 18
  SHGetFolderPath = DefaultStringType(SHGetFolderPathA, SHGetFol...
  SEE_MASK_CONNECTNETDRV = 128
  CSIDL_PROGRAM_FILES_COMMON = 43
  CSIDL_MYMUSIC = 13
  CSIDL_COMMON_ALTSTARTUP = 30
  CSIDL_SYSTEMX86 = 41
  CSIDL_INTERNET_CACHE = 32
  CSIDL_TEMPLATES = 21
  OS_WIN95_GOLD = 16
  OS_TERMINALSERVER = 24
  PathRemoveBackslash = GuessStringType(PathRemoveBackslashA, Pa...
  OS_NT4ORGREATER = 3
  OS_WIN2000DATACENTER = 11
  OS_DOMAINMEMBER = 28
  OS_WOW6432 = 30
  OS_WELCOMELOGONUI = 27
  PathUnExpandEnvStrings = GuessStringType(PathUnExpandEnvString...
  OS_WEBSERVER = 31
  PathIsDirectory = GuessStringType(PathIsDirectoryA, PathIsDire...
  PathFindExtension = GuessStringType(PathFindExtensionA, PathFi...
  PathRelativePathTo = GuessStringType(PathRelativePathToA, Path...
  PathAddExtension = GuessStringType(PathAddExtensionA, PathAddE...
  OS_XPORGREATER = 18
  PathIsRoot = GuessStringType(PathIsRootA, PathIsRootW)
  PathFindNextComponent = GuessStringType(PathFindNextComponentA...
  OS_WIN2000PRO = 8
  OS_ANYSERVER = 29
  PathRemoveExtension = GuessStringType(PathRemoveExtensionA, Pa...
  OS_APPLIANCE = 36
  OS_HOME = 19
  PathRemoveArgs = GuessStringType(PathRemoveArgsA, PathRemoveAr...
  OS_FASTUSERSWITCHING = 26
  OS_PROFESSIONAL = 20
  OS_WIN2000TERMINAL = 12
  OS_TERMINALCLIENT = 14
  OS_TABLETPC = 33
  PathFileExists = GuessStringType(PathFileExistsA, PathFileExis...
  OS_PERSONALTERMINALSERVER = 25
  PathMakePretty = GuessStringType(PathMakePrettyA, PathMakePret...
  OS_MEORGREATER = 17
  OS_SERVERADMINUI = 34
  OS_WIN2000ADVSERVER = 10
  PathIsNetworkPath = GuessStringType(PathIsNetworkPathA, PathIs...
  OS_WIN2000ORGREATER = 7
  PathCombine = GuessStringType(PathCombineA, PathCombineW)
  OS_DATACENTER = 21
  PathIsSameRoot = GuessStringType(PathIsSameRootA, PathIsSameRo...
  PathAddBackslash = GuessStringType(PathAddBackslashA, PathAddB...
  PathRenameExtension = GuessStringType(PathRenameExtensionA, Pa...
  OS_WIN2000SERVER = 9
  OS_MEDIACENTER = 35
  PathRemoveFileSpec = GuessStringType(PathRemoveFileSpecA, Path...
  PathIsUNC = GuessStringType(PathIsUNCA, PathIsUNCW)
  PathIsDirectoryEmpty = GuessStringType(PathIsDirectoryEmptyA, ...
  OS_SMALLBUSINESSSERVER = 32
  OS_TERMINALREMOTEADMIN = 15
  PathFindFileName = GuessStringType(PathFindFileNameA, PathFind...
  PathCanonicalize = GuessStringType(PathCanonicalizeA, PathCano...
  OS_WIN95ORGREATER = 2
  PathFindOnPath = GuessStringType(PathFindOnPathA, PathFindOnPa...
  PathIsContentType = GuessStringType(PathIsContentTypeA, PathIs...
  PathIsRelative = GuessStringType(PathIsRelativeA, PathIsRelati...
  OS_ADVSERVER = 22
  OS_WIN98_GOLD = 6
  OS_WIN98ORGREATER = 5
  OS_EMBEDDED = 13
  PathAppend = GuessStringType(PathAppendA, PathAppendW)
  OS_WINDOWS = 0
  PathGetArgs = GuessStringType(PathGetArgsA, PathGetArgsW)
  OS_SERVER = 23
  GetMappedFileName = GuessStringType(GetMappedFileNameA, GetMap...
  GetModuleFileNameEx = GuessStringType(GetModuleFileNameExA, Ge...
  GetDeviceDriverBaseName = GuessStringType(GetDeviceDriverBaseN...
  GetProcessImageFileName = GuessStringType(GetProcessImageFileN...
  LIST_MODULES_64BIT = 2
  LIST_MODULES_ALL = 3
  LIST_MODULES_32BIT = 1
  GetDeviceDriverFileName = GuessStringType(GetDeviceDriverFileN...
  LIST_MODULES_DEFAULT = 0
  SLE_ERROR = 1
  THREAD_BASE_PRIORITY_LOWRT = 15
  DBG_REPLY_LATER = 1073807361
  CONTEXT_FULL = 65543
  EXCEPTION_FLT_UNDERFLOW = 3221225619
  OpenFileMapping = GuessStringType(OpenFileMappingA, OpenFileMa...
  SYMOPT_FAVOR_COMPRESSED = 8388608
  STATUS_PENDING = 259
  SYMOPT_NO_IMAGE_SEARCH = 131072
  ARCH_AMD64 = 'amd64'
  OS_WINDOWS_2008_64 = 'Windows 2008 (64 bits)'
  VFT_DRV = 3
  PAGE_EXECUTE_READ = 32
  SEC_COMMIT = 134217728
  NTDDI_WIN7SP1 = 100729088
  ProcThreadAttributeGroupAffinity = 3
  SM_CARETBLINKINGENABLED = 8194
  SM_YVIRTUALSCREEN = 77
  EXCEPTION_ARRAY_BOUNDS_EXCEEDED = 3221225612
  SymLoadModule = GuessStringType(SymLoadModuleA, SymLoadModuleW)
  SEMAPHORE_MODIFY_STATE = 2
  PAGE_WRITECOPY = 8
  EXCEPTION_BREAKPOINT = 2147483651
  SymCoff = 1
  STACK_SIZE_PARAM_IS_A_RESERVATION = 65536
  SYMOPT_NO_PUBLICS = 32768
  SEM_NOOPENFILEERRORBOX = 2048
  MAXINTATOM = 49152
  Wow64GetThreadContext
  COMMON_LVB_LEADING_BYTE = 256
  OS_SEVEN = 'Windows 7'
  SM_CXDLGFRAME = 7
  DEBUG_PROCESS = 1
  OS_W2K3_64 = 'Windows 2003 (64 bits)'
  SM_ARRANGE = 56
  PROCESS_ALL_ACCESS_VISTA = 2097151
  VFT2_DRV_DISPLAY = 4
  WOW64_CONTEXT_CONTROL
  VER_SUITE_BACKOFFICE = 4
  LPXMM_SAVE_AREA32
  STATUS_STACK_OVERFLOW = 3221225725
  MEM_4MB_PAGES = 2147483648
  VER_SUITE_DATACENTER = 128
  arch = 'amd64'
  Wow64GetThreadSelectorEntry
  OS_WINDOWS_2003_R2_64 = 'Windows 2003 R2 (64 bits)'
  GR_USEROBJECTS = 1
  PWOW64_FLOATING_SAVE_AREA
  VOS_NT_WINDOWS32 = 262148
  PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY = 31
  ARCH_SHX = 'shx'
  OS_WINDOWS_XP_64 = 'Windows XP (64 bits)'
  OS_WINDOWS_NT = 'Windows NT'
  SymExport = 4
  THREAD_SUSPEND_RESUME = 2
  SM_REMOTESESSION = 4096
  ARCH_POWERPC = 'ppc'
  COMMON_LVB_UNDERSCORE = 32768
  VOS__PM16 = 2
  EXCEPTION_FLT_INEXACT_RESULT = 3221225615
  FILE_SHARE_READ = 1
  PROCESSOR_SHx_SH3 = 103
  PROCESSOR_SHx_SH4 = 104
  VER_LESS_EQUAL = 5
  INHERIT_PARENT_AFFINITY = 65536
  FOREGROUND_BLACK = 0
  PRODUCT_ENTERPRISE_SERVER = 10
  VER_SUITE_STORAGE_SERVER = 8192
  CREATE_NEW_CONSOLE = 16
  SYMOPT_INCLUDE_32BIT_MODULES = 8192
  HEAP_ZERO_MEMORY = 8
  FOREGROUND_RED = 4
  SM_CYKANJIWINDOW = 18
  STATUS_UNWIND_CONSOLIDATE = 2147483689
  SM_CYVIRTUALSCREEN = 79
  PROCESSOR_ARM_7TDMI = 70001
  PROCESSOR_INTEL_386 = 386
  SYMOPT_FAIL_CRITICAL_ERRORS = 512
  SM_CYMINTRACK = 35
  SYMOPT_LOAD_ANYTHING = 64
  SM_CYMAXTRACK = 60
  OS_VISTA_64 = 'Windows Vista (64 bits)'
  OS_WINDOWS_VISTA_64 = 'Windows Vista (64 bits)'
  THREAD_GET_CONTEXT = 8
  PROCESS_NAME_NATIVE = 1
  LOAD_LIBRARY_AS_DATAFILE = 2
  STATUS_PRIVILEGED_INSTRUCTION = 3221225622
  MEM_RESET = 524288
  NTDDI_WINXPSP1 = 83951872
  EXCEPTION_FLT_INVALID_OPERATION = 3221225616
  NTDDI_WINXPSP3 = 83952384
  NTDDI_WINXPSP2 = 83952128
  VER_SUITE_ENTERPRISE = 2
  AddrModeReal = 2
  PROCESSOR_AMD_X8664 = 8664
  FILE_ATTRIBUTE_ARCHIVE = 32
  OutputDebugString = GuessStringType(OutputDebugStringA, Output...
  VOLUME_NAME_NT = 2
  PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE = 1
  PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE = 4
  SM_CYDOUBLECLK = 37
  QueryFullProcessImageName = GuessStringType(QueryFullProcessIm...
  UNDNAME_32_BIT_DECODE = 2048
  SM_CYVSCROLL = 20
  AddrModeFlat = 3
  STD_INPUT_HANDLE = 4294967286
  TH32CS_SNAPALL = 15
  CREATE_DEFAULT_ERROR_MODE = 67108864
  WAIT_FAILED = -1
  PRODUCT_ULTIMATE = 1
  ARCH_ARM = 'arm'
  ARCH_THUMB = 'thumb'
  FORMAT_MESSAGE_ALLOCATE_BUFFER = 256
  PROCESSOR_ARCHITECTURE_ARM = 5
  EXCEPTION_PRIV_INSTRUCTION = 3221225622
  NTDDI_VERSION = 100729088
  PRODUCT_HOME_PREMIUM_E = 68
  EXCEPTION_DATATYPE_MISALIGNMENT = 2147483650
  LEGACY_SAVE_AREA_LENGTH
  HIGH_PRIORITY_CLASS = 128
  SYMOPT_ALLOW_ABSOLUTE_SYMBOLS = 2048
  ARCH_SPARC = 'sparc'
  PRODUCT_HOME_PREMIUM = 3
  STATUS_FLOAT_MULTIPLE_FAULTS = 3221226164
  NORMAL_PRIORITY_CLASS = 32
  SYMOPT_IGNORE_IMAGEDIR = 2097152
  ARCH_AARCH32 = 'arm'
  SYMOPT_NO_UNQUALIFIED_LOADS = 256
  OS_VISTA = 'Windows Vista'
  GetLogicalDriveStrings = GuessStringType(GetLogicalDriveString...
  PRODUCT_DATACENTER_SERVER = 8
  PWOW64_CONTEXT
  MEM_MAPPED = 262144
  WOW64_LDT_ENTRY
  ARCH_X86 = 'i386'
  ARCH_X64 = 'amd64'
  SymSetSearchPath = GuessStringType(SymSetSearchPathA, SymSetSe...
  TH32CS_SNAPMODULE = 8
  VER_GREATER_EQUAL = 3
  GENERIC_ALL = 268435456
  GetProcAddress = GuessStringType(GetProcAddressA, GetProcAddre...
  STATUS_SXS_EARLY_DEACTIVATION = 3222601743
  MEM_PRIVATE = 131072
  PRODUCT_STANDARD_SERVER_CORE = 13
  SM_CXDOUBLECLK = 36
  STATUS_INVALID_HANDLE = 3221225480
  BACKGROUND_CYAN = 48
  ARCH_ITANIUM = 'ia64'
  THREAD_PRIORITY_TIME_CRITICAL = 15
  SECTION_QUERY = 1
  MS_VC_EXCEPTION = 1080890248
  PROCESS_CREATE_PROCESS = 128
  SM_MENUDROPALIGNMENT = 40
  SEC_IMAGE = 16777216
  VOLUME_NAME_DOS = 0
  PRODUCT_WEB_SERVER = 17
  SM_CXMENUCHECK = 71
  NTDDI_LONGHORN = 100663296
  BACKGROUND_INTENSITY = 128
  CREATE_IGNORE_SYSTEM_DEFAULT = 2147483648
  psyco
  SYMOPT_NO_PROMPTS = 524288
  SM_MOUSEHORIZONTALWHEELPRESENT = 91
  SymNone = 0
  STATUS_NONCONTINUABLE_EXCEPTION = 3221225509
  Wow64ResumeThread
  UnDecorateSymbolName = GuessStringType(UnDecorateSymbolNameA, ...
  PROC_THREAD_ATTRIBUTE_NUMBER = 65535
  VER_SUITE_PERSONAL = 512
  WAIT_OBJECT_0 = 0
  GENERIC_READ = 2147483648
  INITIAL_MXCSR
  OpenEvent = GuessStringType(OpenEventA, OpenEventW)
  UNDNAME_NO_MS_THISTYPE = 32
  SEC_NOCACHE = 268435456
  _LDT_ENTRY_HIGHWORD_
  SM_CXMIN = 28
  IMAGE_FILE_MACHINE_AMD64 = 34404
  VOS__PM32 = 3
  NTDDI_WINXP = 83951616
  BACKGROUND_MASK = 240
  SymGetModuleInfo64 = GuessStringType(SymGetModuleInfo64A, SymG...
  OS_XP_64 = 'Windows XP (64 bits)'
  PRODUCT_ENTERPRISE = 4
  VOS__WINDOWS32 = 4
  OS_W2K8_64 = 'Windows 2008 (64 bits)'
  SymPdb = 3
  DBG_EXCEPTION_NOT_HANDLED = 2147549185
  PROCESSOR_HITACHI_SH3E = 10004
  SM_CXSMICON = 49
  MEM_IMAGE = 16777216
  UNDNAME_NO_MEMBER_TYPE = 512
  THREAD_PRIORITY_ERROR_RETURN = 4294967295
  PROC_THREAD_ATTRIBUTE_ADDITIVE = 262144
  PROCESSOR_ARCHITECTURE_AMD64 = 9
  EXCEPTION_INVALID_HANDLE = 3221225480
  FOREGROUND_YELLOW = 6
  STATUS_SINGLE_STEP = 2147483652
  ContextArchMask = 268369920
  PROCESSOR_ARCHITECTURE_INTEL = 0
  PAGE_EXECUTE = 16
  CONTROL_C_EXIT = 3221225786
  ABOVE_NORMAL_PRIORITY_CLASS = 32768
  VFT2_DRV_COMM = 10
  PRODUCT_DATACENTER_SERVER_CORE_V = 39
  FILE_ATTRIBUTE_SYSTEM = 4
  VER_SUITE_TERMINAL = 16
  PRODUCT_STORAGE_EXPRESS_SERVER = 20
  VER_LESS = 4
  CONTEXT_CONTROL = 65537
  PAGE_EXECUTE_WRITECOPY = 128
  SM_CXSCREEN = 0
  CREATE_SEPARATE_WOW_VDM = 2048
  DBG_PRINTEXCEPTION_C = 1073807366
  OS_NT = 'Windows NT'
  CREATE_THREAD_DEBUG_EVENT = 2
  VER_GREATER = 2
  PRODUCT_STANDARD_SERVER_V = 36
  PROCESSOR_ARCHITECTURE_ALPHA = 2
  GlobalFindAtom = GuessStringType(GlobalFindAtomA, GlobalFindAt...
  CONTEXT_i386 = 65536
  STATUS_INTEGER_OVERFLOW = 3221225621
  VFT_STATIC_LIB = 7
  CONTEXT_EXCEPTION_REQUEST
  SECTION_MAP_READ = 4
  SECTION_MAP_EXECUTE = 8
  EVENT_ALL_ACCESS = 2031619
  VS_FF_INFOINFERRED = 16
  FILE_SHARE_DELETE = 4
  SM_CXFULLSCREEN = 16
  CREATE_BREAKAWAY_FROM_JOB = 16777216
  VS_FF_PATCHED = 4
  VFT2_FONT_TRUETYPE = 3
  CONTEXT_EXCEPTION_ACTIVE
  PROCESS_QUERY_LIMITED_INFORMATION = 4096
  SM_CYCAPTION = 4
  STATUS_FLOAT_INVALID_OPERATION = 3221225616
  NTDDI_WIN8 = 100794368
  NTDDI_WIN7 = 100728832
  OS_WINDOWS_2008_R2_64 = 'Windows 2008 R2 (64 bits)'
  SM_CLEANBOOT = 67
  CreateFileMapping = GuessStringType(CreateFileMappingA, Create...
  FILE_FLAG_SEQUENTIAL_SCAN = 134217728
  ProcThreadAttributeMax = 8
  EXCEPTION_WX86_BREAKPOINT = 1073741855
  SECTION_EXTEND_SIZE = 16
  AddrMode1632 = 1
  THREAD_ALL_ACCESS_VISTA = 2097151
  PROCESS_VM_READ = 16
  VER_SUITE_WH_SERVER = 32768
  OS_WINDOWS_2003_R2 = 'Windows 2003 R2'
  FOREGROUND_CYAN = 3
  SymGetModuleInfo = GuessStringType(SymGetModuleInfoA, SymGetMo...
  UNDNAME_NO_ACCESS_SPECIFIERS = 128
  SM_CXICONSPACING = 38
  SEMAPHORE_ALL_ACCESS = 2031619
  PROCESSOR_INTEL_486 = 486
  ARCH_UNKNOWN = 'unknown'
  MEM_RELEASE = 32768
  INHERIT_CALLER_PRIORITY = 131072
  CreateFile = GuessStringType(CreateFileA, CreateFileW)
  VFT2_FONT_VECTOR = 2
  VFT2_DRV_LANGUAGE = 3
  PROCESSOR_ARM820 = 2080
  VS_FF_SPECIALBUILD = 32
  SM_SWAPBUTTON = 23
  SM_CYMINSPACING = 48
  SM_XVIRTUALSCREEN = 76
  PROCESSOR_STRONGARM = 2577
  VFT2_UNKNOWN = 0
  OS_WINDOWS_2003_64 = 'Windows 2003 (64 bits)'
  THREAD_PRIORITY_BELOW_NORMAL = -1
  PROCESSOR_ARCHITECTURE_PPC = 3
  PRODUCT_PROFESSIONAL = 48
  EXCEPTION_ACCESS_VIOLATION = 3221225477
  ATTACH_PARENT_PROCESS = 4294967295
  VER_SUITE_SINGLEUSERTS = 256
  EXIT_THREAD_DEBUG_EVENT = 4
  VOS_OS232 = 196608
  VER_OR = 7
  hdSym = 1
  FOREGROUND_GREEN = 2
  SM_SHUTTINGDOWN = 8192
  PAGE_READWRITE = 4
  MAXIMUM_SUSPEND_COUNT = 127
  STATUS_TIMEOUT = 258
  MEM_TOP_DOWN = 1048576
  PXMM_SAVE_AREA32
  SYMOPT_LOAD_LINES = 16
  CONTEXT_i486 = 65536
  MUTEX_MODIFY_STATE = 1
  THREAD_SET_LIMITED_INFORMATION = 1024
  FILE_ATTRIBUTE_READONLY = 1
  MEM_COMMIT = 4096
  PROCESSOR_OPTIL = 18767
  STATUS_WX86_BREAKPOINT = 1073741855
  SM_CXMENUSIZE = 54
  ACCESS_VIOLATION_TYPE_WRITE = 1
  PAGE_EXECUTE_READWRITE = 64
  CTRL_SHUTDOWN_EVENT = 6
  bits = 32
  CONTEXT_MMX_REGISTERS
  FORMAT_MESSAGE_FROM_SYSTEM = 4096
  VER_SUITE_SMALLBUSINESS_RESTRICTED = 32
  DUPLICATE_CLOSE_SOURCE = 1
  wow64 = True
  PROCESSOR_ARCHITECTURE_SHX = 4
  THREAD_IMPERSONATE = 256
  WOW64_CONTEXT_i486
  SYMOPT_IGNORE_NT_SYMPATH = 4096
  VOS__WINDOWS16 = 1
  SM_CXEDGE = 45
  SymDia = 7
  OS_W2K3R2 = 'Windows 2003 R2'
  STATUS_FLOAT_DIVIDE_BY_ZERO = 3221225614
  NTDDI_WS03SP2 = 84017664
  NTDDI_WS03SP1 = 84017408
  PROCESS_TERMINATE = 1
  SM_CYMINIMIZED = 58
  DBG_COMMAND_EXCEPTION = 1073807369
  PRODUCT_SERVER_FOR_SMALLBUSINESS_V = 35
  PRODUCT_HOME_BASIC = 2
  SM_CYSCREEN = 1
  WOW64_FLOATING_SAVE_AREA
  STATUS_POSSIBLE_DEADLOCK = 3221225876
  ACCESS_VIOLATION_TYPE_READ = 0
  ProcThreadAttributeIdealProcessor = 5
  EXCEPTION_INVALID_DISPOSITION = 3221225510
  SM_CYBORDER = 6
  PRODUCT_ENTERPRISE_SERVER_CORE_V = 41
  CREATE_UNICODE_ENVIRONMENT = 1024
  STATUS_IN_PAGE_ERROR = 3221225478
  VER_NT_DOMAIN_CONTROLLER = 2
  OS_W2K3R2_64 = 'Windows 2003 R2 (64 bits)'
  GlobalGetAtomName = GuessStringType(GlobalGetAtomNameA, Global...
  SYMOPT_FLAT_DIRECTORY = 4194304
  GR_GDIOBJECTS = 0
  THREAD_TERMINATE = 1
  WINVER = 1537
  OPEN_EXISTING = 3
  WOW64_CONTEXT_SEGMENTS
  FILE_MAP_READ = 4
  VER_PLATFORM_WIN32_WINDOWS = 1
  GetVersionEx = GuessStringType(GetVersionExA, GetVersionExW)
  THREAD_QUERY_INFORMATION = 64
  FOREGROUND_GREY = 7
  UNDNAME_NO_CV_THISTYPE = 64
  MAX_SYM_NAME = 2000
  EVENT_MODIFY_STATE = 2
  _DEBUG_EVENT_UNION_
  PROC_THREAD_ATTRIBUTE_EXTENDED_FLAGS = 393217
  SM_CXBORDER = 5
  NTDDI_WIN2KSP4 = 83887104
  TH32CS_INHERIT = 2147483648
  NTDDI_WIN2KSP2 = 83886592
  NTDDI_WIN2KSP3 = 83886848
  NTDDI_WIN2KSP1 = 83886336
  LOAD_WITH_ALTERED_SEARCH_PATH = 8
  PROCESS_ALL_ACCESS_NT = 2035711
  HEAP_NO_SERIALIZE = 1
  SM_MOUSEWHEELPRESENT = 75
  SM_CXMAXTRACK = 59
  STATUS_FLOAT_INEXACT_RESULT = 3221225615
  FILE_FLAG_DELETE_ON_CLOSE = 67108864
  EXCEPTION_FLT_STACK_CHECK = 3221225618
  PRODUCT_BUSINESS = 6
  _LDT_ENTRY_BITS_
  SM_SERVERR2 = 89
  VER_SERVICEPACKMAJOR = 32
  OS_SEVEN_64 = 'Windows 7 (64 bits)'
  WOW64_CONTEXT_ALL
  SM_CYMENUSIZE = 55
  GENERIC_WRITE = 1073741824
  VFT_RESERVED = 6
  HEAP_GENERATE_EXCEPTIONS = 4
  EXCEPTION_NONCONTINUABLE_EXCEPTION = 3221225509
  SM_DBCSENABLED = 42
  PROC_THREAD_ATTRIBUTE_PARENT_PROCESS = 131072
  UNDNAME_NO_ALLOCATION_LANGUAGE = 16
  DBG_TERMINATE_PROCESS = 1073807364
  SM_CXPADDEDBORDER = 92
  SYMOPT_UNDNAME = 2
  FILE_FLAG_WRITE_THROUGH = 2147483648
  CREATE_SHARED_WOW_VDM = 4096
  GetDllDirectory = GuessStringType(GetDllDirectoryA, GetDllDire...
  EXTENDED_STARTUPINFO_PRESENT = 524288
  EXCEPTION_READ_FAULT = 0
  FILE_MAP_COPY = 1
  THREAD_PRIORITY_ABOVE_NORMAL = 1
  CREATE_FORCEDOS = 8192
  AddrMode1616 = 0
  TH32CS_SNAPPROCESS = 2
  SM_CXMINTRACK = 34
  FOREGROUND_BLUE = 1
  DBG_APP_NOT_IDLE = 3221291010
  PRODUCT_DATACENTER_SERVER_V = 37
  PROC_THREAD_ATTRIBUTE_PREFERRED_NODE = 131076
  VFT_UNKNOWN = 0
  FILE_MAP_EXECUTE = 32
  SM_CXDRAG = 68
  EXCEPTION_GUARD_PAGE = 2147483649
  STATUS_FLOAT_OVERFLOW = 3221225617
  CTRL_LOGOFF_EVENT = 5
  SM_PENWINDOWS = 41
  VER_PLATFORM_WIN32_NT = 2
  SM_CYMAXIMIZED = 62
  VER_NT_SERVER = 3
  GENERIC_EXECUTE = 536870912
  PROCESS_DEP_ENABLE = 1
  hdBase = 0
  PROCESSOR_ARCHITECTURE_MIPS = 1
  DBG_UNABLE_TO_PROVIDE_HANDLE = 1073807362
  SM_CYVTHUMB = 9
  STATUS_DATATYPE_MISALIGNMENT = 2147483650
  ARCH_PPC = 'ppc'
  CTRL_CLOSE_EVENT = 2
  FILE_MAP_ALL_ACCESS = 983071
  PRODUCT_SMALLBUSINESS_SERVER = 9
  CREATE_NEW = 1
  PRODUCT_HYPERV = 42
  ARCH_ARM64 = 'arm64'
  STATUS_CONTROL_C_EXIT = 3221225786
  PAGE_NOCACHE = 512
  SM_CYEDGE = 46
  VER_SUITE_COMPUTE_SERVER = 16384
  BELOW_NORMAL_PRIORITY_CLASS = 16384
  OS_WINDOWS_VISTA = 'Windows Vista'
  CONTEXT_AMD64
  CREATE_NEW_PROCESS_GROUP = 512
  UNDNAME_NO_SPECIAL_SYMS = 16384
  PRODUCT_STORAGE_WORKGROUP_SERVER = 22
  SM_CYDLGFRAME = 8
  STATUS_ILLEGAL_INSTRUCTION = 3221225501
  SYMOPT_CASE_INSENSITIVE = 1
  NTDDI_WS03 = 84017152
  NTDDI_WS08 = 100663552
  THREAD_BASE_PRIORITY_MIN = -2
  EXCEPTION_DEBUG_EVENT = 1
  SM_CXSMSIZE = 52
  SIZE_OF_80387_REGISTERS = 80
  CONTEXT_ALL = 65599
  VER_SUITE_BLADE = 1024
  VOS_OS216_PM16 = 131074
  SM_IMMENABLED = 82
  STILL_ACTIVE = 259
  CREATE_PROCESS_DEBUG_EVENT = 3
  NTDDI_VISTA = 100663296
  PROCESSOR_PPC_620 = 620
  DBG_NO_STATE_CHANGE = 3221291009
  NumSymTypes = 9
  PROCESS_DUP_HANDLE = 64
  GlobalAddAtom = GuessStringType(GlobalAddAtomA, GlobalAddAtomW)
  BACKGROUND_GREY = 112
  VFT2_DRV_KEYBOARD = 2
  WOW64_CS32
  VOS_NT = 262144
  EXCEPTION_FLT_DENORMAL_OPERAND = 3221225613
  SM_CYFRAME = 33
  COMMON_LVB_REVERSE_VIDEO = 16384
  NTDDI_WIN2K = 83886080
  PROCESSOR_ALPHA_21064 = 21064
  CreateEvent = GuessStringType(CreateEventA, CreateEventW)
  PRODUCT_ENTERPRISE_SERVER_CORE = 14
  STATUS_ARRAY_BOUNDS_EXCEEDED = 3221225612
  THREAD_DIRECT_IMPERSONATION = 512
  PRODUCT_STORAGE_ENTERPRISE_SERVER = 23
  ARCH_HITACHI = 'shx'
  WOW64_CONTEXT_EXTENDED_REGISTERS
  CONTEXT_SEGMENTS = 65540
  DBG_EXCEPTION_HANDLED = 65537
  ARCH_ALPHA64 = 'alpha64'
  THREAD_ALL_ACCESS_NT = 2032639
  OSVERSION_MASK = 4294901760
  SM_CXFOCUSBORDER = 83
  STATUS_WAIT_0 = 0
  ProcThreadAttributeHandleList = 2
  EXCEPTION_INT_DIVIDE_BY_ZERO = 3221225620
  SymEnumerateModules = GuessStringType(SymEnumerateModulesA, Sy...
  ProcThreadAttributeExtendedFlags = 1
  SUBVERSION_MASK = 255
  SM_CYSMICON = 50
  VS_FF_PRERELEASE = 2
  SLE_MINORERROR = 2
  CONTEXT_EXTENDED_REGISTERS = 65568
  THREAD_SET_THREAD_TOKEN = 128
  SymGetSearchPath = GuessStringType(SymGetSearchPathA, SymGetSe...
  SM_RESERVED4 = 27
  SM_RESERVED1 = 24
  SM_RESERVED3 = 26
  SM_RESERVED2 = 25
  OS_WINDOWS_2008_R2 = 'Windows 2008 R2'
  BACKGROUND_MAGENTA = 80
  PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE = 2
  EXCEPTION_EXECUTE_FAULT = 8
  FILE_ATTRIBUTE_DEVICE = 64
  VFT2_DRV_SYSTEM = 7
  FILE_ATTRIBUTE_HIDDEN = 2
  ProcThreadAttributePreferredNode = 4
  SM_MOUSEPRESENT = 19
  EXCEPTION_SINGLE_STEP = 2147483652
  ARCH_MIPS = 'mips'
  PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 = 10
  SM_CXVSCROLL = 2
  PROFILE_KERNEL = 536870912
  SM_SLOWMACHINE = 73
  SECTION_MAP_WRITE = 2
  VOS_OS232_PM32 = 196611
  PROCESSOR_ARCHITECTURE_IA64 = 6
  STATUS_INTEGER_DIVIDE_BY_ZERO = 3221225620
  PRODUCT_PROFESSIONAL_E = 69
  PRODUCT_PROFESSIONAL_N = 49
  VOS_UNKNOWN = 0
  DUPLICATE_SAME_ACCESS = 2
  STATUS_FLOAT_STACK_CHECK = 3221225618
  PROC_THREAD_ATTRIBUTE_HANDLE_LIST = 131074
  VFT2_DRV_NETWORK = 6
  SM_CYSMSIZE = 53
  STATUS_ABANDONED_WAIT_0 = 128
  VER_MINORVERSION = 1
  PROCESSOR_MIPS_R4000 = 4000
  STATUS_GUARD_PAGE_VIOLATION = 2147483649
  SM_CYSIZEFRAME = 33
  CONTEXT_SERVICE_ACTIVE
  SymSym = 6
  VER_PLATFORMID = 8
  VER_NT_WORKSTATION = 1
  MAXIMUM_WAIT_OBJECTS = 64
  COMMON_LVB_GRID_HORIZONTAL = 1024
  ProcThreadAttributeUmsThread = 6
  LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE = 64
  TH32CS_SNAPTHREAD = 4
  CreateProcess = GuessStringType(CreateProcessA, CreateProcessW)
  SM_REMOTECONTROL = 8193
  PRODUCT_ENTERPRISE_N = 27
  PRODUCT_ENTERPRISE_E = 70
  CREATE_ALWAYS = 2
  PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = 131079
  PROCESS_SET_QUOTA = 256
  VFT2_DRV_MOUSE = 5
  warnings
  PROCESS_MODE_BACKGROUND_BEGIN = 1048576
  MakeSureDirectoryPathExists = GuessStringType(MakeSureDirector...
  FOREGROUND_MASK = 15
  COMMON_LVB_MASK = 65280
  STATUS_SEGMENT_NOTIFICATION = 1073741829
  VFT2_DRV_RESERVED = 11
  SEM_NOGPFAULTERRORBOX = 2
  SM_CXSIZE = 30
  OS_W7_64 = 'Windows 7 (64 bits)'
  STATUS_HEAP_CORRUPTION = 3221226356
  OS_WINDOWS_SEVEN = 'Windows 7'
  MEM_RESERVE = 8192
  VOS_DOS = 65536
  PROCESS_SET_SESSIONID = 4
  STATUS_BREAKPOINT = 2147483651
  OPEN_ALWAYS = 4
  QueryDosDevice = GuessStringType(QueryDosDeviceA, QueryDosDevi...
  FILE_FLAG_OVERLAPPED = 1073741824
  UNDNAME_COMPLETE = 0
  PROCESSOR_PPC_604 = 604
  PROCESSOR_PPC_601 = 601
  PROCESSOR_PPC_603 = 603
  SM_MIDEASTENABLED = 74
  CONTEXT_INTEGER = 65538
  FILE_SHARE_WRITE = 2
  UNDNAME_NO_MS_KEYWORDS = 2
  SYMOPT_PUBLICS_ONLY = 16384
  SymEnumerateModules64 = GuessStringType(SymEnumerateModules64A...
  EXCEPTION_NONCONTINUABLE = 1
  ARCH_MSIL = 'msil'
  UNDNAME_NO_ARGUMENTS = 8192
  SYMOPT_ALLOW_ZERO_ADDRESS = 16777216
  WOW64_CONTEXT_DEBUG_REGISTERS
  PROC_THREAD_ATTRIBUTE_INPUT = 131072
  SYMOPT_OVERWRITE = 1048576
  TIMER_MODIFY_STATE = 2
  PRODUCT_STANDARD_SERVER_CORE_V = 40
  VER_PLATFORM_WIN32s = 0
  SM_CYDRAG = 69
  ARCH_IA64 = 'ia64'
  PWOW64_LDT_ENTRY
  CONTEXT_EXCEPTION_REPORTING
  XMM_SAVE_AREA32
  THREAD_PRIORITY_NORMAL = 0
  THREAD_ALL_ACCESS = 2097151
  PRODUCT_ULTIMATE_N = 28
  PRODUCT_ULTIMATE_E = 71
  PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY = 196611
  PROCESSOR_ARM920 = 2336
  SM_TABLETPC = 86
  PROCESS_SET_INFORMATION = 512
  TH32CS_SNAPHEAPLIST = 1
  SymDeferred = 5
  SM_CXICON = 11
  SM_CMONITORS = 80
  DBG_RIPEXCEPTION = 1073807367
  PROCESS_ALL_ACCESS = 2097151
  DETACHED_PROCESS = 8
  LoadLibraryEx = GuessStringType(LoadLibraryExA, LoadLibraryExW)
  SM_CYMIN = 29
  GetTempPath = GuessStringType(GetTempPathA, GetTempPathW)
  PRODUCT_ENTERPRISE_SERVER_IA64 = 15
  GetFinalPathNameByHandle = GuessStringType(GetFinalPathNameByH...
  FILE_NAME_NORMALIZED = 0
  SEC_FILE = 8388608
  DBG_CONTROL_C = 1073807365
  UNLOAD_DLL_DEBUG_EVENT = 7
  SEC_LARGE_PAGES = 2147483648
  PRODUCT_STARTER = 11
  EXCEPTION_FLT_DIVIDE_BY_ZERO = 3221225614
  EXCEPTION_INT_OVERFLOW = 3221225621
  THREAD_PRIORITY_HIGHEST = 2
  WOW64_CONTEXT_FULL
  SymVirtual = 8
  SYMOPT_DEBUG = 2147483648
  VER_EQUAL = 1
  STATUS_ACCESS_VIOLATION = 3221225477
  OS_WINDOWS_SEVEN_64 = 'Windows 7 (64 bits)'
  PAGE_GUARD = 256
  EXCEPTION_WRITE_FAULT = 1
  DEBUG_ONLY_THIS_PROCESS = 2
  SPVERSION_MASK = 65280
  ProcThreadAttributeParentProcess = 0
  SM_SECURE = 44
  ARCH_AARCH64 = 'arm64'
  EXIT_PROCESS_DEBUG_EVENT = 5
  CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 33554432
  COMMON_LVB_TRAILING_BYTE = 512
  THREAD_PRIORITY_IDLE = -15
  PROCESSOR_ARCHITECTURE_SPARC = 20
  WOW64_CONTEXT_i386
  WOW64_CONTEXT_INTEGER
  SYMOPT_DISABLE_SYMSRV_AUTODETECT = 33554432
  EXCEPTION_FLT_OVERFLOW = 3221225617
  VER_PRODUCT_TYPE = 128
  VerQueryValue = GuessStringType(VerQueryValueA, VerQueryValueW)
  STD_OUTPUT_HANDLE = 4294967285
  TIMER_ALL_ACCESS = 2031619
  WOW64_CONTEXT
  Wow64SetThreadContext
  PAGE_READONLY = 2
  EXCEPTION_IN_PAGE_ERROR = 3221225478
  PROCESSOR_ARCHITECTURE_MSIL = 8
  SM_CYFULLSCREEN = 17
  PRODUCT_STORAGE_STANDARD_SERVER = 21
  MEM_PHYSICAL = 4194304
  SM_CYSIZE = 31
  SymEnumerateSymbols64 = GuessStringType(SymEnumerateSymbols64A...
  PRODUCT_DATACENTER_SERVER_CORE = 12
  STATUS_SXS_INVALID_DEACTIVATION = 3222601744
  PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = 2
  SM_CXFRAME = 32
  CreateMutex = GuessStringType(CreateMutexA, CreateMutexW)
  CONTEXT_DEBUG_REGISTERS = 65552
  SM_CXVIRTUALSCREEN = 78
  EXCEPTION_STACK_OVERFLOW = 3221225725
  SM_STARTER = 88
  THREAD_BASE_PRIORITY_IDLE = -15
  UNDNAME_NO_THISTYPE = 96
  SM_CXHSCROLL = 21
  SymSetHomeDirectory = GuessStringType(SymSetHomeDirectoryA, Sy...
  ARCH_ARM7 = 'arm'
  LOAD_LIBRARY_AS_IMAGE_RESOURCE = 32
  PROCESSOR_INTEL_IA64 = 2200
  MEM_FREE = 65536
  SymInitialize = GuessStringType(SymInitializeA, SymInitializeW)
  PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING = 32
  OS_WINDOWS_XP = 'Windows XP'
  ARCH_T32 = 'thumb'
  FILE_FLAG_NO_BUFFERING = 536870912
  VOLUME_NAME_GUID = 1
  DBG_TERMINATE_THREAD = 1073807363
  SEM_FAILCRITICALERRORS = 1
  SYMOPT_NO_CPP = 8
  PROCESSOR_ARCHITECTURE_UNKNOWN = 65535
  BACKGROUND_RED = 64
  STATUS_FLOAT_UNDERFLOW = 3221225619
  SM_CMOUSEBUTTONS = 43
  PAGE_NOACCESS = 1
  BACKGROUND_BLUE = 16
  TIMER_QUERY_STATE = 1
  CONTEXT_FLOATING_POINT = 65544
  HEAP_CREATE_ENABLE_EXECUTE = 262144
  HANDLE_FLAG_INHERIT = 1
  SymCv = 2
  IMAGE_FILE_MACHINE_I386 = 332
  CREATE_SUSPENDED = 4
  MEM_LARGE_PAGES = 536870912
  VFT2_DRV_INSTALLABLE = 8
  MEM_WRITE_WATCH = 2097152
  FOREGROUND_MAGENTA = 5
  LOAD_DLL_DEBUG_EVENT = 6
  PROFILE_SERVER = 1073741824
  PROCESSOR_ARCHITECTURE_ALPHA64 = 7
  VFT2_DRV_SOUND = 9
  THREAD_QUERY_LIMITED_INFORMATION = 2048
  VS_FF_DEBUG = 1
  EXCEPTION_MAXIMUM_PARAMETERS = 15
  DBG_CONTROL_BREAK = 1073807368
  UNDNAME_NO_FUNCTION_RETURNS = 4
  SM_CYSMCAPTION = 51
  SM_SAMEDISPLAYFORMAT = 81
  SymLoadModule64 = GuessStringType(SymLoadModule64A, SymLoadMod...
  NTDDI_WINNT4 = 67108864
  THREAD_PRIORITY_LOWEST = -2
  VOS_DOS_WINDOWS32 = 65540
  PROCESS_VM_WRITE = 32
  SM_CXMAXIMIZED = 61
  UNDNAME_NO_RETURN_UDT_MODEL = 1024
  UNDNAME_NO_LEADING_UNDERSCORES = 1
  GetCurrentDirectory = GuessStringType(GetCurrentDirectoryA, Ge...
  PROCESS_CREATE_THREAD = 2
  STATUS_STACK_BUFFER_OVERRUN = 3221226505
  OS_XP = 'Windows XP'
  SM_CYCURSOR = 14
  FILE_FLAG_RANDOM_ACCESS = 268435456
  STATUS_REG_NAT_CONSUMPTION = 3221226185
  VOLUME_NAME_NONE = 4
  OS_W2K8 = 'Windows 2008'
  OS_W2K3 = 'Windows 2003'
  PROCESSOR_ARM720 = 1824
  WOW64_CONTEXT_FLOATING_POINT
  PROCESS_VM_OPERATION = 8
  SM_CYFOCUSBORDER = 84
  PRODUCT_STANDARD_SERVER = 7
  EXCEPTION_POSSIBLE_DEADLOCK = 3221225876
  PROFILE_USER = 268435456
  VER_SUITE_EMBEDDEDNT = 64
  GetTempFileName = GuessStringType(GetTempFileNameA, GetTempFil...
  GetModuleHandle = GuessStringType(GetModuleHandleA, GetModuleH...
  PRODUCT_HOME_PREMIUM_N = 26
  PAGE_WRITECOMBINE = 1024
  SymGetHomeDirectory = GuessStringType(SymGetHomeDirectoryA, Sy...
  PRODUCT_ENTERPRISE_SERVER_V = 38
  VER_AND = 6
  VFT_APP = 1
  VOS_OS216 = 131072
  COMMON_LVB_GRID_LVERTICAL = 2048
  SM_CYFIXEDFRAME = 8
  SM_NETWORK = 63
  PRODUCT_SERVER_FOR_SMALLBUSINESS = 24
  INITIAL_FPCSR
  VS_FF_PRIVATEBUILD = 8
  VFT_DLL = 2
  ARCH_IA32 = 'i386'
  PRODUCT_UNLICENSED = 2882382797
  RIP_EVENT = 9
  SLE_WARNING = 3
  CREATE_NO_WINDOW = 134217728
  STATUS_INVALID_DISPOSITION = 3221225510
  FILE_MAP_WRITE = 2
  ARCH_I386 = 'i386'
  OUTPUT_DEBUG_STRING_EVENT = 8
  OS_W7 = 'Windows 7'
  ARCH_ALPHA = 'alpha'
  SECTION_ALL_ACCESS = 983071
  PROCESSOR_HITACHI_SH3 = 10003
  PROCESSOR_HITACHI_SH4 = 10005
  VFT_FONT = 4
  DONT_RESOLVE_DLL_REFERENCES = 1
  SEC_RESERVE = 67108864
  MEM_DECOMMIT = 16384
  BACKGROUND_YELLOW = 96
  SM_CXCURSOR = 13
  SM_DEBUG = 22
  SYMOPT_EXACT_SYMBOLS = 1024
  SM_CYICONSPACING = 39
  PROC_THREAD_ATTRIBUTE_THREAD = 65536
  SM_CYICON = 12
  SetDllDirectory = GuessStringType(SetDllDirectoryA, SetDllDire...
  REALTIME_PRIORITY_CLASS = 256
  SM_CXSIZEFRAME = 32
  CTRL_C_EVENT = 0
  MUTEX_ALL_ACCESS = 2031617
  VER_MAJORVERSION = 2
  PRODUCT_BUSINESS_N = 16
  SM_CXMINSPACING = 47
  TRUNCATE_EXISTING = 5
  SM_CXHTHUMB = 10
  VER_SUITE_SMALLBUSINESS = 1
  IMAGE_FILE_MACHINE_IA64 = 512
  PROCESSOR_MOTOROLA_821 = 821
  THREAD_ALERT = 4
  SYMOPT_SECURE = 262144
  IDLE_PRIORITY_CLASS = 64
  PRODUCT_WEB_SERVER_CORE = 29
  SM_CMETRICS = 93
  THREAD_BASE_PRIORITY_MAX = 2
  VFT_VXD = 5
  FILE_ATTRIBUTE_TEMPORARY = 256
  OS_WINDOWS_2008 = 'Windows 2008'
  OS_WINDOWS_2003 = 'Windows 2003'
  OS_WINDOWS_2000 = 'Windows 2000'
  LOAD_IGNORE_CODE_AUTHZ_LEVEL = 16
  STATUS_USER_APC = 192
  THREAD_SET_CONTEXT = 16
  STATUS_FLOAT_MULTIPLE_TRAPS = 3221226165
  PROCESS_MODE_BACKGROUND_END = 2097152
  SM_CXMINIMIZED = 57
  PRODUCT_UNDEFINED = 0
  PRODUCT_STARTER_N = 47
  PRODUCT_STARTER_E = 66
  CTRL_BREAK_EVENT = 1
  WOW64_MAXIMUM_SUPPORTED_EXTENSION
  FILE_ATTRIBUTE_NORMAL = 128
  HANDLE_FLAG_PROTECT_FROM_CLOSE = 2
  _LDT_ENTRY_BYTES_
  SM_CYHSCROLL = 3
  OS_UNKNOWN = 'Unknown'
  SM_CYMENUCHECK = 72
  WRITE_WATCH_FLAG_RESET = 1
  PROCESSOR_INTEL_PENTIUM = 586
  FOREGROUND_INTENSITY = 8
  ACCESS_VIOLATION_TYPE_DEP = 8
  STATUS_INVALID_INFO_CLASS = 3221225475
  SYMOPT_DEFERRED_LOADS = 4
  ProcThreadAttributeMitigationPolicy = 7
  SYMOPT_AUTO_PUBLICS = 65536
  SM_SHOWSOUNDS = 70
  PRODUCT_HOME_BASIC_E = 67
  SymEnumerateSymbols = GuessStringType(SymEnumerateSymbolsA, Sy...
  PRODUCT_HOME_BASIC_N = 5
  SM_CYMENU = 15
  VFT2_DRV_VERSIONED_PRINTER = 12
  PRODUCT_CLUSTER_SERVER = 18
  ARCH_ARM8 = 'arm64'
  DBG_CONTINUE = 65538
  VOS_DOS_WINDOWS16 = 65537
  COMMON_LVB_GRID_RVERTICAL = 4096
  OS_W2K8R2_64 = 'Windows 2008 R2 (64 bits)'
  STATUS_NO_MEMORY = 3221225495
  FILE_NAME_OPENED = 8
  OS_W2K8R2 = 'Windows 2008 R2'
  SM_MEDIACENTER = 87
  VFT2_FONT_RASTER = 1
  PROCESS_QUERY_INFORMATION = 1024
  SECTION_MAP_EXECUTE_EXPLICIT = 32
  PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT = 30
  GetFileVersionInfo = GuessStringType(GetFileVersionInfoA, GetF...
  EXCEPTION_ILLEGAL_INSTRUCTION = 3221225501
  OpenMutex = GuessStringType(OpenMutexA, OpenMutexW)
  hdSrc = 2
  SM_CXFIXEDFRAME = 7
  NTDDI_VISTASP1 = 100663552
  WOW64_SIZE_OF_80387_REGISTERS
  FILE_ATTRIBUTE_DIRECTORY = 16
  VER_SERVICEPACKMINOR = 16
  VFT2_DRV_PRINTER = 1
  SearchPath = GuessStringType(SearchPathA, SearchPathW)
  BACKGROUND_BLACK = 0
  THREAD_SET_INFORMATION = 32
  LoadLibrary = GuessStringType(LoadLibraryA, LoadLibraryW)
  GetFullPathName = GuessStringType(GetFullPathNameA, GetFullPat...
  STD_ERROR_HANDLE = 4294967284
  STATUS_FLOAT_DENORMAL_OPERAND = 3221225613
  SYMOPT_IGNORE_CVREC = 128
  PROCESS_SUSPEND_RESUME = 2048
  PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR = 196613
  UNDNAME_NO_THROW_SIGNATURES = 256
  UNDNAME_NAME_ONLY = 4096
  PRODUCT_SERVER_FOUNDATION = 33
  SEM_NOALIGNMENTFAULTEXCEPT = 4
  VER_SUITENAME = 64
  UNDNAME_NO_ALLOCATION_MODEL = 8
  VER_BUILDNUMBER = 4
  OS_W2K = 'Windows 2000'
  PROC_THREAD_ATTRIBUTE_UMS_THREAD = 196614
  BACKGROUND_GREEN = 32
  MAXIMUM_SUPPORTED_EXTENSION = 512
  CREATE_PROTECTED_PROCESS = 262144
  ERROR_CANNOT_DETECT_PROCESS_ABORT = 1081
  STANDARD_RIGHTS_WRITE = 131072
  ERROR_PROC_NOT_FOUND = 127
  ExceptionContinueSearch = 1
  ERROR_ENVVAR_NOT_FOUND = 203
  FileCompletionInformation = 30
  ProcessDebugPort = 7
  FLG_HEAP_VALIDATE_PARAMETERS = 64
  ERROR_CONTROL_C_EXIT = 572
  ERROR_DBG_REPLY_LATER = 689
  ERROR_CALL_NOT_IMPLEMENTED = 120
  SystemRangeStartInformation = 51
  ERROR_INVALID_PARAMETER = 87
  ANYSIZE_ARRAY = 1
  ImageUsesLargePages = 1
  ERROR_FILE_NOT_FOUND = 2
  ERROR_DBG_CONTROL_BREAK = 696
  ERROR_SERVICE_NEVER_STARTED = 1077
  ERROR_WOW_ASSERTION = 670
  ProcessTimes = 4
  ERROR_NOT_ENOUGH_MEMORY = 8
  FileFullDirectoryInformation = 2
  FLG_HEAP_ENABLE_TAIL_CHECK = 16
  ERROR_DBG_TERMINATE_THREAD = 691
  FLG_ENABLE_HANDLE_TYPE_TAGGING = 16777216
  ERROR_INSUFFICIENT_BUFFER = 122
  DbgSafeThunkCall = 1
  ERROR_HANDLE_DISK_FULL = 39
  ERROR_BAD_LENGTH = 24
  RtlDisableUserStackWalk = 256
  ERROR_SERVICE_DEPENDENCY_FAIL = 1068
  FLG_HEAP_PAGE_ALLOCS = 33554432
  ProcessAccessToken = 9
  FLG_HEAP_ENABLE_CALL_TRACING = 1048576
  ObjectTypeInformation = 2
  FLG_POOL_ENABLE_TAIL_CHECK = 256
  STANDARD_RIGHTS_REQUIRED = 983040
  ThreadPriority = 2
  SystemGlobalFlag = 10
  ERROR_INVALID_ADDRESS = 487
  ProcessImageFileName = 27
  FLG_DISABLE_PAGE_KERNEL_STACKS = 524288
  ERROR_SERVICE_NOT_ACTIVE = 1062
  SystemDebuggerInformation = 36
  FileTrackingInformation = 36
  DbgSuppressDebugMsg = 128
  ProcessUsingVEH = 4
  SystemInfo42 = 43
  SystemBasicInformation = 1
  ProcessBasePriority = 5
  ThreadHideFromDebugger = 17
  ERROR_PARTIAL_COPY = 299
  ObjectNameInformation = 1
  SystemLockInformation = 13
  ERROR_THREAD_NOT_IN_PROCESS = 566
  ProcessVmCounters = 3
  ERROR_DIR_NOT_EMPTY = 145
  FLG_DEBUG_INITIAL_COMMAND = 4
  ProcessUsingFTH = 16
  FileModeInformation = 16
  ERROR_NO_RECOVERY_PROGRAM = 1082
  SysDbgWriteMsr = 17
  IsImageDynamicallyRelocated = 8
  SystemTimeAdjustmentInformation = 29
  ProcessWow64Information = 26
  ExceptionCollidedUnwind = 3
  ThreadIsIoPending = 16
  ProcessWx86Information = 19
  INFINITE = -1
  ThreadSetTlsArrayAddress = 15
  ERROR_DBG_EXCEPTION_HANDLED = 766
  ThreadBasicInformation = 0
  ERROR_MOD_NOT_FOUND = 126
  ThreadEnableAlignmentFaultFixup = 7
  ERROR_SERVICE_START_HANG = 1070
  SystemCreateSession = 48
  FileQuotaInformation = 32
  ERROR_BUFFER_OVERFLOW = 111
  ThreadTimes = 1
  FLG_ENABLE_DBGPRINT_BUFFERING = 134217728
  TRUE = 1
  ERROR_ALREADY_EXISTS = 183
  FLG_EARLY_CRITICAL_SECTION_EVT = 268435456
  ERROR_DIFFERENT_SERVICE_ACCOUNT = 1079
  SkipPatchingUser32Forwarders = 16
  WIN32_VERBOSE_MODE = False
  SystemSessionProcessesInformation = 54
  ExceptionNestedException = 2
  FileAllocationInformation = 19
  ProcessLdtInformation = 10
  SystemCrashDumpStateInformation = 35
  ERROR_INVALID_HANDLE = 6
  ERROR_INVALID_FUNCTION = 1
  SystemInfo10 = 11
  SystemInfo13 = 14
  SystemPrioritySeparationInformation = 40
  ProcessExecuteFlags = 34
  ERROR_BAD_THREADID_ADDR = 159
  FLG_ENABLE_EXCEPTION_LOGGING = 8388608
  SystemSetTimeSlipEvent = 47
  FileDirectoryInformation = 1
  MEM_EXECUTE_OPTION_ENABLE = 1
  ERROR_INVALID_NAME = 123
  SystemUnloadImage = 28
  DELETE = 65536
  FilePipeRemoteInformation = 25
  ProcessQuotaLimits = 1
  MAX_MODULE_NAME32 = 255
  SystemObjectInformation = 18
  FileAlternateNameInformation = 21
  ProcessRaisePriority = 6
  SystemTimeZoneInformation = 45
  SystemLoadDriver = 39
  ERROR_DBG_CONTROL_C = 693
  SystemAddVerifier = 53
  ERROR_SERVICE_EXISTS = 1073
  SystemPagedPoolInformation = 15
  IsLegacyProcess = 4
  ThreadDescriptorTableEntry = 6
  SystemProcessorCounters = 9
  FileEaInformation = 7
  SPECIFIC_RIGHTS_ALL = 65535
  FLG_VALID_BITS = 4194303
  FLG_POOL_ENABLE_TAGGING = 1024
  ERROR_SERVICE_LOGON_FAILED = 1069
  ERROR_PROCESS_ABORTED = 1067
  MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4
  ERROR_DATABASE_DOES_NOT_EXIST = 1065
  ERROR_INVALID_SERVICE_LOCK = 1071
  ThreadZeroTlsCell = 10
  SystemMemoryUsageInformation2 = 30
  ProcessEnableAlignmentFaultFixup = 17
  FileNameInformation = 9
  ProcessHandleCount = 20
  FALSE = 0
  ProcessUsingVCH = 8
  ExceptionContinueExecution = 0
  WinFuncHook
  ERROR_DISK_FULL = 112
  ProcessIoPortHandlers = 13
  FileMailslotQueryInformation = 26
  ERROR_ELEVATION_REQUIRED = 740
  FileAllInformation = 18
  SysDbgReadMsr = 16
  ERROR_SERVICE_DEPENDENCY_DELETED = 1075
  ERROR_DBG_RIPEXCEPTION = 695
  ERROR_DBG_TERMINATE_PROCESS = 692
  STANDARD_RIGHTS_EXECUTE = 131072
  ProcessWorkingSetWatch = 15
  ERROR_DBG_EXCEPTION_NOT_HANDLED = 688
  FLG_DISABLE_DLL_VERIFICATION = 2147483648
  READ_CONTROL = 131072
  SystemRegistryQuotaInformation = 38
  DbgClonedThread = 64
  FLG_HEAP_ENABLE_FREE_CHECK = 32
  ERROR_DBG_PRINTEXCEPTION_C = 694
  ProcessPriorityBoost = 22
  FileInternalInformation = 6
  ERROR_UNHANDLED_EXCEPTION = 574
  FLG_USER_STACK_TRACE_DB = 4096
  ProcessPriorityClass = 18
  ERROR_NOT_SUPPORTED = 50
  FileDispositionInformation = 13
  ERROR_BAD_PATHNAME = 161
  SystemCallInformation = 7
  ERROR_MORE_DATA = 234
  SystemProcessorInformation = 2
  ERROR_ACCESS_DENIED = 5
  SystemMemoryUsageInformation1 = 26
  STANDARD_RIGHTS_ALL = 2031616
  STANDARD_RIGHTS_READ = 131072
  FileAlignmentInformation = 17
  FileInheritContentIndexInformation = 37
  SystemNonPagedPoolInformation = 16
  DbgInDebugPrint = 2
  FileLinkInformation = 11
  MAX_PATH = 260
  MEM_EXECUTE_OPTION_DISABLE = 2
  ERROR_DBG_CONTINUE = 767
  FileStreamInformation = 22
  FileRenameInformation = 10
  ERROR_CIRCULAR_DEPENDENCY = 1059
  ThreadPriorityBoost = 14
  ProcessIoCounters = 2
  FileFullEaInformation = 15
  ERROR_SERVICE_MARKED_FOR_DELETE = 1072
  WRITE_DAC = 262144
  SystemDpcInformation = 25
  FileOleInformation = 39
  SystemTimeInformation = 4
  ERROR_DUPLICATE_SERVICE_NAME = 1078
  ProcessExceptionPort = 8
  ERROR_FILENAME_EXCED_RANGE = 206
  ERROR_BAD_ARGUMENTS = 160
  WRITE_OWNER = 524288
  WinCallHook
  FLG_HEAP_ENABLE_TAGGING = 2048
  FilePipeLocalInformation = 24
  FLG_MAINTAIN_OBJECT_TYPELIST = 16384
  ProcessUserModeIOPL = 16
  ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 1061
  FileMoveClusterInformation = 31
  INVALID_HANDLE_VALUE = 4294967295
  FileMailslotSetInformation = 27
  ERROR_SERVICE_DOES_NOT_EXIST = 1060
  FileStandardInformation = 5
  SystemInfo49 = 50
  ERROR_NO_MORE_FILES = 18
  ERROR_SERVICE_SPECIFIC_ERROR = 1066
  SystemInfo43 = 44
  windll = WinDllHook()
  SystemInfo41 = 42
  SystemInfo40 = 41
  ERROR_HANDLE_EOF = 38
  RtlExceptionAttached = 512
  ProcessInitializing = 2
  ProcessBasicInformation = 0
  ThreadPerformanceCount = 11
  FLG_SHOW_LDR_SNAPS = 2
  ObjectAllTypesInformation = 3
  FLG_HEAP_ENABLE_TAG_BY_DLL = 32768
  ProcessDefaultHardErrorMode = 12
  FileNamesInformation = 12
  ERROR_CANNOT_DETECT_DRIVER_FAILURE = 1080
  DbgRanProcessInit = 32
  RtlInitialThread = 1024
  FLG_STOP_ON_HUNG_GUI = 8
  ERROR_PRIVILEGE_NOT_HELD = 1314
  ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 690
  SystemCrashDumpInformation = 33
  SystemPerformanceInformation = 3
  FLG_KERNEL_STACK_TRACE_DB = 8192
  SYNCHRONIZE = 1048576
  FLG_ENABLE_CLOSE_EXCEPTION = 4194304
  ThreadQuerySetWin32StartAddress = 9
  FileObjectIdInformation = 35
  SystemPathInformation = 5
  ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 1063
  ERROR_NONE_MAPPED = 1332
  HeapTracingEnabled = 1
  FLG_STOP_ON_EXCEPTION = 1
  RPC_S_SERVER_UNAVAILABLE = 1722
  SystemInfo20 = 21
  ThreadAmILastThread = 12
  SystemProcessorStatistics = 24
  ERROR_FILE_EXISTS = 80
  SystemHandleInformation = 17
  SystemDeleteSession = 49
  SystemLookasideInformation = 46
  ERROR_INVALID_DRIVE = 15
  CritSecTracingEnabled = 2
  ERROR_SERVICE_NOT_IN_EXE = 1083
  SystemConfigurationInformation = 8
  SystemModuleInformation = 12
  ERROR_INVALID_FLAG_NUMBER = 186
  ProcessAffinityMask = 21
  ERROR_SUCCESS = 0
  ERROR_NOT_SAFEBOOT_SERVICE = 1084
  DbgWerInShipAssertCode = 16
  FileOleDirectoryInformation = 37
  FLG_POOL_ENABLE_FREE_CHECK = 512
  DbgSkipThreadAttach = 8
  ERROR_ALREADY_RUNNING_LKG = 1074
  SystemInfo30 = 31
  SystemInfo31 = 32
  ERROR_EXCEPTION_IN_SERVICE = 1064
  DbgHasFiberData = 4
  ERROR_DEBUGGER_INACTIVE = 1284
  FilePipeInformation = 23
  ERROR_PATH_NOT_FOUND = 3
  SystemPoolTagInformation = 23
  ERROR_ASSERTION_FAILURE = 668
  os = 'Windows 7 (64 bits)'
  FLG_DEBUG_WINLOGON = 67108864
  ThreadImpersonationToken = 5
  FLG_ENABLE_CSRDEBUG = 131072
  SystemInstemulInformation = 20
  FilePositionInformation = 14
  ProcessLdtSize = 11
  FLG_ENABLE_KDEBUG_SYMBOL_LOAD = 262144
  ERROR_NOACCESS = 998
  FLG_HEAP_DISABLE_COALESCING = 2097152
  FileNetworkOpenInformation = 34
  ERROR_BOOT_ALREADY_ACCEPTED = 1076
  FileCopyOnWriteInformation = 29
  SystemCacheInformation = 22
  FLG_HEAP_VALIDATE_ALL = 128
  WinDllHook
  FileMaximumInformation = 40
  ThreadEventPair = 8
  ProcessDebugObjectHandle = 30
  ERROR_DBG_COMMAND_EXCEPTION = 697
  FileContentIndexInformation = 38
  NULL = None
hash(x)
  ThreadBasePriority = 3
  ThreadAffinityMask = 4
  ERROR_SEM_TIMEOUT = 121
  SystemPagefileInformation = 19
  FileReparsePointInformation = 33
  ObjectBasicInformation = 0
  SystemProcessInformation = 6
  ThreadIdealProcessor = 13
  FileAccessInformation = 8
  SystemExceptionInformation = 34
  SystemLoadImage = 27
  FileBasicInformation = 4
  FileEndOfFileInformation = 20
  SystemThreadSwitchInformation = 37
  FileBothDirectoryInformation = 3
  SystemVerifierInformation = 52
  IsProtectedProcess = 2
  ProcessInJob = 1
  FileCompressionInformation = 28
  WAIT_TIMEOUT = 258
  ObjectHandleInformation = 4
  ERROR_NO_MORE_ITEMS = 259
  FLG_IGNORE_DEBUG_PRIV = 65536
  ProcessPooledUsageAndLimits = 14
  MEM_EXECUTE_OPTION_PERMANENT = 8
  _all = set(['ABOVE_NORMAL_PRIORITY_CLASS', 'ACCESS_MASK', 'ACC...
  __package__ = 'winappdbg.win32'
  _x = 'SEMAPHORE_ALL_ACCESS'
Function Details [hide private]

MAKE_LPARAM(lParam)

source code 

Convert arguments to the LPARAM type. Used automatically by SendMessage, PostMessage, etc. You shouldn't need to call this function.

MAKE_WPARAM(wParam)

source code 

Convert arguments to the WPARAM type. Used automatically by SendMessage, PostMessage, etc. You shouldn't need to call this function.

RaiseIfLastError(result, func=None, arguments=())

source code 

Error checking for Win32 API calls with no error-specific return value.

Regardless of the return value, the function calls GetLastError(). If the code is not ERROR_SUCCESS then a WindowsError exception is raised.

For this to work, the user MUST call SetLastError(ERROR_SUCCESS) prior to calling the API. Otherwise an exception may be raised even on success, since most API calls don't clear the error status code.

Wow64EnableWow64FsRedirection(Wow64FsEnableRedirection)

source code 

This function may not work reliably when there are nested calls. Therefore, this function has been replaced by the Wow64DisableWow64FsRedirection and Wow64RevertWow64FsRedirection functions.

See Also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365744(v=vs.85).aspx

MakeWideVersion(fn)

source code 

Decorator that generates a Unicode (wide) version of an ANSI only API call.

Parameters:
  • fn (callable) - ANSI version of the API function to call.

RaiseIfNotZero(result, func=None, arguments=())

source code 

Error checking for some odd Win32 API calls.

The function is assumed to return an integer, which is zero on success. If the return value is nonzero the WindowsError exception is raised.

This is mostly useful for free() like functions, where the return value is the pointer to the memory block on failure or a NULL pointer on success.

RaiseIfNotErrorSuccess(result, func=None, arguments=())

source code 

Error checking for Win32 Registry API calls.

The function is assumed to return a Win32 error code. If the code is not ERROR_SUCCESS then a WindowsError exception is raised.

RaiseIfZero(result, func=None, arguments=())

source code 

Error checking for most Win32 API calls.

The function is assumed to return an integer, which is 0 on error. In that case the WindowsError exception is raised.

MakeANSIVersion(fn)

source code 

Decorator that generates an ANSI version of a Unicode (wide) only API call.

Parameters:
  • fn (callable) - Unicode (wide) version of the API function to call.

Variables Details [hide private]

__revision__

Value:
'$Id: __init__.py 1299 2013-12-20 09:30:55Z qvasimodo $'

RegisterClipboardFormat

Value:
GuessStringType(RegisterClipboardFormatA, RegisterClipboardFormatW)

GetWindowLongPtr

Value:
DefaultStringType(GetWindowLongA, GetWindowLongW)

SendMessageTimeout

Value:
GuessStringType(SendMessageTimeoutA, SendMessageTimeoutW)

PostThreadMessage

Value:
GuessStringType(PostThreadMessageA, PostThreadMessageW)

SetWindowLongPtr

Value:
DefaultStringType(SetWindowLongA, SetWindowLongW)

RegisterWindowMessage

Value:
GuessStringType(RegisterWindowMessageA, RegisterWindowMessageW)

SendDlgItemMessage

Value:
GuessStringType(SendDlgItemMessageA, SendDlgItemMessageW)

SendNotifyMessage

Value:
GuessStringType(SendNotifyMessageA, SendNotifyMessageW)

LookupPrivilegeValue

Value:
GuessStringType(LookupPrivilegeValueA, LookupPrivilegeValueW)

RegDeleteValue

Value:
GuessStringType(RegDeleteValueA, RegDeleteValueW)

CreateProcessWithLogon

Value:
DefaultStringType(CreateProcessWithLogonA, CreateProcessWithLogonW)

EnumServicesStatus

Value:
DefaultStringType(EnumServicesStatusA, EnumServicesStatusW)

GetServiceKeyName

Value:
GuessStringType(GetServiceKeyNameA, GetServiceKeyNameW)

SE_TRUSTED_CREDMAN_ACCESS_NAME

Value:
'SeTrustedCredManAccessPrivilege'

RegConnectRegistry

Value:
GuessStringType(RegConnectRegistryA, RegConnectRegistryW)

RegDeleteKeyValue

Value:
GuessStringType(RegDeleteKeyValueA, RegDeleteKeyValueW)

CreateProcessAsUser

Value:
GuessStringType(CreateProcessAsUserA, CreateProcessAsUserW)

RegQueryValueEx

Value:
GuessStringType(RegQueryValueExA, RegQueryValueExW)

ConvertStringSidToSid

Value:
GuessStringType(ConvertStringSidToSidA, ConvertStringSidToSidW)

WTSEnumerateProcesses

Value:
DefaultStringType(WTSEnumerateProcessesA, WTSEnumerateProcessesW)

GetServiceDisplayName

Value:
GuessStringType(GetServiceDisplayNameA, GetServiceDisplayNameW)

EnumServicesStatusEx

Value:
DefaultStringType(EnumServicesStatusExA, EnumServicesStatusExW)

CreateProcessWithToken

Value:
DefaultStringType(CreateProcessWithTokenA, CreateProcessWithTokenW)

RegDeleteKeyEx

Value:
GuessStringType(RegDeleteKeyExA, RegDeleteKeyExW)

ConvertSidToStringSid

Value:
DefaultStringType(ConvertSidToStringSidA, ConvertSidToStringSidW)

LookupAccountSid

Value:
GuessStringType(LookupAccountSidA, LookupAccountSidW)

LookupPrivilegeName

Value:
GuessStringType(LookupPrivilegeNameA, LookupPrivilegeNameW)

FindExecutable

Value:
GuessStringType(FindExecutableA, FindExecutableW)

CommandLineToArgv

Value:
GuessStringType(CommandLineToArgvA, CommandLineToArgvW)

SHGetFolderPath

Value:
DefaultStringType(SHGetFolderPathA, SHGetFolderPathW)

PathRemoveBackslash

Value:
GuessStringType(PathRemoveBackslashA, PathRemoveBackslashW)

PathUnExpandEnvStrings

Value:
GuessStringType(PathUnExpandEnvStringsA, PathUnExpandEnvStringsW)

PathIsDirectory

Value:
GuessStringType(PathIsDirectoryA, PathIsDirectoryW)

PathFindExtension

Value:
GuessStringType(PathFindExtensionA, PathFindExtensionW)

PathRelativePathTo

Value:
GuessStringType(PathRelativePathToA, PathRelativePathToW)

PathAddExtension

Value:
GuessStringType(PathAddExtensionA, PathAddExtensionW)

PathFindNextComponent

Value:
GuessStringType(PathFindNextComponentA, PathFindNextComponentW)

PathRemoveExtension

Value:
GuessStringType(PathRemoveExtensionA, PathRemoveExtensionW)

PathRemoveArgs

Value:
GuessStringType(PathRemoveArgsA, PathRemoveArgsW)

PathFileExists

Value:
GuessStringType(PathFileExistsA, PathFileExistsW)

PathMakePretty

Value:
GuessStringType(PathMakePrettyA, PathMakePrettyW)

PathIsNetworkPath

Value:
GuessStringType(PathIsNetworkPathA, PathIsNetworkPathW)

PathIsSameRoot

Value:
GuessStringType(PathIsSameRootA, PathIsSameRootW)

PathAddBackslash

Value:
GuessStringType(PathAddBackslashA, PathAddBackslashW)

PathRenameExtension

Value:
GuessStringType(PathRenameExtensionA, PathRenameExtensionW)

PathRemoveFileSpec

Value:
GuessStringType(PathRemoveFileSpecA, PathRemoveFileSpecW)

PathIsDirectoryEmpty

Value:
GuessStringType(PathIsDirectoryEmptyA, PathIsDirectoryEmptyW)

PathFindFileName

Value:
GuessStringType(PathFindFileNameA, PathFindFileNameW)

PathCanonicalize

Value:
GuessStringType(PathCanonicalizeA, PathCanonicalizeW)

PathFindOnPath

Value:
GuessStringType(PathFindOnPathA, PathFindOnPathW)

PathIsContentType

Value:
GuessStringType(PathIsContentTypeA, PathIsContentTypeW)

PathIsRelative

Value:
GuessStringType(PathIsRelativeA, PathIsRelativeW)

GetMappedFileName

Value:
GuessStringType(GetMappedFileNameA, GetMappedFileNameW)

GetModuleFileNameEx

Value:
GuessStringType(GetModuleFileNameExA, GetModuleFileNameExW)

GetDeviceDriverBaseName

Value:
GuessStringType(GetDeviceDriverBaseNameA, GetDeviceDriverBaseNameW)

GetProcessImageFileName

Value:
GuessStringType(GetProcessImageFileNameA, GetProcessImageFileNameW)

GetDeviceDriverFileName

Value:
GuessStringType(GetDeviceDriverFileNameA, GetDeviceDriverFileNameW)

OpenFileMapping

Value:
GuessStringType(OpenFileMappingA, OpenFileMappingW)

OutputDebugString

Value:
GuessStringType(OutputDebugStringA, OutputDebugStringW)

QueryFullProcessImageName

Value:
GuessStringType(QueryFullProcessImageNameA, QueryFullProcessImageNameW\
)

GetLogicalDriveStrings

Value:
GuessStringType(GetLogicalDriveStringsA, GetLogicalDriveStringsW)

SymSetSearchPath

Value:
GuessStringType(SymSetSearchPathA, SymSetSearchPathW)

GetProcAddress

Value:
GuessStringType(GetProcAddressA, GetProcAddressW)

UnDecorateSymbolName

Value:
GuessStringType(UnDecorateSymbolNameA, UnDecorateSymbolNameW)

SymGetModuleInfo64

Value:
GuessStringType(SymGetModuleInfo64A, SymGetModuleInfo64W)

GlobalFindAtom

Value:
GuessStringType(GlobalFindAtomA, GlobalFindAtomW)

CreateFileMapping

Value:
GuessStringType(CreateFileMappingA, CreateFileMappingW)

SymGetModuleInfo

Value:
GuessStringType(SymGetModuleInfoA, SymGetModuleInfoW)

GlobalGetAtomName

Value:
GuessStringType(GlobalGetAtomNameA, GlobalGetAtomNameW)

GetDllDirectory

Value:
GuessStringType(GetDllDirectoryA, GetDllDirectoryW)

SymEnumerateModules

Value:
GuessStringType(SymEnumerateModulesA, SymEnumerateModulesW)

SymGetSearchPath

Value:
GuessStringType(SymGetSearchPathA, SymGetSearchPathW)

MakeSureDirectoryPathExists

Value:
GuessStringType(MakeSureDirectoryPathExistsA, MakeSureDirectoryPathExi\
stsW)

QueryDosDevice

Value:
GuessStringType(QueryDosDeviceA, QueryDosDeviceW)

SymEnumerateModules64

Value:
GuessStringType(SymEnumerateModules64A, SymEnumerateModules64W)

GetFinalPathNameByHandle

Value:
GuessStringType(GetFinalPathNameByHandleA, GetFinalPathNameByHandleW)

SymEnumerateSymbols64

Value:
GuessStringType(SymEnumerateSymbols64A, SymEnumerateSymbols64W)

SymSetHomeDirectory

Value:
GuessStringType(SymSetHomeDirectoryA, SymSetHomeDirectoryW)

SymLoadModule64

Value:
GuessStringType(SymLoadModule64A, SymLoadModule64W)

GetCurrentDirectory

Value:
GuessStringType(GetCurrentDirectoryA, GetCurrentDirectoryW)

GetTempFileName

Value:
GuessStringType(GetTempFileNameA, GetTempFileNameW)

GetModuleHandle

Value:
GuessStringType(GetModuleHandleA, GetModuleHandleW)

SymGetHomeDirectory

Value:
GuessStringType(SymGetHomeDirectoryA, SymGetHomeDirectoryW)

SetDllDirectory

Value:
GuessStringType(SetDllDirectoryA, SetDllDirectoryW)

SymEnumerateSymbols

Value:
GuessStringType(SymEnumerateSymbolsA, SymEnumerateSymbolsW)

GetFileVersionInfo

Value:
GuessStringType(GetFileVersionInfoA, GetFileVersionInfoW)

GetFullPathName

Value:
GuessStringType(GetFullPathNameA, GetFullPathNameW)

_all

Value:
set(['ABOVE_NORMAL_PRIORITY_CLASS',
     'ACCESS_MASK',
     'ACCESS_VIOLATION_TYPE_DEP',
     'ACCESS_VIOLATION_TYPE_READ',
     'ACCESS_VIOLATION_TYPE_WRITE',
     'ACTIVATION_CONTEXT_STACK',
     'ADDRESS64',
     'ADDRESS_MODE',
...

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Fri Dec 20 17:54:47 2013 http://epydoc.sourceforge.net